mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,822 Commits 5 Branches 162 Tags 807 MiB
5146f3dd94
Commit Graph

646 Commits

Author SHA1 Message Date
Takashi Kojo
07af9913c3 LwIP native TCP 2014-01-31 08:49:39 +09:00
Takashi Kojo
e28d256197 CyaSSL master, 2.8.6 2014-01-31 08:44:42 +09:00
John Safranek
12e9309618 fix Windows function name conflict 2014-01-28 12:30:01 -08:00
John Safranek
631cfbcf27 fix output size check bug 2014-01-28 11:57:49 -08:00
toddouska
2084e9869d fix pkcs7 leaks with normal math 2014-01-27 16:29:15 -08:00
toddouska
e040e0ba7a fix scep 32 2014-01-27 12:50:29 -08:00
toddouska
c0f9780c70 fix challenge pwd init bug 2014-01-24 14:08:14 -08:00
toddouska
21c9eb7b22 fix forgotten leading 0 on SetRsaPublicKey 2014-01-24 13:58:20 -08:00
toddouska
5945723d87 linux pkcs7 build fixes 2014-01-24 13:15:26 -08:00
John Safranek
1dac5d28e3 Allow PKCS7_VerifyDecodedData to have an empty set of SignerInfos. Save first certificate. 2014-01-24 12:14:53 -08:00
John Safranek
595fe0b445 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-23 21:48:37 -08:00
toddouska
18365df209 add non block length test case, including test again, to aes ctr 2014-01-23 15:18:42 -08:00
Chris Conlon
43199cd573 PKCS7_DecodeEnvelopedData, only do ParseCert once in PKCS7_InitWithCert 2014-01-23 14:48:18 -07:00
toddouska
45c05ffd30 add non block size AesCtr support 2014-01-23 12:34:27 -08:00
John Safranek
0972fbbf9d PKCS7_VerifySignedMessage() decodes more of the 
message and performs an RSA verify on it.
 2014-01-23 11:24:50 -08:00
Chris Conlon
9f8dcccc61 PKCS7_DecodeEnvelopedData, RsaPrivateDecryptInline can return 0 upon error 2014-01-22 15:26:43 -07:00
John Safranek
38c2373c4f PKCS7_VerifySignedData() also saves pointer to signed data. 2014-01-21 22:11:21 -08:00
John Safranek
15f94b2f98 1. Resized sample PKCS7 signed data attribute. 
2. Removed unnecessary PKCS7 signed data attribute.
 2014-01-21 11:45:15 -08:00
John Safranek
c35a635fd7 Added initial PKCS7_VerifySignedData(). Only saves 
the first included certificate if available.
 2014-01-20 15:52:41 -08:00
John Safranek
2187955fe9 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-20 10:53:14 -08:00
John Safranek
28f3a2dc21 Added deallocator function for PKCS7 initializer data. 2014-01-20 10:51:26 -08:00
Chris Conlon
ce7fe56de5 adjust next PKCS#7 envelopedData recipient check 2014-01-20 11:42:45 -07:00
John Safranek
c4eb5642b1 1. Sign the PKCS#7 with a supplied private key, not 
the single cert's public key.
2. Rename PKCS7 Envelope Data function as
   `PKCS7_EncodeEnvelopedData()`.
3. Encode signed data to check input parameters.
 2014-01-17 14:07:40 -08:00
Chris Conlon
e9b82d8174 place PKCS#7 IV in AlgoID optional params, resolve merge conflicts 2014-01-16 17:46:28 -07:00
Chris Conlon
366f42a91b remove NULL tag from block cipher AlgoId, IV there instead 2014-01-16 17:45:10 -07:00
John Safranek
eb2e987a29 Split two PKCS7 tests into two functions. 2014-01-16 16:29:33 -08:00
John Safranek
cf22e49117 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-16 16:19:34 -08:00
John Safranek
264ce75041 1. Split SetTagged into SetExplicit and SetImplicit. 
