wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 03:42:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,598 Commits 12 Branches 184 Tags
64a1045dc391aa7dd2efa96841ebeff818887b3f
Commit Graph

2991 Commits

Author SHA1 Message Date
Sean Parkinson
64a1045dc3 Cleanup ParseCertRelative code 
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
 2019-12-19 08:53:24 +10:00
toddouska
6922d7031c Merge pull request #2685 from embhorn/coverity_fixes 
Coverity fixes
 2019-12-18 14:06:48 -08:00
toddouska
0057eb16f8 Merge pull request #2686 from ejohnstown/crl-skid 
Check name hash after matching AKID for CRL
 2019-12-18 13:48:59 -08:00
toddouska
573d045437 Merge pull request #2682 from SparkiDev/akid_name_check 
Check name hash after matching AKID
 2019-12-18 13:08:19 -08:00
Eric Blankenhorn
52893877d7 Fixes from review 2019-12-18 13:25:25 -06:00
John Safranek
6c6d72e4d6 Find CRL Signer By AuthKeyId 
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
 2019-12-18 10:17:51 -08:00
toddouska
b89121236f Merge pull request #2635 from dgarske/async_date 
Fix for async date check issue
 2019-12-18 09:34:08 -08:00
toddouska
74a8fbcff4 Merge pull request #2666 from SparkiDev/b64_dec_fix 
Bade64_Decode - check out length (malformed input)
 2019-12-18 09:30:41 -08:00
toddouska
c2e5991b50 Merge pull request #2681 from ejohnstown/crl-skid 
Find CRL Signer By AuthKeyId
 2019-12-18 09:29:17 -08:00
Sean Parkinson
c1218a541b Check name hash after matching AKID 
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
 2019-12-18 17:57:48 +10:00
Sean Parkinson
6ccd146b49 Bade64_Decode - check out length (malformed input) 2019-12-18 17:06:58 +10:00
toddouska
7e74d02da5 Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix 
PKCS#12 PBKDF - maximum tmp buffer size
 2019-12-17 16:48:08 -08:00
toddouska
ff026efe49 Merge pull request #2670 from SparkiDev/dec_pol_oid_fix 
DecodePolicyOID - check out index
 2019-12-17 16:47:36 -08:00
toddouska
892e951c8a Merge pull request #2669 from SparkiDev/name_joi_fix 
Decode X.509 name - check input length for jurisdiction
 2019-12-17 16:46:30 -08:00
toddouska
435d4bf427 Merge pull request #2658 from SparkiDev/asn_date_check 
Check ASN date characters are valid
 2019-12-17 16:39:35 -08:00
toddouska
f81ce71c25 Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer 
add --disable-errorqueue option
 2019-12-17 16:37:02 -08:00
toddouska
06563ed3fa Merge pull request #2642 from SparkiDev/sp_exptmod 
sp_int: support for more values in sp_exptmod
 2019-12-17 16:36:12 -08:00
John Safranek
037c319bab Find CRL Signer By AuthKeyId 
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
 2019-12-17 15:33:39 -08:00
toddouska
feeb18600f Merge pull request #2636 from SparkiDev/mp_exptmod_fixes 
Handle more values in fp_exptmod
 2019-12-17 15:22:24 -08:00
toddouska
138377f30e Merge pull request #2641 from SparkiDev/sp_c32_lshift 
Fix lshift in SP 32-bit C code - FFDHE
 2019-12-17 15:17:17 -08:00
toddouska
5ee9f9c7a2 Merge pull request #2637 from SparkiDev/ecc_cache_resist 
Improve wc_ecc_mulmod_ex cache attack resistance
 2019-12-17 15:16:16 -08:00
toddouska
028d9e5443 Merge pull request #2634 from SparkiDev/pkcs7_libz_fix 
Fix missing variable declaration
 2019-12-17 15:13:13 -08:00
David Garske
a176789f13 Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped. 2019-12-17 15:03:00 -08:00
Sean Parkinson
8d7d2c74ee PKCS#12 PBKDF - maximum tmp buffer size 
Use WC_MAX_BLOCK_SIZE - only an issue if PBKDF is using SHA-3
algorithms.
