Kaleb Himes
124a8c0c1f
Merge pull request #582 from ejohnstown/lean-psk
...
Fixes for building the library for Lean PSK
2016-09-24 10:59:54 -06:00
John Safranek
8d1aa2238b
Fixes for building the library for Lean PSK
...
1. Needed to enable static PSK when using Lean PSK
2. Fixed complaints about unused variables.
2016-09-24 00:18:36 -07:00
John Safranek
5e852dc1a1
Fixes for building the library with a C++ compiler with TLSX enabled
...
1. Add many typecasts for malloc() data to proper pointer type.
2. Add many typecasts for constants in tertiary operators.
3. ECC to use local copy of wc_off_on_addr instead of extern copy.
2016-09-23 23:22:58 -07:00
Jacob Barthelmeh
02b3aa51bd
NTRU : warning of variable size as argument
2016-09-23 15:30:33 -06:00
kaleb-himes
4fc0c6c646
fix unused parameter build time error
...
fix unused parameter build time error
2016-09-23 12:23:26 -06:00
JacobBarthelmeh
78246e0fc2
Merge pull request #575 from ejohnstown/fix-option
...
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 16:15:49 -06:00
John Safranek
ba6e2b1037
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 11:41:16 -07:00
JacobBarthelmeh
c43fd150e9
Static Analysis : fix a warning of unused variable
2016-09-22 09:31:26 -07:00
toddouska
2368d49678
Merge pull request #572 from ejohnstown/pathlen
...
CA Certificate Path Length Checking
2016-09-21 14:36:24 -07:00
John Safranek
b8704d2dfe
Merge pull request #571 from toddouska/new_rng
...
Fix Jenkins build 389 single-threaded issue
2016-09-21 12:59:06 -07:00
JacobBarthelmeh
ab887b88dc
Merge pull request #570 from ejohnstown/des3-disable-fix
...
Disable DES3 compiler warning fix
2016-09-21 13:25:00 -06:00
John Safranek
de81c81eae
Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled
...
and when AES is disabled.
2016-09-21 10:21:03 -07:00
toddouska
489345f0d4
move CTX new_rng out of with certs block
2016-09-21 09:02:38 -07:00
John Safranek
95acd9c907
Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
2016-09-21 07:32:17 -07:00
John Safranek
a42bd30278
CA Certificate Path Length Checking
...
1. Check the path length between an intermediate CA cert and its
signer's path length.
2. Always decode the path length if present and store it in the decoded
certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
2016-09-20 21:36:37 -07:00
John Safranek
ef7183dcf7
delete redundant #else
2016-09-20 15:59:08 -07:00
John Safranek
65a7978dec
Merge pull request #567 from toddouska/rng
...
RDSEED enhancements
2016-09-20 12:09:01 -07:00
John Safranek
df1d8200ef
Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and DES3 are disabled.
2016-09-20 12:07:58 -07:00
toddouska
e0b8e55198
Merge pull request #553 from ejohnstown/disable-des3
...
Disable DES3 by default
2016-09-19 09:27:32 -07:00
toddouska
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
Jacob Barthelmeh
6d82cba29c
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
2016-09-15 22:50:00 +00:00
John Safranek
bad6be5c76
1. Updated sniffer to allow DES3 to be disabled.
...
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
2016-09-15 14:53:28 -07:00
toddouska
c1ac0c0f8c
Merge pull request #545 from ejohnstown/ems
...
Extended Master Secret
2016-09-15 11:25:41 -07:00
John Safranek
8b713adcfd
Extended Master Secret Peer Review Changes
...
1. Checked the returns on the hash functions in the sniffer,
return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
2016-09-14 13:43:02 -07:00
John Safranek
77cf700657
Update to allow resumption with session tickets and extended master secret.
2016-09-12 16:06:51 -07:00
John Safranek
c1136a30e9
1. Enabled the extended master secret in the Windows IDE user_settings.h
...
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
2016-09-12 09:42:42 -07:00
John Safranek
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
John Safranek
68e48e84fd
Merge pull request #541 from toddouska/comp
...
detect server forcing compression on client w/o support
2016-09-09 13:00:22 -07:00
toddouska
0c21d76ce3
detect client not sending any compression types
2016-09-08 12:06:22 -07:00
John Safranek
4fb1431727
Added support for the extended master secret extension to the sniffer.
2016-09-08 11:25:02 -07:00
toddouska
3aefc42f04
have TLS server side verify no compression is in list if not using compression
2016-09-07 15:28:30 -07:00
toddouska
baebec4ca4
Merge pull request #538 from JacobBarthelmeh/ARMv8
...
initial ARMv8 instructions
2016-09-07 09:20:14 -07:00
toddouska
a5db13cd01
detect server forcing compression on client w/o support
2016-09-07 09:17:14 -07:00
Chris Conlon
e4f527a332
initial extended master secret support
2016-09-01 15:12:54 -06:00
Jacob Barthelmeh
41912b92c6
initial ARMv8 instructions
2016-09-01 18:10:06 +00:00
John Safranek
963b9d4c4d
OCSP Fixes
...
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
2016-09-01 09:58:34 -07:00
toddouska
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
David Garske
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
John Safranek
bab071f961
1. Implemented the SCTP MTU size changes for transmit.
...
2. Simplified the MAX_FRAGMENT size when calling SendData().
2016-08-26 19:58:36 -07:00
John Safranek
a6c0d4fed7
1. Added missing -DWOLFSSL_SCTP to configure.ac.
...
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-26 19:58:36 -07:00
John Safranek
f3dca48e99
Fix polarity on the DTLS-SCTP check.
2016-08-26 19:58:36 -07:00
John Safranek
7b3255b5bb
1. Simplified the IsDtlsSctpMode() check.
...
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
2016-08-26 19:57:09 -07:00
John Safranek
c1970434d1
simplify the SCTP options
2016-08-26 19:43:52 -07:00
John Safranek
ebbf5ec72b
add new options and accessors for SCTP
2016-08-26 19:40:50 -07:00
David Garske
925e5e3484
Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled.
2016-08-26 10:33:01 -07:00
toddouska
78ca9e7716
Merge pull request #482 from dgarske/async
...
Asynchronous wolfCrypt RSA and TLS client support
2016-08-25 10:06:18 -07:00
John Safranek
fa1989b729
fix building the new session ticket message for DTLS, take into account the additional header sizes
2016-08-18 17:51:25 -07:00
David Garske
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
toddouska
d74fa8299a
add resume session string script check, make GetDeepCopySession static local and check reutrn code
2016-08-15 09:32:36 -07:00
David Garske
b0e4acaac1
Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined.
2016-08-08 10:29:58 -07:00