toddouska
776fd51720
Merge pull request #1768 from SparkiDev/tls13_final
...
Use final TLS 1.3 version value by default.
2018-08-21 12:29:51 -07:00
Sean Parkinson
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
Sean Parkinson
506c858ed6
Add memory usage tracking and logging
...
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
Sean Parkinson
20950ffde8
Remove TODOs around TLS 1.3 draft version.
2018-08-21 08:41:50 +10:00
Sean Parkinson
3cdeccc36e
Use final TLS 1.3 version value by default.
2018-08-20 14:17:38 +10:00
Sean Parkinson
f487b0d96a
Config option to disable AES-CBC
...
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
David Garske
7b83db0f65
Fix for PemToDer which was not properly handling extra new lines at end of file.
2018-08-14 12:22:18 -06:00
David Garske
17e102d914
Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable shutdown. Fix for the side size in Options struct to support WOLFSSL_SIDE_NEITHER (3). Fix to set the side on wolfSS_connect() or wolfSS_accept().
2018-08-14 12:22:18 -06:00
Eric Blankenhorn
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
David Garske
c4ea50b956
Fix for issue with using CopyDecodedToX509 again for existing X509 and freeing the altNames in original. Fix was to use the ssl->peerCert directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on wolfSSL_get_peer_certificate.
2018-08-06 11:40:35 -07:00
toddouska
b88d60ecbb
Merge pull request #1665 from ejohnstown/mr
...
Prime Number Testing
2018-08-03 12:50:27 -07:00
David Garske
a43d4d16ba
Merge pull request #1719 from MJSPollard/OpenSSLAllFix
...
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-08-02 15:20:27 -07:00
JacobBarthelmeh
782ea74fbf
Merge pull request #1732 from kojo1/Ticket-4169-2
...
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
2018-08-02 14:58:25 -06:00
Eric Blankenhorn
b248af6f84
Update from review
2018-08-02 10:59:07 -05:00
Takashi Kojo
fd75f35801
fix cbioFlag check
2018-08-02 10:18:09 +09:00
John Safranek
7647d52d77
Prime Number Testing
...
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
2018-08-01 14:49:06 -07:00
Eric Blankenhorn
ba2f0fd8fc
Fix for zd4179, 4181, 4182
2018-08-01 15:56:15 -05:00
Takashi Kojo
98f6ae16ca
copy cbioFlag from ctx to ssl
2018-08-02 04:48:39 +09:00
Takashi Kojo
96c1a567f0
#4169 : CBIO set flag to escape from overwritten in SSL_set_bio
2018-08-01 19:16:42 +09:00
John Safranek
af89458af0
GCC-8 string fixes
...
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
2018-07-31 14:02:44 -07:00
John Safranek
ed208efc4d
GCC-8 string fixes
...
1. Modify wolfSSL_get_ciphers() to limit the XSTRNCPY based on the dst buf length, not the src string.
2018-07-31 14:02:44 -07:00
David Garske
2b3f94944d
Merge pull request #1723 from kaleb-himes/overhead-avoidance
...
avoid overhead call to alloc and free when sigSz invalid
2018-07-31 08:14:49 -07:00
David Garske
4eff7b641b
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-30 13:53:54 -07:00
Chris Conlon
1079b0e3b3
Merge pull request #1716 from cariepointer/osp/haproxy
...
Define functions required by HAProxy and enable SSLV3 dependency
2018-07-30 13:26:38 -06:00
Kaleb Himes
d19b78d81a
Fix typo in comment
2018-07-30 12:17:55 -06:00
kaleb-himes
0ee4b88e74
avoid overhead call to alloc and free when sigSz invalid
2018-07-27 16:25:10 -06:00
MJSPollard
543cac65d8
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-07-27 12:42:09 -06:00
Jacob Barthelmeh
74c4d31c07
sanity check on pkcs8 variable
2018-07-27 11:16:41 -06:00
Carie Pointer
a1f69f0d64
Define functions required by HAProxy and enable SSLV3 dependency
2018-07-26 12:53:21 -07:00
toddouska
90367df13c
Merge pull request #1710 from SparkiDev/ed25519_only
...
