wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-05 21:25:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,822 Commits 12 Branches 184 Tags
de1ee91863ea2c375c023a2aeaa87d3c8b0aface
Commit Graph

919 Commits

Author SHA1 Message Date
Chris Conlon
a10ec0ff91 adjust suiteSz and use SUITE_LEN in FindSuite() 2016-11-15 10:49:37 -07:00
Chris Conlon
49978d1417 server side empty renegotiation_info support 2016-11-14 15:33:36 -07:00
Jacob Barthelmeh
0b3d9cbccd revert AESNI padding and handle the case in aes.c 2016-11-11 16:26:29 -07:00
Jacob Barthelmeh
55401fceb8 adjust alignment of arrays used for case with AESNI 2016-11-09 15:03:26 -07:00
toddouska
68c43e4344 Merge pull request #615 from ejohnstown/dtls-verify-retry-fix 
Fix dropped DTLS Hello Verify retransmit
 2016-11-04 15:52:13 -07:00
John Safranek
ada2573009 Increment the expected handshake number if the call to the handhsake 
message processing function is successful, but not if the handshake
message is the client_hello. Process client hello clears that counter
and incrementing it breaks the handshake. Fixes issue #612.
 2016-11-03 14:49:21 -07:00
Jacob Barthelmeh
668e9a8e08 MODE : change source file mode back to 644 2016-11-03 10:08:13 -06:00
John Safranek
a3ea8378ec Cap the size of the transmit and receive DTLS message lists at 255. 2016-11-02 09:15:05 -07:00
John Safranek
ffe905afbf Moved the checks for the new session ticket and certificate verify 
messages from the change cipher spec handler to the sanity check
handshake message function. It provides support for DTLS missing
and duplicate messages.
 2016-11-01 09:53:53 -07:00
John Safranek
3075269326 Replace the DTLS MsgPool for saving transmit handshake messages with 
the DTLS MsgList.
 2016-11-01 09:53:53 -07:00
Stefan Gula
59fdd98f1d Adjust DTLS retranmission logic 
This patch adjust DTLS retranmission logic
in order to avoid message floods between client
and server
 2016-10-26 10:37:23 +02:00
kaleb-himes
bc1fca5620 modified handler to return error on invalid condition post review 
update
 2016-10-25 11:07:35 -06:00
kaleb-himes
33ab901b3f prevent allocation of size 0 2016-10-24 16:44:43 -06:00
toddouska
88a82f519e Merge pull request #594 from JacobBarthelmeh/DTLS-MultiCore 
session export : Increment DTLS export version with serialization cha…
 2016-10-12 11:25:23 -07:00
toddouska
11102b6726 Merge pull request #585 from NickolasLapp/master 
Rename *Mutex Functions with wc_ prefix. Expose these functions for Stunnel.
 2016-10-12 11:19:32 -07:00
Jacob Barthelmeh
3c03aa453b session export : Increment DTLS export version with serialization changes 2016-10-11 14:01:38 -06:00
dgarske
81a8ad0a48 Merge pull request #587 from ejohnstown/seq64 
64-bit Sequence Number
 2016-10-04 06:01:26 -07:00
Nickolas Lapp
1792eba1a2 Rename *Mutex Functions with wc_ prefix. Expose these functions for 
Stunnel. Various other changes to enable stunnel compling
 2016-10-03 16:36:05 -06:00
John Safranek
12ac0346f5 change magic numbers to constants, rename verify parameter of WriteSEQ() and subfunctions 2016-10-03 13:51:10 -07:00
John Safranek
a839b61e81 initialize temp sequence number 2016-10-02 13:02:20 -07:00
John Safranek
575785db3e Fixes for DTLS sequence number checking. 2016-10-02 12:03:44 -07:00
John Safranek
ab371365b9 updated sequence number window 2016-09-30 17:02:05 -07:00
John Safranek
62d58a7084 updated session import/export for seq number 2016-09-29 23:09:42 -07:00
