toddouska
baf65f4f43
Merge pull request #2327 from JacobBarthelmeh/Compatibility-Layer
...
add wolfSSL_PEM_write_DHparams implementation
2019-07-08 12:58:10 -07:00
toddouska
e6ab7d165c
Merge pull request #2325 from JacobBarthelmeh/Testing
...
remove HAVE_CRL macro guard from X509 PEM write function
2019-07-08 12:57:15 -07:00
toddouska
66db74d827
Merge pull request #2313 from SparkiDev/tls13_reneg
...
Fix for TLS 1.3 and secure renegotiation
2019-07-08 12:56:02 -07:00
toddouska
406ff31fc8
Merge pull request #2311 from SparkiDev/tls12_ffdhe_fix
...
Better support for TLS 1.2 and FFDHE
2019-07-08 12:55:03 -07:00
toddouska
1070aba5e2
Merge pull request #2308 from SparkiDev/resumption_fix
...
Don't resume if stored session's ciphersuite isn't in client list
2019-07-08 12:52:59 -07:00
toddouska
2610d9ce94
Merge pull request #2307 from SparkiDev/pick_hash_sig
...
Improve hash and signature algorithm selection
2019-07-08 12:51:36 -07:00
toddouska
74324bb1b5
Merge pull request #2305 from SparkiDev/doalert_fix
...
Better handling of alerts
2019-07-08 12:50:26 -07:00
toddouska
60d6d71636
Merge pull request #2304 from SparkiDev/tls_sha224
...
Support to TLS for RSA SHA-224 signatures
2019-07-08 12:47:56 -07:00
toddouska
2a4b935e07
Merge pull request #2299 from JacobBarthelmeh/DTLS-MultiCore
...
DTLS export/import state only
2019-07-08 12:47:13 -07:00
toddouska
cc453c6c12
Merge pull request #2262 from ejohnstown/sniffer-watch
...
Sniffer watch
2019-07-08 12:45:35 -07:00
Jacob Barthelmeh
b5a5100068
move location of X509 free
2019-07-05 14:33:35 -06:00
David Garske
964dac96a7
Merge pull request #2321 from kaleb-himes/ARDUINO-UPDATE
...
Remove redundent setting WOLFSSL_ARDUINO and add guards
2019-07-05 11:35:30 -07:00
David Garske
011fa6bafd
Added PBKDF2 benchmark. Benchmark improvements to capture results in static buffer (helps benchmarking on systems without printf support). Added benchmark "-print" option to show summary. Added wolfCrypt test version header.
2019-07-05 11:29:14 -07:00
David Garske
c9f18bfe3b
Merge pull request #2326 from SparkiDev/sp_update_1
...
Changes to other SP implementations based on recent changes
2019-07-05 11:19:01 -07:00
Jacob Barthelmeh
4cf8923838
make wc_DhParamsToDer a static function to avoid DhKey redefenition
2019-07-05 11:58:40 -06:00
Sean Parkinson
8dccecc531
Improve perfomance of Poly1305 on ARM64
2019-07-05 14:41:46 +10:00
Sean Parkinson
61e1491407
Fix for C32 implementation in div
...
Changes to allow C32 to build on x86_64 when not using fast math.
2019-07-05 10:39:30 +10:00
Takashi Kojo
9b654d25d1
wolfSSL_RAND_seed(NULL, 0);
2019-07-04 18:31:57 +09:00
Jacob Barthelmeh
5dcd421580
scan-build fixes
2019-07-03 17:08:02 -06:00
Jacob Barthelmeh
ab9d89cb31
cast on return and move location of function declaration
2019-07-03 15:20:08 -06:00
Jacob Barthelmeh
02871d5ed4
add test case for wolfSSL_PEM_write_DHparams
2019-07-03 13:32:21 -06:00
John Safranek
0b5ee1b633
Merge pull request #2324 from dgarske/cryptocb_3des
...
Crypto callback DES3 support
2019-07-03 10:17:23 -07:00
Jacob Barthelmeh
8327984523
fix for leading bit check
2019-07-03 10:35:08 -06:00
Jacob Barthelmeh
f2bb5e8944
implementation of wolfSSL_PEM_write_DHparams
2019-07-02 17:42:33 -06:00
Sean Parkinson
7c393edf49
Changes to other SP implementations based on recent changes
2019-07-03 09:37:31 +10:00
David Garske
58fe2781f1
Fix for wc_CryptoCb_AesCbcEncrypt with improper find device logic. Fix for HMAC scan-build with ret. Cleanup of HMAC formatting.
2019-07-02 14:08:59 -07:00
Jacob Barthelmeh
a7acacff41
remove HAVE_CRL macro guard from X509 PEM write function
2019-07-02 14:37:33 -06:00
David Garske
d5f3fa2ff8
Added DES3 Crypto callback support.
2019-07-02 10:15:53 -07:00
David Garske
01c9fa1830
Added NO_TFM_64BIT option to disable 64-bit for TFM only (also enabled with NO_64BIT. This allows other areas like SHA512/ChaCha20 to still have the 64-bit type, but not use it for TFM.
