Commit Graph

8849 Commits

Author SHA1 Message Date
toddouska 5677e71cba Merge pull request #1987 from dgarske/32bit
Fixes for `--enable-32bit` option
2019-01-02 11:38:31 -08:00
toddouska 9c75753bd2 Merge pull request #1984 from miyazakh/Espressif_port_Phase2A
Support AES and SHA hw acceleration on esp32-wroom-32
2019-01-02 11:37:55 -08:00
John Safranek d5509a4f37 Merge pull request #2007 from dgarske/fips_build
Fixes for a few FIPS build macro checks
2019-01-02 10:10:08 -08:00
David Garske fb0eb55f28 Improved FIPS version check logic for error-crypt.h. 2018-12-28 09:36:13 -08:00
David Garske b5ff99a017 Fixes for a few minor build errors where HAVE_FIPS and HAVE_FIPS_VERSION are not checked. 2018-12-28 09:22:36 -08:00
Hideki Miyazaki 30612ad3ed addressed review comments 2018-12-28 11:48:39 +09:00
Hideki Miyazaki 965c68abdf Chaged to match filename and standard in file header 2018-12-28 08:39:19 +09:00
Hideki Miyazaki 913fe6ea2b addressed review comments 2018-12-28 08:39:19 +09:00
Hideki Miyazaki e8bf2bbb02 removed multiple user_settings.h 2018-12-28 08:39:19 +09:00
Hideki Miyazaki 9d2294b967 Support AES and SHA hw acceleration on esp32-wroom-32
Removed unnecessary codes
Added README
Some clean up for maintenancebility
Removed unused methods

