Commit Graph

9049 Commits

Author SHA1 Message Date
John Safranek a376e17aee Switch the bound for the XMEMSET of the sessionID when starting a
renegotiation to use sizeof the sessionID rather than the constat used
to set the size of the array.
2019-02-20 11:26:33 -08:00
John Safranek f78ba4649b Update the help text so the Japanese translations of the new options are printed. 2019-02-20 11:23:00 -08:00
John Safranek 1f6314746c Secure Renegotiation
1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
2019-02-19 15:50:55 -08:00
toddouska 25dd5882f8 Merge pull request #2094 from dgarske/ecdsa_der_len
Adds strict checking of the ECDSA signature DER encoding length
2019-02-15 10:53:57 -08:00
toddouska 7275ee5f19 Merge pull request #2089 from SparkiDev/tls13_sup_ver
Make SupportedVersions respect SSL_OP_NO_TLSv*
2019-02-15 10:36:32 -08:00
toddouska d9a5898e91 Merge pull request #2082 from SparkiDev/parse_kse
Fix length passed to key share entry parsing
2019-02-15 10:31:14 -08:00
toddouska c04cade97c Merge pull request #2083 from JacobBarthelmeh/Testing
Expected Configurations Test - NIGHTLY BUILD #505
2019-02-15 10:23:55 -08:00
Sean Parkinson e47797f700 Make SupportedVersions respect SSL_OP_NO_TLSv* 2019-02-15 08:26:03 +10:00
David Garske a9f29dbb61 Adds strict checking of the ECDSA signature DER encoding length. With this change the total signature size should be (sequence + r int + s int) as ASN.1 encoded. While I could not find any "must" rules for the signature length I do think this is a good change.
If the old length checking method is desired `NO_STRICT_ECDSA_LEN` can be used. This would allow extra signature byes at the end (unused and not altering verification result). This is kept for possible backwards compatibility.

Per RFC6979: `How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).`

ANSI X9.62: ASN.1 Encoding of ECDSA:

```
ECDSA-Sig-Value ::= SEQUENCE {
  r INTEGER,
  s INTEGER
}
```

