wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-04 06:10:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,260 Commits 13 Branches 184 Tags
ebca451c93a4086ae936d9dfbfbaf8a0457be4a7
Commit Graph

4151 Commits

Author SHA1 Message Date
David Garske c587ff72d2 Fix for occasional unit.test failure in test_wolfSSL_EVP_PKEY_derive. 2020-08-31 14:04:51 -07:00
David Garske e9b1ceae7e Merge pull request #3255 from tmael/big_endian 
Make ByteReverseWords available for big and little endian
 2020-08-31 07:34:50 -07:00
Sean Parkinson 54c8774103 ChaCha20: Enable streaming with Intel x86_64 asm 2020-08-31 09:06:51 +10:00
Sean Parkinson 91c131fbd8 Curve448: fix 32-bit implementation 
Fix small define check
 2020-08-31 09:05:06 +10:00
Daniel Pouzzner 9c76f19625 GetASNInt(): check for invalid padding on negative integer. 2020-08-28 12:43:21 -05:00
David Garske 94b0dcb7e9 Peer review feedback to add explicit parenthesis on cast. 2020-08-27 16:18:54 -07:00
David Garske 0d2e37cc42 Fixes for several implicit cast warnings. ZD 10848. 2020-08-27 13:51:55 -07:00
David Garske 21d17b17d0 Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test. 2020-08-27 12:01:24 -07:00
David Garske 32b46e344d Fix for ECC curve cache without custom curves enabled. 2020-08-27 11:18:55 -07:00
David Garske 9af0e5528e New openssl_test return code checking requires fix from PR #3243. 2020-08-26 10:22:00 -07:00
Tesfa Mael b90acc91d0 Make ByteReverseWords available for big and little endian 2020-08-26 10:13:06 -07:00
David Garske 6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test. 2020-08-26 09:45:26 -07:00
David Garske 5c76afc41c Fix for SHA256 missing initialization of small stack cache variable. Fixes issue with Intel ASM and WOLFSSL_SMALL_STACK_CACHE 2020-08-26 09:44:32 -07:00
David Garske 3878af96cd Fix for SP init and free with HAVE_WOLF_BIGINT. Fix for sp_free macro typo. Fix to expose mp_init_copy with ECC disabled because its used by mp_test. 2020-08-26 09:42:29 -07:00
David Garske 14e1489365 Fix for SRP leaks with WOLFSSL_SMALL_STACK_CACHE 2020-08-26 09:41:09 -07:00
Jacob Barthelmeh bc58dde700 fix for serial number containing 0's and for RNG fail case 2020-08-26 00:03:39 -06:00
Sean Parkinson 3a25faea60 AES-CBC check for input size of 0 
Don't need to do anything when size is 0.
 2020-08-25 13:36:45 +10:00
toddouska d077efcbb3 Merge pull request #3237 from SparkiDev/mp_oob_1 
Fix out of bounds read when writing to very long buffer
 2020-08-24 15:28:00 -07:00
toddouska c5cab6afba Merge pull request #3236 from dgarske/retcheck 
Various fixes and improvements (return codes, build warns and func doc)
 2020-08-24 15:27:04 -07:00
toddouska 7e6100593e Merge pull request #3223 from SparkiDev/fp_gcd_fix 
Check the error return from fp_mod in fp_gcd
 2020-08-24 15:24:20 -07:00
toddouska cf208901fd Merge pull request #3218 from guidovranken/wc_PKCS12_PBKDF_ex-leak-fix 
In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails
 2020-08-24 15:23:47 -07:00
David Garske 47cc8d232a Fix in ED448 wc_ed448_check_key function for possible dereference of a null pointer. 2020-08-24 07:31:06 -07:00
Sean Parkinson 4f44df96dc MP: integer OOB write fix 
mp_to_unsigned_bin_len() now checks length passed in is greater than or
equal length to write.
 2020-08-24 22:48:52 +10:00
Sean Parkinson 955a53dce3 Ed448: Fix compiler warning Intel -m32 2020-08-24 16:29:48 +10:00
Sean Parkinson e30361e186 Fix out of bounds read when writing to very long buffer 
mp_to_unsigned_bin_len() didn't handle buffers longer than maximum MP
size. Fixed tfm and sp_int versions.
