Commit Graph

3303 Commits

Author SHA1 Message Date
toddouska e52f4494f0 Merge pull request #2069 from dgarske/fix_8192
Fixes for handling 6144 and 8192 bit with TLS v1.3
2019-02-07 15:02:40 -08:00
Jacob Barthelmeh be4d6bc204 fix typo with getting cipher suite 2019-02-04 10:53:59 -07:00
Sean Parkinson b7179c2a54 Disallow SupportedGroups in ServerHello for TLS 1.3
But allowed when downgrading to TLS 1.2.
2019-02-04 09:04:11 +10:00
toddouska 73fbf845f2 Merge pull request #2066 from SparkiDev/sec_reneg_scsv
Fix empty renegotiation info ciphersuite handling
2019-02-01 10:05:59 -08:00
toddouska 14a2343118 Merge pull request #2064 from SparkiDev/tls13_dhkeysz
Set the DH key size for TLS 1.3 when secret calculated
2019-02-01 10:04:15 -08:00
toddouska 4a5652f318 Merge pull request #2061 from SparkiDev/x86_asm_not_in_c
Pull out x86_64 ASM into separate files
2019-02-01 10:01:34 -08:00
toddouska 4a177a8a30 Merge pull request #1997 from tmael/portingDeos
Initial Deos RTOS port
2019-02-01 09:56:55 -08:00
David Garske c080050c80 Fix to detect larger key size requirement based on FP_MAX_BITS. Fix for TLSv1.3 to allow server_hello for TLSX_SUPPORTED_GROUPS. ZD 4754. 2019-02-01 09:53:30 -08:00
Sean Parkinson 7822cef1ac Pull out x86_64 ASM into separate files 2019-01-29 13:08:24 +10:00
Sean Parkinson e8b46caf75 Fix empty renegotiation info ciphersuite handling 2019-01-29 12:51:49 +10:00
Sean Parkinson 574238dea0 Set the DH key size for TLS 1.3 when secret calculated 2019-01-29 08:59:49 +10:00
Chris Conlon 0b2bbc33bd Merge pull request #2059 from miyazakh/openssl_bksize_digest
Added EVP_MD_CTX_block_size and exposed EVP_Digest()
2019-01-28 15:17:26 -07:00
John Safranek 1288036dbe Merge pull request #2047 from kojo1/freeCRL
wolfSSL_CertManagerFreeCRL: exposing FreeCRL
2019-01-25 16:08:31 -08:00
Hideki Miyazaki 53adb93ae4 Added EVP_MD_CTX_block_size and publicized EVP_Digest() 2019-01-25 09:05:36 +09:00
David Garske fd429bb656 Show warning if secrets debugging options (SHOW_SECRETS or WOLFSSL_SSLKEYLOGFILE) are enabled. The #warning can be ignored as error using ./configure CFLAGS="-W#warnings". 2019-01-22 13:29:25 -08:00
toddouska 52e8e77390 Merge pull request #2046 from cconlon/addalert
add alert number and string for "unknown_ca" (48)
2019-01-21 15:39:47 -08:00
Takashi Kojo 5539b0eb38 wolfSSL_CertManagerFreeCRL: exporsing FreeCRL 2019-01-20 10:11:19 +09:00
Chris Conlon 8ecee6a7e9 add unknown_ca alert number (48) and string 2019-01-18 15:36:33 -08:00
Tesfa Mael 739b57c753 Initial Deos RTOS port
- Added support for Deos with no file system
- Implemented a custom malloc since reusing and freeing memory is disallowed in avionics and mission critical applications.
- Added TLS client and server example with a TCP setup mailbox transport
- Timer starts at an offset of CURRENT_UNIX_TIMESTAMP specified by the user
- Uses rand_r() as a pseudo random number generator and uses the current time in seconds as a seed
- Uses strnicmp for XSTRNCASECMP instead of strncasecmp
- a readme doc included
2019-01-18 14:46:39 -08:00
John Safranek c282f5b726 DTLS Nonblocking Updates
Modify the DtlsMsgPoolSend() function to keep track of the last message
retransmit. If a write would block, it allows the retransmit pick up
where it left off.
2019-01-18 09:15:11 -08:00
John Safranek aa4de6e170 DTLS Nonblocking Updates
Do not allow the DTLS message flight be retransmit without being
finished. This can happen if a non-blocking transmit times out the
response and the application tries to retransmit.
2019-01-18 09:15:11 -08:00
John Safranek 63f6c1d280 DTLS Nonblocking Updates
1. Add error code for trying to retransmit a flight when transmitting
the flight hasn't finished.
2. Add function to retransmit the stored flight without updating the
timeout count.
