toddouska
3f13b49fa3
Merge pull request #2695 from JacobBarthelmeh/Release
...
prepare for release v4.3.0
2019-12-20 11:10:34 -08:00
Jacob Barthelmeh
e1433867ce
fix for expected nightly config test report
2019-12-20 09:46:12 -07:00
Jacob Barthelmeh
5675a2b3c5
prepare for release v4.3.0
2019-12-20 08:43:34 -07:00
toddouska
45d55c8f38
Merge pull request #2676 from SparkiDev/sp_cortexm_perf
...
Improve Cortex-M RSA/DH assembly code performance
2019-12-19 15:03:59 -08:00
toddouska
51f956490f
Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes
...
Cleanup ParseCertRelative code
2019-12-19 11:03:56 -08:00
toddouska
3342a19e29
Merge pull request #2578 from cariepointer/ZD-9478-and-9479
...
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
2019-12-19 10:59:05 -08:00
David Garske
2aa8fa2de6
Merge pull request #2688 from kaleb-himes/GH2552
...
use const to declare array rather than variable sz - VS doesn't like …
2019-12-19 08:52:30 -08:00
JacobBarthelmeh
e10ace21df
Merge pull request #2690 from SparkiDev/sp_int_fixes_1
...
Fix SP to build for different configurations
2019-12-19 08:52:52 -07:00
Sean Parkinson
36f697c93d
Fix SP to build for different configurations
...
Was failing:
--enable-sp --enable-sp-math
--enable-sp --enable-sp-math --enable-smallstack
2019-12-19 15:15:19 +10:00
kaleb-himes
95c0c1f2a5
use const to declare array rather than variable sz - VS doesn't like this
2019-12-18 16:08:26 -08:00
Sean Parkinson
64a1045dc3
Cleanup ParseCertRelative code
...
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
2019-12-19 08:53:24 +10:00
toddouska
6922d7031c
Merge pull request #2685 from embhorn/coverity_fixes
...
Coverity fixes
2019-12-18 14:06:48 -08:00
toddouska
531fedfbb4
Merge pull request #2687 from ejohnstown/dtls-cap
...
DTLS Handshake Message Cap
2019-12-18 13:50:52 -08:00
David Garske
031e78e103
Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019
...
Add dox documentation for wc_ecc_make_key_ex
2019-12-18 13:49:57 -08:00
toddouska
0057eb16f8
Merge pull request #2686 from ejohnstown/crl-skid
...
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska
573d045437
Merge pull request #2682 from SparkiDev/akid_name_check
...
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
David Garske
c054293926
Merge pull request #2684 from JacobBarthelmeh/build-tests
...
fix for g++ build warning
2019-12-18 12:09:29 -08:00
Eric Blankenhorn
52893877d7
Fixes from review
2019-12-18 13:25:25 -06:00
John Safranek
6c6d72e4d6
Find CRL Signer By AuthKeyId
...
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
kaleb-himes
2607cf3429
Fix up based on peer feedback
2019-12-18 10:55:20 -07:00
toddouska
5a04ee0d8b
Merge pull request #2640 from dgarske/alt_chain
...
Fixes for Alternate chain processing
2019-12-18 09:38:45 -08:00
toddouska
b89121236f
Merge pull request #2635 from dgarske/async_date
...
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska
74a8fbcff4
Merge pull request #2666 from SparkiDev/b64_dec_fix
...
Bade64_Decode - check out length (malformed input)
2019-12-18 09:30:41 -08:00
toddouska
c2e5991b50
Merge pull request #2681 from ejohnstown/crl-skid
...
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Jacob Barthelmeh
b5f645ea00
fix for g++ build warning
2019-12-18 10:01:52 -07:00
David Garske
b126802c36
Clarify logic for skipping call to AddCA.
2019-12-18 06:04:26 -08:00
Sean Parkinson
c1218a541b
Check name hash after matching AKID
...
