toddouska
025fba8ec6
Merge pull request #2093 from dgarske/tls13_async_dh
...
Fix for TLSv1.3 with DH key share when using QAT
2019-02-20 09:16:54 -08:00
toddouska
5d667ed1b8
Merge pull request #2075 from SparkiDev/port_zephyr
...
Zephyr port of crypto
2019-02-20 09:10:04 -08:00
David Garske
d81fb727a3
Adds ECC_PUBLICKEY_TYPE to the support PEM header types. Fixes #2097 .
2019-02-20 08:40:57 -08:00
John Safranek
1f6314746c
Secure Renegotiation
...
1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
2019-02-19 15:50:55 -08:00
David Garske
ba14564c49
Fix for STM32 AES GCM, which was incorrectly using software crypto when authInSz != 16. The wc_AesGcmEncrypt_STM32 and wc_AesGcmDecrypt_STM32 functions correctly handle all variations of authInSz.
2019-02-19 15:38:09 -08:00
David Garske
c2fbef2f7f
Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c.
2019-02-19 13:01:21 -08:00
David Garske
dc1f0d7822
Fix for DH with QuickAssist to only use hardware for supported key sizes. Fix in random.c for seed devId when building async without crypto callbacks.
2019-02-19 11:57:55 -08:00
Takashi Kojo
161e815c03
remove hard tab
2019-02-20 04:14:17 +09:00
Sean Parkinson
520ae52ece
Add support to PKCS #11 for AES-CBC and NO_PKCS11 defines
...
Added PKCS #11 specific defines to turn off support for algorithms.
2019-02-19 13:50:12 +10:00
Sean Parkinson
e3997558a9
Fixes from review and added REAMEs and setup.sh
...
Add README.md and setup.sh.
Add READMEs with license information.
2019-02-19 11:47:45 +10:00
Sean Parkinson
5e1eee091a
Add threaded samples using buffers and sockets
2019-02-19 11:47:45 +10:00
Sean Parkinson
4302c02e67
Include zephyr directories in the release
2019-02-19 11:47:44 +10:00
Sean Parkinson
2c447b24cd
Fixes from review and add IDE files
2019-02-19 11:47:44 +10:00
Sean Parkinson
3366acc9ce
Zephyr port of crypto
2019-02-19 11:47:44 +10:00
Sean Parkinson
7aa5cd6f10
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
...
Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS
1.3 already. On by default - no checking of prime required.
Add option to require client to see FFDHE parameters from server as per
'may' requirements in RFC 7919.
Change TLS 1.3 ClientHello and ServerHello parsing to find the
SupportedVersions extension first and process it. Then it can handle
other extensions knowing which protocol we are using.
2019-02-18 14:51:59 +10:00
Takashi Kojo
b842b8583e
add CMSIS RTOSv2 and imporove other default values to user_settings.h template
2019-02-18 06:48:20 +09:00
Takashi Kojo
0ee1e103dd
update project files
2019-02-18 06:46:41 +09:00
Takashi Kojo
239f878bd1
fix indentation
2019-02-18 06:45:26 +09:00
Takashi Kojo
f3c2125259
add Mutex type for CMSIS RTOSv2
2019-02-18 06:45:01 +09:00
Takashi Kojo
1c6911634c
sprit DECLARE_ARRAY_DYNAMIC into declaration and execution
2019-02-18 06:43:26 +09:00
Takashi Kojo
98e53cb4eb
Improved user_settings.h, Abstract.txt
2019-02-18 06:41:53 +09:00
Takashi Kojo
c7f8f9fc90
Declarations have to come before executable statements
...
WOLFSSL_MDK5_COMPLv5: mdk5 compiler ver 5 regards macro with args as executable statement (This seems to be fixed with v6)
2019-02-18 06:39:06 +09:00
jrblixt
6c3ed46542
examples server HTTP update.
2019-02-15 15:45:30 -07:00
John Safranek
c0d1241786
Modify the TLSv1.3 calls to the AES-GCM and AES-CCM encrypt functions to
...
use the FIPS compatible APIs with external nonce.
2019-02-15 13:52:23 -08:00
kaleb-himes
d806134cbf
Update for newer versions of the TI compiler
2019-02-15 13:05:37 -07:00
toddouska
25dd5882f8
Merge pull request #2094 from dgarske/ecdsa_der_len
...
Adds strict checking of the ECDSA signature DER encoding length
2019-02-15 10:53:57 -08:00
toddouska
7275ee5f19
Merge pull request #2089 from SparkiDev/tls13_sup_ver
...
