wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,993 Commits 12 Branches 184 Tags
861fec1dc64d5fb4e2e30ee4b78ba13ef2bf1074
Commit Graph

1334 Commits

Author SHA1 Message Date
Naruto TAKAHASHI
861fec1dc6 porting mynewt 2018-07-28 18:03:20 +09:00
toddouska
90367df13c Merge pull request #1710 from SparkiDev/ed25519_only 
Changes to build with X25519 and Ed25519 only
 2018-07-25 14:24:03 -07:00
JacobBarthelmeh
74fbd06817 Merge pull request #1686 from cconlon/nucleus-update 
Nucleus port and PB changes
 2018-07-25 09:17:40 -06:00
toddouska
018573bcf3 Merge pull request #1695 from JacobBarthelmeh/Optimizations 
add some macro guards for CipherRequires function
 2018-07-24 11:51:03 -07:00
Sean Parkinson
6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
Chris Conlon
7f19f914c0 create WOLFSSL_NUCLEUS_1_2 for older 1.2 version 2018-07-20 10:51:15 -06:00
toddouska
227e7cc8c7 Merge pull request #1690 from SparkiDev/tls_sha384_copy 
Remove special case SHA-384 copy code
 2018-07-18 09:37:50 -07:00
toddouska
436e774729 Merge pull request #1685 from SparkiDev/dh_max 
Add support for maximum DH key size
 2018-07-18 09:33:43 -07:00
Sean Parkinson
0236a293e4 Fix define protection to be ED25519 not ECC 2018-07-18 10:12:57 +10:00
Jacob Barthelmeh
7e5bf9b8a9 add some macro guards for CipherRequires function 2018-07-17 09:04:06 -06:00
Sean Parkinson
87f378efb5 Remove special case SHA-384 copy code 
SHA-384 implementation has a GetHash API and TLS code uses it.
 2018-07-17 08:16:46 +10:00
John Safranek
49fefe176e DTLS and Atomic Encrypt Callback 
When using the encrypt callback, the DTLS sequence number isn't incremented. Moved the increment to later in the BuildMessage() function.
 2018-07-16 13:33:03 -07:00
toddouska
f0422bec41 Merge pull request #1681 from dgarske/pk_keygen 
Added ECC and Curve25519 Key Generation PK callback support
 2018-07-13 14:03:13 -07:00
Chris Conlon
eeb50099d9 initial Nucleus port with PB changes 2018-07-13 14:58:37 -06:00
toddouska
6c1778d373 Merge pull request #1669 from cconlon/mqxfixes 
fixes for MQX classic 4.0 with IAR-EWARM
 2018-07-13 11:59:28 -07:00
Sean Parkinson
ffc6cf4eb8 Add support for maximum DH key size 2018-07-13 17:36:42 +10:00
John Safranek
f7c5b27bfc Merge pull request #1675 from toddouska/zero-error 
make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases
 2018-07-12 12:53:48 -07:00
Chris Conlon
cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
David Garske
81d13e15d5 Added ECC and Curve25519 Key generation callback support for HAVE_PK_CALLBACKS. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API. 2018-07-12 11:52:54 -07:00
toddouska
23687f44bc Merge pull request #1643 from ejohnstown/altnames 
Subject Alt Name Matching
 2018-07-11 13:20:58 -07:00
Todd Ouska
d639939a07 make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases 2018-07-11 13:00:29 -07:00
Chris Conlon
0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska
376a4d3ca8 Merge pull request #1666 from dgarske/fix_always_verify 
Fix for building with `WOLFSSL_ALWAYS_VERIFY_CB`
 2018-07-09 11:13:28 -07:00
David Garske
9c2a5d2906 Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd! 2018-07-06 16:21:43 -07:00
David Garske
85d58cbf8c Fix for building with WOLFSSL_ALWAYS_VERIFY_CB. 2018-07-06 15:31:52 -07:00
David Garske
32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske
3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
toddouska
ae54bae2fa Merge pull request #1654 from SparkiDev/tls13_stapling 
TLS 1.3 OCSP Stapling
 2018-07-03 12:56:28 -07:00
toddouska
9f35d211e0 Merge pull request #1644 from JacobBarthelmeh/Compatibility-Layer 
add ca when getting chain from x509 store
 2018-07-02 16:22:11 -07:00
John Safranek
adb3cc5a5a Subject Alt Name Matching 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
 2018-07-02 13:39:11 -07:00
Jacob Barthelmeh
201217bd97 casts for tls 1.3 windows warnings 2018-07-02 13:55:38 -06:00
Sean Parkinson
0bf3a89992 TLS 1.3 OCSP Stapling 
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
 2018-07-02 16:59:23 +10:00
Jacob Barthelmeh
c2c209fb89 add ca when getting chain from x509 store 2018-06-27 14:09:32 -06:00
toddouska
5d767aa004 Merge pull request #1641 from ejohnstown/rename-inline 
Rename INLINE
 2018-06-27 09:34:41 -07:00
John Safranek
586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
David Garske
1cb5bbf8ea Fixes for some async issues. Fixes an async issue with BuildMessage. Fixes for PKCS7 tests to not use async since it is not supported. 2018-06-22 09:30:25 -07:00
David Garske
623f1b58ac Fix for min IV size check. Cleanup of the max IV to use new enum MAX_IV_SZ. 2018-06-22 09:30:25 -07:00
David Garske
64ba151c35 Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with ./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make and sudo ./tests/unit.test. 2018-06-22 09:30:25 -07:00
Jacob Barthelmeh
2f43d5eece update size to be used with fuzzing 2018-06-20 15:29:05 -06:00
Jacob Barthelmeh
61655ef56d comment on sz value and sanity check before fuzzing 2018-06-20 09:21:56 -06:00
Jacob Barthelmeh
38f916a798 sanity check on hashing size 2018-06-18 15:50:44 -06:00
toddouska
139a08a98e Merge pull request #1621 from SparkiDev/tls13_no_cs 
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
 2018-06-14 09:08:13 -07:00
toddouska
15348d4936 Merge pull request #1612 from dgarske/fixmatchdomainname 
Fixes for `MatchDomainName` to properly detect failures
 2018-06-13 13:13:52 -07:00
Sean Parkinson
a03c15e598 Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00
David Garske
1f16b36402 Fixes for MatchDomainName to properly detect failures: 
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).

Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
 2018-06-12 14:15:34 -07:00
David Garske
ad0a10441d Fixes for building with openssl compatibility enabled and no TLS client/server. 
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`

Ticket 3872
 2018-06-12 09:38:18 -07:00
toddouska
29410ada1e Merge pull request #1595 from SparkiDev/tls13_cipher_down 
Fix for downgrading from TLS 1.3 due to old cipher suite
 2018-06-12 08:24:26 -07:00
toddouska
f2a20c4232 Merge pull request #1573 from SparkiDev/tls_pad_vfy 
Constant time padding and HMAC verification in TLS
 2018-06-12 08:22:32 -07:00
David Garske
e99fc3026d Fixed issue with MatchDomainName. Fixes issue #1606. This is a valid and confirmed bug report in v3.15.0. Applies to ./configure --enable-sni case with wolfSSL_CTX_UseSNI where common name has wildcards. Pushing fix for visibility now and will add test case. 2018-06-08 10:09:53 -07:00
David Garske
00ddeb07d8 Resolves issue with reassembling large certificates. The ProcessPeerCerts function was using the wrong max size check for certs. Built and test with ./configure CFLAGS="-DMAX_CERTIFICATE_SZ=20000". 2018-06-07 15:56:37 -07:00