wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 04:02:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,274 Commits 12 Branches 184 Tags
7eb840d61540acac0274ca2faaebed49fc91bce1
Commit Graph

5049 Commits

Author SHA1 Message Date
David Garske
7eb840d615 Merge pull request #4115 from SparkiDev/ed25519_openssl_fix 
ED25119 and SHAKE-256: fixes
 2021-06-11 10:41:51 -07:00
David Garske
b28aab4cf9 Merge pull request #4098 from SparkiDev/san_hw_name_fix 
Certs: fix leak when multiple hardware names in SAN
 2021-06-11 08:25:28 -07:00
Sean Parkinson
ed14e593c7 ED25119 and SHAKE-256: fixes 
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
 2021-06-11 10:13:31 +10:00
David Garske
2fc5b03d71 Merge pull request #4102 from danielinux/psoc6-sha-fixes 
[PSOC6_CRYPTO] Do not directly include psoc6 port header to prevent loops
 2021-06-10 06:57:17 -07:00
Sean Parkinson
3ecb8d5a3e Merge pull request #4062 from dgarske/dh_key 
DH Key and Params Export cleanups and Apache httpd fixes
 2021-06-10 20:54:32 +10:00
Sean Parkinson
56c317e1ab Merge pull request #4052 from elms/gcc11_fixes 
fixes for gcc 11 compile and other whitespace
 2021-06-10 15:51:04 +10:00
David Garske
c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
David Garske
c6fc709502 Merge pull request #4072 from SparkiDev/ecc_sp_c_mod_sub_fix 
SP C ECC: mont sub - always normalize after sub before check for add
 2021-06-09 12:36:46 -07:00
Sean Parkinson
d8cd7cbee1 Merge pull request #4024 from kabuobeid/zd12245 
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
 2021-06-09 10:06:02 +10:00
Sean Parkinson
50dca86dcf Merge pull request #3878 from JacobBarthelmeh/ECC 
add deterministic k generation for ECC sign
 2021-06-09 09:47:19 +10:00
Sean Parkinson
32c215775a Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check 
ASN: Catch allocation failure in DecodeResponseData
 2021-06-09 09:38:53 +10:00
Sean Parkinson
70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX 
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
 2021-06-09 08:52:05 +10:00
David Garske
ae4af3c681 Merge pull request #4071 from SparkiDev/fp_ecc_long_order 
ECC FP: cached doesn't work when order has more bits than prime
 2021-06-08 12:17:04 -07:00
David Garske
4a85127507 Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string). 2021-06-08 09:55:56 -07:00
David Garske
9b215c5138 Fixes for DH Pub key import/export and new test case. Improve wc_DhParamsToDer. 2021-06-08 09:27:30 -07:00
David Garske
6db0b42c7f * Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA. 
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
 2021-06-08 09:27:26 -07:00
David Garske
54d13f63c1 Merge pull request #4067 from haydenroche5/pkcs8 
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
 2021-06-08 09:21:53 -07:00
David Garske
de70681229 Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1. 2021-06-08 08:41:36 -07:00
David Garske
61eae79f71 Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point 
ECDSA FP ECC: fix corner case
 2021-06-08 08:35:17 -07:00
David Garske
50e8509a36 Merge pull request #4037 from SparkiDev/prime_test_err_check 
TFM prime checking: check for more errors
 2021-06-08 08:06:37 -07:00
David Garske
9497c74283 Merge pull request #4081 from strongX509/master 
SHA3-based RSA signatures require SHA-3 hash OIDs
 2021-06-08 07:46:18 -07:00
Daniele Lacamera
6d1981abd1 Do not directly include psoc6 port header to prevent loops 2021-06-08 08:24:43 +02:00
Sean Parkinson
88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master 
OpenVPN additions and fixes
 2021-06-08 13:54:14 +10:00
Sean Parkinson
194b494741 Merge pull request #4034 from embhorn/zd12261 
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
 2021-06-08 12:15:30 +10:00
Sean Parkinson
b3352648dd Merge pull request #4097 from guidovranken/blake2-init-key-fixes 
Check return value in BLAKE2 key init functions
 2021-06-08 11:54:29 +10:00
Sean Parkinson
8ee1dda2f9 Merge pull request #4001 from dgarske/time_long 
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
 2021-06-08 11:17:55 +10:00
Sean Parkinson
23d733f837 Merge pull request #4063 from guidovranken/zd12328 
Fix length calculations in Base64_SkipNewline
 2021-06-08 10:55:15 +10:00
David Garske
3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing 
add strict check on signature length
 2021-06-07 11:02:02 -07:00
Guido Vranken
4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00
Jacob Barthelmeh
f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Sean Parkinson
e76ae2b8ac Certs: fix leak when multiple hardware names in SAN 
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
 2021-06-07 12:02:23 +10:00
Guido Vranken
96b7b193d7 Check return value in BLAKE2 key init functions 
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
 2021-06-07 03:34:44 +02:00
Guido Vranken
bd7b57783d Remove excess space characters 2021-06-07 03:20:16 +02:00
Guido Vranken
1af3f482cb Catch allocation failure in ASNToHexString 2021-06-06 19:52:15 +02:00
Guido Vranken
76e0a8666b Catch allocation failure in DecodeResponseData 2021-06-06 03:12:53 +02:00
David Garske
5d33161032 Fixes for RSA keygen with SP (no DH). Thanks Sean. 2021-06-04 13:32:59 -07:00
Jacob Barthelmeh
c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
David Garske
21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
Jacob Barthelmeh
66c7acb076 add use of heap hint for malloc 2021-06-03 23:38:30 +07:00
Andreas Steffen
0caf3ba456 SHA3-based RSA signatures require SHA-3 hash OIDs 
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
 2021-06-01 22:02:23 +02:00
kaleb-himes
94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Jacob Barthelmeh
ab07c55609 check on hmac free and add else if case for check if key is 0's 2021-05-28 16:27:54 +07:00
Sean Parkinson
c69665b999 ECDSA FP ECC: fix corner case 
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
 - copying the table point into the result,
 - setting z-ordinate to Montgomery form of 1,
 - double the result point in place.
 2021-05-28 13:06:20 +10:00
Jacob Barthelmeh
252971aad7 better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value 2021-05-27 17:27:15 +07:00
Sean Parkinson
4e88521a90 SP C ECC: mont sub - always normalize after sub before check for add 2021-05-27 11:08:05 +10:00
Sean Parkinson
6bf9a887e1 ECC FP: cached doesn't work when order has more bits than prime 
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
 2021-05-27 09:53:03 +10:00
John Safranek
1fe445368c Merge pull request #4069 from guidovranken/zd12349 
Several ASN decoder fixes
 2021-05-26 16:13:54 -07:00
Guido Vranken
1fbc3dc2d4 Heap-allocate additional CertStatus structs in DecodeResponseData 2021-05-26 21:41:47 +02:00
Guido Vranken
cfef249041 Several ASN decoder fixes 
See ZD 12349
 2021-05-26 20:15:32 +02:00
Hayden Roche
88370285cc Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8 
encrypted key.
 2021-05-26 10:48:14 -07:00