wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 13:32:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,077 Commits 12 Branches 184 Tags
72a50b8d46bcee44f0e7e96b780cdce9a00a8058
Commit Graph

9077 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
toddouska
72a50b8d46 Merge pull request #2109 from dgarske/pkcs7_buf 
Fix for proper detection of PKCS7 buffer overflow case
 2019-02-25 13:02:09 -08:00
toddouska
b037334732 Merge pull request #2106 from dgarske/ecc_pubkey 
Adds `ECC_PUBLICKEY_TYPE` to the support PEM header types
 2019-02-22 12:09:10 -08:00
toddouska
04e3c4414d Merge pull request #2102 from SparkiDev/pkcs11_aes_cbc 
Add support to PKCS #11 for AES-CBC and NO_PKCS11 defines
 2019-02-22 12:07:23 -08:00
toddouska
9b125c5797 Merge pull request #2107 from JacobBarthelmeh/Compatibility-Layer 
remove null terminators on substrings
 2019-02-22 10:26:06 -08:00
David Garske
ee3eb8fb4c Fix for proper detection of buffer overflow case when calling wc_PKCS7_EncodeSignedData. 2019-02-21 13:32:28 -08:00
Jacob Barthelmeh
5932cdab15 cast on strlen return value 2019-02-21 13:04:38 -07:00
David Garske
5801e7773b Merge pull request #2108 from miyazakh/server_help_in_jp 
fixed examples/server to take additional parameter for "-?"
 2019-02-21 05:55:32 -08:00
Hideki Miyazaki
b68eab6450 fixed to take additioanl option for -? 2019-02-21 13:44:08 +09:00
Jacob Barthelmeh
18d3e04dbf remove null terminators on substrings 2019-02-20 16:39:18 -07:00
Sean Parkinson
b0957c68fb ForceZero the devKey field of Aes in PKCS#11 
Don't memset the key field of AES in PKCS#11.
 2019-02-21 08:22:56 +10:00
toddouska
9c9221432f Merge pull request #2087 from ejohnstown/aesgcm 
Update TLS for AES-GCM/CCM changes
 2019-02-20 11:43:06 -08:00
toddouska
b8dc772ef8 Merge pull request #2105 from dgarske/fix_stm_aesgcm 
Fix for STM32 AES GCM
 2019-02-20 09:23:11 -08:00
toddouska
3013cdd925 Merge pull request #2095 from SparkiDev/asm_macosx 
Get Mac OS X working with the x86_64 assembly files
 2019-02-20 09:19:29 -08:00
toddouska
025fba8ec6 Merge pull request #2093 from dgarske/tls13_async_dh 
Fix for TLSv1.3 with DH key share when using QAT
 2019-02-20 09:16:54 -08:00
toddouska
5d667ed1b8 Merge pull request #2075 from SparkiDev/port_zephyr 
Zephyr port of crypto
 2019-02-20 09:10:04 -08:00
David Garske
d81fb727a3 Adds ECC_PUBLICKEY_TYPE to the support PEM header types. Fixes #2097. 2019-02-20 08:40:57 -08:00
David Garske
ba14564c49 Fix for STM32 AES GCM, which was incorrectly using software crypto when authInSz != 16. The wc_AesGcmEncrypt_STM32 and wc_AesGcmDecrypt_STM32 functions correctly handle all variations of authInSz. 2019-02-19 15:38:09 -08:00
David Garske
c2fbef2f7f Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c. 2019-02-19 13:01:21 -08:00
David Garske
dc1f0d7822 Fix for DH with QuickAssist to only use hardware for supported key sizes. Fix in random.c for seed devId when building async without crypto callbacks. 2019-02-19 11:57:55 -08:00
Sean Parkinson
520ae52ece Add support to PKCS #11 for AES-CBC and NO_PKCS11 defines 
Added PKCS #11 specific defines to turn off support for algorithms.
 2019-02-19 13:50:12 +10:00
Sean Parkinson
e3997558a9 Fixes from review and added REAMEs and setup.sh 
Add README.md and setup.sh.
Add READMEs with license information.
 2019-02-19 11:47:45 +10:00
Sean Parkinson
5e1eee091a Add threaded samples using buffers and sockets 2019-02-19 11:47:45 +10:00
Sean Parkinson
4302c02e67 Include zephyr directories in the release 2019-02-19 11:47:44 +10:00
Sean Parkinson
2c447b24cd Fixes from review and add IDE files 2019-02-19 11:47:44 +10:00
Sean Parkinson
3366acc9ce Zephyr port of crypto 2019-02-19 11:47:44 +10:00
John Safranek
c0d1241786 Modify the TLSv1.3 calls to the AES-GCM and AES-CCM encrypt functions to 
use the FIPS compatible APIs with external nonce.
 2019-02-15 13:52:23 -08:00
toddouska
25dd5882f8 Merge pull request #2094 from dgarske/ecdsa_der_len 
Adds strict checking of the ECDSA signature DER encoding length
 2019-02-15 10:53:57 -08:00
toddouska
7275ee5f19 Merge pull request #2089 from SparkiDev/tls13_sup_ver 
Make SupportedVersions respect SSL_OP_NO_TLSv*
 2019-02-15 10:36:32 -08:00
toddouska
d9a5898e91 Merge pull request #2082 from SparkiDev/parse_kse 
Fix length passed to key share entry parsing
 2019-02-15 10:31:14 -08:00
toddouska
c04cade97c Merge pull request #2083 from JacobBarthelmeh/Testing 
Expected Configurations Test - NIGHTLY BUILD #505
 2019-02-15 10:23:55 -08:00
Sean Parkinson
16f31cf8c6 Get Mac OS X working with the x86_64 assembly files 2019-02-15 15:08:47 +10:00
Sean Parkinson
e47797f700 Make SupportedVersions respect SSL_OP_NO_TLSv* 2019-02-15 08:26:03 +10:00
David Garske
a9f29dbb61 Adds strict checking of the ECDSA signature DER encoding length. With this change the total signature size should be (sequence + r int + s int) as ASN.1 encoded. While I could not find any "must" rules for the signature length I do think this is a good change. 
If the old length checking method is desired `NO_STRICT_ECDSA_LEN` can be used. This would allow extra signature byes at the end (unused and not altering verification result). This is kept for possible backwards compatibility.

