WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
7,363 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

2756 Commits (f9e830bce7c6865361a5a9b897c2736de1d9a742)

Author SHA1 Message Date
Jacob Barthelmeh 2a0ef55a66 fix for check on return value with mutex error case 2018-03-08 11:26:22 -07:00
Jacob Barthelmeh 74475a26ba compile more functions in with OPENSSL_EXTRA 2018-03-08 11:06:40 -07:00
Sean Parkinson d6ffa0dd8e Fix downgrade when doing TLS v1.3 2018-03-08 15:05:36 +10:00
Sean Parkinson d35a3f1e69 Fixes from code review 
If doing TLS v1.3 and version on ServerHello is below TLS v1.2 then
handle message with old code.
If doing TLS v1.3, downgrading and version ClientHello is less than
minimum downgrade then this is a version error.
 2018-03-08 09:00:36 +10:00
Jacob Barthelmeh 612a80609a warning about extra set of parentheses 2018-03-07 10:35:31 -07:00
Jacob Barthelmeh 799a6b6d2d fix warning of unused variable and add guard for disable ecc build 2018-03-07 10:35:31 -07:00
Jacob Barthelmeh a9c6385fd1 trim out more strings and fix DN tag 2018-03-07 10:35:31 -07:00
David Garske a4000ba196
Merge pull request #1418 from SparkiDev/sp_armasm 
Add assembly code for ARM and 64-bit ARM
 2018-03-07 09:18:16 -08:00
Sean Parkinson 89182f5ca9 Add assembly code for ARM and 64-bit ARM 
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
 2018-03-07 11:57:09 +10:00
Jacob Barthelmeh 3f80006b25 add stub code for flag with x509 check host 2018-03-06 11:55:20 -07:00
Sean Parkinson dee74e98dd Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined) 2018-03-05 10:11:51 +10:00
toddouska 48cd2806af
Merge pull request #1412 from JacobBarthelmeh/PKCS12 
clean up memory in error case with PKCS12 create
 2018-03-02 12:37:12 -08:00
toddouska 2c12b0d678
Merge pull request #1411 from ejohnstown/dtls-null-fix 
DTLS Import/Export with Null Cipher
 2018-03-02 11:41:04 -08:00
Jacob Barthelmeh ae23f777d6 clean up memory in error case with PKCS12 create 2018-03-02 11:35:16 -07:00
John Safranek da76ee0877 allow import of DTLS sessions with null cipher as the null cipher is allowed with dtls when enabled 2018-03-02 09:57:07 -08:00
Jacob Barthelmeh 223903717a add sanity check for short read 2018-03-02 09:38:11 -07:00
Jacob Barthelmeh e80e82a89b sanity check on reading newline character 2018-03-01 18:00:52 -07:00
Jacob Barthelmeh d46a2b449d fix for smallstack buffer size 2018-03-01 18:00:52 -07:00
Jacob Barthelmeh 2a368abd20 fix build for haproxy 2018-03-01 18:00:52 -07:00
toddouska b527f6fb81
Merge pull request #1397 from JacobBarthelmeh/Optimizations 
Optimizations
 2018-02-26 08:43:22 -08:00
Jacob Barthelmeh 9391c608cc remove error string function when no error strings is defined 2018-02-23 17:31:20 -07:00
toddouska 9b90cdc919
Merge pull request #1396 from JacobBarthelmeh/Testing 
fix for static analysis warning of null dereference
 2018-02-23 15:51:29 -08:00
toddouska 22e55e72c1
Merge pull request #1394 from cconlon/selftest 
Add CAVP-only Self Test for special build
 2018-02-23 15:50:06 -08:00
Jacob Barthelmeh 9757effdc1 fix for static analysis warning of null dereference 2018-02-23 14:49:06 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
JacobBarthelmeh 89390180a0
Merge branch 'master' into Compatibility-Layer 2018-02-22 15:24:31 -07:00
toddouska 41ae47fa3c
Merge pull request #1390 from SparkiDev/tls13_downgrade 
Fix downgrading from TLS v1.3 to TLS v1.2
 2018-02-22 08:53:48 -08:00
Sean Parkinson 7160384a19 Explicit curve data in public ECC key 
Certificate's public key data contains more of the encoding.
PKCS #7 using public key from certificates calls proper decode.
 2018-02-22 14:59:19 +10:00
Sean Parkinson da4024b46a Fix downgrading from TLS v1.3 to TLS v1.2 
Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when
downgrading.
Added support in client and server examples for using downgrade method:
wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex().
Add tests, using downgrade version, of client or server downgrading from
TLS v1.3 to TLS v1.2.
 2018-02-22 12:48:50 +10:00
Sean Parkinson dc4edd0cd9 SNI fix for nginx 2018-02-21 23:48:43 +10:00
Sean Parkinson d1f19e8ecc Fix resumption code around when not available 
Can't set a ticket if the encryption callback is NULL.
If no useable pre-shared key is found then we won't do PSK.
