Commit Graph

2873 Commits

Author SHA1 Message Date
David Garske 292e9535ae Fix for wolfSSL_ERR_clear_error to call wc_ClearErrorNodes when its available (mismatched macros), which was incorrectly causing test_wolfSSL_ERR_put_error to fail. Added test_wolfSSL_PEM_PrivateKey test for ECC based key. Refactored the RNG test to only run the reseed test if TEST_RESEED_INTERVAL is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. 2018-06-12 09:38:18 -07:00
David Garske e1890a4b0e Added some bad argument checks on compatibility functions BIO_new_mem_buf and PEM_read_bio_PrivateKey. 2018-06-12 09:38:18 -07:00
David Garske ad0a10441d Fixes for building with openssl compatibility enabled and no TLS client/server.
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`

Ticket 3872
2018-06-12 09:38:18 -07:00
toddouska cb8351c027 Merge pull request #1607 from SparkiDev/tls13_interop_ver
Return TLS 1.3 draft version in ServerHello
2018-06-12 08:30:48 -07:00
toddouska 766323e90f Merge pull request #1613 from SparkiDev/tls13_post_auth
Fix post authentication for TLS 1.3
2018-06-12 08:29:38 -07:00
toddouska 3b74dbf86a Merge pull request #1609 from SparkiDev/tls13_time
Don't include sys/time.h explicitly in tls13.c
2018-06-12 08:27:43 -07:00
toddouska 49b82456eb Merge pull request #1618 from cconlon/opensslcompat
Align return values for EVP_DigestUpdate/Final for OpenSSL Compatibility
2018-06-12 08:25:18 -07:00
toddouska 29410ada1e Merge pull request #1595 from SparkiDev/tls13_cipher_down
Fix for downgrading from TLS 1.3 due to old cipher suite
2018-06-12 08:24:26 -07:00
toddouska f2a20c4232 Merge pull request #1573 from SparkiDev/tls_pad_vfy
Constant time padding and HMAC verification in TLS
2018-06-12 08:22:32 -07:00
Sean Parkinson b7caab938e Fix post authentication for TLS 1.3 2018-06-12 09:49:23 +10:00
Chris Conlon a472325f89 return WOLFSSL_FAILURE on error from EVP_DigestUpdate() and EVP_DigestFinal() 2018-06-11 14:27:08 -06:00
toddouska bea0e6142a Merge pull request #1608 from dgarske/maxcerfix
Resolves issue with reassembling large certificates
2018-06-08 08:25:14 -07:00
Sean Parkinson 587f4ae79e Don't include sys/time.h explicitly in tls13.c 2018-06-08 09:00:12 +10:00
David Garske 00ddeb07d8 Resolves issue with reassembling large certificates. The ProcessPeerCerts function was using the wrong max size check for certs. Built and test with ./configure CFLAGS="-DMAX_CERTIFICATE_SZ=20000". 2018-06-07 15:56:37 -07:00
Sean Parkinson 020b69aba0 Return TLS 1.3 draft version in ServerHello 2018-06-07 22:01:42 +10:00
Sean Parkinson fcd2234841 Fix for downgrading from TLS 1.3 due to old cipher suite
TLS 1.3 specification doesn't allow downgrading based on cipher suite.
2018-06-04 12:42:41 +10:00
Takashi Kojo 3ff8c45aa8 FILE to XFILE 2018-06-01 09:30:20 +09:00
John Safranek 8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
David Garske a2fdc6262d Merge pull request #1586 from ejohnstown/suite-info
Rerefactor Cipher Suite List
2018-05-30 07:54:13 -07:00
Go Hosohara b84f111d51 rebase with master branch and fix some code. 2018-05-30 17:15:07 +09:00
Go Hosohara 8cd357aa3a d2i_PKCS12_fp 2018-05-30 12:10:41 +09:00
Go Hosohara c715bb5ade X509_check_ca 2018-05-30 12:08:27 +09:00
Go Hosohara 3f6b7c8833 Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl 2018-05-30 12:08:27 +09:00
Go Hosohara 0fb446ad36 i2c_ASN1_INTEGER 2018-05-30 12:03:58 +09:00
Go Hosohara d7e4bbf1cf ASN1_STRING_print_ex 2018-05-30 11:56:43 +09:00
