Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
Prior to this commit, this function used XMKTIME (mktime) to convert the
passed in WOLFSSL_ASN1_TIMEs to Unix timestamps. On platforms where time_t is
32 bits long, times after the year 2038 can't be represented with this type. To
fix this, we need to not use XMKTIME. With this commit, the static function
time2epoch is added to ssl.c, which uses the date time information to compute
seconds since the Unix epoch without the use of mktime. It returns the seconds
as a long long. This is sufficient to make the function work for years > 2038 on
the platform of the user who discovered this problem in the first place (Yocto
Linux on ARMv7).
- Previously, this function would round up the requested bits to the next
multiple of 8. With this commit, the function returns a number of exactly the
number of bits requested, which is the same behavior as OpenSSL. This problem
was discovered by a user using the compatibility layer with OpenSSH's ssh-keygen
utility.
- This function now respects the top and bottom parameters.
- Improved unit testing.
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
This function should not error out if one of the passed in times is the Unix
epoch. This amounts to erroring out when the XMKTIME returns < 0, rather than
<= 0.
Eric Blankenhorn
Daniel Pouzzner
Hayden Roche
David Garske
Juliusz Sosinowicz
Sean Parkinson
Anthony Hu
Jacob Barthelmeh
Juliusz Sosinowicz
Chris Conlon