toddouska
a1b79abedb
Merge pull request #717 from wolfSSL/auto_ecc_sup_curves
...
Added code to automatically populate supported ECC curve information
2017-01-23 13:57:56 -08:00
John Safranek
497313978f
Multicast
...
1. Opt-out the wolfmath code if not using big integers.
2. Opt-in a few functions when using lean PSK and DTLS.
3. Add a couple (void)heap to hush the compiler for
usused variables in lean PSK.
4. Add include limits.h to internal.h if CHAR_BIT isn't
defined. This is mainly for DTLS with lean PSK.
2017-01-20 11:59:28 -08:00
David Garske
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
Sean Parkinson
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
toddouska
f25416d424
Merge pull request #689 from dgarske/fix_iar_arm
...
Fixes for compiler warnings with IAR EWARM 8
2017-01-03 15:46:12 -08:00
John Safranek
dd737ca103
Merge pull request #618 from kojo1/openssl-ex
...
Openssl Extra
2017-01-03 12:40:51 -08:00
toddouska
073aa95496
Merge pull request #678 from dgarske/cleanup_macros
...
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32
2016-12-29 11:19:05 -08:00
Jacob Barthelmeh
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
64a3333870
adjust wolfSSL_set_options and test case
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
2daeecdb90
BIO s_socket and BN mod exp
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
9d1cb18616
add function X509_get_ext_d2i
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
David Garske
b57e576abd
Fixes for compiler warnings with IAR EWARM 8.
...
* Fix “wc_PKCS7_DecodeUnprotectedAttributes” return prior to free in GetSet error case.
* Fix “wc_PKCS7_KariGenerateKEK” type mismatch for kdfType.
* Fix aes.c roll_auth use of inSz over 24-bit.
* Fix ecc “build_lut”, “accel_fp_mul” and “accel_fp_mul2add” use of err as unsigned.
* Fix “wc_HKDF” use of un-initialized “myHmac” for heap.
* Fix undefined reference to __REV for IAR due to missing intrinsics.h.
* Fix build error for “wolfSSL_CTX_set_tmp_dh” if OPENSSL_EXTRA not defined and “HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE”.
* Cleanup of “wolfSSL_get_chain_X509” brace..
* Cleanup SSL_CtxResourceFree use of `i` and define comments.
* Added “SIZEOF_LONG_LONG” to IAR-EWARM user_settings.h to support word64 (required for SHA512, etc).
2016-12-28 11:18:41 -08:00
Jacob Barthelmeh
511f41b0e4
fix C++ compiler warnings for distro build
2016-12-27 14:38:14 -07:00
JacobBarthelmeh
784b24eebc
Merge pull request #680 from ejohnstown/dtls-sctp-fix
...
DTLS-SCTP fix
2016-12-22 13:10:29 -07:00
John Safranek
40800d8065
DTLS-SCTP fix
...
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
David Garske
3bec816f97
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32. Replace only use of BYTE3_LEN with OPAQUE24_LEN. Replace “ “ with “\t” (saves bytes and is consistent). Fix align issue with “WOLFSSL_EVP_MD_CTX” hash.
2016-12-21 14:05:00 -08:00
John Safranek
ac27d6d7ca
DTLS Sequence Number update
...
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
2016-12-20 09:30:46 -08:00
toddouska
1a5c5d0011
Merge pull request #676 from cconlon/fortify
...
address fortify high issues
2016-12-19 20:03:24 -08:00
Chris Conlon
46f3b2a367
address fortify high issues
2016-12-19 15:50:11 -07:00
toddouska
dca57bf2f0
Merge pull request #673 from cconlon/fortify
...
address fortify critical issues
2016-12-19 13:42:11 -08:00
Chris Conlon
060ff5e5ef
address fortify critical issues
2016-12-19 11:53:14 -07:00
toddouska
ec90d72412
Merge pull request #666 from cconlon/chachafix
...
fix CertificateRequest cert type for ECDSA ChaCha suites
2016-12-15 12:08:08 -08:00
John Safranek
be65f26dd2
If there is a badly formed handshake message with extra data at the
...
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
2016-12-14 16:02:29 -08:00
Chris Conlon
33f21e8b8d
set correct cert type in CertificateRequest when using ChaCha suite with ECDSA
2016-12-14 11:34:10 -07:00
Sean Parkinson
289acd088a
Remove state save and restore
2016-12-08 15:21:04 +10:00
Sean Parkinson
ea1a03d538
Get the hash of the handshake messages rather than finalize.
...
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
2016-12-08 15:21:04 +10:00
David Garske
4dd393077f
Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.
2016-12-07 07:57:55 -08:00
David Garske
45d26876c8
Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API.
2016-12-07 07:57:55 -08:00
David Garske
eaca90db28
New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port.
2016-12-07 07:57:55 -08:00
David Garske
a6b96b17ff
Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC.
2016-12-05 09:01:59 -08:00
David Garske
8e64d564dc
NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2.
2016-12-05 09:01:59 -08:00
David Garske
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
toddouska
8f89d4922f
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 11:15:57 -08:00
toddouska
7dab97fb01
Merge pull request #641 from dgarske/verifycb_peer_cert_chain
...
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
2016-11-23 12:59:00 -08:00
David Garske
5b76a37234
Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627 .
2016-11-22 11:45:00 -08:00
John Safranek
2d9d3aeb91
DTLS Window Update: fixes and changes
2016-11-22 10:12:18 -08:00
John Safranek
ec6fec452d
Update session export with the new sequence number windows.
2016-11-21 09:16:53 -08:00
John Safranek
2507c4da8a
DTLS Sequence Window Tracking Update
...
1. Modify the DTLS sequence window to use an array of word32 instead
of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
2016-11-18 11:52:43 -08:00
toddouska
1289e66641
Merge pull request #636 from dgarske/fix-ti-hash-mem-leak
...
Fix memory leak issue in ti-hash.c with small stack
2016-11-17 16:19:37 -08:00
toddouska
f167fe3d4a
Merge pull request #625 from dgarske/tls_nosha256
...
Fix to allow TLS with NO_SHA256
2016-11-17 16:14:28 -08:00
David Garske
b01952ea40
Cleanup the hash free in FreeHandshakeResources.
2016-11-17 09:34:31 -08:00
Chris Conlon
a10ec0ff91
adjust suiteSz and use SUITE_LEN in FindSuite()
2016-11-15 10:49:37 -07:00
Chris Conlon
49978d1417
server side empty renegotiation_info support
2016-11-14 15:33:36 -07:00
David Garske
82e8210208
Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes.
2016-11-14 12:47:24 -08:00
Jacob Barthelmeh
0b3d9cbccd
revert AESNI padding and handle the case in aes.c
2016-11-11 16:26:29 -07:00
Jacob Barthelmeh
55401fceb8
adjust alignment of arrays used for case with AESNI
2016-11-09 15:03:26 -07:00
toddouska
68c43e4344
Merge pull request #615 from ejohnstown/dtls-verify-retry-fix
...
Fix dropped DTLS Hello Verify retransmit
2016-11-04 15:52:13 -07:00