Commit Graph

2688 Commits

Author SHA1 Message Date
Jacob Barthelmeh 2a368abd20 fix build for haproxy 2018-03-01 18:00:52 -07:00
toddouska b527f6fb81 Merge pull request #1397 from JacobBarthelmeh/Optimizations
Optimizations
2018-02-26 08:43:22 -08:00
Jacob Barthelmeh 9391c608cc remove error string function when no error strings is defined 2018-02-23 17:31:20 -07:00
toddouska 9b90cdc919 Merge pull request #1396 from JacobBarthelmeh/Testing
fix for static analysis warning of null dereference
2018-02-23 15:51:29 -08:00
toddouska 22e55e72c1 Merge pull request #1394 from cconlon/selftest
Add CAVP-only Self Test for special build
2018-02-23 15:50:06 -08:00
Jacob Barthelmeh 9757effdc1 fix for static analysis warning of null dereference 2018-02-23 14:49:06 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
JacobBarthelmeh 89390180a0 Merge branch 'master' into Compatibility-Layer 2018-02-22 15:24:31 -07:00
toddouska 41ae47fa3c Merge pull request #1390 from SparkiDev/tls13_downgrade
Fix downgrading from TLS v1.3 to TLS v1.2
2018-02-22 08:53:48 -08:00
Sean Parkinson 7160384a19 Explicit curve data in public ECC key
Certificate's public key data contains more of the encoding.
PKCS #7 using public key from certificates calls proper decode.
2018-02-22 14:59:19 +10:00
Sean Parkinson da4024b46a Fix downgrading from TLS v1.3 to TLS v1.2
Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when
downgrading.
Added support in client and server examples for using downgrade method:
wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex().
Add tests, using downgrade version, of client or server downgrading from
TLS v1.3 to TLS v1.2.
2018-02-22 12:48:50 +10:00
Sean Parkinson dc4edd0cd9 SNI fix for nginx 2018-02-21 23:48:43 +10:00
Sean Parkinson d1f19e8ecc Fix resumption code around when not available
Can't set a ticket if the encryption callback is NULL.
If no useable pre-shared key is found then we won't do PSK.
2018-02-21 17:45:13 +10:00
toddouska 7a2aa6bc13 Merge pull request #1382 from dgarske/cleanup_strncpy
Fixes for ensuring null termination on all strncpy calls
2018-02-20 08:18:08 -08:00
Jacob Barthelmeh a275022dbe account for pwdbased being enabled with x509small 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 33b699f81a macro guards on PEM strings 2018-02-19 17:32:39 -07:00
David Garske e4df21df94 More cleanup for const strings. 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 4614bd4e56 scan-build warning and AES key size builds for ARMv8 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 94b7ab92f3 fix for unused variable 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 801ce67fc9 surround BIO function with macro guard 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 2a15b3912b revert pkcs7 attrib structure for scep and add more macro guards for AES key size 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh c9525d9c1d add opensslextra=x509small build option 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh ae2306ebcf more structure packing and macro guards 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 02753e53a5 add some of AES key size macros to benchmark.c and test.c 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh c2f660c0fc first round of adding AES key size macros 2018-02-19 17:23:49 -07:00
David Garske 44079e4bb8 Fixes for ensuring null termination on all strncpy calls. Cleanup of the null termination character '\0'; for char types. 2018-02-19 13:33:16 -08:00
Jacob Barthelmeh f569645212 add wolfSSL_SHA256 function 2018-02-16 16:57:45 -07:00
Jacob Barthelmeh a651b08afa add wolfSSL_AES_ecb_encrypt function 2018-02-16 15:08:31 -07:00
Jacob Barthelmeh 488a795747 add wolfSSL_PEM_read_bio_RSAPrivateKey function 2018-02-15 22:34:50 -07:00
toddouska ad1fc26d4e Merge pull request #1370 from JacobBarthelmeh/Testing
check on verify depth for certificates with opensslextra
2018-02-14 16:29:25 -08:00
David Garske 9ff97997a6 Merge pull request #1360 from SparkiDev/sp_math
Minimal implementation of MP when using SP.
2018-02-14 15:49:23 -08:00
Jacob Barthelmeh 2e15842ef2 revert verify depth check and increase array size to account for possible cert index 2018-02-14 10:01:22 -07:00
toddouska 4d04f0951c Merge pull request #1363 from SparkiDev/tls13_draft23
Support TLS v1.3 Draft 23
2018-02-13 11:39:53 -08:00
Jacob Barthelmeh 6f1e5383da check on verify depth for certificates with opensslextra 2018-02-13 10:29:23 -07:00
toddouska e254f25baf Merge pull request #1359 from SparkiDev/nginx_fixes
Fixes to get Nginx working again.
2018-02-09 13:17:38 -08:00
Sean Parkinson 0da8694ff3 Fix Hello Retry Request parsing of new KeyShare choice 2018-02-09 11:12:04 +10:00
Sean Parkinson 9a0c822582 Support TLS v1.3 Draft 23
Change KeyShare number.
Support SignatureAlgorithmsCert extension - nothing done with
information as only one chain supported on server.
Compiling for Draft 22 supported: --enable-tls-draft22
Compiling for Draft 18 still supported.
2018-02-09 10:42:15 +10:00
Sean Parkinson a3a4f2d59c Minimal implementation of MP when using SP.
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
Sean Parkinson 297fb1a447 Fixes to get Nginx working again.
Only use weOwnDH as Nginx can change from client to server.
Allow TLS v1.3 with client method for Nginx.
2018-02-08 11:14:31 +10:00
Kaleb Himes 266b6fe7a7 Merge pull request #1356 from JacobBarthelmeh/Compatibility-Layer
Fix for Windows FIPS build
2018-02-07 13:18:36 -07:00
Jacob Barthelmeh 47aa4bbe2f handle disable md5 case 2018-02-07 10:44:16 -07:00
Jacob Barthelmeh 61da8ec1dc Fix for Windows FIPS build 2018-02-07 10:13:28 -07:00
Jacob Barthelmeh a1a1ca9991 Fix for build with having opensslextra and IGNORE_NAME_CONSTRAINTS 2018-02-07 09:54:24 -07:00
David Garske 172989c3c4 Merge pull request #1343 from ghoso/dev201801
Fix decryption error when EVP_CipherInit is called mulitple times.
2018-02-05 16:51:08 -08:00
Sean Parkinson 82850422fc Merge pull request #1338 from JacobBarthelmeh/Testing
set have session id flag
2018-02-05 14:58:55 -08:00
toddouska 7ad0ea808c Merge pull request #1341 from JacobBarthelmeh/master
fix build for OLD_HELLO_ALLOWED macro
2018-02-02 10:53:16 -08:00
toddouska d63373066b Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer
add comments and better error checking for PKCS8 strip
2018-02-02 10:50:29 -08:00
Go Hosohara 0101440cc8 Fix decryption error when EVP_CipherInit is called mulitple times. 2018-01-31 17:08:06 +09:00
Jacob Barthelmeh 580a55ce49 fix build for OLD_HELLO_ALLOWED macro 2018-01-29 14:55:32 -07:00
Jacob Barthelmeh ca5b1dbbcb set have session id flag 2018-01-26 14:18:36 -07:00