 2018-02-21 17:45:13 +10:00
toddouska 7a2aa6bc13
Merge pull request #1382 from dgarske/cleanup_strncpy 
Fixes for ensuring null termination on all strncpy calls
 2018-02-20 08:18:08 -08:00
Jacob Barthelmeh a275022dbe account for pwdbased being enabled with x509small 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 33b699f81a macro guards on PEM strings 2018-02-19 17:32:39 -07:00
David Garske e4df21df94 More cleanup for const strings. 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 4614bd4e56 scan-build warning and AES key size builds for ARMv8 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 94b7ab92f3 fix for unused variable 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 801ce67fc9 surround BIO function with macro guard 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 2a15b3912b revert pkcs7 attrib structure for scep and add more macro guards for AES key size 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh c9525d9c1d add opensslextra=x509small build option 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh ae2306ebcf more structure packing and macro guards 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 02753e53a5 add some of AES key size macros to benchmark.c and test.c 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh c2f660c0fc first round of adding AES key size macros 2018-02-19 17:23:49 -07:00
David Garske 44079e4bb8 Fixes for ensuring null termination on all strncpy calls. Cleanup of the null termination character '\0'; for char types. 2018-02-19 13:33:16 -08:00
Jacob Barthelmeh f569645212 add wolfSSL_SHA256 function 2018-02-16 16:57:45 -07:00
Jacob Barthelmeh a651b08afa add wolfSSL_AES_ecb_encrypt function 2018-02-16 15:08:31 -07:00
Jacob Barthelmeh 488a795747 add wolfSSL_PEM_read_bio_RSAPrivateKey function 2018-02-15 22:34:50 -07:00
toddouska ad1fc26d4e
Merge pull request #1370 from JacobBarthelmeh/Testing 
check on verify depth for certificates with opensslextra
 2018-02-14 16:29:25 -08:00
David Garske 9ff97997a6
Merge pull request #1360 from SparkiDev/sp_math 
Minimal implementation of MP when using SP.
 2018-02-14 15:49:23 -08:00
Jacob Barthelmeh 2e15842ef2 revert verify depth check and increase array size to account for possible cert index 2018-02-14 10:01:22 -07:00
toddouska 4d04f0951c
Merge pull request #1363 from SparkiDev/tls13_draft23 
Support TLS v1.3 Draft 23
 2018-02-13 11:39:53 -08:00
Jacob Barthelmeh 6f1e5383da check on verify depth for certificates with opensslextra 2018-02-13 10:29:23 -07:00
toddouska e254f25baf
Merge pull request #1359 from SparkiDev/nginx_fixes 
Fixes to get Nginx working again.
 2018-02-09 13:17:38 -08:00
Sean Parkinson 0da8694ff3 Fix Hello Retry Request parsing of new KeyShare choice 2018-02-09 11:12:04 +10:00
Sean Parkinson 9a0c822582 Support TLS v1.3 Draft 23 
Change KeyShare number.
Support SignatureAlgorithmsCert extension - nothing done with
information as only one chain supported on server.
Compiling for Draft 22 supported: --enable-tls-draft22
Compiling for Draft 18 still supported.
 2018-02-09 10:42:15 +10:00
Sean Parkinson a3a4f2d59c Minimal implementation of MP when using SP. 
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
 2018-02-08 15:50:17 +10:00
Sean Parkinson 297fb1a447 Fixes to get Nginx working again. 
Only use weOwnDH as Nginx can change from client to server.
Allow TLS v1.3 with client method for Nginx.
 2018-02-08 11:14:31 +10:00
Kaleb Himes 266b6fe7a7
Merge pull request #1356 from JacobBarthelmeh/Compatibility-Layer 
Fix for Windows FIPS build
 2018-02-07 13:18:36 -07:00
Jacob Barthelmeh 47aa4bbe2f handle disable md5 case 2018-02-07 10:44:16 -07:00
Jacob Barthelmeh 61da8ec1dc Fix for Windows FIPS build 2018-02-07 10:13:28 -07:00
Jacob Barthelmeh a1a1ca9991 Fix for build with having opensslextra and IGNORE_NAME_CONSTRAINTS 2018-02-07 09:54:24 -07:00
David Garske 172989c3c4
Merge pull request #1343 from ghoso/dev201801 
Fix decryption error when EVP_CipherInit is called mulitple times.
