wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 06:29:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,282 Commits 12 Branches 184 Tags
0f6ae330dade7d1ea7ab02340cd260ca706b4f9a
Commit Graph

13282 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
0f6ae330da wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table. 2021-01-28 22:51:28 -06:00
Sean Parkinson
91299c5abd Merge pull request #3701 from dgarske/pkcs7_devId 
Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
 2021-01-29 10:56:41 +10:00
David Garske
4f6deb8ae9 Merge pull request #3594 from haydenroche5/zd10911 
Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption i…
 2021-01-28 16:55:04 -08:00
Hayden Roche
fc845da9f0 Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g. 
during renegotiation).

This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
 2021-01-28 15:37:00 -06:00
David Garske
2bd63d27bf Fixes for PKCS7 with crypto callback (deviceId), where it was not being used for RSA and RNG. ZD 11163. 2021-01-28 09:52:13 -08:00
David Garske
311a0d25dd Merge pull request #3696 from JacobBarthelmeh/Testing 
fix for tested x509 small build
 2021-01-28 06:59:26 -08:00
Jacob Barthelmeh
bbcb98a8f7 fix for tested x509 small build 2021-01-27 23:00:24 +07:00
John Safranek
a1e083b5b1 Merge pull request #3689 from douzzer/fips-option-check-source 
configure.ac: check compatibility of chosen FIPS option with source
 2021-01-26 12:29:52 -08:00
John Safranek
d0e2566ad8 Merge pull request #3679 from julek-wolfssl/dtls-window 
Correct old DTLS msg rcv update
 2021-01-26 12:20:59 -08:00
Juliusz Sosinowicz
3d4f836c00 Correctly insert out of order msgs to queue 2021-01-26 15:12:08 +01:00
Daniel Pouzzner
a89087ed2d configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source. 2021-01-25 17:56:28 -06:00
toddouska
6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
toddouska
f91dcb950c Merge pull request #3670 from dgarske/keil 
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
 2021-01-25 14:57:05 -08:00
toddouska
27ef5b9a3d Merge pull request #3675 from SparkiDev/tls_no_ticket 
TLS Session Ticket: Option to disable for TLS 1.2 and below
 2021-01-25 14:54:10 -08:00
toddouska
f35f57c378 Merge pull request #3683 from SparkiDev/sp_int_mont_red_1 
SP math all: fix 1 word Montgomery Reduce
 2021-01-25 14:47:35 -08:00
toddouska
d201820e3a Merge pull request #3687 from guidovranken/x963-export-reject-invalid-keys 
Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export …
 2021-01-25 14:46:59 -08:00
toddouska
cf9e4f0caf Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2 
Fixes for openssh
 2021-01-25 14:45:56 -08:00
David Garske
05e1ee1694 Cleanup to use fixed sizes from defines for DECLARE_VAR. Resolves issue with Visual Studio and using a variable (even const) to declare an array size. 2021-01-25 09:14:12 -08:00
Guido Vranken
29f7eebef7 Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export functions 
Additionally, harmonize the failure conditions of wc_ecc_export_x963 and
wc_ecc_export_x963_compressed.
 2021-01-25 16:22:21 +01:00
Sean Parkinson
4f0ed55232 SP math all: fix 1 word Montgomery Reduce 
May have 3 words in partial result before shifting down.
 2021-01-25 10:19:27 +10:00
David Garske
fb9836ed28 Merge pull request #3678 from guidovranken/zd11556 
Fix wc_ecc_sign_hash memory leak. ZD 11556.
