wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 13:42:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,531 Commits 12 Branches 184 Tags
98291f8465b520fa66e55641da585e62b502fcc4
Commit Graph

8531 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Safranek
98291f8465 Update comment in dh.c. 2018-11-02 11:38:52 -07:00
John Safranek
cfafbd9659 Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh(). 2018-11-02 11:01:39 -07:00
David Garske
f6093e1e0d Fixes to remove DH prime checks for server side DH parameters. 2018-10-30 15:51:47 -07:00
David Garske
f4b0261ca7 Fix to not do prime test on DH key the server loaded. Now it will only do the prime test on the peer's provided public DH key using 8 miller rabbins. Refactored the fast math miller rabin function to reuse mp_int's, which improved peformance for mp_prime_is_prime_ex from 100ms to 80ms. Normal math mp_prime_is_prime_ex is ~40ms (as-is). Added test for wc_DhSetCheckKey. 2018-10-30 11:20:07 -07:00
David Garske
ba90674357 Merge pull request #1897 from WolfWalter/fix_sigrs_length 
ATECC508 reference PK callback fix for signature length
 2018-10-29 08:54:46 -07:00
toddouska
ae07ba93ad Merge pull request #1894 from dgarske/pk_keysize 
Fixes for key size detection when using PK callbacks
 2018-10-26 09:46:10 -07:00
toddouska
d18c9cad61 Merge pull request #1895 from dgarske/test_384bit 
Added ECC P-384 bit test certs and keys
 2018-10-26 09:44:41 -07:00
toddouska
a6adfd434d Merge pull request #1893 from dgarske/ecdsa_hashalgo 
New build option to match ECDSA hash algo digest size with ephemeral key size
 2018-10-26 09:43:07 -07:00
Wolf Walter
a47eeec145 fixed sigRs length 
atmel_ecc_sign and atmel_ecc_verify expect sigRS length to be 64 Byte (32 Byte each).
 2018-10-26 16:43:03 +02:00
David Garske
153c7cc684 Fix for unused variable in new fast-rsa function wc_RsaPublicKeyDecode_ex. 2018-10-25 11:12:33 -07:00
David Garske
3be7eacea9 Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test. 2018-10-25 09:21:27 -07:00
David Garske
d21603334b Added build option USE_ECDSA_KEYSZ_HASH_ALGO to alter the hash algorithm selection for ecc_dsa_sa_algo. With this build option we try and choose a hash algorithm digest size that matches the ephemeral key size, if not found then will match on next highest. We've seen cases with some Windows based TLS client's where they do not properly support hashing a smaller ephemeral key with a larger hash digest size (such as P-256 key and SHA512 hash). 2018-10-25 09:19:35 -07:00
David Garske
81651c351b Added optional logging for example PK callbacks in test.h enabled with DEBUG_PK_CB. 2018-10-25 09:15:34 -07:00
David Garske
86758f9640 Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects HAVE_PK_CALLBACKS on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API wc_RsaPublicKeyDecode_ex for parsing an RSA public key for the modulus and exponent. Changed wolfSSL_CTX_SetTmpEC_DHE_Sz to support a size == 0 for using the long-term private key's size. Changed ECDHE_SIZE so it can be overridden and build-time. Added tests for wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. 2018-10-25 09:15:23 -07:00
toddouska
23445546c5 Merge pull request #1892 from dgarske/ecdhe_keysize 
Fix for ephemeral key size selection
 2018-10-25 07:27:20 -07:00
David Garske
c4d6f886b7 Revert change from PR #1845 commit 24f9f12844. This ensure the ephemeral key is P-256 or the overridden value determined by wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. This restores previous behavior from last release. 2018-10-24 09:48:03 -07:00
toddouska
0eb115e7a1 Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX 
Fixes to resolve skipped tests with ECC disabled
 2018-10-24 09:30:47 -07:00
Sean Parkinson
7586e1df42 Only do early data in initial handshake when using PSK 2018-10-24 09:47:30 +10:00
toddouska
c173d72423 Merge pull request #1891 from SparkiDev/nginx-1.15.5 
Add defines for latest nginx
 2018-10-23 08:07:52 -07:00
Sean Parkinson
ef8b564d2e Add defines for latest nginx 2018-10-23 22:08:44 +10:00
toddouska
22aa01a547 Merge pull request #1881 from SparkiDev/pkcs7_no_si 
