wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 13:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,899 Commits 12 Branches 184 Tags
43260f02f492341ae4bcf43592b1a58db78d04b2
Commit Graph

2195 Commits

Author SHA1 Message Date
Chris Conlon
43260f02f4 Merge pull request #1020 from toddouska/null 
add NULL checks to check_domain_name()
 2017-07-12 14:58:07 -07:00
JacobBarthelmeh
b4f9c46069 Merge pull request #1011 from dgarske/fixes_armv8 
Fixes for building ARMv8 (--enable-armasm)
 2017-07-12 15:44:31 -06:00
toddouska
b02c995fff add NULL checks to check_domain_name() 2017-07-12 10:16:31 -06:00
David Garske
69e9aa29f2 Fix for big endian platform in SendCertificateVerify where seg fault occurred due to passing a int pointer to a word16 pointer, which caused wrong bits to get set. Fix to replace int with word16. Tests pass now. Also searched for other (word16*)& scenarios and only other place was in ntru code, which was also fixed. 2017-07-10 20:00:37 -07:00
David Garske
a5cdbb18cb Reworked the AES Key Wrap to use existing code in aes.c (instead of duplicating code in armv8-aes.c). Cleanup for GE/FE math on 32-bit to remove duplicate #ifdef check. Fixed AES GCM arg check for authIn to allows NULL. 2017-07-10 19:12:41 -07:00
toddouska
626eeaa63d Merge pull request #1005 from SparkiDev/nginx-1.13.2 
Changes for Nginx
 2017-07-06 14:33:46 -07:00
Sean Parkinson
31ac379c4f Code review fixes 
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
 2017-07-06 15:32:34 +10:00
toddouska
4b9069f786 Merge pull request #1008 from dgarske/fix_async_frag 
Fixes for using async with max fragment
 2017-07-05 11:00:26 -07:00
David Garske
df119692d1 Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment. 2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef Changes for Nginx 
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
 2017-07-04 09:37:44 +10:00
David Garske
6a695b76cb Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration). 2017-06-30 11:48:59 -07:00
David Garske
a025417877 Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests. 2017-06-30 11:35:51 -07:00
Sean Parkinson
d2ce95955d Improvements to TLS v1.3 code 
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
 2017-06-29 09:00:44 +10:00
Sean Parkinson
7aee92110b Code review fixes 
Also put in configuration option for sending HRR Cookie extension with
state.
 2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5 Change define name for sending HRR Cookie 2017-06-27 08:37:55 +10:00
Sean Parkinson
8bd6a1e727 Add TLS v1.3 Cookie extension support 
Experimental stateless cookie
 2017-06-26 16:41:05 +10:00
toddouska
d017274bff Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix 
Fix potential buffer over-read in PemToDer()
 2017-06-22 10:07:11 -07:00
dgarske
06fa3de31c Merge pull request #980 from SparkiDev/tls13_0rtt 
TLS v1.3 0-RTT
 2017-06-22 09:44:41 -07:00
Sean Parkinson
207b275d24 Fix HelloRetryRequest for Draft 18 2017-06-22 14:40:09 +10:00
Sean Parkinson
08a0b98f52 Updates from code review 2017-06-22 12:40:41 +10:00
Levi Rak
a37808b32c Sanity checkes added 2017-06-21 17:14:20 -06:00
toddouska
9ead657723 Merge pull request #989 from dgarske/testing 
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
 2017-06-21 14:10:49 -07:00
toddouska
cd570a01f2 Merge pull request #975 from dgarske/ed_curve_small 
Allow different Ed25519/Curve25519 math versions
 2017-06-21 13:00:33 -07:00
Levi Rak
247388903b Remove double cast + move min() calls 2017-06-21 13:56:34 -06:00
David Garske
fec75e445e Fix for build error in master from QAT fixes in PR #967. Odd that this build error didn’t show up till just now. 2017-06-21 12:52:03 -07:00
David Garske
d75a9f2436 Fix for wc_ReadDirFirst to return non-zero value if no files found. Fix for wolfSSL_CTX_load_verify_locations to not return failure due to wc_ReadDirNext “no more files” -1 response. 2017-06-21 10:36:49 -07:00
David Garske
2f9f746053 Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test. 2017-06-21 10:36:49 -07:00
Sean Parkinson
decdf7ae8b Cleanup 2017-06-21 16:56:51 +10:00
Sean Parkinson
1549a60aa5 Put back Draft 18 code 2017-06-21 08:35:28 +10:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
toddouska
8b637cbd1b Merge pull request #967 from dgarske/fix_qat 
Fixes and Improvements for Intel QuickAssist
 2017-06-20 14:49:56 -07:00
Sean Parkinson
d5b1698c43 Fix for Nginx - return specific error when at end of file 2017-06-20 09:27:24 +10:00
David Garske
7fdb7037d8 Fixes for building Ed/Curve for building on 32/64 bit with uint64_t. Fixes for build with Ed/Curve with ECC disabled. 2017-06-19 10:09:12 -07:00
jrblixt
6a2824f199 Add Camellia unit test functions.. 2017-06-16 16:27:03 -06:00
Levi Rak
17936d65e0 please Jenkins + a bit of cleanup 2017-06-16 12:27:59 -06:00
Levi Rak
4389d271cc Fixed potential buffer overflows when configured with --enable-opensslextra 2017-06-16 11:02:06 -06:00
David Garske
3c173ba366 Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with CURVED25519_SMALL define. Adds new defines CURVE25519_SMALL and ED25519_SMALL to allow individual enabling of math library choice (_low_mem or _operations). Example: ./configure --enable-ed25519=small --enable-curve25519. 2017-06-16 09:41:10 -07:00
Jacob Barthelmeh
bb6582896d add sanity check for wolfSSL_X509_NAME_oneline function 2017-06-15 11:55:37 -06:00
David Garske
68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware. 2017-06-14 15:11:43 -07:00
David Garske
40d94724eb Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU. 2017-06-14 15:11:43 -07:00
toddouska
b778ddfea2 Merge pull request #957 from SparkiDev/tls13_updates 
Tls13 updates
 2017-06-14 14:59:11 -07:00
JacobBarthelmeh
c283d4aece Merge pull request #962 from NickolasLapp/linux-sgx 
Add LINUX SGX Support for building of wolfSSL static library. See README
 2017-06-14 15:56:30 -06:00
toddouska
70eddc4336 Merge pull request #965 from cconlon/threadx 
ThreadX/NetX warning and optional dc_log_printf exclusion
 2017-06-14 14:56:12 -07:00
Sean Parkinson
89e6ac91bf Improve PSK timeout checks 
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
 2017-06-14 11:28:53 -07:00
Chris Conlon
ea9e4887e9 ThreadX/NetX warning and optional dc_log_printf exclusion 2017-06-14 11:12:27 -06:00
Nickolas Lapp
1e94868432 Add LINUX SGX Support for building of wolfSSL static library. See README 
in IDE/LINUX-SGX/README.md.
 2017-06-13 17:34:45 -07:00
David Garske
adf819458c Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX. 2017-06-13 09:44:14 -07:00
David Garske
af2cbcdbab Added new arg documentation for asyncOkay in doxygen style. 2017-06-12 11:42:48 -07:00
David Garske
ce231e0cbc Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages. 2017-06-12 11:42:48 -07:00