mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,663 Commits 5 Branches 160 Tags 767 MiB
Commit Graph

298 Commits

Author SHA1 Message Date
TakayukiMatsuo 174f0b2ebc Apdate Japanese API comments to match them in PR6506 2023-08-20 15:25:33 +09:00
JacobBarthelmeh cc4e327316
Merge pull request #6544 from TakayukiMatsuo/rpk 
Add support for raw-public-key
 2023-08-17 09:23:18 -06:00
Hideki Miyazaki d3d131d08d
Merge pull request #6663 from TakayukiMatsuo/jp6417 
Update Japanese API comments
 2023-08-12 08:05:41 +09:00
TakayukiMatsuo 3a5739a8fa Add support for raw-public-key 2023-08-11 11:29:15 +09:00
TakayukiMatsuo 9f6d48891a Update Japanese API comments 2023-08-08 13:29:46 +09:00
TakayukiMatsuo f35173b1a6 Update Japanese API comments 2023-08-03 09:47:19 +09:00
Dimitri Papadopoulos 6d9c85a762
Fix typos found by codespell 2023-07-27 23:38:44 +02:00
JacobBarthelmeh 1285ae7816
Merge pull request #6506 from DimitriPapadopoulos/codespell 
Fix typos found by codespell
 2023-07-24 10:34:29 -06:00
TakayukiMatsuo 477e65e07a
Merge pull request #6626 from TakayukiMatsuo/jp6414 
Update Japanese API comments
 2023-07-21 12:33:29 +09:00
dell5060 56a34b0be2 Updated Documentation to Include support OS-dependant CA certfications stores it supports for the api: wolfSSL_CTX_load_system_CA_certs 2023-07-17 13:06:29 -06:00
TakayukiMatsuo c55c1dd0e4 Update Japanese API comments 2023-07-17 18:28:42 +09:00
Dimitri Papadopoulos 50752f5a2b
Fix typos found by codespell 2023-07-04 07:21:27 +02:00
kaleb-himes 6d85d09b0b Update error return(s) for wc_RsaPSS_Verify 2023-06-05 09:22:08 -06:00
Kareem 6cb2c84f12 Update AES documentation to clarify block size requirement. Fix parameter ordering in wc_ChaCha20Poly1305_Decrypt documentation. 2023-05-16 14:31:51 -07:00
Eric Blankenhorn 494febb3fb Documentation for wolfSSL_CertManagerFreeCRL 2023-05-16 09:44:00 -05:00
Sean Parkinson 9cdee20a7d ASN.1 print: implementation to parse and print added 
New API to parse and print DER/BER data from a buffer.
Add an example to parse DER, Base64 and PEM files and print out ASN.1 items.
 2023-05-04 09:57:44 +10:00
TakayukiMatsuo 59472312a5 Fix example code in wolfSSL_get_chain_X509 2023-04-27 17:51:10 +09:00
TakayukiMatsuo ead8d9784b Update Japanese comments 2023-04-26 18:20:51 +09:00
Anthony Hu 3e58e47856 Documentation fixup for wolfSSL_get_chain_cert(); 2023-04-05 15:12:43 -04:00
Juliusz Sosinowicz 027c8ed926 Add missing semicolon 2023-04-04 16:59:28 +02:00
kaleb-himes 9c1adbd83b Fix typo's in the code sample(s) 2023-03-13 14:56:46 -06:00
kaleb-himes 5bbdda6895 Document use of wc_AesFree() 2023-03-13 11:50:28 -06:00
Sean Parkinson 695aa2e6a0 Ed25519 doxygen update 
Fix return comments to match code.
 2023-02-24 08:54:16 +10:00
Anthony Hu 9be01633d1 Move the wolfSSL Configuration section higher in QUIC.md because it is the first step. 2023-01-20 09:49:18 -05:00
Chris Conlon a2b6c5dd1e remove incomplete doxygen in JP asn_public.h 2022-12-27 14:46:38 -07:00
Takashi Kojo 5ff8bec975 add Doxygen cmac.h, quic.h 2022-12-20 17:44:52 +09:00
Stefan Eissing e5cfd96609 QUIC API support in OpenSSL compat layer, as needed by HAProxy integration. 
- adding patch for HAProxy, see dod/QUIC.md, based on current master.
      For documentaton purposes, since HAProxy does not accept PRs. To be
      removed once forwarded to the project.
 2022-12-01 10:12:35 +01:00
David Garske d42f8e0834
Merge pull request #5600 from embhorn/zd14858 
Add reference to wc_AesInit in Gmac API doc
 2022-11-07 17:44:35 -08:00
Anthony Tatowicz 92c7faafb7 Doc typo fix 2022-10-20 17:17:24 -05:00
Stefan Eissing 9726d1f6eb Allowing use of SSL/CTX_set_max_early_data() for client side. 
- updating english doc and test cases
 2022-10-18 10:40:18 +02:00
Hayden Roche b50a786cb2 Add support for wolfSSL_CTX_load_system_CA_certs on Windows and Mac. 
Additionally, fix CMake build to add WOLFSSL_X86_64_BUILD when building for
x86_64.
 2022-10-06 17:12:21 -07:00
Hayden Roche 8cae05348c Add a function to load system CA certs into a WOLFSSL_CTX. 
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.

