Commit Graph

4256 Commits

Author SHA1 Message Date
Daniel Pouzzner c910c94824 rename API wc_XChaCha20Poly1305_{encrypt,decrypt}_oneshot to wc_XChaCha20Poly1305_{Encrypt,Decrypt} for consistency; remove stray debugging printf in XChaCha20Poly1305_test(). 2020-10-21 14:36:46 -05:00
Daniel Pouzzner 299e88a993 minor fixes and commentary. 2020-10-21 14:08:41 -05:00
Daniel Pouzzner 99b76241bd wolfcrypt/test/test.c: remove debugging printf in XChaCha20Poly1305_test(). 2020-10-21 14:08:41 -05:00
Daniel Pouzzner e1d3f2c7b4 chacha20_poly1305.c: add _SMALL_STACK code in wc_XChaCha20Poly1305_crypt_oneshot(). 2020-10-21 14:08:41 -05:00
Daniel Pouzzner 1949378d61 wc_Chacha_purge_current_block(): init "scratch" buffer to zeros, to avoid "garbage value" warnings. 2020-10-21 14:08:41 -05:00
Daniel Pouzzner f65947ae09 rename wc_XChaCha_init() to wc_XChacha_SetKey() for consistency, and add a counter argument to provide for future random access scenarios; refactor wc_Chacha_purge_current_block() to use a dummy wc_Chacha_Process() call for intrinsically correct counter dynamics. 2020-10-21 14:08:41 -05:00
Daniel Pouzzner 6142c22948 add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update(). 2020-10-21 14:08:41 -05:00
toddouska 7c38be407c Merge pull request #3398 from dgarske/async_test
Fixes for `--enable-asynccrypt` tests
2020-10-20 15:13:51 -07:00
toddouska a1afc6ca4f Merge pull request #3389 from tmael/ocsp_status
Process multiple OCSP responses
2020-10-20 15:11:42 -07:00
Sean Parkinson ebde736ee7 Merge pull request #3400 from ejohnstown/dh-fix
DH Fix
2020-10-20 11:45:18 +10:00
Takashi Kojo a87f7c9185 cipher_tbl for EVP_get_cipherbyname 2020-10-19 06:17:15 +09:00
John Safranek 4f8c2b971f Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero. 2020-10-17 19:07:44 -07:00
David Garske fbd98be7af Fixes for --enable-asynccrypt tests after PR #3244. 2020-10-16 15:55:17 -07:00
John Safranek 4364700c01 DH Fix
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
2020-10-16 15:35:23 -07:00
David Garske 9793414d78 Merge pull request #3381 from SparkiDev/ecc_ct_fix
ECC mulmod: some curves can't do order-1
2020-10-15 14:46:46 -07:00
toddouska f69fa13e02 Merge pull request #3357 from guidovranken/StoreECC_DSA_Sig-fix
Improve StoreECC_DSA_Sig bounds checking
2020-10-14 16:53:46 -07:00
David Garske b18d43abb9 Fix for possible uninitialized use of prev. 2020-10-14 15:52:51 -07:00
toddouska 026ba4e750 Merge pull request #3368 from dgarske/zd11057
Fix for possible malformed encrypted key with DES3 causing negative length
2020-10-14 15:32:48 -07:00
David Garske 751f64b4aa Fix for OCSP single response last optional part handling and restore original size arg since its required for the ASN elements. 2020-10-14 14:55:18 -07:00
David Garske 10b1884993 Added support for handling an OCSP response with multiple status responses. 2020-10-14 14:47:24 -07:00
toddouska 3f4bf9144b Merge pull request #3366 from SparkiDev/pkcs11_lookup
PKCS #11: improve key lookup
2020-10-14 14:22:56 -07:00
Tesfa Mael 5ac3e7d542 Process multiple ocsp responses 2020-10-14 01:10:07 -07:00
David Garske b68828d3c9 Merge pull request #3361 from tmael/ocsp-nocheck
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
Sean Parkinson f0db2c177e ECC mulmod: some curves can't do order-1
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
2020-10-13 09:55:35 +10:00
David Garske de6164df5a Merge pull request #3382 from ejohnstown/aes-clear
AES Clear Temp
2020-10-12 15:17:00 -07:00
David Garske 4396e10500 Merge pull request #3379 from ejohnstown/mfix
Maintenance Fixes
2020-10-12 14:53:56 -07:00
Chris Conlon 2a1efda140 Merge pull request #3380 from kojo1/mqx
minor fix for MQX, Kinetis
2020-10-12 14:03:20 -06:00
John Safranek 5ead4386b3 AES Clear Temp
ForceZero()'ed a couple local variables that have keying material at some point.
