wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 07:42:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,649 Commits 12 Branches 184 Tags
41f134ae314a4a55cd39ff136ccfb08b9b11a22d
Commit Graph

3441 Commits

Author SHA1 Message Date
Jacob Barthelmeh
41f134ae31 update to ECC key parsing custom curves for Windows 2020-01-08 14:45:59 -07:00
toddouska
d257003341 Merge pull request #2711 from cconlon/copyright2020 
update copyright to 2020
 2020-01-07 08:40:15 -08:00
toddouska
190623cbb2 Merge pull request #2705 from dgarske/atecc_leak 
Fix for possible ECC memory leak when using ATECC and TLS
 2020-01-07 08:39:39 -08:00
toddouska
709d17904a Merge pull request #2693 from SparkiDev/mp_rand 
Improve speed of mp_rand
 2020-01-07 08:39:11 -08:00
toddouska
b7ac709617 Merge pull request #2692 from SparkiDev/rsa_gen_modinv 
Add blinding of mod inverse to RSA key gen
 2020-01-07 07:56:38 -08:00
David Garske
914cd00e40 Merge pull request #2717 from SparkiDev/sp_cortexm_r7 
Don't use r7 with Cortex-M SP assembly
 2020-01-07 05:28:43 -08:00
Sean Parkinson
34a462b342 Don't use r7 with Cortex-M SP assembly 
r7 not available when compiling Cortex-M4 in debug.
 2020-01-07 12:53:34 +10:00
JacobBarthelmeh
ce0475a8e0 Merge pull request #2689 from tmael/pkey_freeMutex 
Free EVP ctx pkey
 2020-01-06 23:15:00 +07:00
Sean Parkinson
75637445ee Improve speed of mp_rand 2020-01-06 09:39:29 +10:00
Chris Conlon
45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Tesfa Mael
f58a9e81e9 Cryptocell rsa improvements to sign/verify more digest types 2019-12-30 16:31:30 -08:00
David Garske
f51d940e34 Fix for ECC memory leak when using ATECC and non SECP256R1 curves for sign, verify or shared secret. Fixes #2701. 2019-12-30 08:35:30 -08:00
toddouska
3b7b71c9e0 Merge pull request #2700 from JacobBarthelmeh/HardwareAcc 
Hardware calls for DSP use
 2019-12-27 13:58:43 -08:00
toddouska
deac82c8ed Merge pull request #2683 from dgarske/various_items 
Various cleanups and fixes
 2019-12-27 13:53:39 -08:00
toddouska
95daec5326 Merge pull request #2633 from tmael/cc_310 
Update Cryptocell readme
 2019-12-27 12:58:19 -08:00
toddouska
78fa84be00 Merge pull request #2649 from SparkiDev/rsa_pubonly 
Fix RSA public key only builds
 2019-12-27 12:55:34 -08:00
toddouska
dd28f26c44 Merge pull request #2699 from JacobBarthelmeh/Testing 
big endian changes
 2019-12-27 12:52:30 -08:00
Eric Blankenhorn
b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
JacobBarthelmeh
ad9011a863 initial DSP build and success with Debug mode 
build dps with ARM neon 64

