Commit Graph

3268 Commits

Author SHA1 Message Date
Tesfa Mael 739b57c753 Initial Deos RTOS port
- Added support for Deos with no file system
- Implemented a custom malloc since reusing and freeing memory is disallowed in avionics and mission critical applications.
- Added TLS client and server example with a TCP setup mailbox transport
- Timer starts at an offset of CURRENT_UNIX_TIMESTAMP specified by the user
- Uses rand_r() as a pseudo random number generator and uses the current time in seconds as a seed
- Uses strnicmp for XSTRNCASECMP instead of strncasecmp
- a readme doc included
2019-01-18 14:46:39 -08:00
David Garske 91573735b1 Merge pull request #2036 from ejohnstown/fragsz
TLS Record Fragment Size Check Change
2019-01-17 08:56:45 -08:00
John Safranek 5e03ac13f6 TLS Record Fragment Size Check Change
Fixed a potential bug with respect to processing fragmented handshake
messages. If a handshake message is fragmented across multiple TLS
records and the last fragment's record has the next handshake message in
it, we would throw a buffer error instead of processing the next
message. Changed this so it will finish the handshake message and return
out to process the next message. Also changed the handling of the
handshake message to follow the calling pattern.
2019-01-16 15:53:57 -08:00
John Safranek d5b06f93fd Merge pull request #2031 from SparkiDev/sec_reneg_chrome
Changes to secure renegotiation for TLS 1.3 and Chrome
2019-01-16 12:00:08 -08:00
toddouska 5d262e9123 Merge pull request #2027 from dgarske/fix_buildopts
Fixes for various build options and warnings
2019-01-16 10:32:19 -08:00
toddouska b683a5a6bb Merge pull request #1945 from victork1996/bugfix/openssl-evp-bytes-to-key-compatibility
Fixed OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
2019-01-16 10:18:08 -08:00
toddouska b37c94a15c Merge pull request #2022 from JacobBarthelmeh/OCSP
memory management with OCSP requests
2019-01-16 08:52:50 -08:00
Sean Parkinson b2e4c86028 Changes to secure renegotiation for TLS 1.3 and Chrome 2019-01-15 09:47:23 -08:00
Jacob Barthelmeh 6ac384793f memory management with OCSP requests 2019-01-14 09:49:50 -07:00
David Garske cfc66dab47 Fix compiler complaints when using Curve25519. 2019-01-11 21:16:13 -08:00
David Garske 45cd80b4b7 Fix define check of NO_CERT to be NO_CERTS. 2019-01-11 21:10:07 -08:00
David Garske 406d2ceb6b Merge pull request #2023 from miyazakh/fix_no_hash_raw
fix no_hash_raw for esp32 hw acceleration
2019-01-11 21:04:04 -08:00
Hideki Miyazaki bdc5dd41d1 fix no_hash_raw for esp32 hw acceleration 2019-01-09 16:56:47 +09:00
Jacob Barthelmeh 26ae39a217 check if secure renegotiation struct available 2019-01-04 13:22:34 -07:00
Jacob Barthelmeh a00eaeb877 add ocsp stapling test and initialize values 2019-01-04 13:16:47 -07:00
toddouska ed80cf4f4d Merge pull request #2009 from JacobBarthelmeh/Testing
fix for some warnings and edge case build
2019-01-02 12:38:51 -08:00
toddouska 71bc571a8a Merge pull request #2000 from kojo1/EVP_CipherInit
EVP_CipherInit: allow NULL iv, key for openSSL compatibility
2019-01-02 12:04:38 -08:00
Jacob Barthelmeh a1459f6fec fix build when QSH is enabled and TLS 1.3 is enabled 2018-12-28 17:16:34 -07:00
David Garske 2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske 1eccaae25f Fix for DTLS async shrinking input buffer too soon and causing -308 (INCOMPLETE_DATA). 2018-12-27 11:07:32 -08:00
toddouska 697c99a9ec Merge pull request #1934 from dgarske/fix_alt_chain
Fixes and cleanups for processing peer certificates
2018-12-26 15:09:42 -08:00
Takashi Kojo f97696a546 AesSetKey_ to AesSetKey_ex 2018-12-26 13:52:41 +09:00
Takashi Kojo 0c828d14a0 Name conficted. filter out with NO_AES 2018-12-24 17:27:41 +09:00
