wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 18:50:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,077 Commits 12 Branches 184 Tags
72a50b8d46bcee44f0e7e96b780cdce9a00a8058
Commit Graph

3330 Commits

Author SHA1 Message Date
Jacob Barthelmeh
5932cdab15 cast on strlen return value 2019-02-21 13:04:38 -07:00
Jacob Barthelmeh
18d3e04dbf remove null terminators on substrings 2019-02-20 16:39:18 -07:00
toddouska
9c9221432f Merge pull request #2087 from ejohnstown/aesgcm 
Update TLS for AES-GCM/CCM changes
 2019-02-20 11:43:06 -08:00
toddouska
025fba8ec6 Merge pull request #2093 from dgarske/tls13_async_dh 
Fix for TLSv1.3 with DH key share when using QAT
 2019-02-20 09:16:54 -08:00
David Garske
c2fbef2f7f Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c. 2019-02-19 13:01:21 -08:00
Sean Parkinson
e3997558a9 Fixes from review and added REAMEs and setup.sh 
Add README.md and setup.sh.
Add READMEs with license information.
 2019-02-19 11:47:45 +10:00
Sean Parkinson
5e1eee091a Add threaded samples using buffers and sockets 2019-02-19 11:47:45 +10:00
Sean Parkinson
3366acc9ce Zephyr port of crypto 2019-02-19 11:47:44 +10:00
John Safranek
c0d1241786 Modify the TLSv1.3 calls to the AES-GCM and AES-CCM encrypt functions to 
use the FIPS compatible APIs with external nonce.
 2019-02-15 13:52:23 -08:00
toddouska
7275ee5f19 Merge pull request #2089 from SparkiDev/tls13_sup_ver 
Make SupportedVersions respect SSL_OP_NO_TLSv*
 2019-02-15 10:36:32 -08:00
toddouska
d9a5898e91 Merge pull request #2082 from SparkiDev/parse_kse 
Fix length passed to key share entry parsing
 2019-02-15 10:31:14 -08:00
Sean Parkinson
e47797f700 Make SupportedVersions respect SSL_OP_NO_TLSv* 2019-02-15 08:26:03 +10:00
John Safranek
e2d7b402e7 Update so TLSv1.3 will work. Needed to make the implicit IVs full sized 
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
 2019-02-14 12:04:32 -08:00
John Safranek
3223920fd9 Add a guard for AES-GCM and AES-CCM for the change in Encrypt for the 
AES-AEAD type and macros.
 2019-02-14 12:04:05 -08:00
John Safranek
cd7f8cc653 Update AES-GCM/CCM use in TLS with a wrapper to select the correct API 
depending on using old FIPS, or non-FIPS/FIPSv2.
 2019-02-14 12:04:05 -08:00
John Safranek
67e70d6cb6 Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on 
encrypt rather than take the IV as an input.
 2019-02-14 12:04:05 -08:00
David Garske
d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
David Garske
95db819d45 Fixes for warnings when building with --enable-pkcs11. 2019-02-12 16:05:48 -08:00
David Garske
454687f429 Fix for TLS HMAC constant timing to ensure final is called for dummy operations. Added devCtx to AES for CryptoCb. 2019-02-12 16:03:10 -08:00
David Garske
838652c03b Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake. 2019-02-12 16:03:10 -08:00
David Garske
7e3082906e Fix for ensuring devId is passed into symmetric init. 2019-02-12 16:03:10 -08:00
Kaleb Himes
f824c8c769 Merge pull request #2077 from ejohnstown/ocsp-ecdsa 
OCSP and ECDSA Signers
 2019-02-12 09:50:37 -07:00
Sean Parkinson
e86aae00ed Change to allow setting of devId for private key 2019-02-11 12:37:44 +10:00
Sean Parkinson
47922a4d87 Support in SSL for setting a private key id 
Works with PKCS #11 to use key on device.
 2019-02-11 10:38:38 +10:00
Sean Parkinson
88050de1ff Fix length passed to key share entry parsing 2019-02-11 08:29:28 +10:00
kaleb-himes
b6d322cd14 fix typo revcd vs recvd and spell out to avoid confusion: received 2019-02-08 14:27:19 -07:00
John Safranek
6298074f93 OCSP and ECDSA Signers 
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
 2019-02-07 17:34:25 -08:00
toddouska
e52f4494f0 Merge pull request #2069 from dgarske/fix_8192 
Fixes for handling 6144 and 8192 bit with TLS v1.3
 2019-02-07 15:02:40 -08:00
Jacob Barthelmeh
be4d6bc204 fix typo with getting cipher suite 2019-02-04 10:53:59 -07:00
Sean Parkinson
b7179c2a54 Disallow SupportedGroups in ServerHello for TLS 1.3 
But allowed when downgrading to TLS 1.2.
