Commit Graph

3175 Commits

Author SHA1 Message Date
toddouska 2c7ff56a3e Merge pull request #1907 from JacobBarthelmeh/Testing
infer and g++ build fixes
2018-11-06 08:48:28 -08:00
Eric Blankenhorn d61ae3a02a Handle incomplete shutdown 2018-11-05 10:30:48 -06:00
Jacob Barthelmeh a953a3141e infer and g++ build fixes 2018-11-01 09:59:35 -06:00
Chris Conlon def7a91e70 fix CAVP selftest build errors 2018-10-30 16:35:45 -06:00
toddouska ae07ba93ad Merge pull request #1894 from dgarske/pk_keysize
Fixes for key size detection when using PK callbacks
2018-10-26 09:46:10 -07:00
David Garske d21603334b Added build option USE_ECDSA_KEYSZ_HASH_ALGO to alter the hash algorithm selection for ecc_dsa_sa_algo. With this build option we try and choose a hash algorithm digest size that matches the ephemeral key size, if not found then will match on next highest. We've seen cases with some Windows based TLS client's where they do not properly support hashing a smaller ephemeral key with a larger hash digest size (such as P-256 key and SHA512 hash). 2018-10-25 09:19:35 -07:00
David Garske 86758f9640 Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects HAVE_PK_CALLBACKS on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API wc_RsaPublicKeyDecode_ex for parsing an RSA public key for the modulus and exponent. Changed wolfSSL_CTX_SetTmpEC_DHE_Sz to support a size == 0 for using the long-term private key's size. Changed ECDHE_SIZE so it can be overridden and build-time. Added tests for wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. 2018-10-25 09:15:23 -07:00
David Garske c4d6f886b7 Revert change from PR #1845 commit 24f9f12844. This ensure the ephemeral key is P-256 or the overridden value determined by wolfSSL_CTX_SetTmpEC_DHE_Sz and wolfSSL_SetTmpEC_DHE_Sz. This restores previous behavior from last release. 2018-10-24 09:48:03 -07:00
toddouska 0eb115e7a1 Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX
Fixes to resolve skipped tests with ECC disabled
2018-10-24 09:30:47 -07:00
Sean Parkinson 7586e1df42 Only do early data in initial handshake when using PSK 2018-10-24 09:47:30 +10:00
David Garske 0b720c4412 Fixes for TLSv1.3 early data. 2018-10-22 11:35:40 -07:00
David Garske c268829b68 Fix bug with SendClientKeyExchange and ifdef logic for ecdhe_psk_kea, which was preventing ECDHE-PSK from working if HAVE_CURVE25519 was defined. Disabled broken downgrade test in test-tls13-down.conf (@SpariDev will need to investigate). Various spelling fixes. 2018-10-19 13:21:56 -07:00
David Garske 095337b1cf Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3
Test coverage 3
2018-10-17 13:47:10 -07:00
toddouska dcb105deff Merge pull request #1876 from dgarske/max_frag_256
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`
2018-10-17 13:21:57 -07:00
kaleb-himes 5ca822b1e9 Peer review changes requested 2018-10-17 10:46:45 -06:00
David Garske 4adaeb8585 Added new 256-byte max fragment option WOLFSSL_MFL_2_8. 2018-10-15 17:06:21 -07:00
David Garske 7c3313481a Fix for memory cleanup cases in MakeTlsMasterSecret. 2018-10-15 13:22:55 -07:00
David Garske a0608151cf Fix for the WOLFSSL_NONBLOCK_OCSP case to reset the error code as well. 2018-10-12 11:20:13 -07:00
David Garske 23a0f3cfa1 Added new WOLFSSL_SSLKEYLOGFILE define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using WOLFSSL_SSLKEYLOGFILE_OUTPUT. 2018-10-12 10:47:30 -07:00
David Garske 52210c9d16 Improved error trapping in BuildTlsHandshakeHash, without altering timing. 2018-10-12 10:45:47 -07:00
David Garske fc77ed068c Fix for verify callback to not report override when there is no error. Cleanup of the myVerify example callback return code handling. 2018-10-12 10:45:20 -07:00
David Garske 6fbeae8f11 Fixes for building with WC_ASYNC_NO_SHA256. Improvements with WC_ASYNC_NO_HASH or WC_ASYNC_ENABLE_ECC to avoid unnecessary memory allocations. 2018-10-12 10:44:26 -07:00
David Garske fec726f10a Fix for async issue with receiving multiple TLS records (server_key_exchange and server_hello_done) in same packet, which may miss call to DoHandShakeMsgType -> HashInput because ssl->error is still marked pending WC_PENDING_E. 2018-10-12 10:39:40 -07:00
toddouska 0b78b75530 Merge pull request #1860 from dgarske/tls_either_side
Methods cleanup and new DTLS "either" side methods
2018-10-12 07:35:17 -07:00
David Garske 1fd791da21 Fix to check response code on InitSSL_Side calls. 2018-10-11 15:50:22 -07:00
John Safranek b404d4805f Skip Server Supported Curve Extension
Added a build option, WOLFSSL_ALLOW_SERVER_SC_EXT, that skips the
client's parsing of the supported curve extension if sent by the
server for sessions using < TLSv1.3. The server doesn't need to send it
and the RFCs don't specify what should happen if it does in TLSv1.2, but
it is sent in response from one particular Java based TLS server.
