wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 10:22:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,466 Commits 12 Branches 184 Tags
ebde736ee742e2152268289b2d286077ff951ea7
Commit Graph

4242 Commits

Author SHA1 Message Date
Sean Parkinson
ebde736ee7 Merge pull request #3400 from ejohnstown/dh-fix 
DH Fix
 2020-10-20 11:45:18 +10:00
Takashi Kojo
a87f7c9185 cipher_tbl for EVP_get_cipherbyname 2020-10-19 06:17:15 +09:00
John Safranek
4f8c2b971f Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero. 2020-10-17 19:07:44 -07:00
John Safranek
4364700c01 DH Fix 
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
 2020-10-16 15:35:23 -07:00
David Garske
9793414d78 Merge pull request #3381 from SparkiDev/ecc_ct_fix 
ECC mulmod: some curves can't do order-1
 2020-10-15 14:46:46 -07:00
toddouska
f69fa13e02 Merge pull request #3357 from guidovranken/StoreECC_DSA_Sig-fix 
Improve StoreECC_DSA_Sig bounds checking
 2020-10-14 16:53:46 -07:00
toddouska
026ba4e750 Merge pull request #3368 from dgarske/zd11057 
Fix for possible malformed encrypted key with DES3 causing negative length
 2020-10-14 15:32:48 -07:00
toddouska
3f4bf9144b Merge pull request #3366 from SparkiDev/pkcs11_lookup 
PKCS #11: improve key lookup
 2020-10-14 14:22:56 -07:00
David Garske
b68828d3c9 Merge pull request #3361 from tmael/ocsp-nocheck 
Add support for id-pkix-ocsp-nocheck
 2020-10-13 15:46:02 -07:00
Sean Parkinson
f0db2c177e ECC mulmod: some curves can't do order-1 
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
 2020-10-13 09:55:35 +10:00
David Garske
de6164df5a Merge pull request #3382 from ejohnstown/aes-clear 
AES Clear Temp
 2020-10-12 15:17:00 -07:00
David Garske
4396e10500 Merge pull request #3379 from ejohnstown/mfix 
Maintenance Fixes
 2020-10-12 14:53:56 -07:00
Chris Conlon
2a1efda140 Merge pull request #3380 from kojo1/mqx 
minor fix for MQX, Kinetis
 2020-10-12 14:03:20 -06:00
John Safranek
5ead4386b3 AES Clear Temp 
ForceZero()'ed a couple local variables that have keying material at some point.
 2020-10-12 10:30:34 -07:00
Tesfa Mael
a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
Takashi Kojo
ce97eadae1 fix for MQX 2020-10-11 06:57:33 +09:00
John Safranek
aeeeb666a7 Maintenance Fixes 
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
   changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
   variable getting the output in decodedCertCache_test().
 2020-10-09 15:01:32 -07:00
Daniel Pouzzner
29d4de6307 fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244. 2020-10-09 12:42:14 -05:00
Daniele Lacamera
9cb2c9f1ac Fixed SHA256 support for IMX-RT1060 2020-10-09 13:36:53 +02:00
toddouska
8bc3d33c4e Merge pull request #3360 from SparkiDev/ecc_safe_add 
ECC add points: more cases where add point is a double or infinity
 2020-10-08 14:55:04 -07:00
toddouska
f0c5fb76bb Merge pull request #3359 from ejohnstown/tfm-read-radix-16 
TFM Read Radix 16 OOB Read
 2020-10-08 14:52:42 -07:00
toddouska
c69e9927fa Merge pull request #3354 from SparkiDev/mac_arm_asm_2 
ARM ASM ChaCha20: Fix calc of left over bytes
 2020-10-08 14:49:33 -07:00
toddouska
6b4b92a549 Merge pull request #3356 from embhorn/zd11044 
Allow wolfSSL_EVP_get_hashinfo with x509small
 2020-10-08 14:48:28 -07:00
David Garske
d33d100526 Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057 2020-10-08 13:07:07 -07:00
kaleb-himes
d9eaeb4a3b Fix NTRU + QSH build 2020-10-08 09:13:00 -06:00
Sean Parkinson
15aa0a2f8c PKCS #11: improve key lookup 
Refactor the find key by template to eliminate duplicate code.
Improve documentation.
Add more informative debugging information.
