Commit Graph

11142 Commits

Author SHA1 Message Date
David Garske 454687f429 Fix for TLS HMAC constant timing to ensure final is called for dummy operations. Added devCtx to AES for CryptoCb. 2019-02-12 16:03:10 -08:00
David Garske dcdb1d7094 Added flag to indicate if hash is copied. 2019-02-12 16:03:10 -08:00
David Garske e7b23646a5 Updates to HMAC crypto callback support to capture raw KEY and require hmac struct. 2019-02-12 16:03:10 -08:00
David Garske 838652c03b Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake. 2019-02-12 16:03:10 -08:00
David Garske 40a7bcfc20 Fix for new random seed crypto callback to properly reset error code in NOT_COMPILED_IN case. 2019-02-12 16:03:10 -08:00
David Garske 88d3abb1e6 Added Crypto callback HMAC support. 2019-02-12 16:03:10 -08:00
David Garske 18d5b3393c Correct NULL cryptocb case. 2019-02-12 16:03:10 -08:00
David Garske 891abe130a Added Crypto callback support for ASN CalcHashId. Added arg checking to cryptocb functions. 2019-02-12 16:03:10 -08:00
David Garske 9fc0610720 Fix to ensure hash devCtx is cleared. 2019-02-12 16:03:10 -08:00
David Garske 7e3082906e Fix for ensuring devId is passed into symmetric init. 2019-02-12 16:03:10 -08:00
David Garske dad88b4c81 Improvements to the STM32L4 random generation code for improved performance and error handling. Added new WOLFSSL_STM32_RNG_NOLIB define to support generic STM32 series RNG without external ST library. 2019-02-12 16:03:10 -08:00
Chris Conlon 08bcef7c0c adjust wolfSSL_PKCS7_verify API test 2019-02-12 14:48:49 -07:00
Kaleb Himes f824c8c769 Merge pull request #2077 from ejohnstown/ocsp-ecdsa
OCSP and ECDSA Signers
2019-02-12 09:50:37 -07:00
David Garske acb983a154 Fix for ATECC make key case when curve_id == 0 (default). ZD 4383 2019-02-12 08:34:34 -08:00
toddouska feae776ee3 Merge pull request #2078 from SparkiDev/ssl_priv_id
Support in SSL for setting a private key id
2019-02-12 07:56:47 -08:00
Hideki Miyazaki e5f94e5884 modified script to avoid unnecessary file copy 2019-02-12 10:37:30 +09:00
Sean Parkinson 66ab6d8c22 Check FindObjectFinal call for error 2019-02-12 09:07:14 +10:00
Jacob Barthelmeh acc0121e0f account for WOLF_C99 with ipv6 test cases 2019-02-11 15:07:12 -07:00
Chris Conlon fb6aaf2ae2 rearrange order of default CMS SignedData signed attributes for better interop compatibility 2019-02-11 14:48:37 -07:00
Chris Conlon 56736a3563 always include default signed attributes for CMS SignedData bundles, add function to remove if needed 2019-02-11 14:41:32 -07:00
toddouska 4e5ea71118 Merge pull request #2081 from dgarske/dh_max_sz
Fix to detect maximum DH key size
2019-02-11 13:21:08 -08:00
Sean Parkinson e86aae00ed Change to allow setting of devId for private key 2019-02-11 12:37:44 +10:00
Sean Parkinson 47922a4d87 Support in SSL for setting a private key id
Works with PKCS #11 to use key on device.
