aed9b2d3bb
add EVP_CIPHER_CTX_block_size/mode/set_flags/set_padding
2016-12-28 14:44:05 -07:00
bb400789b8
add EVP_Cipher with EVP_aes_256_ecb()
2016-12-28 14:44:05 -07:00
b57e576abd
Fixes for compiler warnings with IAR EWARM 8.
...
* Fix “wc_PKCS7_DecodeUnprotectedAttributes” return prior to free in GetSet error case.
* Fix “wc_PKCS7_KariGenerateKEK” type mismatch for kdfType.
* Fix aes.c roll_auth use of inSz over 24-bit.
* Fix ecc “build_lut”, “accel_fp_mul” and “accel_fp_mul2add” use of err as unsigned.
* Fix “wc_HKDF” use of un-initialized “myHmac” for heap.
* Fix undefined reference to __REV for IAR due to missing intrinsics.h.
* Fix build error for “wolfSSL_CTX_set_tmp_dh” if OPENSSL_EXTRA not defined and “HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE”.
* Cleanup of “wolfSSL_get_chain_X509” brace..
* Cleanup SSL_CtxResourceFree use of `i` and define comments.
* Added “SIZEOF_LONG_LONG” to IAR-EWARM user_settings.h to support word64 (required for SHA512, etc).
2016-12-28 11:18:41 -08:00
511f41b0e4
fix C++ compiler warnings for distro build
2016-12-27 14:38:14 -07:00
784b24eebc
Merge pull request #680 from ejohnstown/dtls-sctp-fix
...
DTLS-SCTP fix
2016-12-22 13:10:29 -07:00
d6a6226c8e
Merge pull request #681 from JacobBarthelmeh/Testing
...
static analysis check of null dereference and memory management
2016-12-22 08:43:55 -08:00
1c17b8eed6
static analysis check of null dereference and memory management
2016-12-21 16:20:18 -07:00
40800d8065
DTLS-SCTP fix
...
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
3bec816f97
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32. Replace only use of BYTE3_LEN with OPAQUE24_LEN. Replace “ “ with “\t” (saves bytes and is consistent). Fix align issue with “WOLFSSL_EVP_MD_CTX” hash.
2016-12-21 14:05:00 -08:00
d73338851d
Combine generic math functions into new wolfmath.c/.h. Cleanup of the !ALT_ECC_SIZE code so fp_int always has size. This is in prep for async changes for new WC_BIGINT type for hardware crypto.
2016-12-21 13:39:33 -08:00
ac27d6d7ca
DTLS Sequence Number update
...
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
2016-12-20 09:30:46 -08:00
1a5c5d0011
Merge pull request #676 from cconlon/fortify
...
address fortify high issues
2016-12-19 20:03:24 -08:00
46f3b2a367
address fortify high issues
2016-12-19 15:50:11 -07:00
dca57bf2f0
Merge pull request #673 from cconlon/fortify
...
address fortify critical issues
2016-12-19 13:42:11 -08:00
060ff5e5ef
address fortify critical issues
2016-12-19 11:53:14 -07:00
168203ff9d
Merge pull request #649 from dgarske/distro
...
Linux Distro Patches
2016-12-16 16:03:16 -08:00
a9e7c4081f
Merge pull request #660 from ejohnstown/win-renegotiation
...
Enable secure renegotiation by default for Windows library build.
2016-12-15 16:17:15 -08:00
ec90d72412
Merge pull request #666 from cconlon/chachafix
...
fix CertificateRequest cert type for ECDSA ChaCha suites
2016-12-15 12:08:08 -08:00
be65f26dd2
If there is a badly formed handshake message with extra data at the
...
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
2016-12-14 16:02:29 -08:00
33f21e8b8d
set correct cert type in CertificateRequest when using ChaCha suite with ECDSA
2016-12-14 11:34:10 -07:00
e80331e03a
fix Windows debug build warning with secure renegotiation
2016-12-09 14:31:21 -08:00
8b1a6d4c70
Merge pull request #658 from kaleb-himes/sniffer
...
Prevent forcezero from running on freed memory
2016-12-09 09:04:01 -08:00
d2b5a9538d
Prevent forcezero from running on freed memory
2016-12-08 15:11:41 -07:00
289acd088a
Remove state save and restore
2016-12-08 15:21:04 +10:00
ea1a03d538
Get the hash of the handshake messages rather than finalize.
...
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
2016-12-08 15:21:04 +10:00
4dd393077f
Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.
2016-12-07 07:57:55 -08:00
45d26876c8
Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API.
2016-12-07 07:57:55 -08:00
eaca90db28
New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port.
2016-12-07 07:57:55 -08:00
9399cc05cb
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 07:07:27 -08:00
a6b96b17ff
Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC.
2016-12-05 09:01:59 -08:00
8e64d564dc
NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2.
2016-12-05 09:01:59 -08:00
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
3d920b23a0
Fix for building with NO_ERROR_STRINGS.
2016-11-30 16:26:02 -08:00
7a35d904c2
Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA.
2016-11-30 16:26:02 -08:00
c3c3419138
Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h.
2016-11-30 16:26:01 -08:00
8f89d4922f
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 11:15:57 -08:00
7dab97fb01
Merge pull request #641 from dgarske/verifycb_peer_cert_chain
...
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
2016-11-23 12:59:00 -08:00
5b76a37234
Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627 .
2016-11-22 11:45:00 -08:00
2d9d3aeb91
DTLS Window Update: fixes and changes
2016-11-22 10:12:18 -08:00
ec6fec452d
Update session export with the new sequence number windows.
2016-11-21 09:16:53 -08:00
2507c4da8a
DTLS Sequence Window Tracking Update
...
1. Modify the DTLS sequence window to use an array of word32 instead
of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
2016-11-18 11:52:43 -08:00
1289e66641
Merge pull request #636 from dgarske/fix-ti-hash-mem-leak
...
Fix memory leak issue in ti-hash.c with small stack
2016-11-17 16:19:37 -08:00
f167fe3d4a
Merge pull request #625 from dgarske/tls_nosha256
...
Fix to allow TLS with NO_SHA256
2016-11-17 16:14:28 -08:00
b01952ea40
Cleanup the hash free in FreeHandshakeResources.
2016-11-17 09:34:31 -08:00
f922d3f2d6
Merge pull request #624 from SparkiDev/sha224
...
SHA224 implementation added
2016-11-15 13:53:34 -08:00
f27159f2db
Merge pull request #633 from cconlon/renegotiation_info
...
add server side empty renegotiation_info support
2016-11-15 11:11:17 -08:00
a10ec0ff91
adjust suiteSz and use SUITE_LEN in FindSuite()
2016-11-15 10:49:37 -07:00
49978d1417
server side empty renegotiation_info support
2016-11-14 15:33:36 -07:00
1a7fe0d4c5
fix non ecc_make_key init_mulit potential problems
2016-11-14 12:49:42 -08:00
82e8210208
Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes.
2016-11-14 12:47:24 -08:00
Takashi Kojo
David Garske
Jacob Barthelmeh
toddouska
John Safranek
Chris Conlon
kaleb-himes
Sean Parkinson