mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,350 Commits 5 Branches 162 Tags
Commit Graph

16350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Sean Parkinson
fc861f3d6d SP math: sp_invmod changed to not call itself 
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
 2022-01-18 10:45:57 +10:00
David Garske
f3f5b0f53b Peer review fixes. Improve profile not found handling or errors. Improve inline function. 2022-01-17 15:52:40 -08:00
Anthony Hu
c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
David Garske
ec44747029
Merge pull request #4764 from SparkiDev/evp_cbn_casecmp 
wolfSSL_EVP_get_cipherbyname: case compare
 2022-01-17 14:11:07 -08:00
David Garske
d38c5003d0
Merge pull request #4762 from ejohnstown/old-gcc 
Old Compiler Warning Cleanup (GCC 4.0.2)
 2022-01-17 09:44:44 -08:00
Chris Conlon
989a4f096e
Merge pull request #4728 from miyazakh/sce_aes128_cryonly 2022-01-17 10:28:57 -07:00
Chris Conlon
e953707258
Merge pull request #4754 from miyazakh/update_espidfport 2022-01-17 10:27:28 -07:00
Eric Blankenhorn
6197853f37 Document wc_AesCfbEncrypt and wc_AesCfbDecrypt 2022-01-17 11:27:19 -06:00
John Safranek
d06cf97d73
Old Compiler Warning Cleanup (GCC 4.0.2) 
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
   the build. And matched the guards to the call of the function. The
   issue is a test that fails only in a cert 3389 build using Arm
   assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
 2022-01-16 22:08:35 -08:00
Sean Parkinson
1b5d0c75b8 wolfSSL_EVP_get_cipherbyname: case compare 
Accept any case alternatives to name or alias.
Remove case only different aliases.
Tidy up formatting in function.
 2022-01-17 09:39:16 +10:00
John Safranek
b68b14b499
Merge pull request #4724 from embhorn/zd13462 
Improve param checks of enc
 2022-01-16 15:35:54 -08:00
John Safranek
815527be6b
Merge pull request #4745 from SparkiDev/m1_sha512 
Aarch64 SHA512: fixup to work on Apple M1
 2022-01-16 15:29:01 -08:00
Sean Parkinson
15f501358d
Merge pull request #4716 from julek-wolfssl/issue-4592 
Verification: Domain check should only be performed on leaf certs
 2022-01-17 08:40:14 +10:00
John Safranek
001469589b
Old Compiler Warning Cleanup (GCC 4.0.2) 
Fixed a lot of shadowed global values. Some were prototype and function
declaration parameter name conflicts. Some conflicted with typenames.
Some conflicted with globals in libc.
 2022-01-14 17:43:21 -08:00
John Safranek
5ddf4392df
Old Compiler Warning Cleanup (GCC 4.0.2) 
pwdbased.c: Simplified some arithmetic to fix a variable promotion
warning.
 2022-01-14 17:36:12 -08:00
John Safranek
2cf21a3f69
Old Compiler Warning Cleanup (GCC 4.0.2) 
ecc.c,api.c: Initialize some variables to fix warning for possible
uninitialized variable use.
 2022-01-14 17:33:49 -08:00
John Safranek
e724622506
Old Compiler Warning Cleanup (GCC 4.0.2) 
ge_operations.c: Added the keyword `inline` to several function
prototypes for functions declared `inline`.
 2022-01-14 17:19:01 -08:00
John Safranek
2085624a29
Old Compiler Warning Cleanup (GCC 4.0.2) 
1. Removed pragma disabling the warning for non-literal format strings
on `printf()`.
2. Switched the `printf()` into two printf calls.
 2022-01-14 17:11:55 -08:00
John Safranek
153b9abc31
Old Compiler Warning Cleanup (GCC 4.0.2) 
ssl.c: Fix a couple of checks on hashType enum that were using a `< 0`
for the lower bound on an unsigned.
 2022-01-14 16:32:18 -08:00
Kareem
021f9171c5 Fix building ASIO with Old TLS disabled. 2022-01-14 15:00:02 -07:00
David Garske
eade8ecdf1 DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles. 2022-01-14 13:43:29 -08:00
Kareem
1ed152daeb Fix building with OPENSSL_EXTRA and NO_BIO defined. 2022-01-14 11:19:01 -07:00
Juliusz Sosinowicz
31e84d82b8 Domain check should only be performed on leaf certs 
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
 2022-01-14 18:16:42 +01:00
David Garske
6ccbd8776f DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
Hideki Miyazaki
a33d901409
update ESP-IDF port to fix failure 2022-01-14 15:35:28 +09:00
David Garske
f81e15f342
Merge pull request #4750 from SparkiDev/etm-disable 
TLS EncryptThenMac; fix when extension response sent
 2022-01-13 13:33:57 -08:00
David Garske
8d7059497e
Merge pull request #4742 from elms/fix/secure_renegotiate_compat 
TLS: Default secure renegotiation compatibility
 2022-01-13 10:23:27 -08:00
Andrew Hutchings
1a4bc322f7 Fix buffer overflow in PKCS7_VerifySignedData 
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.

