wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 20:52:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,241 Commits 12 Branches 184 Tags
fb366f063efb45e1c61b12265e8ce693fcbcff95
Commit Graph

5034 Commits

Author SHA1 Message Date
Guido Vranken
fb366f063e Additional length check improvements in Base64_SkipNewline 2021-06-09 19:16:07 +02:00
Sean Parkinson
d8cd7cbee1 Merge pull request #4024 from kabuobeid/zd12245 
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
 2021-06-09 10:06:02 +10:00
Sean Parkinson
50dca86dcf Merge pull request #3878 from JacobBarthelmeh/ECC 
add deterministic k generation for ECC sign
 2021-06-09 09:47:19 +10:00
Sean Parkinson
32c215775a Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check 
ASN: Catch allocation failure in DecodeResponseData
 2021-06-09 09:38:53 +10:00
Sean Parkinson
70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX 
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
 2021-06-09 08:52:05 +10:00
David Garske
ae4af3c681 Merge pull request #4071 from SparkiDev/fp_ecc_long_order 
ECC FP: cached doesn't work when order has more bits than prime
 2021-06-08 12:17:04 -07:00
David Garske
54d13f63c1 Merge pull request #4067 from haydenroche5/pkcs8 
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
 2021-06-08 09:21:53 -07:00
David Garske
de70681229 Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1. 2021-06-08 08:41:36 -07:00
David Garske
61eae79f71 Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point 
ECDSA FP ECC: fix corner case
 2021-06-08 08:35:17 -07:00
David Garske
50e8509a36 Merge pull request #4037 from SparkiDev/prime_test_err_check 
TFM prime checking: check for more errors
 2021-06-08 08:06:37 -07:00
David Garske
9497c74283 Merge pull request #4081 from strongX509/master 
SHA3-based RSA signatures require SHA-3 hash OIDs
 2021-06-08 07:46:18 -07:00
Sean Parkinson
88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master 
OpenVPN additions and fixes
 2021-06-08 13:54:14 +10:00
Sean Parkinson
194b494741 Merge pull request #4034 from embhorn/zd12261 
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
 2021-06-08 12:15:30 +10:00
Sean Parkinson
b3352648dd Merge pull request #4097 from guidovranken/blake2-init-key-fixes 
Check return value in BLAKE2 key init functions
 2021-06-08 11:54:29 +10:00
Sean Parkinson
8ee1dda2f9 Merge pull request #4001 from dgarske/time_long 
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
 2021-06-08 11:17:55 +10:00
Sean Parkinson
23d733f837 Merge pull request #4063 from guidovranken/zd12328 
Fix length calculations in Base64_SkipNewline
 2021-06-08 10:55:15 +10:00
David Garske
3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing 
add strict check on signature length
 2021-06-07 11:02:02 -07:00
Guido Vranken
4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00
Jacob Barthelmeh
f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Guido Vranken
96b7b193d7 Check return value in BLAKE2 key init functions 
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
 2021-06-07 03:34:44 +02:00
Guido Vranken
bd7b57783d Remove excess space characters 2021-06-07 03:20:16 +02:00
Guido Vranken
1af3f482cb Catch allocation failure in ASNToHexString 2021-06-06 19:52:15 +02:00
Guido Vranken
76e0a8666b Catch allocation failure in DecodeResponseData 2021-06-06 03:12:53 +02:00
David Garske
5d33161032 Fixes for RSA keygen with SP (no DH). Thanks Sean. 2021-06-04 13:32:59 -07:00
Jacob Barthelmeh
c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
David Garske
21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
Jacob Barthelmeh
66c7acb076 add use of heap hint for malloc 2021-06-03 23:38:30 +07:00
Andreas Steffen
0caf3ba456 SHA3-based RSA signatures require SHA-3 hash OIDs 
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
 2021-06-01 22:02:23 +02:00
kaleb-himes
94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Jacob Barthelmeh
ab07c55609 check on hmac free and add else if case for check if key is 0's 2021-05-28 16:27:54 +07:00
Sean Parkinson
c69665b999 ECDSA FP ECC: fix corner case 
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
 - copying the table point into the result,
 - setting z-ordinate to Montgomery form of 1,
 - double the result point in place.
 2021-05-28 13:06:20 +10:00
Jacob Barthelmeh
252971aad7 better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value 2021-05-27 17:27:15 +07:00
Sean Parkinson
6bf9a887e1 ECC FP: cached doesn't work when order has more bits than prime 
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
 2021-05-27 09:53:03 +10:00
John Safranek
1fe445368c Merge pull request #4069 from guidovranken/zd12349 
Several ASN decoder fixes
 2021-05-26 16:13:54 -07:00
Guido Vranken
1fbc3dc2d4 Heap-allocate additional CertStatus structs in DecodeResponseData 2021-05-26 21:41:47 +02:00
Guido Vranken
cfef249041 Several ASN decoder fixes 
See ZD 12349
 2021-05-26 20:15:32 +02:00
Hayden Roche
88370285cc Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8 
encrypted key.
 2021-05-26 10:48:14 -07:00
Hayden Roche
5e4e73d6e9 Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, 
PKCS#8-formatted key.

There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
 2021-05-26 10:48:11 -07:00
Guido Vranken
360d6c8a4f Additional fix for Base64_SkipNewline 2021-05-26 00:25:27 +02:00
Sean Parkinson
e1bc0c4447 EVP AES-GCM Streaming: must free Aes 
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
 2021-05-25 15:57:09 +10:00
Guido Vranken
b7663a51b4 Fix length calculations in Base64_SkipNewline 
ZD 12328
 2021-05-25 03:52:16 +02:00
Chris Conlon
956a0f2b5f Merge pull request #3931 from julek-wolfssl/dsa-engine 
Add more DSA parameters support
 2021-05-24 14:57:02 -06:00
Chris Conlon
399ce70aba Merge pull request #4055 from JacobBarthelmeh/PKCS7 
set content type parsed
 2021-05-24 13:21:19 -06:00
Juliusz Sosinowicz
ceadb62d5b Add support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator 2021-05-20 21:07:50 +02:00
Jacob Barthelmeh
f4959cca8d set content type parsed 2021-05-21 01:42:10 +07:00
Sean Parkinson
c1490bb91a TFM: get returned error to act on 2021-05-18 14:30:26 +10:00
Sean Parkinson
ed3a0ae694 TFM prime checking: check for more errors 
Small stack can produce errors that were being ignored.
Checks for valid size in fp_exptmod was being ignored.
 2021-05-18 08:51:55 +10:00
David Garske
4a1907ae88 Merge pull request #3976 from rliebscher/Use_Renesas_RX_intrinsics_with_CC-RX_compiler 
Renesas RX: Use intrinsics for rot[rl], revl
 2021-05-17 11:05:01 -07:00
Daniele Lacamera
b09df89200 NXP DCP: add explicit casts 2021-05-17 10:35:00 +02:00
Sean Parkinson
740f200156 SP ASM: x86_64 asm files - protect with WOLFSSL_SP_X86_64_ASM 2021-05-14 09:22:41 +10:00