wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 12:32:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,309 Commits 12 Branches 184 Tags
8fbc765dbabe24655d860e51b5dde6dd6f2c3009
Commit Graph

2740 Commits

Author SHA1 Message Date
toddouska
a92696edec Merge pull request #1454 from dgarske/noprivkey 
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
 2018-03-22 12:47:22 -07:00
toddouska
040e0ab752 Merge pull request #1456 from dgarske/iocbname 
Refactor IO callback function names to use `_CTX_`
 2018-03-22 12:40:48 -07:00
David Garske
e564c973b6 Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter. 2018-03-21 16:08:55 -07:00
David Garske
4b51431546 Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519. 2018-03-21 15:46:08 -07:00
toddouska
104f7a0170 Merge pull request #1451 from JacobBarthelmeh/Optimizations 
Adjust X509 small build and add more macro guards
 2018-03-21 15:15:27 -07:00
toddouska
2a356228be Merge pull request #1445 from SparkiDev/wpas_fix 
Fixes for wpa_supplicant
 2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. 
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
 2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
26bb86690a fix for unused parameter warning 2018-03-21 10:06:06 -06:00
Jacob Barthelmeh
0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Sean Parkinson
c9c2e1a8a7 Don't base signature algorithm support on certificate 
The signature algorithm support is what you can do with another key, not
what you can do with your key.
 2018-03-21 08:33:54 +10:00
Jacob Barthelmeh
df6ea54cd5 add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build 2018-03-20 15:06:35 -06:00
toddouska
38d1eea8cd Merge pull request #1446 from SparkiDev/tls13_draft27 
TLS v1.3 support for Draft 23 and Draft 27
 2018-03-20 09:13:03 -07:00
toddouska
18879ce271 Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback 
Added VerifyRsaSign PK callback
 2018-03-20 09:02:18 -07:00
toddouska
87c70e76a9 Merge pull request #1441 from dgarske/ocsp_nb 
Fix for handling OCSP with non-blocking
 2018-03-19 12:05:59 -07:00
David Garske
2cc1a1c5bf Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb. 2018-03-19 10:19:24 -07:00
toddouska
cb8f8a953b Merge pull request #1438 from SparkiDev/nginx_pem_write 
Fix PEM_write_bio_X509 to work with new BIO code
 2018-03-19 09:13:51 -07:00
toddouska
7ce2efd572 Merge pull request #1431 from JacobBarthelmeh/Optimizations 
more aes macro key size guards
 2018-03-19 09:07:05 -07:00
Sean Parkinson
bd53d7ba59 TLS v1.3 support for Draft 23 and Draft 27 
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
 2018-03-19 16:15:02 +10:00
Sean Parkinson
b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
David Garske
fa73f7bc55 Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size. 2018-03-16 12:05:07 -07:00
David Garske
e858ec11ac Fix unused arg when building with pk callbacks disabled. 2018-03-16 09:37:07 -07:00
David Garske
ed7774e94a Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context. 2018-03-15 14:43:41 -07:00
Sean Parkinson
3f99a2a391 Fix PEM_write_bio_X509 to work with new BIO code 2018-03-15 10:45:49 +10:00
David Garske
d8fe341998 First pass at added PK_CALLBACK support for VerifyRsaSign. 2018-03-14 09:54:18 -07:00
toddouska
717ba83deb Merge pull request #1434 from SparkiDev/tls13_multi_recs 
Fix multiple handshake messages in last record of certs
 2018-03-14 09:46:32 -07:00
Sean Parkinson
afe300acc0 Fix multiple handshake messages in last record of certs 2018-03-14 16:37:58 +10:00
Jacob Barthelmeh
8fb3ccacb7 opensslextra fixs and warning for unused variable 2018-03-12 18:05:24 -06:00
Jacob Barthelmeh
6b04ebe3a4 fix for compiling with different build settings 2018-03-12 16:12:10 -06:00
toddouska
b297d9dce0 Merge pull request #1427 from JacobBarthelmeh/Compatibility-Layer 
return value on bad mutex with error nodes and add x509 host check to OPENSSL_EXTRA
 2018-03-12 11:33:20 -07:00
toddouska
0ab4166a80 Merge pull request #1421 from JacobBarthelmeh/Optimizations 
trim out more strings and fix DN tag
 2018-03-08 14:03:10 -08:00
toddouska
1f9583c59c Merge pull request #1409 from SparkiDev/tls13_old_ver_fix 
Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)
 2018-03-08 13:59:59 -08:00
Jacob Barthelmeh
e0afec0600 fix RSA macro, tickets without server, and add test case 2018-03-08 14:36:43 -07:00
Jacob Barthelmeh
e960e0544a try to clear out error queue with failing mutex 2018-03-08 11:49:16 -07:00
Jacob Barthelmeh
2a0ef55a66 fix for check on return value with mutex error case 2018-03-08 11:26:22 -07:00
Jacob Barthelmeh
74475a26ba compile more functions in with OPENSSL_EXTRA 2018-03-08 11:06:40 -07:00
Sean Parkinson
d6ffa0dd8e Fix downgrade when doing TLS v1.3 2018-03-08 15:05:36 +10:00
Sean Parkinson
d35a3f1e69 Fixes from code review 
If doing TLS v1.3 and version on ServerHello is below TLS v1.2 then
handle message with old code.
If doing TLS v1.3, downgrading and version ClientHello is less than
minimum downgrade then this is a version error.
 2018-03-08 09:00:36 +10:00
Jacob Barthelmeh
612a80609a warning about extra set of parentheses 2018-03-07 10:35:31 -07:00
Jacob Barthelmeh
799a6b6d2d fix warning of unused variable and add guard for disable ecc build 2018-03-07 10:35:31 -07:00
Jacob Barthelmeh
a9c6385fd1 trim out more strings and fix DN tag 2018-03-07 10:35:31 -07:00
David Garske
a4000ba196 Merge pull request #1418 from SparkiDev/sp_armasm 
Add assembly code for ARM and 64-bit ARM
 2018-03-07 09:18:16 -08:00
Sean Parkinson
89182f5ca9 Add assembly code for ARM and 64-bit ARM 
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
 2018-03-07 11:57:09 +10:00
Jacob Barthelmeh
3f80006b25 add stub code for flag with x509 check host 2018-03-06 11:55:20 -07:00
Sean Parkinson
dee74e98dd Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined) 2018-03-05 10:11:51 +10:00
toddouska
48cd2806af Merge pull request #1412 from JacobBarthelmeh/PKCS12 
clean up memory in error case with PKCS12 create
 2018-03-02 12:37:12 -08:00
toddouska
2c12b0d678 Merge pull request #1411 from ejohnstown/dtls-null-fix 
DTLS Import/Export with Null Cipher
 2018-03-02 11:41:04 -08:00
Jacob Barthelmeh
ae23f777d6 clean up memory in error case with PKCS12 create 2018-03-02 11:35:16 -07:00
John Safranek
da76ee0877 allow import of DTLS sessions with null cipher as the null cipher is allowed with dtls when enabled 2018-03-02 09:57:07 -08:00
Jacob Barthelmeh
223903717a add sanity check for short read 2018-03-02 09:38:11 -07:00