Commit Graph

1014 Commits

Author SHA1 Message Date
David Garske db63fe83d4 Initial pass at fixes for coverity scan. 2017-04-28 14:59:45 -07:00
toddouska 4387e1f08e Merge pull request #855 from insane-adding-machines/master
Added support for HAproxy load balancer
2017-04-28 13:10:58 -07:00
David Garske c92b497ea3 Fix async merge error which duplicated the wolfSSL_new RNG creation and caused a memory leak. Fix for build error with plainDigestSz not being initialized. 2017-04-28 10:11:17 -07:00
David Garske 3e6243eb08 Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”. 2017-04-27 10:53:47 -07:00
Daniele Lacamera 7058211860 Merge from latest masterbranch 2017-04-24 06:18:44 +02:00
Jacob Barthelmeh a8115d51fa add back in haveTrustPeer variable and put macro guard on WC_RNG typedef 2017-04-18 16:53:02 -06:00
Daniele Lacamera bf877a636f Merge from masterbranch 2017-04-18 18:34:14 +02:00
toddouska 7df7a07a68 Merge pull request #863 from JacobBarthelmeh/Testing
fix old version of AEAD cipher suite
2017-04-18 09:33:00 -07:00
Jacob Barthelmeh 999328f2a0 fix old version of AEAD cipher suite 2017-04-14 10:32:15 -06:00
David Garske 7779a64cae Fix for building with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1. 2017-04-13 21:26:20 -07:00
Daniele Lacamera ef231a039d Updated to latest masterbranch 2017-04-13 15:28:19 +02:00
dgarske 8ee9e4ff8b Merge pull request #851 from toddouska/nosessid
don't send session ID on server side if session cache is off unless w…
2017-04-12 14:50:43 -07:00
toddouska 3810571e0d Merge pull request #715 from dgarske/async_intelqa
Intel QuickAssist (QAT) support and async enhancements/fixes
2017-04-12 13:54:19 -07:00
toddouska b1d59a2334 don't send session ID on server side if session cache is off unless we're echoing session ID as part of session tickets 2017-04-12 10:54:19 -07:00
David Garske 11133e578d Fixes and cleanups based on feedback from Sean. Added ifdef checks around WC_PENDING_E code to reduce code size for non-async builds. Cleanup accumulative result code checking in SSL_hmac. Cleanup of the RSA async state advancement. 2017-04-12 10:07:38 -07:00
Daniele Lacamera 3e9a5fd433 Updated to latest masterbranch 2017-04-12 12:48:38 +02:00
Daniele Lacamera 8f300515bd Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag
now haproxy compatible wolfssl builds with:

