wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 18:02:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,979 Commits 12 Branches 184 Tags
v4.5.0-stable
Commit Graph

11979 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
toddouska
0fa5af9929 Merge pull request #3224 from ejohnstown/release-update 
Release v4.5.0 Supplement
v4.5.0-stable 		2020-08-20 09:34:58 -07:00
John Safranek
05671d183c update README/ChangeLog 2020-08-19 10:53:26 -07:00
Sean Parkinson
549c47de65 Handle when k is 1 or order + 1 for timing resistant ECC 2020-08-19 10:50:37 -07:00
John Safranek
362e328180 NTRU fixes 
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
 2020-08-19 10:46:03 -07:00
David Garske
1f10e77b0f Fix for SP math with WOLFSSL_VALIDATE_ECC_KEYGEN. Fixes logic error on point x/y zero check. 2020-08-19 09:30:32 -07:00
John Safranek
55632a0567 Two more out of order DTLS message fixes. 2020-08-18 17:54:25 -07:00
Sean Parkinson
38b717eb42 Clear MP in ECC to free allocated memory 2020-08-18 17:54:25 -07:00
John Safranek
113753370d Long Test Fixes 
1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead.
2. Few misc fixes in ECC.
 2020-08-18 17:54:25 -07:00
John Safranek
6e49a63e50 fix call to MakeAnyCert from wc_MakeNtruCert(); it was missing the new parameter 2020-08-17 17:12:11 -07:00
John Safranek
c1090cff3f update rpm-spec.in 2020-08-17 14:42:20 -07:00
toddouska
028bddd7ab Merge pull request #3215 from ejohnstown/release-4.5.0 
Release Update
 2020-08-17 13:51:23 -07:00
John Safranek
5c6da52ac1 Update release notes. 2020-08-17 09:20:53 -07:00
Sean Parkinson
cb5d6a5c12 Check ECC scalar before multiplication 
A k with more bits than in order doesn't work in ECC scalar
multiplication.
Check private key length in wc_ecc_check_key()
Check private key length in ecc_make_pub_ex()
 2020-08-17 08:39:39 -07:00
John Safranek
3be7f3ea3a Reject DTLS application data messages in epoch 0 as out of order. 2020-08-14 17:21:39 -07:00
John Safranek
ef5271dd9f fips-check script shouldn't force FIPS-ready build to be v2. 2020-08-14 14:31:50 -07:00
John Safranek
3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
John Safranek
1dc0a76436 Patch from Jacob. When parsing a certificate name, if an item is unknown, its NID is set to 0. Don't try to add NID's of 0. 2020-08-13 17:01:26 -07:00
John Safranek
e16496512e Merge pull request #3216 from SparkiDev/rel_fixes_1 
Fixes from C++ and address access checking
 2020-08-13 15:32:16 -07:00
John Safranek
7e6863e78b resolving build issues for FIPSv2 OE2 with --enable-opensslextra 2020-08-13 13:24:44 -07:00
John Safranek
64084bcba2 Add a void to the empty parameter list for the function wolfSSL_SESSION_new(). 2020-08-13 13:18:29 -07:00
Sean Parkinson
bc74bfebdd Fixes from C++ and address access checking 
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
 2020-08-13 15:19:49 +10:00
John Safranek
ceed98b952 Modify the openssl test script to run the openssl commands in an eval. 2020-08-12 16:59:10 -07:00
John Safranek
3bd27f7912 fix a bad path in renewcerts 2020-08-12 15:17:21 -07:00
John Safranek
95337e666c Release Update 
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
 2020-08-12 14:43:47 -07:00
John Safranek
e30341ea83 Merge pull request #3190 from embhorn/zd10712 
Sanity check key sizes