 2019-12-17 09:56:08 +10:00
Eric Blankenhorn
0bb8ae8564 Fixes for new defects in wolfCryot and wolfSSL (excluding test code) 2019-12-13 17:17:13 -06:00
David Garske
f2115b2c2b Merge pull request #2652 from ejohnstown/maintenance-error 
Maintenance: Error Strings
 2019-12-13 15:03:32 -08:00
Sean Parkinson
6a2975c742 DecodePolicyOID - check out index 2019-12-13 12:13:38 +10:00
Sean Parkinson
b3cbab4bf3 Decode X.509 name - check input length for jurisdiction 2019-12-13 11:55:15 +10:00
John Safranek
e7af2d2ba9 Fixed a couple initialization issues scan-build indicated. 2019-12-12 16:50:37 -08:00
Sean Parkinson
e063fb1631 sp_int.c: Strip leading zeros in sp_read_radix 2019-12-13 09:08:55 +10:00
Sean Parkinson
adc14f7552 sp_int: Check size of numbers for overflow 2019-12-12 18:36:23 +10:00
Jacob Barthelmeh
2e5258fe15 add --disable-errorqueue option 2019-12-11 11:19:58 -07:00
Sean Parkinson
dffb59ea52 sp_int: support for more values in sp_exptmod and fix 
SP C - fix mont reduce with fast mul_add
 2019-12-11 11:10:18 +10:00
toddouska
093a31ed49 Merge pull request #2655 from kaleb-himes/ZD-9592 
Remove forcing NO_SKID on unsuspecting CRL users
 2019-12-10 16:33:16 -08:00
Sean Parkinson
05dafd0adb Check ASN date characters are valid 2019-12-11 09:22:26 +10:00
kaleb-himes
2b66a9f1ec Address reviewed items 2019-12-09 14:44:59 -07:00
kaleb-himes
bbdf0d101f Improve Decoded CRL initialization 2019-12-07 04:23:02 -07:00
kaleb-himes
072fe8fd6d More complete fix for removing NO_SKID condition as default with CRL enabled 2019-12-07 03:39:57 -07:00
JacobBarthelmeh
05e672428d Merge pull request #2645 from cconlon/cmsrsacb 
CMS SignedData RSA sign callback for raw digest
 2019-12-06 17:13:32 -07:00
John Safranek
19a4371d48 Maintenance: Error Strings 
1. One of the error string was >80 bytes long. Shortened it.
2. The function that copies an error string to an output array needs to
ensure the string is still null terminated.
3. Added a check to the wolfCrypt test to see that error strings aren't
>= 80 bytes long.
 2019-12-06 09:53:39 -08:00
toddouska
9fd5628148 Merge pull request #2631 from SparkiDev/mp_invmod_fix 
mp_invmod handles more inputs
 2019-12-05 16:21:33 -08:00
toddouska
7e391f0fd5 Merge pull request #2629 from SparkiDev/dsa_blinding 
Blinding for DSA sign
 2019-12-05 16:20:21 -08:00
toddouska
4b31a180c8 Merge pull request #2626 from SparkiDev/sp_invmod_fixes 
Fix sp_invmod to handle more input values
 2019-12-05 16:18:55 -08:00
toddouska
8cc4c62c14 Merge pull request #2625 from SparkiDev/set_ser_num_2 
Support 20-byte serial numbers and disallow 0.
 2019-12-05 16:17:54 -08:00
toddouska
bd8a612d6c Merge pull request #2624 from ejohnstown/maintenance-ASN1 
Maintenance: ASN.1
 2019-12-05 16:16:42 -08:00
toddouska
7631fdafa1 Merge pull request #2612 from SparkiDev/sp_div_small_a 
sp_div improved to handle when a has less digits than d
 2019-12-05 16:14:05 -08:00
toddouska
6d40c20f2c Merge pull request #2609 from JacobBarthelmeh/Compatibility-Layer 
Fix for EVP CipherUpdate decrypt and add test case
 2019-12-05 16:12:26 -08:00
toddouska
312d5c98b3 Merge pull request #2535 from julek-wolfssl/nginx-1.15 
Nginx 1.15.0 & 1.16.1
 2019-12-05 14:40:45 -08:00
Chris Conlon
2063fa502f add CMS RSA sign callback for raw digest 2019-12-05 10:33:49 -07:00
Sean Parkinson
0552fbc5de Fix lshift in SP 32-bit C code - FFDHE 2019-12-05 09:08:30 +10:00