2. Updated code using SetTagged to use new functions.
 2014-01-16 16:17:17 -08:00
Chris Conlon
a75b95facc more comments to PKCS#7 files 2014-01-16 13:29:37 -07:00
Chris Conlon
590dde753a only store issuer into issuerRaw 2014-01-16 10:45:52 -07:00
John Safranek
36f78c5e1d 1. Bug fix for taking the size of something. 
(Used wrong variable name.)
2. Renamed PKCS7 signed data test output file.
3. Added PKCS7 data test output files to gitignore.
 2014-01-15 15:42:27 -08:00
John Safranek
cd44227945 Cleaned up warnings when using sizeof() in math. 2014-01-15 14:25:15 -08:00
John Safranek
85c5c29e7a Merge branch 'master' of github.com:cyassl/cyassl 
Conflicts:
	ctaocrypt/test/test.c
	cyassl/ctaocrypt/pkcs7.h
 2014-01-15 13:23:26 -08:00
John Safranek
c33a8a890e Added encoding PKCS#7 signed data messages. 2014-01-15 12:31:51 -08:00
Chris Conlon
46a03daf5f initial PKCS#7 crypto test 2014-01-15 11:05:18 -07:00
Chris Conlon
9f7e33e7e1 add PKCS7_DecodeEnvelopedData() 2014-01-14 22:57:55 -07:00
Chris Conlon
d63c58864f expose more ASN.1 helper functions with CYASSL_LOCAL 2014-01-14 22:48:55 -07:00
Chris Conlon
80c19aaf33 add PKCS7 error codes 2014-01-14 22:46:54 -07:00
toddouska
3152c28650 add escape for 64encdoe + and = too 2014-01-14 09:36:21 -08:00
Chris Conlon
f072d92ed8 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-13 13:20:29 -07:00
Chris Conlon
69ffa3a481 add PKCS7_EncodeEnvelopeData() 2014-01-13 13:19:44 -07:00
toddouska
bb6b2e86c6 add base64 encode with esacped line ending, keep existing api intact 2014-01-13 12:17:12 -08:00
John Safranek
ef9cfc2172 Added method to encode PKCS7 data type messages. 2014-01-13 10:58:01 -08:00
Chris Conlon
71e13a3c3a expose ASN.1 helper fns, add blkType 2014-01-10 16:13:56 -07:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
4a975e8d00 SetRsaPublicKey() to support ASN.1 unsigned intergers correctly. 2014-01-10 11:29:08 -08:00
John Safranek
f9e73a8aeb Added setting the cert req challenge password. 2014-01-09 14:17:55 -08:00
John Safranek
f545a33e77 Cert Req 
1. Added support for the cert req attributes.
2. Added setting the Basic Constraints extenstion request.
3. Added error checking for the cert req attribs.
 2014-01-08 16:26:42 -08:00
John Safranek
7b4cf370d0 In test: Cert req now signed by correct key. Removed loading of CA key. 2014-01-08 11:47:59 -08:00
