Commit Graph

964 Commits

Author SHA1 Message Date
toddouska a1b79abedb Merge pull request #717 from wolfSSL/auto_ecc_sup_curves
Added code to automatically populate supported ECC curve information
2017-01-23 13:57:56 -08:00
John Safranek 497313978f Multicast
1. Opt-out the wolfmath code if not using big integers.
2. Opt-in a few functions when using lean PSK and DTLS.
3. Add a couple (void)heap to hush the compiler for
   usused variables in lean PSK.
4. Add include limits.h to internal.h if CHAR_BIT isn't
   defined. This is mainly for DTLS with lean PSK.
2017-01-20 11:59:28 -08:00
David Garske 01f4a7b5bd Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve. 2017-01-18 11:54:43 -08:00
Sean Parkinson ba1315a499 Fixes from failure testing 2017-01-12 16:22:35 +10:00
toddouska f25416d424 Merge pull request #689 from dgarske/fix_iar_arm
Fixes for compiler warnings with IAR EWARM 8
2017-01-03 15:46:12 -08:00
John Safranek dd737ca103 Merge pull request #618 from kojo1/openssl-ex
Openssl Extra
2017-01-03 12:40:51 -08:00
toddouska 073aa95496 Merge pull request #678 from dgarske/cleanup_macros
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32
2016-12-29 11:19:05 -08:00
Jacob Barthelmeh 091fc10147 adjust read ahead, some sanity checks and rebase 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh aabe456592 sanity checks, remove some magic numbers, TLS read ahead 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh 64a3333870 adjust wolfSSL_set_options and test case 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh 2daeecdb90 BIO s_socket and BN mod exp 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh ff05c8a7a5 expanding compatibility layer 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh 9d1cb18616 add function X509_get_ext_d2i 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh f2f52c3ec9 add more compatiblity functions 2016-12-28 14:44:05 -07:00
David Garske b57e576abd Fixes for compiler warnings with IAR EWARM 8.
* Fix “wc_PKCS7_DecodeUnprotectedAttributes” return prior to free in GetSet error case.
* Fix “wc_PKCS7_KariGenerateKEK” type mismatch for kdfType.
* Fix aes.c roll_auth use of inSz over 24-bit.
* Fix ecc “build_lut”, “accel_fp_mul” and “accel_fp_mul2add” use of err as unsigned.
* Fix “wc_HKDF” use of un-initialized “myHmac” for heap.
* Fix undefined reference to __REV for IAR due to missing intrinsics.h.
* Fix build error for “wolfSSL_CTX_set_tmp_dh” if OPENSSL_EXTRA not defined and “HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE”.
* Cleanup of “wolfSSL_get_chain_X509” brace..
* Cleanup SSL_CtxResourceFree use of `i` and define comments.
* Added “SIZEOF_LONG_LONG” to IAR-EWARM user_settings.h to support word64 (required for SHA512, etc).
2016-12-28 11:18:41 -08:00
Jacob Barthelmeh 511f41b0e4 fix C++ compiler warnings for distro build 2016-12-27 14:38:14 -07:00
JacobBarthelmeh 784b24eebc Merge pull request #680 from ejohnstown/dtls-sctp-fix
DTLS-SCTP fix
2016-12-22 13:10:29 -07:00
John Safranek 40800d8065 DTLS-SCTP fix
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
   DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
David Garske 3bec816f97 Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32. Replace only use of BYTE3_LEN with OPAQUE24_LEN. Replace “ “ with “\t” (saves bytes and is consistent). Fix align issue with “WOLFSSL_EVP_MD_CTX” hash. 2016-12-21 14:05:00 -08:00
John Safranek ac27d6d7ca DTLS Sequence Number update
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
2016-12-20 09:30:46 -08:00
toddouska 1a5c5d0011 Merge pull request #676 from cconlon/fortify
address fortify high issues
2016-12-19 20:03:24 -08:00
Chris Conlon 46f3b2a367 address fortify high issues 2016-12-19 15:50:11 -07:00
toddouska dca57bf2f0 Merge pull request #673 from cconlon/fortify
address fortify critical issues
2016-12-19 13:42:11 -08:00
Chris Conlon 060ff5e5ef address fortify critical issues 2016-12-19 11:53:14 -07:00
toddouska ec90d72412 Merge pull request #666 from cconlon/chachafix
fix CertificateRequest cert type for ECDSA ChaCha suites
2016-12-15 12:08:08 -08:00
John Safranek be65f26dd2 If there is a badly formed handshake message with extra data at the
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
2016-12-14 16:02:29 -08:00
Chris Conlon 33f21e8b8d set correct cert type in CertificateRequest when using ChaCha suite with ECDSA 2016-12-14 11:34:10 -07:00
Sean Parkinson 289acd088a Remove state save and restore 2016-12-08 15:21:04 +10:00
Sean Parkinson ea1a03d538 Get the hash of the handshake messages rather than finalize.
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
2016-12-08 15:21:04 +10:00
David Garske 4dd393077f Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script. 2016-12-07 07:57:55 -08:00
David Garske 45d26876c8 Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API. 2016-12-07 07:57:55 -08:00
David Garske eaca90db28 New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port. 2016-12-07 07:57:55 -08:00
David Garske a6b96b17ff Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC. 2016-12-05 09:01:59 -08:00
David Garske 8e64d564dc NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2. 2016-12-05 09:01:59 -08:00
David Garske 039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
toddouska 8f89d4922f allow separate set fds for read/write, helpful for DTLS multicast 2016-11-30 11:15:57 -08:00
toddouska 7dab97fb01 Merge pull request #641 from dgarske/verifycb_peer_cert_chain
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
2016-11-23 12:59:00 -08:00
David Garske 5b76a37234 Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627. 2016-11-22 11:45:00 -08:00
John Safranek 2d9d3aeb91 DTLS Window Update: fixes and changes 2016-11-22 10:12:18 -08:00
John Safranek ec6fec452d Update session export with the new sequence number windows. 2016-11-21 09:16:53 -08:00
John Safranek 2507c4da8a DTLS Sequence Window Tracking Update
1. Modify the DTLS sequence window to use an array of word32 instead
   of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
2016-11-18 11:52:43 -08:00
toddouska 1289e66641 Merge pull request #636 from dgarske/fix-ti-hash-mem-leak
Fix memory leak issue in ti-hash.c with small stack
2016-11-17 16:19:37 -08:00
toddouska f167fe3d4a Merge pull request #625 from dgarske/tls_nosha256
Fix to allow TLS with NO_SHA256
2016-11-17 16:14:28 -08:00
David Garske b01952ea40 Cleanup the hash free in FreeHandshakeResources. 2016-11-17 09:34:31 -08:00
Chris Conlon a10ec0ff91 adjust suiteSz and use SUITE_LEN in FindSuite() 2016-11-15 10:49:37 -07:00
Chris Conlon 49978d1417 server side empty renegotiation_info support 2016-11-14 15:33:36 -07:00
David Garske 82e8210208 Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes. 2016-11-14 12:47:24 -08:00
Jacob Barthelmeh 0b3d9cbccd revert AESNI padding and handle the case in aes.c 2016-11-11 16:26:29 -07:00
Jacob Barthelmeh 55401fceb8 adjust alignment of arrays used for case with AESNI 2016-11-09 15:03:26 -07:00
toddouska 68c43e4344 Merge pull request #615 from ejohnstown/dtls-verify-retry-fix
Fix dropped DTLS Hello Verify retransmit
2016-11-04 15:52:13 -07:00