Commit Graph

3672 Commits

Author SHA1 Message Date
kaleb-himes bbdf0d101f Improve Decoded CRL initialization 2019-12-07 04:23:02 -07:00
kaleb-himes 072fe8fd6d More complete fix for removing NO_SKID condition as default with CRL enabled 2019-12-07 03:39:57 -07:00
tmael 8450c4ae39 Merge pull request #2643 from ejohnstown/maintenance-prime
Maintentance: Prime
2019-12-06 18:50:51 -08:00
JacobBarthelmeh 05e672428d Merge pull request #2645 from cconlon/cmsrsacb
CMS SignedData RSA sign callback for raw digest
2019-12-06 17:13:32 -07:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
John Safranek 19a4371d48 Maintenance: Error Strings
1. One of the error string was >80 bytes long. Shortened it.
2. The function that copies an error string to an output array needs to
ensure the string is still null terminated.
3. Added a check to the wolfCrypt test to see that error strings aren't
>= 80 bytes long.
2019-12-06 09:53:39 -08:00
Sean Parkinson 2528121925 Fix RSA public key only builds
Client side only and no client auth
2019-12-06 20:42:27 +10:00
toddouska 9fd5628148 Merge pull request #2631 from SparkiDev/mp_invmod_fix
mp_invmod handles more inputs
2019-12-05 16:21:33 -08:00
toddouska 7e391f0fd5 Merge pull request #2629 from SparkiDev/dsa_blinding
Blinding for DSA sign
2019-12-05 16:20:21 -08:00
toddouska 4b31a180c8 Merge pull request #2626 from SparkiDev/sp_invmod_fixes
Fix sp_invmod to handle more input values
2019-12-05 16:18:55 -08:00
toddouska 8cc4c62c14 Merge pull request #2625 from SparkiDev/set_ser_num_2
Support 20-byte serial numbers and disallow 0.
2019-12-05 16:17:54 -08:00
toddouska bd8a612d6c Merge pull request #2624 from ejohnstown/maintenance-ASN1
Maintenance: ASN.1
2019-12-05 16:16:42 -08:00
toddouska 7631fdafa1 Merge pull request #2612 from SparkiDev/sp_div_small_a
sp_div improved to handle when a has less digits than d
2019-12-05 16:14:05 -08:00
toddouska 6d40c20f2c Merge pull request #2609 from JacobBarthelmeh/Compatibility-Layer
Fix for EVP CipherUpdate decrypt and add test case
2019-12-05 16:12:26 -08:00
toddouska 312d5c98b3 Merge pull request #2535 from julek-wolfssl/nginx-1.15
Nginx 1.15.0 & 1.16.1
2019-12-05 14:40:45 -08:00
John Safranek 2c0fda4168 Maintentance: Prime
1. Revisited the option enables around the wolfCrypt prime test. Added a
check for key generation to the check for public MP.
2019-12-05 12:23:42 -08:00
Tesfa Mael 4f8a37ef7b Remove wc_RsaSSL_VerifyInline from Cryptocell 2019-12-05 10:40:21 -08:00
Chris Conlon 2063fa502f add CMS RSA sign callback for raw digest 2019-12-05 10:33:49 -07:00
Sean Parkinson 0552fbc5de Fix lshift in SP 32-bit C code - FFDHE 2019-12-05 09:08:30 +10:00
John Safranek 44fc3e14b1 Maintenance: ASN.1
1. Fix some preprocessor flag checking for function EncodePolicyOID. It
also needs to be available for OpenSSL Compatibility.
2. Fix for a name string for a test that can get left in or out
incorrectly.
2019-12-04 10:26:37 -08:00
Sean Parkinson 2a0c037f98 Improve wc_ecc_mulmod_ex cache attack resistance 2019-12-04 11:08:28 +10:00
Sean Parkinson c5f9a601e8 Handle more values in mp_exptmod
Handle prime (modulus) of 0 and 1.
Handle exponent of 0.
Fix for base of 0 in fp_exptmod and hadnle base of 0 in mp_exptmod.
fp_exptmod - Don't modify X's sign during operation when passed in as negative.
