wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-06 07:25:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,989 Commits 12 Branches 184 Tags
af1a9ca908aeff707fb147559f952fd77f82d60f
Commit Graph

1091 Commits

Author SHA1 Message Date
John Safranek
af1a9ca908 Multicast 
1. Squash a couple unused variable warnings.
 2017-07-19 13:34:32 -07:00
John Safranek
1657569605 DTLS Multicast 
1. Adding the prototypes for the sequence number high water callback.
2. Added the accessors to set the highwater callback function,
   trigger levels, and application context.
3. Calls the highwater callback at specified sequence number thresholds
   per peer.
 2017-07-19 13:34:32 -07:00
John Safranek
96c25b2caa DTLS Multicast 
1. Separated the peer ID from the array index into the peer sequence
   list. This allows peer IDs to range from 0..255, and to have an
   arbitrary size for the sequence list.
2. Add API to add and remove peer IDs from the sequence number list.
 2017-07-19 13:33:58 -07:00
John Safranek
fa4a8fee8c DTLS Multicast 
1. Temporary change to io.c to recieve datagrams from any peer.
2. Uses an array of Peer Sequence structures to track the current
   sequence number of all the peers.
 2017-07-19 13:33:57 -07:00
John Safranek
30a54a4860 Multicast 
1. Add haveMcast as an exception case for needing a signing key along
   with havePSK and haveAnon.
 2017-07-19 13:31:39 -07:00
John Safranek
41638b437b DTLS Multicast 
1. Add configured group ID to outbound DTLS datagrams.
2. Parse the group ID from inbound DTLS datagrams.
 2017-07-19 13:31:39 -07:00
John Safranek
431a0cbea9 Multicast 
1. Since multicast's only cipher suite uses null cipher
   automatically enable it.
2. Add options to example client and server to start
   testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
 2017-07-19 13:31:39 -07:00
John Safranek
0838a3828b Multicast DTLS 
1. Added new cipher suite for use with Multicast DTLS,
   WDM_WITH_NULL_SHA256. (It should be a private suite.)
2. Update the API test to use the new suite.
 2017-07-19 13:26:23 -07:00
David Garske
69e9aa29f2 Fix for big endian platform in SendCertificateVerify where seg fault occurred due to passing a int pointer to a word16 pointer, which caused wrong bits to get set. Fix to replace int with word16. Tests pass now. Also searched for other (word16*)& scenarios and only other place was in ntru code, which was also fixed. 2017-07-10 20:00:37 -07:00
toddouska
626eeaa63d Merge pull request #1005 from SparkiDev/nginx-1.13.2 
Changes for Nginx
 2017-07-06 14:33:46 -07:00
Sean Parkinson
31ac379c4f Code review fixes 
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
 2017-07-06 15:32:34 +10:00
toddouska
4b9069f786 Merge pull request #1008 from dgarske/fix_async_frag 
Fixes for using async with max fragment
 2017-07-05 11:00:26 -07:00
David Garske
df119692d1 Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment. 2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef Changes for Nginx 
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
 2017-07-04 09:37:44 +10:00
David Garske
6a695b76cb Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration). 2017-06-30 11:48:59 -07:00
David Garske
a025417877 Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests. 2017-06-30 11:35:51 -07:00
Sean Parkinson
d2ce95955d Improvements to TLS v1.3 code 
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
 2017-06-29 09:00:44 +10:00
Sean Parkinson
9ca1903ac5 Change define name for sending HRR Cookie 2017-06-27 08:37:55 +10:00
Sean Parkinson
8bd6a1e727 Add TLS v1.3 Cookie extension support 
Experimental stateless cookie
 2017-06-26 16:41:05 +10:00
dgarske
06fa3de31c Merge pull request #980 from SparkiDev/tls13_0rtt 
TLS v1.3 0-RTT
