Commit Graph

1359 Commits

Author SHA1 Message Date
David Garske 659d33fdaf Fixes for minor sniffer and async issues:
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
2022-04-18 11:46:40 -07:00
Sean Parkinson 284ebacc57 Merge pull request #4916 from JacobBarthelmeh/hsm
Add SECO use and expand cryptodev
2022-04-07 10:21:32 +10:00
David Garske 1b5af2fdd9 Merge pull request #5022 from SparkiDev/wycheproof_fixes
Wycheproof fixes/changes
2022-04-06 10:29:17 -07:00
JacobBarthelmeh 2a0b726c15 add AES init functions to ECB test case 2022-04-06 09:42:38 -07:00
JacobBarthelmeh 91d883d99f macro guard on ECB test case and use realloc for hash 2022-04-06 07:04:17 -07:00
Sean Parkinson e9187f5f00 Wycheproof fixes/changes
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
2022-04-06 15:35:01 +10:00
JacobBarthelmeh a338b4c933 refactor SHA grew function, revert benchmark devid, increase SHA_CTX size, add AES ECB cryptocb test 2022-04-05 14:45:18 -07:00
David Garske 4f5aa81031 Merge pull request #5000 from ejohnstown/tls13-wctest
Add TLSv1.3 KDF to wolfCrypt Test
2022-04-05 10:45:35 -07:00
John Safranek eefc0f2f57 Add TLSv1.3 KDF to wolfCrypt Test
Added a test for the TLSv1.3 KDF to the wolfcrypt test. It uses 6
different test cases from the CAVP tests. A set of 8 session keys are
generated using multiple exporters.
2022-04-05 08:56:15 -07:00
Daniel Pouzzner b2a2a8af4a fix whitespace. 2022-04-05 08:09:48 -05:00
Sean Parkinson c3a9520eb5 Merge pull request #5016 from dgarske/async_fixes
Fixes for async in wolfCrypt test
2022-04-05 07:56:08 +10:00
Hideki Miyazaki 8e4abb0011 addressed code review comment 2022-04-02 09:18:28 +09:00
David Garske 6ec0c22a28 Fixes for async in wolfCrypt test. 2022-04-01 12:04:31 -07:00
David Garske 99af84f1e2 Whitespace cleanups. 2022-04-01 09:36:53 +09:00
Hideki Miyazaki d3a379adac add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC 2022-04-01 09:36:52 +09:00
David Garske c905c613e9 Support for Intel QuickAssist ECC KeyGen acceleration. 2022-03-30 13:07:47 -07:00
Daniel Pouzzner 008c8509c6 multi-test fixes: whitespace in wolfcrypt/src/random.c and wolfcrypt/test/test.c, bugprone-macro-parentheses and -Wenum-compare in WS_RETURN_CODE() (wolfssl/ssl.h), and clang-analyzer-deadcode.DeadStores in api.c. 2022-03-25 13:26:41 -05:00
Sean Parkinson 7eb95674ee Merge pull request #4966 from dgarske/kcapi
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
John Safranek 14522f25ff Merge pull request #4904 from kaleb-himes/OE22_NS9210_FIX
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-03-24 16:07:23 -07:00
David Garske 6e550c8d75 Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size. 2022-03-23 09:37:50 -07:00
David Garske 5fe6f1c875 For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV. 2022-03-23 09:37:50 -07:00
David Garske b90df0a6aa Merge pull request #4951 from ejohnstown/wolfrand
wolfRand for AMD
2022-03-21 09:09:19 -07:00
JacobBarthelmeh 55b42dd85a Add SECO use and expand cryptodev 2022-03-17 12:04:52 -06:00
John Safranek f80faebfe5 wolfRand for AMD
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
2022-03-15 15:20:08 -07:00
Sean Parkinson 2c1ecacbfc TLS 1.3 script test: wait for server to write file
Also fixes for:
./configure --enable-psk --disable-rsa --disable-ecc --disable-dh
C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-shared --enable-curve448 --enable-ed448
--disable-rsa --disable-dh --enable-tls13 --disable-ecc --enable-certgen
--enable-keygen
2022-03-14 14:42:47 +10:00
Daniel Pouzzner 385ece92d8 ECCSI and SAKKE: fix smallstackcache memory leaks in library, and blue-moon undefined behavior bugs in test.c eccsi_test(() and sakke_test(). 2022-03-11 10:06:18 -06:00
Sean Parkinson 7006efe97f Merge pull request #4861 from JacobBarthelmeh/ECC
Deterministic ECDSA: fix for larger curve sizes
2022-03-07 08:26:35 +10:00
Jacob Barthelmeh a4a4bdc20f fix typo, add macro guard, remove dead code path 2022-03-04 10:49:11 -07:00
Jacob Barthelmeh d1212f9247 add P521 test case and fix for k generation 2022-03-03 10:44:24 -07:00
Sean Parkinson 1aff4399d1 Merge pull request #4899 from dgarske/kcapi
Improvements to KCAPI support
2022-03-01 08:52:55 +10:00
David Garske 9644a04db2 Peer review fix. 2022-02-28 11:32:12 -08:00
kaleb-himes ac7bd0aae8 Fix up random.h conflicts with cert 3389 releases and some NETOS issues 2022-02-28 12:09:50 -07:00
David Garske cc2eb0ab71 KCAPI Testing fixes. 2022-02-25 15:16:55 -08:00
David Garske a2381ba954 Adds CSR userId support in subject name. Minor build fixes for ASN template. 2022-02-25 14:22:59 -08:00
Sean Parkinson bb50777f1a ASN template: handle short OIDs
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
2022-02-24 15:36:56 +10:00
Sean Parkinson 2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
Jacob Barthelmeh a5ce2a33eb add macro guard around test case 2022-02-15 11:58:59 -07:00
Jacob Barthelmeh f0a0cd1078 fix for larger curve sizes with deterministic ECC sign 2022-02-14 09:55:38 -07:00
Daniel Pouzzner cbc253d713 wolfcrypt/test/test.c: gate ecc_encrypt_e2e_test() on !HAVE_FIPS || FIPS_VERSION_GE(5,3). 2022-02-10 16:00:52 -06:00
David Garske d1267b5203 Merge pull request #4805 from SparkiDev/ecies_aes_ctr
ECIES: add support for more encryption algorithms
2022-02-10 07:04:24 -08:00
Sean Parkinson e50f661639 ECIES: add support for more encryption algorithms
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
2022-02-10 09:54:22 +10:00
Daniel Pouzzner 1f69c52ce8 Merge pull request #4830 from dgarske/no_hmac
Fixes for building without HMAC
2022-02-07 22:26:38 -06:00
David Garske 56c562a516 Fixes for building with ./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make. Found this testing a customers configuration with latest. Also fixes some trailing whitespace. 2022-02-07 15:10:21 -08:00
Anthony Hu e47dd675af Fix tests to properly gate on ! NO_PWDBASED && ! NO_SHA 2022-02-07 14:44:26 -05:00
Marco Oliverio a7165907da psa: support AES 2022-02-04 21:45:38 +01:00
Marco Oliverio cebb127ac3 test: don't free AesXts struct in-between tests that reuse the key 2022-02-02 10:46:40 +01:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
David Garske 5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
David Garske 40fff86807 Merge pull request #4801 from tmael/cert_rr
cert subset improvements
2022-01-28 11:00:55 -08:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00