Commit Graph

5428 Commits

Author SHA1 Message Date
David Garske d10e72bc98 Fix for KCAPI AES with WOLFSSL_NO_KCAPI_AES_CBC. 2022-03-29 12:50:28 -07:00
David Garske 1abcd4b035 Reduce KCAPI ECC page memory allocation sizes. 2022-03-28 15:40:07 -07:00
David Garske 05f377011b Fix for building with KCAPI AES enabled. 2022-03-28 15:05:58 -07:00
David Garske 12349f39e6 Merge pull request #4974 from kareem-wolfssl/iotsafe
IOTSafe workarounds
2022-03-28 13:49:44 -07:00
Kareem be938ed197 IoTSafe Workarounds: Address code review feedback. 2022-03-25 16:17:53 -07:00
JacobBarthelmeh 25d5a624d2 Merge pull request #4975 from cconlon/smallStack
smallstack cleanup for OpenSSL Compatibility Functions
2022-03-25 17:06:59 -06:00
John Safranek 0ee01f08bc Merge pull request #4984 from douzzer/20220325-multi-test-cleanup
20220325 multi-test fixes
2022-03-25 15:06:34 -07:00
David Garske 3af3274dcd Merge pull request #4982 from SparkiDev/sp_x64_improvements
SP ASM improvements
2022-03-25 13:04:01 -07:00
Daniel Pouzzner 008c8509c6 multi-test fixes: whitespace in wolfcrypt/src/random.c and wolfcrypt/test/test.c, bugprone-macro-parentheses and -Wenum-compare in WS_RETURN_CODE() (wolfssl/ssl.h), and clang-analyzer-deadcode.DeadStores in api.c. 2022-03-25 13:26:41 -05:00
Sean Parkinson 7eb95674ee Merge pull request #4966 from dgarske/kcapi
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
Sean Parkinson fd66f6bcec SP ASM improvements
Change Karatsuba implementations for x86_64.
Fix ECC code to better handle corner cases.
Add 'lower' versions of functions wehn an input is known to be less than m.
Add mont_add/dbl/tpl/sub for P384.
Change ECC point add to be cache-attack resistant.
Change mod_exp to be cache-attack resistant.
2022-03-25 10:04:25 +10:00
Sean Parkinson feb58a8455 Merge pull request #4956 from julek-wolfssl/bind-9.18.0
bind 9.18.0 fixes
2022-03-25 08:27:34 +10:00
Anthony Hu ceae169a34 Merge pull request #4969 from dgarske/pk_pubkey 2022-03-24 12:40:03 -04:00
Juliusz Sosinowicz 29c0c9bf48 Rebase fixes 2022-03-24 13:41:50 +01:00
Juliusz Sosinowicz ae9b01c5b8 bind 9.18.0 fixes
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
David Garske 6e550c8d75 Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size. 2022-03-23 09:37:50 -07:00
David Garske 8bafa7f601 Fix for KCAPI ECC sign (was not returning the signature, since ret always 0). 2022-03-23 09:37:50 -07:00
David Garske c9e3094cb0 Fixes for KCAPI ECC verify. Cleanup of the pubkey_raw. Fix KCAPI AES possible used uninitialized. 2022-03-23 09:37:50 -07:00
David Garske 8d695f97c9 Fix for KCAPI KcapiEcc_LoadKey parameter to kcapi_kpp_keygen. Added option to release handle on load. Fixes for KCAPI sign output length. Added additional argument checking. 2022-03-23 09:37:50 -07:00
David Garske 318350f63b Fix for ecc_check_privkey_gen with KCAPI. Fix KCAPI ECDSA to ensure we don't leak handle for multiple sign/verify calls. 2022-03-23 09:37:50 -07:00
David Garske 9f2dc408a0 Fixes for KCAPI AES GCM. Add guards for algorithm macros on KCAPI. 2022-03-23 09:37:50 -07:00
David Garske 1b0e5f4806 Allow disabling DRBG with KCAPI. Add KCAPI /dev/hwrng support. 2022-03-23 09:37:50 -07:00
Chris Conlon 210eb6283c smallstack reduction for wc_ecc_import_x963_ex, mp_jacobi 2022-03-21 14:43:43 -06:00
Chris Conlon 851ff9e661 smallstack reduction for PrintPubKeyRSA, PrintPubKeyDSA, PrintPubKeyDH 2022-03-21 14:43:43 -06:00
Chris Conlon 339e44bd87 smallstack reduction for wc_ecc_import_point_der_ex() 2022-03-21 14:43:43 -06:00
David Garske 59665a44b5 Fixes for allowing server to have a public key set when using external key with PK callbacks. 2022-03-21 13:14:24 -07:00
David Garske 29c120356e Sniffer asynchronous support.
