wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 10:52:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,913 Commits 12 Branches 184 Tags
060ff5e5ef5a2d4ecde828205db3382fdf3f8a34
Commit Graph

1836 Commits

Author SHA1 Message Date
Chris Conlon
060ff5e5ef address fortify critical issues 2016-12-19 11:53:14 -07:00
John Safranek
8b1a6d4c70 Merge pull request #658 from kaleb-himes/sniffer 
Prevent forcezero from running on freed memory
 2016-12-09 09:04:01 -08:00
kaleb-himes
d2b5a9538d Prevent forcezero from running on freed memory 2016-12-08 15:11:41 -07:00
Sean Parkinson
289acd088a Remove state save and restore 2016-12-08 15:21:04 +10:00
Sean Parkinson
ea1a03d538 Get the hash of the handshake messages rather than finalize. 
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
 2016-12-08 15:21:04 +10:00
David Garske
4dd393077f Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script. 2016-12-07 07:57:55 -08:00
David Garske
45d26876c8 Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API. 2016-12-07 07:57:55 -08:00
David Garske
eaca90db28 New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port. 2016-12-07 07:57:55 -08:00
David Garske
a6b96b17ff Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC. 2016-12-05 09:01:59 -08:00
David Garske
8e64d564dc NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2. 2016-12-05 09:01:59 -08:00
David Garske
039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
David Garske
3d920b23a0 Fix for building with NO_ERROR_STRINGS. 2016-11-30 16:26:02 -08:00
David Garske
7a35d904c2 Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA. 2016-11-30 16:26:02 -08:00
David Garske
c3c3419138 Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h. 2016-11-30 16:26:01 -08:00
toddouska
8f89d4922f allow separate set fds for read/write, helpful for DTLS multicast 2016-11-30 11:15:57 -08:00
toddouska
7dab97fb01 Merge pull request #641 from dgarske/verifycb_peer_cert_chain 
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
 2016-11-23 12:59:00 -08:00
David Garske
5b76a37234 Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627. 2016-11-22 11:45:00 -08:00
John Safranek
2d9d3aeb91 DTLS Window Update: fixes and changes 2016-11-22 10:12:18 -08:00
John Safranek
ec6fec452d Update session export with the new sequence number windows. 2016-11-21 09:16:53 -08:00
John Safranek
2507c4da8a DTLS Sequence Window Tracking Update 
1. Modify the DTLS sequence window to use an array of word32 instead
   of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
 2016-11-18 11:52:43 -08:00
toddouska
1289e66641 Merge pull request #636 from dgarske/fix-ti-hash-mem-leak 
Fix memory leak issue in ti-hash.c with small stack
 2016-11-17 16:19:37 -08:00
toddouska
f167fe3d4a Merge pull request #625 from dgarske/tls_nosha256 
Fix to allow TLS with NO_SHA256
 2016-11-17 16:14:28 -08:00
David Garske
b01952ea40 Cleanup the hash free in FreeHandshakeResources. 2016-11-17 09:34:31 -08:00
toddouska
f922d3f2d6 Merge pull request #624 from SparkiDev/sha224 
SHA224 implementation added
 2016-11-15 13:53:34 -08:00
toddouska
f27159f2db Merge pull request #633 from cconlon/renegotiation_info 
add server side empty renegotiation_info support
 2016-11-15 11:11:17 -08:00
Chris Conlon
a10ec0ff91 adjust suiteSz and use SUITE_LEN in FindSuite() 2016-11-15 10:49:37 -07:00
Chris Conlon
49978d1417 server side empty renegotiation_info support 2016-11-14 15:33:36 -07:00
toddouska
1a7fe0d4c5 fix non ecc_make_key init_mulit potential problems 2016-11-14 12:49:42 -08:00
David Garske
82e8210208 Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes. 2016-11-14 12:47:24 -08:00
Jacob Barthelmeh
0b3d9cbccd revert AESNI padding and handle the case in aes.c 2016-11-11 16:26:29 -07:00
toddouska
a0ee159fa5 Merge pull request #617 from JacobBarthelmeh/Compatibility-Layer 
Compatibility layer
 2016-11-10 11:47:42 -08:00
Sean Parkinson
fdfc177254 SHA224 implementation added 
Added SHA24 implementation and tetss.
Added HMAC-SHA224 implementation and tests.
Added RSA-SHA224 and ECDSA-SHA224.
Added MGF1-SHA224
Added OpenSSL APIs for SHA224
Configuration option to enable SHA224 and it is on by default for x86_64
 2016-11-10 15:52:26 +10:00
Jacob Barthelmeh
55401fceb8 adjust alignment of arrays used for case with AESNI 2016-11-09 15:03:26 -07:00
Jacob Barthelmeh
c122558810 COMPAT. LAYER : fix missing return value and alignment 2016-11-08 14:16:02 -07:00
Jacob Barthelmeh
f7a951709f COMPAT. LAYER : get SSL client random bytes 2016-11-07 13:21:35 -07:00
Jacob Barthelmeh
f06a392764 COMPAT. LAYER : DES set key and malloc/free 2016-11-07 13:21:05 -07:00
toddouska
68c43e4344 Merge pull request #615 from ejohnstown/dtls-verify-retry-fix 
Fix dropped DTLS Hello Verify retransmit
 2016-11-04 15:52:13 -07:00
toddouska
70b227011d Merge pull request #604 from JacobBarthelmeh/PKCS12 
Pkcs12
 2016-11-04 15:50:50 -07:00
John Safranek
c271806936 Merge pull request #614 from toddouska/scr-verify 
add SCR client and server verify data check
 2016-11-04 10:11:05 -07:00
John Safranek
ada2573009 Increment the expected handshake number if the call to the handhsake 
message processing function is successful, but not if the handshake
message is the client_hello. Process client hello clears that counter
and incrementing it breaks the handshake. Fixes issue #612.
 2016-11-03 14:49:21 -07:00
toddouska
87e3f45f52 add SCR client and server verify data check 2016-11-03 14:45:24 -07:00
Jacob Barthelmeh
0839925797 PKCS12 : visibility, check on key match, sanity check on malloc 2016-11-03 11:14:29 -06:00
Jacob Barthelmeh
668e9a8e08 MODE : change source file mode back to 644 2016-11-03 10:08:13 -06:00
toddouska
d4b8320226 Merge pull request #606 from ejohnstown/dtls-pool 
DTLS Pool Change
 2016-11-02 10:54:53 -07:00
John Safranek
a3ea8378ec Cap the size of the transmit and receive DTLS message lists at 255. 2016-11-02 09:15:05 -07:00
dgarske
22c5e22698 Merge pull request #608 from JacobBarthelmeh/master 
Option to disable RNG (WC_NO_RNG or --disable-rng). If RNG is disabled and building in crypto that makes calls to RNG functions the build will fail with linker undefined symbol errors.
 2016-11-01 11:53:53 -07:00
John Safranek
ffe905afbf Moved the checks for the new session ticket and certificate verify 
messages from the change cipher spec handler to the sanity check
handshake message function. It provides support for DTLS missing
and duplicate messages.
 2016-11-01 09:53:53 -07:00
John Safranek
3075269326 Replace the DTLS MsgPool for saving transmit handshake messages with 
the DTLS MsgList.
 2016-11-01 09:53:53 -07:00
John Safranek
3065bb2178 Merge pull request #588 from steweg/fix_dtls_retranmission 
Adjust DTLS retranmission logic
 2016-11-01 09:29:30 -07:00
Jacob Barthelmeh
09c32de412 RNG : option to not use RNG 2016-10-31 16:51:02 -06:00