wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 17:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,622 Commits 12 Branches 184 Tags
078db9e4453eaaa1a464fc520fb86d14691d72c6
Commit Graph

3184 Commits

Author SHA1 Message Date
David Garske
6e4ab91ccf Merge pull request #1915 from JacobBarthelmeh/Testing 
fix side init for set connect/accept functions
 2018-11-07 09:24:44 -08:00
toddouska
24e2a2b228 Merge pull request #1912 from dgarske/fix_BN_bn2hex 
Fixes for compatibility function `BN_bn2hex`
 2018-11-07 08:35:15 -08:00
toddouska
5d8f4351ff Merge pull request #1903 from dgarske/dhkeycheck 
Speed improvements for DH public key prime checking
 2018-11-06 16:35:27 -08:00
Jacob Barthelmeh
7a2a66743b fix side init for set connect/accept functions 2018-11-06 16:48:06 -07:00
toddouska
2c7ff56a3e Merge pull request #1907 from JacobBarthelmeh/Testing 
infer and g++ build fixes
 2018-11-06 08:48:28 -08:00
David Garske
efb1efcc0d Fixes and additional tests for compatibility function BN_bn2hex. In the DEBUG_WOLFSSL case it was returning a (char*)"", which was trying to be free'd. We cannot return const char* here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since OPENSSL_free is used to free returned value. Fix to add room for null term. Added missing API unit test for BN_print_fp. Exposed these functions for OPENSSL_EXTRA. 2018-11-06 05:55:25 -08:00
Eric Blankenhorn
d61ae3a02a Handle incomplete shutdown 2018-11-05 10:30:48 -06:00
John Safranek
c1ca1f1b78 Remove DH prime check on selftest/fips builds. 2018-11-02 12:55:07 -07:00
John Safranek
cfafbd9659 Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh(). 2018-11-02 11:01:39 -07:00
Jacob Barthelmeh
a953a3141e infer and g++ build fixes 2018-11-01 09:59:35 -06:00
David Garske
f6093e1e0d Fixes to remove DH prime checks for server side DH parameters. 2018-10-30 15:51:47 -07:00
Chris Conlon
def7a91e70 fix CAVP selftest build errors 2018-10-30 16:35:45 -06:00
David Garske
f4b0261ca7 Fix to not do prime test on DH key the server loaded. Now it will only do the prime test on the peer's provided public DH key using 8 miller rabbins. Refactored the fast math miller rabin function to reuse mp_int's, which improved peformance for mp_prime_is_prime_ex from 100ms to 80ms. Normal math mp_prime_is_prime_ex is ~40ms (as-is). Added test for wc_DhSetCheckKey. 2018-10-30 11:20:07 -07:00
toddouska
ae07ba93ad Merge pull request #1894 from dgarske/pk_keysize 
Fixes for key size detection when using PK callbacks
 2018-10-26 09:46:10 -07:00
David Garske
d21603334b Added build option USE_ECDSA_KEYSZ_HASH_ALGO to alter the hash algorithm selection for ecc_dsa_sa_algo. With this build option we try and choose a hash algorithm digest size that matches the ephemeral key size, if not found then will match on next highest. We've seen cases with some Windows based TLS client's where they do not properly support hashing a smaller ephemeral key with a larger hash digest size (such as P-256 key and SHA512 hash). 2018-10-25 09:19:35 -07:00
David Garske
86758f9640 Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects HAVE_PK_CALLBACKS on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API wc_RsaPublicKeyDecode_ex for parsing an RSA public key for the modulus and exponent. Changed wolfSSL_CTX_SetTmpEC_DHE_Sz to support a size == 0 for using the long-term private key's size. Changed ECDHE_SIZE so it can be overridden and build-time. Added tests for wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. 2018-10-25 09:15:23 -07:00
David Garske
c4d6f886b7 Revert change from PR #1845 commit 24f9f12844. This ensure the ephemeral key is P-256 or the overridden value determined by wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. This restores previous behavior from last release. 2018-10-24 09:48:03 -07:00
toddouska
0eb115e7a1 Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX 
Fixes to resolve skipped tests with ECC disabled
 2018-10-24 09:30:47 -07:00
Sean Parkinson
7586e1df42 Only do early data in initial handshake when using PSK 2018-10-24 09:47:30 +10:00
David Garske
0b720c4412 Fixes for TLSv1.3 early data. 2018-10-22 11:35:40 -07:00
David Garske
c268829b68 Fix bug with SendClientKeyExchange and ifdef logic for ecdhe_psk_kea, which was preventing ECDHE-PSK from working if HAVE_CURVE25519 was defined. Disabled broken downgrade test in test-tls13-down.conf (@SpariDev will need to investigate). Various spelling fixes. 2018-10-19 13:21:56 -07:00
David Garske
