Commit Graph

11359 Commits

Author SHA1 Message Date
Eric Blankenhorn 0c59aa8e31 Move #if blocking wc_PubKeyPemToDer 2018-07-18 11:15:06 -05:00
John Safranek 17d5b6a42b Merge pull request #1694 from SparkiDev/stack_ecc
Small stack support in ECC
2018-07-18 08:57:35 -07:00
David Garske 74c391d138 Added reference PK callbacks (HAVE_PK_CALLBACKS) for ATECC508A device for wolfSSL TLS. 2018-07-17 19:02:56 -07:00
toddouska 1840ae7013 Merge pull request #1693 from SparkiDev/stack_rsa
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
2018-07-17 12:24:00 -07:00
toddouska f693c9cc8b Merge pull request #1692 from SparkiDev/stack_hashalgs
Stack hashalgs
2018-07-17 12:20:02 -07:00
Sean Parkinson e6c22fbd85 Small stack support in ECC
Small stack builds now dynamically allocate large stack variables.
Cache option added to avoid repeated allocation of temporaries in add
points, double point and map.
Cached memory allocated in mulmod and mul2add.
2018-07-17 16:39:53 +10:00
Sean Parkinson c01c79349e Small stack fixes and ignore RSA fields in RSA_LOW_MEM
Fix asn.c and rsa.c small stack to not have large stack variables.
In RSA code don't load or store dP, dQ or u when using RSA_LOW_MEM as
they are not used.
Fix SP to recognize RSA_LOW_MEM means to use d, private exponent.
Fix wc_CheckRsaKey to work with SP.
Fix sp_int to support mp_set_int for wc_CheckRsaKey().
2018-07-17 11:05:38 +10:00
Sean Parkinson 6ef800e5f7 Cache Sha256 for small stack when asked in random
Small stack builds see SHA-256 allocating W a lot.
Cache the SHA-256 object in DRBG when WOLFSSL_SMALL_STACK_CACHE is
defined.
Call free function on SHA-256 object now that it is required.
2018-07-17 09:33:24 +10:00
Sean Parkinson 88a2531652 Cache the data allocated in SHA-2 Transform functions
SHA-2 algorithms allocate W each call to transform when using
WOLFSSL_SMALL_STACK.
Put a pointer into the SHA-2 object to cache W.
Change code to call the SHA-2 Free functions now that they are required.
Only cache when WOLFSSL_SMALL_STACK_CACHE is defined.
2018-07-17 09:17:39 +10:00
Sean Parkinson 514a949557 Small stack fixes
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
John Safranek 00fd7ff8de Prime Number Testing
1. Added some new ifdef clauses to tfc and integer so that
the prime checking is available when using RSA, DSA, or DH.
A couple functions used were dependent on ECC being enabled.
2018-07-13 17:42:35 -07:00
Chris Conlon f59fb0df8e add custom print to test.c for PB 2018-07-13 14:58:48 -06:00
Chris Conlon eeb50099d9 initial Nucleus port with PB changes 2018-07-13 14:58:37 -06:00
toddouska 6c1778d373 Merge pull request #1669 from cconlon/mqxfixes
fixes for MQX classic 4.0 with IAR-EWARM
2018-07-13 11:59:28 -07:00
Eric Blankenhorn 9bc0e0c4fc Static analysis fixes (#1658)
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
2018-07-13 09:02:09 -07:00
John Safranek 771e349925 Prime Number Testing
1. Moved a few functions around in tfm.c and integer.c.
2. Added some new ifdef clauses to tfc and integer so that the prime checking is available when using RSA, DSA, or DH.
3. Added an internal version of function wc_DhSetKey and wc_DsaImportParamsRaw that always checks to see if the prime value is prime. Modified the original function to be a wrapper.
2018-07-12 17:22:44 -07:00
John Safranek 997a377310 Prime Number Testing
1. In wc_DhGenerateParams(), changed the call to mp_prime_is_prime() to
mp_prime_is_prime_ex().
2. In wc_MakeDsaParameters(), changed the call to mp_prime_is_prime() to
mp_prime_is_prime_ex().
3. Added wc_CheckProbablePrime_ex in RSA that also takes an RNG to call
mp_prime_is_prime_ex(). If RNG is NULL, call mp_prime_is_prime().
4. Rewrite wc_CheckProbablePrime() in terms of
wc_CheckProbablePrime_ex().
2018-07-12 15:00:13 -07:00
Chris Conlon cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
John Safranek d486df50aa fix an error where mp_copy was used instead of mp_sub_d 2018-07-12 11:03:41 -07:00
John Safranek 5908230d20 Prime Number Testing
1. Fixed variable name typo in DH for the FFDHE 8192-bit q value.
2. Updated some error strings in wolfSSL_BN_is_prime_ex().
3. Changed the calls to mp_prime_is_prime_ex() in fp_randprime() and
mp_randprime() so they go back to the 8 rounds of MR, which is more than
adequate in this situation.
2018-07-11 16:24:41 -07:00
Chris Conlon 0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska df6c496c4e Merge pull request #1671 from SparkiDev/x25519_asm_fix
Fix for Curve25519 ASM
2018-07-11 09:50:57 -07:00
Sean Parkinson 9281f30deb Fix for Curve25519 ASM
On rare occasions, multiplication and/or squaring result had top bit set
after overflow add - must to be reduced in that case.
