wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 16:32:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,630 Commits 12 Branches 184 Tags
fce14ffddba9c43370cc42d1321ba7c65723bb81
Commit Graph

8515 Commits

Author SHA1 Message Date
Daniel Pouzzner
1b907d05ed WOLFSSL_DEBUG_TRACE_ERROR_CODES: restore several initializations, one because needed (in wolfSSL_UseSecureRenegotiation()), the rest in an abundance of caution, and rearrange wolfSSL_CryptHwMutexInit() and wolfSSL_CryptHwMutexUnLock() in a similar abundance of caution. 2024-06-10 13:44:03 -05:00
Daniel Pouzzner
b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
David Garske
e960a00650 Merge pull request #7625 from JacobBarthelmeh/x509 
sanity check on non conforming serial number of 0
 2024-06-07 08:33:38 -07:00
JacobBarthelmeh
467b3cb561 add parsing 0 serial numbers for certs with python 2024-06-06 16:24:48 -06:00
Daniel Pouzzner
71db561c96 wolfcrypt/src/port/riscv/riscv-64-aes.c: fix trailing whitespace. 2024-06-06 16:25:50 -05:00
Daniel Pouzzner
ef925b8b30 wolfcrypt/src/wc_kyber_poly.c: fix bugprone-macro-parentheses for FROM_MSG_BIT. 2024-06-06 16:21:32 -05:00
Daniel Pouzzner
d80f05bf77 Merge pull request #7624 from gasbytes/stack-on-calcdx 
update CalcDX with small-stack support
 2024-06-06 16:05:56 -04:00
JacobBarthelmeh
690d8f7f89 sanity check on non conforming serial number of 0 2024-06-06 13:22:57 -06:00
David Garske
b69482ffac Merge pull request #7569 from SparkiDev/riscv_aes_asm 
AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM
 2024-06-06 08:11:31 -07:00
Sean Parkinson
acd604db3d AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM 
Add implementations of AES for ECB/CBC/CTR/GCM/CCM for RISC-V using
assembly.
Assembly with standard/scalar cryptography/vector cryptographt
instructions.
 2024-06-06 13:16:00 +10:00
David Garske
5132a17fab Merge pull request #7613 from SparkiDev/kyber_fixes_2 
Kyber: fix kyber_from_msg()
 2024-06-05 17:28:39 -07:00
Daniel Pouzzner
92bbd651b6 rename wolfcrypt/src/fe_x25519_128.i to wolfcrypt/src/fe_x25519_128.h to avoid appearance as a cleanable intermediate. 2024-06-05 16:56:03 -05:00
Chris Conlon
70d317ec79 Merge pull request #7571 from rlm2002/internship 
Test case for wc_HpkeGenerateKeyPair() NULL argument
 2024-06-05 10:57:19 -06:00
gasbytes
589353f346 update CalcDX with small-stack support 2024-06-05 18:53:34 +02:00
Sean Parkinson
df44face56 Kyber: fix kyber_from_msg() 
New compilers with specific optimization levels will produce
non-constant time code for kyber_from_msg().
Add in an optimization blocker that stops the compiler from assuming
anything about the value to be ANDed with KYBER_Q_1_HALF.
 2024-06-04 22:20:22 +10:00
John Safranek
e8e6eaeb4d Import Raw Rsa Key 
1. Add API for importing an RSA private key, `wc_RsaPrivateKeyDecodeRaw()`,
   when all you have are the components of the key in raw arrays. Also
   recalculates dP and dQ if missing.
2. Add API test for `wc_RsaPrivateKeyDecodeRaw()`.
 2024-06-03 09:03:29 -07:00
gojimmypi
4d2ce1131a Fix for #7606: ESP_LOGI typo 2024-05-31 15:33:46 -07:00
JacobBarthelmeh
40562a0cb3 Merge pull request #7599 from dgarske/asn_checkcertsig 
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
 2024-05-31 09:20:35 -06:00
David Garske
0789ecb808 Fix the CheckCertSignature API mess. 2024-05-31 06:58:35 -07:00
Sean Parkinson
4b77d4caa1 Merge pull request #7589 from rizlik/sp800_56c 
wolfcrypt: support NIST 800-56C Option 1 KDF
 2024-05-31 11:55:12 +10:00
Sean Parkinson
fc8a509b06 Merge pull request #7597 from ColtonWilley/max_altnames_and_name_constraints 
Max limits on number of alternative names and name constraints
 2024-05-31 11:24:30 +10:00
David Garske
7fadd4ed9f Merge pull request #7595 from JacobBarthelmeh/static 
Pull in some staticmemory features
 2024-05-30 16:31:54 -07:00
JacobBarthelmeh
ebdc8b9a32 rename of macros, add descriptions, minor fixes 2024-05-30 14:48:52 -06:00
JacobBarthelmeh
34ca03770f still compile in wc_RsaKeyToDer with keygen but NO_CERTS 2024-05-30 09:58:25 -06:00
Marco Oliverio
174456437e wolcrypt: NIST_SP_800_56C address reviewer's comments 2024-05-30 11:39:49 +02:00
Colton Willey
a17677c946 Remove trailing whitespace 2024-05-29 21:29:55 -07:00
Colton Willey
af537a6ae3 Move definition to beginning of block 2024-05-29 17:02:29 -07:00
David Garske
0b7f293691 Expose wc_CheckCertSigPubKey with WOLFSSL_SMALL_CERT_VERIFY. 2024-05-29 16:32:31 -07:00
JacobBarthelmeh
cf61df129c fix typo with NO_CERTS macro 2024-05-29 17:08:01 -06:00
Colton Willey
b00ae2ac69 Initial implementation of max limits on number of alternative names and name constraints 2024-05-29 15:55:17 -07:00
JacobBarthelmeh
6cca3a0d92 tie in static memory debug callback 2024-05-29 15:50:14 -06:00
JacobBarthelmeh
288fe430f5 tying in lean staticmemory build with --enable-staticmemory=small 2024-05-29 15:50:11 -06:00
JacobBarthelmeh
18d80864b9 add lean static memory build 2024-05-29 15:44:09 -06:00
Marco Oliverio
8d41e68d1f fix: minor typos 2024-05-28 22:59:01 +02:00
Marco Oliverio
5306a85465 wolfcrypt: support NIST 800-56C Option 1 KDF 2024-05-28 14:40:52 +02:00
Daniel Pouzzner
8de00d7651 fix benign clang-analyzer-deadcode.DeadStores in pq crypto files introduced in 9a58301ab1. 2024-05-24 14:24:02 -05:00
David Garske
3b5517692e Merge pull request #7582 from aidangarske/hpke_test_fix 
Revert change from PR #7570
 2024-05-24 07:35:39 -07:00
David Garske
51f19f42c6 Merge pull request #7574 from douzzer/20240522-quantum-safe-linuxkm 
20240522-quantum-safe-linuxkm
 2024-05-24 07:35:01 -07:00
Ruby Martin
078fb66b29 Negative tests for all NULL arguments 2024-05-23 14:16:17 -06:00
Ruby Martin
b8838dca44 Tests all NULL argument cases 2024-05-23 13:36:48 -06:00
aidan garske
3670bfb9ae Revert change from PR #7570 2024-05-23 12:34:59 -07:00
Tobias Frauenschläger
d28dd602e5 Various fixes for dual algorithm certificates (#7577) 
This commit adds varios fixes for the implementation of hybrid
certificates with two algorithms:
* Support for Certificate Signing Requests (both creating hybrid ones
  and also verifying ones)
* Fix for SAN fields in the DecodedCert and PreTBS generation
* Fix related to WOLFSSL_SMALL_STACK

