toddouska
776fd51720
Merge pull request #1768 from SparkiDev/tls13_final
...
Use final TLS 1.3 version value by default.
2018-08-21 12:29:51 -07:00
Sean Parkinson
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
Sean Parkinson
506c858ed6
Add memory usage tracking and logging
...
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
Sean Parkinson
20950ffde8
Remove TODOs around TLS 1.3 draft version.
2018-08-21 08:41:50 +10:00
toddouska
555714afa3
Merge pull request #1764 from SparkiDev/tls13_psk_cb
...
Separate PSK callback for TLS 1.3
2018-08-20 09:17:01 -07:00
Sean Parkinson
3cdeccc36e
Use final TLS 1.3 version value by default.
2018-08-20 14:17:38 +10:00
Sean Parkinson
f1222c3f9f
Separate PSK callback for TLS 1.3
...
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
2018-08-17 10:18:28 +10:00
Sean Parkinson
f487b0d96a
Config option to disable AES-CBC
...
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
David Garske
c073aee87c
Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT.
2018-08-14 12:05:22 -06:00
Eric Blankenhorn
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
David Garske
56974c099e
Improved the logic for WOLFSSL_ALWAYS_VERIFY_CB to be more explicit and updated comments.
2018-08-06 11:40:35 -07:00
David Garske
c4ea50b956
Fix for issue with using CopyDecodedToX509 again for existing X509 and freeing the altNames in original. Fix was to use the ssl->peerCert directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on wolfSSL_get_peer_certificate.
2018-08-06 11:40:35 -07:00
David Garske
7d39a897dc
Refactor of the verify callback to eliminate duplicate code and provide consistency with various build options. Documented build options and added code comments in new DoVerifyCallback function. Added documentation in test.h myVerify function for arguments and return code. Fix from commit da1ac36 which added current_cert to WOLFSSL_X509_STORE_CTX, but is only required for ASIO compatibility and is not used.
2018-08-06 11:40:35 -07:00
David Garske
30d6c0c1fc
Merge pull request #1737 from ejohnstown/ocsp-free
...
OCSP Free
2018-08-06 09:08:01 -07:00
toddouska
b88d60ecbb
Merge pull request #1665 from ejohnstown/mr
...
Prime Number Testing
2018-08-03 12:50:27 -07:00
JacobBarthelmeh
782ea74fbf
Merge pull request #1732 from kojo1/Ticket-4169-2
...
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
2018-08-02 14:58:25 -06:00
John Safranek
c87d6b27e2
OCSP Free
...
Free the OCSP request when creating the response only if there is an error making the request.
2018-08-01 15:34:43 -07:00
Takashi Kojo
98f6ae16ca
copy cbioFlag from ctx to ssl
2018-08-02 04:48:39 +09:00
Takashi Kojo
96c1a567f0
#4169 : CBIO set flag to escape from overwritten in SSL_set_bio
2018-08-01 19:16:42 +09:00
David Garske
4eff7b641b
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-30 13:53:54 -07:00
Naruto TAKAHASHI
861fec1dc6
porting mynewt
2018-07-28 18:03:20 +09:00
John Safranek
4b8507813e
Prime Number Testing
...
1. Also disable the new prime test from TLS while using SELFTEST.
2018-07-27 13:34:38 -07:00
John Safranek
31f1692cbf
Prime Number Testing
...
1. Disable the new prime test from TLS while using FIPS or setting the flag WOLFSSL_OLD_PRIME_CHECK.
2018-07-26 16:01:08 -07:00
John Safranek
4b2a591a93
Prime Number Testing
...
1. Added calls to wc_DhSetCheckKey() on the client side of TLS.
2. Added an API test to the wolfCrypt test.
3. Fixed a bug in the prime test found with the API test. Misuse of tertiary operator.
2018-07-26 14:43:04 -07:00
toddouska
90367df13c
Merge pull request #1710 from SparkiDev/ed25519_only
...