Make SupportedVersions respect SSL_OP_NO_TLSv*
2019-02-15 10:36:32 -08:00
toddouska
d9a5898e91
Merge pull request #2082 from SparkiDev/parse_kse
...
Fix length passed to key share entry parsing
2019-02-15 10:31:14 -08:00
toddouska
c04cade97c
Merge pull request #2083 from JacobBarthelmeh/Testing
...
Expected Configurations Test - NIGHTLY BUILD #505
2019-02-15 10:23:55 -08:00
Sean Parkinson
16f31cf8c6
Get Mac OS X working with the x86_64 assembly files
2019-02-15 15:08:47 +10:00
Sean Parkinson
e47797f700
Make SupportedVersions respect SSL_OP_NO_TLSv*
2019-02-15 08:26:03 +10:00
Vladislav Vaintroub
7328fce60d
Disable MP_64BIT when compiling with clang-cl on Windows.
...
__attribute__ ((mode(TI))) does not really work on clang-cl,
linking would fail with "unresolved external symbol __udivti3",
as reported in https://bugs.llvm.org/show_bug.cgi?id=25305
Fix to use default case with 28bit digits on clang-Windows.
2019-02-14 23:18:51 +01:00
David Garske
a9f29dbb61
Adds strict checking of the ECDSA signature DER encoding length. With this change the total signature size should be (sequence + r int + s int) as ASN.1 encoded. While I could not find any "must" rules for the signature length I do think this is a good change.
...
If the old length checking method is desired `NO_STRICT_ECDSA_LEN` can be used. This would allow extra signature byes at the end (unused and not altering verification result). This is kept for possible backwards compatibility.
Per RFC6979: `How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).`
ANSI X9.62: ASN.1 Encoding of ECDSA:
```
ECDSA-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER
}
```
Fixes #2088
2019-02-14 12:05:34 -08:00
John Safranek
e2d7b402e7
Update so TLSv1.3 will work. Needed to make the implicit IVs full sized
...
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
2019-02-14 12:04:32 -08:00
John Safranek
3223920fd9
Add a guard for AES-GCM and AES-CCM for the change in Encrypt for the
...
AES-AEAD type and macros.
2019-02-14 12:04:05 -08:00
John Safranek
cd7f8cc653
Update AES-GCM/CCM use in TLS with a wrapper to select the correct API
...
depending on using old FIPS, or non-FIPS/FIPSv2.
2019-02-14 12:04:05 -08:00
John Safranek
67e70d6cb6
Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on
...
encrypt rather than take the IV as an input.
2019-02-14 12:04:05 -08:00
David Garske
64cb07557d
Merge pull request #2091 from SparkiDev/pkcs11_fixes
...
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
2019-02-14 09:49:02 -08:00
Sean Parkinson
5856d6b3dc
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
2019-02-14 17:06:15 +10:00
Jacob Barthelmeh
275667f0e9
remove ocsp attempt with ipv6 enabled
2019-02-13 19:01:09 -07:00
toddouska
46bb2591c8
Merge pull request #2070 from dgarske/fix_cryptocb
...
Fixes and improvements to Crypto Callbacks and STM32 RNG performance
2019-02-13 12:44:19 -08:00
David Garske
d98ebc4da2
Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks.
2019-02-13 10:24:53 -08:00
toddouska
272181bc2e
Merge pull request #2086 from dgarske/atecc_makekey
...
Fix for ATECC make key case when `curve_id == 0`
2019-02-13 09:52:54 -08:00
toddouska
817b82e453
Merge pull request #2084 from cconlon/cmsFeb19
...
Changes for CMS signedData default signed attributes
2019-02-13 09:49:55 -08:00
Chris Conlon
1fab970316
Merge pull request #2085 from miyazakh/esp-idf_fix_script
...
modified esp-idf setup script to avoid unnecessary file copy
2019-02-13 08:01:13 -07:00
David Garske
95db819d45
Fixes for warnings when building with --enable-pkcs11.
2019-02-12 16:05:48 -08:00
David Garske
e0b46734d6
Enhnacement to the tls_bench tool to support new -S command to indicate total size of data to exchange. Previously was just sending one packet back and forth. Imporved the shutdown handling code.
2019-02-12 16:03:10 -08:00
David Garske
1a8388641d
Change new hash SetFlag/GetFlag API's to private.
2019-02-12 16:03:10 -08:00
David Garske
c9521b56f2
Fix warning about HAL_RNG_GenerateRandomNumber type.
2019-02-12 16:03:10 -08:00
David Garske
eb8a2f3a03
Minor fixes to CryptoCb wolfCrypt test for AES test and hash support for update/final in same callback.
2019-02-12 16:03:10 -08:00