Commit Graph

2935 Commits

Author SHA1 Message Date
John Safranek 5908230d20 Prime Number Testing
1. Fixed variable name typo in DH for the FFDHE 8192-bit q value.
2. Updated some error strings in wolfSSL_BN_is_prime_ex().
3. Changed the calls to mp_prime_is_prime_ex() in fp_randprime() and
mp_randprime() so they go back to the 8 rounds of MR, which is more than
adequate in this situation.
2018-07-11 16:24:41 -07:00
John Safranek 0e06f6413d Prime Number Testing
1. Update the function wolfSSL_BN_is_prime_ex to use mp_prime_is_prime_ex.
2. Modified fast and normal mp_prime_is_prime_ex() to use random numbers
that are in the range 2 < a < n-2.
2018-07-10 14:30:53 -07:00
toddouska 376a4d3ca8 Merge pull request #1666 from dgarske/fix_always_verify
Fix for building with `WOLFSSL_ALWAYS_VERIFY_CB`
2018-07-09 11:13:28 -07:00
David Garske 9c2a5d2906 Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd! 2018-07-06 16:21:43 -07:00
David Garske 85d58cbf8c Fix for building with WOLFSSL_ALWAYS_VERIFY_CB. 2018-07-06 15:31:52 -07:00
David Garske 595beb3fec Fixup for the removal of const. 2018-07-06 09:35:00 -07:00
David Garske 32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske 3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
toddouska ae54bae2fa Merge pull request #1654 from SparkiDev/tls13_stapling
TLS 1.3 OCSP Stapling
2018-07-03 12:56:28 -07:00
toddouska 77f11a6be9 Merge pull request #1649 from embhorn/zd4043
Fix for memory leak in wolfSSL_BN_hex2bn
2018-07-02 16:22:57 -07:00
toddouska 9f35d211e0 Merge pull request #1644 from JacobBarthelmeh/Compatibility-Layer
add ca when getting chain from x509 store
2018-07-02 16:22:11 -07:00
toddouska e17a16a45a Merge pull request #1600 from dgarske/lighttpd
Changes to support Lighttpd 1.4.49
2018-07-02 16:18:41 -07:00
Jacob Barthelmeh 201217bd97 casts for tls 1.3 windows warnings 2018-07-02 13:55:38 -06:00
Jacob Barthelmeh a9ff79e321 check return value 2018-07-02 10:10:30 -06:00
Sean Parkinson 0bf3a89992 TLS 1.3 OCSP Stapling
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
2018-07-02 16:59:23 +10:00
Eric Blankenhorn ebb3eb87d1 Update from review 2018-06-29 11:02:10 -05:00
Eric Blankenhorn c6890d518e Fix resource leak in wolfSSL_BN_hex2bn 2018-06-29 09:44:01 -05:00
toddouska b4da4340a1 Merge pull request #1640 from SparkiDev/tls13_nb
Fix non-blocking and buffered I/O
2018-06-28 15:32:42 -07:00
David Garske cd2971fb93 Abstracted code for setting options mask to improve wolfSSL_CTX_set_options, so it doesn't require allocating a WOLFSSL object. 2018-06-27 21:30:25 -07:00
David Garske 6dbca2b718 Fix to resolve the increased stack by allocating the temp ssl from the heap. 2018-06-27 19:44:34 -07:00
David Garske 66c2c65444 Changes to support Lighttpd 1.4.49:
* Fix for `wolfSSL_CTX_set_options` to work correctly when no certificate has been set for WOLFSSL_CTX, otherwise this operation fails with `Server missing certificate`.
* Fix for bad argument name `time`.
* Fix for `warning: type of bit-field`: Allowed types for bit-fields are int and unsigned int only.
* Exposed `ERR_remove_thread_state` and `SSL_CTX_set_tmp_ecdh` for lighttpd
* Renamed `WOLFSSL_ERR_remove_thread_state` to `wolfSSL_ERR_remove_thread_state` and setup old name macro.
* Add missing newline on asn1.h.
* Whitespace cleanup in ssl.c.
2018-06-27 19:44:34 -07:00
Sean Parkinson abaa5daf43 Fix non-blocking and buffered I/O
Fix states in TLS 1.3 connect and accept to be monotonically increasing
by 1.
Always have a new state after a buffer is constructed to be sent.
Add non-blocking support into TLS benchmark and support TLS 1.3.
2018-06-28 08:49:32 +10:00
Sean Parkinson 7fbe1d3049 Fix support for OCSP and Nginx
Store DER copy of CA certificate with signer when
WOLFSSL_SIGNER_DER_CERT is defined.
Keep the bad issuer error for later when compiling for OpenSSL
compatability.
Authority Info string needs to be passed back with a nul terminator.
2018-06-28 08:48:06 +10:00
Jacob Barthelmeh af75145602 adjust macro guards 2018-06-27 16:13:46 -06:00
Jacob Barthelmeh c2c209fb89 add ca when getting chain from x509 store 2018-06-27 14:09:32 -06:00
connerwolfssl 13b7dad0fa documentation clean up, added check for asn generalized time 2018-06-27 10:22:47 -07:00
toddouska 5d767aa004 Merge pull request #1641 from ejohnstown/rename-inline
Rename INLINE
2018-06-27 09:34:41 -07:00
toddouska 1b2876679b Merge pull request #1631 from ejohnstown/wolfio-select
wolfIO Select Update
2018-06-26 19:27:20 -07:00
John Safranek 586874b997 Rename INLINE
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
2018-06-26 15:17:46 -07:00
toddouska d9b5948947 Merge pull request #1605 from dgarske/asyncfsanitize
Fixes for async to resolve runtime fsanitize issues
2018-06-26 14:27:07 -07:00
John Safranek 9d7bcf8ec7 wolfIO Select Update
1. In wolfIO_Select(), separate out the fd lists into separate read and write lists.
2. Check the read and write fds lists to see if the connect() succeeded or failed.
3. Windows doesn't use the nfds parameter to Select. Initialize it to zero and reset it to the right value when building for not-Windows.
4. Remove the warning disable for Windows.

