Commit Graph

5005 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 82a9f74476 Compat updates
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
David Garske 5182e2a8c8 Merge pull request #4580 from kareem-wolfssl/minor_fixes
Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
David Garske f6c48bf7dc Merge pull request #4560 from kaleb-himes/OE30-OE31-non-fips-changes
OE30 and OE31 changes external to FIPS module for NetBSD builds
2021-11-19 15:49:30 -08:00
David Garske 34346bab4f Merge pull request #4579 from JacobBarthelmeh/PKCS7
BER size adjustment with PKCS7
2021-11-19 14:49:03 -08:00
Kareem 72d4dcce0f Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace. 2021-11-19 14:13:02 -07:00
Sean Parkinson 7e81372131 Merge pull request #4583 from dgarske/zd13242
Improve `ret` handling in the `ProcessPeerCerts` verify step.
2021-11-19 10:22:08 +10:00
David Garske 3054f20c6a Improve ret handling in the ProcessPeerCerts verify step. 2021-11-18 14:51:09 -08:00
kaleb-himes 4324cf8f0a Correct cast from uint to uchar 2021-11-18 10:18:25 -07:00
David Garske e33156d0dc Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES
OE33: Fix issues found by XCODE and add user_settings.h
2021-11-18 06:59:43 -08:00
Sean Parkinson 370570d19b ASN: DH private key encoding
Proper fix for sequence length when small keys.
2021-11-18 08:28:49 +10:00
Jacob Barthelmeh ddf06b8161 BER size adjustment with PKCS7 2021-11-17 12:03:32 -07:00
kaleb-himes f638df3575 Fix issues found by XCODE and add user_settings.h
Disable internal test settings by default
2021-11-17 11:00:56 -07:00
David Garske e8e0bc0d49 Merge pull request #4552 from SparkiDev/sp_mod_exp_zero
SP: mod_exp with exponent of 0 is invalid
2021-11-16 08:29:13 -08:00
Sean Parkinson 33a6b8c779 Merge pull request #4531 from dgarske/cryptocb_aesccm
Added crypto callback support for AES CCM
2021-11-16 22:45:11 +10:00
Sean Parkinson 8606788198 SP: mod_exp with exponent of 0 is invalid
Don't allow exponenetiation by 0 as it is cryptographically invalid and
not supported by the implementation.
Also check for even modulus in mod_exp.
2021-11-16 11:27:26 +10:00
Masashi Honma 6086728968 Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-16 09:57:02 +09:00
Masashi Honma f621defefe Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386
test_wc_DsaSignVerify() passes the tests but causes an error.

free(): invalid pointer

If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-16 09:56:56 +09:00
Sean Parkinson 64407bbd7d Merge pull request #4564 from rizlik/unused_ret_value_fix
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-16 08:56:47 +10:00
Sean Parkinson 79f18c7585 SP sync: Missing update 2021-11-15 08:33:14 +10:00
David Garske a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
John Safranek 4e20b93e72 Merge pull request #4556 from douzzer/updateFipsHash 2021-11-11 14:23:01 -08:00
John Safranek c702dab988 Merge pull request #4561 from haydenroche5/wc_prf_fix 2021-11-11 13:03:58 -08:00
Marco Oliverio 3ea4e35737 woflcrypt/src/rsa.c: check memory allocation return value 2021-11-11 16:25:03 +01:00
Hayden Roche 2f29ca1092 Make fixes/improvements to TLS PRF code.
Make `wc_PRF` return an error if it doesn't find a corresponding hash for the
passed in hash type. Currently, if `wc_PRF_TLS` is called with `NO_OLD_TLS`
defined, it will do nothing but still return success. Make it return an error
instead. These problems were uncovered when running the wolfEngine unit tests
with wolfSSL 5.0.0 FIPS Ready, which defines `NO_MD5` and `NO_OLD_TLS`.
2021-11-10 15:19:43 -08:00
kaleb-himes 6bb86cf4da OE30 and OE31 changes external to FIPS module for NetBSD builds 2021-11-10 15:16:21 -07:00
Daniel Pouzzner ed0418c2a8 fix whitespace. 2021-11-09 22:17:38 -06:00
Sean Parkinson 8e0fdc64be Merge pull request #4522 from dgarske/static_eph
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
David Garske 9a83842c29 Merge pull request #4536 from luizluca/refactor_nameconstraints-permit
ASN: refactor name constraints checks
2021-11-09 10:44:17 -08:00
David Garske df82b01e68 Added x448 static ephemeral support. 2021-11-09 08:27:42 -08:00
David Garske 5dac25f470 Eliminate EIGHTK_BUF use in asn. Cleanup uses of 0 in set_verify for callback. 2021-11-09 08:23:19 -08:00
Daniel Pouzzner f8565f26e2 fixes for --disable-harden. 2021-11-08 17:35:10 -06:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Luiz Angelo Daros de Luca 01335e2e1c ASN: refactor name constraints checks
Use the same logic for any type of name constraint.

It could be even cleaner if there were a altNamesByType[],
permittedNamesByType[] and excludedNamesByType[] in cert.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2021-11-08 20:29:18 -03:00
Sean Parkinson dd833807d8 Merge pull request #4523 from dgarske/nxp_se050_fixes
Fixes for NXP SE050 ECC create and key store id
2021-11-09 08:56:03 +10:00
David Garske 5a4577eb6c Merge pull request #4541 from SparkiDev/mp_hexchar_asm
SP, TFM: fixes
2021-11-08 14:49:02 -08:00
Sean Parkinson 49024b131e Merge pull request #4534 from JacobBarthelmeh/fuzzing
check size of values with sp_gcd
2021-11-09 08:40:21 +10:00
David Garske 67a11df15b Merge pull request #4548 from anhu/TlS
Fix capitalization.
2021-11-08 11:07:00 -08:00
Anthony Hu a28e44730c Fix capitalization. 2021-11-08 11:45:49 -05:00
John Safranek d46b140250 Merge pull request #4544 from dgarske/hmachash 2021-11-05 15:11:07 -07:00
David Garske 3941eea626 Fixes for peer review feedback. Improve the ECC key bit calculation. Improve the signature RS unsigned bin creation. 2021-11-05 14:53:20 -07:00
David Garske 7fca031346 Remove duplicate code in wc_HmacFree (looks like past merge error). 2021-11-05 08:20:39 -07:00
Sean Parkinson d01f0d7a4c DH encoding: use correct length for inner sequence
Only affect small DH keys (like 512 bits).
2021-11-05 15:02:14 +10:00
Sean Parkinson dc911b94e7 SP, TFM: fixes
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
2021-11-05 11:49:24 +10:00
Jacob Barthelmeh ca72beb688 check size of values with sp_gcd 2021-11-03 16:56:45 -06:00
David Garske b84edb5c67 Fixes for NXP SE050 testing with hardware. 2021-11-03 12:47:07 -07:00
Jacob Barthelmeh 7ca95bfaca additional checks on fp montgomery return value 2021-11-03 11:40:14 -06:00
David Garske e9fbd94150 Fix for _ecc_validate_public_key and unused parameters for partial and priv. 2021-11-03 08:10:37 -07:00
David Garske 495cac8ad7 Fixes for NXP SE050 key sizes and key id use. Related to #4526 2021-11-02 16:34:19 -07:00
David Garske 2abb2eae7d Changed NXP SE050 to not use symmetric offloading by default. If desired use WOLFSSL_SE050_HASH and WOLFSSL_SE050_CRYPT. 2021-11-02 12:00:24 -07:00
David Garske 82c106be80 Added crypto callback support for AES CCM. 2021-11-02 09:53:55 -07:00