2019-12-04 09:32:08 +10:00
Sean Parkinson fd4fb28a2e Fix missing variable declaration
--enable-scep --with-libz
PKCS#7 decompress code
2019-12-03 11:07:29 +10:00
Sean Parkinson b9a82204e2 Blinding for DSA sign 2019-12-03 09:36:33 +10:00
David Garske 7e45ae2ec6 Merge pull request #2621 from JacobBarthelmeh/SanityChecks
sanity check on "a" input to invmod
2019-12-02 10:57:01 -08:00
Sean Parkinson 204045223f Fix sp_invmod to handle more input values 2019-11-29 11:54:36 +10:00
Sean Parkinson bd7a572a8f mp_invmod handles more inputs
Value to invert: a
Modulus: b
integer.c - normal math
  - a is one, or a mod b is one
tfm.c - fast math
  - b is -ve (error), or b is zero
  - a is zero or a mod b is zero
2019-11-29 09:08:44 +10:00
Sean Parkinson 06ca07c79f Poly1305 AVX2 asm fix
Missed carry when converting from 26 in 64 bits to 64 in 64 bits.
2019-11-28 16:01:29 +10:00
Sean Parkinson 16ac0d8eb6 Support 20-byte serial numbers and disallow 0. 2019-11-28 10:21:48 +10:00
Sean Parkinson 245a2b7012 sp_int: clamp more results 2019-11-28 10:01:54 +10:00
Sean Parkinson dadbeff433 sp_int: When setting digit of 0, set used to 0 2019-11-28 10:01:54 +10:00
Sean Parkinson 2ac0ac8776 Fix for sp_div when a > d but same bit length 2019-11-28 10:01:54 +10:00
Sean Parkinson 8315ae892f sp_div improved to handle when a has less digits than d 2019-11-28 10:01:54 +10:00
toddouska b396ed0984 Merge pull request #2627 from SparkiDev/rsa_sign_vfy
Change signature generation to verify by default
2019-11-27 14:08:07 -08:00
toddouska e1ebb39296 Merge pull request #2618 from ejohnstown/maintenance-prime
Maintenance: Prime
2019-11-27 14:06:23 -08:00
toddouska ff85cc7740 Merge pull request #2622 from SparkiDev/ber_to_der_rework
Rework BER to DER to not be recursive
2019-11-27 14:05:36 -08:00
John Safranek cc722468be Maintenance: ASN.1
1. Add an additional check in GetCertHeader() to see that sigIndex is
bounded by maxIdx.
2019-11-27 10:43:51 -08:00
Juliusz Sosinowicz 9be1b4cfd8 Remove tabs 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 9064de1e75 Set proper WOLFSSL_ASN1_TIME in thisupd and nextupd in wolfSSL_OCSP_resp_find_status 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz a892f2a95a Changes for nginx 1.15
- ssl.c: add to check to overwrite existing session ID if found
- evp.c: wolfSSL_EVP_DecryptFinal* was checking for wrong value
2019-11-27 17:45:49 +01:00
Sean Parkinson 23878512c6 Change signature generation to verify by default 2019-11-27 10:47:03 +10:00
Sean Parkinson 776f4af7f6 Rework BER to DER to not be recursive 2019-11-27 10:20:32 +10:00
toddouska 1b63ab0e73 Merge pull request #2623 from SparkiDev/set_ser_rand
Generating serial number - clear top bit
2019-11-26 16:14:54 -08:00
John Safranek 2de52c7666 Maintenance: Prime
When returning a result from mp_prime_is_prime for normal math, the
result should be MP_YES or MP_NO, not a bare number (1 or 0).
2019-11-26 15:44:30 -08:00
toddouska 57df5c10c9 Merge pull request #2619 from dgarske/async_mem
Fix for Intel QuickAssist asynchronous build
2019-11-26 15:29:04 -08:00
toddouska 0d69950d07 Merge pull request #2615 from SparkiDev/mp_exptmod_neg_p
Handle negative modulus with negative exponent in exptmod
2019-11-26 15:20:54 -08:00
toddouska 5d41ef171c Merge pull request #2610 from ejohnstown/maintenance-DTLS
Maintenance: DTLS
2019-11-26 15:17:22 -08:00
John Safranek 55540c6bd3 Replace a compile option check around some filenames for certificate testing. 2019-11-25 16:13:01 -08:00
John Safranek 1ac0b1fc0b Maintenance: ASN.1
1. Undo an earlier change with respect to parsing a long length with
length zero. If BerToDer is disabled, this will be treated as a zero
length. With BerToDer enabled, the conversion will do the right thing.
2019-11-25 16:08:32 -08:00
John Safranek 5e0ca866df Maintenance: ASN.1
1. For certificates, when copying a member of a container, one shouldn't read
beyond the enclosing context.
2019-11-25 16:08:32 -08:00