095337b1cf Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3 
Test coverage 3
 2018-10-17 13:47:10 -07:00
toddouska
dcb105deff Merge pull request #1876 from dgarske/max_frag_256 
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`
 2018-10-17 13:21:57 -07:00
kaleb-himes
5ca822b1e9 Peer review changes requested 2018-10-17 10:46:45 -06:00
David Garske
4adaeb8585 Added new 256-byte max fragment option WOLFSSL_MFL_2_8. 2018-10-15 17:06:21 -07:00
David Garske
7c3313481a Fix for memory cleanup cases in MakeTlsMasterSecret. 2018-10-15 13:22:55 -07:00
David Garske
a0608151cf Fix for the WOLFSSL_NONBLOCK_OCSP case to reset the error code as well. 2018-10-12 11:20:13 -07:00
David Garske
23a0f3cfa1 Added new WOLFSSL_SSLKEYLOGFILE define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using WOLFSSL_SSLKEYLOGFILE_OUTPUT. 2018-10-12 10:47:30 -07:00
David Garske
52210c9d16 Improved error trapping in BuildTlsHandshakeHash, without altering timing. 2018-10-12 10:45:47 -07:00
David Garske
fc77ed068c Fix for verify callback to not report override when there is no error. Cleanup of the myVerify example callback return code handling. 2018-10-12 10:45:20 -07:00
David Garske
6fbeae8f11 Fixes for building with WC_ASYNC_NO_SHA256. Improvements with WC_ASYNC_NO_HASH or WC_ASYNC_ENABLE_ECC to avoid unnecessary memory allocations. 2018-10-12 10:44:26 -07:00
David Garske
fec726f10a Fix for async issue with receiving multiple TLS records (server_key_exchange and server_hello_done) in same packet, which may miss call to DoHandShakeMsgType -> HashInput because ssl->error is still marked pending WC_PENDING_E. 2018-10-12 10:39:40 -07:00
toddouska
0b78b75530 Merge pull request #1860 from dgarske/tls_either_side 
Methods cleanup and new DTLS "either" side methods
 2018-10-12 07:35:17 -07:00
David Garske
1fd791da21 Fix to check response code on InitSSL_Side calls. 2018-10-11 15:50:22 -07:00
John Safranek
b404d4805f Skip Server Supported Curve Extension 
Added a build option, WOLFSSL_ALLOW_SERVER_SC_EXT, that skips the
client's parsing of the supported curve extension if sent by the
server for sessions using < TLSv1.3. The server doesn't need to send it
and the RFCs don't specify what should happen if it does in TLSv1.2, but
it is sent in response from one particular Java based TLS server.
 2018-10-11 15:21:32 -07:00
kaleb-himes
23797ab4cb wolfSSL_AES_cbc_encrypt unit tests, TODO: Decrypt 2018-10-10 15:59:10 -04:00
David Garske
0293686990 Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server. 2018-10-09 12:54:41 -07:00
toddouska
355048230f Merge pull request #1866 from dgarske/openssl_leak_fix 
Fix leaks in compatibility functions `wolfSSL_X509_print` and `wolfSSL_i2d_RSAPublicKey`
 2018-10-08 09:38:26 -07:00
toddouska
7a02832547 Merge pull request #1849 from dgarske/asn_piv 
Added ASN certificate PIV and GZIP support
 2018-10-08 09:32:19 -07:00
David Garske
1ed50a40e7 Fix for wolfSSL_i2d_RSAPublicKey leak. 2018-10-05 14:09:12 -07:00
David Garske
cec61ac3c9 Fix for leak in wolfSSL_X509_print, where the RsaKey is not free'd. Cleanup of formatting. 2018-10-04 16:51:51 -07:00
David Garske
1d7c4f96fa Fix windows build warning with side data type mismatch. 2018-10-04 16:10:50 -07:00
David Garske
bbdb17975c Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes. 2018-10-04 15:47:50 -07:00
Tesfa
f83ea9a9d5 Fixed MINGW32 build errors 2018-10-03 13:58:51 -07:00
David Garske
680a863054 Added support for building with certificate parsing only. ./configure --enable-asn=nocrypt. Added new API for parsing PIV format certificates wc_ParseCertPIV with WOLFSSL_CERT_PIV build option. Added wc_DeCompress_ex with ability to decompress GZIP. Moved the ZLIB error codes into wolfCrypt. 2018-10-02 15:18:56 -07:00
David Garske
f19f803098 Fix for possible leak with openssl comatibility API wolfSSL_d2i_ECDSA_SIG when fast math is disabled. 2018-09-27 11:39:30 -07:00
Chris Conlon
8ccd715f31 Merge branch 'master' into openssl_compat201805 2018-09-26 11:06:26 -06:00
John Safranek
18a27cfe75 Changed the DecodedCert's der pointer to be a pointer to const. The 
DecodedCert doesn't own the der value, so it should be const. Had to
make many other changes downstream of this.
 2018-09-25 12:55:52 -07:00
Go Hosohara
ff5506faf2 define wolfSSL_OPENSSL_add_all_alogrithms_noconf alias for wolfSSL_OpenSSL_add_all_algorithms_noconf and some fixes 2018-09-25 15:39:56 +09:00
Takashi Kojo
71863c462e (void) for unused in NO_RSA case 2018-09-25 15:39:56 +09:00