feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
8,494 Commits 28 Branches 172 Tags
6953677a8fee242b42785b164ffb17db3f217191
Commit Graph

342 Commits

Author SHA1 Message Date
Jacob Barthelmeh
990e1f3ddf implement wolfSSL set msg callback function 2018-01-16 10:39:20 -07:00
Takashi Kojo
8c000c05ee refactor MDK options in client/server.c 2018-01-11 06:55:50 +09:00
Takashi Kojo
76e1a34fd0 update SimpleClient example 2018-01-11 06:53:32 +09:00
Moisés Guimarães
263525d812 enables OCSPStapling CM for ocspstapling2 2017-12-26 22:57:20 -03:00
Moisés Guimarães
43c234029b adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts 2017-12-26 22:32:21 -03:00
David Garske
4712376ce1 Fix for OCSP non-blocking with check all flag set. 2017-12-19 16:52:47 -08:00
David Garske
de05c563b6 Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS. 2017-12-08 03:12:33 +01:00
dgarske
8c15c65343 Merge pull request #1216 from abrahamsonn/windows-errors 
Windows errors
 2017-11-21 15:21:14 -08:00
abrahamsonn
f17470b42b Added more of the requested changes & made an attempt to remove merge conflicts 2017-11-14 15:05:32 -07:00
David Garske
d5cc3ca198 Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default). 2017-11-14 14:01:31 -08:00
David Garske
5a5fea7b46 Add USE_SLOW_SHA256 and USE_SLOW_SHA512 options for reduced code size of SHA. Existing USE_SLOW_SHA2 applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new ./configure --lowresource option, which defines the memory reduction defines. Fix for make check resume.test scipt with NO_SESSION_CACHE defined. 2017-11-09 11:05:28 -08:00
David Garske
0e34f35c08 Increase the static memory pool in client to better support ECC or session certs. 2017-11-02 09:48:43 -07:00
David Garske
6369794b6f Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory. 2017-11-02 09:48:43 -07:00
David Garske
a4f94366a4 Added static memory code to client example. 2017-11-02 09:48:43 -07:00
toddouska
8a01d725da Merge pull request #1177 from dgarske/certreq_tests 
Testing improvements for cert gen and TLS cert validation
 2017-10-24 08:21:37 -07:00
David Garske
911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske
024c8725ad Testing improvements for cert gen and TLS cert validation: 
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
 2017-10-19 16:17:51 -07:00
David Garske
c9558ee27b Updated a few more old names. Added PR for new configs to Jenkins. 2017-10-18 10:38:27 -07:00
David Garske
6021c37ec7 Refactor WOLF_SSL_ to WOLFSSL_ (much better). 2017-10-11 09:10:43 -07:00
David Garske
6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
Jacob Barthelmeh
f6ad5524eb remove invalid test-qsh version tests, revert if statement check in internal.c 2017-08-17 11:27:47 -06:00
Sean Parkinson
038d16212f Fixes for LEANTLS and TLS13 builds 2017-07-26 10:43:36 +10:00
John Safranek
6223f4cd8e fix a couple rebase merge errors 2017-07-19 13:38:31 -07:00
David Garske
b40aad3f9e Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled. 2017-07-19 13:35:59 -07:00
John Safranek
431a0cbea9 Multicast 
1. Since multicast's only cipher suite uses null cipher
   automatically enable it.
2. Add options to example client and server to start
   testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
 2017-07-19 13:31:39 -07:00
Sean Parkinson
5bddb2e4ef Changes for Nginx 
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
 2017-07-04 09:37:44 +10:00
Sean Parkinson
d2ce95955d Improvements to TLS v1.3 code 
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
 2017-06-29 09:00:44 +10:00
David Garske
47cc3ffdbc Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined. 2017-06-26 23:05:32 -07:00
dgarske
06fa3de31c Merge pull request #980 from SparkiDev/tls13_0rtt 
TLS v1.3 0-RTT
 2017-06-22 09:44:41 -07:00
Sean Parkinson
08a0b98f52 Updates from code review 2017-06-22 12:40:41 +10:00
toddouska
9ead657723 Merge pull request #989 from dgarske/testing 
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
 2017-06-21 14:10:49 -07:00
David Garske
2f9f746053 Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test. 2017-06-21 10:36:49 -07:00
Sean Parkinson
decdf7ae8b Cleanup 2017-06-21 16:56:51 +10:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
David Garske
ee83710a0a Fix for building only curve small and ed disabled. Fix for client assuming supported curves is enabled with curve. 2017-06-16 16:17:01 -07:00
Sean Parkinson
89e6ac91bf Improve PSK timeout checks 
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
 2017-06-14 11:28:53 -07:00
David Garske
adf819458c Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX. 2017-06-13 09:44:14 -07:00
Sean Parkinson
a30e8eb4ad Fix for benchmarking X25519 2017-06-08 09:26:49 +10:00
Sean Parkinson
5d5ff56336 External PSK working in TLS13 2017-06-07 17:20:22 +10:00
Sean Parkinson
0b32d0368f Updates for Draft 20 of TLS v1.3 2017-06-02 15:59:49 +10:00
Sean Parkinson
8920cd89e4 Fixes from review 2017-05-22 09:09:31 +10:00
Sean Parkinson
5ef977aa3d Put X25519 behind P256 
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
 2017-05-19 10:58:43 +10:00
toddouska
dcd3a6a478 Merge pull request #907 from dgarske/fix_verifycb 
Fixes for verify callback override
 2017-05-12 16:45:55 -07:00
David Garske
05d2032661 Fix for useVerifyCb variable not used warning with NO_CERTS defined. 2017-05-11 12:57:12 -07:00
David Garske
2efa7d5b8b Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo. 2017-05-11 12:23:17 -07:00
David Garske
e8cf4b5ff0 Coverity fixes for TLS 1.3, async, small stack and normal math. 2017-05-09 09:13:21 -07:00
David Garske
efb4b3c183 Fix for unit test with non-blocking set. 2017-05-04 14:51:31 -07:00
David Garske
77f9126edf Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify. 2017-05-04 14:51:31 -07:00
Sean Parkinson
2b1e9973ec Add TLS v1.3 as an option 2017-05-04 14:51:30 -07:00
David Garske
db63fe83d4 Initial pass at fixes for coverity scan. 2017-04-28 14:59:45 -07:00