Sean Parkinson
5530336617
SP Mod exp cast fix
2019-08-20 08:50:57 +10:00
Takashi Kojo
fd0390430d
Give error code resolution to wolfSSL_CertManagerCheckOCSPResponse
2019-08-20 07:22:54 +09:00
Jacob Barthelmeh
01a3b59e28
fix cast and initialization of variable
2019-08-19 14:54:53 -06:00
David Garske
3e1c103c78
Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted).
2019-08-16 16:09:00 -07:00
David Garske
586b74b05f
Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex.
2019-08-16 15:19:55 -07:00
toddouska
7d4023f6a1
Merge pull request #2408 from dgarske/coverity
...
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh
487e66394e
adjust wc_i2d_PKCS12 API
2019-08-16 15:19:33 -06:00
David Garske
3f992ce39d
Additional STM32F7 fixes with HALv2.
2019-08-16 12:31:28 -07:00
David Garske
eb68ad162b
Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE.
2019-08-16 10:20:25 -07:00
John Safranek
e8986f389f
wolfRand
...
1. Updated fips-check.sh to make an archive for wolfRand.
2. Updated configure.ac to provide a wolfRand build.
wolfRand-RC2
2019-08-16 09:33:41 -07:00
toddouska
dea4f2fb1a
Merge pull request #2410 from SparkiDev/poly1305_x64_fix
...
Fix Poly1305 on Intel AVX2
2019-08-16 09:08:27 -07:00
Sean Parkinson
8454bd1077
Fix Poly1305 on Intel AVX2
...
Fix define checks for other x86_64 assembly code files
2019-08-16 17:42:19 +10:00
David Garske
0d13b385ab
Fixes for possible cases where DerBuffer is not free'd in AddCA error cases.
2019-08-15 17:01:30 -07:00
David Garske
aee766e11b
Minor fixes for AES GCM with GMAC and STM32 HALv2.
2019-08-15 16:57:38 -07:00
John Safranek
e7f0ed4b98
wolfRand
...
1. Excluded wc_encrypt.c from the wolfRand build.
2019-08-15 16:22:16 -07:00
John Safranek
9d53e9b6d5
wolfRand
...
1. Add fips.h to the install if doing a wolfRand build.
2019-08-15 16:22:16 -07:00
John Safranek
63fe2a219e
wolfRand
...
In configure.ac,
1. Change some whitespace in the FIPS enable section.
2. Reorganize the FIPS section a little bit.
3. When enabling wolfRand, also force cryptonly.
4. Treat wolfRand like FIPSv2 at build time.
In the source include.am,
5. Add checks against BUILD_FIPS_RAND as appropriate.
6. Add the SHA-256 assembly to the wolfRand source list.
2019-08-15 16:22:16 -07:00
John Safranek
a229e1e8e4
wolfRand
...
1. Rearrange some of the macros in the FIPS section to separate out the
different flavors of FIPS with their own flags to set them apart.
2. Add automake flags for FIPSv1 and wolfRand.
2019-08-15 16:22:16 -07:00
John Safranek
0931b574a7
wolfRand
...
1. Refactored src/include.am to use the new changes in configure for
multiple FIPS versions.
2. Added conditions for wolfRand.
2019-08-15 16:22:16 -07:00
John Safranek
14316f8e24
wolfRand
...
Refactor the configure.ac script to make adding additional FIPS options
easier.
2019-08-15 16:22:16 -07:00
toddouska
489af0cd2b
Merge pull request #2386 from SparkiDev/tls13_integ_only
...
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
toddouska
51c31695bd
Merge pull request #2391 from SparkiDev/tfm_dh_2
...
