wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 20:12:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,417 Commits 12 Branches 184 Tags
90f05ba3fffb092ceeb0789fd31fa5ff7730ee69
Commit Graph

2773 Commits

Author SHA1 Message Date
John Safranek
8e75de88e8 Test Fixes 
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
 2018-04-13 09:40:09 -07:00
John Safranek
db2d0c97b5 FIPS Revalidation 
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
 2018-04-13 09:40:09 -07:00
John Safranek
7d620eb1ee FIPS Update 
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
 2018-04-13 09:40:09 -07:00
John Safranek
5d4e1a2678 FIPS Update 
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
 2018-04-13 09:39:02 -07:00
John Safranek
701c809e5b FIPS Update 
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
 2018-04-13 09:39:02 -07:00
Eric Blankenhorn
a0d8327320 Coverity fixes 2 (#1493) 
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
 2018-04-13 05:35:18 -07:00
toddouska
84f7bd8cde Merge pull request #1494 from dgarske/wpas 
Fix for building wpa_supplicant
 2018-04-12 13:49:31 -07:00
David Garske
cf1230d232 Fix for building wpa_supplicant (./configure --enable-wpas) after PemToDer refactor in PR #1467. 2018-04-12 06:53:44 -07:00
David Garske
ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske
a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske
98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske
2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske
6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00
David Garske
264496567a Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option. 2018-04-09 13:28:15 -07:00
David Garske
f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
David Garske
21833e245f Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using ./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13. Refactor TLSX_KeyShare_GenEccKey to support either ECC or CURVE25519. Fix for PemToDer to handle ED25519 without ECC enabled. 2018-04-09 10:10:08 -07:00
David Garske
2a460d3d05 Merge pull request #1484 from embhorn/coverity 
Coverity fixes
 2018-04-06 18:18:38 -07:00
Eric Blankenhorn
36b9b0b558 Updates from code review 2018-04-06 17:29:27 -05:00
Eric Blankenhorn
86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00
Eric Blankenhorn
d2c1a1906d Fixes for CID 184980 185017 185047 185167 2018-04-06 11:10:37 -05:00
toddouska
6090fb9020 Merge pull request #1483 from dgarske/winvs 
Fixes for unused `heap` warnings
 2018-04-06 09:01:49 -07:00
Eric Blankenhorn
920e6ed911 Fix warning in ssl.c 2018-04-06 09:30:54 -05:00
Eric Blankenhorn
c6ad885459 Coverity fixes for tls.c/n CID 184996 185112 185122 2018-04-06 09:08:00 -05:00
Eric Blankenhorn
ec429e50b1 Fixes for ssl.c 2018-04-06 07:45:12 -05:00
David Garske
426335b68f Found additional VS unused heap warnings. Replace tabs with 4-spaces. 2018-04-05 12:28:32 -07:00
toddouska
2b48a074eb Merge pull request #1480 from dgarske/extcache 
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA
 2018-04-05 10:52:44 -07:00
Eric Blankenhorn
5439402c1d Refactor for max record size (#1475) 
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
 2018-04-05 09:11:58 -07:00
David Garske
412d4d76ee Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA defined. Added tests for external cache callbacks. 2018-04-05 07:10:04 -07:00
David Garske
a78c6ba4ea Fix for unused heap warnings. 2018-04-04 12:51:45 -07:00
David Garske
5702e8ee48 Fix building with HAVE_EXT_CACHE when OPENSSL_EXTRA is not defined. Fixes issue #1474. 2018-04-04 09:02:52 -07:00
toddouska
a92696edec Merge pull request #1454 from dgarske/noprivkey 
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
 2018-03-22 12:47:22 -07:00
toddouska
040e0ab752 Merge pull request #1456 from dgarske/iocbname 
Refactor IO callback function names to use `_CTX_`
 2018-03-22 12:40:48 -07:00
David Garske
e564c973b6 Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter. 2018-03-21 16:08:55 -07:00
David Garske
4b51431546 Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519. 2018-03-21 15:46:08 -07:00
toddouska
104f7a0170 Merge pull request #1451 from JacobBarthelmeh/Optimizations 
Adjust X509 small build and add more macro guards
 2018-03-21 15:15:27 -07:00
toddouska
2a356228be Merge pull request #1445 from SparkiDev/wpas_fix 
Fixes for wpa_supplicant
 2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. 
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
 2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
26bb86690a fix for unused parameter warning 2018-03-21 10:06:06 -06:00
Jacob Barthelmeh
0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Sean Parkinson
c9c2e1a8a7 Don't base signature algorithm support on certificate 
The signature algorithm support is what you can do with another key, not
what you can do with your key.
 2018-03-21 08:33:54 +10:00
Jacob Barthelmeh
df6ea54cd5 add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build 2018-03-20 15:06:35 -06:00
toddouska
38d1eea8cd Merge pull request #1446 from SparkiDev/tls13_draft27 
TLS v1.3 support for Draft 23 and Draft 27
 2018-03-20 09:13:03 -07:00
toddouska
18879ce271 Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback 
Added VerifyRsaSign PK callback
 2018-03-20 09:02:18 -07:00
toddouska
87c70e76a9 Merge pull request #1441 from dgarske/ocsp_nb 
Fix for handling OCSP with non-blocking
 2018-03-19 12:05:59 -07:00
David Garske
2cc1a1c5bf Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb. 2018-03-19 10:19:24 -07:00
toddouska
cb8f8a953b Merge pull request #1438 from SparkiDev/nginx_pem_write 
Fix PEM_write_bio_X509 to work with new BIO code
 2018-03-19 09:13:51 -07:00