feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
13,526 Commits 28 Branches 172 Tags
c201b6801ce06d78236ca720e7df2c3989e18a23
Commit Graph

1270 Commits

Author SHA1 Message Date
David Garske
1b2b3de2c9 Fixes for missing free calls on hash tests. 2020-08-26 09:48:46 -07:00
David Garske
6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test. 2020-08-26 09:45:26 -07:00
Jacob Barthelmeh
bc58dde700 fix for serial number containing 0's and for RNG fail case 2020-08-26 00:03:39 -06:00
Sean Parkinson
3a25faea60 AES-CBC check for input size of 0 
Don't need to do anything when size is 0.
 2020-08-25 13:36:45 +10:00
Jacob Barthelmeh
c7136498ec add test case 2020-08-24 17:19:03 -06:00
David Garske
3fbaccc8a1 Fix for API unit test test_wolfSSL_X509_sign, which can have a varying length depending on if MSB is set. About 1 in 200 tests would fail. 2020-08-20 15:33:28 -07:00
David Garske
1d55b2f526 Fixes for several memory leaks related to HAVE_WOLF_BIGINT. 2020-08-20 14:25:06 -07:00
toddouska
028bddd7ab Merge pull request #3215 from ejohnstown/release-4.5.0 
Release Update
 2020-08-17 13:51:23 -07:00
John Safranek
3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
Sean Parkinson
bc74bfebdd Fixes from C++ and address access checking 
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
 2020-08-13 15:19:49 +10:00
toddouska
fa146870bd Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
toddouska
532c2f50e8 Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d 
Implement more OpenSSL compatibility functions
 2020-08-11 15:01:41 -07:00
Sean Parkinson
6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
Juliusz Sosinowicz
55d4817956 Jenkins fixes 2020-08-10 12:39:16 +02:00
Sean Parkinson
7bb2a69161 Fix memory leak in api.c 
When testing wc_ecc_import_raw(), the mp_int's in the ecc object are
initialized.
For small math, this throws away the allocated buffer.
Must free the object before importing.
 2020-08-10 12:42:46 +10:00
Sean Parkinson
920c97963c Fix Jenikins failure - ToTraditional not declared 
./configure --disable-asn --disable-ecc -disable-rsa --enable-psk
--enable-testcert
 2020-08-10 10:57:07 +10:00
David Garske
c0a664a8e5 Merge pull request #3200 from douzzer/20200805 
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
 2020-08-07 16:32:52 -07:00
toddouska
1724347f7a Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
toddouska
17cc941b29 Merge pull request #3195 from SparkiDev/sp_ecc_cache 
SP ECC Cache Resitance
 2020-08-07 15:35:06 -07:00
JacobBarthelmeh
dd6238fb77 Merge pull request #3174 from embhorn/zd10655 
Fix CheckAltNames to handle IP type
 2020-08-07 16:04:56 -06:00
Chris Conlon
b03e1dd2a9 Merge pull request #3197 from ethanlooney/19th_branch 
Added asn.c unit tests
 2020-08-07 09:25:50 -06:00
Eric Blankenhorn
064bfa583d Fix CheckAltNames to handle IP type 2020-08-07 10:12:56 -05:00
Daniel Pouzzner
f6acbd5f97 test_wc_curve25519_make_pub(): fix order of args to wc_curve25519_make_pub(). 2020-08-06 18:37:00 -05:00
toddouska
82d927d40f Merge pull request #3199 from dgarske/openssl_sha 
Fix for building openssl compat without SHA-1
 2020-08-06 15:59:26 -07:00
Daniel Pouzzner
0f59e632e1 tests/api.c: add test_wc_curve25519_make_pub(); fix some old stray tabs; remove weird extra string-terminating null in test_wolfSSL_sk_CIPHER_description(). 2020-08-06 17:52:48 -05:00
toddouska
4e9d49556e Merge pull request #3194 from SparkiDev/unit_fix_1 
Fix unit.test to not fail randomly
 2020-08-06 10:51:12 -07:00
Ethan Looney
77bb300409 Removed unnecessary pointers, matched Xfree arugments and checked the return values of generated keys 2020-08-06 09:21:41 -07:00
Ethan Looney
afcb40724e Added proper ifdef's to EccPrivateKeyToDer 2020-08-06 08:06:06 -07:00
Juliusz Sosinowicz
139a192185 Implement wolfSSL_d2i_X509_NAME 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ca3a608408 Implement functions 
- `wolfSSL_d2i_ECPrivateKey`
- `wolfSSL_EC_POINT_add`
- `wolfSSL_EC_POINT_invert`
 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
2529ce21b0 Implement wolfSSL_EC_GROUP_dup 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ea8dd31de0 Implement wolfSSL_i2d_PUBKEY and refactor wolfSSL_i2d_PrivateKey 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
1f0d6d5f31 New functions implemented 
- `EC_POINT_is_on_curve`
- `i2d_EC_PUBKEY`
- `i2d_ECPrivateKey`
- `wc_ecc_point_is_on_curve`
 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
e131d6be5b group->curve_nid is now set to the real NID of the curve 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
c28b7b59c3 Fix jenkins leaks 2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
ad2e710563 Fix missing free 2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
a6651a21f8 Fix segfault 2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
229c5e9563 wolfSSL_X509V3_EXT_i2d cont. 2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
fe1f815761 wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage 2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz
3621af9996 Implement new OpenSSL API 
- i2d_PKCS8PrivateKey_bio
- X509V3_EXT_i2d
- SSL_renegotiate_pending
 2020-08-06 13:45:36 +02:00
David Garske
4a167c0f2c Merge pull request #3119 from tmael/do178-fix 
DO-178 fix
 2020-08-05 16:30:00 -07:00
Sean Parkinson
8afd629a30 Fix unit.test to not fail randomly 
Get the serial number from the certificate to calculate the encoding size.
Fix making of the certificate to copy serial number out if not already set.
 2020-08-06 08:52:21 +10:00
Ethan Looney
9671901de6 Added a free call to SetSubjectBuffer 2020-08-05 15:52:09 -07:00
Sean Parkinson
83caf39caa SP ECC Cache Resitance 
SP ECC improved cache attack resistant implementation.
On by defualt and turn off with WC_NO_CACHE_RESISTANT.
 2020-08-06 08:21:08 +10:00
David Garske
c421445ba9 Added no SHA-1 hash support for OPENSSL compatibility. Fix for ./configure --enable-opensslextra --disable-sha. This allows using SHA2-256 for the hashing including the derived issuerHash and subjectHash. Adds issuer hash openssl compatibility function X509_issuer_name_hash. 2020-08-05 14:43:24 -07:00
Ethan Looney
49e5d8efea Added additional ifdef's to Ed25519 functions and cast derSz to word32 2020-08-05 12:31:50 -07:00
Ethan Looney
633e950942 Added asn.c unit tests 2020-08-05 10:57:32 -07:00
Ethan Looney
42856287ee Added check for wolfmath.c for digits == 0 and test for api.c 2020-08-04 13:25:10 -07:00
Chris Conlon
5641e2ae50 Merge pull request #3173 from ethanlooney/18th_branch 
Added unit tests for wolfmath.c
 2020-08-04 09:10:21 -06:00
Ethan Looney
7f381275b1 Removed comment and changed len equal to variables instead of numbers 2020-08-03 13:31:11 -07:00