wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 22:04:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,132 Commits 13 Branches 184 Tags
f025f083150b68744d995d755034bb03c9bc269a
Commit Graph

3743 Commits

Author SHA1 Message Date
Tesfa Mael 00dadafddb Add HAVE_FAST_RSA around RSA_print() 2019-08-26 16:54:10 -07:00
Tesfa Mael b2555d38bc Jenkins PRB enable options test 2019-08-26 15:43:58 -07:00
toddouska 0f60ee8a85 Merge pull request #2402 from schlatterbeck/master 
Fixes for 16-bit systems
 2019-08-26 12:41:47 -07:00
Tesfa Mael 5e28dd94a2 OpenSSL compatible APIs: 
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
 2019-08-26 12:20:18 -07:00
David Garske 76b9476b9a Remove debug printf. 2019-08-23 16:24:45 -07:00
David Garske 99329b0fc4 Improvements to the CRL verify handling. 2019-08-23 16:09:39 -07:00
toddouska 2c97b040ff Merge pull request #2419 from dgarske/ctx_sec_reneg 
Adds use secure renegotiation at CTX level
 2019-08-23 12:55:30 -07:00
toddouska 1bad2bed3c Merge pull request #2404 from dgarske/strict_cipher 
Added strict cipher suite check on client server_hello processing
 2019-08-23 12:42:57 -07:00
toddouska 6209e8ff24 Merge pull request #2412 from JacobBarthelmeh/PKCS12 
adjust wc_i2d_PKCS12 API
 2019-08-23 10:30:04 -07:00
Juliusz Sosinowicz 63538fedde Required additions for building fips-ready with speedups 2019-08-23 10:22:31 -07:00
Jacob Barthelmeh 65aeb71d6c sanity check on buffer size before reading short 2019-08-22 11:36:35 -06:00
David Garske 67c3751836 Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level. 2019-08-20 16:43:28 -07:00
David Garske 24bfea1ad2 Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required. 2019-08-20 10:38:08 -07:00
David Garske 644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Takashi Kojo fd0390430d Give error code resolution to wolfSSL_CertManagerCheckOCSPResponse 2019-08-20 07:22:54 +09:00
David Garske 3e1c103c78 Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted). 2019-08-16 16:09:00 -07:00
David Garske 586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
toddouska 7d4023f6a1 Merge pull request #2408 from dgarske/coverity 
Minor fixes to resolve Coverity static analysis checks
 2019-08-16 14:45:13 -07:00
Jacob Barthelmeh 487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
David Garske 0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
John Safranek e7f0ed4b98 wolfRand 
1. Excluded wc_encrypt.c from the wolfRand build.
 2019-08-15 16:22:16 -07:00
John Safranek 63fe2a219e wolfRand 
In configure.ac,
1. Change some whitespace in the FIPS enable section.
2. Reorganize the FIPS section a little bit.
3. When enabling wolfRand, also force cryptonly.
4. Treat wolfRand like FIPSv2 at build time.
In the source include.am,
5. Add checks against BUILD_FIPS_RAND as appropriate.
6. Add the SHA-256 assembly to the wolfRand source list.
 2019-08-15 16:22:16 -07:00
John Safranek 0931b574a7 wolfRand 
1. Refactored src/include.am to use the new changes in configure for
multiple FIPS versions.
2. Added conditions for wolfRand.
 2019-08-15 16:22:16 -07:00
toddouska 489af0cd2b Merge pull request #2386 from SparkiDev/tls13_integ_only 
TLS 1.3 and Integrity-only ciphersuites
 2019-08-15 16:02:12 -07:00
Eric Blankenhorn 1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
Eric Blankenhorn b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
David Garske e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello. 
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
 2019-08-13 15:56:19 -07:00
Eric Blankenhorn 48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
Tesfa Mael 9301cce9ac Check a null pointer dereference 2019-08-13 11:48:20 -07:00
Tesfa Mael b1ad0525ea cast to correct static analysis issue 2019-08-13 10:45:24 -07:00
Tesfa Mael b7bd710bc8 Add small stack option 2019-08-13 10:29:37 -07:00
Tesfa Mael 1acd24deb8 Review comment to reduce stack usage 2019-08-13 10:15:57 -07:00
Tesfa Mael b9ddbb974a perform domain name check on the peer certificate 2019-08-13 09:55:28 -07:00
Ralf Schlatterbeck 63c6c47165 Fixes for 16-bit systems 
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
 2019-08-10 18:27:29 +02:00
Sean Parkinson dd48c825ed Constant compare the HMAC result when using NULL cipher and TLS 1.3 2019-08-09 11:50:07 -06:00
Tesfa Mael 4bff2b6bef Fixed valgrind issue 2019-08-06 15:49:36 -07:00
Tesfa Mael 1371fc8327 Review comments 2019-08-06 13:23:18 -07:00
Tesfa Mael c1938969aa Convert to pointer to pass static memory 2019-08-06 10:47:30 -07:00
Tesfa Mael 000c38ae1f Use wolfSSL_PKCS7_free, not wc_PKCS7_Free 2019-08-06 07:46:57 -07:00
Tesfa Mael f5f5947616 New OpenSSL compatible APIs: 
wolfSSL_PEM_write_bio_PKCS7
wolfSSL_PKCS7_SIGNED_new
wolfSSL_X509_subject_name_hash
wolfSSL_CTX_use_PrivateKey_ASN1
wolfSSL_get0_param
wolfSSL_X509_VERIFY_PARAM_set1_host
 2019-08-05 17:35:37 -07:00
toddouska c34657b20f Merge pull request #2390 from dgarske/altname 
Fix for scan-build warning with altName->name possible use of NULL
 2019-08-02 15:49:13 -07:00
toddouska 31461dbfb5 Merge pull request #2373 from dgarske/mpint 
Improvements to atoi, mp_int allocations and STSAFE-A100 error handling
 2019-08-02 15:43:20 -07:00
toddouska da6fa384d4 Merge pull request #2273 from danielinux/Riot-OS-GNRC 
RIOT-OS support with GNRC TCP/IP sockets
 2019-08-02 15:42:11 -07:00
Sean Parkinson 51dfc35aac TLS 1.3 and Integrity-only ciphersuites 2019-08-02 11:00:18 +10:00
David Garske fb8fc4d800 Fix for scan-build warning with altName->name possible use of NULL pointer. 2019-08-01 11:54:28 -07:00
toddouska 4f0fd2c2f9 Merge pull request #2302 from SparkiDev/ecc_pubkey_check 
Add checks of public key for ECC and curve25519
 2019-08-01 11:50:02 -07:00
Daniele Lacamera 34b2d257cd [RIOT-OS/GNRC] Renamed GNRC callback functions 2019-08-01 15:50:16 +02:00
Daniele Lacamera e77161ae9a Riot-OS/GNRC support: reworked after reviewers' comments 2019-08-01 15:50:16 +02:00
Daniele Lacamera 1db036eb75 RIOT-OS support with GNRC UDP/IP sockets 2019-08-01 15:50:16 +02:00