 2017-06-22 09:44:41 -07:00
toddouska
9ead657723 Merge pull request #989 from dgarske/testing 
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
 2017-06-21 14:10:49 -07:00
toddouska
cd570a01f2 Merge pull request #975 from dgarske/ed_curve_small 
Allow different Ed25519/Curve25519 math versions
 2017-06-21 13:00:33 -07:00
David Garske
fec75e445e Fix for build error in master from QAT fixes in PR #967. Odd that this build error didn’t show up till just now. 2017-06-21 12:52:03 -07:00
Sean Parkinson
decdf7ae8b Cleanup 2017-06-21 16:56:51 +10:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
toddouska
8b637cbd1b Merge pull request #967 from dgarske/fix_qat 
Fixes and Improvements for Intel QuickAssist
 2017-06-20 14:49:56 -07:00
David Garske
7fdb7037d8 Fixes for building Ed/Curve for building on 32/64 bit with uint64_t. Fixes for build with Ed/Curve with ECC disabled. 2017-06-19 10:09:12 -07:00
jrblixt
6a2824f199 Add Camellia unit test functions.. 2017-06-16 16:27:03 -06:00
David Garske
68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware. 2017-06-14 15:11:43 -07:00
Sean Parkinson
89e6ac91bf Improve PSK timeout checks 
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
 2017-06-14 11:28:53 -07:00
David Garske
ce231e0cbc Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages. 2017-06-12 11:42:48 -07:00
toddouska
1d2b4226a4 Merge pull request #959 from SparkiDev/tls_pss_fix 
Fix check for PSS availability in peer
 2017-06-12 11:20:29 -07:00
Sean Parkinson
fdcf25b6d1 Fix check for PSS availability in peer 2017-06-12 09:05:32 +10:00
Sean Parkinson
613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
toddouska
26f106c42b Merge pull request #948 from SparkiDev/tls13_down 
Implement TLS v1.3 specified downgrade protection mechanism
 2017-06-05 16:17:49 -07:00
Sean Parkinson
642795db1b Implement TLS v1.3 specified downgrade protection mechanism 
TLS v1.2 implementations whould implement the downgrade protection
mechanism too and so is included.
 2017-06-05 09:18:46 +10:00
David Garske
c55575665f Cleanup to use WANT_READ instead of async WC_PENDING_E for non-blocking OCSP and CRL. 2017-06-02 10:35:26 -07:00
David Garske
b3a85bc2c7 Fixes for OCSP and CRL with non-blocking sockets. Fix for OCSP and CRL file descriptor check to allow 0. 2017-06-02 09:36:35 -07:00
toddouska
6b09a7c6e1 Merge pull request #922 from SparkiDev/tls_pss 
TLS v1.2 and v1.3 RSA PSS
 2017-05-23 14:57:10 -07:00
toddouska
9f5f1dd00f Merge pull request #936 from SparkiDev/cplusplus 
Compiling with g++ when configured with --enable-distro
 2017-05-22 16:02:56 -07:00
toddouska
19edd47018 Merge pull request #917 from SparkiDev/tls_curve25519 
Enable X25519 for Key Exchange in TLS
 2017-05-22 16:00:00 -07:00
Sean Parkinson
15a2323c09 Compiling with g++ when configured with --enable-distro 2017-05-22 10:14:02 +10:00
Sean Parkinson
4390f4c711 TLS v1.2 and PSS 
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
 2017-05-19 11:49:43 +10:00
David Garske
d61e0243a3 Fixes for building AES key wrap and PKCS7 on Windows. Cleanup snprintf to use XSNPRINTF and changed so define is always setup. 2017-05-18 14:44:19 -07:00
Sean Parkinson
9fb6373cfb Get PSS going on server side 2017-05-18 15:36:01 +10:00
Sean Parkinson
63a6618feb Enable X25519 for Key Exchange in TLS 2017-05-17 08:58:12 +10:00
toddouska
3297280e62 Merge pull request #913 from JacobBarthelmeh/Compatibility-Layer 
allow re-using WOLFSSL structure after calling shutdown
 2017-05-12 16:50:14 -07:00
toddouska
dcd3a6a478 Merge pull request #907 from dgarske/fix_verifycb 
Fixes for verify callback override
 2017-05-12 16:45:55 -07:00
Jacob Barthelmeh
0374907acc allow re-using WOLFSSL structure after calling shutdown 2017-05-12 13:54:20 -06:00