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
Kareem af70edb99d Strip trailing zeroes from cert buffer when using IOTSAFE_NO_GETDATA. 2022-03-21 10:53:36 -07:00
David Garske c213c725d7 Merge pull request #4971 from SparkiDev/fp_div2_mod_ct_oob
TFM fp_div_2_ct: rework to avoid overflow
2022-03-21 09:11:41 -07:00
David Garske 08d6474878 Merge pull request #4954 from SparkiDev/rsa_fermat
RSA: check for small difference between p and q
2022-03-21 09:09:38 -07:00
David Garske b90df0a6aa Merge pull request #4951 from ejohnstown/wolfrand
wolfRand for AMD
2022-03-21 09:09:19 -07:00
Juliusz Sosinowicz 9763030675 Merge pull request #4845 from cconlon/pkcs7compat 2022-03-21 15:26:37 +01:00
Sean Parkinson 8dbd8b0ad6 RSA: check for small difference between p and q 2022-03-21 10:58:14 +10:00
Sean Parkinson aa14607a6f TFM fp_div_2_ct: rework to avoid overflow
Don't set the overflow word. Instead integrate the div by 2 into the
function so that the overflow word doesn't need to be stored.
2022-03-21 10:43:06 +10:00
Sean Parkinson 2f52d3cd20 Merge pull request #4965 from dgarske/aes_win_clang
Fixes for Windows AESNI with clang
2022-03-21 08:24:21 +10:00
Hayden Roche dcaa218ed8 Merge pull request #4927 from cconlon/upRef 2022-03-18 18:10:36 -07:00
Chris Conlon c491a6c829 EVP_PKEY_copy_parameters: correctly mark inner struct owned 2022-03-18 16:37:45 -06:00
Chris Conlon 582f0d82e4 address review feedback for PKCS7 compat additions 2022-03-18 12:07:44 -06:00
JacobBarthelmeh bfee3dffc6 Merge pull request #4967 from dgarske/pubkey_size
Fix for `wc_EccPublicKeyToDer` incorrectly requiring too much buffer
2022-03-18 09:22:52 -06:00
David Garske bb27fa4555 Fix for wc_EccPublicKeyToDer incorrectly requiring too much buffer. Merge error included old ASN code and incorrectly excluded ASN template. ZD13904. 2022-03-17 18:51:37 -07:00
Sean Parkinson ef66a12a24 Merge pull request #4961 from dgarske/cust_fixups
Various portability improvements (Time, DTLS epoch size, IV alloc)
2022-03-18 11:38:57 +10:00
David Garske b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske f954aef973 Fixes for Windows AESNI with clang. Improve 32-bit support. 2022-03-17 14:05:24 -07:00
David Garske 3fba5d17c3 Various portability improvements:
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
David Garske aa8e5a29d4 Merge pull request #4947 from cconlon/compatSmallStack
Stack/smallstack cleanup for OpenSSL compatibility functions
2022-03-15 16:47:23 -07:00
Chris Conlon a52539c489 Merge pull request #4958 from TakayukiMatsuo/example 2022-03-15 17:39:07 -06:00
John Safranek f80faebfe5 wolfRand for AMD
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
2022-03-15 15:20:08 -07:00
TakayukiMatsuo 365a4de154 Fix settings and removed warnings 2022-03-16 02:12:45 +09:00
Chris Conlon ce514e6fc5 add PKCS7_sign, PKCS7_final, SMIME_write_PKCS7. add signer cert verify support to PKCS7_verify, support for PKCS7_TEXT, PKCS7_DETACHED, PKCS7_STREAM 2022-03-15 10:21:22 -06:00
David Garske 2febed01a5 Merge pull request #4949 from SparkiDev/ssl_move_conf
ssl.c: move TXT and CONF APIs out into conf.c
2022-03-15 09:02:42 -07:00