Go Hosohara
36ced360cb
Add Renesas CS+ project files.
2018-05-30 11:53:18 +09:00
Sean Parkinson
fb7d74c197
FinalRaw parameter hash may not be aligned.
2018-05-30 09:10:46 +10:00
Sean Parkinson
e684156a1e
Constant time padding and HMAC verification in TLS
2018-05-30 09:10:46 +10:00
Kaleb Himes
cc58d3160f
Merge pull request #1579 from C-Treff/Tenasys_Review
...
time 64bit, test update
2018-05-29 14:06:44 -07:00
John Safranek
92dd231c27
Merge pull request #1585 from SparkiDev/new_compiler
...
New compilers
2018-05-29 12:25:56 -07:00
Chris Conlon
16738f1449
Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE
...
openSSL compatibility APIs: X509_CRL, STORE
2018-05-29 09:47:22 -06:00
Sean Parkinson
f871bafe3a
Fix uninitialized
2018-05-29 11:06:26 +10:00
Sean Parkinson
68666101b7
Fix for g++ 7.3 - macro strings in asm
2018-05-29 09:25:38 +10:00
Takashi Kojo
3939eadf9c
get derLen by RsaPublicKeyDerSize
2018-05-26 10:55:17 +09:00
toddouska
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key
...
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
C-Treff
5d693b263d
removed more tabs
2018-05-24 09:56:54 +02:00
C-Treff
06e9354629
removed tabs
2018-05-24 09:48:18 +02:00
C-Treff
1d281ce515
replace memset by XMEMSET
...
replaced memset with XMEMSET as requested by @dgarske
INtime project files cleanup
2018-05-24 09:35:46 +02:00
toddouska
d38a0039ed
Merge pull request #1549 from JacobBarthelmeh/Cert-Report1
...
fix for relative URI detection
2018-05-23 17:05:35 -07:00
toddouska
e4e0dfe9d3
Merge pull request #1564 from JacobBarthelmeh/PKCS12
...
Pkcs12
2018-05-23 16:59:13 -07:00
David Garske
6f221ff75c
Fix possible leak in PKCS for failure case with small stack enabled.
2018-05-23 16:21:49 -07:00
Sean Parkinson
58f523beba
Allow Ed25519 private-only keys to work in TLS
...
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
David Garske
72d168028e
Fixes to better handle PKCS7 error cases.
2018-05-23 15:29:33 -07:00
David Garske
9a75e5cf68
Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where kari->decoded is allocated, but not initalized (was causing use of unitliaized in FreeDecodedCert). Fix to handle hardware base RSA key size.
2018-05-23 14:48:10 -07:00
Jacob Barthelmeh
9021091896
update comments
2018-05-23 14:04:41 -06:00
C-Treff
cd9f86d921
time 64bit, test update
...
64bit settings for time is mandatory for INtime. Changed the project file.
Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage.
2018-05-23 10:33:56 +02:00
Sean Parkinson
3bb4949e02
Improve coverage
...
Renumber errors in test.c to be unique.
Fix stack usage to work in --enable-distro --enable-stacksize builds.
2018-05-23 16:24:23 +10:00
Quinn Miller
f2ce8dcbca
Added unit test for Blake2
2018-05-22 10:47:44 -06:00
Chris Conlon
be9ae9a3c4
Merge pull request #1570 from MJSPollard/MikePollardBranch
...
added Poly1305SetKey Unit Test
2018-05-21 16:35:15 -06:00
David Garske
85511067e4
Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option ./configure --enable-cryptodev or #define WOLF_CRYPTO_DEV. Added devId support to PKCS7.
2018-05-21 14:31:08 -07:00
toddouska
e7de654b61
Merge pull request #1558 from dgarske/fsanitize
...
Fixes for fsanitize reports
2018-05-21 14:18:07 -06:00
MJSPollard
fb247a5d8d
added null check for key
2018-05-21 13:59:15 -06:00
MJSPollard
2b49f69f1b
updated unit test
2018-05-21 12:44:59 -06:00
Sean Parkinson
3a27d85c4e
Use sizeof instead of constant value
2018-05-21 21:26:25 +10:00
Takashi Kojo
6580a1fefa
enable SetBitString, SetASNInt, SetASNIntMP with OPENSSL_EXTRA
2018-05-20 13:55:44 +09:00
Takashi Kojo
138f9f8f66
add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey
2018-05-20 13:55:43 +09:00
Takashi Kojo
03846b2d2d
d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL
2018-05-20 13:55:43 +09:00
David Garske
cf70b1a013
Revert ForceZero changes in favor of PR #1567 .
2018-05-18 05:29:09 -07:00
John Safranek
dd0489db8c
1. Added the pair-wise consistency test to the RSA Key Gen.
...
2. Modified an RSA key size test case so it didn't try to make a key that was too big.
2018-05-17 17:41:34 -07:00
Sean Parkinson
d63da10c96
ForceZero - align 64-bit access on Intel 64-bit
...
Test added to ensure ForceZero works.
2018-05-18 10:38:21 +10:00
Jacob Barthelmeh
f67046f485
better bounds checking
2018-05-17 16:55:59 -06:00
Jacob Barthelmeh
b6a92a97ce
convert to byte to fix warning
2018-05-17 08:55:07 -06:00
Jacob Barthelmeh
e1745428ac
add set short int helper function
2018-05-16 20:16:40 -06:00
David Garske
dad574edb8
Fix to use proper type (size_t) for alignment check.
2018-05-16 14:34:16 -07:00
David Garske
52b66edf72
Fixes for a few more fsanitize issues. Added alignment for ForceZero. Added word32 aligned acceleration for ForceZeero. Added 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero acceleration. We cast the 24 left-shifts to word32 because compiler assumes signed int type, and a runtime value with MSB set results into runtime fsanitize error.
2018-05-16 13:27:13 -07:00
John Safranek
4dacd31ea4
Force to zero the buffer used to generate the DH private key.
2018-05-16 15:47:13 -04:00
John Safranek
6a31f103aa
Test Fixes
...
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
2018-05-16 15:47:13 -04:00
John Safranek
12edf80e2b
FIPS Revalidation
...
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
2018-05-16 15:47:13 -04:00
John Safranek
ceed6e08fd
FIPS Revalidation
...
1. Add second RNG initialization API to let caller pass in a nonce.
2018-05-16 15:47:13 -04:00
John Safranek
20d8a4a376
FIPS Revalidation
...
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
2018-05-16 15:47:13 -04:00
John Safranek
1ff4ea1ec9
Test Fixes
...
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.
This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
2018-05-16 15:47:13 -04:00
John Safranek
a8dbdd6c28
Test Fixes
...
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
2018-05-16 15:47:13 -04:00
John Safranek
4d0a061acb
FIPS Revalidation
...
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
2018-05-16 15:47:13 -04:00
John Safranek
f7fa648f77
Test Fixes
...
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
2018-05-16 15:47:13 -04:00
John Safranek
dde1f87de9
Test Fixes
...
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
2018-05-16 15:47:13 -04:00