This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.

Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
 2022-09-28 08:50:46 -07:00
Eric Blankenhorn fa30ab37b3 Add reference to wc_AesInit in Gmac API doc 2022-09-16 15:54:32 -05:00
David Garske 4a8a11315b
Merge pull request #5536 from SparkiDev/sha3_x64 
SHA-3 improvements
 2022-09-02 09:46:14 -07:00
Marco Oliverio edd723cc84 ssl: add new wolfSSL_disable_hrr_cookie() API to disable hrr cookie 
Add a way to disable hrr cookie so it can be enabled by default for DTLS
connections.
 2022-09-01 09:37:34 +02:00
Sean Parkinson ce8959ea77 SHA-3 improvements 
Add x86_64 assembly code:
  - BMI2
  - AVX2 (using ymm, slower than BMI2)
  - AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
 2022-09-01 17:11:58 +10:00
Anthony Hu b1e9cc320b Add documentation telling the user not to modify a buffer. 2022-08-26 14:27:27 -04:00
Uriah-wolfSSL 7ea904c873
Added CertNew() and CertFree() info. (#5502) 
* Updated wc_CertNew() dox for the return value listings, small changes to
description and add some detail to the example per peer review.
 2022-08-24 13:09:50 -04:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
David Garske c7c6fd98d7
Merge pull request #5491 from icing/quic-doc-update 
Update of the QUIC documentation
 2022-08-22 12:00:12 -07:00
David Garske d50e740c97
Merge pull request #5488 from julek-wolfssl/get_ex_new_index-docs 
Add documentation explaining get_ex_new_index API limitations
 2022-08-22 09:51:36 -07:00
Stefan Eissing 240c261772 Update of the QUIC documentation 
- explain what the QUIC support is
- examples of ngtcp2 use
- what is needed for HTTP/3
 2022-08-22 14:36:14 +02:00
Juliusz Sosinowicz 8b2fcd0643 Add documentation explaining get_ex_new_index API limitations 2022-08-22 12:16:51 +02:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
David Garske 5445b183ed Adding CMAC documentation. Fixes ZD14601. 2022-08-11 12:00:19 -07:00
David Garske fef84e2c4c Fixes for asn_public.h documentation. Fix spelling error. 2022-08-11 08:58:32 -07:00
Sean Parkinson dd2a6410d1
Merge pull request #5454 from dgarske/docs_hashtype 
Improve the documentation for HMAC hash types
 2022-08-11 16:50:55 +10:00
David Garske c707186b9f Improve the documentation for HMAC hash types. 2022-08-10 09:23:01 -07:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
David Garske c5e7ccca2c
Merge pull request #5380 from danielinux/typo-doc 
Fixed typo in dox_comments
 2022-07-21 11:52:56 -07:00
Daniele Lacamera a18b1939ac Fixed typo in dox_comments 2022-07-21 10:19:51 +02:00
David Garske c029b23043
Merge pull request #5308 from SparkiDev/ecies_gen_iv 
ECIES: Google Pay generates IV and places it before msg
 2022-07-20 06:46:14 -07:00
Sean Parkinson 09bba3510f ECIES: Google Pay ECIES 
Generates IV and places it before msg
Uses 12 byte IV with AES-CTR
Add API to explicitly set KDF salt.
 2022-07-20 09:30:47 +10:00
David Garske b2d1bf96ed
Merge pull request #5276 from rizlik/dtls13_client_downgrade 
Dtls: improve version negotiation
 2022-07-06 11:57:53 -07:00
David Garske a7fa7875e4
Merge pull request #5244 from julek-wolfssl/wpas-dpp 
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
 2022-07-06 11:35:52 -07:00
David Garske a171bebba4 Fix the `wc_EccPublicKeyToDer_ex` doxy. 2022-07-06 07:58:18 -07:00
Marco Oliverio 3abffc3a3c doc: add documentation for wolfDTLS[v1_3]_*_method() 2022-07-06 16:18:44 +02:00
Juliusz Sosinowicz 39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00
John Safranek ded3f4e9b6
Merge pull request #5284 from julek-wolfssl/dtls-good-ch-cb 
DTLS 1.3: additions for event driven server in wolfssl-examples
 2022-07-05 10:14:59 -07:00
Juliusz Sosinowicz 9dc2c27e3d Expand wolfDTLS_SetChGoodCb() docs 2022-07-04 14:31:24 +02:00
David Garske 00391a5ace Rename callback to `wolfDTLS_SetChGoodCb` and add doxygen for it. Clarify `DTLS_CTX.connected`. Fix build errors for `./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER"`. 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz e605cfeccb Add docs for new features 2022-07-04 11:08:39 +02:00
Sean Parkinson 2c943282f0 Ed25519/Ed448: assume public key is not trusted 
In defense against attack, assume the imported public key is not trusted
and check it matches the private key if set.
Added APIs that allow application to explicitly trust public key.
Original APIs default to not trusting public key.
 2022-07-01 09:05:43 -07:00
Takashi Kojo 8f68e32ef1 initial tranlation of API headers in JA 2022-06-16 08:24:18 +09:00
Marco Oliverio ca05ad2dc0 dtls13: introduce wolfSSL_dtls_13_has_pending_msg() API 2022-06-15 10:46:43 -07:00
Marco Oliverio d1924928c0 dtls13: support retransmission 
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.

