wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 05:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,274 Commits 12 Branches 184 Tags
7eb840d61540acac0274ca2faaebed49fc91bce1
Commit Graph

14274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
7eb840d615 Merge pull request #4115 from SparkiDev/ed25519_openssl_fix 
ED25119 and SHAKE-256: fixes
 2021-06-11 10:41:51 -07:00
David Garske
b28aab4cf9 Merge pull request #4098 from SparkiDev/san_hw_name_fix 
Certs: fix leak when multiple hardware names in SAN
 2021-06-11 08:25:28 -07:00
David Garske
5a78574a8a Add new scripts to include.am. 2021-06-11 08:19:23 -07:00
Sean Parkinson
89156908da Merge pull request #4021 from embhorn/zd12233 
Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7
 2021-06-11 12:38:52 +10:00
Sean Parkinson
36a9cd3010 Merge pull request #3911 from TakayukiMatsuo/tk11851 
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
 2021-06-11 10:25:39 +10:00
Sean Parkinson
e720762b5a Merge pull request #4010 from JacobBarthelmeh/fuzzing 
fix for use after free issue on error cases
 2021-06-11 10:21:30 +10:00
Sean Parkinson
ed14e593c7 ED25119 and SHAKE-256: fixes 
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
 2021-06-11 10:13:31 +10:00
John Safranek
4e881a226a Merge pull request #4088 from julek-wolfssl/dtls-mtu-define 
Change magic number 100 bytes to an enum define
 2021-06-10 09:22:08 -07:00
David Garske
624e150c7b Merge pull request #3827 from SparkiDev/tls13_psk_hash 
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
 2021-06-10 06:59:40 -07:00
David Garske
2fc5b03d71 Merge pull request #4102 from danielinux/psoc6-sha-fixes 
[PSOC6_CRYPTO] Do not directly include psoc6 port header to prevent loops
 2021-06-10 06:57:17 -07:00
Sean Parkinson
3ecb8d5a3e Merge pull request #4062 from dgarske/dh_key 
DH Key and Params Export cleanups and Apache httpd fixes
 2021-06-10 20:54:32 +10:00
Sean Parkinson
56c317e1ab Merge pull request #4052 from elms/gcc11_fixes 
fixes for gcc 11 compile and other whitespace
 2021-06-10 15:51:04 +10:00
Sean Parkinson
7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske
c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
David Garske
a6edff7bd5 Merge pull request #4017 from SparkiDev/not_ecc_pk_cb 
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
 2021-06-09 12:38:37 -07:00
David Garske
c6fc709502 Merge pull request #4072 from SparkiDev/ecc_sp_c_mod_sub_fix 
SP C ECC: mont sub - always normalize after sub before check for add
 2021-06-09 12:36:46 -07:00
Eric Blankenhorn
a68542e6f4 Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7 2021-06-09 08:32:52 -05:00
Elms
5a54bb656b make macros for pragma to compile with gcc11 2021-06-08 19:20:20 -07:00
Sean Parkinson
d8cd7cbee1 Merge pull request #4024 from kabuobeid/zd12245 
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
 2021-06-09 10:06:02 +10:00
Sean Parkinson
c6646ae9c8 Merge pull request #4044 from julek-wolfssl/ZD12270 
Check for XREAD when XFREAD fails
 2021-06-09 09:48:25 +10:00
Sean Parkinson
50dca86dcf Merge pull request #3878 from JacobBarthelmeh/ECC 
add deterministic k generation for ECC sign
 2021-06-09 09:47:19 +10:00
Sean Parkinson
8fa4dedf97 Merge pull request #4096 from vaintroub/master 
MSVC, ARM64  - correct 64bit detection
 2021-06-09 09:40:47 +10:00
Sean Parkinson
32c215775a Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check 
ASN: Catch allocation failure in DecodeResponseData
 2021-06-09 09:38:53 +10:00
Sean Parkinson
9580574382 Merge pull request #3999 from dgarske/user_io 
Fixes for building with `WOLFSSL_USER_IO`
 2021-06-09 08:55:36 +10:00
Sean Parkinson
70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX 
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
 2021-06-09 08:52:05 +10:00
David Garske
ae4af3c681 Merge pull request #4071 from SparkiDev/fp_ecc_long_order 
ECC FP: cached doesn't work when order has more bits than prime
 2021-06-08 12:17:04 -07:00
David Garske
4a85127507 Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string). 2021-06-08 09:55:56 -07:00
David Garske
9b215c5138 Fixes for DH Pub key import/export and new test case. Improve wc_DhParamsToDer. 2021-06-08 09:27:30 -07:00
David Garske
6db0b42c7f * Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA. 
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
 2021-06-08 09:27:26 -07:00
David Garske
54d13f63c1 Merge pull request #4067 from haydenroche5/pkcs8 
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
 2021-06-08 09:21:53 -07:00
Jacob Barthelmeh
34d8073fbd remove dead code 2021-06-08 22:45:28 +07:00
David Garske
de70681229 Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1. 2021-06-08 08:41:36 -07:00
David Garske
61eae79f71 Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point 
ECDSA FP ECC: fix corner case
 2021-06-08 08:35:17 -07:00
David Garske
5586bc349c Merge pull request #4056 from SparkiDev/mp_int_rem_apis 
MP Integer: remove unsupported API prototypes
 2021-06-08 08:08:04 -07:00
David Garske
50e8509a36 Merge pull request #4037 from SparkiDev/prime_test_err_check 
TFM prime checking: check for more errors
 2021-06-08 08:06:37 -07:00
David Garske
9497c74283 Merge pull request #4081 from strongX509/master 
SHA3-based RSA signatures require SHA-3 hash OIDs
 2021-06-08 07:46:18 -07:00
TakayukiMatsuo
0186d19aba Fix some coding style issues. 2021-06-08 16:25:28 +09:00
Daniele Lacamera
6d1981abd1 Do not directly include psoc6 port header to prevent loops 2021-06-08 08:24:43 +02:00
Sean Parkinson
88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master 
OpenVPN additions and fixes
 2021-06-08 13:54:14 +10:00
Sean Parkinson
194b494741 Merge pull request #4034 from embhorn/zd12261 
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
 2021-06-08 12:15:30 +10:00
Sean Parkinson
b3352648dd Merge pull request #4097 from guidovranken/blake2-init-key-fixes 
Check return value in BLAKE2 key init functions
 2021-06-08 11:54:29 +10:00
Sean Parkinson
8ee1dda2f9 Merge pull request #4001 from dgarske/time_long 
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
 2021-06-08 11:17:55 +10:00
Sean Parkinson
23d733f837 Merge pull request #4063 from guidovranken/zd12328 
Fix length calculations in Base64_SkipNewline
 2021-06-08 10:55:15 +10:00
David Garske
3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing 
add strict check on signature length
 2021-06-07 11:02:02 -07:00
Guido Vranken
4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00
Jacob Barthelmeh
f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Sean Parkinson
e76ae2b8ac Certs: fix leak when multiple hardware names in SAN 
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
 2021-06-07 12:02:23 +10:00
Guido Vranken
96b7b193d7 Check return value in BLAKE2 key init functions 
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
 2021-06-07 03:34:44 +02:00
Guido Vranken
bd7b57783d Remove excess space characters 2021-06-07 03:20:16 +02:00
Sean Parkinson
898b9d5e24 Merge pull request #4084 from dgarske/sp_math_keygen 
Fix for building SP small math only (no DH) with key generation
 2021-06-07 10:48:01 +10:00