feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
4,798 Commits 28 Branches 172 Tags
fa816f0460b5299c3488b9c64af857e577e20432
Commit Graph

752 Commits

Author SHA1 Message Date
Jacob Barthelmeh
c122558810 COMPAT. LAYER : fix missing return value and alignment 2016-11-08 14:16:02 -07:00
Jacob Barthelmeh
f7a951709f COMPAT. LAYER : get SSL client random bytes 2016-11-07 13:21:35 -07:00
Jacob Barthelmeh
f06a392764 COMPAT. LAYER : DES set key and malloc/free 2016-11-07 13:21:05 -07:00
toddouska
70b227011d Merge pull request #604 from JacobBarthelmeh/PKCS12 
Pkcs12
 2016-11-04 15:50:50 -07:00
Jacob Barthelmeh
0839925797 PKCS12 : visibility, check on key match, sanity check on malloc 2016-11-03 11:14:29 -06:00
John Safranek
3075269326 Replace the DTLS MsgPool for saving transmit handshake messages with 
the DTLS MsgList.
 2016-11-01 09:53:53 -07:00
John Safranek
3065bb2178 Merge pull request #588 from steweg/fix_dtls_retranmission 
Adjust DTLS retranmission logic
 2016-11-01 09:29:30 -07:00
Jacob Barthelmeh
b686deecbe PKCS12 : Add PKCS12 parsing 2016-10-29 13:12:26 -06:00
kaleb-himes
2122ee2eb5 IAR compiler for ARM 7.70.2.11706 - unitialized warning 2016-10-26 09:33:15 -06:00
Stefan Gula
59fdd98f1d Adjust DTLS retranmission logic 
This patch adjust DTLS retranmission logic
in order to avoid message floods between client
and server
 2016-10-26 10:37:23 +02:00
Nickolas Lapp
86bf50ea70 Ensure dh->q is nulled on init and free 2016-10-10 16:21:30 -06:00
Nickolas Lapp
1792eba1a2 Rename *Mutex Functions with wc_ prefix. Expose these functions for 
Stunnel. Various other changes to enable stunnel compling
 2016-10-03 16:36:05 -06:00
John Safranek
ba6e2b1037 move an ifndef NO_AES for one more configure disable/enable combination 2016-09-22 11:41:16 -07:00
toddouska
2368d49678 Merge pull request #572 from ejohnstown/pathlen 
CA Certificate Path Length Checking
 2016-09-21 14:36:24 -07:00
John Safranek
b8704d2dfe Merge pull request #571 from toddouska/new_rng 
Fix Jenkins build 389 single-threaded issue
 2016-09-21 12:59:06 -07:00
JacobBarthelmeh
ab887b88dc Merge pull request #570 from ejohnstown/des3-disable-fix 
Disable DES3 compiler warning fix
 2016-09-21 13:25:00 -06:00
John Safranek
de81c81eae Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled 
and when AES is disabled.
 2016-09-21 10:21:03 -07:00
toddouska
489345f0d4 move CTX new_rng out of with certs block 2016-09-21 09:02:38 -07:00
John Safranek
95acd9c907 Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
 2016-09-21 07:32:17 -07:00
John Safranek
a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
John Safranek
ef7183dcf7 delete redundant #else 2016-09-20 15:59:08 -07:00
John Safranek
65a7978dec Merge pull request #567 from toddouska/rng 
RDSEED enhancements
 2016-09-20 12:09:01 -07:00
John Safranek
df1d8200ef Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled 
and when AES and DES3 are disabled.
 2016-09-20 12:07:58 -07:00
toddouska
e0b8e55198 Merge pull request #553 from ejohnstown/disable-des3 
Disable DES3 by default
 2016-09-19 09:27:32 -07:00
toddouska
f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
John Safranek
bad6be5c76 1. Updated sniffer to allow DES3 to be disabled. 
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
 2016-09-15 14:53:28 -07:00
toddouska
c1ac0c0f8c Merge pull request #545 from ejohnstown/ems 
Extended Master Secret
 2016-09-15 11:25:41 -07:00
John Safranek
b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
Chris Conlon
e4f527a332 initial extended master secret support 2016-09-01 15:12:54 -06:00
John Safranek
963b9d4c4d OCSP Fixes 
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
 2016-09-01 09:58:34 -07:00
toddouska
092916c253 Merge pull request #536 from ejohnstown/dtls-sctp 
DTLS over SCTP
 2016-08-30 13:09:40 -07:00
David Garske
2ecd80ce23 Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined. 2016-08-29 10:38:06 -07:00
John Safranek
a6c0d4fed7 1. Added missing -DWOLFSSL_SCTP to configure.ac. 
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
 2016-08-26 19:58:36 -07:00
John Safranek
c1970434d1 simplify the SCTP options 2016-08-26 19:43:52 -07:00
John Safranek
ebbf5ec72b add new options and accessors for SCTP 2016-08-26 19:40:50 -07:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
toddouska
d74fa8299a add resume session string script check, make GetDeepCopySession static local and check reutrn code 2016-08-15 09:32:36 -07:00
David Garske
b0e4acaac1 Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined. 2016-08-08 10:29:58 -07:00
David Garske
d8c63b8e66 Various improvements to support openssl compatibility. 
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
 2016-08-05 14:15:47 -07:00
Jacob Barthelmeh
e8f7d78fc4 add helper functions for choosing static buffer size 2016-07-21 12:11:15 -06:00
toddouska
b81e687bf3 Merge pull request #490 from JacobBarthelmeh/master 
Static Memory Fixes
 2016-07-20 20:27:03 -07:00
toddouska
8f2af608a7 Merge pull request #492 from JacobBarthelmeh/staticmemory 
set heap hint for ctx
 2016-07-20 20:25:38 -07:00
toddouska
1b980867d6 fix rsablind other builds 2016-07-20 11:35:57 -07:00
Jacob Barthelmeh
5d8a78be30 set heap hint for ctx 2016-07-20 11:47:36 -06:00
Jacob Barthelmeh
1f5b6d4e66 sanity check on buffer size 2016-07-20 11:44:22 -06:00
David Garske
7a1acc7e56 Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance. 2016-07-07 10:59:45 -07:00
toddouska
eb072e0344 Merge pull request #463 from JacobBarthelmeh/master 
update mysql port
 2016-06-28 14:56:57 -07:00
toddouska
981cf9cbcb Merge pull request #462 from cconlon/bug-fixes 
PemToDer Bug Fixes
 2016-06-28 09:58:18 -07:00
Jacob Barthelmeh
f18ff8bfa4 update mysql patch 2016-06-27 15:44:52 -06:00
toddouska
ac6635593b Revert "Bio" 2016-06-27 10:53:34 -07:00