Go Hosohara 5c11e1440f ASN1_TIME_to_generalizedtime 2018-05-30 11:56:43 +09:00
Go Hosohara b1ef0c808e Add all stubs. 2018-05-30 11:56:42 +09:00
Go Hosohara 5ff460bb7f OPENSSL_add_all_algorightms_noconf 2018-05-30 11:53:18 +09:00
Go Hosohara 005284a127 ASN1_GENERALIZEDTIME_free 2018-05-30 11:53:17 +09:00
Go Hosohara 24ff55b085 RAND_poll 2018-05-30 11:53:17 +09:00
Sean Parkinson e684156a1e Constant time padding and HMAC verification in TLS 2018-05-30 09:10:46 +10:00
John Safranek b2225a0bc0 Rerefactor Cipher Suite List
1. Do not add iana_name to the struct if disabling error strings.
2. Change the IANA_NAME macro to SUITE_INFO, and build the suite info records as appropriate for the error string enablement.
2018-05-29 14:34:57 -07:00
toddouska 0a35c37211 Merge pull request #1584 from SparkiDev/tls_many_nst
Allow multiple NewSessionTicket messages
2018-05-29 13:43:59 -07:00
toddouska 2cf853d1f1 Merge pull request #1582 from SparkiDev/tls13_only
Allow TLS 1.2 to be compiled out.
2018-05-29 13:26:54 -07:00
Chris Conlon 16738f1449 Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE
openSSL compatibility APIs: X509_CRL, STORE
2018-05-29 09:47:22 -06:00
Sean Parkinson 1d8fb7be82 Allow multiple NewSessionTicket messages
Interopability testing with OpenSSL
2018-05-28 09:18:26 +10:00
Takashi Kojo c60b60c50c #if condition to refer wc_PKCS12_new, wc_d2i_PKCS12 2018-05-26 16:02:51 +09:00
Takashi Kojo ba03f6e08b wolfSSL_d2i_PKCS12_fp 2018-05-26 13:04:06 +09:00
Takashi Kojo 3939eadf9c get derLen by RsaPublicKeyDerSize 2018-05-26 10:55:17 +09:00
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
toddouska 453daee965 Merge pull request #1523 from SparkiDev/ed25519_key
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
toddouska 87f9d0f141 Merge pull request #1566 from ejohnstown/tcp-timeout
Fix TCP with Timeout
2018-05-24 09:07:50 -07:00
Sean Parkinson 450741f8ef Change checks for message chaching to happen once
Add compile option to remove Ed25119 client auth in TLS 1.2.
Cipher suite choice does not affect client auth.
2018-05-24 08:43:28 +10:00
Sean Parkinson 982119b495 Only cache messages when required. 2018-05-24 08:43:28 +10:00
Sean Parkinson 9358edf5dd Fixes from code review
Include new private key files in release.
Set messages field to NULL after free.
2018-05-24 08:43:28 +10:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
John Safranek b1ed852f36 Fix TCP with Timeout
wolfSSL remains agnostic to network socket behavior be it blocking or non-blocking. The non-blocking flag was meant for the default EmbedRecvFrom() callback for use with UDP to assist the timing of the handshake.

1. Deprecate wolfSSL_set_using_nonblock() and wolfSSL_get_using_nonblock() for use with TLS sockets. They become don't-cares when used with TLS sessions.
2. Added functions wolfSSL_dtls_set_using_nonblock() and wolfSSL_dtls_get_using_nonblock().
3. Removed a test case from EmbedReceive() that only applied to UDP.
4. Removed the checks for non-blocking sockets from EmbedReceive().
5. Socket timeouts only apply to DTLS sessions.
2018-05-23 11:29:16 -07:00
Jacob Barthelmeh 89fbb1b40d only compile SEQ increment function in case of DTLS or HAVE_AEAD 2018-05-23 12:07:35 -06:00
toddouska 2021bcb188 Merge pull request #1560 from dgarske/ciphernamecleanup
Refactor of the cipher suite names to use single array
2018-05-21 14:24:53 -06:00
toddouska e7de654b61 Merge pull request #1558 from dgarske/fsanitize
Fixes for fsanitize reports
2018-05-21 14:18:07 -06:00