8898abcc99
Merge pull request #3378 from dgarske/zd11085
...
Fixes SSLv3 use of ECDH in sniffer
2020-10-14 14:30:15 -07:00
3f4bf9144b
Merge pull request #3366 from SparkiDev/pkcs11_lookup
...
PKCS #11 : improve key lookup
2020-10-14 14:22:56 -07:00
5ac3e7d542
Process multiple ocsp responses
2020-10-14 01:10:07 -07:00
232028d03b
Merge pull request #3386 from ejohnstown/dh-maint
...
Fuzz Fix
2020-10-13 15:47:11 -07:00
b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck
...
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing
...
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
422683f4c3
Fuzz Fix
...
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.
1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
successfully.
2020-10-13 10:15:58 -07:00
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
f0db2c177e
ECC mulmod: some curves can't do order-1
...
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
2020-10-13 09:55:35 +10:00
0d685e4f28
Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate
...
add wolfSSL_get_ocsp_producedDate().
2020-10-12 15:21:10 -07:00
de6164df5a
Merge pull request #3382 from ejohnstown/aes-clear
...
AES Clear Temp
2020-10-12 15:17:00 -07:00
4396e10500
Merge pull request #3379 from ejohnstown/mfix
...
Maintenance Fixes
2020-10-12 14:53:56 -07:00
1f78297c5c
Merge pull request #3372 from miyazakh/Renesas_APRA6M
...
added set up guide for APRA6M board
2020-10-12 14:23:06 -06:00
2a1efda140
Merge pull request #3380 from kojo1/mqx
...
minor fix for MQX, Kinetis
2020-10-12 14:03:20 -06:00
8826823724
In ACVP testing NIST needs to see failed decryption output
2020-10-12 12:05:44 -06:00
5ead4386b3
AES Clear Temp
...
ForceZero()'ed a couple local variables that have keying material at some point.
2020-10-12 10:30:34 -07:00
0ca202f389
Rename SKIP_SUITE to something more descriptive. Add some comments.
2020-10-12 09:49:02 -07:00
a4bfa0dec7
Add support for id-pkix-ocsp-nocheck
2020-10-11 19:47:50 -07:00
ce97eadae1
fix for MQX
2020-10-11 06:57:33 +09:00
9de5eea1d9
configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes.
2020-10-09 22:18:51 -05:00
bf59d169dd
Update include.am to include new README files
2020-10-10 09:57:05 +09:00
a05a305d70
Fix unused parameters in SKIP_SUITE.
2020-10-09 15:59:14 -07:00
6cfb038d11
Fix a bad ifdef.
2020-10-09 15:54:44 -07:00
2d85061c47
Maintenance Fixes
...
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
2020-10-09 15:01:39 -07:00
d8299e2764
Maintenance Fixes
...
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
2020-10-09 15:01:38 -07:00
aeeeb666a7
Maintenance Fixes
...
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
variable getting the output in decodedCertCache_test().
2020-10-09 15:01:32 -07:00
724eb96047
Merge pull request #3377 from douzzer/PR3371
...
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 15:00:15 -07:00
f3fbb921c0
Fixes SSLv3 use of ECDH. The public key length byte needs to be skipped for import with SSLv3 and TLS (not TLS v1.3). ZD 11085
2020-10-09 12:01:41 -07:00
29d4de6307
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 12:42:14 -05:00
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
3e69318ac7
Merge pull request #3373 from danielinux/imx-rt1060-shaonly-fix
...
Fixed SHA256 support for IMX-RT1060
2020-10-09 09:30:11 -07:00
9cb2c9f1ac
Fixed SHA256 support for IMX-RT1060
2020-10-09 13:36:53 +02:00
1765eeddb2
added set up guide for APRA6M board
...
added TLS 1.3 settings into user_settings.h
2020-10-09 19:52:20 +09:00
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
7a77b6d990
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-08 22:47:16 -05:00
e162d0f889
add wolfSSL_get_ocsp_producedDate().
2020-10-08 22:47:16 -05:00
4d11e3c83b
Merge pull request #3365 from SparkiDev/ticket_align
...
SSL session ticket: decrypted ticket access aligned
2020-10-08 15:01:41 -07:00
8bc3d33c4e
Merge pull request #3360 from SparkiDev/ecc_safe_add
...
ECC add points: more cases where add point is a double or infinity
2020-10-08 14:55:04 -07:00
f0c5fb76bb
Merge pull request #3359 from ejohnstown/tfm-read-radix-16
...
TFM Read Radix 16 OOB Read
2020-10-08 14:52:42 -07:00
c69e9927fa
Merge pull request #3354 from SparkiDev/mac_arm_asm_2
...
ARM ASM ChaCha20: Fix calc of left over bytes
2020-10-08 14:49:33 -07:00
6b4b92a549
Merge pull request #3356 from embhorn/zd11044
...
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-08 14:48:28 -07:00
e0f3ceefa2
Merge pull request #3349 from vaintroub/remove_gccism
...
#3348 - Fix MSVC build
2020-10-08 14:47:15 -07:00
8a57eead51
Add AES CCM support to sniffer. ZD 11078.
2020-10-08 13:58:31 -07:00
d33d100526
Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057
2020-10-08 13:07:07 -07:00
46f8f53268
Merge pull request #3367 from kaleb-himes/NTRU_MAINTENANCE
...
Fix NTRU + QSH build
2020-10-08 14:04:21 -06:00
d9eaeb4a3b
Fix NTRU + QSH build
2020-10-08 09:13:00 -06:00
15aa0a2f8c
PKCS #11 : improve key lookup
...
Refactor the find key by template to eliminate duplicate code.
Improve documentation.
Add more informative debugging information.
2020-10-08 13:36:30 +10:00
4f6c1db9a2
Merge pull request #3355 from douzzer/enable-more-all
...
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
2020-10-08 09:52:56 +10:00
257551b134
ECC add points: more cases where add point is a double or infinity
...
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
2020-10-08 09:26:10 +10:00
8d82fb2add
SSL session ticket: decrypted ticket access aligned
...
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
2020-10-08 08:56:49 +10:00
toddouska
Tesfa Mael
David Garske
John Safranek
Jacob Barthelmeh
Sean Parkinson
Chris Conlon
kaleb-himes
Takashi Kojo
Daniel Pouzzner
Hideki Miyazaki
Daniele Lacamera