wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 23:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,973 Commits 12 Branches 184 Tags
760ddd14f52f6ba2b0f73b28f7ce4ec0af802ba2
Commit Graph

1849 Commits

Author SHA1 Message Date
toddouska
d6a6226c8e Merge pull request #681 from JacobBarthelmeh/Testing 
static analysis check of null dereference and memory management
 2016-12-22 08:43:55 -08:00
Jacob Barthelmeh
1c17b8eed6 static analysis check of null dereference and memory management 2016-12-21 16:20:18 -07:00
John Safranek
ac27d6d7ca DTLS Sequence Number update 
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
 2016-12-20 09:30:46 -08:00
toddouska
1a5c5d0011 Merge pull request #676 from cconlon/fortify 
address fortify high issues
 2016-12-19 20:03:24 -08:00
Chris Conlon
46f3b2a367 address fortify high issues 2016-12-19 15:50:11 -07:00
toddouska
dca57bf2f0 Merge pull request #673 from cconlon/fortify 
address fortify critical issues
 2016-12-19 13:42:11 -08:00
Chris Conlon
060ff5e5ef address fortify critical issues 2016-12-19 11:53:14 -07:00
toddouska
168203ff9d Merge pull request #649 from dgarske/distro 
Linux Distro Patches
 2016-12-16 16:03:16 -08:00
toddouska
a9e7c4081f Merge pull request #660 from ejohnstown/win-renegotiation 
Enable secure renegotiation by default for Windows library build.
 2016-12-15 16:17:15 -08:00
toddouska
ec90d72412 Merge pull request #666 from cconlon/chachafix 
fix CertificateRequest cert type for ECDSA ChaCha suites
 2016-12-15 12:08:08 -08:00
John Safranek
be65f26dd2 If there is a badly formed handshake message with extra data at the 
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
 2016-12-14 16:02:29 -08:00
Chris Conlon
33f21e8b8d set correct cert type in CertificateRequest when using ChaCha suite with ECDSA 2016-12-14 11:34:10 -07:00
John Safranek
e80331e03a fix Windows debug build warning with secure renegotiation 2016-12-09 14:31:21 -08:00
John Safranek
8b1a6d4c70 Merge pull request #658 from kaleb-himes/sniffer 
Prevent forcezero from running on freed memory
 2016-12-09 09:04:01 -08:00
kaleb-himes
d2b5a9538d Prevent forcezero from running on freed memory 2016-12-08 15:11:41 -07:00
Sean Parkinson
289acd088a Remove state save and restore 2016-12-08 15:21:04 +10:00
Sean Parkinson
ea1a03d538 Get the hash of the handshake messages rather than finalize. 
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
 2016-12-08 15:21:04 +10:00
David Garske
4dd393077f Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script. 2016-12-07 07:57:55 -08:00
David Garske
45d26876c8 Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API. 2016-12-07 07:57:55 -08:00
David Garske
eaca90db28 New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port. 2016-12-07 07:57:55 -08:00
David Garske
9399cc05cb Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined. 2016-12-07 07:07:27 -08:00
David Garske
a6b96b17ff Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC. 2016-12-05 09:01:59 -08:00
David Garske
8e64d564dc NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2. 2016-12-05 09:01:59 -08:00
David Garske
039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
David Garske
3d920b23a0 Fix for building with NO_ERROR_STRINGS. 2016-11-30 16:26:02 -08:00
David Garske
7a35d904c2 Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA. 2016-11-30 16:26:02 -08:00
David Garske
c3c3419138 Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h. 2016-11-30 16:26:01 -08:00
toddouska
8f89d4922f allow separate set fds for read/write, helpful for DTLS multicast 2016-11-30 11:15:57 -08:00
toddouska
7dab97fb01 Merge pull request #641 from dgarske/verifycb_peer_cert_chain 
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
 2016-11-23 12:59:00 -08:00
David Garske
5b76a37234 Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627. 2016-11-22 11:45:00 -08:00
John Safranek
2d9d3aeb91 DTLS Window Update: fixes and changes 2016-11-22 10:12:18 -08:00
John Safranek
ec6fec452d Update session export with the new sequence number windows. 2016-11-21 09:16:53 -08:00
John Safranek
2507c4da8a DTLS Sequence Window Tracking Update 
1. Modify the DTLS sequence window to use an array of word32 instead
   of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
 2016-11-18 11:52:43 -08:00
toddouska
1289e66641 Merge pull request #636 from dgarske/fix-ti-hash-mem-leak 
Fix memory leak issue in ti-hash.c with small stack
 2016-11-17 16:19:37 -08:00
toddouska
f167fe3d4a Merge pull request #625 from dgarske/tls_nosha256 
Fix to allow TLS with NO_SHA256
 2016-11-17 16:14:28 -08:00
David Garske
b01952ea40 Cleanup the hash free in FreeHandshakeResources. 2016-11-17 09:34:31 -08:00
toddouska
f922d3f2d6 Merge pull request #624 from SparkiDev/sha224 
SHA224 implementation added
 2016-11-15 13:53:34 -08:00
toddouska
f27159f2db Merge pull request #633 from cconlon/renegotiation_info 
add server side empty renegotiation_info support
 2016-11-15 11:11:17 -08:00
Chris Conlon
a10ec0ff91 adjust suiteSz and use SUITE_LEN in FindSuite() 2016-11-15 10:49:37 -07:00
Chris Conlon
49978d1417 server side empty renegotiation_info support 2016-11-14 15:33:36 -07:00
toddouska
1a7fe0d4c5 fix non ecc_make_key init_mulit potential problems 2016-11-14 12:49:42 -08:00
David Garske
82e8210208 Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes. 2016-11-14 12:47:24 -08:00
Jacob Barthelmeh
0b3d9cbccd revert AESNI padding and handle the case in aes.c 2016-11-11 16:26:29 -07:00
toddouska
a0ee159fa5 Merge pull request #617 from JacobBarthelmeh/Compatibility-Layer 
Compatibility layer
 2016-11-10 11:47:42 -08:00
Sean Parkinson
fdfc177254 SHA224 implementation added 
Added SHA24 implementation and tetss.
Added HMAC-SHA224 implementation and tests.
Added RSA-SHA224 and ECDSA-SHA224.
Added MGF1-SHA224
Added OpenSSL APIs for SHA224
Configuration option to enable SHA224 and it is on by default for x86_64
 2016-11-10 15:52:26 +10:00
Jacob Barthelmeh
55401fceb8 adjust alignment of arrays used for case with AESNI 2016-11-09 15:03:26 -07:00
Jacob Barthelmeh
c122558810 COMPAT. LAYER : fix missing return value and alignment 2016-11-08 14:16:02 -07:00
Jacob Barthelmeh
f7a951709f COMPAT. LAYER : get SSL client random bytes 2016-11-07 13:21:35 -07:00
Jacob Barthelmeh
f06a392764 COMPAT. LAYER : DES set key and malloc/free 2016-11-07 13:21:05 -07:00
toddouska
68c43e4344 Merge pull request #615 from ejohnstown/dtls-verify-retry-fix 
Fix dropped DTLS Hello Verify retransmit
 2016-11-04 15:52:13 -07:00