wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 23:59:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,466 Commits 12 Branches 184 Tags
ebde736ee742e2152268289b2d286077ff951ea7
Commit Graph

976 Commits

Author SHA1 Message Date
John Safranek
4364700c01 DH Fix 
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
 2020-10-16 15:35:23 -07:00
John Safranek
aeeeb666a7 Maintenance Fixes 
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
   changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
   variable getting the output in decodedCertCache_test().
 2020-10-09 15:01:32 -07:00
Daniel Pouzzner
29d4de6307 fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244. 2020-10-09 12:42:14 -05:00
toddouska
c69e9927fa Merge pull request #3354 from SparkiDev/mac_arm_asm_2 
ARM ASM ChaCha20: Fix calc of left over bytes
 2020-10-08 14:49:33 -07:00
kaleb-himes
d9eaeb4a3b Fix NTRU + QSH build 2020-10-08 09:13:00 -06:00
Sean Parkinson
f76165a3fa ARM ASM ChaCha20: Fix calc of left over bytes 2020-09-30 15:57:33 +10:00
John Safranek
dbf18b8532 Test ECC-521 Only 
Update benchmark and wolfcrypt test to support using only ECC-521 in a custom curve list.
 2020-09-28 09:22:24 -07:00
Sean Parkinson
c798c7f396 DH EXTRA test: Disable DH test unless not FIPS or FIPS > 2 
statickeys/dh-ffdhe2048.der is an alternate format that is supported
when WOLFSSL_DH_EXTRA is defined.
The decoding is not supported when FIPS and FIPS version is less than 3.
Fix test to not use file unless not FIPS or FIPS > 2.
 2020-09-25 11:41:59 +10:00
Daniel Pouzzner
62bbef2f2e wolfcrypt/test/test.c: add missing gating for -DBENCH_EMBEDDED. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
2609fa9aeb test.c:rsa_test(): fix cpp gating for clearing of keypub buffer. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5f972d2ae6 test.c: now that sp math is fixed and working in linuxkm, reenable prime_test() for WOLFSSL_LINUXKM, and add a small stack refactor for it. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8f130f3642 test.c: tweaks to accommodate clang's belligerent -Wparentheses-equality. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
447a238e8e test.c: missed a _SMALL_STACK spot in rsa_ecc_certgen_test(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5bfb5a3a83 test.c: fix missed spot in rsa_certgen_test(), and do another _SMALL_STACK refactor of a missed object in rsa_ecc_certgen_test(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
fdf87fe152 test.c: another missed spot. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
ebca451c93 test.c: missed a spot -- inadvertently unused return value. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
80961ea913 test.c:ecc_decode_test(): WOLFSSL_SMALL_STACK refactor 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
dbe0273bf4 test.c: additional WOLFSSL_SMALL_STACK refactoring, covering --enable-sp-math and various missed spots. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
cd88a2c7df wolfcrypt/test/test.c: when WOLFSSL_LINUXKM, don't do the large-malloc-incurring wc_scrypt()s in scrypt_test(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
dc4b15a265 test.c: fix gating on heap deallocation in hc128_test() to match earlier tweak to gating on allocation. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
b52d50d903 test.c: various improvements and fixes pursuant to dgarske's comments on PR #3244 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a80b0c1982 test.c: don't exclude prime_test when -DOLD_PRIME_CHECK, but to exclude it when -DWOLFSSL_LINUXKM. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
e8b69f8a6a dh_test(): fix missing casts for XMALLOC(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
f440089e92 dh_test(): fix typo (undersized dynamic buffers). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
f106fea0d8 rsa_no_pad_test(): fix uninited pointer. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
4ea8b46177 dh_test(): refactor remaining bare returns to ERROR_OUT(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
2ee218761e dh_test(): missed a spot in last commit. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
ca1a991de5 wolfcrypt/test/test.c: fix an error-path leak in dh_test(), and deal with possible -Wdeclaration-after-statement for XFILE file. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a7381f8a48 test.c:rsa_test(): fix uninited pointer 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
426de2101a more work on DECLARE_VAR -- proper handling of failed allocations. WIP. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
9b7c753165 wolfssl/wolfcrypt/types.h: make DECLARE_VAR() et al use heap allocation not only when WOLFSSL_ASYNC_CRYPT but also when WOLFSSL_SMALL_STACK. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
571bf897c4 wolfcrypt/test/test.c: stack->heap refactor for dh_test(). 2020-09-23 18:32:15 -05:00
David Garske
66b59bda9b Fix for expected fail test in openssl_test for partial block. Fix for mp_test with ECC disabled, which uses mp_init_copy. 2020-09-23 18:32:15 -05:00
David Garske
0f8cf32122 Fix for possible leak in openssl_test because EVP free not called with WOLFSSL_SMALL_STACK_CACHE (SHA256/SHA512). Added return code checking to the openssl_test in wolfCrypt test. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
32e30d23c6 wolfcrypt/test/test.c: fix uninitialized values in aesofb_test(). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
f56c6d1d8f wolfcrypt/test/test.c and wolfssl/test.h: implement DEBUG_STACK_SIZE_VERBOSE, measuring and reporting stack usage separately for each test. to use, ./configure --enable-stacksize && make CFLAGS+=-DDEBUG_STACK_SIZE_VERBOSE; also, remove a throwaway dev pragma that snuck into an earlier commit. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
925afe3b74 cast XMALLOC() return values assiduously, for Visual Studio compatibility. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
535822f4df wolfcrypt/test/test.c: refactor for stack size and namespace control, allowing embedding of wolfcrypt_test() in kernel module. 2020-09-23 18:32:15 -05:00
toddouska
8753b5b947 Merge pull request #3257 from kojo1/user-mutex 
fix guard, user define mutex
 2020-09-03 15:21:53 -07:00
toddouska
a626ac39f2 Merge pull request #3253 from SparkiDev/chacha20_stream_fix 
ChaCha20: Enable streaming with Intel x86_64 asm
 2020-09-03 15:18:00 -07:00
Sean Parkinson
54c8774103 ChaCha20: Enable streaming with Intel x86_64 asm 2020-08-31 09:06:51 +10:00
David Garske
21d17b17d0 Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test. 2020-08-27 12:01:24 -07:00
David Garske
6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test. 2020-08-26 09:45:26 -07:00
David Garske
083f143c89 Fixes for warnings with minimum ECC build. 2020-08-21 15:47:02 -07:00
David Garske
79c0fd3f29 Fix for ECC make key test not waiting for async completion. 2020-08-20 14:25:05 -07:00
David Garske
0011b7b376 Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with wc_DhKeyDecode and WOLFSSL_DH_EXTRA. Fix leak in dh_test with new call to DH key import. 2020-08-20 14:25:05 -07:00
John Safranek
3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
Sean Parkinson
6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
toddouska
462f4f9e45 Merge pull request #3196 from cconlon/cavpmarvell 
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
 2020-08-06 10:45:03 -07:00
David Garske
4a167c0f2c Merge pull request #3119 from tmael/do178-fix 
DO-178 fix
 2020-08-05 16:30:00 -07:00