wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 01:32:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,701 Commits 12 Branches 184 Tags
a3d1ea20ffb4c5a6de9deae934b57bedd06ca290
Commit Graph

3208 Commits

Author SHA1 Message Date
toddouska
70305758d4 Merge pull request #1942 from SparkiDev/asn_trad_fix 
Return ToTraditional API to original signature
 2018-11-28 08:08:26 -08:00
toddouska
2827ef6a57 Merge pull request #1938 from SparkiDev/tls13_ext 
Check for TLS 1.3 version in the method for extenstions.
 2018-11-28 08:05:42 -08:00
Sean Parkinson
310ffd0045 Check for TLS 1.3 version in the method for extenstions. 
During parsing of ClientHello, ServerHello and HelloRetryRequest, the
SSL object version may not be set to the negotiated version.
 2018-11-28 14:59:43 +10:00
Sean Parkinson
918c769284 Return ToTraditional API to original signature 2018-11-28 12:27:57 +10:00
toddouska
55bbffe3c6 Merge pull request #1932 from dgarske/maxfrag_reconf 
Post-handshake max fragment size adjustment
 2018-11-26 13:27:26 -08:00
toddouska
3afa9a3886 Merge pull request #1929 from ejohnstown/sniffer 
Sniffer Updates
 2018-11-26 13:24:31 -08:00
John Safranek
96b4ddad82 Sniffer Update 
1. Collect the SSL Info capture into its own function.
2. Add a Trace function for the SSL Info.
3. When copying the IANA name for the cipher suite, use a strncpy
instead of a memcpy and cap the copy at the length of the destination.
Force a null terminator at the end of the destination, just in case.
4. Modify the snifftest to collect the SSL Info.
 2018-11-21 11:29:28 -08:00
David Garske
7a24d4e46f Adds new WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST macro around non-standard feature. This allows for adjustment of the maximum fragment size post handshake. 2018-11-21 10:30:24 -08:00
toddouska
f87c327fae Merge pull request #1933 from SparkiDev/tls13_ems 
No Extended Master Secret in ServerHello if protocol TLSv1.3
 2018-11-21 10:25:59 -08:00
toddouska
f11809aa62 Merge pull request #1923 from JacobBarthelmeh/Testing 
cast to resolve warning, check size of time_t, and check for null tes…
 2018-11-21 10:17:23 -08:00
Sean Parkinson
5156641f2b No Extended Master Secret in ServerHello if protocol TLSv1.3 2018-11-20 08:38:14 +10:00
Sean Parkinson
95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
David Garske
e81436ffe9 Add support for altering the max-fragment size post-handshake using existing API wolfSSL_UseMaxFragment. 2018-11-19 13:26:48 -08:00
John Safranek
3599798aac Move a variable declaration to the start of a block instead of in the 
middle.
 2018-11-16 15:54:19 -08:00
John Safranek
6ee60bbb49 Sniffer Update 
1. Adds a new function ssl_DecodePacketWithSessionInfo() that returns a
copy of the TLS session info (version and suite ID) for the packet that
is decoded.
2. Adds a new function DecodePacketInternal() that does the same work as
the old DecodePacket() with the additional Session Info behavior.
3. Both DecodePacket public functions call the internal version.
 2018-11-16 15:00:06 -08:00
John Safranek
d2989d9f43 Sniffer Fix 
Drop a handshake message if it is split across TLS records. The likely
messages dropped are certificate and certificate request, which are
ignored by the sniffer.
 2018-11-16 15:00:06 -08:00
Jacob Barthelmeh
c307fd7af4 additional macro guards for disabling aescbc with opensslextra 2018-11-15 13:40:04 -07:00
Jacob Barthelmeh
0f4a06594e cast to resolve warning, check size of time_t, and check for null test case 2018-11-12 16:02:33 -07:00
toddouska
8689cc6a04 Merge pull request #1922 from SparkiDev/tls_pad_fix 
Fix for checking of TLS padding when padding byte value > msg len
 2018-11-12 13:20:35 -08:00
toddouska
0452594cf7 Merge pull request #1905 from SparkiDev/sp_thumb 
Single Precision: ARM Thumb assembly implementation
 2018-11-12 13:16:11 -08:00
Sean Parkinson
61c7be669b Fix for checking of TLS padding when padding byte value > msg len 2018-11-12 17:37:34 +10:00
David Garske
b3d5999be9 Fix for unused variables with --disable-rsa --enable-tls13 case in InitSuites. 2018-11-08 15:54:06 -08:00
David Garske
fcb40570e2 Fixes for warnings with possible use of uninitialized variable in async with DES3 and AES. 2018-11-08 15:39:52 -08:00
David Garske
6e4ab91ccf Merge pull request #1915 from JacobBarthelmeh/Testing 
fix side init for set connect/accept functions
 2018-11-07 09:24:44 -08:00
toddouska
24e2a2b228 Merge pull request #1912 from dgarske/fix_BN_bn2hex 
Fixes for compatibility function `BN_bn2hex`
 2018-11-07 08:35:15 -08:00
toddouska
5d8f4351ff Merge pull request #1903 from dgarske/dhkeycheck 
