Commit Graph

9973 Commits

Author SHA1 Message Date
John Safranek b70f22e21a 1. Use the session deallocator on the deserialized session in the client.
2. Free the flatten session if the size check fails.
2019-09-12 16:04:34 -07:00
John Safranek c27a4b3865 TLS Maintenance
When serializing the WOLFSSL_SESSION, serialize everything.
2019-09-11 16:44:54 -07:00
John Safranek 852d50adcf DTLS Maintenance
To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION,
modify the example client to use a serialized session record for
resumption instead of the direct reference into the session cache. This
change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:29:57 -07:00
John Safranek 22c398494e DTLS Maintenance
The options to switch on and off the code to serialize/deserialize items
in the struct need to match the options for the struct.
(ZD5130, ZD5590)
2019-09-10 16:01:48 -07:00
John Safranek e93e3b60da DTLS Maintenance
Allow the DTLS server to retransmit a stored flight of messages in an additional acccept state.
(ZD5644)
2019-09-10 11:51:38 -07:00
David Garske 95d3289fa2 Merge pull request #2437 from kaleb-himes/ZD_5546_IAR_CC_CHECK
Fix failing IAR builds, thanks to Joseph C. for the report
2019-09-09 11:42:19 -07:00
julek-wolfssl c52801754c Fips ready (#2422)
* Changes to update stunnel support

* Required additions for building fips-ready with speedups

* Fix SetASNIntRSA
2019-09-09 02:47:02 -07:00
julek-wolfssl 02419e248f Fix clang 3.8 arm (#2449)
* Fix 'value size does not match register size' error in clang with arm assembly

* More readable casting
2019-09-09 02:46:48 -07:00
julek-wolfssl 4c88d94d13 Chacha20 and poly1305 without x18 (#2454)
* Remove use of x18 and organize new optimizations