John Safranek
f0a7d94c48 Cert Request 
1. Added setting the request's version.
2. Added certreq test code to the ctaocrypt test.
3. Added the certreq test outputs to gitignore.
 2014-01-08 10:57:46 -08:00
John Safranek
4de6a6d902 Cert Request 
1. Added function to make simple DER format cert reqs.
2. Added cert req type to DerToPem.
 2014-01-07 17:25:46 -08:00
toddouska
d6ad10f027 add USE_SLOW_SHA2 for sha384 and sha512, over twice as small code but over 50% slower too 2014-01-03 12:32:14 -08:00
toddouska
9d0e991e41 fix 32bit no asm combos 2014-01-02 16:58:54 -08:00
Chris Conlon
9f4ea7d059 update TYTO settings, FREESCALE_MMCAU AES check for NULL 2014-01-02 13:13:18 -07:00
Chris Conlon
64912b37f6 adjust key buffer length when using ToTraditional() or ToTraditionalEnc() 2013-12-23 14:07:58 -07:00
Chris Conlon
8c8a1b0db8 add Freescale K60 mmCAU AES, DES, 3DES support 2013-12-17 16:29:21 -07:00
Chris Conlon
c466fac597 add Freescale K60 mmCAU MD5, SHA, SHA256 support 2013-12-17 16:28:08 -07:00
toddouska
ba95c33ed4 more clang warnings 2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2 fix newer clang warnings 2013-12-11 12:03:09 -08:00
toddouska
276a9c871e eccfp warning fix 2013-12-06 08:58:06 -08:00
Takashi Kojo
1bcd61f134 Eliminating unused files 2013-11-28 09:05:33 +09:00
Takashi Kojo
9a67901081 Eliminate unused files 2013-11-28 00:16:49 +09:00
toddouska
6e7c9fb8de Merge branch 'master' of github.com:cyassl/cyassl 2013-11-20 17:07:33 -08:00
toddouska
8bf18d31c9 fix smartos warnings 2013-11-20 17:03:19 -08:00
Chris Conlon
2f7970ab65 add FREERTOS current_time() to benchmark.c 2013-11-20 17:03:58 -07:00
toddouska
864b25843e Merge branch 'master' of github.com:cyassl/cyassl 2013-11-20 15:13:14 -08:00
toddouska
10a3f8ead3 make cert names more consistent with str type that openssl uses 2013-11-20 15:12:33 -08:00
John Safranek
67b1b00a2c OCSP Nonces are not critical extensions. Allow a response to be missing the nonce. 2013-11-20 13:46:46 -08:00
toddouska
c545202de0 don't allow inplace DerToPem, not supported 2013-11-20 13:17:39 -08:00
toddouska
7585e92fee allow cert signing w/o Cert object, buffer only 2013-11-19 16:56:49 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
e92860bda7 ecc enc/dec offset init fix 2013-11-19 11:17:23 -08:00
toddouska
d91e8ab38e add cert gen for ecc certs 2013-11-14 20:34:39 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
toddouska
cf4230b073 add ecc encrypt secure message exchange, hide ecEncCtx 2013-11-13 17:53:11 -08:00
toddouska
2e9e372875 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-11 17:01:39 -08:00
toddouska
0ef44329ef add thread local storage to ecc fp cache, no locking required but cache is per thread, higher conncurrent performance but more memory needed 2013-11-11 17:00:35 -08:00
Takashi Kojo
b54b92bc2a benchmark.c conflicts resolved 2013-11-12 08:21:41 +09:00
Takashi Kojo
5a9140fd13 For PIC32MZ 2013-11-12 08:12:01 +09:00
Takashi Kojo
0048c20fe5 PIC32MZ RNG 2013-11-11 12:15:19 +09:00
Takashi Kojo
23cada35ba Catch up master 2013-11-10 21:06:34 +09:00
Takashi Kojo
a4e61cbdbb For PIC32MZ 2013-11-10 20:42:21 +09:00
toddouska
3e072c8dda random.c missing settings include fix 2013-11-08 10:56:50 -08:00
toddouska
c2f9064ae4 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-07 16:00:34 -08:00
toddouska
554adff672 add basic ecc encrypt/decrypt 2013-11-07 15:59:31 -08:00
toddouska
7866d51ee9 fix benchmark pull changes 2013-11-07 11:00:56 -08:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
Takashi Kojo
f26cf50ff2 Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5 2013-11-06 10:22:21 +09:00
John Safranek
913e200cd0 X.509 Additions: 
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
 2013-11-04 11:02:17 -08:00
toddouska
5e00d62ea3 add HMAC-KDF 2013-10-31 18:03:00 -07:00
toddouska
c88d0d5739 fix mplab harmony random ifdef 2013-10-31 10:47:03 -07:00
toddouska
cc323fb4cc ecc shamir requires bigger LUT in fp mode 2013-10-31 10:43:48 -07:00
toddouska
12b074fbe9 add worst case estimate to ecc_sign_size() 2013-10-30 13:33:23 -07:00
toddouska
3d19604bfb make sure to always check mp_to_*, normal math could fail 2013-10-29 17:38:12 -07:00
toddouska
f402d7eed9 add ecc export pirvate only 2013-10-29 16:44:33 -07:00
toddouska
071338bf39 fix fpecc normal math init/free issue 2013-10-28 13:17:33 -07:00
toddouska
9438d0d41b add Microchip MPLAB Harmony support 2013-10-28 11:03:50 -07:00
Takashi Kojo
849bbdefae Updates for MDK4 2013-10-26 17:18:18 +09:00
Takashi Kojo
33ccf62ff5 MDK5 support 2013-10-25 15:49:39 +09:00
Takashi Kojo
558735c862 port.[ch] for MDK5 2013-10-24 20:33:36 +09:00
Takashi Kojo
2f98233825 For MDK5 2013-10-24 18:50:26 +09:00
Takashi Kojo
3ed2085e77 ctaocrypt/{benchmark,src,test} files fro MDK5 2013-10-24 17:20:12 +09:00
toddouska
b45370a599 remove test output 2013-10-23 17:17:47 -07:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
John Safranek
8295d8bb4a 1. Reject DSA certificates instead of ignoring them. 
