Commit Graph

3641 Commits

Author SHA1 Message Date
tmael b8d2ccee83 Merge branch 'master' into phase2_compatibility_APIs 2019-08-29 09:16:41 -07:00
toddouska 9034e3a0fe Merge pull request #2432 from embhorn/api_p2
Adding compatibility API phase 2
2019-08-29 09:05:01 -07:00
Eric Blankenhorn 0c9ba1b361 Adding compatibility API phase 2 2019-08-28 09:29:49 -05:00
Tesfa Mael 625c3074b9 Review comments, sanity check 2019-08-27 17:06:36 -07:00
toddouska a49f447e47 Merge pull request #2413 from dgarske/load_ca_nodate
Refactor of the verify option for processing X.509 files
2019-08-27 13:20:30 -07:00
Tesfa Mael f9e364f893 Updated wolfSSL_EVP_Cipher() for AES GCM 2019-08-27 11:36:39 -07:00
Tesfa Mael e8f468e2cf correct ifdef directive 2019-08-26 19:17:41 -07:00
Tesfa Mael 00dadafddb Add HAVE_FAST_RSA around RSA_print() 2019-08-26 16:54:10 -07:00
Tesfa Mael b2555d38bc Jenkins PRB enable options test 2019-08-26 15:43:58 -07:00
toddouska 0f60ee8a85 Merge pull request #2402 from schlatterbeck/master
Fixes for 16-bit systems
2019-08-26 12:41:47 -07:00
Tesfa Mael 5e28dd94a2 OpenSSL compatible APIs:
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
2019-08-26 12:20:18 -07:00
David Garske 99329b0fc4 Improvements to the CRL verify handling. 2019-08-23 16:09:39 -07:00
toddouska 2c97b040ff Merge pull request #2419 from dgarske/ctx_sec_reneg
Adds use secure renegotiation at CTX level
2019-08-23 12:55:30 -07:00
toddouska 1bad2bed3c Merge pull request #2404 from dgarske/strict_cipher
Added strict cipher suite check on client server_hello processing
2019-08-23 12:42:57 -07:00
toddouska 6209e8ff24 Merge pull request #2412 from JacobBarthelmeh/PKCS12
adjust wc_i2d_PKCS12 API
2019-08-23 10:30:04 -07:00
Jacob Barthelmeh 65aeb71d6c sanity check on buffer size before reading short 2019-08-22 11:36:35 -06:00
David Garske 67c3751836 Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level. 2019-08-20 16:43:28 -07:00
David Garske 586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
toddouska 7d4023f6a1 Merge pull request #2408 from dgarske/coverity
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh 487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
David Garske 0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
toddouska 489af0cd2b Merge pull request #2386 from SparkiDev/tls13_integ_only
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
Eric Blankenhorn 1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
Eric Blankenhorn b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
David Garske e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Eric Blankenhorn 48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
Tesfa Mael 9301cce9ac Check a null pointer dereference 2019-08-13 11:48:20 -07:00
Tesfa Mael b1ad0525ea cast to correct static analysis issue 2019-08-13 10:45:24 -07:00
Tesfa Mael b7bd710bc8 Add small stack option 2019-08-13 10:29:37 -07:00
Tesfa Mael 1acd24deb8 Review comment to reduce stack usage 2019-08-13 10:15:57 -07:00
Tesfa Mael b9ddbb974a perform domain name check on the peer certificate 2019-08-13 09:55:28 -07:00
Ralf Schlatterbeck 63c6c47165 Fixes for 16-bit systems
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
2019-08-10 18:27:29 +02:00
Sean Parkinson dd48c825ed Constant compare the HMAC result when using NULL cipher and TLS 1.3 2019-08-09 11:50:07 -06:00
Tesfa Mael 4bff2b6bef Fixed valgrind issue 2019-08-06 15:49:36 -07:00
Tesfa Mael 1371fc8327 Review comments 2019-08-06 13:23:18 -07:00
Tesfa Mael c1938969aa Convert to pointer to pass static memory 2019-08-06 10:47:30 -07:00
Tesfa Mael 000c38ae1f Use wolfSSL_PKCS7_free, not wc_PKCS7_Free 2019-08-06 07:46:57 -07:00
Tesfa Mael f5f5947616 New OpenSSL compatible APIs:
wolfSSL_PEM_write_bio_PKCS7
wolfSSL_PKCS7_SIGNED_new
wolfSSL_X509_subject_name_hash
wolfSSL_CTX_use_PrivateKey_ASN1
wolfSSL_get0_param
wolfSSL_X509_VERIFY_PARAM_set1_host
2019-08-05 17:35:37 -07:00
toddouska c34657b20f Merge pull request #2390 from dgarske/altname
Fix for scan-build warning with altName->name possible use of NULL
2019-08-02 15:49:13 -07:00
toddouska 31461dbfb5 Merge pull request #2373 from dgarske/mpint
Improvements to atoi, mp_int allocations and STSAFE-A100 error handling
2019-08-02 15:43:20 -07:00
toddouska da6fa384d4 Merge pull request #2273 from danielinux/Riot-OS-GNRC
RIOT-OS support with GNRC TCP/IP sockets
2019-08-02 15:42:11 -07:00
Sean Parkinson 51dfc35aac TLS 1.3 and Integrity-only ciphersuites 2019-08-02 11:00:18 +10:00
David Garske fb8fc4d800 Fix for scan-build warning with altName->name possible use of NULL pointer. 2019-08-01 11:54:28 -07:00
toddouska 4f0fd2c2f9 Merge pull request #2302 from SparkiDev/ecc_pubkey_check
Add checks of public key for ECC and curve25519
2019-08-01 11:50:02 -07:00
Daniele Lacamera 34b2d257cd [RIOT-OS/GNRC] Renamed GNRC callback functions 2019-08-01 15:50:16 +02:00
Daniele Lacamera e77161ae9a Riot-OS/GNRC support: reworked after reviewers' comments 2019-08-01 15:50:16 +02:00
Daniele Lacamera 1db036eb75 RIOT-OS support with GNRC UDP/IP sockets 2019-08-01 15:50:16 +02:00
toddouska c400c38588 Merge pull request #2381 from SparkiDev/tls13_sv
Check suite size length is valid as well as space for compression
2019-07-30 16:04:00 -07:00
toddouska 81a9779fc4 Merge pull request #2385 from dgarske/minor_items
Minor cleanups for spelling and cast warnings
2019-07-30 15:22:29 -07:00