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-05-23 15:03:55 -04:00
Anthony Hu
b98e4e0093 Merge pull request #7576 from Frauschi/pqc_private_key_fix 
Fix PQC and hybrid certificate regressions
 2024-05-23 15:03:16 -04:00
Chris Conlon
e05dbd531e Merge pull request #7570 from jackctj117/test 
Code Coverage for hpke.c test case HAVE_CURVE448 using test.c
 2024-05-23 11:49:37 -06:00
Chris Conlon
688ae60cd9 Merge pull request #7573 from aidangarske/hpke_sha512_test 
Add test for HPKE for Curve448
 2024-05-23 11:46:30 -06:00
David Garske
40db521f8b Merge pull request #7575 from josepho0918/cmac 
Simplify CMAC verification logic
 2024-05-23 10:37:57 -07:00
Tobias Frauenschläger
9a58301ab1 Fix PQC and hybrid certificate regressions 
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
  file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
  decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
  CertificateVerify message have been incorrectly decoded as 32-bit
  values instead of 16-bit values. This resulted in wrong values,
  leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-05-23 16:01:28 +02:00
Joseph Chen
8a7e3ba52e Simplify CMAC verification logic 2024-05-23 15:12:10 +08:00
Daniel Pouzzner
5c497c62e7 initial linuxkm compatibility (no asm yet) for wc_kyber, wc_xmss, and wc_lms, and smallstack refactors for kyber512_kat(), kyber768_kat(), kyber1024_kat(), and kyber_test(). 2024-05-23 00:15:32 -05:00
Ruby Martin
f2492da6a4 include negative test comment and BAD_FUNC_ARG 2024-05-22 16:20:20 -06:00