2. Resolved potential crash when trying to calculate a Subject Key
   ID when the public key is missing from a certificate.
 2013-10-16 10:16:04 -07:00
toddouska
0126a39d68 fix shamir speed up init buffer 2013-10-10 18:47:25 -07:00
John Safranek
33bcc76a07 Merge branch 'master' of github.com:cyassl/cyassl 2013-10-02 15:27:10 -07:00
Chris Conlon
3e12f43342 add CyaSSL_GetHmacMaxSize for JNI wrapper 2013-09-25 14:20:36 -06:00
Chris Conlon
17b220e9c7 add Freescale MQX time functionality 2013-09-24 20:12:48 -06:00
toddouska
363f157f50 fix sniffer build w/o fastmath 2013-09-23 13:37:04 -07:00
John Safranek
5e4ca53496 clean up Windows build issues with OCSP 2013-09-18 14:47:51 -07:00
John Safranek
49d3e74fde Fixed a Windows build warning in the benchmark 2013-09-17 22:15:59 -07:00
Chris Conlon
ee78b108cf CTaoCrypt test mods for MQX 2013-09-16 15:48:36 -06:00
Chris Conlon
abff02532d add Freescale K53 RNGB support 2013-09-16 14:43:33 -06:00
John Safranek
e564b614bf Decode the serialNumber field in the X.509 names 2013-09-15 22:10:58 -07:00
John Safranek
49f82c4717 Added two more GMAC test cases 2013-09-12 14:10:57 -07:00
toddouska
74e7ba8536 fix Kojo-san pull errors 2013-09-11 10:07:33 -07:00
kojo
0869da34a0 Coldfire SEC 2013-09-11 17:06:28 +09:00
John Safranek
03d7c694e8 Merge branch 'master' of github.com:cyassl/cyassl 2013-09-10 16:49:40 -07:00
John Safranek
d3db1a42de Added GMAC wrapper functions around AES-GCM 2013-09-10 16:47:39 -07:00
toddouska
bab790ab87 add port.c to visual studio builds 2013-09-09 13:48:28 -07:00
John Safranek
0ae966b350 fix shadow warning 2013-09-08 17:46:29 -07:00
toddouska
44ba0af192 free fp ecc resources on cleanup 2013-09-06 17:08:57 -07:00
toddouska
6e05d4317f add proper locking to fp ecc 2013-09-06 16:53:33 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
toddouska
782cb0e077 Merge branch 'master' of github.com:cyassl/cyassl 2013-09-06 14:25:51 -07:00
toddouska
46be3b8508 add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next 2013-09-06 14:24:31 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87 ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values 2013-09-05 15:00:01 -07:00
toddouska
08c9f61f16 add accelerated ecc_proj* and ECC SHAMIR to speed up ecdsa verify 2013-09-04 13:13:10 -07:00
toddouska
e93a0640f1 break up huge math into individual parts so can add piece by piece, e.g., ECC256 2013-09-03 13:13:13 -07:00
John Safranek
0002ba4ee8 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-23 10:12:17 -07:00
John Safranek
d734c86c72 cleanup build warnings 
1. Change `CyaSSL_OCSP_set_options()` to return `SSL_SUCCESS`
   or `SSL_FAILURE` as `int` like rest of API.