 2021-01-22 18:06:56 -08:00
David Garske
13468d34e3 Apply same VS fixes to api.c as well. 2021-01-22 10:50:18 -08:00
David Garske
46aee19de3 Fix for Visual Studio issue with non-cost in array declaration. 2021-01-22 10:44:38 -08:00
toddouska
920c443864 Merge pull request #3250 from JacobBarthelmeh/Benchmark 
add brainpool benchmark
 2021-01-22 10:08:21 -08:00
David Garske
cd4dae8f09 Merge pull request #3674 from ejohnstown/alerts 
Alerts
 2021-01-22 09:16:56 -08:00
Juliusz Sosinowicz
b918fb9efe Correct old DTLS msg rcv update 2021-01-22 14:33:33 +01:00
Jacob Barthelmeh
6fa1556daf guard -ecc-all with HAVE_SELFTEST macro 2021-01-22 16:13:31 +07:00
Guido Vranken
905f0b1f5a Fix wc_ecc_sign_hash memory leak. ZD 11556. 2021-01-22 09:55:30 +01:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
David Garske
9012317f5b Fix copy/paste typo. 2021-01-21 17:41:11 -08:00
David Garske
1ee40ad7bd Fix to always init the variable (not just when from heap). Cleanup of the DECLARE_ uses to make sure all allocations succeeded. 2021-01-21 17:12:29 -08:00
John Safranek
6f21995ec5 Alerts 
Expand the guard around sending the PSK identity alert with a more limited option than enabling it with all the other alerts.
 2021-01-21 16:42:54 -08:00
David Garske
4b47bf7b4e Merge pull request #3090 from lechner/utf8 
Convert a header file to UTF-8 encoding.
 2021-01-21 16:32:27 -08:00
David Garske
2017de1b0f Merge pull request #3617 from haydenroche5/cmake_user_settings 
Add support for user settings to CMake.
 2021-01-21 16:21:55 -08:00
David Garske
07f459b8d7 Merge pull request #3650 from kojo1/RsaSetRNG 
add wc_RsaSetRNG to doc
 2021-01-21 16:21:00 -08:00
David Garske
830b3cb676 Merge pull request #3653 from kojo1/fopen_binMode 
binary mode, fopen
 2021-01-21 16:20:07 -08:00
David Garske
aa64a8e835 Merge pull request #3672 from embhorn/zd11547 
Fix FIPS compile errors
 2021-01-21 16:08:53 -08:00
toddouska
1acd6dfab2 Merge pull request #3635 from SparkiDev/hmac_openssl_fix 
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
 2021-01-21 15:57:30 -08:00
toddouska
a8cfc23683 Merge pull request #3642 from SparkiDev/ecdsa_set_k_one_loop 
ECDSA set k: WOLFSSL_ECDSA_SET_K_ONE_LOOP only tries k and fails when…
 2021-01-21 15:56:36 -08:00
toddouska
5837d5e8de Merge pull request #3649 from dgarske/stm_aesgcm_perf 
STM32 AES GCM crypto hardware performance improvements
 2021-01-21 15:55:58 -08:00
toddouska
85f08466f9 Merge pull request #3655 from SparkiDev/ext_cache_sess 
SESSION: internal cache sessions can't be freed same as external
 2021-01-21 15:54:16 -08:00
toddouska
e9e96dff6a Merge pull request #3662 from embhorn/gh3659 
Check method for NULL
 2021-01-21 15:50:58 -08:00
toddouska
7b12dddf75 Merge pull request #3666 from SparkiDev/tls13_tick_before_group 
TLS 1.3: don't group and wait on send session ticket
 2021-01-21 15:49:52 -08:00
toddouska
22e6d52b7b Merge pull request #3667 from SparkiDev/sp_fixes_4 
SP int: fix _sp_mul_d inclusion checks
 2021-01-21 15:49:03 -08:00
toddouska
b825e51d23 Merge pull request #3664 from SparkiDev/sp_math_all_ppc64 
SP math all: Fixes for PPC64 compiler
 2021-01-21 15:48:34 -08:00
toddouska
848ae3e514 Merge pull request #3668 from SparkiDev/jenkins_fixes_2 
Compress: fix unused vars
 2021-01-21 15:46:30 -08:00
toddouska
344ad2a3f8 Merge pull request #3625 from SparkiDev/disable_alg_fix 
Disable algs: fix code to compile with various algs off/on
 2021-01-21 15:45:29 -08:00
John Safranek
fe7be3e15f Alerts 
Alerts the server sends between receiving the client's CCS message and before it sends its own CCS message should not be encrypted.
 2021-01-21 14:48:10 -08:00
David Garske
fbe5fe1945 Merge pull request #3669 from embhorn/gh3657 
Protect use of globalRNG
 2021-01-21 14:09:59 -08:00
John Safranek
3e4c3d13fe Merge pull request #3671 from julek-wolfssl/dtls-scr-2 
DTLS secure renegotiation fixes
 2021-01-21 13:37:05 -08:00