Changes to build with X25519 and Ed25519 only
2018-07-25 14:24:03 -07:00
JacobBarthelmeh
74fbd06817
Merge pull request #1686 from cconlon/nucleus-update
...
Nucleus port and PB changes
2018-07-25 09:17:40 -06:00
toddouska
018573bcf3
Merge pull request #1695 from JacobBarthelmeh/Optimizations
...
add some macro guards for CipherRequires function
2018-07-24 11:51:03 -07:00
Sean Parkinson
6d3e145571
Changes to build with X25519 and Ed25519 only
...
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
Chris Conlon
7f19f914c0
create WOLFSSL_NUCLEUS_1_2 for older 1.2 version
2018-07-20 10:51:15 -06:00
toddouska
227e7cc8c7
Merge pull request #1690 from SparkiDev/tls_sha384_copy
...
Remove special case SHA-384 copy code
2018-07-18 09:37:50 -07:00
toddouska
436e774729
Merge pull request #1685 from SparkiDev/dh_max
...
Add support for maximum DH key size
2018-07-18 09:33:43 -07:00
Sean Parkinson
0236a293e4
Fix define protection to be ED25519 not ECC
2018-07-18 10:12:57 +10:00
Jacob Barthelmeh
7e5bf9b8a9
add some macro guards for CipherRequires function
2018-07-17 09:04:06 -06:00
Sean Parkinson
87f378efb5
Remove special case SHA-384 copy code
...
SHA-384 implementation has a GetHash API and TLS code uses it.
2018-07-17 08:16:46 +10:00
John Safranek
49fefe176e
DTLS and Atomic Encrypt Callback
...
When using the encrypt callback, the DTLS sequence number isn't incremented. Moved the increment to later in the BuildMessage() function.
2018-07-16 13:33:03 -07:00
toddouska
f0422bec41
Merge pull request #1681 from dgarske/pk_keygen
...
Added ECC and Curve25519 Key Generation PK callback support
2018-07-13 14:03:13 -07:00
Chris Conlon
eeb50099d9
initial Nucleus port with PB changes
2018-07-13 14:58:37 -06:00
toddouska
6c1778d373
Merge pull request #1669 from cconlon/mqxfixes
...
fixes for MQX classic 4.0 with IAR-EWARM
2018-07-13 11:59:28 -07:00
Sean Parkinson
ffc6cf4eb8
Add support for maximum DH key size
2018-07-13 17:36:42 +10:00
John Safranek
f7c5b27bfc
Merge pull request #1675 from toddouska/zero-error
...
make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases
2018-07-12 12:53:48 -07:00
Chris Conlon
cadd556b3a
cast result of bitwise not back to original type to prevent compiler warnings
2018-07-12 13:46:55 -06:00
David Garske
81d13e15d5
Added ECC and Curve25519 Key generation callback support for HAVE_PK_CALLBACKS. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API.
2018-07-12 11:52:54 -07:00
toddouska
23687f44bc
Merge pull request #1643 from ejohnstown/altnames
...
Subject Alt Name Matching
2018-07-11 13:20:58 -07:00
Todd Ouska
d639939a07
make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases
2018-07-11 13:00:29 -07:00
Chris Conlon
0f2b5ca181
fixes for MQX classic 4.0 with IAR-EWARM
2018-07-11 10:54:24 -06:00
toddouska
376a4d3ca8
Merge pull request #1666 from dgarske/fix_always_verify
...
Fix for building with `WOLFSSL_ALWAYS_VERIFY_CB`
2018-07-09 11:13:28 -07:00
David Garske
9c2a5d2906
Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd!
2018-07-06 16:21:43 -07:00
David Garske
85d58cbf8c
Fix for building with WOLFSSL_ALWAYS_VERIFY_CB.
2018-07-06 15:31:52 -07:00
David Garske
32f1b0a9c2
Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context.
2018-07-06 09:28:46 -07:00
David Garske
3cbcc872c1
Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt).
2018-07-05 14:04:06 -07:00