feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
6,866 Commits 28 Branches 172 Tags
54a006f47dba05b98fd7dfa2cf18dbed81e74593
Commit Graph

1199 Commits

Author SHA1 Message Date
John Safranek
431a0cbea9 Multicast 
1. Since multicast's only cipher suite uses null cipher
   automatically enable it.
2. Add options to example client and server to start
   testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
 2017-07-19 13:31:39 -07:00
John Safranek
b616b8df02 Multicast DTLS 
1. Update API
2. Update unit test
3. Partially implemented wolfSSL_set_secret().
 2017-07-19 13:26:23 -07:00
John Safranek
5154584576 Multicast DTLS 
1. Add DTLS-multicast to the enable options.
2. Reorg DTLS related enable options together.
3. Update a couple enable option texts to use the AS_HELP_STRING() macro.
4. Add three new APIs for managing a DTLS Multicast session.
5. Add test code for new APIs.
6. Add stub code for the new APIs.
 2017-07-19 13:26:23 -07:00
toddouska
b02c995fff add NULL checks to check_domain_name() 2017-07-12 10:16:31 -06:00
Sean Parkinson
31ac379c4f Code review fixes 
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
 2017-07-06 15:32:34 +10:00
Sean Parkinson
5bddb2e4ef Changes for Nginx 
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
 2017-07-04 09:37:44 +10:00
Sean Parkinson
d2ce95955d Improvements to TLS v1.3 code 
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
 2017-06-29 09:00:44 +10:00
toddouska
d017274bff Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix 
Fix potential buffer over-read in PemToDer()
 2017-06-22 10:07:11 -07:00
dgarske
06fa3de31c Merge pull request #980 from SparkiDev/tls13_0rtt 
TLS v1.3 0-RTT
 2017-06-22 09:44:41 -07:00
Levi Rak
a37808b32c Sanity checkes added 2017-06-21 17:14:20 -06:00
Levi Rak
247388903b Remove double cast + move min() calls 2017-06-21 13:56:34 -06:00
David Garske
d75a9f2436 Fix for wc_ReadDirFirst to return non-zero value if no files found. Fix for wolfSSL_CTX_load_verify_locations to not return failure due to wc_ReadDirNext “no more files” -1 response. 2017-06-21 10:36:49 -07:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
toddouska
8b637cbd1b Merge pull request #967 from dgarske/fix_qat 
Fixes and Improvements for Intel QuickAssist
 2017-06-20 14:49:56 -07:00
Sean Parkinson
d5b1698c43 Fix for Nginx - return specific error when at end of file 2017-06-20 09:27:24 +10:00
Levi Rak
17936d65e0 please Jenkins + a bit of cleanup 2017-06-16 12:27:59 -06:00
Levi Rak
4389d271cc Fixed potential buffer overflows when configured with --enable-opensslextra 2017-06-16 11:02:06 -06:00
Jacob Barthelmeh
bb6582896d add sanity check for wolfSSL_X509_NAME_oneline function 2017-06-15 11:55:37 -06:00
David Garske
68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware. 2017-06-14 15:11:43 -07:00
toddouska
b778ddfea2 Merge pull request #957 from SparkiDev/tls13_updates 
Tls13 updates
 2017-06-14 14:59:11 -07:00
Sean Parkinson
89e6ac91bf Improve PSK timeout checks 
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
 2017-06-14 11:28:53 -07:00
Nickolas Lapp
1e94868432 Add LINUX SGX Support for building of wolfSSL static library. See README 
in IDE/LINUX-SGX/README.md.
 2017-06-13 17:34:45 -07:00
David Garske
ce231e0cbc Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages. 2017-06-12 11:42:48 -07:00
toddouska
7cc455259e Merge pull request #941 from SparkiDev/ed25519 
ED25519 with certificates and TLS
 2017-06-12 10:47:21 -07:00
kaleb-himes
a00165768c Fix compile error, too many args with --enabl-wpas 2017-06-08 13:34:44 -06:00
Sean Parkinson
1db52f0c04 Fix to use different PEM header for EDDSA keys 
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
 2017-06-08 09:26:49 +10:00
Sean Parkinson
613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
Sean Parkinson
5d5ff56336 External PSK working in TLS13 2017-06-07 17:20:22 +10:00
toddouska
77dbf539c8 Merge pull request #934 from JacobBarthelmeh/mysql 
some MYSQL updates for cmake and with sun 64 bit
 2017-05-23 15:01:39 -07:00
toddouska
d2b6ab0796 Merge pull request #935 from JacobBarthelmeh/Testing 
remove size_t dependency with default build
 2017-05-23 14:58:50 -07:00
toddouska
6b09a7c6e1 Merge pull request #922 from SparkiDev/tls_pss 
TLS v1.2 and v1.3 RSA PSS
 2017-05-23 14:57:10 -07:00
Sean Parkinson
8920cd89e4 Fixes from review 2017-05-22 09:09:31 +10:00
Jacob Barthelmeh
398c27d848 remove size_t dependency with default build 2017-05-19 16:16:08 -06:00
Sean Parkinson
4390f4c711 TLS v1.2 and PSS 
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
 2017-05-19 11:49:43 +10:00
Sean Parkinson
5ef977aa3d Put X25519 behind P256 
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
 2017-05-19 10:58:43 +10:00
Jacob Barthelmeh
2086394a35 compatibility of get cipher list function and update cmake files 2017-05-18 14:36:34 -06:00
Sean Parkinson
63a6618feb Enable X25519 for Key Exchange in TLS 2017-05-17 08:58:12 +10:00
Sean Parkinson
c8e6c64e51 Fix warning when building for Windows 2017-05-15 10:04:42 +10:00
Sean Parkinson
4d77e80d04 Fix loading of CRLs and certs. 
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
 2017-05-15 10:04:42 +10:00
Jacob Barthelmeh
0374907acc allow re-using WOLFSSL structure after calling shutdown 2017-05-12 13:54:20 -06:00
David Garske
562db08c3d Implemented strict switch fall-through handling using new macro FALL_THROUGH. 2017-05-11 15:15:19 -07:00
David Garske
c0c98c8f64 Fixes to address build warnings for GCC 7. Used -Wimplicit-fallthrough=0 to suppress all switch fall-through warnings. 2017-05-11 15:12:16 -07:00
David Garske
e8cf4b5ff0 Coverity fixes for TLS 1.3, async, small stack and normal math. 2017-05-09 09:13:21 -07:00
Sean Parkinson
2b1e9973ec Add TLS v1.3 as an option 2017-05-04 14:51:30 -07:00
Jacob Barthelmeh
aa990ed1ce in error case close FILE 2017-05-02 14:54:27 -06:00
Jacob Barthelmeh
dbb67d8582 warnings for builds of haproxy, nginx, and leanpsk 2017-05-02 14:29:53 -06:00
toddouska
27aafd674a Merge pull request #886 from dgarske/fixes_coverity2 
Fixes for coverity scan (part 2)
 2017-05-02 08:53:03 -07:00
toddouska
f61380da21 Merge pull request #870 from kaleb-himes/PSK-UPDATE 
Update PSK identity length per RFC 4279 - section 5.3
 2017-05-01 19:04:32 -07:00
David Garske
9491027c85 Fixes for coverity scan (part 2). 2017-05-01 16:34:24 -07:00