Removed unused methods
2018-12-28 08:39:19 +09:00
toddouska c54e8e31bd Merge pull request #2003 from dgarske/async_rel_3.15.7
Async release v3.15.7 prep
2018-12-27 13:55:12 -08:00
David Garske cc8c6078b6 Fix to adjust WC_ASYNC_DEV_SIZE. Fix for tests/test-trustpeer.conf typo in include.am. 2018-12-27 11:08:49 -08:00
David Garske 2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske 1eccaae25f Fix for DTLS async shrinking input buffer too soon and causing -308 (INCOMPLETE_DATA). 2018-12-27 11:07:32 -08:00
David Garske 5cb5b510ab Added blocking support for PKCS 7 with async. Fix for RSA async key gen in wolfCryp test. 2018-12-27 11:07:07 -08:00
toddouska 697c99a9ec Merge pull request #1934 from dgarske/fix_alt_chain
Fixes and cleanups for processing peer certificates
2018-12-26 15:09:42 -08:00
toddouska 9c88218b62 Merge pull request #1998 from dgarske/async_fix_smallstack
Fix double free with async and small stack
2018-12-26 14:35:57 -08:00
David Garske a7350b7d2e Merge pull request #1994 from JacobBarthelmeh/Release
prepare for release 3.15.7
v3.15.7-stable
2018-12-26 10:49:35 -08:00
Jacob Barthelmeh a73bca090b fix for nginx port 2018-12-23 22:19:03 -07:00
Jacob Barthelmeh b6d61f2987 prepare for release 3.15.7 2018-12-23 22:18:48 -07:00
David Garske 86177d1830 Removes the forced 32-bit instruction (via -m32) from --enable-32bit option and replaces with comment. Some compilers do not support the -m32 option, plus to work properly it must be used with configure directly like ./configure CFLAGS="-m32" LDFLAGS="-m32". Removes the NO_64BIT option to allow building corect on x86_64 and aarch64 (math libs detect platform properly). Fixes #1985. 2018-12-23 15:59:57 -08:00
toddouska 3eff20904a Merge pull request #1991 from dgarske/rsa_nb_time
Adds RSA non-blocking time support
2018-12-21 15:58:54 -08:00
toddouska 75321d72f6 Merge pull request #1996 from JacobBarthelmeh/Testing
free internal OCSP buffers
2018-12-21 15:57:58 -08:00
David Garske 61757c83eb Fix double free with ./configure --enable-asynccrypt --enable-smallstack. 2018-12-21 15:45:33 -08:00
David Garske a358174b4b Fix for DH prime test (extra leading spaces). Fix for new chain tests with CRL enabled. The current way of testing chain only loads root CA as trusted. The intermediate CA CRL isn't trusted or loaded and causes error. 2018-12-21 12:36:47 -08:00
Jacob Barthelmeh 6191cb1927 free internal OCSP buffers 2018-12-21 12:30:49 -07:00
David Garske 59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup:
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
2018-12-21 09:54:55 -08:00
David Garske 00dd222aa5 Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled. 2018-12-21 08:21:59 -08:00
David Garske 9733076fe0 Fixes and cleanups for processing peer certificates:
* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
2018-12-21 08:20:04 -08:00
David Garske 3e31115654 Merge pull request #1993 from JacobBarthelmeh/Testing
Release Testing
2018-12-20 16:19:17 -08:00
Jacob Barthelmeh d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh 7d11c3f67c fix for reported nightly Jenkins build tests 2018-12-20 13:35:54 -07:00
David Garske a4a4cd6a3c Merge pull request #1992 from SparkiDev/tls13_group_hrr
Fix HelloRetryRequest to be sent immediately and not grouped
2018-12-20 11:14:30 -08:00
Jacob Barthelmeh 5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh 164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Sean Parkinson eba11e097a Fix HelloRetryRequest to be sent immediately and not grouped 2018-12-20 16:41:38 +10:00
Jacob Barthelmeh 48c267dda8 fix warning with secure-renegotiation build and error with ntru build 2018-12-19 15:47:43 -07:00
Jacob Barthelmeh 165a80d02d fix for build with cryptonly + rsapub 2018-12-19 15:30:22 -07:00
Jacob Barthelmeh 92d59c7df4 fix for cryptonly + rsavfy build 2018-12-19 14:36:32 -07:00
David Garske 413506f2b5 Adds new wc_RsaSetNonblockTime API and WC_RSA_NONBLOCK_TIME build option. This new function configures the maximum amount of blocking time in microseconds. It uses a pre-computed table along with the CPU speed in megahertz to determine if the next operation can be completed within the maximum blocking time provided. 2018-12-19 13:15:41 -08:00
Jacob Barthelmeh fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska 986b5d3951 Merge pull request #1988 from JacobBarthelmeh/ARMv8
add -mstrict-align flag with armasm
2018-12-18 15:51:32 -08:00
toddouska 4068975190 Merge pull request #1983 from dgarske/x509small_verifycb
Include current cert as X509 in verify callback for small build
2018-12-18 15:40:00 -08:00
toddouska 58a2f518e8 Merge pull request #1981 from dgarske/qat_features
Added RSA Key Gen and SHA-3 support for Intel QuickAssist
2018-12-18 15:39:38 -08:00
toddouska 0a6732ee67 Merge pull request #1979 from SparkiDev/tls_sh_tlsx_parse
Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type
2018-12-18 15:39:12 -08:00
toddouska 4a170c0399 Merge pull request #1971 from SparkiDev/tls13_old_hello
Don't expect old ClientHello when version is TLS 1.3
2018-12-18 15:38:44 -08:00
toddouska f1c62f191d Merge pull request #1941 from ejohnstown/rekey
Server Side Secure Renegotiation
2018-12-18 15:38:16 -08:00
Jacob Barthelmeh c41d02e72f fix for Aarch32 aesgcm sanity checks 2018-12-18 10:35:53 -07:00
Jacob Barthelmeh 412966ed80 add -mstrict-align flag with armasm 2018-12-17 17:36:48 -07:00
David Garske 443dbf251b Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small. 2018-12-17 13:02:14 -08:00