2. Fix data narrowing warning in file io.c function
   `process_http_response()`.
3. Fix global variable shadowed warning in file ssl.c function
   `CyaSSL_GetSessionAtIndex()`
4. Fix data narrowing warning in file internal.c functions
   `Encrypt()` and `Decrypt()`. Passed in a word32 size parameter
   that was provided a word16 and used as a word16.
5. Removed unreachable code from file tls.c function
   `CyaSSL_GetHmacType()`.
6. Fix data narrowing warnings in file aes.c functions
   `AesCcmEncrypt()` and `AesCcmDecrypt()`.
 2013-08-23 10:09:35 -07:00
toddouska
e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
toddouska
840e958ae5 add ecc verify to benchmark 2013-08-09 17:06:02 -07:00
toddouska
5c5cee0789 use external CYASSL_MAX_ERROR_SZ for buffer size 2013-08-06 11:48:00 -07:00
toddouska
505b1a8a67 fix ecc sign/hash truncation with odd bit sizes when hash length is longer than key size 2013-07-25 15:59:09 -07:00
John Safranek
43f320d5e2 SEP Extensions 
1. Added configure option to enable SEP extensions.
2. Enabled KEEP_PEER_CERT for the SEP configuration.
3. Copy the Certificate Policy extension into the cert as the
   device type.
4. Copy an other type Alt Name extension into the cert as the
   hwType and hwSerialNumber, if the alt name has a
   hardwareModuleName OID.
 2013-07-09 13:23:56 -07:00
toddouska
99b6c1d3c3 fix GCC warning 2013-07-09 09:57:55 -07:00
toddouska
f9bf003718 allow NULL IVs for CBC mode, same as all zero IV 2013-07-08 11:52:00 -07:00
John Safranek
b66cb11cb8 Fixed bug in DecodeAltNames() where idx wasn't advanced past the length. 2013-07-05 10:10:38 -07:00
John Safranek
0d0fc27e42 Fixed DecodeAuthKeyId fail case not returning. 2013-06-26 11:16:17 -07:00
John Safranek
f3af0124e4 Fixed DecodeAltNames extension falling through to next case. 2013-06-25 13:37:43 -07:00
John Safranek
0c34ecb451 OCSP Updates 
1. Add option to example server and client to check the OCSP responder.
2. Add option to example server and client to override the URL to use
   when checking the OCSP responder.
3. Copy the certificate serial number correctly into OCSP request.
   Add leading zero only if MS bit is set.
4. Fix responder address used when Auth Info extension is present.
5. Update EmbedOcspLookup callback to better handle the HTTP
   response and obtain the complete OCSP response.
 2013-06-24 10:47:24 -07:00
John Safranek
42a0f3500f Update AES-GCM and AES-CCM to use AES-NI 
1. Added the assembly functions to do AES-ECB.
2. Updated AesEncrypt and AesDecrypt to use the assembly functions
   if available.
3. Modified the AES-GCM and AES-CCM key setup functions to use the
   the AES-NI key setup if availble.
4. Added tests for the AES-ECB encrypt and decrypt.
5. Only include stdio.h for AES when DEBUG_AESNI is enabled
6. If using local key setup, skip using AES-NI for basic Encrypt
   and Decrypt.
 2013-06-19 14:52:58 -07:00
toddouska
85d25798a5 update ntru cert expires dates, update crls while at it, don't turn on skid for crls since openssl/firefox don't use by default and cyassl needs crl extension parsing 2013-06-17 14:48:51 -07:00
toddouska
7f7c595d10 differentiate between THREADX and RTP_SYS 2013-06-14 13:45:25 -07:00
toddouska
9559f09028 warning fixes 2013-06-13 12:13:46 -07:00
toddouska
ae84982777 add STACK_TRAP to track stack use on client, will seqfault if exceed limit to see where use is too high, doesn't work with pthread_create() 2013-06-03 14:56:37 -07:00