Fixes ZD13476
 2022-01-13 14:49:31 +00:00
Andrew Hutchings
92d01611ff Fix buffer overflow in GetOID 
When converting BER to DER we switched the pointer for pkiMsg to the DER
but not the size which could cause buffer overflow.

Fixes ZD13471
 2022-01-13 13:26:32 +00:00
Sean Parkinson
70b169e3f2 TLS EncryptThenMac; fix when extension response sent 
Only respond with the extension when negotiated a block cipher.
 2022-01-13 12:46:21 +10:00
elms
ba579753ba
Merge pull request #4749 from ejohnstown/vpath-fix 2022-01-12 17:06:37 -08:00
John Safranek
15c5ac880e
PKCS7 Test Output 
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
 2022-01-12 14:51:11 -08:00
John Safranek
33f0e2eda5
In the wolfCrypt test, fix a few filenames to use the VPATH versions. 2022-01-12 14:50:43 -08:00
Sean Parkinson
0acf8d0e75
Merge pull request #4732 from embhorn/zd13375 
SP int, TFM: Init vars for static analysis
 2022-01-13 07:06:19 +10:00
Sean Parkinson
3ddfb0f189 Aarch64 SHA512: fixup to work on Apple M1 
Directive needed on Apple to indicate SHA3 extensions available.
Fixup C file as well - remove unused constants not avaiable and
prototype function that is extern elsewhere.
 2022-01-12 12:56:39 +10:00
elms
336e595ebb Remove some lingering oldname return values 2022-01-11 17:09:52 -08:00
Hideki Miyazaki
723cfb2d0b
make server/client only work 2022-01-12 09:23:23 +09:00
elms
efe2cea8d1 TLS: Default secure renegotiation compatability 
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746

From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.

With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
 2022-01-11 15:56:35 -08:00
David Garske
abc9b7197d
Merge pull request #4676 from ThalesGroup/iotsafe-hkdf-extract 
Iotsafe hkdf extract
 2022-01-11 07:37:30 -08:00
Hideki Miyazaki
f0f65f41b7
addressed review comments 2022-01-11 19:53:54 +09:00
Sean Parkinson
c7b0b7003e
Merge pull request #4700 from dgarske/pkcs11_id 
Improved the PKCS11 init to support slotId or tokenName
 2022-01-11 14:25:37 +10:00
Saksik Remy
30777bb5ee nit minor changes 2022-01-11 10:08:52 +08:00
David Garske
9a4981a5a8 Improved the PKCS11 init to support slotId or tokenName. Adds new wc_Pkcs11Token_InitName and alters existing wc_Pkcs11Token_Init to allow NULL tokenName. ZD13348 2022-01-10 16:53:01 -08:00
David Garske
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene 
cppcheck sweep
 2022-01-10 12:52:22 -08:00
Eric Blankenhorn
6a02826bbf
Merge pull request #4740 from dgarske/sess_names_docs 
Session doc and naming cleanups
 2022-01-10 14:38:47 -06:00
David Garske
5392190807
Merge pull request #4741 from danielinux/psoc6-sha512-fix 
PsoC6 hw crypto: added missing wc_InitSha512_ex()
 2022-01-10 12:32:13 -08:00
Daniele Lacamera
814e7c91e0 PsoC6 hw crypto: added missing wc_InitSha512_ex() 2022-01-10 18:30:53 +01:00
Chris Conlon
f72d198778
Merge pull request #4723 from dgarske/se050 2022-01-10 10:11:49 -07:00
David Garske
43bbc5d2e5
Merge pull request #4738 from SparkiDev/sp_int_div_arm_2 
SP int: ARM64/32 sp_div_word changes
 2022-01-10 07:58:28 -08:00