Commit Graph

10599 Commits

Author SHA1 Message Date
JacobBarthelmeh e10ace21df Merge pull request #2690 from SparkiDev/sp_int_fixes_1
Fix SP to build for different configurations
2019-12-19 08:52:52 -07:00
Sean Parkinson 36f697c93d Fix SP to build for different configurations
Was failing:
  --enable-sp --enable-sp-math
  --enable-sp --enable-sp-math --enable-smallstack
2019-12-19 15:15:19 +10:00
toddouska 6922d7031c Merge pull request #2685 from embhorn/coverity_fixes
Coverity fixes
2019-12-18 14:06:48 -08:00
toddouska 531fedfbb4 Merge pull request #2687 from ejohnstown/dtls-cap
DTLS Handshake Message Cap
2019-12-18 13:50:52 -08:00
David Garske 031e78e103 Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019
Add dox documentation for wc_ecc_make_key_ex
2019-12-18 13:49:57 -08:00
toddouska 0057eb16f8 Merge pull request #2686 from ejohnstown/crl-skid
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska 573d045437 Merge pull request #2682 from SparkiDev/akid_name_check
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
David Garske c054293926 Merge pull request #2684 from JacobBarthelmeh/build-tests
fix for g++ build warning
2019-12-18 12:09:29 -08:00
Eric Blankenhorn 52893877d7 Fixes from review 2019-12-18 13:25:25 -06:00
John Safranek 6c6d72e4d6 Find CRL Signer By AuthKeyId
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
kaleb-himes 2607cf3429 Fix up based on peer feedback 2019-12-18 10:55:20 -07:00
toddouska 5a04ee0d8b Merge pull request #2640 from dgarske/alt_chain
Fixes for Alternate chain processing
2019-12-18 09:38:45 -08:00
toddouska b89121236f Merge pull request #2635 from dgarske/async_date
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska 74a8fbcff4 Merge pull request #2666 from SparkiDev/b64_dec_fix
Bade64_Decode - check out length (malformed input)
2019-12-18 09:30:41 -08:00
toddouska c2e5991b50 Merge pull request #2681 from ejohnstown/crl-skid
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Jacob Barthelmeh b5f645ea00 fix for g++ build warning 2019-12-18 10:01:52 -07:00
David Garske b126802c36 Clarify logic for skipping call to AddCA. 2019-12-18 06:04:26 -08:00
Sean Parkinson c1218a541b Check name hash after matching AKID
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
Sean Parkinson 6ccd146b49 Bade64_Decode - check out length (malformed input) 2019-12-18 17:06:58 +10:00
John Safranek ef6938d2bc DTLS Handshake Message CAP
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
2019-12-17 16:55:58 -08:00
toddouska 7e74d02da5 Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix
PKCS#12 PBKDF - maximum tmp buffer size
2019-12-17 16:48:08 -08:00
toddouska ff026efe49 Merge pull request #2670 from SparkiDev/dec_pol_oid_fix
DecodePolicyOID - check out index
2019-12-17 16:47:36 -08:00
toddouska 892e951c8a Merge pull request #2669 from SparkiDev/name_joi_fix
Decode X.509 name - check input length for jurisdiction
2019-12-17 16:46:30 -08:00
toddouska 435d4bf427 Merge pull request #2658 from SparkiDev/asn_date_check
Check ASN date characters are valid
2019-12-17 16:39:35 -08:00
toddouska f81ce71c25 Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
toddouska 06563ed3fa Merge pull request #2642 from SparkiDev/sp_exptmod
sp_int: support for more values in sp_exptmod
2019-12-17 16:36:12 -08:00
John Safranek 037c319bab Find CRL Signer By AuthKeyId
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:33:39 -08:00
toddouska feeb18600f Merge pull request #2636 from SparkiDev/mp_exptmod_fixes
Handle more values in fp_exptmod
2019-12-17 15:22:24 -08:00
toddouska 138377f30e Merge pull request #2641 from SparkiDev/sp_c32_lshift
Fix lshift in SP 32-bit C code - FFDHE
2019-12-17 15:17:17 -08:00
toddouska 5ee9f9c7a2 Merge pull request #2637 from SparkiDev/ecc_cache_resist
Improve wc_ecc_mulmod_ex cache attack resistance
2019-12-17 15:16:16 -08:00
toddouska 028d9e5443 Merge pull request #2634 from SparkiDev/pkcs7_libz_fix
Fix missing variable declaration
2019-12-17 15:13:13 -08:00
David Garske a176789f13 Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped. 2019-12-17 15:03:00 -08:00
toddouska 06e5e81b1b Merge pull request #2663 from embhorn/zd5050
Clarify wolfSSL_shutdown error on subsequent calls
2019-12-17 14:59:35 -08:00
Eric Blankenhorn 774a758f59 Fixes in test and example code 2019-12-17 15:56:40 -06:00
toddouska ab14a26be0 Merge pull request #2650 from dgarske/boot_tpm
Fix API visibility for ED25519 check key
2019-12-17 13:45:39 -08:00
David Garske e8594daab6 Merge pull request #2678 from tmael/night_valgrind
Fix memory leak detected with Valgrind
2019-12-17 09:11:30 -08:00
Tesfa Mael 88188b79e2 Fix mem leak 2019-12-16 18:03:11 -08:00
Sean Parkinson 8d7d2c74ee PKCS#12 PBKDF - maximum tmp buffer size
Use WC_MAX_BLOCK_SIZE - only an issue if PBKDF is using SHA-3
algorithms.
2019-12-17 09:56:08 +10:00
David Garske 8d8ab655fa Merge pull request #2671 from ejohnstown/maint-conf
Maintenance: Configure
2019-12-16 13:38:02 -08:00
Chris Conlon c0716b9e3f Merge pull request #2673 from Naruto/feature/fix_readme_miss
fix spell miss of zephyr README.md
2019-12-16 12:31:55 -07:00
Eric Blankenhorn af5c98a6a8 Fixes in wolfCrypt test 2019-12-16 10:22:42 -06:00
Naruto TAKAHASHI 7fbadeaa17 fix spell miss of zephyr README.md 2019-12-16 21:36:43 +09:00
Eric Blankenhorn 0bb8ae8564 Fixes for new defects in wolfCryot and wolfSSL (excluding test code) 2019-12-13 17:17:13 -06:00
David Garske f2115b2c2b Merge pull request #2652 from ejohnstown/maintenance-error
Maintenance: Error Strings
2019-12-13 15:03:32 -08:00
John Safranek 0348123261 Maintenance: Configure
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
2019-12-13 15:02:03 -08:00
Chris Conlon 1a594d92ba Merge pull request #2668 from ejohnstown/maintenance-scanbuild
Fixed a couple initialization issues scan-build indicated
2019-12-13 14:13:48 -07:00
Sean Parkinson 6a2975c742 DecodePolicyOID - check out index 2019-12-13 12:13:38 +10:00
Sean Parkinson b3cbab4bf3 Decode X.509 name - check input length for jurisdiction 2019-12-13 11:55:15 +10:00
John Safranek e7af2d2ba9 Fixed a couple initialization issues scan-build indicated. 2019-12-12 16:50:37 -08:00
John Safranek a3cc2aa6ff Merge pull request #2665 from kaleb-himes/ZD-9590-CCM-Benchmarking
Add CCM Decryption to benchmarking
2019-12-12 16:48:12 -08:00