wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 05:22:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,063 Commits 12 Branches 184 Tags
v3.9.0
Commit Graph

559 Commits

Author SHA1 Message Date
Jacob Barthelmeh
e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
toddouska
10e74f7200 Merge pull request #353 from dgarske/EccUnsignedSizeCheckFix 
Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT…
 2016-03-17 10:50:01 -07:00
David Garske
19967dd264 Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT_MAX (based on -1) resulting in invalid index to an array. Added test case for this if FP_ECC is defined. 2016-03-17 09:39:10 -07:00
toddouska
46a01c29d8 Merge pull request #350 from JacobBarthelmeh/master 
check for invalid RSA OAEP with SHA512 test case
 2016-03-16 16:25:13 -07:00
Jacob Barthelmeh
2dd5efd969 sanity check for RSA key size and hash digest size 2016-03-16 15:25:52 -06:00
Jacob Barthelmeh
4c3ddac23c catch invalid test case of RSA-OAEP and fix cast 2016-03-16 14:51:25 -06:00
David Garske
0683ecb727 Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround. 2016-03-16 09:41:19 -07:00
David Garske
f0ea9d747f Fix possible positive return value for random_rng_test. Removed reference to nrf51_aes_decrypt, which is not supported, and added compile error for it. Corrected ecc_test_raw_vector return code checking. Cleanup in InitMemoryTracker. 2016-03-15 18:33:24 -07:00
David Garske
bf058ef1b9 Fixed Jenkins error reports for mem_track msg, incorrect #ifdef in aes_test and ecc_test_raw_vector response code checking. Fixed C89 compliance with wc_AesSetKey. Fixed nrf_drv_rng_init response checks in RNG code. Reverted comment change in AES. Fixed nRF51 AES CBC Encrypt support. Added response code checking for nrf51_aes_set_key. 2016-03-15 17:18:03 -07:00
David Garske
a38183b816 Port for Nordic nRF51 RNG, RTC and AES. Added RNG test for wc_RNG_GenerateBlock 0's check even if HAVE_HASHDRBG is enabled. Added NIST test vectors for ECC P-256, P-384 and P-521. Added helpful debug message in ECC import if issue finding ecc_sets[] for curve. Moved memory tracker into separate file and added support for it to wolfcrypt test and benchmark. Added Ed255519/Curve25519 options for granular control of sign, verify, shared secret, import and export. Added AES options for max key size (AES_MAX_KEY_SIZE), no decrypt (NO_AES_DECRYPT) and no CBC (NO_AES_CBC). 2016-03-15 13:58:51 -07:00
Jacob Barthelmeh
db758dc98b update test script, fall back to cert name search, fix der free 2016-03-12 09:37:32 -07:00
Jacob Barthelmeh
060e278559 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs 2016-03-11 23:48:39 -07:00
Jacob Barthelmeh
3976a3e2f2 K64F RNGA register 2016-03-10 14:35:55 -07:00
Jacob Barthelmeh
6e1c5b3801 disable CERT_EXT policies check when SEP is used instead 2016-03-09 17:22:38 -07:00
David Garske
8e8ee45828 LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System). 2016-03-08 08:35:28 -08:00
David Garske
b549c81337 Fix the WOLFSSL_SEP (--enable-sep) build scenario where extCertPoliciesNb is not available. 2016-03-07 14:49:24 -08:00
David Garske
05fb648747 Remove white-space. 2016-03-07 14:33:22 -08:00
David Garske
9b79d8643e Added checks for total length and the cert policy OID len to make sure they don't exceed buffer. 2016-03-07 14:20:37 -08:00
David Garske
dee3645c4e Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing. Bug had to do with parsing when OID contains multiple items such as example 2 below. The wolfssl.com server key now contains a URL in the certificate policy "https://secure.comodo.com/CPS0", which wasn't being parsed over correctly. Also cleanup to use loop instead of duplicate code. 
Example 1:
30 12
30 06 06 04 55 1D 20 00
30 08 06 06 67 81 0C 01 02 01

Result:
2.5.29.32.0
2.23.140.1.2.1

Example 2:
30 46
30 3A 06 0B 2B 06 01 04 01 B2 31 01 02 02 07
   30 2B 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53
30 08 06 06 67 81 0C 01 02 01

