Commit Graph

3632 Commits

Author SHA1 Message Date
Tesfa Mael f9e364f893 Updated wolfSSL_EVP_Cipher() for AES GCM 2019-08-27 11:36:39 -07:00
Tesfa Mael e8f468e2cf correct ifdef directive 2019-08-26 19:17:41 -07:00
Tesfa Mael 00dadafddb Add HAVE_FAST_RSA around RSA_print() 2019-08-26 16:54:10 -07:00
Tesfa Mael b2555d38bc Jenkins PRB enable options test 2019-08-26 15:43:58 -07:00
Tesfa Mael 5e28dd94a2 OpenSSL compatible APIs:
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
2019-08-26 12:20:18 -07:00
toddouska 2c97b040ff Merge pull request #2419 from dgarske/ctx_sec_reneg
Adds use secure renegotiation at CTX level
2019-08-23 12:55:30 -07:00
toddouska 1bad2bed3c Merge pull request #2404 from dgarske/strict_cipher
Added strict cipher suite check on client server_hello processing
2019-08-23 12:42:57 -07:00
toddouska 6209e8ff24 Merge pull request #2412 from JacobBarthelmeh/PKCS12
adjust wc_i2d_PKCS12 API
2019-08-23 10:30:04 -07:00
Jacob Barthelmeh 65aeb71d6c sanity check on buffer size before reading short 2019-08-22 11:36:35 -06:00
David Garske 67c3751836 Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level. 2019-08-20 16:43:28 -07:00
toddouska 7d4023f6a1 Merge pull request #2408 from dgarske/coverity
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh 487e66394e adjust wc_i2d_PKCS12 API 2019-08-16 15:19:33 -06:00
David Garske eb68ad162b Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE. 2019-08-16 10:20:25 -07:00
David Garske 0d13b385ab Fixes for possible cases where DerBuffer is not free'd in AddCA error cases. 2019-08-15 17:01:30 -07:00
toddouska 489af0cd2b Merge pull request #2386 from SparkiDev/tls13_integ_only
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
Eric Blankenhorn 1b841363cc Adding tests 2019-08-15 12:27:23 -05:00
Eric Blankenhorn b2b24a06f3 Adding API 2019-08-14 15:09:17 -05:00
David Garske e75417fde1 Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:

```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```

RFC 5246: 7.4.1.3: Server Hello:  `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Eric Blankenhorn 48fa6a458c Adding compatibility API phase 1 2019-08-13 17:09:56 -05:00
Tesfa Mael 9301cce9ac Check a null pointer dereference 2019-08-13 11:48:20 -07:00
Tesfa Mael b1ad0525ea cast to correct static analysis issue 2019-08-13 10:45:24 -07:00
Tesfa Mael b7bd710bc8 Add small stack option 2019-08-13 10:29:37 -07:00
Tesfa Mael 1acd24deb8 Review comment to reduce stack usage 2019-08-13 10:15:57 -07:00
Tesfa Mael b9ddbb974a perform domain name check on the peer certificate 2019-08-13 09:55:28 -07:00
Sean Parkinson dd48c825ed Constant compare the HMAC result when using NULL cipher and TLS 1.3 2019-08-09 11:50:07 -06:00
Tesfa Mael 4bff2b6bef Fixed valgrind issue 2019-08-06 15:49:36 -07:00
Tesfa Mael 1371fc8327 Review comments 2019-08-06 13:23:18 -07:00
Tesfa Mael c1938969aa Convert to pointer to pass static memory 2019-08-06 10:47:30 -07:00
Tesfa Mael 000c38ae1f Use wolfSSL_PKCS7_free, not wc_PKCS7_Free 2019-08-06 07:46:57 -07:00
Tesfa Mael f5f5947616 New OpenSSL compatible APIs:
wolfSSL_PEM_write_bio_PKCS7
wolfSSL_PKCS7_SIGNED_new
wolfSSL_X509_subject_name_hash
wolfSSL_CTX_use_PrivateKey_ASN1
wolfSSL_get0_param
wolfSSL_X509_VERIFY_PARAM_set1_host
2019-08-05 17:35:37 -07:00
toddouska c34657b20f Merge pull request #2390 from dgarske/altname
Fix for scan-build warning with altName->name possible use of NULL
2019-08-02 15:49:13 -07:00
toddouska 31461dbfb5 Merge pull request #2373 from dgarske/mpint
Improvements to atoi, mp_int allocations and STSAFE-A100 error handling
2019-08-02 15:43:20 -07:00
toddouska da6fa384d4 Merge pull request #2273 from danielinux/Riot-OS-GNRC
RIOT-OS support with GNRC TCP/IP sockets
2019-08-02 15:42:11 -07:00
Sean Parkinson 51dfc35aac TLS 1.3 and Integrity-only ciphersuites 2019-08-02 11:00:18 +10:00
David Garske fb8fc4d800 Fix for scan-build warning with altName->name possible use of NULL pointer. 2019-08-01 11:54:28 -07:00
toddouska 4f0fd2c2f9 Merge pull request #2302 from SparkiDev/ecc_pubkey_check
Add checks of public key for ECC and curve25519
2019-08-01 11:50:02 -07:00
Daniele Lacamera 34b2d257cd [RIOT-OS/GNRC] Renamed GNRC callback functions 2019-08-01 15:50:16 +02:00
Daniele Lacamera e77161ae9a Riot-OS/GNRC support: reworked after reviewers' comments 2019-08-01 15:50:16 +02:00
Daniele Lacamera 1db036eb75 RIOT-OS support with GNRC UDP/IP sockets 2019-08-01 15:50:16 +02:00
toddouska c400c38588 Merge pull request #2381 from SparkiDev/tls13_sv
Check suite size length is valid as well as space for compression
2019-07-30 16:04:00 -07:00
toddouska 81a9779fc4 Merge pull request #2385 from dgarske/minor_items
Minor cleanups for spelling and cast warnings
2019-07-30 15:22:29 -07:00
toddouska 0a60c2bb2c Merge pull request #2379 from JacobBarthelmeh/sessionExport
reduce size of state only save and add option to remove peer info
2019-07-30 15:09:39 -07:00
David Garske 91251eb319 Fixes for minor compiler cast warnings. 2019-07-29 08:14:27 -07:00
David Garske e3653a7a07 Various spelling corrections. 2019-07-29 08:14:07 -07:00
Sean Parkinson 4778dac49f Add checks of public key for ECC and curve25519 2019-07-29 10:42:44 +10:00
Sean Parkinson 741d7bdb67 Check suite size length is valid as well as space for compression 2019-07-29 08:47:45 +10:00
Jacob Barthelmeh ca87861915 reduce size of state only save and add option to remove peer info 2019-07-26 14:54:44 -06:00
David Garske b0444bcfa1 Refactor to add XATOI for standard library function. 2019-07-23 15:36:59 -07:00
Sean Parkinson b399b08df7 Fix for TLS 1.3 to always send Key Share
Even if resuming or using PSK and not performing DHE key exchange, send
key share extension in case full handshake is required.
2019-07-18 11:01:43 +10:00
Jacob Barthelmeh af8395b17b revert early free of OCSP buffer after finding it is revoked 2019-07-17 11:08:28 -06:00