WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
12,994 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

12994 Commits (42d4f35a982ee5b88f0739045d99819532345ee7)

Author SHA1 Message Date
Juliusz Sosinowicz 42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz a9d502ef85 Add `--enable-libest` option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
toddouska b4fddf3f24
Merge pull request #3572 from dgarske/zd11381 
Fix for `wc_SetAltNamesBuffer`
 2020-12-16 15:33:12 -08:00
Chris Conlon 7e1a066963
Merge pull request #3555 from kojo1/doc-PSS_Sign-Verify 
Doc wc_RsaPSS_Sign/Verify/CheckPadding
 2020-12-16 15:18:24 -07:00
David Garske 51c3f87811 Fix for `wc_SetAltNamesBuffer` broken in PR #2728. The `SetAltNames` was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in `SetAltNamesFromDcert` to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381 2020-12-16 12:28:28 -08:00
toddouska 5f30727b32
Merge pull request #3531 from vppillai/patch-1 
support TNGTLS certificate loading for Harmony3
 2020-12-16 09:21:28 -08:00
toddouska 7f20b97927
Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 
cppcheck: fixes
 2020-12-16 09:04:59 -08:00
toddouska cee91c91f5
Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 
Changes for Nginx 1.7.7
 2020-12-16 09:01:27 -08:00
toddouska b0464c93e2
Merge pull request #3542 from SparkiDev/sp_mod_odd 
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
 2020-12-16 08:51:10 -08:00
Vysakh P Pillai 3063264f00
formatting updates 2020-12-16 18:05:58 +05:30
Vysakh P Pillai 63f8fbe92f
update formatting 2020-12-16 17:59:36 +05:30
Sean Parkinson 6dc06993bf SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops 2020-12-16 21:49:09 +10:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
Takashi Kojo 010c8db54e duplicated \ingroup, missing closing comment 2020-12-16 08:52:12 +09:00
Sean Parkinson 922ca916a9
Merge pull request #3554 from ejohnstown/psk-fix 
PSK Alert
 2020-12-16 09:40:04 +10:00
toddouska bab2f55661
Merge pull request #3563 from SparkiDev/base64_cr 
Base64: Cache attack resistant decode
 2020-12-15 15:16:09 -08:00
Daniel Pouzzner 7f44247954
Merge pull request #3567 from SparkiDev/sp_math_fix 
SP math all: fixes for different compilers and configs
 2020-12-15 15:37:25 -06:00
Juliusz Sosinowicz 575f4ba140 Nginx 1.7.7 changes 
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
 2020-12-15 19:32:55 +01:00
toddouska 38a11368e0
Merge pull request #3557 from JacobBarthelmeh/Cert-Report2 
Strict alt names check with DIR name constraint
 2020-12-15 08:51:55 -08:00
toddouska f362c6ecf5
Merge pull request #3562 from SparkiDev/session_mutex 
SESSION mutex: copying a session overwrote mutex
 2020-12-15 08:50:57 -08:00
Vysakh P Pillai aa2e02807d
Avoid conversions to PEM and register DER certificate chain 2020-12-15 16:15:36 +05:30
Sean Parkinson 356b419532 SP math all: fixes for different compilers and configs 2020-12-15 17:37:59 +10:00
Sean Parkinson 972d6cfefc Base64: Cache attack resistant decode 2020-12-15 17:22:02 +10:00
Sean Parkinson 52f63ca44b SESSION mutex: copying a session overwrote mutex 
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
 2020-12-15 17:20:40 +10:00
Sean Parkinson 65d0cc62fd
Merge pull request #3566 from douzzer/STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK-decl-order 
C89 decl order in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK()
 2020-12-15 17:01:22 +10:00
Daniel Pouzzner 87e5b55033 don't special case get_digit_count for SP, i.e. eliminate sp_get_digit_count(), to fix -Waddress in sp_get_digit_count macro use in api.c:test_get_digit_count() (sp_get_digit_count() was a non-inline function before commit 91d23d3f5a (sp-math-all)). 2020-12-14 20:14:39 -06:00
John Safranek 123c713658
Key Change 
Move the setting of the key in the handshake from right before
sending the finished message to between building change cipher spec
and sending it. This way there won't be any opportunity to send a
message after the change cipher spec that won't be encrypted.
 2020-12-14 18:13:26 -08:00
John Safranek f8e674e45d
PSK Alert 
When the server cannot match the client's identity, the server sends a unknown_psk_identity alert to the client.
 2020-12-14 17:56:19 -08:00
toddouska 7fe24daf6c
Merge pull request #3561 from dgarske/st_cube_rel 
ST Cube Pack Fixes
 2020-12-14 16:20:18 -08:00
toddouska 3f6a444bef
Merge pull request #3564 from SparkiDev/tls13_add_sess 
TLS 1.3: Don't add a session without a ticket
 2020-12-14 16:09:52 -08:00
toddouska 43182b9389
Merge pull request #3548 from gstrauss/HAVE_SNI 
put all SNI code behind simpler preprocessor directive HAVE_SNI
 2020-12-14 16:08:53 -08:00
Daniel Pouzzner 70808647ef move decl of _ret to top in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), for C89 happiness. 2020-12-14 17:50:28 -06:00
toddouska bd871280d7
Merge pull request #3497 from elms/erf32/se_acceleration 
ERF32: HW acceleration
 2020-12-14 15:43:15 -08:00
toddouska 56e2c0e268
Merge pull request #3534 from douzzer/linuxkm-cryptonly 
--enable-linuxkm --enable-cryptonly
 2020-12-14 15:14:54 -08:00
David Garske 428c6b4301
Merge pull request #3523 from SparkiDev/pkcs11_fixes_2 
Pkcs11 fixes 2
 2020-12-14 14:09:26 -08:00
David Garske 032b289835
Merge pull request #3559 from tmael/cc310_ecc_k 
Fix Cryptocell ecc build err
 2020-12-14 10:50:30 -08:00
Sean Parkinson fb5b415e83 TLS 1.3: Don't add a session without a ticket 
TLS 1.3 doesn't support resumption with PSK (session ticket or with the
PSK callback).
 2020-12-14 14:03:31 +10:00
David Garske 337e95e52b Fix for AES GCM with hardware crypto and missing `wc_AesSetKeyLocal`. Broken in PR #3388. 2020-12-13 13:59:30 -08:00
David Garske 757c07801a Updates to v4.5.1. 2020-12-13 13:59:30 -08:00