mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10,048 Commits 5 Branches 162 Tags 807 MiB
4c709f1f2c
Commit Graph

10048 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jacob Barthelmeh
b83aebafb1 help out static analysis tool 2019-08-22 11:49:10 -06:00
Jacob Barthelmeh
65aeb71d6c sanity check on buffer size before reading short 2019-08-22 11:36:35 -06:00
Jacob Barthelmeh
c6e4aebcdf sanity check on buffer size 2019-08-22 09:23:02 -06:00
David Garske
cf83561b64
Merge pull request #2417 from SparkiDev/sp_mod_exp_cast_fix 
SP Mod exp cast fix
 2019-08-22 05:55:27 -07:00
David Garske
6544b5df88
Merge pull request #2423 from SparkiDev/fe_math_mac 
Curve25519/Ed25519 x86_64 assembly working on Mac again
 2019-08-22 05:54:49 -07:00
Sean Parkinson
132f60e77f Curve25519/Ed25519 x86_64 assembly working on Mac again 2019-08-22 09:27:39 +10:00
Juliusz Sosinowicz
37f1522825 Changes to update stunnel support 2019-08-21 16:18:04 -07:00
Juliusz Sosinowicz
05d86ade20 Merge remote-tracking branch 'wolfSSL/master' 2019-08-21 16:17:55 -07:00
David Garske
e298b3290d Fix to initialize hash flag. 2019-08-21 06:36:37 -07:00
Takashi Kojo
7deab4c54f add KDS sample project 2019-08-21 11:12:09 +09:00
David Garske
67c3751836 Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level. 2019-08-20 16:43:28 -07:00
David Garske
a5d222a20e Make public the hash set/get flags functions. 2019-08-20 16:25:48 -07:00
David Garske
154930d128 Added support for older KECCAK256 used by Ethereum. Uses existing hash flag API's. 
To use add build flag `CFLAGS="-DWOLFSSL_HASH_FLAGS"`.

Example:

```c
wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
```
 2019-08-20 16:14:37 -07:00
David Garske
24bfea1ad2 Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required. 2019-08-20 10:38:08 -07:00
David Garske
644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Sean Parkinson
5530336617 SP Mod exp cast fix 2019-08-20 08:50:57 +10:00
Takashi Kojo
fd0390430d Give error code resolution to wolfSSL_CertManagerCheckOCSPResponse 2019-08-20 07:22:54 +09:00
Jacob Barthelmeh
01a3b59e28 fix cast and initialization of variable 2019-08-19 14:54:53 -06:00
David Garske
3e1c103c78 Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted). 2019-08-16 16:09:00 -07:00
David Garske
586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
toddouska
7d4023f6a1
Merge pull request #2408 from dgarske/coverity 
Minor fixes to resolve Coverity static analysis checks
 2019-08-16 14:45:13 -07:00
Jacob Barthelmeh
487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske
3f992ce39d Additional STM32F7 fixes with HALv2. 2019-08-16 12:31:28 -07:00
David Garske
eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
toddouska
dea4f2fb1a
Merge pull request #2410 from SparkiDev/poly1305_x64_fix 
Fix Poly1305 on Intel AVX2
 2019-08-16 09:08:27 -07:00
Sean Parkinson
8454bd1077 Fix Poly1305 on Intel AVX2 
Fix define checks for other x86_64 assembly code files
 2019-08-16 17:42:19 +10:00
David Garske
0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
David Garske
aee766e11b Minor fixes for AES GCM with GMAC and STM32 HALv2. 2019-08-15 16:57:38 -07:00
toddouska
489af0cd2b
Merge pull request #2386 from SparkiDev/tls13_integ_only 
TLS 1.3 and Integrity-only ciphersuites
 2019-08-15 16:02:12 -07:00
toddouska
51c31695bd
Merge pull request #2391 from SparkiDev/tfm_dh_2 
Specialized mod exponentiation for base 2 in tfm.c and integer.c
 2019-08-15 15:59:20 -07:00
toddouska
b06dbf16c2
Merge pull request #2397 from JacobBarthelmeh/PKCS7 
updates to CMS and callback functions
 2019-08-15 15:56:41 -07:00
toddouska
089ca6d6e8
Merge pull request #2403 from JacobBarthelmeh/HardwareAcc 
build with devcrypto and aesccm
 2019-08-15 15:54:41 -07:00
toddouska
0a1a81ab42
Merge pull request #2407 from embhorn/api_p1_2 
Adding phase 1 API from other projects
 2019-08-15 14:13:10 -07:00
Eric Blankenhorn
1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
David Garske
ed7ac6fb26 Coverity fixes to make static analysis happy. 2019-08-14 15:42:47 -07:00
Eric Blankenhorn
b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
toddouska
cb33ada380
Merge pull request #2395 from embhorn/api_p1 
Adding compatibility API phase 1
 2019-08-13 17:19:22 -07:00
David Garske
e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello. 
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
 2019-08-13 15:56:19 -07:00
Eric Blankenhorn
48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
toddouska
fa79ef0940
Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility 
Phase 1 of the OpenSSL Compatibility APIs
 2019-08-13 14:56:09 -07:00
Jacob Barthelmeh
e8e1d35744 build with devcrypto and aesccm 2019-08-13 14:12:45 -06:00
Tesfa Mael
9301cce9ac Check a null pointer dereference 2019-08-13 11:48:20 -07:00
Tesfa Mael
b1ad0525ea cast to correct static analysis issue 2019-08-13 10:45:24 -07:00
Tesfa Mael
b7bd710bc8 Add small stack option 2019-08-13 10:29:37 -07:00
Tesfa Mael
1acd24deb8 Review comment to reduce stack usage 2019-08-13 10:15:57 -07:00
Tesfa Mael
b9ddbb974a perform domain name check on the peer certificate 2019-08-13 09:55:28 -07:00
Jacob Barthelmeh
20d9d5b0da account for KARI bundle without CERT when callback is set 2019-08-12 17:37:09 -06:00
Jacob Barthelmeh
883d5778a3 handle optional parameters with KARI ECC key 2019-08-12 16:41:35 -06:00
Jacob Barthelmeh
f4d9991e3a remove restriction on key wrap type with callback 2019-08-12 15:34:20 -06:00
Ralf Schlatterbeck
63c6c47165 Fixes for 16-bit systems 
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
 2019-08-10 18:27:29 +02:00