2020-10-12 10:30:34 -07:00
Tesfa Mael a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
Takashi Kojo ce97eadae1 fix for MQX 2020-10-11 06:57:33 +09:00
John Safranek aeeeb666a7 Maintenance Fixes
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
   changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
   variable getting the output in decodedCertCache_test().
2020-10-09 15:01:32 -07:00
Daniel Pouzzner 29d4de6307 fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244. 2020-10-09 12:42:14 -05:00
Daniele Lacamera 9cb2c9f1ac Fixed SHA256 support for IMX-RT1060 2020-10-09 13:36:53 +02:00
toddouska 8bc3d33c4e Merge pull request #3360 from SparkiDev/ecc_safe_add
ECC add points: more cases where add point is a double or infinity
2020-10-08 14:55:04 -07:00
toddouska f0c5fb76bb Merge pull request #3359 from ejohnstown/tfm-read-radix-16
TFM Read Radix 16 OOB Read
2020-10-08 14:52:42 -07:00
toddouska c69e9927fa Merge pull request #3354 from SparkiDev/mac_arm_asm_2
ARM ASM ChaCha20: Fix calc of left over bytes
2020-10-08 14:49:33 -07:00
toddouska 6b4b92a549 Merge pull request #3356 from embhorn/zd11044
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-08 14:48:28 -07:00
David Garske d33d100526 Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057 2020-10-08 13:07:07 -07:00
kaleb-himes d9eaeb4a3b Fix NTRU + QSH build 2020-10-08 09:13:00 -06:00
Sean Parkinson 15aa0a2f8c PKCS #11: improve key lookup
Refactor the find key by template to eliminate duplicate code.
Improve documentation.
Add more informative debugging information.
2020-10-08 13:36:30 +10:00
Sean Parkinson 4f6c1db9a2 Merge pull request #3355 from douzzer/enable-more-all
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
2020-10-08 09:52:56 +10:00
Sean Parkinson 257551b134 ECC add points: more cases where add point is a double or infinity
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
2020-10-08 09:26:10 +10:00
John Safranek 413b0d171d TFM Read Radix 16 OOB Read
Change the location of the update of the write index when in
fp_read_radix_16(). It will do multiple writes into a word, and update
the index when the word is full and there is more to write. If there
isn't more to write, the index isn't incremented. This ensures the used
value in the mp_digit is correct, and not off-by-one when the last word
is full.
2020-10-06 17:03:03 -07:00
Guido Vranken 4c5c1d5dac Improve StoreECC_DSA_Sig bounds checking 2020-10-06 23:11:50 +02:00
Eric Blankenhorn 6bc34cb1a8 Allow wolfSSL_EVP_get_hashinfo with x509small 2020-10-06 11:18:08 -05:00
Daniel Pouzzner 7fb8457459 fix whitespace. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner 70474659a0 wc_ShaFinal(): remove superfluous ret=0 when WOLF_CRYPTO_CB, complained by PRB-scan-build-distro-check. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner 79978f5c7a ecc_check_pubkey_order(): add missing braces. 2020-10-01 14:38:26 -05:00
Daniele Lacamera cec3d542d1 Rework of DCP after reviewer's comments.
- using wolfSSL_CryptHwMutexLock/UnLock as DCP mutex.
- fixed AES Free
- using separate per-channel key store
2020-10-01 11:36:03 -07:00
Daniele Lacamera ce62f46442 Fixed comments 2020-10-01 11:36:03 -07:00