wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 17:42:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,361 Commits 12 Branches 184 Tags
21833e245f30a0ecd3d9bf5e526f2d03365ba2cc
Commit Graph

2755 Commits

Author SHA1 Message Date
David Garske
21833e245f Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using ./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13. Refactor TLSX_KeyShare_GenEccKey to support either ECC or CURVE25519. Fix for PemToDer to handle ED25519 without ECC enabled. 2018-04-09 10:10:08 -07:00
David Garske
2a460d3d05 Merge pull request #1484 from embhorn/coverity 
Coverity fixes
 2018-04-06 18:18:38 -07:00
Eric Blankenhorn
36b9b0b558 Updates from code review 2018-04-06 17:29:27 -05:00
Eric Blankenhorn
86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00
Eric Blankenhorn
d2c1a1906d Fixes for CID 184980 185017 185047 185167 2018-04-06 11:10:37 -05:00
toddouska
6090fb9020 Merge pull request #1483 from dgarske/winvs 
Fixes for unused `heap` warnings
 2018-04-06 09:01:49 -07:00
Eric Blankenhorn
920e6ed911 Fix warning in ssl.c 2018-04-06 09:30:54 -05:00
Eric Blankenhorn
c6ad885459 Coverity fixes for tls.c/n CID 184996 185112 185122 2018-04-06 09:08:00 -05:00
Eric Blankenhorn
ec429e50b1 Fixes for ssl.c 2018-04-06 07:45:12 -05:00
David Garske
426335b68f Found additional VS unused heap warnings. Replace tabs with 4-spaces. 2018-04-05 12:28:32 -07:00
toddouska
2b48a074eb Merge pull request #1480 from dgarske/extcache 
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA
 2018-04-05 10:52:44 -07:00
Eric Blankenhorn
5439402c1d Refactor for max record size (#1475) 
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
 2018-04-05 09:11:58 -07:00
David Garske
412d4d76ee Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA defined. Added tests for external cache callbacks. 2018-04-05 07:10:04 -07:00
David Garske
a78c6ba4ea Fix for unused heap warnings. 2018-04-04 12:51:45 -07:00
David Garske
5702e8ee48 Fix building with HAVE_EXT_CACHE when OPENSSL_EXTRA is not defined. Fixes issue #1474. 2018-04-04 09:02:52 -07:00
toddouska
a92696edec Merge pull request #1454 from dgarske/noprivkey 
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
 2018-03-22 12:47:22 -07:00
toddouska
040e0ab752 Merge pull request #1456 from dgarske/iocbname 
Refactor IO callback function names to use `_CTX_`
 2018-03-22 12:40:48 -07:00
David Garske
e564c973b6 Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter. 2018-03-21 16:08:55 -07:00
David Garske
4b51431546 Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519. 2018-03-21 15:46:08 -07:00
toddouska
104f7a0170 Merge pull request #1451 from JacobBarthelmeh/Optimizations 
Adjust X509 small build and add more macro guards
 2018-03-21 15:15:27 -07:00
toddouska
2a356228be Merge pull request #1445 from SparkiDev/wpas_fix 
Fixes for wpa_supplicant
 2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. 
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
 2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
26bb86690a fix for unused parameter warning 2018-03-21 10:06:06 -06:00
Jacob Barthelmeh
0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Sean Parkinson
c9c2e1a8a7 Don't base signature algorithm support on certificate 
The signature algorithm support is what you can do with another key, not
what you can do with your key.
 2018-03-21 08:33:54 +10:00
Jacob Barthelmeh
df6ea54cd5 add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build 2018-03-20 15:06:35 -06:00
toddouska
38d1eea8cd Merge pull request #1446 from SparkiDev/tls13_draft27 
TLS v1.3 support for Draft 23 and Draft 27
 2018-03-20 09:13:03 -07:00
toddouska
18879ce271 Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback 
Added VerifyRsaSign PK callback
 2018-03-20 09:02:18 -07:00
toddouska
87c70e76a9 Merge pull request #1441 from dgarske/ocsp_nb 
Fix for handling OCSP with non-blocking
 2018-03-19 12:05:59 -07:00
David Garske
2cc1a1c5bf Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb. 2018-03-19 10:19:24 -07:00
toddouska
cb8f8a953b Merge pull request #1438 from SparkiDev/nginx_pem_write 
Fix PEM_write_bio_X509 to work with new BIO code
 2018-03-19 09:13:51 -07:00
toddouska
7ce2efd572 Merge pull request #1431 from JacobBarthelmeh/Optimizations 
more aes macro key size guards
 2018-03-19 09:07:05 -07:00
Sean Parkinson
bd53d7ba59 TLS v1.3 support for Draft 23 and Draft 27 
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
 2018-03-19 16:15:02 +10:00
Sean Parkinson
b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
David Garske
fa73f7bc55 Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size. 2018-03-16 12:05:07 -07:00
David Garske
e858ec11ac Fix unused arg when building with pk callbacks disabled. 2018-03-16 09:37:07 -07:00
David Garske
ed7774e94a Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context. 2018-03-15 14:43:41 -07:00
Sean Parkinson
3f99a2a391 Fix PEM_write_bio_X509 to work with new BIO code 2018-03-15 10:45:49 +10:00
David Garske
d8fe341998 First pass at added PK_CALLBACK support for VerifyRsaSign. 2018-03-14 09:54:18 -07:00
toddouska
717ba83deb Merge pull request #1434 from SparkiDev/tls13_multi_recs 
Fix multiple handshake messages in last record of certs
 2018-03-14 09:46:32 -07:00
Sean Parkinson
afe300acc0 Fix multiple handshake messages in last record of certs 2018-03-14 16:37:58 +10:00
Jacob Barthelmeh
8fb3ccacb7 opensslextra fixs and warning for unused variable 2018-03-12 18:05:24 -06:00
Jacob Barthelmeh
6b04ebe3a4 fix for compiling with different build settings 2018-03-12 16:12:10 -06:00
toddouska
b297d9dce0 Merge pull request #1427 from JacobBarthelmeh/Compatibility-Layer 
return value on bad mutex with error nodes and add x509 host check to OPENSSL_EXTRA
 2018-03-12 11:33:20 -07:00
toddouska
0ab4166a80 Merge pull request #1421 from JacobBarthelmeh/Optimizations 
trim out more strings and fix DN tag
 2018-03-08 14:03:10 -08:00
toddouska
1f9583c59c Merge pull request #1409 from SparkiDev/tls13_old_ver_fix 
Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)
 2018-03-08 13:59:59 -08:00
Jacob Barthelmeh
e0afec0600 fix RSA macro, tickets without server, and add test case 2018-03-08 14:36:43 -07:00
Jacob Barthelmeh
e960e0544a try to clear out error queue with failing mutex 2018-03-08 11:49:16 -07:00
Jacob Barthelmeh
2a0ef55a66 fix for check on return value with mutex error case 2018-03-08 11:26:22 -07:00