* Retransmission

Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.

* ACK

For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
 2022-06-15 10:46:43 -07:00
David Garske afc63a3bfa
Merge pull request #5199 from embhorn/zd12999 
Add doc for wolfSSL_dtls_retransmit
 2022-06-10 10:57:17 -07:00
Eric Blankenhorn 2543970419 Add doc for wolfSSL_dtls_retransmit 2022-06-01 12:03:36 -05:00
Sean Parkinson be743b2204 TLS 1.3: send ticket 
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
 2022-06-01 10:36:01 +10:00
Eric Blankenhorn ab6dc8d669 Add ability to set ECC Sign userCTX using WOLFSSL_CTX 2022-04-11 08:41:27 -05:00
Andrew Hutchings 5ea9d11295 Minor documentation cleanup 
Fixes two things across all the Doxygen:

1. Remove WOLFSSL_API from each definition
2. Add missing parameter names from functions
 2022-04-06 16:17:36 +01:00
Anthony Hu 211007fb44 WOLFSSL_ASN_API ---> WOLFSSL_API 2022-04-01 15:24:40 -04:00
Anthony Hu edea6428d9 Add new public API wc_CheckCertSigPubKey() 2022-04-01 11:40:25 -04:00
Eric Blankenhorn ea38e1aab5 Add wolfSSL_CTX_SetCertCbCtx to set user context for CB 2022-03-30 12:27:11 -05:00
Anthony Hu 1bc71da1df Correction about AES using IV in docs 2022-03-23 13:35:13 -04:00
Juliusz Sosinowicz 1fd090d094 Update `wolfSSL_get_session` docs 
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
 2022-03-17 12:56:28 +01:00
Sean Parkinson 6b7f0d4ee7
Merge pull request #4905 from anhu/custom_ext_parse 
Injection and parsing of custom extensions in X.509 certificates.
 2022-03-10 10:39:05 +10:00
Daniel Pouzzner c9a7393923 fixes for shell script errors detected by shellcheck --severity=error. 2022-03-08 12:51:48 -06:00
Anthony Hu 0a1c052c40 doxygen for wc_SetCustomExtension() 2022-03-04 16:24:27 -05:00
Anthony Hu 806cd4fbba doxygen for myUnknownExtCallback() 2022-03-04 15:32:11 -05:00
Juliusz Sosinowicz 91b08fb691 Allocate `ssl->session` separately on the heap 
- Refactor session cache access into `AddSessionToCache` and `wolfSSL_GetSessionFromCache`
 2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 4f8ffc4586 wolfSSL_get_error may return SSL_ERROR_NONE on ret <= 0 
Fix docs mismatch reported in https://github.com/wolfSSL/wolfssl/issues/4854
 2022-02-11 12:37:12 +01:00
David Garske d1267b5203
Merge pull request #4805 from SparkiDev/ecies_aes_ctr 
ECIES: add support for more encryption algorithms
 2022-02-10 07:04:24 -08:00
Sean Parkinson e50f661639 ECIES: add support for more encryption algorithms 
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
 2022-02-10 09:54:22 +10:00
Marco Oliverio b8635efda7 psa: add README.md and doxygen header 2022-02-04 21:45:38 +01:00
David Garske 99799a3e3e
Merge pull request #4806 from anhu/kill_idea 
Purge IDEA cipher
 2022-02-01 12:27:55 -08:00
Hayden Roche 24a2ed7e9e
Merge pull request #4780 from dgarske/ipsec_racoon 2022-01-31 15:10:58 -08:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
David Garske 80ae237852 Fixes for building with ipsec-tools/racoon and openvpn: 
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
 2022-01-28 09:21:03 -08:00
Sean Parkinson b890a2f15d ECIES: allow compressed public keys 
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
 2022-01-27 12:10:59 +10:00
Daniel Pouzzner a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
David Garske 609d6442b1
Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Sean Parkinson a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Hayden Roche 62b07d8806 Add AES-SIV (RFC 5297). 
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
 2022-01-19 14:32:33 -08:00
David Garske 7adbf59f22
Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
Sean Parkinson e745de657f
Merge pull request #4761 from haydenroche5/time_cb 
Add time callback functionality.
 2022-01-18 16:49:19 +10:00
JacobBarthelmeh 84b06ac1b6
Merge pull request #4730 from embhorn/zd13475 
Document wc_AesCfbEncrypt and wc_AesCfbDecrypt
 2022-01-17 19:45:45 -07:00
Hayden Roche 1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00