6d1981abd1
Do not directly include psoc6 port header to prevent loops
2021-06-08 08:24:43 +02:00
88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master
...
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
194b494741
Merge pull request #4034 from embhorn/zd12261
...
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-06-08 12:15:30 +10:00
b3352648dd
Merge pull request #4097 from guidovranken/blake2-init-key-fixes
...
Check return value in BLAKE2 key init functions
2021-06-08 11:54:29 +10:00
8ee1dda2f9
Merge pull request #4001 from dgarske/time_long
...
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
23d733f837
Merge pull request #4063 from guidovranken/zd12328
...
Fix length calculations in Base64_SkipNewline
2021-06-08 10:55:15 +10:00
5c01613acb
Add GCC extension to bypass select -pedantic warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
9fadc21e0f
add version print out
2021-06-08 04:18:22 +07:00
3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing
...
add strict check on signature length
2021-06-07 11:02:02 -07:00
4e318ade36
In wc_PBKDF1_ex, break out of outer loop on error
2021-06-07 16:21:02 +02:00
f97ca1c1ca
adjust test case and add useful comments
2021-06-07 19:44:05 +07:00
e76ae2b8ac
Certs: fix leak when multiple hardware names in SAN
...
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
2021-06-07 12:02:23 +10:00
96b7b193d7
Check return value in BLAKE2 key init functions
...
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
2021-06-07 03:34:44 +02:00
bd7b57783d
Remove excess space characters
2021-06-07 03:20:16 +02:00
1af3f482cb
Catch allocation failure in ASNToHexString
2021-06-06 19:52:15 +02:00
8cb576009d
Improve bounds check in EncodePolicyOID
2021-06-06 04:07:02 +02:00
a1257429bd
Improve checking of XSNPRINTF return value in DecodePolicyOID
2021-06-06 03:54:15 +02:00
76e0a8666b
Catch allocation failure in DecodeResponseData
2021-06-06 03:12:53 +02:00
5d33161032
Fixes for RSA keygen with SP (no DH). Thanks Sean.
2021-06-04 13:32:59 -07:00
c245c4a812
add strict check on signature length
2021-06-05 03:09:33 +07:00
9ef43c5aff
add dynamic setup of entropy delay on init
2021-06-05 00:41:10 +07:00
21060afb80
Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error.
2021-06-03 10:56:54 -07:00
66c7acb076
add use of heap hint for malloc
2021-06-03 23:38:30 +07:00
195ca2b3f0
Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal
2021-06-03 20:02:48 +09:00
eb63ab19e2
Fix for mp_mulmod with NXP LTC.
2021-06-01 16:33:58 -07:00
0caf3ba456
SHA3-based RSA signatures require SHA-3 hash OIDs
...
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
2021-06-01 22:02:23 +02:00
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
ab07c55609
check on hmac free and add else if case for check if key is 0's
2021-05-28 16:27:54 +07:00
c69665b999
ECDSA FP ECC: fix corner case
...
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
- copying the table point into the result,
- setting z-ordinate to Montgomery form of 1,
- double the result point in place.
2021-05-28 13:06:20 +10:00
3deb635155
skip memory callback tests with STATIC_MEMORY and LINUXKM
2021-05-27 14:46:45 -07:00
7a98c517e4
Fixes for some -pedantic errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
252971aad7
better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value
2021-05-27 17:27:15 +07:00
4e88521a90
SP C ECC: mont sub - always normalize after sub before check for add
2021-05-27 11:08:05 +10:00
6bf9a887e1
ECC FP: cached doesn't work when order has more bits than prime
...
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
2021-05-27 09:53:03 +10:00
1fe445368c
Merge pull request #4069 from guidovranken/zd12349
...
Several ASN decoder fixes
2021-05-26 16:13:54 -07:00
1fbc3dc2d4
Heap-allocate additional CertStatus structs in DecodeResponseData
2021-05-26 21:41:47 +02:00
cfef249041
Several ASN decoder fixes
...
See ZD 12349
2021-05-26 20:15:32 +02:00
88370285cc
Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8
...
encrypted key.
2021-05-26 10:48:14 -07:00
5e4e73d6e9
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER,
...
PKCS#8-formatted key.
There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
2021-05-26 10:48:11 -07:00
8bf2cbf55e
Fix for NXP LTC to not modify incoming math variables (use temp). Added build option for testing/validation of the LTC math operation.
2021-05-26 10:30:47 -07:00
0d3530b45d
Cleanup NXP LTC logic.
2021-05-25 16:49:58 -07:00
c59349c7a7
Fix for ecc_map, which is handled in hardware. Fix for NXP LTC mp_mul N value. Fix for MMCAU cast warnings.
2021-05-25 15:58:22 -07:00
63ac9decfc
Added error response checking for NXP LTC LTC_PKHA_ModMul. Isolated the result C to it's own variable.
2021-05-25 15:58:22 -07:00
9453f83d28
Fix bad logic flow in WC_NO_RNG case.
2021-05-25 15:58:22 -07:00
64ae0a827c
Fixes for RSA with NXP LTC. The invmod function must reduce if A > B. Added RSA Key Generation acceleration.
2021-05-25 15:58:22 -07:00
360d6c8a4f
Additional fix for Base64_SkipNewline
2021-05-26 00:25:27 +02:00
7127dbeeec
fixes for gcc 11 compile and other whitespace
2021-05-25 12:34:04 -07:00
e1bc0c4447
EVP AES-GCM Streaming: must free Aes
...
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
b7663a51b4
Fix length calculations in Base64_SkipNewline
...
ZD 12328
2021-05-25 03:52:16 +02:00
956a0f2b5f
Merge pull request #3931 from julek-wolfssl/dsa-engine
...
Add more DSA parameters support
2021-05-24 14:57:02 -06:00
Daniele Lacamera
Sean Parkinson
Elms
Jacob Barthelmeh
David Garske
Guido Vranken
TakayukiMatsuo
Andreas Steffen
kaleb-himes
John Safranek
Hayden Roche
Chris Conlon