Commit Graph

11142 Commits

Author SHA1 Message Date
toddouska 3b7b71c9e0 Merge pull request #2700 from JacobBarthelmeh/HardwareAcc
Hardware calls for DSP use
2019-12-27 13:58:43 -08:00
toddouska deac82c8ed Merge pull request #2683 from dgarske/various_items
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
toddouska 95daec5326 Merge pull request #2633 from tmael/cc_310
Update Cryptocell readme
2019-12-27 12:58:19 -08:00
toddouska 78fa84be00 Merge pull request #2649 from SparkiDev/rsa_pubonly
Fix RSA public key only builds
2019-12-27 12:55:34 -08:00
toddouska dd28f26c44 Merge pull request #2699 from JacobBarthelmeh/Testing
big endian changes
2019-12-27 12:52:30 -08:00
Juliusz Sosinowicz 38f466bdfe Keep untrustedDepth = 0 for self signed certs 2019-12-27 17:48:34 +01:00
John Safranek add7cdd4e2 Maintenance: Renegotiation
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
David Garske e8afcbf031 Merge pull request #2702 from embhorn/spelling
Correct misspellings and typos from codespell tool
2019-12-26 08:19:20 -08:00
Eric Blankenhorn 8580bd9937 CertManager verify callback
Execute verify callback from wolfSSL_CertManagerLoadCA
2019-12-26 09:29:03 -06:00
JacobBarthelmeh ac0acb3c37 fix for test case with big endian 2019-12-26 05:57:26 -07:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
JacobBarthelmeh ad9011a863 initial DSP build and success with Debug mode
build dps with ARM neon 64

fix for release mode build

add in threading protection and seperate out rng

added callback function and updates to README

update default handle to lock, and add finished handle call

cleanup after veiwing diff of changes
2019-12-23 14:17:58 -07:00
JacobBarthelmeh 5348ecb1f2 initial makefile and build with hexagon 2019-12-23 13:49:06 -07:00
JacobBarthelmeh ca59bc2d16 big endian changes 2019-12-23 12:33:59 -07:00
Tesfa Mael 99a7aff31e Increment pkey references count 2019-12-20 22:38:54 -08:00
Tesfa Mael 48e59eaeb1 Free EVP ctx pkey 2019-12-20 22:38:54 -08:00
toddouska 3f13b49fa3 Merge pull request #2695 from JacobBarthelmeh/Release
prepare for release v4.3.0
v4.3.0-stable
2019-12-20 11:10:34 -08:00
Jacob Barthelmeh e1433867ce fix for expected nightly config test report 2019-12-20 09:46:12 -07:00
Jacob Barthelmeh 5675a2b3c5 prepare for release v4.3.0 2019-12-20 08:43:34 -07:00
Sean Parkinson 9d94b48056 Add blinding of mod inverse to RSA key gen 2019-12-20 12:17:42 +10:00
toddouska 45d55c8f38 Merge pull request #2676 from SparkiDev/sp_cortexm_perf
Improve Cortex-M RSA/DH assembly code performance
2019-12-19 15:03:59 -08:00
John Safranek 6c7e86f366 Maintentance: DTLS
1. Client wasn't skipping a handshake state when the server sends a
hello without a hello verify. It ended up resetting the handshake hash
and resending Hello with its next messages.
2019-12-19 11:48:05 -08:00
toddouska 51f956490f Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes
Cleanup ParseCertRelative code
2019-12-19 11:03:56 -08:00
toddouska 3342a19e29 Merge pull request #2578 from cariepointer/ZD-9478-and-9479
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
2019-12-19 10:59:05 -08:00
David Garske 2aa8fa2de6 Merge pull request #2688 from kaleb-himes/GH2552
use const to declare array rather than variable sz - VS doesn't like …
2019-12-19 08:52:30 -08:00
JacobBarthelmeh e10ace21df Merge pull request #2690 from SparkiDev/sp_int_fixes_1
Fix SP to build for different configurations
2019-12-19 08:52:52 -07:00
Sean Parkinson 36f697c93d Fix SP to build for different configurations
Was failing:
  --enable-sp --enable-sp-math
  --enable-sp --enable-sp-math --enable-smallstack
2019-12-19 15:15:19 +10:00
kaleb-himes 95c0c1f2a5 use const to declare array rather than variable sz - VS doesn't like this 2019-12-18 16:08:26 -08:00
Sean Parkinson 64a1045dc3 Cleanup ParseCertRelative code
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
2019-12-19 08:53:24 +10:00
toddouska 6922d7031c Merge pull request #2685 from embhorn/coverity_fixes
Coverity fixes
2019-12-18 14:06:48 -08:00
toddouska 531fedfbb4 Merge pull request #2687 from ejohnstown/dtls-cap
DTLS Handshake Message Cap
2019-12-18 13:50:52 -08:00
David Garske 031e78e103 Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019
Add dox documentation for wc_ecc_make_key_ex
2019-12-18 13:49:57 -08:00
toddouska 0057eb16f8 Merge pull request #2686 from ejohnstown/crl-skid
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska 573d045437 Merge pull request #2682 from SparkiDev/akid_name_check
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
David Garske c054293926 Merge pull request #2684 from JacobBarthelmeh/build-tests
fix for g++ build warning
2019-12-18 12:09:29 -08:00
Eric Blankenhorn 52893877d7 Fixes from review 2019-12-18 13:25:25 -06:00
John Safranek 6c6d72e4d6 Find CRL Signer By AuthKeyId
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
kaleb-himes 2607cf3429 Fix up based on peer feedback 2019-12-18 10:55:20 -07:00
toddouska 5a04ee0d8b Merge pull request #2640 from dgarske/alt_chain
Fixes for Alternate chain processing
2019-12-18 09:38:45 -08:00
toddouska b89121236f Merge pull request #2635 from dgarske/async_date
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska 74a8fbcff4 Merge pull request #2666 from SparkiDev/b64_dec_fix
Bade64_Decode - check out length (malformed input)
2019-12-18 09:30:41 -08:00
toddouska c2e5991b50 Merge pull request #2681 from ejohnstown/crl-skid
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Jacob Barthelmeh b5f645ea00 fix for g++ build warning 2019-12-18 10:01:52 -07:00
David Garske 22f0b145d3 Various cleanups and fixes:
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
David Garske b126802c36 Clarify logic for skipping call to AddCA. 2019-12-18 06:04:26 -08:00
Sean Parkinson c1218a541b Check name hash after matching AKID
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
Sean Parkinson 6ccd146b49 Bade64_Decode - check out length (malformed input) 2019-12-18 17:06:58 +10:00
Tesfa Mael 69a0c1155f Review comment 2019-12-17 17:36:38 -08:00
John Safranek ef6938d2bc DTLS Handshake Message CAP
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
2019-12-17 16:55:58 -08:00
toddouska 7e74d02da5 Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix
PKCS#12 PBKDF - maximum tmp buffer size
2019-12-17 16:48:08 -08:00