Commit Graph

11142 Commits

Author SHA1 Message Date
toddouska baf65f4f43 Merge pull request #2327 from JacobBarthelmeh/Compatibility-Layer
add wolfSSL_PEM_write_DHparams implementation
2019-07-08 12:58:10 -07:00
toddouska e6ab7d165c Merge pull request #2325 from JacobBarthelmeh/Testing
remove HAVE_CRL macro guard from X509 PEM write function
2019-07-08 12:57:15 -07:00
toddouska 66db74d827 Merge pull request #2313 from SparkiDev/tls13_reneg
Fix for TLS 1.3 and secure renegotiation
2019-07-08 12:56:02 -07:00
toddouska 406ff31fc8 Merge pull request #2311 from SparkiDev/tls12_ffdhe_fix
Better support for TLS 1.2 and FFDHE
2019-07-08 12:55:03 -07:00
toddouska 1070aba5e2 Merge pull request #2308 from SparkiDev/resumption_fix
Don't resume if stored session's ciphersuite isn't in client list
2019-07-08 12:52:59 -07:00
toddouska 2610d9ce94 Merge pull request #2307 from SparkiDev/pick_hash_sig
Improve hash and signature algorithm selection
2019-07-08 12:51:36 -07:00
toddouska 74324bb1b5 Merge pull request #2305 from SparkiDev/doalert_fix
Better handling of alerts
2019-07-08 12:50:26 -07:00
toddouska 60d6d71636 Merge pull request #2304 from SparkiDev/tls_sha224
Support to TLS for RSA SHA-224 signatures
2019-07-08 12:47:56 -07:00
toddouska 2a4b935e07 Merge pull request #2299 from JacobBarthelmeh/DTLS-MultiCore
DTLS export/import state only
2019-07-08 12:47:13 -07:00
toddouska cc453c6c12 Merge pull request #2262 from ejohnstown/sniffer-watch
Sniffer watch
2019-07-08 12:45:35 -07:00
Jacob Barthelmeh b5a5100068 move location of X509 free 2019-07-05 14:33:35 -06:00
David Garske 964dac96a7 Merge pull request #2321 from kaleb-himes/ARDUINO-UPDATE
Remove redundent setting WOLFSSL_ARDUINO and add guards
2019-07-05 11:35:30 -07:00
David Garske 011fa6bafd Added PBKDF2 benchmark. Benchmark improvements to capture results in static buffer (helps benchmarking on systems without printf support). Added benchmark "-print" option to show summary. Added wolfCrypt test version header. 2019-07-05 11:29:14 -07:00
David Garske c9f18bfe3b Merge pull request #2326 from SparkiDev/sp_update_1
Changes to other SP implementations based on recent changes
2019-07-05 11:19:01 -07:00
Jacob Barthelmeh 4cf8923838 make wc_DhParamsToDer a static function to avoid DhKey redefenition 2019-07-05 11:58:40 -06:00
Sean Parkinson 8dccecc531 Improve perfomance of Poly1305 on ARM64 2019-07-05 14:41:46 +10:00
Sean Parkinson 61e1491407 Fix for C32 implementation in div
Changes to allow C32 to build on x86_64 when not using fast math.
2019-07-05 10:39:30 +10:00
Takashi Kojo 9b654d25d1 wolfSSL_RAND_seed(NULL, 0); 2019-07-04 18:31:57 +09:00
Jacob Barthelmeh 5dcd421580 scan-build fixes 2019-07-03 17:08:02 -06:00
Jacob Barthelmeh ab9d89cb31 cast on return and move location of function declaration 2019-07-03 15:20:08 -06:00
Jacob Barthelmeh 02871d5ed4 add test case for wolfSSL_PEM_write_DHparams 2019-07-03 13:32:21 -06:00
John Safranek 0b5ee1b633 Merge pull request #2324 from dgarske/cryptocb_3des
Crypto callback DES3 support
2019-07-03 10:17:23 -07:00
Jacob Barthelmeh 8327984523 fix for leading bit check 2019-07-03 10:35:08 -06:00
Jacob Barthelmeh f2bb5e8944 implementation of wolfSSL_PEM_write_DHparams 2019-07-02 17:42:33 -06:00
Sean Parkinson 7c393edf49 Changes to other SP implementations based on recent changes 2019-07-03 09:37:31 +10:00
David Garske 58fe2781f1 Fix for wc_CryptoCb_AesCbcEncrypt with improper find device logic. Fix for HMAC scan-build with ret. Cleanup of HMAC formatting. 2019-07-02 14:08:59 -07:00
Jacob Barthelmeh a7acacff41 remove HAVE_CRL macro guard from X509 PEM write function 2019-07-02 14:37:33 -06:00
David Garske d5f3fa2ff8 Added DES3 Crypto callback support. 2019-07-02 10:15:53 -07:00
David Garske 01c9fa1830 Added NO_TFM_64BIT option to disable 64-bit for TFM only (also enabled with NO_64BIT. This allows other areas like SHA512/ChaCha20 to still have the 64-bit type, but not use it for TFM. 2019-07-02 09:36:08 -07:00
David Garske eba78cd87a Improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt.c. Adds --enable-pkcs12, HAVE_PKCS12/NO_PKCS12, HAVE_PKCS8 / NO_PKCS8 and HAVE_PBKDF1 / NO_PBKDF1. 2019-07-02 09:35:46 -07:00
Sean Parkinson 40864da533 Fix prime testing to do t iterations of random values in range 2019-07-02 14:42:03 +10:00
Sean Parkinson 0e33e2d9ee Check PickHashSigAlgo return when doing CerticateRequest
Only check picking the hash and signature algorithm functions return
when a certificate is available to send to peer.