2019-01-18 09:15:11 -08:00
John Safranek 91d81ea691 Add some more debug logging for DTLS retransmission support. 2019-01-18 09:13:28 -08:00
John Safranek d3e2488552 DTLS Resume Fix
1. In DTLS, when transmitting the Change Cipher Spec message increment the
sequence number.
2. In DTLS, when client receives the CCS message, sanity check that the
server hello has been received in the case of resume.
2019-01-18 09:13:28 -08:00
toddouska b632c8dcc1 Merge pull request #2043 from SparkiDev/tls13_psk_down
Fix PSK support when no PSK extension
2019-01-18 09:00:56 -08:00
toddouska 33f876bb20 Merge pull request #2029 from SparkiDev/sni_tls13
Fix SNI on client when downgrading from TLS 1.3
2019-01-18 08:59:47 -08:00
toddouska fe97264ff9 Merge pull request #2028 from dgarske/spcortex
Added Cortex-M support for Single Precision (SP) math
2019-01-18 08:59:10 -08:00
toddouska d02f7a75b9 Merge pull request #2019 from dgarske/arduino
Improvements to Arduino sketch
2019-01-18 08:54:42 -08:00
toddouska aba726fcd3 Merge pull request #2004 from embhorn/prf_move
Moving PRF to wolfcrypt
2019-01-18 08:53:13 -08:00
Sean Parkinson e18891aed8 Fix PSK support when no PSK extension 2019-01-18 16:13:07 +10:00
David Garske 8fb7892013 Merge pull request #2040 from ejohnstown/fix-checks
Fix Checks
2019-01-17 12:54:25 -08:00
John Safranek f6240e5558 Fix Checks
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
2019-01-17 09:52:00 -08:00
David Garske 91573735b1 Merge pull request #2036 from ejohnstown/fragsz
TLS Record Fragment Size Check Change
2019-01-17 08:56:45 -08:00
John Safranek 5e03ac13f6 TLS Record Fragment Size Check Change
Fixed a potential bug with respect to processing fragmented handshake
messages. If a handshake message is fragmented across multiple TLS
records and the last fragment's record has the next handshake message in
it, we would throw a buffer error instead of processing the next
message. Changed this so it will finish the handshake message and return
out to process the next message. Also changed the handling of the
handshake message to follow the calling pattern.
2019-01-16 15:53:57 -08:00
Eric Blankenhorn 02ff19a6c4 Moving PRF to wolfcrypt 2019-01-16 17:23:49 -06:00
John Safranek d5b06f93fd Merge pull request #2031 from SparkiDev/sec_reneg_chrome
Changes to secure renegotiation for TLS 1.3 and Chrome
2019-01-16 12:00:08 -08:00
toddouska 5d262e9123 Merge pull request #2027 from dgarske/fix_buildopts
Fixes for various build options and warnings
2019-01-16 10:32:19 -08:00
toddouska b683a5a6bb Merge pull request #1945 from victork1996/bugfix/openssl-evp-bytes-to-key-compatibility
Fixed OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
2019-01-16 10:18:08 -08:00
toddouska b37c94a15c Merge pull request #2022 from JacobBarthelmeh/OCSP
memory management with OCSP requests
2019-01-16 08:52:50 -08:00
Sean Parkinson b2e4c86028 Changes to secure renegotiation for TLS 1.3 and Chrome 2019-01-15 09:47:23 -08:00
Sean Parkinson 53ad7728bf Fix SNI on client when downgrading from TLS 1.3 2019-01-14 15:09:52 -08:00
Jacob Barthelmeh 6ac384793f memory management with OCSP requests 2019-01-14 09:49:50 -07:00
David Garske cfc66dab47 Fix compiler complaints when using Curve25519. 2019-01-11 21:16:13 -08:00
David Garske 45cd80b4b7 Fix define check of NO_CERT to be NO_CERTS. 2019-01-11 21:10:07 -08:00
David Garske 406d2ceb6b Merge pull request #2023 from miyazakh/fix_no_hash_raw
fix no_hash_raw for esp32 hw acceleration
2019-01-11 21:04:04 -08:00
David Garske ebd68e6afd Fix to return the internal cipher suite name instead of NULL if NO_ERROR_STRINGS is defined. Fix for stray "if" in wolfSSL_SESSION_CIPHER_get_name. 2019-01-11 17:20:35 -08:00
David Garske f67b8fa6a3 Experimental SP Cortex M support for Single Precision math. 2019-01-11 14:38:34 -08:00
Hideki Miyazaki bdc5dd41d1 fix no_hash_raw for esp32 hw acceleration 2019-01-09 16:56:47 +09:00
Jacob Barthelmeh 26ae39a217 check if secure renegotiation struct available 2019-01-04 13:22:34 -07:00
Jacob Barthelmeh a00eaeb877 add ocsp stapling test and initialize values 2019-01-04 13:16:47 -07:00