GCC 8.1 checks that "restrict" pointer parameters don't point to the same thing and will error if they do.
2018-06-22 10:49:57 -07:00
John Safranek e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
David Garske 1cb5bbf8ea Fixes for some async issues. Fixes an async issue with BuildMessage. Fixes for PKCS7 tests to not use async since it is not supported. 2018-06-22 09:30:25 -07:00
David Garske 623f1b58ac Fix for min IV size check. Cleanup of the max IV to use new enum MAX_IV_SZ. 2018-06-22 09:30:25 -07:00
David Garske 64ba151c35 Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with ./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make and sudo ./tests/unit.test. 2018-06-22 09:30:25 -07:00
toddouska 9d86d323ef Merge pull request #1628 from JacobBarthelmeh/Fuzzer
sanity check on hashing size
2018-06-20 17:46:38 -07:00
Jacob Barthelmeh bf63003237 sanity check before reading word16 from buffer 2018-06-20 16:48:40 -06:00
Jacob Barthelmeh 2f43d5eece update size to be used with fuzzing 2018-06-20 15:29:05 -06:00
Jacob Barthelmeh 61655ef56d comment on sz value and sanity check before fuzzing 2018-06-20 09:21:56 -06:00
Jacob Barthelmeh 38f916a798 sanity check on hashing size 2018-06-18 15:50:44 -06:00
Jacob Barthelmeh c98aca32c4 static analysis report fixes 2018-06-15 17:00:45 -06:00
Jacob Barthelmeh a1295b3148 memory management with test cases 2018-06-15 15:43:42 -06:00
toddouska 0d0aa74444 Merge pull request #1623 from dgarske/fix_atecc508a
Fixes for build with `WOLFSSL_ATECC508A` defined
2018-06-15 11:06:33 -07:00
toddouska 55945acd55 Merge pull request #1622 from cconlon/cavp-selftest-fix
fix CAVP self test build with newer raw hash functions
2018-06-15 11:02:15 -07:00
Jacob Barthelmeh c03c10e1d4 move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build 2018-06-14 14:38:15 -06:00
toddouska 139a08a98e Merge pull request #1621 from SparkiDev/tls13_no_cs
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-14 09:08:13 -07:00
David Garske 5b2bb44bc8 Fixes for build with WOLFSSL_ATECC508A defined. 2018-06-13 20:10:01 -07:00
toddouska 15348d4936 Merge pull request #1612 from dgarske/fixmatchdomainname
Fixes for `MatchDomainName` to properly detect failures
2018-06-13 13:13:52 -07:00
Chris Conlon 1db5d6ebd6 fix CAVP self test build with newer raw hash functions 2018-06-13 09:55:16 -06:00
Sean Parkinson a03c15e598 Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00