mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,238 Commits 5 Branches 162 Tags 807 MiB
4b47bf7b4e
Commit Graph

1008 Commits

Author SHA1 Message Date
David Garske
4b47bf7b4e
Merge pull request #3090 from lechner/utf8 
Convert a header file to UTF-8 encoding.
 2021-01-21 16:32:27 -08:00
David Garske
7b8fa42ae1 Fix for bad pre-processor logic. Some compilers are unhappy with the #sslpro even in a block of code not used! 2020-09-08 13:12:11 -07:00
Felix Lechner
24e10bf4ab Convert a header file to UTF-8 encoding. 
The file contained characters from the ISO 8859-1 legacy text
encoding. This commit onverts the file to UTF-8.
 2020-06-30 11:14:52 -07:00
Sean Parkinson
2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
Chris Conlon
45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn
b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
John Safranek
037c319bab
Find CRL Signer By AuthKeyId 
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
 2019-12-17 15:33:39 -08:00
David Garske
fb8d2d4b2f Fix to restore notBefore/notAfter functions that were removed in PR #2462. These are not openssl compatibility functions, but are used by JSSE. 2019-10-17 13:02:00 -07:00
David Garske
872d222b59 * Adds the following openssl compatibility API's: 
- SSL_CIPHER_get_id
  - SSL_CIPHER_get_rfc_name
  - SSL_get_cipher_by_value
  - X509_print_ex
  - X509_NAME_add_entry_by_NID
  - X509_time_adj
  - X509_time_adj_ex
  - DTLSv1_get_timeout
  - DTLSv1_handle_timeout
  - DTLSv1_set_initial_timeout_duration
  - SSL_CTX_set_current_time_cb
  - PEM_write_bio_RSA_PUBKEY
  - PEM_read_bio_RSA_PUBKEY
  - PEM_write_bio_PUBKEY
  - EVP_PKEY_missing_parameters
  - EVP_PKEY_cmp
  - BN_is_negative
  - BIO_set_retry_write
* Improvements to the notBefore and notAfter date handling.
* Improvements to BIO and BIO_METHOD
  - Moved structure to public area to allow for dereferencing
  - Renamed members to provide compatibility.
  - Added support for custom BIO methods for read/write.
* Added advanced openssl compatibility test cases for key and certificate generation.
* Fix for `ASN1_STRING_set` to allow NULL data.
* Fix to populate public key information on `EVP_PKEY_assign_RSA` and `EVP_PKEY_assign_EC_KEY`.
* Fix naming for `X509_get_notBefore` and `X509_get_notAfter` functions.
* Added `wc_EccPublicKeyDerSize`.
* Improvements to `wc_RsaPublicKeyDerSize`, so dummy memory doesn't have to be allocated.
* Made the `wc_*PublicKeyDerSize` functions public.
* Eliminate use of snprintf for UTC to generalized time conversion in `wolfSSL_ASN1_TIME_to_generalizedtime`.
 2019-09-26 08:42:35 -07:00
David Garske
51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
John Safranek
246c444b93 Updates for v4.0.0 
Update the copyright dates on all the source files to the current year.
 2019-03-15 10:37:36 -07:00
Todd Ouska
f7c0a77c9c reomved outdated submission note 2019-01-21 09:14:58 -08:00
David Garske
45cd80b4b7 Fix define check of NO_CERT to be NO_CERTS. 2019-01-11 21:10:07 -08:00
David Garske
53af520911 Fix to resolve issue with PIC32MZ crypto hardware (AES/DES3 only) where an unaligned input/output buffer was not handled correctly. This results in a BUFFER_E. This was seen with DTLS v1.0 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite. Fix is to allocate a dynamic buffer from heap if the input/output are not aligned. Tested and verified with a PIC32MZ2048EFM144 and the wolfssl_udp_client example for Harmony using DTLS v1.0 and the setudppacketoptions 192.168.0.107 11111 hello -> sendudppacket commands. Cleanups in older ctoacrypt/settings.h for PIC32MZ. 2018-08-22 13:39:03 -07:00
John Safranek
b1ed852f36 Fix TCP with Timeout 
wolfSSL remains agnostic to network socket behavior be it blocking or non-blocking. The non-blocking flag was meant for the default EmbedRecvFrom() callback for use with UDP to assist the timing of the handshake.