2019-02-11 10:38:38 +10:00
Sean Parkinson 88050de1ff Fix length passed to key share entry parsing 2019-02-11 08:29:28 +10:00
David Garske dd32df5df1 Merge pull request #2080 from kaleb-himes/ZD4795
fix typo revcd vs recvd and spell out to avoid confusion: received
2019-02-08 17:38:48 -08:00
David Garske aa21a0e6df Fix to increase maximum DH key size if using fast math and FP_MAX_BITS supports it. 2019-02-08 17:36:40 -08:00
kaleb-himes b6d322cd14 fix typo revcd vs recvd and spell out to avoid confusion: received 2019-02-08 14:27:19 -07:00
John Safranek 6298074f93 OCSP and ECDSA Signers
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
2019-02-07 17:34:25 -08:00
toddouska e52f4494f0 Merge pull request #2069 from dgarske/fix_8192
Fixes for handling 6144 and 8192 bit with TLS v1.3
2019-02-07 15:02:40 -08:00
toddouska 4f4d16d9e5 Merge pull request #2068 from dgarske/pkcs7_verify_degenerate
Fixes to handle degenerate PKCS 7 with BER encoding
2019-02-07 15:00:21 -08:00
kaleb-himes 9a67d2a869 Update support for entropy source with HARMONYv3 2019-02-06 13:25:05 -07:00
Jacob Barthelmeh 8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
David Garske f61d99526b Merge pull request #2072 from JacobBarthelmeh/Testing
fix macro with pic32 mx build
2019-02-04 17:11:13 -08:00
David Garske 53bf510740 Merge pull request #2073 from JacobBarthelmeh/Jenkins
fix typo with getting cipher suite : Jenkins Nightly Build test 499
2019-02-04 17:10:57 -08:00
Jacob Barthelmeh be4d6bc204 fix typo with getting cipher suite 2019-02-04 10:53:59 -07:00
Sean Parkinson 390f3f5fca Merge pull request #4 from SparkiDev/pr_2069
Disallow SupportedGroups in ServerHello for TLS 1.3
2019-02-04 09:05:36 +10:00
Sean Parkinson b7179c2a54 Disallow SupportedGroups in ServerHello for TLS 1.3
But allowed when downgrading to TLS 1.2.
2019-02-04 09:04:11 +10:00
Takashi Kojo f8ff68ca7a Merge branch 'master' of https://github.com/wolfssl/wolfssl 2019-02-03 16:19:59 +09:00
Takashi Kojo 099d813a8c Fix headers 2019-02-03 15:44:41 +09:00
toddouska 73fbf845f2 Merge pull request #2066 from SparkiDev/sec_reneg_scsv
Fix empty renegotiation info ciphersuite handling
2019-02-01 10:05:59 -08:00
toddouska 8fc1780688 Merge pull request #2065 from SparkiDev/ossl_fix1
Changes to make symbols available for OpenSSL compat
2019-02-01 10:04:41 -08:00
toddouska 14a2343118 Merge pull request #2064 from SparkiDev/tls13_dhkeysz
Set the DH key size for TLS 1.3 when secret calculated
2019-02-01 10:04:15 -08:00
toddouska 4a5652f318 Merge pull request #2061 from SparkiDev/x86_asm_not_in_c
Pull out x86_64 ASM into separate files
2019-02-01 10:01:34 -08:00
toddouska 1258467b0a Merge pull request #2054 from SparkiDev/pkcs11_rng
Add support for random and getting entropy (seed) with PKCS#11
2019-02-01 09:59:12 -08:00
toddouska 4a177a8a30 Merge pull request #1997 from tmael/portingDeos
Initial Deos RTOS port
2019-02-01 09:56:55 -08:00
David Garske c080050c80 Fix to detect larger key size requirement based on FP_MAX_BITS. Fix for TLSv1.3 to allow server_hello for TLSX_SUPPORTED_GROUPS. ZD 4754. 2019-02-01 09:53:30 -08:00
David Garske c82d11f47d Cleanup of the PKCS7 stream long rc and braces. 2019-01-31 14:37:25 -08:00
David Garske 3a0afc3506 Fixes to handle degenerate PKCS 7 with BER encoding in PKCS7_VerifySignedData. Fix for PKCS7 API unit test with SHA512 disabled. ZD 4757. 2019-01-31 14:36:46 -08:00
Sean Parkinson 7822cef1ac Pull out x86_64 ASM into separate files 2019-01-29 13:08:24 +10:00