wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 23:32:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,246 Commits 12 Branches 184 Tags
ae3d8d37793e9b377131a6988fa342c19fd959fa
Commit Graph

8246 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
ae3d8d3779 * Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
David Garske
d998d10f02 Merge pull request #1805 from dgarske/fix_csr 
Fix for CSR generation email value
 2018-09-05 19:44:41 -07:00
David Garske
a7821e0d6d Merge pull request #1810 from quinnmiller1997/fp_mul_comba_7-typo 
Fixed typo in fp_mul_comba_7
 2018-09-05 19:43:47 -07:00
David Garske
30d968d6b0 Merge pull request #1811 from SparkiDev/tls_sig_ret 
Fix CheckCertSignature return to be remembered past ParseCertRelative
 2018-09-05 19:43:23 -07:00
Sean Parkinson
a3cc2119d7 Fix CheckCertSignature return to be remembered past ParseCertRelative 2018-09-06 10:42:49 +10:00
Quinn Miller
b8605fa544 Fixed typo in fp_mul_comba_7 2018-09-05 14:51:50 -06:00
Chris Conlon
5ee09f77a1 Merge pull request #1796 from ghoso/e2studio 
add project files for Renesas e2studio
 2018-09-05 11:41:01 -06:00
David Garske
d432d346aa Merge pull request #1809 from cconlon/stm32rngfix 
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
 2018-09-04 17:21:01 -07:00
Eric Blankenhorn
28ad8e591d Adding comment for empty case in GetNameType 2018-09-04 18:08:40 -05:00
toddouska
bac8b78a8c Merge pull request #1803 from SparkiDev/tfm_stack 
Small stack for fast math code
 2018-09-04 15:57:59 -07:00
toddouska
d149795648 Merge pull request #1759 from dgarske/verifycbfail 
Fix to resolve issue with verify callback not causing an error
 2018-09-04 15:52:58 -07:00
toddouska
8e67ef33b2 Merge pull request #1799 from SparkiDev/cert_vfy_small 
Smaller dynamic memory usage in TLS
 2018-09-04 15:40:11 -07:00
toddouska
8584da60a8 Merge pull request #1802 from SparkiDev/tls13_0rtt_ch 
Group Early Data message with ClientHello for faster delivery
 2018-09-04 15:39:14 -07:00
toddouska
e1c4d3f5e6 Merge pull request #1808 from ejohnstown/vali-date 
Validate Date
 2018-09-04 15:33:41 -07:00
Chris Conlon
d3ea903c55 enable RNG clock when WOLFSSL_STM32F427_RNG is defined 2018-09-04 16:13:09 -06:00
John Safranek
e730cda550 Validate Date 
The ValidateDate() function is wrapped by a macro so it may be replaced
in environments without ASN_TIME built in. In two cases, OCSP and CRL,
ValidateDate() is called directly instead of by the macro. This change
fixes that.
 2018-09-04 13:39:26 -07:00
Sean Parkinson
17a70aee1b Added test and minor fixes for CheckCertSignature 2018-09-03 10:50:47 +10:00
Sean Parkinson
4b208f4fe5 Make grouping EarlyData and ClientHello a configuration option 2018-09-03 08:48:28 +10:00
Sean Parkinson
4d0478a287 Fix fp_div_2d to return remainder correctly 
If a == c are then a and c don't equal d:
calculate d before c
If a != c then a doesn't change in calculating c:
calculate d after c
 2018-09-03 08:32:55 +10:00
David Garske
d2b9b230a0 Added additional verify callback override test cases. 2018-08-31 16:26:51 -07:00
David Garske
6171e29fe8 Fix for CSR generation after PR (https://github.com/wolfSSL/wolfssl/pull/1734). This resolves issue with email name in CSR. (Thanks to Forum post https://www.wolfssl.com/forums/post4137.html). 
Failed examples:

```
145:d=5  hl=2 l=  16 prim: EOC
      0000 - 69 6e 66 6f 40 77 6f 6c-66 73 73 6c 2e 63 6f 6d   info@wolfssl.com
```

```
SET {
138  23:         SEQUENCE {
140   3:           OBJECT IDENTIFIER objectClass (2 5 4 0)
       :             Error: Spurious EOC in definite-length item.
```

Success Examples:

```
140:d=5  hl=2 l=   9 prim: OBJECT            :emailAddress
  151:d=5  hl=2 l=  16 prim: IA5STRING         :info@wolfssl.com
```

```
SET {
138  29:         SEQUENCE {
140   9:           OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
151  16:           IA5String 'info@wolfssl.com'
```
 2018-08-31 11:20:04 -07:00
Sean Parkinson
41ab3d91fd Small stack for fast math code 
Any large stack usages have been changed to dynamic memory allocations
when WOLFSSL_SMALL_STACK is defined.
Modified functions to return error codes.