Return error when attempting to verify signed data without signers
 2018-10-22 15:00:55 -07:00
toddouska
878b5925fc Merge pull request #1877 from dgarske/pkcs8_ec 
Added support for ECC private key with PKCS8 encoding
 2018-10-22 14:59:10 -07:00
toddouska
42fecee77b Merge pull request #1859 from SparkiDev/pkcs7-cons 
Support constructed OCTET_STRING in PKCS#7 signed data
 2018-10-22 14:52:50 -07:00
Chris Conlon
353f9018f5 Merge pull request #1890 from miyazakh/jamsg 
Added Japanese message into the examples client and server
 2018-10-22 13:44:11 -06:00
David Garske
0b720c4412 Fixes for TLSv1.3 early data. 2018-10-22 11:35:40 -07:00
Chris Conlon
96abf43238 Merge pull request #1888 from MJSPollard/nidFIX 
Fixed compilation issues with Asio, Websocket++, and HAProxy
 2018-10-22 10:19:05 -06:00
Hideki Miyazaki
6953677a8f Keep the max line length to 80 2018-10-20 17:15:17 +09:00
Hideki Miyazaki
a27b4c2efb Added Japanese message into the examples client and server 2018-10-20 13:40:01 +09:00
David Garske
7ce236f3af Fix for new test_wolfSSL_PKCS8 changes to init/free the ecc_key. 2018-10-19 16:04:02 -07:00
David Garske
c268829b68 Fix bug with SendClientKeyExchange and ifdef logic for ecdhe_psk_kea, which was preventing ECDHE-PSK from working if HAVE_CURVE25519 was defined. Disabled broken downgrade test in test-tls13-down.conf (@SpariDev will need to investigate). Various spelling fixes. 2018-10-19 13:21:56 -07:00
Carie Pointer
fac6ce794d Fix HAProxy redefinition warning 2018-10-19 12:14:57 -06:00
MJSPollard
355184bc9b added fix for failing asio and haproxy tests 2018-10-18 17:32:42 -06:00
David Garske
4a4ae446aa Fix for unit.test fails with -H verifyFail. 2018-10-18 11:58:00 -07:00
David Garske
84fb23cfab Merge pull request #1880 from kojo1/NID 
NID definitions are in asn.h
 2018-10-18 09:48:20 -07:00
Sean Parkinson
67bb558025 Return error when attempting to verify signed data without signers 2018-10-18 13:44:13 +10:00
Takashi Kojo
8a872891c5 NID_domainComponent is moved to asn.h 2018-10-18 09:28:15 +09:00
kaleb-himes
cdd8f6b950 Macro guard on cipher suite added - Thanks Jacob\! 2018-10-17 16:44:47 -06:00
kaleb-himes
dc519e6a45 When no cert specified using default, do not return failure in suite tests 2018-10-17 15:20:39 -06:00
David Garske
095337b1cf Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3 
Test coverage 3
 2018-10-17 13:47:10 -07:00
toddouska
dcb105deff Merge pull request #1876 from dgarske/max_frag_256 
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`
 2018-10-17 13:21:57 -07:00
David Garske
8b529d3d57 Add test for ECC private key with PKCS 8 encoding (no crypt) and -----BEGIN EC PRIVATE KEY----- header. 2018-10-17 10:01:29 -07:00
kaleb-himes
5ca822b1e9 Peer review changes requested 2018-10-17 10:46:45 -06:00
toddouska
7391f4db90 Merge pull request #1815 from dgarske/atecc508_fixes 
Fixes for ATECC508A
 2018-10-17 08:35:09 -07:00
toddouska
969098518f Merge pull request #1873 from dgarske/fix_async_multi_rec 
Fixes and improvements for wolfSSL asynchronous mode
 2018-10-17 08:23:27 -07:00
kaleb-himes
2aa6f91144 Reset IV after update via call to encrypt 2018-10-16 18:31:16 -06:00
David Garske
0d7d8f54e0 Added support for ECC private key with PKCS8 parsing. Fix is to attempt pkcs8 parse for -----BEGIN EC PRIVATE KEY----- and if parse fails to treat as normal private key. ZD 4379. 2018-10-16 16:56:42 -07:00
David Garske
d7d102d90a Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment. 2018-10-16 16:47:24 -07:00
David Garske
ab61cefa58 Fix max frag error case tests to use min/max. 2018-10-16 08:58:46 -07:00
David Garske
4adaeb8585 Added new 256-byte max fragment option WOLFSSL_MFL_2_8. 2018-10-15 17:06:21 -07:00
David Garske
e53694b351 Fix for shared secret callback for client side, where it was not using the provided peer's public key. Fix for ATECC508A to put it into idle mode after operations to prevent watchdog fault mode (can be disabled by defining WOLFSSL_ATECC508A_NOIDLE). Fixes for callbacks to support using software for non P-256 curves (can be disabled by defining WOLFSSL_ATECC508A_NOSOFTECC). 2018-10-15 16:01:04 -07:00