wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 08:22:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,718 Commits 12 Branches 184 Tags
9cdbff8ee736dc2717340044054331cd576c1b35
Commit Graph

3834 Commits

Author SHA1 Message Date
JacobBarthelmeh
4efbb2fc70 Merge pull request #3418 from cconlon/zd11003 
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
 2020-11-16 18:14:41 +07:00
David Garske
d4e1340027 Merge pull request #3486 from douzzer/refactor-gccish-macros 
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
 2020-11-13 09:26:00 -08:00
David Garske
7f559b1d1a Merge pull request #3487 from ejohnstown/sbf 
Scan-Build Fixes
 2020-11-13 09:24:17 -08:00
John Safranek
28be1d0cb3 Scan-Build Fixes 
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.

To recreate:
    $ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
 2020-11-12 20:58:25 -08:00
John Safranek
1e348b991d Scan-Build Fixes 
1. Fix a potential dereference of NULL pointer.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
 2020-11-12 20:58:17 -08:00
Chris Conlon
53c6698678 Merge pull request #3445 from kojo1/EVP-gcm 
set tag for zero inl case
 2020-11-12 15:49:45 -07:00
Chris Conlon
735fb19ea9 break out on error parsing PKCS#7 SignedData inner OCTET_STRING 2020-11-12 15:44:25 -07:00
John Safranek
38867ae2bf Scan-Build Fixes 
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
 2020-11-12 10:24:11 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
toddouska
197c85289b Merge pull request #3468 from SparkiDev/sp_c_mul_d 
SP C32/64 mul_d: large div needs mul_d to propagate carry
 2020-11-11 14:06:25 -08:00
Daniel Pouzzner
f96fbdb7d1 sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions. 2020-11-11 13:44:26 -06:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
JacobBarthelmeh
fe2dcf76fe Merge pull request #3413 from cconlon/zd11011 
PKCS#7: check PKCS7 SignedData private key is valid before using it
 2020-11-11 22:55:03 +07:00
Takashi Kojo
417ff1b0f2 set tag for zero len case 2020-11-11 08:43:16 +09:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
Chris Conlon
c0c452b0a1 reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles 2020-11-06 16:36:58 -07:00
Kaleb Himes
937a7ce8ce Merge pull request #3448 from dgarske/crypto_cb 
Improve the crypto callback for ASN
 2020-11-06 15:26:11 -07:00
John Safranek
884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
toddouska
4110297b62 Merge pull request #3473 from embhorn/zd11198 
wc_SetIssuerRaw should copy raw subject to issuer
 2020-11-06 10:48:37 -08:00
toddouska
3f25cda354 Merge pull request #3469 from SparkiDev/cpuid_sp_asm 
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
 2020-11-06 10:34:40 -08:00
toddouska
f9ec7c472a Merge pull request #3440 from ejohnstown/ntf3 
Nightly Test Fix
 2020-11-06 10:15:23 -08:00
kaleb-himes
182a3e6bc2 Also addressing opensslall, pkcs7 and combinations 2020-11-05 17:29:30 -07:00
Eric Blankenhorn
a92e31f6cb Fix from review 2020-11-05 14:47:10 -06:00
Eric Blankenhorn
fa9a0a4b49 Copy raw subject to issuer 2020-11-05 09:06:02 -06:00
Daniel Pouzzner
5751319e00 fix various possibly spurious scan-build null deref reports. 2020-11-04 23:11:42 -06:00
Sean Parkinson
78309cd7aa SP C32/64 mul_d: large div needs mul_d to propagate carry 
Change implementation to pre-calc products to allow for reordering of
operations.
 2020-11-05 12:50:33 +10:00
Sean Parkinson
2588fe366e cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined 
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
 2020-11-05 11:16:27 +10:00
David Garske
00dd22adc4 Merge pull request #3464 from SparkiDev/sha512_valgrind_fix 