Changes to build with X25519 and Ed25519 only
2018-07-25 14:24:03 -07:00
Jacob Barthelmeh
f69c6e382c
check if internal of WOLFSSL_RSA struct is already set
2018-07-23 17:17:27 -06:00
toddouska
ab3ffaa26a
Merge pull request #1706 from SparkiDev/sha384_not_sha512
...
Allow SHA384 to be compiled in without SHA512
2018-07-23 09:47:49 -07:00
Sean Parkinson
6d3e145571
Changes to build with X25519 and Ed25519 only
...
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
Sean Parkinson
9433fcb820
Allow SHA384 to be compiled in without SHA512
2018-07-20 09:42:01 +10:00
MJSPollard
19dd08e191
requested style changes
2018-07-19 11:05:56 -06:00
MJSPollard
db8939c578
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO
2018-07-18 11:10:35 -06:00
toddouska
436e774729
Merge pull request #1685 from SparkiDev/dh_max
...
Add support for maximum DH key size
2018-07-18 09:33:43 -07:00
toddouska
1840ae7013
Merge pull request #1693 from SparkiDev/stack_rsa
...
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
2018-07-17 12:24:00 -07:00
Sean Parkinson
c01c79349e
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
...
Fix asn.c and rsa.c small stack to not have large stack variables.
In RSA code don't load or store dP, dQ or u when using RSA_LOW_MEM as
they are not used.
Fix SP to recognize RSA_LOW_MEM means to use d, private exponent.
Fix wc_CheckRsaKey to work with SP.
Fix sp_int to support mp_set_int for wc_CheckRsaKey().
2018-07-17 11:05:38 +10:00
Sean Parkinson
514a949557
Small stack fixes
...
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
toddouska
f0422bec41
Merge pull request #1681 from dgarske/pk_keygen
...
Added ECC and Curve25519 Key Generation PK callback support
2018-07-13 14:03:13 -07:00
toddouska
1337f7ddec
Merge pull request #1674 from dgarske/derchainsz
...
Fix for max cert chain size calculation
2018-07-13 13:53:35 -07:00
Eric Blankenhorn
9bc0e0c4fc
Static analysis fixes ( #1658 )
...
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
2018-07-13 09:02:09 -07:00
Sean Parkinson
ffc6cf4eb8
Add support for maximum DH key size
2018-07-13 17:36:42 +10:00
David Garske
81d13e15d5
Added ECC and Curve25519 Key generation callback support for HAVE_PK_CALLBACKS. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API.
2018-07-12 11:52:54 -07:00
John Safranek
5908230d20
Prime Number Testing
...
1. Fixed variable name typo in DH for the FFDHE 8192-bit q value.
2. Updated some error strings in wolfSSL_BN_is_prime_ex().
3. Changed the calls to mp_prime_is_prime_ex() in fp_randprime() and
mp_randprime() so they go back to the 8 rounds of MR, which is more than
adequate in this situation.
2018-07-11 16:24:41 -07:00
David Garske
05cfeae3ce
Fix for handling max cert chain size. It was not accounting for the 3 byte header in max size calculation.
2018-07-11 12:32:49 -07:00
John Safranek
0e06f6413d
Prime Number Testing
...
1. Update the function wolfSSL_BN_is_prime_ex to use mp_prime_is_prime_ex.
2. Modified fast and normal mp_prime_is_prime_ex() to use random numbers
that are in the range 2 < a < n-2.
2018-07-10 14:30:53 -07:00
MJSPollard
4cbae0bca3
changes to make jenkins tests work
2018-07-10 13:34:16 -06:00
MJSPollard
3fc7424e03
implemented requested changes
2018-07-10 11:52:41 -06:00