John Safranek
4522fa335e Fixing DTLS for 64-bit sequence numbering 
1. Simplify away the DtlsState record.
2. Adding in high order bits for the DTLS sequence number.
3. For DTLS, separated copying the sequence number from incrementing it.
 2016-09-29 15:51:33 -07:00
Kaleb Himes
124a8c0c1f Merge pull request #582 from ejohnstown/lean-psk 
Fixes for building the library for Lean PSK
 2016-09-24 10:59:54 -06:00
John Safranek
8d1aa2238b Fixes for building the library for Lean PSK 
1. Needed to enable static PSK when using Lean PSK
2. Fixed complaints about unused variables.
 2016-09-24 00:18:36 -07:00
John Safranek
5e852dc1a1 Fixes for building the library with a C++ compiler with TLSX enabled 
1. Add many typecasts for malloc() data to proper pointer type.
2. Add many typecasts for constants in tertiary operators.
3. ECC to use local copy of wc_off_on_addr instead of extern copy.
 2016-09-23 23:22:58 -07:00
Jacob Barthelmeh
02b3aa51bd NTRU : warning of variable size as argument 2016-09-23 15:30:33 -06:00
toddouska
2368d49678 Merge pull request #572 from ejohnstown/pathlen 
CA Certificate Path Length Checking
 2016-09-21 14:36:24 -07:00
John Safranek
a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
toddouska
21726d5ae4 64bit sequence tls proof of concept, dlts needs some work 2016-09-19 16:02:27 -07:00
toddouska
f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
toddouska
c1ac0c0f8c Merge pull request #545 from ejohnstown/ems 
Extended Master Secret
 2016-09-15 11:25:41 -07:00
John Safranek
8b713adcfd Extended Master Secret Peer Review Changes 
1. Checked the returns on the hash functions in the sniffer,
   return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
   hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
 2016-09-14 13:43:02 -07:00
John Safranek
77cf700657 Update to allow resumption with session tickets and extended master secret. 2016-09-12 16:06:51 -07:00
John Safranek
c1136a30e9 1. Enabled the extended master secret in the Windows IDE user_settings.h 
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
 2016-09-12 09:42:42 -07:00
John Safranek
b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
toddouska
0c21d76ce3 detect client not sending any compression types 2016-09-08 12:06:22 -07:00
toddouska
3aefc42f04 have TLS server side verify no compression is in list if not using compression 2016-09-07 15:28:30 -07:00
toddouska
a5db13cd01 detect server forcing compression on client w/o support 2016-09-07 09:17:14 -07:00
Chris Conlon
e4f527a332 initial extended master secret support 2016-09-01 15:12:54 -06:00
John Safranek
bab071f961 1. Implemented the SCTP MTU size changes for transmit. 
2. Simplified the MAX_FRAGMENT size when calling SendData().
 2016-08-26 19:58:36 -07:00
John Safranek
a6c0d4fed7 1. Added missing -DWOLFSSL_SCTP to configure.ac. 
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
 2016-08-26 19:58:36 -07:00
John Safranek
f3dca48e99 Fix polarity on the DTLS-SCTP check. 2016-08-26 19:58:36 -07:00
John Safranek
7b3255b5bb 1. Simplified the IsDtlsSctpMode() check. 
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
 2016-08-26 19:57:09 -07:00
John Safranek
c1970434d1 simplify the SCTP options 2016-08-26 19:43:52 -07:00
David Garske
925e5e3484 Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled. 2016-08-26 10:33:01 -07:00
toddouska
78ca9e7716 Merge pull request #482 from dgarske/async 
Asynchronous wolfCrypt RSA and TLS client support
 2016-08-25 10:06:18 -07:00
John Safranek
fa1989b729 fix building the new session ticket message for DTLS, take into account the additional header sizes 2016-08-18 17:51:25 -07:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00