wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 05:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,984 Commits 12 Branches 184 Tags
40fc86dfd2b71810b4f2d596299b65594f7d0bc5
Commit Graph

9984 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
toddouska
40fc86dfd2 Merge pull request #2464 from SparkiDev/rshift_neg 
Use constant time comparison in MaskMac with scanStart and macStart
 2019-09-13 11:56:12 -07:00
toddouska
a2d3da2831 Merge pull request #2463 from ejohnstown/maintenance-dtls 
Maintenance DTLS
 2019-09-13 11:53:20 -07:00
toddouska
6894dde4e9 Merge pull request #2460 from dgarske/debug_buffer 
Improvements to `WOLFSSL_BUFFER` function
 2019-09-13 11:49:20 -07:00
John Safranek
b70f22e21a 1. Use the session deallocator on the deserialized session in the client. 
2. Free the flatten session if the size check fails.
 2019-09-12 16:04:34 -07:00
Chris Conlon
09541082d6 Merge pull request #2416 from kojo1/OCSP-error 
Detail error code
 2019-09-12 16:51:34 -04:00
John Safranek
c27a4b3865 TLS Maintenance 
When serializing the WOLFSSL_SESSION, serialize everything.
 2019-09-11 16:44:54 -07:00
John Safranek
852d50adcf DTLS Maintenance 
To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION,
modify the example client to use a serialized session record for
resumption instead of the direct reference into the session cache. This
change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
 2019-09-11 15:29:57 -07:00
Sean Parkinson
2a1a9f36cc Use constant time comparison in MaskMac with scanStart and macStart 
Right shift of a negative value is undefined.
Add an 'int' return version of constant time greater than equal.
Change equal and not equal to be constant time in more situations.
 2019-09-11 10:57:23 +10:00
John Safranek
22c398494e DTLS Maintenance 
The options to switch on and off the code to serialize/deserialize items
in the struct need to match the options for the struct.
(ZD5130, ZD5590)
 2019-09-10 16:01:48 -07:00
John Safranek
e93e3b60da DTLS Maintenance 
Allow the DTLS server to retransmit a stored flight of messages in an additional acccept state.
(ZD5644)
 2019-09-10 11:51:38 -07:00
David Garske
66b76a4420 Improvements to WOLFSSL_BUFFER function to eliminate recursive call and use snprintf for string safety. Adds support for build-time change of LINE_LEN. 2019-09-10 08:57:35 -07:00
toddouska
99252cc936 Merge pull request #2399 from dgarske/ovs 
Compatibility changes for OpenVSwitch
 2019-09-09 16:02:27 -07:00
David Garske
95d3289fa2 Merge pull request #2437 from kaleb-himes/ZD_5546_IAR_CC_CHECK 
Fix failing IAR builds, thanks to Joseph C. for the report
 2019-09-09 11:42:19 -07:00
David Garske
c0317ad198 Fix to only expose SSL_want when OPENSSL_EXTRA is defined. 2019-09-09 08:07:30 -07:00
David Garske
342d03a294 Added SSL_want. 2019-09-09 08:07:30 -07:00
David Garske
2cf26a1353 Compatibility changes for OpenVSwitch. 2019-09-09 08:07:30 -07:00
julek-wolfssl
c52801754c Fips ready (#2422) 
* Changes to update stunnel support

* Required additions for building fips-ready with speedups

* Fix SetASNIntRSA
 2019-09-09 02:47:02 -07:00
julek-wolfssl
02419e248f Fix clang 3.8 arm (#2449) 
* Fix 'value size does not match register size' error in clang with arm assembly

* More readable casting
 2019-09-09 02:46:48 -07:00
julek-wolfssl
4c88d94d13 Chacha20 and poly1305 without x18 (#2454) 
* Remove use of x18 and organize new optimizations