Per RFC6979: `How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).`

ANSI X9.62: ASN.1 Encoding of ECDSA:

```
ECDSA-Sig-Value ::= SEQUENCE {
  r INTEGER,
  s INTEGER
}
```

Fixes #2088
 2019-02-14 12:05:34 -08:00
John Safranek
e2d7b402e7 Update so TLSv1.3 will work. Needed to make the implicit IVs full sized 
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
 2019-02-14 12:04:32 -08:00
John Safranek
3223920fd9 Add a guard for AES-GCM and AES-CCM for the change in Encrypt for the 
AES-AEAD type and macros.
 2019-02-14 12:04:05 -08:00
John Safranek
cd7f8cc653 Update AES-GCM/CCM use in TLS with a wrapper to select the correct API 
depending on using old FIPS, or non-FIPS/FIPSv2.
 2019-02-14 12:04:05 -08:00
John Safranek
67e70d6cb6 Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on 
encrypt rather than take the IV as an input.
 2019-02-14 12:04:05 -08:00
David Garske
64cb07557d Merge pull request #2091 from SparkiDev/pkcs11_fixes 
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
 2019-02-14 09:49:02 -08:00
Sean Parkinson
5856d6b3dc Fix PKCS #11 AES-GCM and handling of unsupported algorithms 2019-02-14 17:06:15 +10:00
Jacob Barthelmeh
275667f0e9 remove ocsp attempt with ipv6 enabled 2019-02-13 19:01:09 -07:00
toddouska
46bb2591c8 Merge pull request #2070 from dgarske/fix_cryptocb 
Fixes and improvements to Crypto Callbacks and STM32 RNG performance
 2019-02-13 12:44:19 -08:00
David Garske
d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
toddouska
272181bc2e Merge pull request #2086 from dgarske/atecc_makekey 
Fix for ATECC make key case when `curve_id == 0`
 2019-02-13 09:52:54 -08:00
toddouska
817b82e453 Merge pull request #2084 from cconlon/cmsFeb19 
Changes for CMS signedData default signed attributes
 2019-02-13 09:49:55 -08:00
Chris Conlon
1fab970316 Merge pull request #2085 from miyazakh/esp-idf_fix_script 
modified esp-idf setup script to avoid unnecessary file copy
 2019-02-13 08:01:13 -07:00
David Garske
95db819d45 Fixes for warnings when building with --enable-pkcs11. 2019-02-12 16:05:48 -08:00
David Garske
e0b46734d6 Enhnacement to the tls_bench tool to support new -S command to indicate total size of data to exchange. Previously was just sending one packet back and forth. Imporved the shutdown handling code. 2019-02-12 16:03:10 -08:00
David Garske
1a8388641d Change new hash SetFlag/GetFlag API's to private. 2019-02-12 16:03:10 -08:00
David Garske
c9521b56f2 Fix warning about HAL_RNG_GenerateRandomNumber type. 2019-02-12 16:03:10 -08:00
David Garske
eb8a2f3a03 Minor fixes to CryptoCb wolfCrypt test for AES test and hash support for update/final in same callback. 2019-02-12 16:03:10 -08:00