 2020-08-12 09:37:40 -07:00
toddouska
21ed05b85e Merge pull request #3214 from dgarske/snifferFreeFix 
Fix for SSL sniffer free to properly cleanup globals
 2020-08-11 20:27:09 -07:00
toddouska
fa146870bd Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
toddouska
532c2f50e8 Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d 
Implement more OpenSSL compatibility functions
 2020-08-11 15:01:41 -07:00
David Garske
65bcc03885 Fix for SSL sniffer free to properly cleanup globals (resolves issue with then calling ssl_InitSniffer -> ssl_FreeSniffer then ssl_InitSniffer again). ZD 10757. 2020-08-11 14:07:32 -07:00
toddouska
1681ed1b85 Merge pull request #3211 from cconlon/jniconfig 
Update "enable-jni" option for current JSSE requirements
 2020-08-11 12:39:54 -07:00
Jacob Barthelmeh
5cede22d1e wait to set size till after sanity check 2020-08-11 12:59:01 -06:00
Daniel Pouzzner
e4fe6b6573 Merge pull request #3210 from dgarske/rsa_checkkey_sp 
Fix for `unit.test` error with SP and RSA 1024-bit key gen
 2020-08-11 12:00:41 -05:00
toddouska
87a00df2ea Merge pull request #3118 from julek-wolfssl/aead-only-fix 
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
 2020-08-11 09:33:47 -07:00
toddouska
4e6bc02257 Merge pull request #2982 from SparkiDev/ecc_sc 
ECC now calls mp_submod_ct and mp_addmod_ct
 2020-08-11 09:26:56 -07:00
JacobBarthelmeh
8b7f588aaf Merge pull request #3108 from SparkiDev/openssl_interop 
Update OpenSSL interopability testing
 2020-08-11 09:42:43 -06:00
Juliusz Sosinowicz
6e14b224da Add NULL check in wolfSSL_EC_POINT_invert 2020-08-11 10:11:48 +02:00
Sean Parkinson
93cdfd7132 Update OpenSSL interopability testing 
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
 2020-08-11 16:44:45 +10:00
Sean Parkinson
6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
Sean Parkinson
3ce933c90a Make fp_montgomery_reduce constant time 2020-08-11 16:12:10 +10:00
Sean Parkinson
0102902445 Add and use a mp_cmp_mag that is constant time. 2020-08-11 16:12:10 +10:00
Sean Parkinson
8b05160349 Reworked ECC mulmod and fix size of k 
When using wc_ecc_mulmod_ex2(), the k size can be fixed to be one bit
longer than order.
 2020-08-11 16:12:10 +10:00
Sean Parkinson
9ef9671886 ECC uses CT vers of addmod, submod and div_2_mod 
The TFM implementations of mp_submod_ct, mp_addmod_ct,
mp_div_2_mod_t are more resilient to side-channels.
 2020-08-11 16:12:10 +10:00
toddouska
4f30e37094 Merge pull request #3074 from julek-wolfssl/dtls-multiple-app-records 
Handle 2+ dtls APP data records in one udp packet
 2020-08-10 14:52:04 -07:00
toddouska
242df3d11a Merge pull request #3209 from SparkiDev/jenkins_fixes_1 
Fixes from Jenkins failures
 2020-08-10 14:30:27 -07:00
toddouska
98b4272e5b Merge pull request #3202 from ejohnstown/abi-server 
ABI Update for Server
 2020-08-10 14:25:05 -07:00
David Garske
26aaf473db Fix for unit.test error with RSA 1024-bit key gen when using ./configure --enable-keygen --enable-sp. Issue started in PR #3119 2020-08-10 12:40:29 -07:00
Juliusz Sosinowicz
a50affb408 Malloc enough space 2020-08-10 16:08:46 +02:00
Eric Blankenhorn
50647ccdb1 Sanity check key sizes 2020-08-10 07:19:33 -05:00
Juliusz Sosinowicz
ef4b29ebc7 Jenkins fixes 2020-08-10 12:49:18 +02:00
Juliusz Sosinowicz
55d4817956 Jenkins fixes 2020-08-10 12:39:16 +02:00