* Fix invalid operand
 2019-09-08 16:03:04 -07:00
Sean Parkinson
afb15f6521 Merge pull request #2455 from JacobBarthelmeh/HardwareAcc 
change detection of AESNI support to read bit 25 from ECX
 2019-09-09 08:29:00 +10:00
toddouska
37328544ad Merge pull request #2453 from SparkiDev/armv8_x18 
ARM64 assembly - x18 not able to be used
 2019-09-06 15:45:02 -07:00
toddouska
85b123046b Merge pull request #2377 from SparkiDev/sha2_cs_oldtls 
Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes
 2019-09-06 15:41:15 -07:00
Sean Parkinson
3e12d260b8 ARM64 assembly - x18 not able to be used 
Fix Curve25519/Ed25519, SHA-512 and SP code to not use x18.
 2019-09-06 15:49:24 +10:00
Sean Parkinson
a975ba9e97 Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes 2019-09-06 09:31:14 +10:00
Jacob Barthelmeh
171902f1fb change detection of AESNI support to read bit 25 from ECX 2019-09-05 17:02:44 -06:00
David Garske
1785089798 Merge pull request #2433 from kaleb-himes/ZD_5602_MINGW_XSNPRINTF 
Resolve XSNPRINTF unconditional use in asn.c breaking mingw32 builds
 2019-09-05 11:37:21 -07:00
toddouska
d6685edfa0 Merge pull request #2440 from SparkiDev/tlsfuzzer_fixes 
Fixes for fuzz testing
 2019-09-05 09:01:10 -07:00
toddouska
eaeaaf12c1 Merge pull request #2446 from SparkiDev/gplusplus_fix_1 
Fixes for g++ compilation
 2019-09-04 16:28:42 -07:00
toddouska
bf7296aefb Merge pull request #2438 from SparkiDev/armv8-poly1305-clang 
Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5
 2019-09-04 16:28:02 -07:00
Sean Parkinson
56df8162bd Fixes for g++ compilation 2019-09-04 10:09:36 +10:00
toddouska
b35fd4f1aa Merge pull request #2441 from JacobBarthelmeh/UnitTests 
strncpy gcc warning fixes
 2019-09-03 15:44:10 -07:00
toddouska
0927f93b07 Merge pull request #2442 from JacobBarthelmeh/HardwareAcc 
build fix for aesccm + devcrypto=cbc + wpas and afalg
 2019-09-03 15:42:41 -07:00
toddouska
b19e785c2c Merge pull request #2418 from dgarske/sha3_keccak256 
Added support for older KECCAK256
 2019-09-03 15:42:05 -07:00
toddouska
492ce6ac91 Merge pull request #2414 from dgarske/pkcs8_asn1 
Added support for loading a PKCS8 ASN.1 formatted private key
 2019-09-03 15:36:31 -07:00
Sean Parkinson
46790080a7 Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5 2019-09-02 09:52:25 +10:00
Sean Parkinson
60befc82c5 Fixes for fuzz testing 
Changes
- Don't ignore decryption errors when doing TLS 1.3 and after Client
Finished.
- Put out an alert when TLS 1.3 decryption fails.
- Properly ignore RSA pss_pss algorithms when checking for matching
cipher suite.
- Check X25519 public value before import in TLS v1.2-
- REcognise TLS 1.3 integrity-only cipher suites as not negotiable with
TLS 1.2-.
- Send decode_error alert when bad message data in CertificateVerify.
- Negotiate protocol version in TLS 1.3 using extension and keep
decision when using TLS 1.2 parsing.
- Must have a signature algorithms extension in TLS 1.3 if not doing
PSK.
- More TLS v1.3 alerts.
- MAX_PSK_ID_LEN needs to be modified at compile time for tlsfuzzer to
work.
- change the good ecc public key to be a real public key when compiled
to check imported public keys
- Fix early data in TLS 1.3
- Make max early data size able to be changed at compile time - default
4K but fuzzer sends 16K
- Fix HRR, PSK and message hashes: Don't initialize hashes in parsing
ClientHello as need to keep hash state from previous ClientHello and
HelloRetryRequest
 2019-09-02 08:58:14 +10:00
Jacob Barthelmeh
9fd38dc340 build fix for aesccm + devcrypto=cbc + wpas and afalg 2019-08-30 16:15:48 -06:00
Jacob Barthelmeh
2a750cd18d strncpy gcc warning fixes 2019-08-30 13:34:51 -06:00
toddouska
ef20276ab5 Merge pull request #2424 from SparkiDev/enc_then_mac 
Add support for Encrypt-Then-MAC to TLS 1.2 and below
 2019-08-30 11:09:04 -07:00
toddouska
adc548fc61 Merge pull request #2428 from ejohnstown/ecckey-test-fix 
Fix ECC key decode test
 2019-08-30 11:07:00 -07:00
toddouska
347a859ffc Merge pull request #2435 from JacobBarthelmeh/SanityChecks 
sanity check on ticket encrypt callback
 2019-08-30 10:18:58 -07:00
Chris Conlon
09f80c7f5f Merge pull request #2439 from miyazakh/fix_espidf_issues 
Fix build warnings while compiling wolfssl under esp-idf
 2019-08-29 16:24:42 -06:00
toddouska
db2468154f Merge pull request #2434 from tmael/phase2_compatibility_APIs 
Adding phase 2 compatibility APIs
 2019-08-29 12:26:27 -07:00
tmael
b8d2ccee83 Merge branch 'master' into phase2_compatibility_APIs 2019-08-29 09:16:41 -07:00
toddouska
9034e3a0fe Merge pull request #2432 from embhorn/api_p2 
Adding compatibility API phase 2
 2019-08-29 09:05:01 -07:00
Juliusz Sosinowicz
5f77627857 Fix SetASNIntRSA 2019-08-29 16:24:09 +02:00
Hideki Miyazaki
d6bac37def Fix build warnings while compiling wolfssl under esp-idf 2019-08-29 17:44:44 +09:00
Sean Parkinson
24e98dd05e Add support for Encrypt-Then-MAC to TLS 1.2 and below 
An extension is used to indicate that ETM is to be used.
Only used when doing block ciphers - HMAC performed on encrypted data.
 2019-08-29 09:00:30 +10:00
Tesfa Mael
87e876d8c6 Match padding macro values and restore EVP non-AES-GCM 2019-08-28 15:45:07 -07:00
kaleb-himes
46b4654564 Fix failing IAR builds, thanks to Joseph C. for the report 2019-08-28 12:44:05 -06:00