* Fix invalid operand
2019-09-08 16:03:04 -07:00
Sean Parkinson afb15f6521 Merge pull request #2455 from JacobBarthelmeh/HardwareAcc
change detection of AESNI support to read bit 25 from ECX
2019-09-09 08:29:00 +10:00
toddouska 37328544ad Merge pull request #2453 from SparkiDev/armv8_x18
ARM64 assembly - x18 not able to be used
2019-09-06 15:45:02 -07:00
toddouska 85b123046b Merge pull request #2377 from SparkiDev/sha2_cs_oldtls
Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes
2019-09-06 15:41:15 -07:00
Sean Parkinson 3e12d260b8 ARM64 assembly - x18 not able to be used
Fix Curve25519/Ed25519, SHA-512 and SP code to not use x18.
2019-09-06 15:49:24 +10:00
Sean Parkinson a975ba9e97 Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes 2019-09-06 09:31:14 +10:00
Jacob Barthelmeh 171902f1fb change detection of AESNI support to read bit 25 from ECX 2019-09-05 17:02:44 -06:00
David Garske 1785089798 Merge pull request #2433 from kaleb-himes/ZD_5602_MINGW_XSNPRINTF
Resolve XSNPRINTF unconditional use in asn.c breaking mingw32 builds
2019-09-05 11:37:21 -07:00
toddouska d6685edfa0 Merge pull request #2440 from SparkiDev/tlsfuzzer_fixes
Fixes for fuzz testing
2019-09-05 09:01:10 -07:00
toddouska eaeaaf12c1 Merge pull request #2446 from SparkiDev/gplusplus_fix_1
Fixes for g++ compilation
2019-09-04 16:28:42 -07:00
toddouska bf7296aefb Merge pull request #2438 from SparkiDev/armv8-poly1305-clang
Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5
2019-09-04 16:28:02 -07:00
Sean Parkinson 56df8162bd Fixes for g++ compilation 2019-09-04 10:09:36 +10:00
toddouska b35fd4f1aa Merge pull request #2441 from JacobBarthelmeh/UnitTests
strncpy gcc warning fixes
2019-09-03 15:44:10 -07:00
toddouska 0927f93b07 Merge pull request #2442 from JacobBarthelmeh/HardwareAcc
build fix for aesccm + devcrypto=cbc + wpas and afalg
2019-09-03 15:42:41 -07:00
toddouska b19e785c2c Merge pull request #2418 from dgarske/sha3_keccak256
Added support for older KECCAK256
2019-09-03 15:42:05 -07:00
toddouska 492ce6ac91 Merge pull request #2414 from dgarske/pkcs8_asn1
Added support for loading a PKCS8 ASN.1 formatted private key
2019-09-03 15:36:31 -07:00
Sean Parkinson 46790080a7 Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5 2019-09-02 09:52:25 +10:00
Sean Parkinson 60befc82c5 Fixes for fuzz testing
Changes
- Don't ignore decryption errors when doing TLS 1.3 and after Client
Finished.
- Put out an alert when TLS 1.3 decryption fails.
- Properly ignore RSA pss_pss algorithms when checking for matching
cipher suite.
- Check X25519 public value before import in TLS v1.2-
- REcognise TLS 1.3 integrity-only cipher suites as not negotiable with
TLS 1.2-.
- Send decode_error alert when bad message data in CertificateVerify.
- Negotiate protocol version in TLS 1.3 using extension and keep
decision when using TLS 1.2 parsing.
- Must have a signature algorithms extension in TLS 1.3 if not doing
PSK.
- More TLS v1.3 alerts.
- MAX_PSK_ID_LEN needs to be modified at compile time for tlsfuzzer to
work.
- change the good ecc public key to be a real public key when compiled
to check imported public keys
- Fix early data in TLS 1.3
- Make max early data size able to be changed at compile time - default
4K but fuzzer sends 16K
- Fix HRR, PSK and message hashes: Don't initialize hashes in parsing
ClientHello as need to keep hash state from previous ClientHello and
HelloRetryRequest
2019-09-02 08:58:14 +10:00
Jacob Barthelmeh 9fd38dc340 build fix for aesccm + devcrypto=cbc + wpas and afalg 2019-08-30 16:15:48 -06:00
Jacob Barthelmeh 2a750cd18d strncpy gcc warning fixes 2019-08-30 13:34:51 -06:00
toddouska ef20276ab5 Merge pull request #2424 from SparkiDev/enc_then_mac
Add support for Encrypt-Then-MAC to TLS 1.2 and below
2019-08-30 11:09:04 -07:00
toddouska adc548fc61 Merge pull request #2428 from ejohnstown/ecckey-test-fix
Fix ECC key decode test
2019-08-30 11:07:00 -07:00
toddouska 347a859ffc Merge pull request #2435 from JacobBarthelmeh/SanityChecks
sanity check on ticket encrypt callback
2019-08-30 10:18:58 -07:00
Chris Conlon 09f80c7f5f Merge pull request #2439 from miyazakh/fix_espidf_issues
Fix build warnings while compiling wolfssl under esp-idf
2019-08-29 16:24:42 -06:00
toddouska db2468154f Merge pull request #2434 from tmael/phase2_compatibility_APIs
Adding phase 2 compatibility APIs
2019-08-29 12:26:27 -07:00
tmael b8d2ccee83 Merge branch 'master' into phase2_compatibility_APIs 2019-08-29 09:16:41 -07:00
toddouska 9034e3a0fe Merge pull request #2432 from embhorn/api_p2
Adding compatibility API phase 2
2019-08-29 09:05:01 -07:00
Juliusz Sosinowicz 5f77627857 Fix SetASNIntRSA 2019-08-29 16:24:09 +02:00
Hideki Miyazaki d6bac37def Fix build warnings while compiling wolfssl under esp-idf 2019-08-29 17:44:44 +09:00
Sean Parkinson 24e98dd05e Add support for Encrypt-Then-MAC to TLS 1.2 and below
An extension is used to indicate that ETM is to be used.
Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-29 09:00:30 +10:00
Tesfa Mael 87e876d8c6 Match padding macro values and restore EVP non-AES-GCM 2019-08-28 15:45:07 -07:00
kaleb-himes 46b4654564 Fix failing IAR builds, thanks to Joseph C. for the report 2019-08-28 12:44:05 -06:00
Tesfa Mael a76f719aac Fix review comment 2019-08-28 10:42:57 -07:00
JacobBarthelmeh 411f15bec3 Merge pull request #2429 from cconlon/cmssig
Add internal PKCS7 content digest check
2019-08-28 09:41:10 -06:00
Eric Blankenhorn 0c9ba1b361 Adding compatibility API phase 2 2019-08-28 09:29:49 -05:00
Tesfa Mael 625c3074b9 Review comments, sanity check 2019-08-27 17:06:36 -07:00
Tesfa Mael 59dddda3a9 Updated with review comments 2019-08-27 15:37:00 -07:00
Tesfa Mael dc5d11fef4 Updated with review comments 2019-08-27 15:14:58 -07:00
John Safranek 7fcb85b743 ECC-FP Cache Memory Leak
Each test case for ECC should be cleaning up the FP cache if it uses
the cache. Only a couple cases were getting freed.
2019-08-27 14:43:25 -07:00
David Garske 4ec90be4d6 Added --enable-hashflags option. 2019-08-27 13:28:33 -07:00
toddouska a49f447e47 Merge pull request #2413 from dgarske/load_ca_nodate
Refactor of the verify option for processing X.509 files
2019-08-27 13:20:30 -07:00
Chris Conlon e6252a94ce check attrib->value and attrib->valueSz before use 2019-08-27 14:18:23 -06:00