wolfssl

mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 22:59:55 +01:00

Author	SHA1	Message	Date
Juliusz Sosinowicz	ff7b8d3715	Don't attempt TLS 1.3 if server options disable it	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	2e2beb279d	WIP	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	8e62bf2588	Pass libest estclient_simple example	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	aaba7ed286	OpenSSL Compat layer Implement/stub: - wolfSSL_X509V3_EXT_add_nconf - wolfSSL_EVP_PKEY_copy_parameters	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	ff2574b3cb	OpenSSL Compat layer Implment/stub: - wolfSSL_X509_NAME_delete_entry - wolfSSL_X509_get_ext_by_OBJ - wolfSSL_a2i_ASN1_INTEGER - X509V3_parse_list - wolfSSL_TXT_DB_write - wolfSSL_TXT_DB_insert - wolfSSL_EVP_PKEY_get_default_digest_nid	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	753a3babc8	OpenSSL Compat layer Implement/stub: - wolfSSL_NCONF_get_number - wolfSSL_EVP_PKEY_CTX_ctrl_str - wolfSSL_PKCS12_verify_mac - wc_PKCS12_verify_ex - wolfSSL_BIO_new_fd - wolfSSL_X509_sign_ctx - wolfSSL_ASN1_STRING_cmp - wolfSSL_ASN1_TIME_set_string - X509V3_EXT_add_nconf - X509V3_set_nconf Implement TXT_DB functionality: - wolfSSL_TXT_DB_read - wolfSSL_TXT_DB_free - wolfSSL_TXT_DB_create_index - wolfSSL_TXT_DB_get_by_index	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	e7f1d39456	OpenSSL Compat layer Implement WOLFSSL_CONF_VALUE: - wolfSSL_CONF_VALUE_new - wolfSSL_CONF_VALUE_new_values - wolfSSL_CONF_add_string - wolfSSL_X509V3_conf_free - wolfSSL_sk_CONF_VALUE_push - wolfSSL_NCONF_load - wolfSSL_NCONF_free - wolfSSL_CONF_new_section - wolfSSL_CONF_get_section Implment some buffer functions - wolfSSL_strlcat - wolfSSL_strlcpy	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	42d4f35a98	Implement OpenSSL Compat API: - Implement lhash as a stack with hash members - wolfSSL_lh_retrieve - wolfSSL_LH_strhash - IMPLEMENT_LHASH_COMP_FN - IMPLEMENT_LHASH_HASH_FN - wolfSSL_sk_CONF_VALUE_new - wolfSSL_sk_CONF_VALUE_free - wolfSSL_sk_CONF_VALUE_num - wolfSSL_sk_CONF_VALUE_value - wolfSSL_NCONF_new - wolfSSL_NCONF_get_string - wolfSSL_NCONF_get_section - wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve - wolfSSL_CONF_modules_load	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	be98404b3b	Implement wolfSSL_X509_REQ_verify	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	4aa30d0bde	Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 - wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain - Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO - Refactor X509 and X509_REQ functions to reuse similar code - X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER - Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d - Add test_wolfSSL_d2i_X509_REQ	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	1a50d8e028	WIP - wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now - Save the last Finished messages sent or received in the WOLFSSL struct - Implement wolfSSL_CTX_set_max_proto_version - wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	a7ec58003e	PKCS7 changes - Allow PKCS7_EncodeSigned to be called with a zero content length - wc_HashUpdate now doesn't error out on zero length data - First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it - wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	85b1196b08	Implement/stub: - X509_REQ_print_fp - X509_print_fp - DHparams_dup	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	728f4ce892	Implement/stub: - wc_DhKeyCopy - SSL_CTX_set_srp_strength - SSL_get_srp_username - X509_REQ_get_attr_by_NID - X509_REQ_get_attr - X509_ATTRIBUTE - wolfSSL_DH_dup Add srp.h file with SRP_MINIMAL_N	2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz	b52e11d3d4	Implement/stub the following: - X509_get0_extensions - X509_to_X509_REQ - i2d_X509_REQ_bio - X509v3_get_ext_count - i2d_PKCS7_bio Additional changes: - Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values - wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData	2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz	3721d80e84	Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT - I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub. - More configure.ac flags added to libest option	2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz	1e26238f49	Implement/stub the following functions: - X509_REQ_sign_ctx - X509_REQ_get_subject_name - X509_REQ_set_version - X509_NAME_print_ex_fp - X509_STORE_CTX_get0_parent_ctx - wolfSSL_PKCS7_encode_certs Add cms.h file to avoid including the OpenSSL version.	2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz	777bdb28bc	Implement/stub the following: - `NID_pkcs9_challengePassword` - added - `wolfSSL_OPENSSL_cleanse` - implemented - `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed - `wolfSSL_c2i_ASN1_OBJECT` - stubbed	2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz	7bd0b2eb44	Implement ASN1_get_object	2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz	a9d502ef85	Add `--enable-libest` option to configure.ac Refactoring and adding defines for functions	2020-12-17 14:26:30 +01:00