 2020-08-24 09:18:07 +10:00
David Garske 083f143c89 Fixes for warnings with minimum ECC build. 2020-08-21 15:47:02 -07:00
David Garske fd2aece058 Fix for building ECC_CACHE_CURVE without WOLFSSL_CUSTOM_CURVES. 2020-08-20 16:16:18 -07:00
David Garske dd517fd81c Fixed several compiler warnings with inline variable declaration, deprecated func decl and small stack use of invaid memory (heap). Thanks @douzzer for these. 2020-08-20 15:13:43 -07:00
David Garske 92cf0d7b10 Fix numerous maybe-uninitialized errors in WOLFSSL_SP_SMALL and WOLFSSL_SMALL_STACK cases. 2020-08-20 15:05:20 -07:00
David Garske 25f9d15980 Fix for benchmark example when using the ECC encrypt (--enable-eccencrypt) and timing resistance. New timing resistance RNG requirements for ECC Shared Secret. 2020-08-20 14:25:06 -07:00
David Garske 1d55b2f526 Fixes for several memory leaks related to HAVE_WOLF_BIGINT. 2020-08-20 14:25:06 -07:00
David Garske 79c0fd3f29 Fix for ECC make key test not waiting for async completion. 2020-08-20 14:25:05 -07:00
David Garske 0011b7b376 Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with wc_DhKeyDecode and WOLFSSL_DH_EXTRA. Fix leak in dh_test with new call to DH key import. 2020-08-20 14:25:05 -07:00
Sean Parkinson 549c47de65 Handle when k is 1 or order + 1 for timing resistant ECC 2020-08-19 10:50:37 -07:00
David Garske 1f10e77b0f Fix for SP math with WOLFSSL_VALIDATE_ECC_KEYGEN. Fixes logic error on point x/y zero check. 2020-08-19 09:30:32 -07:00
Sean Parkinson 38b717eb42 Clear MP in ECC to free allocated memory 2020-08-18 17:54:25 -07:00
John Safranek 113753370d Long Test Fixes 
1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead.
2. Few misc fixes in ECC.
 2020-08-18 17:54:25 -07:00
Sean Parkinson 3a7ad4f03b Check the error return from fp_mod in fp_gcd 
Error can occur when using small stack and memory allocation fails.
 2020-08-19 08:50:27 +10:00
John Safranek 6e49a63e50 fix call to MakeAnyCert from wc_MakeNtruCert(); it was missing the new parameter 2020-08-17 17:12:11 -07:00
toddouska 028bddd7ab Merge pull request #3215 from ejohnstown/release-4.5.0 
Release Update
 2020-08-17 13:51:23 -07:00
Sean Parkinson cb5d6a5c12 Check ECC scalar before multiplication 
A k with more bits than in order doesn't work in ECC scalar
multiplication.
Check private key length in wc_ecc_check_key()
Check private key length in ecc_make_pub_ex()
 2020-08-17 08:39:39 -07:00
John Safranek 3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
John Safranek 1dc0a76436 Patch from Jacob. When parsing a certificate name, if an item is unknown, its NID is set to 0. Don't try to add NID's of 0. 2020-08-13 17:01:26 -07:00
John Safranek 7e6863e78b resolving build issues for FIPSv2 OE2 with --enable-opensslextra 2020-08-13 13:24:44 -07:00
Guido Vranken 087fa7cbec In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails 2020-08-13 19:22:36 +02:00
Sean Parkinson bc74bfebdd Fixes from C++ and address access checking 
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
 2020-08-13 15:19:49 +10:00
John Safranek e30341ea83 Merge pull request #3190 from embhorn/zd10712 
Sanity check key sizes
 2020-08-12 09:37:40 -07:00
toddouska fa146870bd Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
Daniel Pouzzner e4fe6b6573 Merge pull request #3210 from dgarske/rsa_checkkey_sp 
Fix for `unit.test` error with SP and RSA 1024-bit key gen
 2020-08-11 12:00:41 -05:00
Sean Parkinson 6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00