wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 02:15:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,376 Commits 12 Branches 184 Tags
9c9978ce9f7e56eb24daee462aecc4eac322834d
Commit Graph

63 Commits

Author SHA1 Message Date
Sean Parkinson
323db1a95d Fix no ECC builds with TLS13 code. 
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
 2017-10-24 09:11:24 -07:00
toddouska
c0105b3008 Merge pull request #1175 from dgarske/cleanup_inlines 
Cleanup to consolidate the inline helpers
 2017-10-24 08:15:12 -07:00
David Garske
911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske
7f2e6e1d8a Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h. 2017-10-18 09:06:48 -07:00
David Garske
8659140494 Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). 2017-10-17 09:39:32 -07:00
toddouska
819acd18a7 Merge pull request #1180 from SparkiDev/tls13_nd 
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
 2017-10-13 09:24:55 -07:00
David Garske
6021c37ec7 Refactor WOLF_SSL_ to WOLFSSL_ (much better). 2017-10-11 09:10:43 -07:00
David Garske
6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
Sean Parkinson
7dca25ea88 Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
 2017-10-11 12:17:28 +10:00
Takashi Kojo
7892714516 bring up settings.h before #ifdef WOLFSSL_TLS13 2017-08-22 20:13:17 +09:00
toddouska
53e05786da Merge pull request #1101 from dgarske/fix_bench_async 
Fixes for async multi-threading
 2017-08-16 10:15:55 -07:00
David Garske
b32be20110 Refactored async event intialization so its done prior to making possible async calls. Added threadId and removed volatile attribs in WOLF_EVENT. Fixed possible unitialized value in benchmark ret. 2017-08-15 21:19:28 -07:00
Chris Conlon
f6d0b2898d update Micrium uC/OS-III port 2017-08-11 14:30:15 -06:00
Jacob Barthelmeh
8b41fc841b remove setting variable that is currently not used after being set 2017-08-09 13:43:28 -06:00
Jacob Barthelmeh
219fcde773 fix shadow declaration warning 2017-08-09 11:58:29 -06:00
Sean Parkinson
24e9f7c43d Add NULL check after signature alg extension search 2017-08-01 13:55:06 +10:00
Sean Parkinson
038d16212f Fixes for LEANTLS and TLS13 builds 2017-07-26 10:43:36 +10:00
toddouska
626eeaa63d Merge pull request #1005 from SparkiDev/nginx-1.13.2 
Changes for Nginx
 2017-07-06 14:33:46 -07:00
Sean Parkinson
31ac379c4f Code review fixes 
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
 2017-07-06 15:32:34 +10:00
David Garske
df119692d1 Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment. 2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef Changes for Nginx 
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
 2017-07-04 09:37:44 +10:00
Sean Parkinson
d2ce95955d Improvements to TLS v1.3 code 
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
 2017-06-29 09:00:44 +10:00
Sean Parkinson
7aee92110b Code review fixes 
Also put in configuration option for sending HRR Cookie extension with
state.
 2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5 Change define name for sending HRR Cookie 2017-06-27 08:37:55 +10:00
Sean Parkinson
8bd6a1e727 Add TLS v1.3 Cookie extension support 
Experimental stateless cookie
 2017-06-26 16:41:05 +10:00
Sean Parkinson
207b275d24 Fix HelloRetryRequest for Draft 18 2017-06-22 14:40:09 +10:00
Sean Parkinson
08a0b98f52 Updates from code review 2017-06-22 12:40:41 +10:00
Sean Parkinson
decdf7ae8b Cleanup 2017-06-21 16:56:51 +10:00
Sean Parkinson
1549a60aa5 Put back Draft 18 code 2017-06-21 08:35:28 +10:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
David Garske
68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware. 2017-06-14 15:11:43 -07:00
David Garske
40d94724eb Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU. 2017-06-14 15:11:43 -07:00
Sean Parkinson
89e6ac91bf Improve PSK timeout checks 
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
 2017-06-14 11:28:53 -07:00
David Garske
adf819458c Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX. 2017-06-13 09:44:14 -07:00
David Garske
af2cbcdbab Added new arg documentation for asyncOkay in doxygen style. 2017-06-12 11:42:48 -07:00
David Garske
ce231e0cbc Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages. 2017-06-12 11:42:48 -07:00
toddouska
1d2b4226a4 Merge pull request #959 from SparkiDev/tls_pss_fix 
Fix check for PSS availability in peer
 2017-06-12 11:20:29 -07:00
Sean Parkinson
8dbd9a88ee Fix for CCM - TLS v1.3 needs all nonce/IV bytes 2017-06-12 14:21:43 +10:00
Sean Parkinson
fdcf25b6d1 Fix check for PSS availability in peer 2017-06-12 09:05:32 +10:00
Sean Parkinson
1db52f0c04 Fix to use different PEM header for EDDSA keys 
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
 2017-06-08 09:26:49 +10:00
Sean Parkinson
613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
Sean Parkinson
5d5ff56336 External PSK working in TLS13 2017-06-07 17:20:22 +10:00
toddouska
26f106c42b Merge pull request #948 from SparkiDev/tls13_down 
Implement TLS v1.3 specified downgrade protection mechanism
 2017-06-05 16:17:49 -07:00
Sean Parkinson
642795db1b Implement TLS v1.3 specified downgrade protection mechanism 
TLS v1.2 implementations whould implement the downgrade protection
mechanism too and so is included.
 2017-06-05 09:18:46 +10:00
Sean Parkinson
0b32d0368f Updates for Draft 20 of TLS v1.3 2017-06-02 15:59:49 +10:00
toddouska
6b09a7c6e1 Merge pull request #922 from SparkiDev/tls_pss 
TLS v1.2 and v1.3 RSA PSS
 2017-05-23 14:57:10 -07:00
Sean Parkinson
15a2323c09 Compiling with g++ when configured with --enable-distro 2017-05-22 10:14:02 +10:00
Sean Parkinson
4390f4c711 TLS v1.2 and PSS 
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
 2017-05-19 11:49:43 +10:00
Sean Parkinson
9fb6373cfb Get PSS going on server side 2017-05-18 15:36:01 +10:00