2018-10-11 15:21:32 -07:00
kaleb-himes 23797ab4cb wolfSSL_AES_cbc_encrypt unit tests, TODO: Decrypt 2018-10-10 15:59:10 -04:00
David Garske 0293686990 Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server. 2018-10-09 12:54:41 -07:00
toddouska 355048230f Merge pull request #1866 from dgarske/openssl_leak_fix
Fix leaks in compatibility functions `wolfSSL_X509_print` and `wolfSSL_i2d_RSAPublicKey`
2018-10-08 09:38:26 -07:00
toddouska 7a02832547 Merge pull request #1849 from dgarske/asn_piv
Added ASN certificate PIV and GZIP support
2018-10-08 09:32:19 -07:00
David Garske 1ed50a40e7 Fix for wolfSSL_i2d_RSAPublicKey leak. 2018-10-05 14:09:12 -07:00
David Garske cec61ac3c9 Fix for leak in wolfSSL_X509_print, where the RsaKey is not free'd. Cleanup of formatting. 2018-10-04 16:51:51 -07:00
David Garske 1d7c4f96fa Fix windows build warning with side data type mismatch. 2018-10-04 16:10:50 -07:00
David Garske bbdb17975c Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes. 2018-10-04 15:47:50 -07:00
Tesfa f83ea9a9d5 Fixed MINGW32 build errors 2018-10-03 13:58:51 -07:00
David Garske 680a863054 Added support for building with certificate parsing only. ./configure --enable-asn=nocrypt. Added new API for parsing PIV format certificates wc_ParseCertPIV with WOLFSSL_CERT_PIV build option. Added wc_DeCompress_ex with ability to decompress GZIP. Moved the ZLIB error codes into wolfCrypt. 2018-10-02 15:18:56 -07:00
David Garske f19f803098 Fix for possible leak with openssl comatibility API wolfSSL_d2i_ECDSA_SIG when fast math is disabled. 2018-09-27 11:39:30 -07:00
Chris Conlon 8ccd715f31 Merge branch 'master' into openssl_compat201805 2018-09-26 11:06:26 -06:00
John Safranek 18a27cfe75 Changed the DecodedCert's der pointer to be a pointer to const. The
DecodedCert doesn't own the der value, so it should be const. Had to
make many other changes downstream of this.
2018-09-25 12:55:52 -07:00
Go Hosohara ff5506faf2 define wolfSSL_OPENSSL_add_all_alogrithms_noconf alias for wolfSSL_OpenSSL_add_all_algorithms_noconf and some fixes 2018-09-25 15:39:56 +09:00
Takashi Kojo 71863c462e (void) for unused in NO_RSA case 2018-09-25 15:39:56 +09:00
Go Hosohara cfa99c567b merge PR #1820 Porting aid 2018-09-25 15:39:56 +09:00
Go Hosohara c7cfa74577 Fix some flaws caused by rebase 2018-09-25 15:39:55 +09:00
Takashi Kojo 3c93d4e638 KEEP_STORE_CERTS release elimination, limited to FreeX509 in X509_STORE_CTX 2018-09-25 15:39:55 +09:00
Takashi Kojo 226bc54b57 ctx->ourCert keeps duplicated x509 2018-09-25 15:39:55 +09:00
Takashi Kojo 8a046b0bac WOLFSSL_KEEP_STORE_CERTS for wolfSSL_X509_free 2018-09-25 15:39:55 +09:00
Takashi Kojo 59beba6338 WOLFSSL_CIPHER_INTERNALNAME option 2018-09-25 15:39:55 +09:00
Takashi Kojo 93e1221894 WOLFSSL_KEEP_STORE_CERTS for X509_STOREmake 2018-09-25 15:39:55 +09:00
Takashi Kojo 89dcbd6693 set dynamic flag when wolfSSL_ASN1_OBJECT_new() 2018-09-25 15:39:55 +09:00
Takashi Kojo 511b59cf73 set dynamic flag in ASN1_OBJECT_new 2018-09-25 15:39:55 +09:00