SHA-512 AVX2: use register for wk other than rsp
 2020-11-04 07:15:04 -08:00
Sean Parkinson
235ea98b90 SHA-512 AVX2: use register for wk other than rsp 
Valgrind thinks that stack values are uninitialised when the stack
pointer is added to.
The asm code was moving rsp around rather than use another register.
Put length to hash onto stack and use that register instead.
 2020-11-04 12:02:34 +10:00
toddouska
b76ac0b842 Merge pull request #3442 from SparkiDev/config_fix_2 
Configuration fixes
 2020-11-03 14:48:49 -08:00
toddouska
e52efc7a8a Merge pull request #3441 from SparkiDev/ecdsa_vfy_safe 
ECDSA verification: handle doubling of infinity
 2020-11-03 14:47:45 -08:00
toddouska
2acef1c114 Merge pull request #3436 from haydenroche5/chacha_msvc_fix 
Fix MSVC compile issue in chacha.c.
 2020-11-03 14:44:43 -08:00
toddouska
63bf5dc56c Merge pull request #3426 from SparkiDev/rsa_pss_fix 
RSA-PSS: Handle edge case with encoding message to hash
 2020-11-03 14:43:56 -08:00
toddouska
3cce86d7a8 Merge pull request #3420 from dgarske/small_pk 
ECC memory reductions with key and signature parsing
 2020-11-03 14:42:43 -08:00
toddouska
9f9901e10e Merge pull request #3417 from douzzer/fix-ipv6-ocsp-tests 
Fix ipv6 ocsp tests
 2020-11-03 14:38:32 -08:00
Sean Parkinson
b3f6c483bf SP C64/32: Fix define check 
WOLFSSL_SP_DH -> WOLFSSL_HAVE_SP_DH
 2020-11-03 08:42:55 +10:00
John Safranek
29c7351fe0 Merge pull request #3383 from kaleb-himes/ACVP_TESTING_UPDATE 
In ACVP testing NIST needs to see failed decryption output
 2020-11-02 10:42:28 -08:00
JacobBarthelmeh
a411dab74f Merge pull request #3410 from cconlon/zd11001 
PKCS#7: Reset variables correctly in VerifySignedData
 2020-11-02 11:33:52 +08:00
John Safranek
d24add10f2 Nightly Test Fix 
When performing a fast_mp_montgomery_reduce(), scan-build didn't like
that the destination buffer was fully zeroed out. We were only zeroing
what was expected to be used. This zeroes only the expected to be used
section of the output buffer.
 2020-11-01 18:58:05 -08:00
David Garske
64b081f3c9 Improve the SHA256 crypto callback for ASN, so a wc_Sha/wcSha256 context exists for certificate hashing. 2020-10-30 12:18:19 -07:00
David Garske
e4f3f8b80a Further tuning of the zero trim / is leading set logic for new ECC signature encoding/decoding API's. 2020-10-29 15:59:51 -07:00
David Garske
95c8a48285 Trim leading zero's first, then check for MSB being set. 2020-10-29 08:38:55 -07:00
Juliusz Sosinowicz
aff14091e0 AAD should be reset on Init call 2020-10-29 12:13:35 +01:00
Sean Parkinson
320afab227 Configuration fixes 
--enable-sp --enable-sp-asm --disable-fastmath:
    cpuid.h - check for WOLFSSL_SP_ASM as well

-enable-curve448 --enable-ed448 --disable-rsa --disable-dh
--enable-tls13 --disable-ecc --enable-certgen --enable-keygen:
    api.c - certificate loaded that was RSA but RSA disabled

--enable-sp --enable-sp-asm --enable-sp-math:
    cpuid.c - check for WOLFSSL_SP_ASM as well

--disable-shared --disable-ecc --disable-dh --enable-cryptonly
--enable-rsavfy --disable-asn --disable-rng --disable-filesystem:
    test.c - rsa_test()

'CC=clang -fsanitize=address' '-enable-distro' '--enable-stacksize':
testsuit.c - echoclient_test_wrapper needs to free ECC FP cache when
it is in a separate thread
 2020-10-29 16:21:06 +10:00
Sean Parkinson
32ea0910de ECDSA verification: handle doubling of infinity 2020-10-29 12:12:01 +10:00
David Garske
ef7a987759 Peer review fixes. 2020-10-28 17:09:15 -07:00
Daniel Pouzzner
7d177e78d7 don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c). 2020-10-28 17:28:05 -05:00