 2018-08-31 17:55:49 +10:00
Go Hosohara
697c61af35 correct typo in IDE/include.am 2018-08-31 14:57:16 +09:00
Go Hosohara
00ff519b23 remove wrong configuration in IDE/include.am 2018-08-31 14:52:12 +09:00
Sean Parkinson
d089a4651a Group Early Data message with ClientHello for faster delivery 2018-08-31 09:28:38 +10:00
Sean Parkinson
d86fc2dbbe Smaller dynamic memory usage in TLS 
Code doesn't require a DecodedCert which saves on dynamic memory usage.
WOLFSSL_SMALL_CERT_VERIFY: Don't have a DecodedCert allocated and verify
certificate signature in ProcessPeerCerts as this is maximum dynamic
memory usage.
WOLFSSL_SMALL_CERT_VERIFY is enabled with 'lowresource' configuration
option.
Fix sp_clear to work with NULL parameter.
Define a new function HashId that maps to the hashing function
available.
Set MAX_CERT_VERIFY_SZ to be the maximum based on what algorithms are
compiled in.
Fix usage of MAX_CERT_VERIFY_SZ in functions sending certificate verify
messages.
 2018-08-31 08:29:28 +10:00
David Garske
ffc0f0fb26 Fix for building with SESSION_CERTS using pointer after free. Documented store->discardSessionCerts. 2018-08-30 13:57:21 -07:00
David Garske
b369e524d4 Fix for the ECDSA verify callback override test case. Switched to AES128-GCM cipher suite (better cipher suite overall). 2018-08-30 11:48:08 -07:00
David Garske
3d0d10345a Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden. 2018-08-30 11:17:21 -07:00
David Garske
944342b386 Fixes for verify callback failure override handling. Fixes the return codes in the failure cases. 2018-08-30 11:17:21 -07:00
David Garske
53c0003cad Fix to resolve issue with verify callback not causing an error (if one not already present) when returning 0. Test case to follow shortly. 2018-08-30 11:17:21 -07:00
Go Hosohara
2551512718 add CS+ and e2studio settings in IDE/include.am 2018-08-30 13:50:50 +09:00
toddouska
31e37ea5df Merge pull request #1797 from SparkiDev/stack_size 
Small stack usage fixes
 2018-08-29 16:19:46 -07:00
toddouska
fc64788092 Merge pull request #1795 from SparkiDev/tls13_no_tls12 
Fixes to work when compiled with TLS 1.3 only
 2018-08-29 16:16:46 -07:00
toddouska
d084a4bcb8 Merge pull request #1794 from SparkiDev/sp_armasm_modexp 
Fix for SP ASM arm and no DH
 2018-08-29 16:13:34 -07:00
toddouska
03fbad22a6 Merge pull request #1792 from SparkiDev/gcc_8_fixes 
GCC 8 new warnings in -Wall fix
 2018-08-29 16:12:19 -07:00
toddouska
818b0a3c9c Merge pull request #1791 from SparkiDev/keyshare_ecc_free 
Fix memory leak in KeyShare using ECC and not fast math
 2018-08-29 16:11:32 -07:00
toddouska
ab487e25a0 Merge pull request #1790 from JacobBarthelmeh/SanityChecks 
change grep message for RSA key size with tests
 2018-08-29 16:11:14 -07:00
toddouska
4fd805ff1e Merge pull request #1789 from JacobBarthelmeh/Fuzzer 
sanity check on buffer before clearing it
 2018-08-29 16:10:56 -07:00
toddouska
e4ccb2fe83 Merge pull request #1784 from dgarske/stsafe_server 
Added ST-Safe PK callback example for Key Generation (TLS server only)
 2018-08-29 16:07:14 -07:00
Go Hosohara
4d79eb121e add include.am file and comment for related code of Renesas cs+ and e2studio 2018-08-29 11:06:13 +09:00
Sean Parkinson
4dbe86f1fd Small stack usage fixes 
Stack pointer logging added.
 2018-08-29 10:16:51 +10:00
Go Hosohara
4d6f43277e add project files for Renesas e2studio 2018-08-28 17:56:55 +09:00
Sean Parkinson
487c60df78 Fixes to work when compiled with TLS 1.3 only 
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
 2018-08-28 15:37:15 +10:00
Sean Parkinson
57620caac8 Fix for SP ASM arm and no DH 
Fix mod exp in ARM asm to work for different size exponents.
In ASM code, mont_norm is not used in RSA so protect from no DH.
 2018-08-28 11:24:38 +10:00
Sean Parkinson
551201c00c GCC 8 new warnings in -Wall fix 2018-08-27 12:51:01 +10:00
Sean Parkinson
24694ef7b0 Fix memory leak in KeyShare using ECC and not fast math 2018-08-27 10:50:57 +10:00
Jacob Barthelmeh
46c04cafd3 change grep message for RSA key size with tests 2018-08-24 16:47:37 -06:00
Jacob Barthelmeh
d122b9f8b5 sanity check on buffer before clearing it 2018-08-24 16:29:43 -06:00
David Garske
205088d1bc Merge pull request #1787 from ejohnstown/patches 
Patches for various build errors
 2018-08-24 14:46:28 -07:00