Result:
1.3.6.1.4.1.6449.1.2.2.7
2.23.140.1.2.1
 2016-03-07 13:40:25 -08:00
Jacob Barthelmeh
05d2cec7c1 addition to api tests and refactor location of trusted peer cert check 2016-03-02 11:35:03 -07:00
Jacob Barthelmeh
7df22ee210 Trusted peer certificate use 2016-03-02 11:22:34 -07:00
toddouska
0c45a7a028 Merge pull request #317 from dgarske/DerBufferRefactor 
Refactor of the DER buffer handling
 2016-02-25 09:35:50 -08:00
kaleb-himes
16dac5597f prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ 2016-02-24 16:08:54 -07:00
kaleb-himes
4858a65984 Always execute wc_InitRsaKey if we are always going to execute wc_FreeRsaKey 2016-02-24 14:42:07 -07:00
David Garske
731e13ecf2 Fixes issue with building crypt benchmark with only ED/Curve25519 enabled with static rng missing. 2016-02-22 16:46:13 +01:00
David Garske
3fe5ee1a7c Refactor of the DER buffer handling. Added new DerBuffer struct that includes the type and heap ptr. Added new InitDer, AllocDer and FreeDer functions. Cleanup of some missing "heap" args on XMALLOC/XFREE. In FreeDer uses ForceZero if type is private key. 2016-02-18 22:42:15 -08:00
kaleb-himes
24d93c90cd update for configure option --disable-sha 2016-02-16 12:03:37 -07:00
toddouska
3d8f91d418 Merge pull request #302 from dgarske/EccOnlyNoSignVerify 
New ECC and ASN build options for reduce build size options
 2016-02-15 12:13:43 -08:00
JacobBarthelmeh
7de352a0e9 Merge pull request #311 from dgarske/FixSkipObjectIdWarn 
Fixes warning with SkipObjectId defined but not used.
 2016-02-12 15:04:04 -07:00
David Garske
a969dd8efd Fixed "error: unused function 'StoreRsaKey'" with NO_ASN_TIME and RSA enabled. 2016-02-12 13:19:58 -08:00
David Garske
aeaac15682 Fixed compile errors in signature.c if ECC on but ECC sign/verify disabled. Added new NO_ASN_TIME option to reduce ASN size for space constrained or missing RTC. Added check to make sure ASN is enabled if ECC sign/verify is enabled. 2016-02-12 13:16:39 -08:00
David Garske
f328c6bdf7 Fixes warning with SkipObjectId defined but not used. 2016-02-12 12:34:22 -08:00
David Garske
08c663a4ac Added new CUSTOM_RAND_GENERATE_BLOCK option that allows override and disabling of the HASHDRBG for customers who have a HW RNG they would like to use instead. 
Examples:
"./configure --disable-hashdrbg CFLAGS="-DCUSTOM_RAND_GENERATE_BLOCK= custom_rand_generate_block".
OR
/* RNG */
//#define HAVE_HASHDRBG
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
 2016-02-12 11:59:51 -08:00
David Garske
4872f2bc33 Added the following ECC optional config defines: HAVE_ECC_SIGN, HAVE_ECC_VERIFY, HAVE_ECC_DHE, HAVE_ECC_KEY_IMPORT and HAVE_ECC_KEY_EXPORT. Still working through issues with using ECC sign/verify with ASN disabled. Added documentation to top of ecc.c for all the ECC define options. 2016-02-12 11:07:50 -08:00
David Garske
a83ff6aada Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds. 2016-02-10 13:03:53 -08:00
David Garske
8d0d5a3f90 Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify. 2016-02-10 08:53:09 -08:00
toddouska
014740eda0 Merge pull request #289 from dgarske/SigHashFixes 
Fixes/improvements to the signature and hash wrappers:
 2016-02-09 09:23:18 -08:00
David Garske
09615c01cc Updated the naming for the new encoding DER signature enum and function. 2016-02-08 12:04:38 -08:00
David Garske
cb3a9cc348 Removed the execute bit on all .c, .h, and .cs files. 2016-02-08 09:45:31 -08:00
David Garske
d5f410523a Fixed possible memory leak on signature wrapper ASN encode and corrected the maximum header size. Added new MAX_ENCODED_HEADER_SZ which is the maximum encoded ASN header size and update asn.c to use it. Added comment about key size sanity check. Renamed wc_SignatureRsaEncode to wc_SignatureAsnEncode. 2016-02-05 16:01:42 -08:00
David Garske
e031d2fa06 Removed the execute bit on all .c files. These were inadvertently set in PR #293 due to editing files through Windows VMWare shared folder. 2016-02-05 14:25:43 -08:00
JacobBarthelmeh
a4f1138e5b Merge pull request #293 from dgarske/WinWarnFixes 
Fixes several warnings that were seeing building with Visual Studio 2…
 2016-02-05 13:20:22 -07:00
JacobBarthelmeh
25959bfb62 Merge pull request #279 from dgarske/CustRandGenSeed_OSArg 
Added new CUSTOM_RAND_GENERATE_SEED_OS macro
 2016-02-05 11:18:18 -07:00
David Garske
be99fcff43 Fixed typo in wc_SignatureGetSize causing error. 2016-02-05 07:32:47 -08:00
dgarske
ee4b8b2f10 Merge pull request #291 from kaleb-himes/master 
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Added new NO_CRYPT_BENCHMARK define.
 2016-02-04 17:06:59 -08:00
toddouska
ae19b7a272 Merge pull request #290 from dgarske/PemPubKey_CertExt_Fixes 
Public key PEM to DER fixes
 2016-02-04 15:19:15 -08:00
David Garske
faf590eb22 Fix for "warning: Value stored to 'ret' is never read". Now explicitly set SIG_TYPE_E in each case. Fixed wc_SignatureGetSize so it will return SIG_TYPE_E for unsupported type scenario. 2016-02-04 12:49:39 -08:00
David Garske
bc059e12c2 Cleanup to remove trailing whitespace and convert tabs to spaces. 2016-02-04 12:31:08 -08:00
David Garske
be4c400d16 Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly. 2016-02-04 12:06:24 -08:00
David Garske
2257c1dcef Fixes several warnings that were seeing building with Visual Studio 2015. Also noticed issue with "struct Options" in internal.h for the bit flags that was causing split due to type difference (byte vs. word16). 2016-02-04 11:30:48 -08:00