1. Deprecate wolfSSL_set_using_nonblock() and wolfSSL_get_using_nonblock() for use with TLS sockets. They become don't-cares when used with TLS sessions.
2. Added functions wolfSSL_dtls_set_using_nonblock() and wolfSSL_dtls_get_using_nonblock().
3. Removed a test case from EmbedReceive() that only applied to UDP.
4. Removed the checks for non-blocking sockets from EmbedReceive().
5. Socket timeouts only apply to DTLS sessions.
 2018-05-23 11:29:16 -07:00
David Garske
a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske
e564c973b6 Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter. 2018-03-21 16:08:55 -07:00
John Safranek
a784142edf RSA Update 
1. Added FIPS wrappers for MakeRsaKey(), CheckProbablePrime(), and RsaFlattenPublicKey().
2. Update the API test so that it used appropriate key and message sizes for the RSA testing.
3. Add function to get all parts of a flattened RSA key.
 2018-01-10 11:29:01 -08:00
David Garske
54c663ed49 Added new API wolfSSL_GetVersion to get version as wolfSSL value which can be passed into wolfSSL_SetVersion. Fixed duplicate CyaSSL_CTX_use_PrivateKey_buffer define. Added TLS1.3 to wolfSSL_SetVersion. 2017-11-10 11:13:48 -08:00
David Garske
911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
Jacob Barthelmeh
3763b88397 rename the file io.h to wolfio.h 2017-09-20 10:53:11 -06:00
David Garske
e98a0465ae tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled. 2017-03-13 09:48:55 -07:00
Nickolas Lapp
2ef4525d4d Changes to bring wolfssl up to date with stunnel 5.40 2017-02-22 11:15:59 -07:00
David Garske
a2dc01413c For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent. 2016-11-29 13:29:19 -08:00
Sean Parkinson
9e81261f1e Fixes 2016-11-11 16:11:16 +10:00
kaleb-himes
4214f52d77 addition to previous customer request 2016-09-19 16:01:24 -06:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
Jacob Barthelmeh
85a9c55048 fix c89 build on windows 2016-04-06 11:16:40 -06:00
Jacob Barthelmeh
e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
David Garske
2e0d05f727 Fixes issues with new IDE/WIN/user_settings.h and FIPS. Fixed issue with using CYASSL_USER_SETTINGS in ctaocrypt/settings.h with FIPS by moving settings_comp.h to after user_settings.h. Fixed issue with non-existent ctaocrypt/signature.c file being included. Added the user_settings.h file to the FIPS project. 2016-02-08 12:22:20 -08:00
Chris Conlon
b89354880f switch pragma once uses, causes warnings on some compilers 2015-12-17 13:19:17 -07:00
Jacob Barthelmeh
f64f326ab3 work on cyassl -> wolfssl compatibility 2015-10-20 15:25:00 -06:00
Jacob Barthelmeh
d2cc582939 fips related macros for configurations using AES direct and DES ECB 2015-10-14 10:51:39 -06:00
Ludovic FLAMENT
d050c10581 add support for curve 25519 and Ed25519 in OpenSSH 
refactor curve25519 and Ed25519 code
fix warning in PEM_xxx_mem_xxx functions
 2015-08-06 08:51:41 -07:00
Chris Conlon
55677aa5ae fix BLAKE2b cyassl compat header includes 2015-07-15 11:56:14 -06:00
toddouska
1d663d3bff merge conflict 2015-07-01 12:24:11 -07:00
toddouska
1f8701540d change SESSION_STATS to PRINT_SESSION_STATS, will add WOLFSSL_SESSION_STATS 2015-04-14 12:35:24 -07:00
toddouska
7d213011c1 fix fips make dist for misc.c 2015-04-11 08:47:13 -07:00
John Safranek
fe303c97c6 refactor CRL/OCSP lookup for peer cert. add option to allow checking all certs in peer cert chain. 2015-03-23 17:35:56 -07:00
John Safranek
9f2454fc78 Added a noop function wc_FreeRng() for when not using the HashDRBG to keep 
the calls to InitRng and FreeRng simple and balanced.
 2015-03-20 14:19:35 -07:00
John Safranek
33e767a1b4 sniffer should fail a session missing a RSA key 2015-03-16 18:13:51 -07:00
John Safranek
4d62389389 added Certificate Status handshake message to sniffer 2015-03-16 11:19:16 -07:00
kaleb-himes
db8619cc76 compatibility layer psk updates 2015-02-23 09:45:22 -07:00
kaleb-himes
55d30ca277 new client-ecc-cert.pem/renewcerts updates/certs relavent name changes 2015-02-02 09:10:07 -07:00
lchristina26
29be69b92b change CYASSL_DEBUG to DEBUG_CYASSL for compatibility 2015-01-30 09:11:42 -07:00
toddouska
0e4c008247 add pic32mz header to distribution 2015-01-28 15:30:41 -08:00
kaleb-himes
14eaa69eae version git diff fix 2015-01-27 11:42:25 -07:00
toddouska
466d8a970c bump version 2015-01-26 14:02:57 -08:00
kaleb-himes
3393c3a4b4 CYASSL_DEBUG in compatibility layer 2015-01-23 11:06:01 -07:00
Jacob Barthelmeh
859c22f2c2 update to asn compatibility 2015-01-19 21:18:35 -07:00