Specialized mod exponentiation for base 2 in tfm.c and integer.c
2019-08-15 15:59:20 -07:00
toddouska
b06dbf16c2
Merge pull request #2397 from JacobBarthelmeh/PKCS7
...
updates to CMS and callback functions
2019-08-15 15:56:41 -07:00
toddouska
089ca6d6e8
Merge pull request #2403 from JacobBarthelmeh/HardwareAcc
...
build with devcrypto and aesccm
2019-08-15 15:54:41 -07:00
toddouska
0a1a81ab42
Merge pull request #2407 from embhorn/api_p1_2
...
Adding phase 1 API from other projects
2019-08-15 14:13:10 -07:00
Eric Blankenhorn
1b841363cc
Adding tests
2019-08-15 12:27:23 -05:00
David Garske
ed7ac6fb26
Coverity fixes to make static analysis happy.
2019-08-14 15:42:47 -07:00
Eric Blankenhorn
b2b24a06f3
Adding API
2019-08-14 15:09:17 -05:00
toddouska
cb33ada380
Merge pull request #2395 from embhorn/api_p1
...
Adding compatibility API phase 1
2019-08-13 17:19:22 -07:00
David Garske
e75417fde1
Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
...
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:
```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```
RFC 5246: 7.4.1.3: Server Hello: `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Eric Blankenhorn
48fa6a458c
Adding compatibility API phase 1
2019-08-13 17:09:56 -05:00
toddouska
fa79ef0940
Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility
...
Phase 1 of the OpenSSL Compatibility APIs
2019-08-13 14:56:09 -07:00
Jacob Barthelmeh
e8e1d35744
build with devcrypto and aesccm
2019-08-13 14:12:45 -06:00
Tesfa Mael
9301cce9ac
Check a null pointer dereference
2019-08-13 11:48:20 -07:00
Tesfa Mael
b1ad0525ea
cast to correct static analysis issue
2019-08-13 10:45:24 -07:00
Tesfa Mael
b7bd710bc8
Add small stack option
2019-08-13 10:29:37 -07:00
Tesfa Mael
1acd24deb8
Review comment to reduce stack usage
2019-08-13 10:15:57 -07:00
Tesfa Mael
b9ddbb974a
perform domain name check on the peer certificate
2019-08-13 09:55:28 -07:00
Jacob Barthelmeh
20d9d5b0da
account for KARI bundle without CERT when callback is set
2019-08-12 17:37:09 -06:00
Jacob Barthelmeh
883d5778a3
handle optional parameters with KARI ECC key
2019-08-12 16:41:35 -06:00
Jacob Barthelmeh
f4d9991e3a
remove restriction on key wrap type with callback
2019-08-12 15:34:20 -06:00
Ralf Schlatterbeck
63c6c47165
Fixes for 16-bit systems
...
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
2019-08-10 18:27:29 +02:00
Jacob Barthelmeh
6054a851ce
move decrypt content callback function to more generic spot
2019-08-09 17:38:30 -06:00
David Garske
e7c6fc221d
Fixes to handle byte swapping on Key and IV for STM32F7 with latest CubeMX.
2019-08-09 15:40:26 -07:00
David Garske
0a4ac0e380
Merge pull request #2401 from SparkiDev/aesni_null_iv
...
Set the IV to zero when NULL IV and using AESNI
2019-08-09 12:57:48 -07:00
Sean Parkinson
d4cf6e37e8
DH base 2 impl - better error handling
2019-08-09 12:12:59 -06:00
Sean Parkinson
dd48c825ed
Constant compare the HMAC result when using NULL cipher and TLS 1.3
2019-08-09 11:50:07 -06:00
Sean Parkinson
34fe643938
Set the IV to zero when NULL IV and using AESNI
2019-08-09 11:23:14 -06:00
JacobBarthelmeh
1396ca085b
Merge pull request #2400 from dgarske/pkcs7_typo
...
Fix for dynamic type typo in PKCS7
2019-08-09 10:34:41 -06:00
David Garske
8e4fa1c786
Fix for dynamic type typo in PKCS7.
2019-08-08 20:14:39 -07:00