toddouska	b4fddf3f24	Merge pull request #3572 from dgarske/zd11381 Fix for `wc_SetAltNamesBuffer`	2020-12-16 15:33:12 -08:00
Chris Conlon	7e1a066963	Merge pull request #3555 from kojo1/doc-PSS_Sign-Verify Doc wc_RsaPSS_Sign/Verify/CheckPadding	2020-12-16 15:18:24 -07:00
David Garske	51c3f87811	Fix for `wc_SetAltNamesBuffer` broken in PR #2728 . The `SetAltNames` was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in `SetAltNamesFromDcert` to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381	2020-12-16 12:28:28 -08:00
toddouska	5f30727b32	Merge pull request #3531 from vppillai/patch-1 support TNGTLS certificate loading for Harmony3	2020-12-16 09:21:28 -08:00
toddouska	7f20b97927	Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 cppcheck: fixes	2020-12-16 09:04:59 -08:00
toddouska	cee91c91f5	Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 Changes for Nginx 1.7.7	2020-12-16 09:01:27 -08:00
toddouska	b0464c93e2	Merge pull request #3542 from SparkiDev/sp_mod_odd SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops	2020-12-16 08:51:10 -08:00
Vysakh P Pillai	3063264f00	formatting updates	2020-12-16 18:05:58 +05:30
Vysakh P Pillai	63f8fbe92f	update formatting	2020-12-16 17:59:36 +05:30
Sean Parkinson	6dc06993bf	SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops	2020-12-16 21:49:09 +10:00
Sean Parkinson	75c062a298	cppcheck: fixes	2020-12-16 17:28:20 +10:00
Takashi Kojo	010c8db54e	duplicated \ingroup, missing closing comment	2020-12-16 08:52:12 +09:00
Sean Parkinson	922ca916a9	Merge pull request #3554 from ejohnstown/psk-fix PSK Alert	2020-12-16 09:40:04 +10:00
toddouska	bab2f55661	Merge pull request #3563 from SparkiDev/base64_cr Base64: Cache attack resistant decode	2020-12-15 15:16:09 -08:00
Daniel Pouzzner	7f44247954	Merge pull request #3567 from SparkiDev/sp_math_fix SP math all: fixes for different compilers and configs	2020-12-15 15:37:25 -06:00
Juliusz Sosinowicz	575f4ba140	Nginx 1.7.7 changes - Push error when decryption fails - If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter - Make wolfSSL_PEM_read_bio_DHparams available with FIPS	2020-12-15 19:32:55 +01:00
toddouska	38a11368e0	Merge pull request #3557 from JacobBarthelmeh/Cert-Report2 Strict alt names check with DIR name constraint	2020-12-15 08:51:55 -08:00
toddouska	f362c6ecf5	Merge pull request #3562 from SparkiDev/session_mutex SESSION mutex: copying a session overwrote mutex	2020-12-15 08:50:57 -08:00
Vysakh P Pillai	aa2e02807d	Avoid conversions to PEM and register DER certificate chain	2020-12-15 16:15:36 +05:30
Sean Parkinson	356b419532	SP math all: fixes for different compilers and configs	2020-12-15 17:37:59 +10:00
Sean Parkinson	972d6cfefc	Base64: Cache attack resistant decode	2020-12-15 17:22:02 +10:00
Sean Parkinson	52f63ca44b	SESSION mutex: copying a session overwrote mutex New session creation function, NewSession, that doesn't initialize mutex. Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(), initialize the mutex.	2020-12-15 17:20:40 +10:00
Sean Parkinson	65d0cc62fd	Merge pull request #3566 from douzzer/STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK-decl-order C89 decl order in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK()	2020-12-15 17:01:22 +10:00
Daniel Pouzzner	87e5b55033	don't special case get_digit_count for SP, i.e. eliminate sp_get_digit_count(), to fix -Waddress in sp_get_digit_count macro use in api.c:test_get_digit_count() (sp_get_digit_count() was a non-inline function before commit `91d23d3f5a` (sp-math-all)).	2020-12-14 20:14:39 -06:00
John Safranek	123c713658	Key Change Move the setting of the key in the handshake from right before sending the finished message to between building change cipher spec and sending it. This way there won't be any opportunity to send a message after the change cipher spec that won't be encrypted.	2020-12-14 18:13:26 -08:00
John Safranek	f8e674e45d	PSK Alert When the server cannot match the client's identity, the server sends a unknown_psk_identity alert to the client.	2020-12-14 17:56:19 -08:00
toddouska	7fe24daf6c	Merge pull request #3561 from dgarske/st_cube_rel ST Cube Pack Fixes	2020-12-14 16:20:18 -08:00
toddouska	3f6a444bef	Merge pull request #3564 from SparkiDev/tls13_add_sess TLS 1.3: Don't add a session without a ticket	2020-12-14 16:09:52 -08:00
toddouska	43182b9389	Merge pull request #3548 from gstrauss/HAVE_SNI put all SNI code behind simpler preprocessor directive HAVE_SNI	2020-12-14 16:08:53 -08:00
Daniel Pouzzner	70808647ef	move decl of _ret to top in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), for C89 happiness.	2020-12-14 17:50:28 -06:00

1 2 3 4 5 ...

13001 Commits