Commit Graph

2034 Commits

Author SHA1 Message Date
Takashi Kojo 6580a1fefa enable SetBitString, SetASNInt, SetASNIntMP with OPENSSL_EXTRA 2018-05-20 13:55:44 +09:00
Takashi Kojo 138f9f8f66 add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey 2018-05-20 13:55:43 +09:00
Takashi Kojo 03846b2d2d d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL 2018-05-20 13:55:43 +09:00
Chris Conlon c910d84507 Merge pull request #1527 from kojo1/RenesasCSPlus
Renesas CS+ projects
2018-05-09 10:07:16 -06:00
Takashi Kojo 66e59e4a6a Rollback #if condition 2018-05-09 10:58:10 +09:00
Takashi Kojo ecd2e75564 #ifndef FREESCALE_LTC_ECC with fe_init 2018-05-04 07:34:47 +09:00
Chris Conlon bb7bcfd877 expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined 2018-05-03 13:41:23 -06:00
toddouska 3ad708fb20 Merge pull request #1514 from dgarske/certdates
Enhancements and cleanup to ASN date/time
2018-04-30 11:14:38 -07:00
Takashi Kojo 22a2b45108 duplicated fe_init for non-configure based IDE 2018-04-28 05:07:00 +09:00
Takashi Kojo a91ac55e24 define valiable before exec statements 2018-04-28 05:05:45 +09:00
David Garske fc02003f76 Added new signature wrapper functions to allow direct use of hash wc_SignatureVerifyHash and wc_SignatureGenerateHash. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC. 2018-04-25 13:10:53 -07:00
David Garske 65c9277213 More fixes from Jenkins testing. 2018-04-24 14:01:33 -07:00
David Garske e63afa08bd Fix a couple of minor Jenkins issues. 2018-04-24 13:25:28 -07:00
David Garske 56025f38b9 Enhancements and cleanup to ASN date/time:
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
2018-04-24 13:04:36 -07:00
David Garske 289a282183 Fixes to resolve issues with c99 compliance (building with ./configure CFLAGS="-std=c99").
* Fix for ReadDir checking for file flag to use `S_ISREG(ctx->s.st_mode)` syntax.
* Added macro for strsep `XSTRSEP`. Added wolf implementation as `wc_strsep` enabled as C99 or `USE_WOLF_STRSEP`.
* Fix to use `gethostbyname` for c99 instead of `getaddrinfo`.
* For c99 use wolf strtok `wc_strtok`.
* Exposed API's for `wc_strtok` and `wc_strsep` when available.
* Include `sys/time.h` when available from autocon `HAVE_SYS_TIME_H` or c99.
* include `<strings.h>` when `HAVE_STRINGS_H` or c99.
2018-04-23 13:47:22 -07:00
Eric Blankenhorn 568d24c63c Coverity fixes (#1509)
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
Sean Parkinson 6689ee965a Key derivation for encrypted PEM uses salt length of 8 in OpenSSL 2018-04-18 12:37:06 +10:00
toddouska 09706a4ed2 Merge pull request #1488 from SparkiDev/tls13_perf
Changes for interop and performance
2018-04-16 09:16:13 -07:00
toddouska 942c720dc4 Merge pull request #1499 from ejohnstown/aes-asm
AES assembly file name change
2018-04-13 11:23:03 -07:00
Eric Blankenhorn a0d8327320 Coverity fixes 2 (#1493)
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
Sean Parkinson 9600266483 WOLFSSL_FUNC_TIME changes
Warning in code about using this define.
Remove usage of WOLFSSL_FUNC_TIME from server.c.
2018-04-13 12:13:31 +10:00
Sean Parkinson 0b47811c46 Changes for interop and performance
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
John Safranek 425cee64a7 AES assembly file name change
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
2018-04-12 16:47:58 -07:00
toddouska eacd98fe4e Merge pull request #1491 from dgarske/config
Configure improvements and new options
2018-04-12 13:48:20 -07:00
David Garske 1f7b954d47 Fix for wc_GetCTC_HashOID in FIPS mode. Uses the new wc_HashTypeConvert to handle conversion from unique WC_ALGO (int) to WC_HASH_TYPE_ALGO (enum wc_HashType). 2018-04-12 06:51:23 -07:00
David Garske ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske ee5d78f84f Added new wc_OidGetHash API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated wc_GetCTC_HashOID to use wc_HashGetOID and maintain back compat. 2018-04-11 13:53:30 -07:00
David Garske 83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske 3f3e332a3a Fix for evp.c statement will never be executed in wolfSSL_EVP_CIPHER_CTX_block_size. 2018-04-11 08:18:39 -07:00
David Garske a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske 5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys). 2018-04-09 13:28:15 -07:00
David Garske 98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske 2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske 1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske 6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske 1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske 3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00
David Garske c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00
David Garske 264496567a Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option. 2018-04-09 13:28:15 -07:00
David Garske f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
toddouska 6090fb9020 Merge pull request #1483 from dgarske/winvs
Fixes for unused `heap` warnings
2018-04-06 09:01:49 -07:00
toddouska e56209cee4 Merge pull request #1482 from dgarske/nourand
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
2018-04-06 09:00:37 -07:00
David Garske bab62cc435 Added new define NO_DEV_URANDOM to disable the use of /dev/urandom. Added better named define WC_RNG_BLOCKING to indicate block w/sleep(0) is okay. 2018-04-05 09:34:43 -07:00
David Garske ede006b3e1 Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
Jacob Barthelmeh 815219b589 fix pic32 AES-CBC and add test case 2018-04-04 16:09:11 -06:00
David Garske a78c6ba4ea Fix for unused heap warnings. 2018-04-04 12:51:45 -07:00
toddouska 2deb977ecf Merge pull request #1473 from dgarske/pkcs7_norsa
Enabled PKCS7 support without RSA
2018-04-04 10:33:11 -07:00
toddouska 960d2ec031 Merge pull request #1471 from JacobBarthelmeh/Fuzzer
sanity check on buffer read
2018-04-04 10:31:55 -07:00
David Garske c288d0815d Added support for building and using PKCS7 without RSA (assuming ECC is enabled). 2018-04-03 09:26:57 -07:00
David Garske 0c898f513d Nitrox V fixes and additions:
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00