Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,458 Commits 12 Branches 184 Tags
b577984574dbb06992a9bbece9df32339fc4f7aa
Commit Graph

4918 Commits

Author SHA1 Message Date
Daniel Pouzzner
b577984574 rsa.c: fix whitespace. 2021-10-26 20:24:28 -05:00
David Garske
3fcdcbc1f9 Fix for RSA _ifc_pairwise_consistency_test to make the async blocking. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e61d88657d WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
10304c9143 linuxkm: portability fix in aes.c for SAVE_VECTOR_REGISTERS() call ("embedding a directive within macro arguments is not portable"). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c0778e5ad9 gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0f05a71bfb linuxkm: refactor SAVE_VECTOR_REGISTERS() macro to take a fail clause as an argument, to allow the preprocessor to completely eliminate it in non-kernel builds, and for backward compat with WCv5.0-RC8. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
342e319870 dsa.c: fix up comment spelling/typography in wc_MakeDsaKey(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
7a4ec22953 pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
255d2d650f rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9 add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
d39d389c6e aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87578262aa wolfcrypt smallstack refactors: 
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
ddda108de6 sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
ed33315f25 wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek
c31ed64eb5 Add guard around the public key check for DH to skip it when we have 
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
 2021-10-26 20:24:26 -05:00
John Safranek
b54459ace3 When the ECC PCT verify result is 0, the PCT fails. 2021-10-26 20:24:26 -05:00
John Safranek
175bab9a6f Add missed step in DH key pair generation. 2021-10-26 20:24:26 -05:00
John Safranek
f42106201a In the RSA PCT, initialize the plain output pointer. 2021-10-26 20:24:26 -05:00
John Safranek
aa3fb6f0d0 Update visibility on a SP math function for DH. 2021-10-26 20:24:26 -05:00
John Safranek
04ffd2ab45 Fixes: 
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
 2021-10-26 20:24:26 -05:00
John Safranek
3eaeaf3a57 Add sign/verify PCT to ECC. 2021-10-26 20:24:25 -05:00
John Safranek
9bf36f329a Add sign/verify PCT to RSA key gen. 2021-10-26 20:24:25 -05:00
John Safranek
5d7c6dda72 Restore the PCTs to ECC and DH. 2021-10-26 20:24:25 -05:00
John Safranek
1065d2accf Fix some Windows build warnings. 2021-10-26 20:24:25 -05:00
John Safranek
9022762e5a Check to see if a pointer is nonnull that is expected to be. 2021-10-26 20:24:25 -05:00
John Safranek
908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00
John Safranek
7af87e5b32 Restore the HKDF code to hmac.c. For compatibility between FIPS builds. 2021-10-26 20:24:25 -05:00
John Safranek
54a1b4c881 Remove redundant pairwise test from DH and ECC. 2021-10-26 20:24:25 -05:00
John Safranek
3b5c8231c2 Move the PCT down to where it used to be located as CheckKeyPair. 2021-10-26 20:24:25 -05:00
John Safranek
2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
John Safranek
86c040a3ae Rename the PCT error codes to remove 'FIPS' since they can be enabled without FIPS. 2021-10-26 20:24:25 -05:00
John Safranek
9c5607a677 Add guard around ECC PCT for builds without validate keygen. 2021-10-26 20:24:25 -05:00
John Safranek
133faea89a Hushed compiler warnings about unused variables. 2021-10-26 20:24:25 -05:00
John Safranek
a967cbcb7b 56Ar3 Testing Updates 
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
 2021-10-26 20:24:25 -05:00
John Safranek
976402e04b RNG Update 
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
 2021-10-26 20:24:25 -05:00
John Safranek
0c6d8cfc22 If the RNG seeding callback is missing or returns an error, the RNG instantiate fails. 2021-10-26 20:24:25 -05:00
John Safranek
c6486d7392 Removed an outdated comment. 2021-10-26 20:24:25 -05:00
John Safranek
a562db82ef 1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5. 
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
 2021-10-26 20:24:25 -05:00
John Safranek
c47e354eed Add callback option for RNG seeding. 2021-10-26 20:24:25 -05:00
John Safranek
a2f802199d DH key gen should call DH check key. 2021-10-26 20:24:25 -05:00
John Safranek
e3b2be5ea3 ECC key gen should call ECC check key. 2021-10-26 20:24:25 -05:00
John Safranek
1f67e4519c Restrict AES-GCM IV minimum size to 96-bits for newer FIPS builds. 2021-10-26 20:24:25 -05:00
John Safranek
17a4c891ce Add CASTs for TLSv1.2, TLSv1.3, and SSH KDFs. 2021-10-26 20:24:25 -05:00
John Safranek
e32c58d533 Add RSA PAT. 2021-10-26 20:24:25 -05:00
John Safranek
9656b83a03 Add ECDSA-KAT CAST. 2021-10-26 20:24:25 -05:00
John Safranek
e67bbf7526 1. Add flag to DH keys when using safe parameters. 
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
 2021-10-26 20:24:25 -05:00
John Safranek
7f64fc4efb Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-10-26 20:24:25 -05:00