 2019-02-04 09:04:11 +10:00
toddouska
73fbf845f2 Merge pull request #2066 from SparkiDev/sec_reneg_scsv 
Fix empty renegotiation info ciphersuite handling
 2019-02-01 10:05:59 -08:00
toddouska
14a2343118 Merge pull request #2064 from SparkiDev/tls13_dhkeysz 
Set the DH key size for TLS 1.3 when secret calculated
 2019-02-01 10:04:15 -08:00
toddouska
4a5652f318 Merge pull request #2061 from SparkiDev/x86_asm_not_in_c 
Pull out x86_64 ASM into separate files
 2019-02-01 10:01:34 -08:00
toddouska
4a177a8a30 Merge pull request #1997 from tmael/portingDeos 
Initial Deos RTOS port
 2019-02-01 09:56:55 -08:00
David Garske
c080050c80 Fix to detect larger key size requirement based on FP_MAX_BITS. Fix for TLSv1.3 to allow server_hello for TLSX_SUPPORTED_GROUPS. ZD 4754. 2019-02-01 09:53:30 -08:00
Sean Parkinson
7822cef1ac Pull out x86_64 ASM into separate files 2019-01-29 13:08:24 +10:00
Sean Parkinson
e8b46caf75 Fix empty renegotiation info ciphersuite handling 2019-01-29 12:51:49 +10:00
Sean Parkinson
574238dea0 Set the DH key size for TLS 1.3 when secret calculated 2019-01-29 08:59:49 +10:00
Chris Conlon
0b2bbc33bd Merge pull request #2059 from miyazakh/openssl_bksize_digest 
Added EVP_MD_CTX_block_size and exposed EVP_Digest()
 2019-01-28 15:17:26 -07:00
John Safranek
1288036dbe Merge pull request #2047 from kojo1/freeCRL 
wolfSSL_CertManagerFreeCRL: exposing FreeCRL
 2019-01-25 16:08:31 -08:00
Hideki Miyazaki
53adb93ae4 Added EVP_MD_CTX_block_size and publicized EVP_Digest() 2019-01-25 09:05:36 +09:00
David Garske
fd429bb656 Show warning if secrets debugging options (SHOW_SECRETS or WOLFSSL_SSLKEYLOGFILE) are enabled. The #warning can be ignored as error using ./configure CFLAGS="-W#warnings". 2019-01-22 13:29:25 -08:00
toddouska
52e8e77390 Merge pull request #2046 from cconlon/addalert 
add alert number and string for "unknown_ca" (48)
 2019-01-21 15:39:47 -08:00
Takashi Kojo
5539b0eb38 wolfSSL_CertManagerFreeCRL: exporsing FreeCRL 2019-01-20 10:11:19 +09:00
Chris Conlon
8ecee6a7e9 add unknown_ca alert number (48) and string 2019-01-18 15:36:33 -08:00
Tesfa Mael
739b57c753 Initial Deos RTOS port 
- Added support for Deos with no file system
- Implemented a custom malloc since reusing and freeing memory is disallowed in avionics and mission critical applications.
- Added TLS client and server example with a TCP setup mailbox transport
- Timer starts at an offset of CURRENT_UNIX_TIMESTAMP specified by the user
- Uses rand_r() as a pseudo random number generator and uses the current time in seconds as a seed
- Uses strnicmp for XSTRNCASECMP instead of strncasecmp
- a readme doc included
 2019-01-18 14:46:39 -08:00
John Safranek
c282f5b726 DTLS Nonblocking Updates 
Modify the DtlsMsgPoolSend() function to keep track of the last message
retransmit. If a write would block, it allows the retransmit pick up
where it left off.
 2019-01-18 09:15:11 -08:00
John Safranek
aa4de6e170 DTLS Nonblocking Updates 
Do not allow the DTLS message flight be retransmit without being
finished. This can happen if a non-blocking transmit times out the
response and the application tries to retransmit.
 2019-01-18 09:15:11 -08:00
John Safranek
63f6c1d280 DTLS Nonblocking Updates 
1. Add error code for trying to retransmit a flight when transmitting
the flight hasn't finished.
2. Add function to retransmit the stored flight without updating the
timeout count.
 2019-01-18 09:15:11 -08:00
John Safranek
91d81ea691 Add some more debug logging for DTLS retransmission support. 2019-01-18 09:13:28 -08:00