2019-07-02 09:36:08 -07:00
David Garske
eba78cd87a
Improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt.c. Adds --enable-pkcs12, HAVE_PKCS12/NO_PKCS12, HAVE_PKCS8 / NO_PKCS8 and HAVE_PBKDF1 / NO_PBKDF1.
2019-07-02 09:35:46 -07:00
Sean Parkinson
40864da533
Fix prime testing to do t iterations of random values in range
2019-07-02 14:42:03 +10:00
Sean Parkinson
0e33e2d9ee
Check PickHashSigAlgo return when doing CerticateRequest
...
Only check picking the hash and signature algorithm functions return
when a certificate is available to send to peer.
Include the ECC signature and hash algorithms in available list even
when using ECDSA certificates signed with RSA.
List is of capabilities not what is in certificate.
Certificate request sent to peer doesn't have to be an ECDSA certificate
signed with RSA.
Same treatment for RSA.
2019-07-02 11:53:04 +10:00
Sean Parkinson
28aa99c3e3
Always have support for SHA-224 signatures when SHA-224 built-in
2019-07-02 08:27:04 +10:00
John Safranek
21afcf17a8
Sniffer Watch Mode
...
1. Split the function ssl_SetWatchKey() into ssl_SetWatchKey_file()
which loads the key from a named file and ssl_SetWatchKey_buffer()
which loads the key from a provided buffer. file() uses buffer().
2019-07-01 13:50:28 -07:00
John Safranek
b02e1e8d59
Sniffer Watch Mode
...
Added some statistics tracking to the watch mode.
2019-07-01 13:50:28 -07:00
John Safranek
8be6c0c08c
Sniffer Watch Mode
...
Add some tests for the Watch mode that will also work with static ECDH.
2019-07-01 13:50:28 -07:00
John Safranek
b61803f165
Sniffer Watch Mode
...
Added the build option for the Watch mode for the sniffer. Instead of
setting a set of IP addresses and keys, you set a callback function.
When any TLS connection is started, the hook is called and a hash of the
peer certificate is given to the callback function. It has a chance to
load a private key into the sniffer session. Enable this option with the
build flag "WOLFSSL_SNIFFER_WATCH".
2019-07-01 13:50:28 -07:00
David Garske
fd71618f10
Added warning message if user IO read callback returns negative that is not supported.
2019-07-01 13:41:17 -07:00
David Garske
b2f919ec13
Fix to include errno.h in tls_bench.c
2019-07-01 13:41:17 -07:00
David Garske
354ec9cd9d
Add useful log message when SP math key size is invalid.
2019-07-01 13:41:17 -07:00
David Garske
f8e3e63938
Fix for building with USE_STSAFE_VERBOSE to avoid printf use.
2019-07-01 13:41:17 -07:00
toddouska
3652929573
Merge pull request #2310 from SparkiDev/alpn_sni_parse
...
ALPN and SNI Extension parsing improvements
2019-07-01 08:57:39 -07:00
toddouska
4500f2d773
Merge pull request #2309 from SparkiDev/fallback_scsv
...
Fallback SCSV (Signaling Cipher Suite Value) support on Server only
2019-07-01 08:55:02 -07:00
toddouska
08bd5000f1
Merge pull request #2306 from SparkiDev/tls_long_msg
...
Add detection of oversized encrypted data and plaintext
2019-07-01 08:51:20 -07:00
kaleb-himes
db17fce49a
Remove redundent setting WOLFSSL_ARDUINO and add guards
2019-07-01 09:02:21 -06:00
Sean Parkinson
b7e00eea1a
Send more alerts as per TLS specification
...
Requires WOLFSSL_EXTRA_ALERTS or OPENSSL_EXTRA to enable
2019-07-01 17:01:06 +10:00
Sean Parkinson
1fe69992e2
Improve alert sending in TLS 1.3 code from fuzz testing
2019-07-01 14:20:36 +10:00
Sean Parkinson
373bbf6660
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
Sean Parkinson
707156f53b
Fix for NO_FILESYSTEM builds
2019-07-01 13:26:28 +10:00
Sean Parkinson
4ff9d951f6
TLS 1.3 ClientHello rework and other fixes
...
Do version negotiation first. Look for, parse and negotiate with
SupportedVersions extension upfront. Only need to handle TLS 1.3
ClientHello after this.
Any version greater than TLS 1.2 in Legacy Version field is translated
to TLS 1.2.
Fix preMasterSz to when not using PreSharedKey.
Not finsing KeyShare in ClientHello sends a missing_extension alert.
Decoding signature algorithms in new TLS 1.3 range now returns error
when not recognized.
Don't allow RSA PKCS #1.5 signatures to be verified.
Fix accept when downgraded from TLS 1.3 to go to wolfSSL_accept.
Fix server state when sending ChangeCipherSpec for MiddleBox
compatability.
Send a new session ticket even when resuming.
2019-07-01 13:22:21 +10:00