Commit Graph

1357 Commits

Author SHA1 Message Date
toddouska 776fd51720 Merge pull request #1768 from SparkiDev/tls13_final
Use final TLS 1.3 version value by default.
2018-08-21 12:29:51 -07:00
Sean Parkinson 1ab17ac827 More changes to minimize dynamic memory usage.
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
Sean Parkinson 506c858ed6 Add memory usage tracking and logging
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
Sean Parkinson 20950ffde8 Remove TODOs around TLS 1.3 draft version. 2018-08-21 08:41:50 +10:00
toddouska 555714afa3 Merge pull request #1764 from SparkiDev/tls13_psk_cb
Separate PSK callback for TLS 1.3
2018-08-20 09:17:01 -07:00
Sean Parkinson 3cdeccc36e Use final TLS 1.3 version value by default. 2018-08-20 14:17:38 +10:00
Sean Parkinson f1222c3f9f Separate PSK callback for TLS 1.3
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
2018-08-17 10:18:28 +10:00
Sean Parkinson f487b0d96a Config option to disable AES-CBC
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
David Garske c073aee87c Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT. 2018-08-14 12:05:22 -06:00
Eric Blankenhorn bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734)
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
David Garske 56974c099e Improved the logic for WOLFSSL_ALWAYS_VERIFY_CB to be more explicit and updated comments. 2018-08-06 11:40:35 -07:00
David Garske c4ea50b956 Fix for issue with using CopyDecodedToX509 again for existing X509 and freeing the altNames in original. Fix was to use the ssl->peerCert directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on wolfSSL_get_peer_certificate. 2018-08-06 11:40:35 -07:00
David Garske 7d39a897dc Refactor of the verify callback to eliminate duplicate code and provide consistency with various build options. Documented build options and added code comments in new DoVerifyCallback function. Added documentation in test.h myVerify function for arguments and return code. Fix from commit da1ac36 which added current_cert to WOLFSSL_X509_STORE_CTX, but is only required for ASIO compatibility and is not used. 2018-08-06 11:40:35 -07:00
David Garske 30d6c0c1fc Merge pull request #1737 from ejohnstown/ocsp-free
OCSP Free
2018-08-06 09:08:01 -07:00
toddouska b88d60ecbb Merge pull request #1665 from ejohnstown/mr
Prime Number Testing
2018-08-03 12:50:27 -07:00
JacobBarthelmeh 782ea74fbf Merge pull request #1732 from kojo1/Ticket-4169-2
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
2018-08-02 14:58:25 -06:00
John Safranek c87d6b27e2 OCSP Free
Free the OCSP request when creating the response only if there is an error making the request.
2018-08-01 15:34:43 -07:00
Takashi Kojo 98f6ae16ca copy cbioFlag from ctx to ssl 2018-08-02 04:48:39 +09:00
Takashi Kojo 96c1a567f0 #4169: CBIO set flag to escape from overwritten in SSL_set_bio 2018-08-01 19:16:42 +09:00
David Garske 4eff7b641b First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL. 2018-07-30 13:53:54 -07:00
Naruto TAKAHASHI 861fec1dc6 porting mynewt 2018-07-28 18:03:20 +09:00
John Safranek 4b8507813e Prime Number Testing
1. Also disable the new prime test from TLS while using SELFTEST.
2018-07-27 13:34:38 -07:00
John Safranek 31f1692cbf Prime Number Testing
1. Disable the new prime test from TLS while using FIPS or setting the flag WOLFSSL_OLD_PRIME_CHECK.
2018-07-26 16:01:08 -07:00
John Safranek 4b2a591a93 Prime Number Testing
1. Added calls to wc_DhSetCheckKey() on the client side of TLS.
2. Added an API test to the wolfCrypt test.
3. Fixed a bug in the prime test found with the API test. Misuse of tertiary operator.
2018-07-26 14:43:04 -07:00
toddouska 90367df13c Merge pull request #1710 from SparkiDev/ed25519_only
Changes to build with X25519 and Ed25519 only
2018-07-25 14:24:03 -07:00
JacobBarthelmeh 74fbd06817 Merge pull request #1686 from cconlon/nucleus-update
Nucleus port and PB changes
2018-07-25 09:17:40 -06:00
toddouska 018573bcf3 Merge pull request #1695 from JacobBarthelmeh/Optimizations
add some macro guards for CipherRequires function
2018-07-24 11:51:03 -07:00
Sean Parkinson 6d3e145571 Changes to build with X25519 and Ed25519 only
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
Chris Conlon 7f19f914c0 create WOLFSSL_NUCLEUS_1_2 for older 1.2 version 2018-07-20 10:51:15 -06:00
toddouska 227e7cc8c7 Merge pull request #1690 from SparkiDev/tls_sha384_copy
Remove special case SHA-384 copy code
2018-07-18 09:37:50 -07:00
toddouska 436e774729 Merge pull request #1685 from SparkiDev/dh_max
Add support for maximum DH key size
2018-07-18 09:33:43 -07:00
Sean Parkinson 0236a293e4 Fix define protection to be ED25519 not ECC 2018-07-18 10:12:57 +10:00
Jacob Barthelmeh 7e5bf9b8a9 add some macro guards for CipherRequires function 2018-07-17 09:04:06 -06:00
Sean Parkinson 87f378efb5 Remove special case SHA-384 copy code
SHA-384 implementation has a GetHash API and TLS code uses it.
2018-07-17 08:16:46 +10:00
John Safranek 49fefe176e DTLS and Atomic Encrypt Callback
When using the encrypt callback, the DTLS sequence number isn't incremented. Moved the increment to later in the BuildMessage() function.
2018-07-16 13:33:03 -07:00
toddouska f0422bec41 Merge pull request #1681 from dgarske/pk_keygen
Added ECC and Curve25519 Key Generation PK callback support
2018-07-13 14:03:13 -07:00
Chris Conlon eeb50099d9 initial Nucleus port with PB changes 2018-07-13 14:58:37 -06:00
toddouska 6c1778d373 Merge pull request #1669 from cconlon/mqxfixes
fixes for MQX classic 4.0 with IAR-EWARM
2018-07-13 11:59:28 -07:00
Sean Parkinson ffc6cf4eb8 Add support for maximum DH key size 2018-07-13 17:36:42 +10:00
John Safranek f7c5b27bfc Merge pull request #1675 from toddouska/zero-error
make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases
2018-07-12 12:53:48 -07:00
Chris Conlon cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
David Garske 81d13e15d5 Added ECC and Curve25519 Key generation callback support for HAVE_PK_CALLBACKS. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API. 2018-07-12 11:52:54 -07:00
toddouska 23687f44bc Merge pull request #1643 from ejohnstown/altnames
Subject Alt Name Matching
2018-07-11 13:20:58 -07:00
Todd Ouska d639939a07 make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases 2018-07-11 13:00:29 -07:00
Chris Conlon 0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska 376a4d3ca8 Merge pull request #1666 from dgarske/fix_always_verify
Fix for building with `WOLFSSL_ALWAYS_VERIFY_CB`
2018-07-09 11:13:28 -07:00
David Garske 9c2a5d2906 Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd! 2018-07-06 16:21:43 -07:00
David Garske 85d58cbf8c Fix for building with WOLFSSL_ALWAYS_VERIFY_CB. 2018-07-06 15:31:52 -07:00
David Garske 32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske 3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00