 2020-10-08 13:36:30 +10:00
Sean Parkinson
4f6c1db9a2 Merge pull request #3355 from douzzer/enable-more-all 
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
 2020-10-08 09:52:56 +10:00
Sean Parkinson
257551b134 ECC add points: more cases where add point is a double or infinity 
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
 2020-10-08 09:26:10 +10:00
John Safranek
413b0d171d TFM Read Radix 16 OOB Read 
Change the location of the update of the write index when in
fp_read_radix_16(). It will do multiple writes into a word, and update
the index when the word is full and there is more to write. If there
isn't more to write, the index isn't incremented. This ensures the used
value in the mp_digit is correct, and not off-by-one when the last word
is full.
 2020-10-06 17:03:03 -07:00
Guido Vranken
4c5c1d5dac Improve StoreECC_DSA_Sig bounds checking 2020-10-06 23:11:50 +02:00
Eric Blankenhorn
6bc34cb1a8 Allow wolfSSL_EVP_get_hashinfo with x509small 2020-10-06 11:18:08 -05:00
Daniel Pouzzner
7fb8457459 fix whitespace. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner
70474659a0 wc_ShaFinal(): remove superfluous ret=0 when WOLF_CRYPTO_CB, complained by PRB-scan-build-distro-check. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner
79978f5c7a ecc_check_pubkey_order(): add missing braces. 2020-10-01 14:38:26 -05:00
Daniele Lacamera
cec3d542d1 Rework of DCP after reviewer's comments. 
- using wolfSSL_CryptHwMutexLock/UnLock as DCP mutex.
- fixed AES Free
- using separate per-channel key store
 2020-10-01 11:36:03 -07:00
Daniele Lacamera
ce62f46442 Fixed comments 2020-10-01 11:36:03 -07:00
Daniele Lacamera
9244bbbf83 NXP-DCP: Fixed AES-GCM setkey; added AES direct. 2020-10-01 11:36:03 -07:00
Daniele Lacamera
05098f7ab8 Reentrant DCP driver. DCP protected by mutex. 2020-10-01 11:36:03 -07:00
Daniele Lacamera
a07f9ded63 Added support for NXP DCP (i.MX-RT series) 2020-10-01 11:36:03 -07:00
toddouska
9bfe4f1fb2 Merge pull request #3341 from SparkiDev/fp_sqr_size 
TFM mp_sqr: error on number overflow
 2020-09-30 10:35:01 -07:00
Sean Parkinson
f76165a3fa ARM ASM ChaCha20: Fix calc of left over bytes 2020-09-30 15:57:33 +10:00
Sean Parkinson
a1991da458 TFM mp_sqr: error on number overflow 
Change mp_sqr to return an error if the result won't fit into the fixed
length dp.
 2020-09-30 08:54:20 +10:00
toddouska
fc988ad3e7 Merge pull request #3325 from julek-wolfssl/openssl-compat-aes-gcm-2-part-aad 
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM  so that whole value is hashed
 2020-09-29 13:46:44 -07:00
Sean Parkinson
66ed9b1522 ARM asm: fixes for compiling on Mac and ChaCha20 streaming 
Don't set the CPU to generic on Mac.
Implement streaming for ChaCha20.
 2020-09-29 13:38:02 +10:00
Sean Parkinson
46b9531bec Merge pull request #3345 from dgarske/sp_spell 
Fix spelling error and sync with latest scripts
 2020-09-29 08:46:52 +10:00
David Garske
30a74e0597 Merge pull request #3343 from ejohnstown/test-ecc521 
Test ECC-521 Only
 2020-09-28 14:06:42 -07:00
Juliusz Sosinowicz
07f6c19156 Update EVP_CIPHER to handle multi-part AAD 2020-09-28 20:42:23 +02:00
David Garske
a85c93e44a Fix spelling error and sync with latest scripts. 2020-09-28 10:41:31 -07:00
John Safranek
dbf18b8532 Test ECC-521 Only 
Update benchmark and wolfcrypt test to support using only ECC-521 in a custom curve list.
 2020-09-28 09:22:24 -07:00
Sean Parkinson
b61b3e34dd SP ARM64: Fix assembly for clang 
clang doesn't auto correct size of register (declared byte n but 64-bit
usage)
clang doesn't always handle use of x29 (FP or Frame Pointer) in inline
assembly code correctly - reworked sp_2048_sqr_8 to not use x29.
 2020-09-28 12:35:58 +10:00