feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
4,982 Commits 28 Branches 172 Tags
63dcacb43777a9abdd35abb3863e70c495b7b478
Commit Graph

772 Commits

Author SHA1 Message Date
toddouska
092916c253 Merge pull request #536 from ejohnstown/dtls-sctp 
DTLS over SCTP
 2016-08-30 13:09:40 -07:00
David Garske
2ecd80ce23 Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined. 2016-08-29 10:38:06 -07:00
John Safranek
a6c0d4fed7 1. Added missing -DWOLFSSL_SCTP to configure.ac. 
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
 2016-08-26 19:58:36 -07:00
John Safranek
c1970434d1 simplify the SCTP options 2016-08-26 19:43:52 -07:00
John Safranek
ebbf5ec72b add new options and accessors for SCTP 2016-08-26 19:40:50 -07:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
toddouska
d74fa8299a add resume session string script check, make GetDeepCopySession static local and check reutrn code 2016-08-15 09:32:36 -07:00
David Garske
b0e4acaac1 Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined. 2016-08-08 10:29:58 -07:00
David Garske
d8c63b8e66 Various improvements to support openssl compatibility. 
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
 2016-08-05 14:15:47 -07:00
Jacob Barthelmeh
e8f7d78fc4 add helper functions for choosing static buffer size 2016-07-21 12:11:15 -06:00
toddouska
b81e687bf3 Merge pull request #490 from JacobBarthelmeh/master 
Static Memory Fixes
 2016-07-20 20:27:03 -07:00
toddouska
8f2af608a7 Merge pull request #492 from JacobBarthelmeh/staticmemory 
set heap hint for ctx
 2016-07-20 20:25:38 -07:00
toddouska
1b980867d6 fix rsablind other builds 2016-07-20 11:35:57 -07:00
Jacob Barthelmeh
5d8a78be30 set heap hint for ctx 2016-07-20 11:47:36 -06:00
Jacob Barthelmeh
1f5b6d4e66 sanity check on buffer size 2016-07-20 11:44:22 -06:00
David Garske
7a1acc7e56 Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance. 2016-07-07 10:59:45 -07:00
toddouska
eb072e0344 Merge pull request #463 from JacobBarthelmeh/master 
update mysql port
 2016-06-28 14:56:57 -07:00
toddouska
981cf9cbcb Merge pull request #462 from cconlon/bug-fixes 
PemToDer Bug Fixes
 2016-06-28 09:58:18 -07:00
Jacob Barthelmeh
f18ff8bfa4 update mysql patch 2016-06-27 15:44:52 -06:00
toddouska
ac6635593b Revert "Bio" 2016-06-27 10:53:34 -07:00
Chris Conlon
9c7bea46d2 fix out of bounds read in PemToDer with 0 size der buffer, CU #4 2016-06-27 10:53:19 -06:00
Chris Conlon
92e501c8e4 fix possible out of bound read in PemToDer header, CU #3 2016-06-27 10:53:19 -06:00
Chris Conlon
2951e167b5 check return code of PemToDer in wolfSSL_CertManagerVerifyBuffer, CU #2 2016-06-27 10:23:22 -06:00
Chris Conlon
8fac3fffea fix possible out of bounds read in PemToDer, CU #1 2016-06-27 10:23:22 -06:00
toddouska
3a18b057d7 Merge pull request #460 from dgarske/DerBufMemcpyCleanup 
Cleanup of DerBuffer duplication
 2016-06-24 14:51:30 -07:00
Ludovic FLAMENT
0c43123a01 Fix BIO based on review 2016-06-24 10:54:58 +02:00
David Garske
b0f7d819bd Cleanup of DerBuffer duplication that was using memcpy still after refractor and should be direct pointer copy. 2016-06-23 18:14:22 -07:00
Jacob Barthelmeh
f6bbe845f5 Merge https://github.com/wolfSSL/wolfssl into bio 2016-06-22 09:14:53 -06:00
toddouska
335865a5b2 Merge pull request #447 from ejohnstown/dtls-retx 
DTLS Retransmit Fix
 2016-06-20 15:46:55 -07:00
toddouska
a859cf189d Merge pull request #443 from ejohnstown/new-ccm-suite 
Add cipher suite ECDHE-ECDSA-AES128-CCM
 2016-06-20 15:34:55 -07:00
David Garske
eb1d8d5df6 Fix for NID names on NIST prime 192 and 256 curves. Cleanup of the memcpy/memset in .i files to use portable names. 2016-06-17 15:59:25 -07:00
Jacob Barthelmeh
ea71814518 Merge https://github.com/wolfSSL/wolfssl 2016-06-17 13:58:53 -06:00
John Safranek
8f3c56c03f Fix where the last flight was getting retransmit on timeout notification. 2016-06-15 18:44:25 -07:00
David Garske
5703e5eadb ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size. 2016-06-15 08:41:51 -07:00
David Garske
bb17bac018 Updated the naming for the ECC curve sets. Additional comments for each curve parameter. 2016-06-14 16:56:22 -07:00
John Safranek
2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM 
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
 2016-06-13 14:39:41 -07:00
toddouska
a156cedabc Merge pull request #435 from JacobBarthelmeh/staticmemory 
Staticmemory
 2016-06-10 17:03:49 -07:00
Jacob Barthelmeh
3d3591a227 typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set 2016-06-10 14:13:27 -06:00
Jacob Barthelmeh
ea3d1f8e17 extended method function 2016-06-09 23:41:51 -06:00
toddouska
6551c9fcab add getter for max output size 2016-06-09 14:51:07 -07:00
Jacob Barthelmeh
7943f68f2a run allocation tool on ocsp and check for mallocs 2016-06-09 12:03:28 -06:00
Jacob Barthelmeh
8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
664d2190ba session ticket extension fix with static memory heap hint 2016-06-08 10:50:20 -06:00
toddouska
a2d7ba0dd9 add output size getter 2016-06-08 09:32:34 -07:00
Jacob Barthelmeh
e214086dce tlsx with static memory / account for session certs size 2016-06-08 09:18:43 -06:00
Jacob Barthelmeh
e1edadafe1 ocsp with static memory, remove unused function 2016-06-06 16:19:33 -06:00
Jacob Barthelmeh
db90594909 adjust pointer cast, ssl rng with fips and unused param 2016-06-06 14:32:49 -06:00
Jacob Barthelmeh
2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
toddouska
3f205d19f4 add wolfSSL and wolfSSL_CTX LoadCRLBuffer() 2016-06-03 15:13:16 -07:00
toddouska
a4fa4d5253 Merge pull request #431 from JacobBarthelmeh/master 
sanity checks on wolfSSL_dtls_get_peer arguments
 2016-05-26 14:46:58 -07:00