Commit Graph

11142 Commits

Author SHA1 Message Date
Sean Parkinson 5530336617 SP Mod exp cast fix 2019-08-20 08:50:57 +10:00
Takashi Kojo fd0390430d Give error code resolution to wolfSSL_CertManagerCheckOCSPResponse 2019-08-20 07:22:54 +09:00
Jacob Barthelmeh 01a3b59e28 fix cast and initialization of variable 2019-08-19 14:54:53 -06:00
David Garske 3e1c103c78 Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted). 2019-08-16 16:09:00 -07:00
David Garske 586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
toddouska 7d4023f6a1 Merge pull request #2408 from dgarske/coverity
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh 487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske 3f992ce39d Additional STM32F7 fixes with HALv2. 2019-08-16 12:31:28 -07:00
David Garske eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
John Safranek e8986f389f wolfRand
1. Updated fips-check.sh to make an archive for wolfRand.
2. Updated configure.ac to provide a wolfRand build.
wolfRand-RC2
2019-08-16 09:33:41 -07:00
toddouska dea4f2fb1a Merge pull request #2410 from SparkiDev/poly1305_x64_fix
Fix Poly1305 on Intel AVX2
2019-08-16 09:08:27 -07:00
Sean Parkinson 8454bd1077 Fix Poly1305 on Intel AVX2
Fix define checks for other x86_64 assembly code files
2019-08-16 17:42:19 +10:00
David Garske 0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
David Garske aee766e11b Minor fixes for AES GCM with GMAC and STM32 HALv2. 2019-08-15 16:57:38 -07:00
John Safranek e7f0ed4b98 wolfRand
1. Excluded wc_encrypt.c from the wolfRand build.
2019-08-15 16:22:16 -07:00
John Safranek 9d53e9b6d5 wolfRand
1. Add fips.h to the install if doing a wolfRand build.
2019-08-15 16:22:16 -07:00
John Safranek 63fe2a219e wolfRand
In configure.ac,
1. Change some whitespace in the FIPS enable section.
2. Reorganize the FIPS section a little bit.
3. When enabling wolfRand, also force cryptonly.
4. Treat wolfRand like FIPSv2 at build time.
In the source include.am,
5. Add checks against BUILD_FIPS_RAND as appropriate.
6. Add the SHA-256 assembly to the wolfRand source list.
2019-08-15 16:22:16 -07:00
John Safranek a229e1e8e4 wolfRand
1. Rearrange some of the macros in the FIPS section to separate out the
different flavors of FIPS with their own flags to set them apart.
2. Add automake flags for FIPSv1 and wolfRand.
2019-08-15 16:22:16 -07:00
John Safranek 0931b574a7 wolfRand
1. Refactored src/include.am to use the new changes in configure for
multiple FIPS versions.
2. Added conditions for wolfRand.
2019-08-15 16:22:16 -07:00
John Safranek 14316f8e24 wolfRand
Refactor the configure.ac script to make adding additional FIPS options
easier.
2019-08-15 16:22:16 -07:00
toddouska 489af0cd2b Merge pull request #2386 from SparkiDev/tls13_integ_only
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
toddouska 51c31695bd Merge pull request #2391 from SparkiDev/tfm_dh_2
Specialized mod exponentiation for base 2 in tfm.c and integer.c
2019-08-15 15:59:20 -07:00
toddouska b06dbf16c2 Merge pull request #2397 from JacobBarthelmeh/PKCS7
updates to CMS and callback functions
2019-08-15 15:56:41 -07:00
toddouska 089ca6d6e8 Merge pull request #2403 from JacobBarthelmeh/HardwareAcc
build with devcrypto and aesccm
2019-08-15 15:54:41 -07:00
toddouska 0a1a81ab42 Merge pull request #2407 from embhorn/api_p1_2
Adding phase 1 API from other projects
2019-08-15 14:13:10 -07:00
Eric Blankenhorn 1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
David Garske ed7ac6fb26 Coverity fixes to make static analysis happy. 2019-08-14 15:42:47 -07:00
Eric Blankenhorn b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
toddouska cb33ada380 Merge pull request #2395 from embhorn/api_p1
Adding compatibility API phase 1
2019-08-13 17:19:22 -07:00
David Garske e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Eric Blankenhorn 48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
toddouska fa79ef0940 Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility
Phase 1 of the OpenSSL Compatibility APIs
2019-08-13 14:56:09 -07:00
Jacob Barthelmeh e8e1d35744 build with devcrypto and aesccm 2019-08-13 14:12:45 -06:00
Tesfa Mael 9301cce9ac Check a null pointer dereference 2019-08-13 11:48:20 -07:00
Tesfa Mael b1ad0525ea cast to correct static analysis issue 2019-08-13 10:45:24 -07:00
Tesfa Mael b7bd710bc8 Add small stack option 2019-08-13 10:29:37 -07:00
Tesfa Mael 1acd24deb8 Review comment to reduce stack usage 2019-08-13 10:15:57 -07:00
Tesfa Mael b9ddbb974a perform domain name check on the peer certificate 2019-08-13 09:55:28 -07:00
Jacob Barthelmeh 20d9d5b0da account for KARI bundle without CERT when callback is set 2019-08-12 17:37:09 -06:00
Jacob Barthelmeh 883d5778a3 handle optional parameters with KARI ECC key 2019-08-12 16:41:35 -06:00
Jacob Barthelmeh f4d9991e3a remove restriction on key wrap type with callback 2019-08-12 15:34:20 -06:00
Ralf Schlatterbeck 63c6c47165 Fixes for 16-bit systems
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
2019-08-10 18:27:29 +02:00
Jacob Barthelmeh 6054a851ce move decrypt content callback function to more generic spot 2019-08-09 17:38:30 -06:00
David Garske e7c6fc221d Fixes to handle byte swapping on Key and IV for STM32F7 with latest CubeMX. 2019-08-09 15:40:26 -07:00
David Garske 0a4ac0e380 Merge pull request #2401 from SparkiDev/aesni_null_iv
Set the IV to zero when NULL IV and using AESNI
2019-08-09 12:57:48 -07:00
Sean Parkinson d4cf6e37e8 DH base 2 impl - better error handling 2019-08-09 12:12:59 -06:00
Sean Parkinson dd48c825ed Constant compare the HMAC result when using NULL cipher and TLS 1.3 2019-08-09 11:50:07 -06:00
Sean Parkinson 34fe643938 Set the IV to zero when NULL IV and using AESNI 2019-08-09 11:23:14 -06:00
JacobBarthelmeh 1396ca085b Merge pull request #2400 from dgarske/pkcs7_typo
Fix for dynamic type typo in PKCS7
2019-08-09 10:34:41 -06:00
David Garske 8e4fa1c786 Fix for dynamic type typo in PKCS7. 2019-08-08 20:14:39 -07:00