Speed improvements for DH public key prime checking
 2018-11-06 16:35:27 -08:00
Jacob Barthelmeh
7a2a66743b fix side init for set connect/accept functions 2018-11-06 16:48:06 -07:00
toddouska
2c7ff56a3e Merge pull request #1907 from JacobBarthelmeh/Testing 
infer and g++ build fixes
 2018-11-06 08:48:28 -08:00
David Garske
efb1efcc0d Fixes and additional tests for compatibility function BN_bn2hex. In the DEBUG_WOLFSSL case it was returning a (char*)"", which was trying to be free'd. We cannot return const char* here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since OPENSSL_free is used to free returned value. Fix to add room for null term. Added missing API unit test for BN_print_fp. Exposed these functions for OPENSSL_EXTRA. 2018-11-06 05:55:25 -08:00
Eric Blankenhorn
d61ae3a02a Handle incomplete shutdown 2018-11-05 10:30:48 -06:00
John Safranek
c1ca1f1b78 Remove DH prime check on selftest/fips builds. 2018-11-02 12:55:07 -07:00
John Safranek
cfafbd9659 Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh(). 2018-11-02 11:01:39 -07:00
Jacob Barthelmeh
a953a3141e infer and g++ build fixes 2018-11-01 09:59:35 -06:00
David Garske
f6093e1e0d Fixes to remove DH prime checks for server side DH parameters. 2018-10-30 15:51:47 -07:00
Chris Conlon
def7a91e70 fix CAVP selftest build errors 2018-10-30 16:35:45 -06:00
David Garske
f4b0261ca7 Fix to not do prime test on DH key the server loaded. Now it will only do the prime test on the peer's provided public DH key using 8 miller rabbins. Refactored the fast math miller rabin function to reuse mp_int's, which improved peformance for mp_prime_is_prime_ex from 100ms to 80ms. Normal math mp_prime_is_prime_ex is ~40ms (as-is). Added test for wc_DhSetCheckKey. 2018-10-30 11:20:07 -07:00
toddouska
ae07ba93ad Merge pull request #1894 from dgarske/pk_keysize 
Fixes for key size detection when using PK callbacks
 2018-10-26 09:46:10 -07:00
David Garske
d21603334b Added build option USE_ECDSA_KEYSZ_HASH_ALGO to alter the hash algorithm selection for ecc_dsa_sa_algo. With this build option we try and choose a hash algorithm digest size that matches the ephemeral key size, if not found then will match on next highest. We've seen cases with some Windows based TLS client's where they do not properly support hashing a smaller ephemeral key with a larger hash digest size (such as P-256 key and SHA512 hash). 2018-10-25 09:19:35 -07:00
David Garske
86758f9640 Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects HAVE_PK_CALLBACKS on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API wc_RsaPublicKeyDecode_ex for parsing an RSA public key for the modulus and exponent. Changed wolfSSL_CTX_SetTmpEC_DHE_Sz to support a size == 0 for using the long-term private key's size. Changed ECDHE_SIZE so it can be overridden and build-time. Added tests for wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. 2018-10-25 09:15:23 -07:00
David Garske
c4d6f886b7 Revert change from PR #1845 commit 24f9f12844. This ensure the ephemeral key is P-256 or the overridden value determined by wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. This restores previous behavior from last release. 2018-10-24 09:48:03 -07:00
toddouska
0eb115e7a1 Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX 
Fixes to resolve skipped tests with ECC disabled
 2018-10-24 09:30:47 -07:00
Sean Parkinson
7586e1df42 Only do early data in initial handshake when using PSK 2018-10-24 09:47:30 +10:00
David Garske
0b720c4412 Fixes for TLSv1.3 early data. 2018-10-22 11:35:40 -07:00
David Garske
c268829b68 Fix bug with SendClientKeyExchange and ifdef logic for ecdhe_psk_kea, which was preventing ECDHE-PSK from working if HAVE_CURVE25519 was defined. Disabled broken downgrade test in test-tls13-down.conf (@SpariDev will need to investigate). Various spelling fixes. 2018-10-19 13:21:56 -07:00
David Garske
095337b1cf Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3 
Test coverage 3
 2018-10-17 13:47:10 -07:00
toddouska
dcb105deff Merge pull request #1876 from dgarske/max_frag_256 
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`
 2018-10-17 13:21:57 -07:00
kaleb-himes
5ca822b1e9 Peer review changes requested 2018-10-17 10:46:45 -06:00
David Garske
4adaeb8585 Added new 256-byte max fragment option WOLFSSL_MFL_2_8. 2018-10-15 17:06:21 -07:00
David Garske
7c3313481a Fix for memory cleanup cases in MakeTlsMasterSecret. 2018-10-15 13:22:55 -07:00
David Garske
a0608151cf Fix for the WOLFSSL_NONBLOCK_OCSP case to reset the error code as well. 2018-10-12 11:20:13 -07:00