wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 07:42:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,017 Commits 12 Branches 184 Tags
031ca80fe74cdac9f087ffd095718c13857ec808
Commit Graph

13017 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
031ca80fe7 Fix max SSL version handling for client 
Enable CRL when adding one to store
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2197748a51 Implement wolfSSL_X509_check_private_key 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cb84213ffd Support more extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cd20512b90 wolfSSL_X509_REQ_add1_attr_by_txt for libest 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
911d5968b4 Store more certs in PKCS7 struct 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
acf3156fac Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a9bb906a9 Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port 
Forgot to commit csr.dsa.pem for api.c
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
65c6a71bde Init wolfSSL_X509_REQ_add_extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
6a635b339c Fixes 
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b808124a47 Add DSA support to ConfirmSignature and add DSAwithSHA256 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a20896e44 Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
86d2177876 wolfSSL_X509_resign_cert updates x509 der buffer as well 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
932ef25e79 Set default digest NID 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff7b8d3715 Don't attempt TLS 1.3 if server options disable it 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2e2beb279d WIP 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8e62bf2588 Pass libest estclient_simple example 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
aaba7ed286 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
753a3babc8 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
e7f1d39456 OpenSSL Compat layer 
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
toddouska
b4fddf3f24 Merge pull request #3572 from dgarske/zd11381 
Fix for `wc_SetAltNamesBuffer`
 2020-12-16 15:33:12 -08:00
Chris Conlon
7e1a066963 Merge pull request #3555 from kojo1/doc-PSS_Sign-Verify 
Doc wc_RsaPSS_Sign/Verify/CheckPadding
 2020-12-16 15:18:24 -07:00
David Garske
51c3f87811 Fix for wc_SetAltNamesBuffer broken in PR #2728. The SetAltNames was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in SetAltNamesFromDcert to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381 2020-12-16 12:28:28 -08:00
toddouska
5f30727b32 Merge pull request #3531 from vppillai/patch-1 
support TNGTLS certificate loading for Harmony3
 2020-12-16 09:21:28 -08:00
toddouska
7f20b97927 Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 
cppcheck: fixes
 2020-12-16 09:04:59 -08:00
toddouska
cee91c91f5 Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 
Changes for Nginx 1.7.7
 2020-12-16 09:01:27 -08:00
toddouska
b0464c93e2 Merge pull request #3542 from SparkiDev/sp_mod_odd 
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
 2020-12-16 08:51:10 -08:00
Vysakh P Pillai
3063264f00 formatting updates 2020-12-16 18:05:58 +05:30
Vysakh P Pillai
63f8fbe92f update formatting 2020-12-16 17:59:36 +05:30
Sean Parkinson
6dc06993bf SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops 2020-12-16 21:49:09 +10:00
Sean Parkinson
75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
Takashi Kojo
010c8db54e duplicated \ingroup, missing closing comment 2020-12-16 08:52:12 +09:00
Sean Parkinson
922ca916a9 Merge pull request #3554 from ejohnstown/psk-fix 
PSK Alert
 2020-12-16 09:40:04 +10:00
toddouska
bab2f55661 Merge pull request #3563 from SparkiDev/base64_cr 
Base64: Cache attack resistant decode
 2020-12-15 15:16:09 -08:00