./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \
iam * ] 2:18 PM
    --disable-fasthugemath --disable-bump \
    --enable-opensslextra \
    --enable-keygen --enable-certgen \
    --disable-ntru --disable-examples \
    --enable-tlsx --enable-haproxy \
    --enable-savecert --enable-savesession --enable-sessioncerts \
    --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 14:18:41 +02:00
dgarske 213afe18c3 Merge pull request #842 from JacobBarthelmeh/Testing
fix c32toa needed with --enable-session-ticket
2017-04-10 19:10:35 -07:00
David Garske e419a6f899 Fixes and cleanups based on feedback from Sean. 2017-04-10 14:47:07 -07:00
David Garske 62e7dc87c3 Fix merge error with verify callback and totalCerts. 2017-04-10 14:45:05 -07:00
David Garske 56a1618ba0 Fixes to a few things based on peer review. 2017-04-10 14:45:05 -07:00
David Garske c1640e8a3d Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
Jacob Barthelmeh 80d88b9421 fix c32toa needed with --enable-session-ticket 2017-04-07 11:46:27 -06:00
David Garske eb40175cc6 Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”. 2017-04-07 10:20:41 -07:00
David Garske 6a1ae7ee5b Fix on server side to make sure SHA hash is setup even with NO_OLD_TLS. Fix to initialize hsHashes to zero. Fix in PickHashSigAlgo to not default to SHA if NO_OLD_TLS is defined (unless WOLFSSL_ALLOW_TLS_SHA1 is set). Fix to allow pre TLS 1.2 for “AES128-SHA256” and “AES256-SHA256”. 2017-04-07 10:20:18 -07:00
David Garske b14da2622e Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf. 2017-04-07 10:20:18 -07:00
kaleb-himes b827380baf Typo in cipher suite pre-processor macro 2017-04-07 10:19:24 -07:00
JacobBarthelmeh 4eefa22629 Merge pull request #810 from toddouska/write-dup
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
2017-04-05 10:06:20 -06:00
toddouska e168d4db09 Merge pull request #821 from SparkiDev/wpas_fips
FIPS changes and fixups for wpa_supplicant
2017-04-03 08:27:25 -07:00
Sean Parkinson c74c2ce00c FIPS changes and fixups
Enable ex data explicitly.
Keep the peer cert for verification callback.
External session cache for hostapd.
Enable DES_ECB when not FIPS.
Don't send the peer cert if it is not received from peer.
Initialize the peer cert after free as will be freed on tear down of
SSL.
Allow a server to become a client.
2017-03-30 11:53:35 +10:00
toddouska 4783fbfc4f better handling of TLS layer switching out CTX layer keys/certs 2017-03-24 10:19:01 -07:00
toddouska 15423428ed add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access 2017-03-20 15:08:34 -07:00
toddouska 3bb1723476 Merge pull request #768 from dgarske/crl_lookup
Added support for inline CRL lookup when HAVE_CRL_IO is defined
2017-03-17 12:18:45 -07:00
Jacob Barthelmeh 0ef1b5d298 bounds checking with adding string terminating character 2017-03-15 13:40:41 -06:00
David Garske 628f740363 Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses. 2017-03-15 12:26:18 -07:00
Sean Parkinson 97b98c5c44 Changes from review
Add a free handshake resources API.
Rename to wolfSSL_KeepHandshakeResources().
Add APIs to indicate the client's preference order is to be used when
matching cipher suites.
2017-03-15 09:09:25 +10:00
Sean Parkinson 122f648fd8 Only support client preference order as default for WPAS. 2017-03-15 09:09:02 +10:00
Sean Parkinson e2930b0a43 Changes for WPA Supplicant 2017-03-15 09:09:02 +10:00
toddouska 2bb14903f9 Merge pull request #698 from SparkiDev/nginx
Get Nginx working with wolfSSL
2017-03-09 10:23:20 -08:00
David Garske a55ebb4c18 Fixes for building CRL with Windows. Refactor load_verify_buffer and LoadCRL to use new wc_ReadDir* functions. Added new directory/file API's: wc_ReadDirFirst(), wc_ReadDirNext(), wc_ReadDirClose(). Moved MAX_PATH and MAX_FILENAME_SZ to wc_port.h. Moved BAD_PATH_ERROR into error-crypt.h. The wc_ReadDir is only supported when NO_WOLFSSL_DIR and NO_FILESYSTEM are not defined. Add map to __FUNCTION__ macro in Windows with debug enabled (to resolve build error with VS and __func__ missing). Fix cast warning on response from EncodeOcspRequestExtensions. Fix for cast to call to BuildCertificateStatus. 2017-03-08 11:21:11 -08:00
toddouska 0d3ef0b399 Merge pull request #776 from dgarske/fix_iis_signature_algorithms
Fix issue with IIS servers and NO_OLD_TLS
2017-03-03 12:51:22 -08:00
David Garske b5fe3ddbfa Fix to allow connection to IIS server which requires SHA1 hash algo to be present in signature_algos extension. Issue only exists when NO_OLD_TLS is defined. To enable SHA1 with TLS 1.2 define "WOLFSSL_ALLOW_TLS_SHA1”. 2017-03-02 18:18:05 -08:00
John Safranek ec1d8c7090 Fixed where the client was using NULL instead of ssl->heap when allocating memory during SendClientKeyExchange(). Failing on an embedded static build. 2017-03-02 10:05:24 -08:00
David Garske d903059e05 Fixes to allow signature_algorithms extension to send SHA1 (if enabled) and NO_OLD_TLS is defined. This resolves an issue connected to ISS servers. 2017-03-01 19:07:13 -08:00
Sean Parkinson 13e6217fd5 Changes from code review 2017-03-01 08:38:54 +10:00
Sean Parkinson e6434f380b Get Nginx working with wolfSSL 2017-03-01 08:38:54 +10:00
toddouska bdbb98ed20 Merge pull request #735 from dgarske/norm_math_speedup
Normal math speed-up to not allocate on mp_int and defer until mp_grow
2017-02-22 14:29:51 -08:00
David Garske 9c7407d18c Added return codes to wc_InitDhKey, wc_InitDsaKey and mp_set. Added missing return code checks on mp_copy in ecc.c. Fixed build with DSA and no ECC where mp_set function def would be missing. 2017-02-21 14:03:21 -08:00
toddouska fc85b8189c fix small stack malloc checks 2017-02-21 11:18:09 -08:00
Kaleb Himes af355f7472 updates for TIRTOS build following release 3.10.0 2017-01-31 13:15:45 -08:00