fix for release mode build

add in threading protection and seperate out rng

added callback function and updates to README

update default handle to lock, and add finished handle call

cleanup after veiwing diff of changes
 2019-12-23 14:17:58 -07:00
JacobBarthelmeh
ca59bc2d16 big endian changes 2019-12-23 12:33:59 -07:00
Tesfa Mael
99a7aff31e Increment pkey references count 2019-12-20 22:38:54 -08:00
Tesfa Mael
48e59eaeb1 Free EVP ctx pkey 2019-12-20 22:38:54 -08:00
Sean Parkinson
9d94b48056 Add blinding of mod inverse to RSA key gen 2019-12-20 12:17:42 +10:00
toddouska
45d55c8f38 Merge pull request #2676 from SparkiDev/sp_cortexm_perf 
Improve Cortex-M RSA/DH assembly code performance
 2019-12-19 15:03:59 -08:00
toddouska
51f956490f Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes 
Cleanup ParseCertRelative code
 2019-12-19 11:03:56 -08:00
toddouska
3342a19e29 Merge pull request #2578 from cariepointer/ZD-9478-and-9479 
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
 2019-12-19 10:59:05 -08:00
Sean Parkinson
36f697c93d Fix SP to build for different configurations 
Was failing:
  --enable-sp --enable-sp-math
  --enable-sp --enable-sp-math --enable-smallstack
 2019-12-19 15:15:19 +10:00
Sean Parkinson
64a1045dc3 Cleanup ParseCertRelative code 
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
 2019-12-19 08:53:24 +10:00
toddouska
6922d7031c Merge pull request #2685 from embhorn/coverity_fixes 
Coverity fixes
 2019-12-18 14:06:48 -08:00
toddouska
0057eb16f8 Merge pull request #2686 from ejohnstown/crl-skid 
Check name hash after matching AKID for CRL
 2019-12-18 13:48:59 -08:00
toddouska
573d045437 Merge pull request #2682 from SparkiDev/akid_name_check 
Check name hash after matching AKID
 2019-12-18 13:08:19 -08:00
Eric Blankenhorn
52893877d7 Fixes from review 2019-12-18 13:25:25 -06:00
John Safranek
6c6d72e4d6 Find CRL Signer By AuthKeyId 
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
 2019-12-18 10:17:51 -08:00
toddouska
b89121236f Merge pull request #2635 from dgarske/async_date 
Fix for async date check issue
 2019-12-18 09:34:08 -08:00
toddouska
74a8fbcff4 Merge pull request #2666 from SparkiDev/b64_dec_fix 
Bade64_Decode - check out length (malformed input)
 2019-12-18 09:30:41 -08:00
toddouska
c2e5991b50 Merge pull request #2681 from ejohnstown/crl-skid 
Find CRL Signer By AuthKeyId
 2019-12-18 09:29:17 -08:00
David Garske
22f0b145d3 Various cleanups and fixes: 
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
 2019-12-18 07:09:26 -08:00
Sean Parkinson
c1218a541b Check name hash after matching AKID 
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
 2019-12-18 17:57:48 +10:00
Sean Parkinson
6ccd146b49 Bade64_Decode - check out length (malformed input) 2019-12-18 17:06:58 +10:00
Tesfa Mael
69a0c1155f Review comment 2019-12-17 17:36:38 -08:00
toddouska
7e74d02da5 Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix 
PKCS#12 PBKDF - maximum tmp buffer size
 2019-12-17 16:48:08 -08:00
toddouska
ff026efe49 Merge pull request #2670 from SparkiDev/dec_pol_oid_fix 
DecodePolicyOID - check out index
 2019-12-17 16:47:36 -08:00
toddouska
892e951c8a Merge pull request #2669 from SparkiDev/name_joi_fix 
Decode X.509 name - check input length for jurisdiction
 2019-12-17 16:46:30 -08:00
toddouska
435d4bf427 Merge pull request #2658 from SparkiDev/asn_date_check 
Check ASN date characters are valid
 2019-12-17 16:39:35 -08:00
toddouska
f81ce71c25 Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer 
add --disable-errorqueue option
 2019-12-17 16:37:02 -08:00
toddouska
06563ed3fa Merge pull request #2642 from SparkiDev/sp_exptmod 
sp_int: support for more values in sp_exptmod
 2019-12-17 16:36:12 -08:00
John Safranek
037c319bab Find CRL Signer By AuthKeyId 
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
 2019-12-17 15:33:39 -08:00
toddouska
feeb18600f Merge pull request #2636 from SparkiDev/mp_exptmod_fixes 
Handle more values in fp_exptmod
 2019-12-17 15:22:24 -08:00
toddouska
138377f30e Merge pull request #2641 from SparkiDev/sp_c32_lshift 
Fix lshift in SP 32-bit C code - FFDHE
 2019-12-17 15:17:17 -08:00
toddouska
5ee9f9c7a2 Merge pull request #2637 from SparkiDev/ecc_cache_resist 
Improve wc_ecc_mulmod_ex cache attack resistance
 2019-12-17 15:16:16 -08:00