wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-06 09:26:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,989 Commits 13 Branches 184 Tags
af1a9ca908aeff707fb147559f952fd77f82d60f
Commit Graph

1091 Commits

Author SHA1 Message Date
toddouska 2368d49678 Merge pull request #572 from ejohnstown/pathlen 
CA Certificate Path Length Checking
 2016-09-21 14:36:24 -07:00
John Safranek a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
toddouska 21726d5ae4 64bit sequence tls proof of concept, dlts needs some work 2016-09-19 16:02:27 -07:00
toddouska f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
toddouska c1ac0c0f8c Merge pull request #545 from ejohnstown/ems 
Extended Master Secret
 2016-09-15 11:25:41 -07:00
John Safranek 8b713adcfd Extended Master Secret Peer Review Changes 
1. Checked the returns on the hash functions in the sniffer,
   return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
   hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
 2016-09-14 13:43:02 -07:00
John Safranek 77cf700657 Update to allow resumption with session tickets and extended master secret. 2016-09-12 16:06:51 -07:00
John Safranek c1136a30e9 1. Enabled the extended master secret in the Windows IDE user_settings.h 
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
 2016-09-12 09:42:42 -07:00
John Safranek b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
toddouska 0c21d76ce3 detect client not sending any compression types 2016-09-08 12:06:22 -07:00
toddouska 3aefc42f04 have TLS server side verify no compression is in list if not using compression 2016-09-07 15:28:30 -07:00
toddouska a5db13cd01 detect server forcing compression on client w/o support 2016-09-07 09:17:14 -07:00
Chris Conlon e4f527a332 initial extended master secret support 2016-09-01 15:12:54 -06:00
John Safranek bab071f961 1. Implemented the SCTP MTU size changes for transmit. 
2. Simplified the MAX_FRAGMENT size when calling SendData().
 2016-08-26 19:58:36 -07:00
John Safranek a6c0d4fed7 1. Added missing -DWOLFSSL_SCTP to configure.ac. 
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
 2016-08-26 19:58:36 -07:00
John Safranek f3dca48e99 Fix polarity on the DTLS-SCTP check. 2016-08-26 19:58:36 -07:00
John Safranek 7b3255b5bb 1. Simplified the IsDtlsSctpMode() check. 
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
 2016-08-26 19:57:09 -07:00
John Safranek c1970434d1 simplify the SCTP options 2016-08-26 19:43:52 -07:00
David Garske 925e5e3484 Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled. 2016-08-26 10:33:01 -07:00
toddouska 78ca9e7716 Merge pull request #482 from dgarske/async 
Asynchronous wolfCrypt RSA and TLS client support
 2016-08-25 10:06:18 -07:00
John Safranek fa1989b729 fix building the new session ticket message for DTLS, take into account the additional header sizes 2016-08-18 17:51:25 -07:00
David Garske 17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
David Garske d8c63b8e66 Various improvements to support openssl compatibility. 
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
 2016-08-05 14:15:47 -07:00
David Garske 2c1309ffc7 Fixes for warnings when cross-compiling with GCC ARM. 2016-08-03 16:53:53 -07:00
Jacob Barthelmeh 37b84abe0b change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 2016-07-27 09:36:16 -06:00
John Safranek 0265b0f4bb only check server's cert key encipher on client for RSA key exchange 2016-07-26 13:32:54 -07:00
toddouska 242d26eba2 Merge pull request #488 from cconlon/sig_algo 
leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined
 2016-07-26 11:05:24 -07:00
Jacob Barthelmeh 01ecc64052 avoid race condition with IO and handshake counter 2016-07-20 11:44:22 -06:00
Jacob Barthelmeh 17207ff61b account for when FreeHandshakeResources is not called 2016-07-20 11:44:22 -06:00
toddouska 7a419ba6d8 Merge pull request #472 from dgarske/ecc_brainpool_koblitz 
ECC and TLS support for all SECP, Koblitz and Brainpool curves
 2016-07-19 11:44:53 -07:00
dgarske 32a2bd3863 Merge pull request #489 from toddouska/rsablind 
Adds WC_RSA_BLINDING for RSA Private Operations
 2016-07-19 09:03:09 -07:00
toddouska d235a5f0cc add WC_RSA_BLINDING, wc_RsaSetRNG() for RSA Private Decrypt which doesn't have an RNG 2016-07-18 11:57:47 -07:00
Chris Conlon d3f7ddc486 leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined 2016-07-15 14:32:24 -06:00
David Garske aa9b1e964c Fix for possible seg fault with anonymous cipher mode enabled. Do not perform signature/verify when using anon_cipher. 2016-07-14 15:58:35 -07:00
toddouska 5f21f93c61 allow bogus sessionID when ticket callback rejects ticket 2016-07-13 12:47:59 -06:00
toddouska 7b76c3ab36 allow bogus client sessoinID of non 32 bytes with session ticket 2016-07-13 09:47:49 -06:00
John Safranek 3dc09ae0fb one last fix of the DTLS version numbers 2016-07-08 17:20:56 -07:00
David Garske 7a1acc7e56 Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance. 2016-07-07 10:59:45 -07:00
toddouska 000f1a19e5 Merge pull request #470 from JacobBarthelmeh/Testing 
sanity checks
 2016-06-30 19:30:28 -07:00
Jacob Barthelmeh 8bba628f3f sanity check in function GetInputData and when shrinking buffer 2016-06-30 13:42:38 -06:00
toddouska f194c216c0 Merge pull request #466 from JacobBarthelmeh/mutex 
free ctx in case of InitMutex fail
 2016-06-30 12:05:06 -07:00
Jacob Barthelmeh cf522314ce sanity checks 2016-06-30 11:41:22 -06:00
Jacob Barthelmeh 3f36a914da remove cast from enum to int 2016-06-29 14:28:36 -06:00
Jacob Barthelmeh 0589fe0d39 free ctx in case of InitMutex fail 2016-06-28 09:29:28 -06:00
Jacob Barthelmeh f18ff8bfa4 update mysql patch 2016-06-27 15:44:52 -06:00
toddouska ac6635593b Revert "Bio" 2016-06-27 10:53:34 -07:00
Jacob Barthelmeh 49934a5c91 Merge https://github.com/wolfSSL/wolfssl into bio 2016-06-24 14:22:14 -06:00
Ludovic FLAMENT 033f308a08 change file name from compat-wolfssl to compat-wolfcrypt 2016-06-24 19:00:39 +02:00
Kaleb Himes 19da114c0c Merge pull request #454 from ejohnstown/dtls-version 
DTLS Hello Verify Request Version Number
 2016-06-24 08:44:55 -07:00
Ludovic FLAMENT 0c43123a01 Fix BIO based on review 2016-06-24 10:54:58 +02:00