Include the ECC signature and hash algorithms in available list even
when using ECDSA certificates signed with RSA.
List is of capabilities not what is in certificate.
Certificate request sent to peer doesn't have to be an ECDSA certificate
signed with RSA.
Same treatment for RSA.
2019-07-02 11:53:04 +10:00
Sean Parkinson 28aa99c3e3 Always have support for SHA-224 signatures when SHA-224 built-in 2019-07-02 08:27:04 +10:00
John Safranek 21afcf17a8 Sniffer Watch Mode
1. Split the function ssl_SetWatchKey() into ssl_SetWatchKey_file()
which loads the key from a named file and ssl_SetWatchKey_buffer()
which loads the key from a provided buffer. file() uses buffer().
2019-07-01 13:50:28 -07:00
John Safranek b02e1e8d59 Sniffer Watch Mode
Added some statistics tracking to the watch mode.
2019-07-01 13:50:28 -07:00
John Safranek 8be6c0c08c Sniffer Watch Mode
Add some tests for the Watch mode that will also work with static ECDH.
2019-07-01 13:50:28 -07:00
John Safranek b61803f165 Sniffer Watch Mode
Added the build option for the Watch mode for the sniffer. Instead of
setting a set of IP addresses and keys, you set a callback function.
When any TLS connection is started, the hook is called and a hash of the
peer certificate is given to the callback function. It has a chance to
load a private key into the sniffer session. Enable this option with the
build flag "WOLFSSL_SNIFFER_WATCH".
2019-07-01 13:50:28 -07:00
David Garske fd71618f10 Added warning message if user IO read callback returns negative that is not supported. 2019-07-01 13:41:17 -07:00
David Garske b2f919ec13 Fix to include errno.h in tls_bench.c 2019-07-01 13:41:17 -07:00
David Garske 354ec9cd9d Add useful log message when SP math key size is invalid. 2019-07-01 13:41:17 -07:00
David Garske f8e3e63938 Fix for building with USE_STSAFE_VERBOSE to avoid printf use. 2019-07-01 13:41:17 -07:00
toddouska 3652929573 Merge pull request #2310 from SparkiDev/alpn_sni_parse
ALPN and SNI Extension parsing improvements
2019-07-01 08:57:39 -07:00
toddouska 4500f2d773 Merge pull request #2309 from SparkiDev/fallback_scsv
Fallback SCSV (Signaling Cipher Suite Value) support on Server only
2019-07-01 08:55:02 -07:00
toddouska 08bd5000f1 Merge pull request #2306 from SparkiDev/tls_long_msg
Add detection of oversized encrypted data and plaintext
2019-07-01 08:51:20 -07:00
kaleb-himes db17fce49a Remove redundent setting WOLFSSL_ARDUINO and add guards 2019-07-01 09:02:21 -06:00
Sean Parkinson b7e00eea1a Send more alerts as per TLS specification
Requires WOLFSSL_EXTRA_ALERTS or OPENSSL_EXTRA to enable
2019-07-01 17:01:06 +10:00
Sean Parkinson 1fe69992e2 Improve alert sending in TLS 1.3 code from fuzz testing 2019-07-01 14:20:36 +10:00
Sean Parkinson 373bbf6660 Changes to server example for fuzz testing 2019-07-01 13:35:33 +10:00
Sean Parkinson 707156f53b Fix for NO_FILESYSTEM builds 2019-07-01 13:26:28 +10:00
Sean Parkinson 4ff9d951f6 TLS 1.3 ClientHello rework and other fixes
Do version negotiation first. Look for, parse and negotiate with
SupportedVersions extension upfront. Only need to handle TLS 1.3
ClientHello after this.
Any version greater than TLS 1.2 in Legacy Version field is translated
to TLS 1.2.
Fix preMasterSz to when not using PreSharedKey.
Not finsing KeyShare in ClientHello sends a missing_extension alert.
Decoding signature algorithms in new TLS 1.3 range now returns error
when not recognized.
Don't allow RSA PKCS #1.5 signatures to be verified.
Fix accept when downgraded from TLS 1.3 to go to wolfSSL_accept.
Fix server state when sending ChangeCipherSpec for MiddleBox
compatability.
Send a new session ticket even when resuming.
2019-07-01 13:22:21 +10:00