Fixes #2088
2019-02-14 12:05:34 -08:00
David Garske 64cb07557d Merge pull request #2091 from SparkiDev/pkcs11_fixes
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
2019-02-14 09:49:02 -08:00
Sean Parkinson 5856d6b3dc Fix PKCS #11 AES-GCM and handling of unsupported algorithms 2019-02-14 17:06:15 +10:00
Jacob Barthelmeh 275667f0e9 remove ocsp attempt with ipv6 enabled 2019-02-13 19:01:09 -07:00
toddouska 46bb2591c8 Merge pull request #2070 from dgarske/fix_cryptocb
Fixes and improvements to Crypto Callbacks and STM32 RNG performance
2019-02-13 12:44:19 -08:00
David Garske d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
toddouska 272181bc2e Merge pull request #2086 from dgarske/atecc_makekey
Fix for ATECC make key case when `curve_id == 0`
2019-02-13 09:52:54 -08:00
toddouska 817b82e453 Merge pull request #2084 from cconlon/cmsFeb19
Changes for CMS signedData default signed attributes
2019-02-13 09:49:55 -08:00
Chris Conlon 1fab970316 Merge pull request #2085 from miyazakh/esp-idf_fix_script
modified esp-idf setup script to avoid unnecessary file copy
2019-02-13 08:01:13 -07:00
David Garske 95db819d45 Fixes for warnings when building with --enable-pkcs11. 2019-02-12 16:05:48 -08:00
David Garske e0b46734d6 Enhnacement to the tls_bench tool to support new -S command to indicate total size of data to exchange. Previously was just sending one packet back and forth. Imporved the shutdown handling code. 2019-02-12 16:03:10 -08:00
David Garske 1a8388641d Change new hash SetFlag/GetFlag API's to private. 2019-02-12 16:03:10 -08:00
David Garske c9521b56f2 Fix warning about HAL_RNG_GenerateRandomNumber type. 2019-02-12 16:03:10 -08:00
David Garske eb8a2f3a03 Minor fixes to CryptoCb wolfCrypt test for AES test and hash support for update/final in same callback. 2019-02-12 16:03:10 -08:00
David Garske 454687f429 Fix for TLS HMAC constant timing to ensure final is called for dummy operations. Added devCtx to AES for CryptoCb. 2019-02-12 16:03:10 -08:00
David Garske dcdb1d7094 Added flag to indicate if hash is copied. 2019-02-12 16:03:10 -08:00
David Garske e7b23646a5 Updates to HMAC crypto callback support to capture raw KEY and require hmac struct. 2019-02-12 16:03:10 -08:00
David Garske 838652c03b Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake. 2019-02-12 16:03:10 -08:00
David Garske 40a7bcfc20 Fix for new random seed crypto callback to properly reset error code in NOT_COMPILED_IN case. 2019-02-12 16:03:10 -08:00
David Garske 88d3abb1e6 Added Crypto callback HMAC support. 2019-02-12 16:03:10 -08:00
David Garske 18d5b3393c Correct NULL cryptocb case. 2019-02-12 16:03:10 -08:00
David Garske 891abe130a Added Crypto callback support for ASN CalcHashId. Added arg checking to cryptocb functions. 2019-02-12 16:03:10 -08:00
David Garske 9fc0610720 Fix to ensure hash devCtx is cleared. 2019-02-12 16:03:10 -08:00
David Garske 7e3082906e Fix for ensuring devId is passed into symmetric init. 2019-02-12 16:03:10 -08:00
David Garske dad88b4c81 Improvements to the STM32L4 random generation code for improved performance and error handling. Added new WOLFSSL_STM32_RNG_NOLIB define to support generic STM32 series RNG without external ST library. 2019-02-12 16:03:10 -08:00
Chris Conlon 08bcef7c0c adjust wolfSSL_PKCS7_verify API test 2019-02-12 14:48:49 -07:00
Kaleb Himes f824c8c769 Merge pull request #2077 from ejohnstown/ocsp-ecdsa
OCSP and ECDSA Signers
2019-02-12 09:50:37 -07:00
David Garske acb983a154 Fix for ATECC make key case when curve_id == 0 (default). ZD 4383 2019-02-12 08:34:34 -08:00
toddouska feae776ee3 Merge pull request #2078 from SparkiDev/ssl_priv_id
Support in SSL for setting a private key id
2019-02-12 07:56:47 -08:00
Hideki Miyazaki e5f94e5884 modified script to avoid unnecessary file copy 2019-02-12 10:37:30 +09:00
Sean Parkinson 66ab6d8c22 Check FindObjectFinal call for error 2019-02-12 09:07:14 +10:00
Jacob Barthelmeh acc0121e0f account for WOLF_C99 with ipv6 test cases 2019-02-11 15:07:12 -07:00
Chris Conlon fb6aaf2ae2 rearrange order of default CMS SignedData signed attributes for better interop compatibility 2019-02-11 14:48:37 -07:00
Chris Conlon 56736a3563 always include default signed attributes for CMS SignedData bundles, add function to remove if needed 2019-02-11 14:41:32 -07:00
toddouska 4e5ea71118 Merge pull request #2081 from dgarske/dh_max_sz
Fix to detect maximum DH key size
2019-02-11 13:21:08 -08:00
Sean Parkinson e86aae00ed Change to allow setting of devId for private key 2019-02-11 12:37:44 +10:00
Sean Parkinson 47922a4d87 Support in SSL for setting a private key id
Works with PKCS #11 to use key on device.
2019-02-11 10:38:38 +10:00
Sean Parkinson 88050de1ff Fix length passed to key share entry parsing 2019-02-11 08:29:28 +10:00
David Garske dd32df5df1 Merge pull request #2080 from kaleb-himes/ZD4795
fix typo revcd vs recvd and spell out to avoid confusion: received
2019-02-08 17:38:48 -08:00
David Garske aa21a0e6df Fix to increase maximum DH key size if using fast math and FP_MAX_BITS supports it. 2019-02-08 17:36:40 -08:00
kaleb-himes b6d322cd14 fix typo revcd vs recvd and spell out to avoid confusion: received 2019-02-08 14:27:19 -07:00
John Safranek 6298074f93 OCSP and ECDSA Signers
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
2019-02-07 17:34:25 -08:00