mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,954 Commits 5 Branches 162 Tags
Commit Graph

9954 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Conlon
256ac4a515
Merge pull request #2427 from miyazakh/fix_espbuild_failure 
fix uninitialized var for esp idf build failure fix
 2019-08-26 10:11:44 -06:00
Chris Conlon
61d01ab7f3 add unit test for PKCS7 invalid detached content 2019-08-26 09:43:20 -06:00
David Garske
76b9476b9a Remove debug printf. 2019-08-23 16:24:45 -07:00
David Garske
99329b0fc4 Improvements to the CRL verify handling. 2019-08-23 16:09:39 -07:00
Chris Conlon
12687e5a2a internally check PKCS7 content digest against messageDigest attribute 2019-08-23 16:40:12 -06:00
toddouska
2c97b040ff
Merge pull request #2419 from dgarske/ctx_sec_reneg 
Adds use secure renegotiation at CTX level
 2019-08-23 12:55:30 -07:00
toddouska
1bad2bed3c
Merge pull request #2404 from dgarske/strict_cipher 
Added strict cipher suite check on client server_hello processing
 2019-08-23 12:42:57 -07:00
toddouska
681de3e41a
Merge pull request #2375 from dgarske/stm32_cubemx_halv2 
Fixes for STM32F7 and latest CubeMX HAL
 2019-08-23 12:28:51 -07:00
toddouska
6209e8ff24
Merge pull request #2412 from JacobBarthelmeh/PKCS12 
adjust wc_i2d_PKCS12 API
 2019-08-23 10:30:04 -07:00
toddouska
54fb08d6df
Merge pull request #2426 from JacobBarthelmeh/Fuzzer 
sanity check on buffer size before reading short
 2019-08-23 10:17:31 -07:00
John Safranek
2ba6c66d44 Fix ECC key load test 
When using the configure options '--enable-certgen --enable-certext CPPFLAGS=-DWOLFSSL_VALIDATE_ECC_IMPORT', the ecc_decode_test() will fail the "good" test case. It is using the point (1, 1) in the test, and that fails the key validation. Changed the good key to one of the keys we have in the certs directory. The additional validation checks that the point is on the curve, and is validated in FIPS mode.
 2019-08-22 14:18:59 -07:00
Hideki Miyazaki
8b2a1f13c4 fix uninitialized ver for esp idf build failure fix 2019-08-23 06:08:11 +09:00
David Garske
0e6bb4717e
Merge pull request #2425 from JacobBarthelmeh/SanityChecks 
sanity check on buffer size
 2019-08-22 12:30:06 -07:00
Jacob Barthelmeh
b83aebafb1 help out static analysis tool 2019-08-22 11:49:10 -06:00
Jacob Barthelmeh
65aeb71d6c sanity check on buffer size before reading short 2019-08-22 11:36:35 -06:00
Jacob Barthelmeh
c6e4aebcdf sanity check on buffer size 2019-08-22 09:23:02 -06:00
David Garske
cf83561b64
Merge pull request #2417 from SparkiDev/sp_mod_exp_cast_fix 
SP Mod exp cast fix
 2019-08-22 05:55:27 -07:00
David Garske
6544b5df88
Merge pull request #2423 from SparkiDev/fe_math_mac 
Curve25519/Ed25519 x86_64 assembly working on Mac again
 2019-08-22 05:54:49 -07:00
Sean Parkinson
132f60e77f Curve25519/Ed25519 x86_64 assembly working on Mac again 2019-08-22 09:27:39 +10:00
David Garske
e298b3290d Fix to initialize hash flag. 2019-08-21 06:36:37 -07:00
David Garske
67c3751836 Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level. 2019-08-20 16:43:28 -07:00
David Garske
a5d222a20e Make public the hash set/get flags functions. 2019-08-20 16:25:48 -07:00
David Garske
154930d128 Added support for older KECCAK256 used by Ethereum. Uses existing hash flag API's. 
To use add build flag `CFLAGS="-DWOLFSSL_HASH_FLAGS"`.

Example:

```c
wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
```
 2019-08-20 16:14:37 -07:00
David Garske
24bfea1ad2 Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required. 2019-08-20 10:38:08 -07:00
David Garske
644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Sean Parkinson
5530336617 SP Mod exp cast fix 2019-08-20 08:50:57 +10:00
Jacob Barthelmeh
01a3b59e28 fix cast and initialization of variable 2019-08-19 14:54:53 -06:00
David Garske
3e1c103c78 Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted). 2019-08-16 16:09:00 -07:00
David Garske
586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
toddouska
7d4023f6a1
Merge pull request #2408 from dgarske/coverity 
Minor fixes to resolve Coverity static analysis checks
 2019-08-16 14:45:13 -07:00
Jacob Barthelmeh
487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske
3f992ce39d Additional STM32F7 fixes with HALv2. 2019-08-16 12:31:28 -07:00
David Garske
eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
toddouska
dea4f2fb1a
Merge pull request #2410 from SparkiDev/poly1305_x64_fix 
Fix Poly1305 on Intel AVX2
 2019-08-16 09:08:27 -07:00
Sean Parkinson
8454bd1077 Fix Poly1305 on Intel AVX2 
Fix define checks for other x86_64 assembly code files
 2019-08-16 17:42:19 +10:00
David Garske
0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
David Garske
aee766e11b Minor fixes for AES GCM with GMAC and STM32 HALv2. 2019-08-15 16:57:38 -07:00
toddouska
489af0cd2b
Merge pull request #2386 from SparkiDev/tls13_integ_only 
TLS 1.3 and Integrity-only ciphersuites
 2019-08-15 16:02:12 -07:00
toddouska
51c31695bd
Merge pull request #2391 from SparkiDev/tfm_dh_2 
Specialized mod exponentiation for base 2 in tfm.c and integer.c
 2019-08-15 15:59:20 -07:00
toddouska
b06dbf16c2
Merge pull request #2397 from JacobBarthelmeh/PKCS7 
updates to CMS and callback functions
 2019-08-15 15:56:41 -07:00
toddouska
089ca6d6e8
Merge pull request #2403 from JacobBarthelmeh/HardwareAcc 
build with devcrypto and aesccm
 2019-08-15 15:54:41 -07:00
toddouska
0a1a81ab42
Merge pull request #2407 from embhorn/api_p1_2 
Adding phase 1 API from other projects
 2019-08-15 14:13:10 -07:00
Eric Blankenhorn
1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
David Garske
ed7ac6fb26 Coverity fixes to make static analysis happy. 2019-08-14 15:42:47 -07:00
Eric Blankenhorn
b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
toddouska
cb33ada380
Merge pull request #2395 from embhorn/api_p1 
Adding compatibility API phase 1
 2019-08-13 17:19:22 -07:00
David Garske
e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello. 
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
 2019-08-13 15:56:19 -07:00
Eric Blankenhorn
48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
toddouska
fa79ef0940
Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility 
Phase 1 of the OpenSSL Compatibility APIs
 2019-08-13 14:56:09 -07:00
Jacob Barthelmeh
e8e1d35744 build with devcrypto and aesccm 2019-08-13 14:12:45 -06:00