2018-07-11 11:53:53 +10:00
David Garske e2dec618d8 Merge pull request #1667 from ejohnstown/certgentime
Cert Gen Time
2018-07-10 14:40:37 -07:00
John Safranek 0e06f6413d Prime Number Testing
1. Update the function wolfSSL_BN_is_prime_ex to use mp_prime_is_prime_ex.
2. Modified fast and normal mp_prime_is_prime_ex() to use random numbers
that are in the range 2 < a < n-2.
2018-07-10 14:30:53 -07:00
John Safranek f1c3098bdc Prime Number Testing
Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes.
2018-07-09 16:33:26 -07:00
toddouska 90cf4ad7ad Merge pull request #1648 from embhorn/pkcb
Add PK_CALLBACK support for RSA/ECC verify to ConfirmSignature
2018-07-09 11:05:48 -07:00
John Safranek 5cc8771b43 Cert Gen Time
When generating the times for a generated certificate, calculate the
time differences based on the seconds from epoch rather then converting
back and forth between tm structures. One particular RTOS calculates the
date change when generating a certificate on the first of the month. It
leaves the certificate valid on the zeroth of the month.
2018-07-06 15:31:34 -07:00
David Garske 32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske 9bf8122af7 Merge pull request #1660 from JacobBarthelmeh/ARMv8
adjust macro guards for additional functions
2018-07-06 09:02:35 -07:00
David Garske 3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
Jacob Barthelmeh e44cb91a3b keep length value after call to wc_BerToDer 2018-07-05 14:35:35 -06:00
Jacob Barthelmeh c8e118cd12 adjust macro guards for additional functions 2018-07-03 16:52:29 -06:00
toddouska f809a6a17b Merge pull request #1651 from dgarske/pkcs7_dynamic
Added PKCS7 dynamic allocation support
2018-07-02 16:26:03 -07:00
toddouska fbd5a4f67f Merge pull request #1650 from dgarske/fix_armv8_aes
Fix ARMv8 AES code build error
2018-07-02 16:23:32 -07:00
toddouska e17a16a45a Merge pull request #1600 from dgarske/lighttpd
Changes to support Lighttpd 1.4.49
2018-07-02 16:18:41 -07:00
John Safranek cf191a4d96 Fixed a memory leak in the wolfCrypt test for DH key generation. 2018-07-02 13:31:13 -07:00
David Garske fb3d3dce0e Fix for use of unititlized PKCS7.isDynamic case in unit test. Added return code checks for wc_PKCS7_Init. 2018-07-02 09:38:14 -07:00
David Garske 733cb74ea8 Updated all PKCS7 XMALLOC/XFREE to use heap pointer (even small stack). 2018-06-29 15:05:37 -07:00
David Garske 07401d909c Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free. Updated the test examples to use the dynamic method. Add API unit test for wc_PKCS7_New. 2018-06-29 15:04:28 -07:00
toddouska 33b72a3dfe Merge pull request #1647 from ejohnstown/akid-not-crit
Add error case for critical Auth Key ID extension
2018-06-29 10:41:04 -07:00
David Garske 44c4e33290 Fix ARMv8 AES code to use the shared aes.h CTR_SZ and GCM_NONCE_MID_SZ. 2018-06-29 10:22:25 -07:00
toddouska 54f2c3fe18 Merge pull request #1646 from dgarske/stm32l4_iar
Added support for the STM32L4 and fixed mixed enum warnings
2018-06-28 15:34:33 -07:00
John Safranek 6fa92fdd71 Add error case for critical Auth Key ID extension 2018-06-28 13:03:16 -07:00
David Garske 66c2c65444 Changes to support Lighttpd 1.4.49:
* Fix for `wolfSSL_CTX_set_options` to work correctly when no certificate has been set for WOLFSSL_CTX, otherwise this operation fails with `Server missing certificate`.
* Fix for bad argument name `time`.
* Fix for `warning: type of bit-field`: Allowed types for bit-fields are int and unsigned int only.
* Exposed `ERR_remove_thread_state` and `SSL_CTX_set_tmp_ecdh` for lighttpd
* Renamed `WOLFSSL_ERR_remove_thread_state` to `wolfSSL_ERR_remove_thread_state` and setup old name macro.
* Add missing newline on asn1.h.
* Whitespace cleanup in ssl.c.
2018-06-27 19:44:34 -07:00
David Garske 7ae9e4359d Added support for the STM32L4 with AES/SHA hardware acceleration. Fixed a few minor compiler warnings with mis-matched enum types. 2018-06-27 19:40:03 -07:00
Sean Parkinson 7fbe1d3049 Fix support for OCSP and Nginx
Store DER copy of CA certificate with signer when
WOLFSSL_SIGNER_DER_CERT is defined.
Keep the bad issuer error for later when compiling for OpenSSL
compatability.
Authority Info string needs to be passed back with a nul terminator.
2018-06-28 08:48:06 +10:00
toddouska 5d767aa004 Merge pull request #1641 from ejohnstown/rename-inline
Rename INLINE
2018-06-27 09:34:41 -07:00
toddouska 0c74e778dc Merge pull request #1633 from dgarske/bench_3072
Benchmark support for 3072-bit RSA and DH
2018-06-27 07:17:53 -07:00
John Safranek 586874b997 Rename INLINE
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
2018-06-26 15:17:46 -07:00