Takashi Kojo ae09fbe8a2 EVP_CipherInit: allow NULL iv for openSSL compatibility 2018-12-24 12:00:21 +09:00
Jacob Barthelmeh 6191cb1927 free internal OCSP buffers 2018-12-21 12:30:49 -07:00
David Garske 9733076fe0 Fixes and cleanups for processing peer certificates:
* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
2018-12-21 08:20:04 -08:00
David Garske 3e31115654 Merge pull request #1993 from JacobBarthelmeh/Testing
Release Testing
2018-12-20 16:19:17 -08:00
Jacob Barthelmeh d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh 5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh 164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Sean Parkinson eba11e097a Fix HelloRetryRequest to be sent immediately and not grouped 2018-12-20 16:41:38 +10:00
Jacob Barthelmeh fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska 4068975190 Merge pull request #1983 from dgarske/x509small_verifycb
Include current cert as X509 in verify callback for small build
2018-12-18 15:40:00 -08:00
toddouska 0a6732ee67 Merge pull request #1979 from SparkiDev/tls_sh_tlsx_parse
Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type
2018-12-18 15:39:12 -08:00
toddouska 4a170c0399 Merge pull request #1971 from SparkiDev/tls13_old_hello
Don't expect old ClientHello when version is TLS 1.3
2018-12-18 15:38:44 -08:00
toddouska f1c62f191d Merge pull request #1941 from ejohnstown/rekey
Server Side Secure Renegotiation
2018-12-18 15:38:16 -08:00
David Garske 443dbf251b Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small. 2018-12-17 13:02:14 -08:00
Sean Parkinson c628562ee7 Fix the Old ClientHello detection with TLS 1.3 with new state
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
2018-12-13 17:06:00 +10:00
Sean Parkinson f90e5601ad Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type 2018-12-13 16:12:53 +10:00
John Safranek f715d9179c Add check for buffer size versus pad size in DoCertificateStatus() 2018-12-12 12:48:30 -08:00
Sean Parkinson c844b1c253 ALPN is returned in ServerHello when downgrading from TLS 1.3
TLS 1.3 Specification has extension returned in EncryptedExtensions.
2018-12-11 19:01:49 +10:00
John Safranek dc82beea4e Mongoose Update
1. Add a couple more OpenSSL compatibility layer functions to the the HAVE_WEBSERVER option.
2018-12-10 11:28:32 -08:00
John Safranek bc4150af2c Mongoose Update
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
2018-12-10 11:28:32 -08:00
toddouska 6dfc723961 Merge pull request #1959 from SparkiDev/tls13_ems_down
Send EMS extension in ClientHello when downgradable from TLSv1.3
2018-12-06 07:42:55 -08:00
Sean Parkinson 1d5b99eecc Send EMS extension in ClientHello when downgradable from TLSv1.3 2018-12-06 09:41:22 +10:00
Sean Parkinson ab03f9291b Make RsaUnPad constant time when Block Type 2 message 2018-12-06 08:36:49 +10:00
John Safranek b145aab6b2 Server Side Renegotiation
1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation.
2. Add indication to both the server and client examples that the renegotiation was successful.
2018-12-05 13:08:24 -08:00
John Safranek ec76ab7e42 Server Side Renegotiation
1. Add an extra guard check around a call to SendHelloRequest() in the case where server renegotiation is disabled.
2. Replaced an accidental deletion of an include of the misc.h header for no inline builds.
2018-12-05 13:08:24 -08:00
John Safranek 69436b6d41 Server Side Secure Renegotiation
1. Fix spelling typo in a comment.
2. Correct the server's check of its secure renegotiation extension.
2018-12-05 13:08:24 -08:00
John Safranek 0abf7c4997 Server Side Secure Renegotiation
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
2018-12-05 13:08:24 -08:00