WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
10,612 Commits
4 Branches
160 Tags
400 MiB
Commit Graph

10612 Commits (3f13b49fa318fbd3216d7da36d942e7c276d3413)

Author SHA1 Message Date
toddouska 3f13b49fa3
Merge pull request #2695 from JacobBarthelmeh/Release 
prepare for release v4.3.0
 2019-12-20 11:10:34 -08:00
Jacob Barthelmeh e1433867ce fix for expected nightly config test report 2019-12-20 09:46:12 -07:00
Jacob Barthelmeh 5675a2b3c5 prepare for release v4.3.0 2019-12-20 08:43:34 -07:00
toddouska 45d55c8f38
Merge pull request #2676 from SparkiDev/sp_cortexm_perf 
Improve Cortex-M RSA/DH assembly code performance
 2019-12-19 15:03:59 -08:00
toddouska 51f956490f
Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes 
Cleanup ParseCertRelative code
 2019-12-19 11:03:56 -08:00
toddouska 3342a19e29
Merge pull request #2578 from cariepointer/ZD-9478-and-9479 
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
 2019-12-19 10:59:05 -08:00
David Garske 2aa8fa2de6
Merge pull request #2688 from kaleb-himes/GH2552 
use const to declare array rather than variable sz - VS doesn't like …
 2019-12-19 08:52:30 -08:00
JacobBarthelmeh e10ace21df
Merge pull request #2690 from SparkiDev/sp_int_fixes_1 
Fix SP to build for different configurations
 2019-12-19 08:52:52 -07:00
Sean Parkinson 36f697c93d Fix SP to build for different configurations 
Was failing:
  --enable-sp --enable-sp-math
  --enable-sp --enable-sp-math --enable-smallstack
 2019-12-19 15:15:19 +10:00
kaleb-himes 95c0c1f2a5 use const to declare array rather than variable sz - VS doesn't like this 2019-12-18 16:08:26 -08:00
Sean Parkinson 64a1045dc3 Cleanup ParseCertRelative code 
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
 2019-12-19 08:53:24 +10:00
toddouska 6922d7031c
Merge pull request #2685 from embhorn/coverity_fixes 
Coverity fixes
 2019-12-18 14:06:48 -08:00
toddouska 531fedfbb4
Merge pull request #2687 from ejohnstown/dtls-cap 
DTLS Handshake Message Cap
 2019-12-18 13:50:52 -08:00
David Garske 031e78e103
Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019 
Add dox documentation for wc_ecc_make_key_ex
 2019-12-18 13:49:57 -08:00
toddouska 0057eb16f8
Merge pull request #2686 from ejohnstown/crl-skid 
Check name hash after matching AKID for CRL
 2019-12-18 13:48:59 -08:00
toddouska 573d045437
Merge pull request #2682 from SparkiDev/akid_name_check 
Check name hash after matching AKID
 2019-12-18 13:08:19 -08:00
David Garske c054293926
Merge pull request #2684 from JacobBarthelmeh/build-tests 
fix for g++ build warning
 2019-12-18 12:09:29 -08:00
Eric Blankenhorn 52893877d7 Fixes from review 2019-12-18 13:25:25 -06:00
John Safranek 6c6d72e4d6
Find CRL Signer By AuthKeyId 
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
 2019-12-18 10:17:51 -08:00
kaleb-himes 2607cf3429 Fix up based on peer feedback 2019-12-18 10:55:20 -07:00
toddouska 5a04ee0d8b
Merge pull request #2640 from dgarske/alt_chain 
Fixes for Alternate chain processing
 2019-12-18 09:38:45 -08:00
toddouska b89121236f
Merge pull request #2635 from dgarske/async_date 
Fix for async date check issue
 2019-12-18 09:34:08 -08:00
toddouska 74a8fbcff4
Merge pull request #2666 from SparkiDev/b64_dec_fix 
Bade64_Decode - check out length (malformed input)
 2019-12-18 09:30:41 -08:00
toddouska c2e5991b50
Merge pull request #2681 from ejohnstown/crl-skid 
Find CRL Signer By AuthKeyId
 2019-12-18 09:29:17 -08:00