 2018-02-05 16:51:08 -08:00
Sean Parkinson 82850422fc
Merge pull request #1338 from JacobBarthelmeh/Testing 
set have session id flag
 2018-02-05 14:58:55 -08:00
toddouska 7ad0ea808c
Merge pull request #1341 from JacobBarthelmeh/master 
fix build for OLD_HELLO_ALLOWED macro
 2018-02-02 10:53:16 -08:00
toddouska d63373066b
Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer 
add comments and better error checking for PKCS8 strip
 2018-02-02 10:50:29 -08:00
Go Hosohara 0101440cc8 Fix decryption error when EVP_CipherInit is called mulitple times. 2018-01-31 17:08:06 +09:00
Jacob Barthelmeh 580a55ce49 fix build for OLD_HELLO_ALLOWED macro 2018-01-29 14:55:32 -07:00
Jacob Barthelmeh ca5b1dbbcb set have session id flag 2018-01-26 14:18:36 -07:00
Sean Parkinson 6e6085501d Make TLSX_SetResponse available in client and server 2018-01-21 18:12:34 -08:00
Jacob Barthelmeh 1428934ad5 add comments and better error checking for PKCS8 strip 2018-01-19 16:53:12 -07:00
toddouska d5c1cf4fc7
Merge pull request #1327 from dgarske/ignore_file_warn 
Added `WOLFSSL_IGNORE_FILE_WARN` option
 2018-01-19 14:51:31 -08:00
toddouska 2efe7f6d96
Merge pull request #1319 from JacobBarthelmeh/Compatibility-Layer-Part5 
Compatibility layer part4
 2018-01-19 14:49:12 -08:00
Jacob Barthelmeh be98e3e7f3 build condition for SendAlerts and fix free of x509 store 2018-01-19 09:48:02 -07:00
Jacob Barthelmeh 025ba1445e add WOLFSSL_VERIFY_CB_ALL_CERTS macro 2018-01-18 18:26:32 -07:00
Jacob Barthelmeh 377f5c304c update for async build and include for getenv 2018-01-18 09:05:21 -07:00
Jacob Barthelmeh 2a308bdda9 add some comments and return domain name 2018-01-17 17:39:17 -07:00
Jacob Barthelmeh a0f5126076 build option fixes 2018-01-17 16:40:06 -07:00
David Garske 1276d21d8e Added `WOLFSSL_IGNORE_FILE_WARN` option to ignore warning for `.c` files that do not need to be included. 2018-01-17 13:27:59 -08:00
toddouska 54acc2df51
Merge pull request #1318 from SparkiDev/tls13_draft22 
Changes for TLS v1.3 Draft 22
 2018-01-17 11:22:50 -08:00
Jacob Barthelmeh 19288ea127 casting values, update names, g++ build 2018-01-17 12:18:00 -07:00
Jacob Barthelmeh 676e2f1f63 add comments and remove 2999 bit rsa key test for now 2018-01-17 11:19:21 -07:00
dgarske 2dc60b9e01
Merge pull request #1321 from SparkiDev/fe_init_small_fix 
Fix fe_init implementation to appear for small Ed25519
 2018-01-17 08:30:13 -08:00
Jacob Barthelmeh bf57da1914 static analysis fixes, free buffer return in test case, fips build 2018-01-17 09:28:25 -07:00
Sean Parkinson c09d972012 Fix fe_init implementation to appear for small Ed25519 2018-01-17 11:34:22 +10:00
Sean Parkinson 5f14de33e7 Changes for TLS v1.3 Draft 22 
Middlebox compatibility available too.
 2018-01-17 09:38:11 +10:00
Takashi Kojo dce628ae8e Eliminate dup _InitHmac 2018-01-16 14:59:48 -07:00
Takashi Kojo 56efe657fc save iPad, oPad. test long key 2018-01-16 14:57:53 -07:00
Takashi Kojo 30e6ec5396 HMAC_CTX_copy, copy save_len, save_key 2018-01-16 14:54:44 -07:00
Takashi Kojo e93d7d3c93 fix for MD5 case, "recover hmac", in HMAC_init 2018-01-16 14:54:44 -07:00
Takashi Kojo 937c759998 HMAC_Init, keylen arg check 2018-01-16 14:54:44 -07:00
Takashi Kojo f38a321e64 HMAC_Init_ex with NULL key to recover Hmac initial state 2018-01-16 14:54:43 -07:00
Takashi Kojo ed0d4d3b06 Add ECB in wolfSSL_EVP_get_cipherbyname 2018-01-16 14:51:44 -07:00
Takashi Kojo 13325606b7 Peer cert ASN PARSE ERROR 2018-01-16 14:51:42 -07:00
Takashi Kojo 6f44969e23 Signature check compatibility 2018-01-16 14:48:56 -07:00
Takashi Kojo 2fdf98ebd4 eliminate redandant pad block, DES3 2018-01-16 14:48:56 -07:00
Go Hosohara e8d628f61b wrap up no certificate alert related code in OPENSSL_EXTRA directive. 2018-01-16 14:48:55 -07:00
Takashi Kojo f690a980bf Avoid duplicated callback when error is overriden 2018-01-16 14:48:53 -07:00
Jacob Barthelmeh 92c9ff5f48 reset cipher suites after call to wolfSSL_set_options 2018-01-16 14:45:58 -07:00
Takashi Kojo 0a3d6534c7 add SanityCheckMsgReceived in ProcessOldClientHello 2018-01-16 14:42:17 -07:00
Go Hosohara d6e22346e3 Regarding with commit #4899aad884880bb8ef1859ea6b57eded013cd2b4, send no certificate alert only if SSLv3, otherwise proceed with size 0 certificate. 2018-01-16 14:42:17 -07:00