feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
4,982 Commits 28 Branches 172 Tags
63dcacb43777a9abdd35abb3863e70c495b7b478
Commit Graph

772 Commits

Author SHA1 Message Date
Takashi Kojo
f3435eefbd templates: ASN1_INTEGER_to_BN, BN_mod_exp, CONF_modules_free/unload, DSA_dup_DH 2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
f2f52c3ec9 add more compatiblity functions 2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
6520a77fac DES ECB prototypes 2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
8554912d68 COMPAT. LAYER : jenkins warnings and build configurations 2016-12-28 14:44:05 -07:00
Takashi Kojo
8844554fca Templates BIO/SSL/SSL_CTX_ctrl 2016-12-28 14:44:05 -07:00
Takashi Kojo
86014fb0d0 add BIO_ctrl and other BIO templates 2016-12-28 14:44:05 -07:00
Takashi Kojo
de91e7df03 add EVP_Cipher with AES Counter 2016-12-28 14:44:05 -07:00
Takashi Kojo
aed9b2d3bb add EVP_CIPHER_CTX_block_size/mode/set_flags/set_padding 2016-12-28 14:44:05 -07:00
Takashi Kojo
bb400789b8 add EVP_Cipher with EVP_aes_256_ecb() 2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
1c17b8eed6 static analysis check of null dereference and memory management 2016-12-21 16:20:18 -07:00
David Garske
45d26876c8 Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API. 2016-12-07 07:57:55 -08:00
David Garske
eaca90db28 New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port. 2016-12-07 07:57:55 -08:00
David Garske
039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
David Garske
3d920b23a0 Fix for building with NO_ERROR_STRINGS. 2016-11-30 16:26:02 -08:00
David Garske
7a35d904c2 Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA. 2016-11-30 16:26:02 -08:00
David Garske
c3c3419138 Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h. 2016-11-30 16:26:01 -08:00
toddouska
8f89d4922f allow separate set fds for read/write, helpful for DTLS multicast 2016-11-30 11:15:57 -08:00
toddouska
f922d3f2d6 Merge pull request #624 from SparkiDev/sha224 
SHA224 implementation added
 2016-11-15 13:53:34 -08:00
toddouska
1a7fe0d4c5 fix non ecc_make_key init_mulit potential problems 2016-11-14 12:49:42 -08:00
Sean Parkinson
fdfc177254 SHA224 implementation added 
Added SHA24 implementation and tetss.
Added HMAC-SHA224 implementation and tests.
Added RSA-SHA224 and ECDSA-SHA224.
Added MGF1-SHA224
Added OpenSSL APIs for SHA224
Configuration option to enable SHA224 and it is on by default for x86_64
 2016-11-10 15:52:26 +10:00
Jacob Barthelmeh
c122558810 COMPAT. LAYER : fix missing return value and alignment 2016-11-08 14:16:02 -07:00
Jacob Barthelmeh
f7a951709f COMPAT. LAYER : get SSL client random bytes 2016-11-07 13:21:35 -07:00
Jacob Barthelmeh
f06a392764 COMPAT. LAYER : DES set key and malloc/free 2016-11-07 13:21:05 -07:00
toddouska
70b227011d Merge pull request #604 from JacobBarthelmeh/PKCS12 
Pkcs12
 2016-11-04 15:50:50 -07:00
Jacob Barthelmeh
0839925797 PKCS12 : visibility, check on key match, sanity check on malloc 2016-11-03 11:14:29 -06:00
John Safranek
3075269326 Replace the DTLS MsgPool for saving transmit handshake messages with 
the DTLS MsgList.
 2016-11-01 09:53:53 -07:00
John Safranek
3065bb2178 Merge pull request #588 from steweg/fix_dtls_retranmission 
Adjust DTLS retranmission logic
 2016-11-01 09:29:30 -07:00
Jacob Barthelmeh
b686deecbe PKCS12 : Add PKCS12 parsing 2016-10-29 13:12:26 -06:00
kaleb-himes
2122ee2eb5 IAR compiler for ARM 7.70.2.11706 - unitialized warning 2016-10-26 09:33:15 -06:00
Stefan Gula
59fdd98f1d Adjust DTLS retranmission logic 
This patch adjust DTLS retranmission logic
in order to avoid message floods between client
and server
 2016-10-26 10:37:23 +02:00
Nickolas Lapp
86bf50ea70 Ensure dh->q is nulled on init and free 2016-10-10 16:21:30 -06:00
Nickolas Lapp
1792eba1a2 Rename *Mutex Functions with wc_ prefix. Expose these functions for 
Stunnel. Various other changes to enable stunnel compling
 2016-10-03 16:36:05 -06:00
John Safranek
ba6e2b1037 move an ifndef NO_AES for one more configure disable/enable combination 2016-09-22 11:41:16 -07:00
toddouska
2368d49678 Merge pull request #572 from ejohnstown/pathlen 
CA Certificate Path Length Checking
 2016-09-21 14:36:24 -07:00
John Safranek
b8704d2dfe Merge pull request #571 from toddouska/new_rng 
Fix Jenkins build 389 single-threaded issue
 2016-09-21 12:59:06 -07:00
JacobBarthelmeh
ab887b88dc Merge pull request #570 from ejohnstown/des3-disable-fix 
Disable DES3 compiler warning fix
 2016-09-21 13:25:00 -06:00
John Safranek
de81c81eae Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled 
and when AES is disabled.
 2016-09-21 10:21:03 -07:00
toddouska
489345f0d4 move CTX new_rng out of with certs block 2016-09-21 09:02:38 -07:00
John Safranek
95acd9c907 Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
 2016-09-21 07:32:17 -07:00
John Safranek
a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
John Safranek
ef7183dcf7 delete redundant #else 2016-09-20 15:59:08 -07:00
John Safranek
65a7978dec Merge pull request #567 from toddouska/rng 
RDSEED enhancements
 2016-09-20 12:09:01 -07:00
John Safranek
df1d8200ef Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and DES3 are disabled.
 2016-09-20 12:07:58 -07:00
toddouska
e0b8e55198 Merge pull request #553 from ejohnstown/disable-des3 
Disable DES3 by default
 2016-09-19 09:27:32 -07:00
toddouska
f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
John Safranek
bad6be5c76 1. Updated sniffer to allow DES3 to be disabled. 
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
 2016-09-15 14:53:28 -07:00
toddouska
c1ac0c0f8c Merge pull request #545 from ejohnstown/ems 
Extended Master Secret
 2016-09-15 11:25:41 -07:00
John Safranek
b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
Chris Conlon
e4f527a332 initial extended master secret support 2016-09-01 15:12:54 -06:00
John Safranek
963b9d4c4d OCSP Fixes 
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
 2016-09-01 09:58:34 -07:00