Jacob Barthelmeh b5f645ea00 fix for g++ build warning 2019-12-18 10:01:52 -07:00
David Garske b126802c36 Clarify logic for skipping call to AddCA. 2019-12-18 06:04:26 -08:00
Sean Parkinson c1218a541b Check name hash after matching AKID 
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
 2019-12-18 17:57:48 +10:00
Sean Parkinson 6ccd146b49 Bade64_Decode - check out length (malformed input) 2019-12-18 17:06:58 +10:00
John Safranek ef6938d2bc
DTLS Handshake Message CAP 
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
 2019-12-17 16:55:58 -08:00
toddouska 7e74d02da5
Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix 
PKCS#12 PBKDF - maximum tmp buffer size
 2019-12-17 16:48:08 -08:00
toddouska ff026efe49
Merge pull request #2670 from SparkiDev/dec_pol_oid_fix 
DecodePolicyOID - check out index
 2019-12-17 16:47:36 -08:00
toddouska 892e951c8a
Merge pull request #2669 from SparkiDev/name_joi_fix 
Decode X.509 name - check input length for jurisdiction
 2019-12-17 16:46:30 -08:00
toddouska 435d4bf427
Merge pull request #2658 from SparkiDev/asn_date_check 
Check ASN date characters are valid
 2019-12-17 16:39:35 -08:00
toddouska f81ce71c25
Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer 
add --disable-errorqueue option
 2019-12-17 16:37:02 -08:00
toddouska 06563ed3fa
Merge pull request #2642 from SparkiDev/sp_exptmod 
sp_int: support for more values in sp_exptmod
 2019-12-17 16:36:12 -08:00
John Safranek 037c319bab
Find CRL Signer By AuthKeyId 
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
 2019-12-17 15:33:39 -08:00
toddouska feeb18600f
Merge pull request #2636 from SparkiDev/mp_exptmod_fixes 
Handle more values in fp_exptmod
 2019-12-17 15:22:24 -08:00
toddouska 138377f30e
Merge pull request #2641 from SparkiDev/sp_c32_lshift 
Fix lshift in SP 32-bit C code - FFDHE
 2019-12-17 15:17:17 -08:00
toddouska 5ee9f9c7a2
Merge pull request #2637 from SparkiDev/ecc_cache_resist 
Improve wc_ecc_mulmod_ex cache attack resistance
 2019-12-17 15:16:16 -08:00
toddouska 028d9e5443
Merge pull request #2634 from SparkiDev/pkcs7_libz_fix 
Fix missing variable declaration
 2019-12-17 15:13:13 -08:00
David Garske a176789f13 Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to `ConfirmSignature` with `WC_PENDING_E` response. Added log message when date failure is skipped. 2019-12-17 15:03:00 -08:00
toddouska 06e5e81b1b
Merge pull request #2663 from embhorn/zd5050 
Clarify wolfSSL_shutdown error on subsequent calls
 2019-12-17 14:59:35 -08:00
Eric Blankenhorn 774a758f59 Fixes in test and example code 2019-12-17 15:56:40 -06:00
toddouska ab14a26be0
Merge pull request #2650 from dgarske/boot_tpm 
Fix API visibility for ED25519 check key
 2019-12-17 13:45:39 -08:00
Carie Pointer cfd91fb0b8 Add check for length == 0 in wc_Arc4SetKey 2019-12-17 13:28:50 -07:00
David Garske e8594daab6
Merge pull request #2678 from tmael/night_valgrind 
Fix memory leak detected with Valgrind
 2019-12-17 09:11:30 -08:00
Tesfa Mael 88188b79e2 Fix mem leak 2019-12-16 18:03:11 -08:00
Sean Parkinson 8d7d2c74ee PKCS#12 PBKDF - maximum tmp buffer size 
Use WC_MAX_BLOCK_SIZE - only an issue if PBKDF is using SHA-3
algorithms.
 2019-12-17 09:56:08 +10:00
Sean Parkinson a71eb11b38 Improve Cortex-M RSA/DH assembly code performance 
Performance of modular exponentiation improved by about 30%.
 2019-12-17 09:03:34 +10:00
David Garske 8d8ab655fa
Merge pull request #2671 from ejohnstown/maint-conf 
Maintenance: Configure
 2019-12-16 13:38:02 -08:00