Commit Graph

11359 Commits

Author SHA1 Message Date
Go Hosohara 36ced360cb Add Renesas CS+ project files. 2018-05-30 11:53:18 +09:00
Sean Parkinson fb7d74c197 FinalRaw parameter hash may not be aligned. 2018-05-30 09:10:46 +10:00
Sean Parkinson e684156a1e Constant time padding and HMAC verification in TLS 2018-05-30 09:10:46 +10:00
Kaleb Himes cc58d3160f Merge pull request #1579 from C-Treff/Tenasys_Review
time 64bit, test update
2018-05-29 14:06:44 -07:00
John Safranek 92dd231c27 Merge pull request #1585 from SparkiDev/new_compiler
New compilers
2018-05-29 12:25:56 -07:00
Chris Conlon 16738f1449 Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE
openSSL compatibility APIs: X509_CRL, STORE
2018-05-29 09:47:22 -06:00
Sean Parkinson f871bafe3a Fix uninitialized 2018-05-29 11:06:26 +10:00
Sean Parkinson 68666101b7 Fix for g++ 7.3 - macro strings in asm 2018-05-29 09:25:38 +10:00
Takashi Kojo 3939eadf9c get derLen by RsaPublicKeyDerSize 2018-05-26 10:55:17 +09:00
toddouska 453daee965 Merge pull request #1523 from SparkiDev/ed25519_key
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
C-Treff 5d693b263d removed more tabs 2018-05-24 09:56:54 +02:00
C-Treff 06e9354629 removed tabs 2018-05-24 09:48:18 +02:00
C-Treff 1d281ce515 replace memset by XMEMSET
replaced memset with XMEMSET as requested by @dgarske

INtime project files cleanup
2018-05-24 09:35:46 +02:00
toddouska d38a0039ed Merge pull request #1549 from JacobBarthelmeh/Cert-Report1
fix for relative URI detection
2018-05-23 17:05:35 -07:00
toddouska e4e0dfe9d3 Merge pull request #1564 from JacobBarthelmeh/PKCS12
Pkcs12
2018-05-23 16:59:13 -07:00
David Garske 6f221ff75c Fix possible leak in PKCS for failure case with small stack enabled. 2018-05-23 16:21:49 -07:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
David Garske 72d168028e Fixes to better handle PKCS7 error cases. 2018-05-23 15:29:33 -07:00
David Garske 9a75e5cf68 Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where kari->decoded is allocated, but not initalized (was causing use of unitliaized in FreeDecodedCert). Fix to handle hardware base RSA key size. 2018-05-23 14:48:10 -07:00
Jacob Barthelmeh 9021091896 update comments 2018-05-23 14:04:41 -06:00
C-Treff cd9f86d921 time 64bit, test update
64bit settings for time is mandatory for INtime. Changed the project file.

Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage.
2018-05-23 10:33:56 +02:00
Sean Parkinson 3bb4949e02 Improve coverage
Renumber errors in test.c to be unique.
Fix stack usage to work in --enable-distro --enable-stacksize builds.
2018-05-23 16:24:23 +10:00
Quinn Miller f2ce8dcbca Added unit test for Blake2 2018-05-22 10:47:44 -06:00
Chris Conlon be9ae9a3c4 Merge pull request #1570 from MJSPollard/MikePollardBranch
added Poly1305SetKey Unit Test
2018-05-21 16:35:15 -06:00
David Garske 85511067e4 Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option ./configure --enable-cryptodev or #define WOLF_CRYPTO_DEV. Added devId support to PKCS7. 2018-05-21 14:31:08 -07:00
toddouska e7de654b61 Merge pull request #1558 from dgarske/fsanitize
Fixes for fsanitize reports
2018-05-21 14:18:07 -06:00
MJSPollard fb247a5d8d added null check for key 2018-05-21 13:59:15 -06:00
MJSPollard 2b49f69f1b updated unit test 2018-05-21 12:44:59 -06:00
Sean Parkinson 3a27d85c4e Use sizeof instead of constant value 2018-05-21 21:26:25 +10:00
Takashi Kojo 6580a1fefa enable SetBitString, SetASNInt, SetASNIntMP with OPENSSL_EXTRA 2018-05-20 13:55:44 +09:00
Takashi Kojo 138f9f8f66 add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey 2018-05-20 13:55:43 +09:00
Takashi Kojo 03846b2d2d d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL 2018-05-20 13:55:43 +09:00
David Garske cf70b1a013 Revert ForceZero changes in favor of PR #1567. 2018-05-18 05:29:09 -07:00
John Safranek dd0489db8c 1. Added the pair-wise consistency test to the RSA Key Gen.
2. Modified an RSA key size test case so it didn't try to make a key that was too big.
2018-05-17 17:41:34 -07:00
Sean Parkinson d63da10c96 ForceZero - align 64-bit access on Intel 64-bit
Test added to ensure ForceZero works.
2018-05-18 10:38:21 +10:00
Jacob Barthelmeh f67046f485 better bounds checking 2018-05-17 16:55:59 -06:00
Jacob Barthelmeh b6a92a97ce convert to byte to fix warning 2018-05-17 08:55:07 -06:00
Jacob Barthelmeh e1745428ac add set short int helper function 2018-05-16 20:16:40 -06:00
David Garske dad574edb8 Fix to use proper type (size_t) for alignment check. 2018-05-16 14:34:16 -07:00
David Garske 52b66edf72 Fixes for a few more fsanitize issues. Added alignment for ForceZero. Added word32 aligned acceleration for ForceZeero. Added 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero acceleration. We cast the 24 left-shifts to word32 because compiler assumes signed int type, and a runtime value with MSB set results into runtime fsanitize error. 2018-05-16 13:27:13 -07:00
John Safranek 4dacd31ea4 Force to zero the buffer used to generate the DH private key. 2018-05-16 15:47:13 -04:00
John Safranek 6a31f103aa Test Fixes
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
2018-05-16 15:47:13 -04:00
John Safranek 12edf80e2b FIPS Revalidation
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
2018-05-16 15:47:13 -04:00
John Safranek ceed6e08fd FIPS Revalidation
1. Add second RNG initialization API to let caller pass in a nonce.
2018-05-16 15:47:13 -04:00
John Safranek 20d8a4a376 FIPS Revalidation
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
2018-05-16 15:47:13 -04:00
John Safranek 1ff4ea1ec9 Test Fixes
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.

This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
2018-05-16 15:47:13 -04:00
John Safranek a8dbdd6c28 Test Fixes
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
2018-05-16 15:47:13 -04:00
John Safranek 4d0a061acb FIPS Revalidation
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
2018-05-16 15:47:13 -04:00
John Safranek f7fa648f77 Test Fixes
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
2018-05-16 15:47:13 -04:00
John Safranek dde1f87de9 Test Fixes
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
2018-05-16 15:47:13 -04:00