Tesfa Mael
f9e364f893
Updated wolfSSL_EVP_Cipher() for AES GCM
2019-08-27 11:36:39 -07:00
Tesfa Mael
e8f468e2cf
correct ifdef directive
2019-08-26 19:17:41 -07:00
Tesfa Mael
00dadafddb
Add HAVE_FAST_RSA around RSA_print()
2019-08-26 16:54:10 -07:00
Tesfa Mael
b2555d38bc
Jenkins PRB enable options test
2019-08-26 15:43:58 -07:00
Tesfa Mael
5e28dd94a2
OpenSSL compatible APIs:
...
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
2019-08-26 12:20:18 -07:00
toddouska
2c97b040ff
Merge pull request #2419 from dgarske/ctx_sec_reneg
...
Adds use secure renegotiation at CTX level
2019-08-23 12:55:30 -07:00
toddouska
1bad2bed3c
Merge pull request #2404 from dgarske/strict_cipher
...
Added strict cipher suite check on client server_hello processing
2019-08-23 12:42:57 -07:00
toddouska
6209e8ff24
Merge pull request #2412 from JacobBarthelmeh/PKCS12
...
adjust wc_i2d_PKCS12 API
2019-08-23 10:30:04 -07:00
Jacob Barthelmeh
65aeb71d6c
sanity check on buffer size before reading short
2019-08-22 11:36:35 -06:00
David Garske
67c3751836
Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level.
2019-08-20 16:43:28 -07:00
toddouska
7d4023f6a1
Merge pull request #2408 from dgarske/coverity
...
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh
487e66394e
adjust wc_i2d_PKCS12 API
2019-08-16 15:19:33 -06:00
David Garske
eb68ad162b
Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE.
2019-08-16 10:20:25 -07:00
David Garske
0d13b385ab
Fixes for possible cases where DerBuffer is not free'd in AddCA error cases.
2019-08-15 17:01:30 -07:00
toddouska
489af0cd2b
Merge pull request #2386 from SparkiDev/tls13_integ_only
...
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
Eric Blankenhorn
1b841363cc
Adding tests
2019-08-15 12:27:23 -05:00
Eric Blankenhorn
b2b24a06f3
Adding API
2019-08-14 15:09:17 -05:00
David Garske
e75417fde1
Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
...
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:
```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```
RFC 5246: 7.4.1.3: Server Hello: `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Eric Blankenhorn
48fa6a458c
Adding compatibility API phase 1
2019-08-13 17:09:56 -05:00
Tesfa Mael
9301cce9ac
Check a null pointer dereference
2019-08-13 11:48:20 -07:00
Tesfa Mael
b1ad0525ea
cast to correct static analysis issue
2019-08-13 10:45:24 -07:00
Tesfa Mael
b7bd710bc8
Add small stack option
2019-08-13 10:29:37 -07:00
Tesfa Mael
1acd24deb8
Review comment to reduce stack usage
2019-08-13 10:15:57 -07:00
Tesfa Mael
b9ddbb974a
perform domain name check on the peer certificate
2019-08-13 09:55:28 -07:00
Sean Parkinson
dd48c825ed
Constant compare the HMAC result when using NULL cipher and TLS 1.3
2019-08-09 11:50:07 -06:00
Tesfa Mael
4bff2b6bef
Fixed valgrind issue
2019-08-06 15:49:36 -07:00
Tesfa Mael
1371fc8327
Review comments
2019-08-06 13:23:18 -07:00
Tesfa Mael
c1938969aa
Convert to pointer to pass static memory
2019-08-06 10:47:30 -07:00
Tesfa Mael
000c38ae1f
Use wolfSSL_PKCS7_free, not wc_PKCS7_Free
2019-08-06 07:46:57 -07:00
Tesfa Mael
f5f5947616
New OpenSSL compatible APIs:
...
wolfSSL_PEM_write_bio_PKCS7
wolfSSL_PKCS7_SIGNED_new
wolfSSL_X509_subject_name_hash
wolfSSL_CTX_use_PrivateKey_ASN1
wolfSSL_get0_param
wolfSSL_X509_VERIFY_PARAM_set1_host
2019-08-05 17:35:37 -07:00
toddouska
c34657b20f
Merge pull request #2390 from dgarske/altname
...
Fix for scan-build warning with altName->name possible use of NULL
2019-08-02 15:49:13 -07:00
toddouska
31461dbfb5
Merge pull request #2373 from dgarske/mpint
...
Improvements to atoi, mp_int allocations and STSAFE-A100 error handling
2019-08-02 15:43:20 -07:00
toddouska
da6fa384d4
Merge pull request #2273 from danielinux/Riot-OS-GNRC
...
RIOT-OS support with GNRC TCP/IP sockets
2019-08-02 15:42:11 -07:00
Sean Parkinson
51dfc35aac
TLS 1.3 and Integrity-only ciphersuites
2019-08-02 11:00:18 +10:00
David Garske
fb8fc4d800
Fix for scan-build warning with altName->name possible use of NULL pointer.
2019-08-01 11:54:28 -07:00
toddouska
4f0fd2c2f9
Merge pull request #2302 from SparkiDev/ecc_pubkey_check
...
Add checks of public key for ECC and curve25519
2019-08-01 11:50:02 -07:00
Daniele Lacamera
34b2d257cd
[RIOT-OS/GNRC] Renamed GNRC callback functions
2019-08-01 15:50:16 +02:00
Daniele Lacamera
e77161ae9a
Riot-OS/GNRC support: reworked after reviewers' comments
2019-08-01 15:50:16 +02:00
Daniele Lacamera
1db036eb75
RIOT-OS support with GNRC UDP/IP sockets
2019-08-01 15:50:16 +02:00
toddouska
c400c38588
Merge pull request #2381 from SparkiDev/tls13_sv
...
Check suite size length is valid as well as space for compression
2019-07-30 16:04:00 -07:00
toddouska
81a9779fc4
Merge pull request #2385 from dgarske/minor_items
...
Minor cleanups for spelling and cast warnings
2019-07-30 15:22:29 -07:00
toddouska
0a60c2bb2c
Merge pull request #2379 from JacobBarthelmeh/sessionExport
...
reduce size of state only save and add option to remove peer info
2019-07-30 15:09:39 -07:00
David Garske
91251eb319
Fixes for minor compiler cast warnings.
2019-07-29 08:14:27 -07:00
David Garske
e3653a7a07
Various spelling corrections.
2019-07-29 08:14:07 -07:00
Sean Parkinson
4778dac49f
Add checks of public key for ECC and curve25519
2019-07-29 10:42:44 +10:00
Sean Parkinson
741d7bdb67
Check suite size length is valid as well as space for compression
2019-07-29 08:47:45 +10:00
Jacob Barthelmeh
ca87861915
reduce size of state only save and add option to remove peer info
2019-07-26 14:54:44 -06:00
David Garske
b0444bcfa1
Refactor to add XATOI for standard library function.
2019-07-23 15:36:59 -07:00
Sean Parkinson
b399b08df7
Fix for TLS 1.3 to always send Key Share
...
Even if resuming or using PSK and not performing DHE key exchange, send
key share extension in case full handshake is required.
2019-07-18 11:01:43 +10:00
Jacob Barthelmeh
af8395b17b
revert early free of OCSP buffer after finding it is revoked
2019-07-17 11:08:28 -06:00