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.
The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
Sean Parkinson
6ccd146b49
Bade64_Decode - check out length (malformed input)
2019-12-18 17:06:58 +10:00
John Safranek
ef6938d2bc
DTLS Handshake Message CAP
...
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
2019-12-17 16:55:58 -08:00
toddouska
7e74d02da5
Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix
...
PKCS#12 PBKDF - maximum tmp buffer size
2019-12-17 16:48:08 -08:00
toddouska
ff026efe49
Merge pull request #2670 from SparkiDev/dec_pol_oid_fix
...
DecodePolicyOID - check out index
2019-12-17 16:47:36 -08:00
toddouska
892e951c8a
Merge pull request #2669 from SparkiDev/name_joi_fix
...
Decode X.509 name - check input length for jurisdiction
2019-12-17 16:46:30 -08:00
toddouska
435d4bf427
Merge pull request #2658 from SparkiDev/asn_date_check
...
Check ASN date characters are valid
2019-12-17 16:39:35 -08:00
toddouska
f81ce71c25
Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
...
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
toddouska
06563ed3fa
Merge pull request #2642 from SparkiDev/sp_exptmod
...
sp_int: support for more values in sp_exptmod
2019-12-17 16:36:12 -08:00
John Safranek
037c319bab
Find CRL Signer By AuthKeyId
...
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name. If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:33:39 -08:00
toddouska
feeb18600f
Merge pull request #2636 from SparkiDev/mp_exptmod_fixes
...
Handle more values in fp_exptmod
2019-12-17 15:22:24 -08:00
toddouska
138377f30e
Merge pull request #2641 from SparkiDev/sp_c32_lshift
...
Fix lshift in SP 32-bit C code - FFDHE
2019-12-17 15:17:17 -08:00
toddouska
5ee9f9c7a2
Merge pull request #2637 from SparkiDev/ecc_cache_resist
...
Improve wc_ecc_mulmod_ex cache attack resistance
2019-12-17 15:16:16 -08:00
toddouska
028d9e5443
Merge pull request #2634 from SparkiDev/pkcs7_libz_fix
...
Fix missing variable declaration
2019-12-17 15:13:13 -08:00
David Garske
a176789f13
Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to `ConfirmSignature` with `WC_PENDING_E` response. Added log message when date failure is skipped.
2019-12-17 15:03:00 -08:00
toddouska
06e5e81b1b
Merge pull request #2663 from embhorn/zd5050
...
Clarify wolfSSL_shutdown error on subsequent calls
2019-12-17 14:59:35 -08:00
Eric Blankenhorn
774a758f59
Fixes in test and example code
2019-12-17 15:56:40 -06:00
toddouska
ab14a26be0
Merge pull request #2650 from dgarske/boot_tpm
...
Fix API visibility for ED25519 check key
2019-12-17 13:45:39 -08:00
Carie Pointer
cfd91fb0b8
Add check for length == 0 in wc_Arc4SetKey
2019-12-17 13:28:50 -07:00
David Garske
e8594daab6
Merge pull request #2678 from tmael/night_valgrind
...
Fix memory leak detected with Valgrind
2019-12-17 09:11:30 -08:00
Tesfa Mael
88188b79e2
Fix mem leak
2019-12-16 18:03:11 -08:00
Sean Parkinson
8d7d2c74ee
PKCS#12 PBKDF - maximum tmp buffer size
...
Use WC_MAX_BLOCK_SIZE - only an issue if PBKDF is using SHA-3
algorithms.
2019-12-17 09:56:08 +10:00
Sean Parkinson
a71eb11b38
Improve Cortex-M RSA/DH assembly code performance
...
Performance of modular exponentiation improved by about 30%.
2019-12-17 09:03:34 +10:00
David Garske
8d8ab655fa
Merge pull request #2671 from ejohnstown/maint-conf
...
Maintenance: Configure
2019-12-16 13:38:02 -08:00