wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 18:12:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,202 Commits 12 Branches 184 Tags
effca6c081869b112d2717229beb3078530db2bb
Commit Graph

3362 Commits

Author SHA1 Message Date
toddouska
554af3dcfa Merge pull request #2151 from JacobBarthelmeh/Testing 
path include adjustment, rename internal OBJ function, and client pri…
 2019-03-11 16:48:19 -07:00
toddouska
6e1b05316d Merge pull request #2104 from ejohnstown/renegotiation-testing 
Secure Renegotiation
 2019-03-11 12:10:48 -07:00
Jacob Barthelmeh
9c9279817b path include adjustment, rename internal OBJ function, and client print outs added 2019-03-11 09:57:04 -06:00
Chris Conlon
d699b65a25 Merge pull request #2026 from kojo1/mdk-CMSISv2 
MDK CMSIS RTOSv2
 2019-03-06 09:36:49 -07:00
Jacob Barthelmeh
dc3b81f633 adjust comments on key type for function 2019-03-05 10:53:10 -07:00
John Safranek
020b27bab2 wolfSSL_SecureResume() should be client only. Return an error if called 
form the server.
 2019-03-01 11:00:26 -08:00
David Garske
809c30a5b9 Merge pull request #2128 from SparkiDev/pkcs11_ecc_server_fix 
PKCS #11 id RSA - TLS don't convert length a la ecc
 2019-02-28 19:05:33 -08:00
Sean Parkinson
dc144df32a PKCS #11 id RSA - TLS don't convert length a la ecc 2019-03-01 10:23:45 +10:00
David Garske
b528997d30 Merge pull request #2103 from SparkiDev/pkcs11_hmac 
PKCS #11 support for HMAC with MD5, SHA, SHA-2
 2019-02-28 09:50:59 -08:00
Sean Parkinson
a382a979cc Merge pull request #2098 from kaleb-himes/ZD4793 
Fix for single threaded case with double free on suites
 2019-02-28 08:56:57 +10:00
toddouska
e2e3b835d6 Merge pull request #2100 from SparkiDev/tls13_vers 
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
 2019-02-27 14:55:29 -08:00
toddouska
4226fb66f9 Merge pull request #2117 from SparkiDev/pkcs11_id_fix_2 
PKCS #11 use private key id double free issue fixed
 2019-02-27 14:19:43 -08:00
toddouska
b189fc0ef8 Merge pull request #2120 from dgarske/nightly_fixes 
Fixes for various nightly build configuration warnings
 2019-02-27 14:15:40 -08:00
Jacob Barthelmeh
6ce28d74ff rename function wolfSSL_sk_ASN1_OBJCET_pop 2019-02-26 16:55:03 -07:00
John Safranek
65c72ddfe1 Reverted an earlier change to the renegotiation resumption. Still need 
to check the cert subject hash.
 2019-02-26 14:26:09 -08:00
John Safranek
57d8e070f9 1. Remove the clearing of the sessionID from Rehandshake. 
2. Put SecureResume in terms of a regular resume, using Get/SetSession
and then calling Rehandshake.
3. Add the startScr after checking secure_renegotiation enabled during a
resume.
 2019-02-26 14:10:44 -08:00
David Garske
a3af2fc960 Fix for single threaded case with double free on suites. 2019-02-26 11:03:02 -08:00
David Garske
38303cf27b More spelling fixes. 2019-02-26 10:47:42 -08:00
Sean Parkinson
a2f8747652 Fix DecodePrivateKey to return NOT_COMPILED_IN with PKCS#11 2019-02-26 09:22:03 +10:00
Sean Parkinson
cb830a088f Fix for configurations without specific algorithms 2019-02-26 09:22:03 +10:00
Sean Parkinson
a44751cd39 PKCS #11 use private key id double free issue fixed 2019-02-26 08:27:59 +10:00
toddouska
0360b38de4 Merge pull request #2116 from SparkiDev/pkcs11_id_fix_1 
Fixes for PKCS #11 private key id and ECC
 2019-02-25 13:09:15 -08:00
toddouska
603a9b2e59 Merge pull request #2110 from dgarske/spelling 
Fixes for various spelling errors
 2019-02-25 13:04:12 -08:00
Sean Parkinson
0e914d81dc Fixes for PKCS #11 private key id and ECC 2019-02-25 11:17:56 +10:00
David Garske
289f51a77d Fixes for various spelling errors. 2019-02-21 13:29:44 -08:00
Jacob Barthelmeh
5932cdab15 cast on strlen return value 2019-02-21 13:04:38 -07:00
Jacob Barthelmeh
18d3e04dbf remove null terminators on substrings 2019-02-20 16:39:18 -07:00
John Safranek
7389553bd6 1. For secure renegotiation, remove the check of the peer certificate's 
subject ID on renegotiation. Both endpoints are already
cryptographically linked on an encrypted channel.
2. The error code list has gaps where deprecated codes were deleted,
remove the redundant gaps where there aren't missing codes.
 2019-02-20 11:45:21 -08:00
toddouska
9c9221432f Merge pull request #2087 from ejohnstown/aesgcm 
Update TLS for AES-GCM/CCM changes
 2019-02-20 11:43:06 -08:00
John Safranek
a376e17aee Switch the bound for the XMEMSET of the sessionID when starting a 
renegotiation to use sizeof the sessionID rather than the constat used
to set the size of the array.
 2019-02-20 11:26:33 -08:00
toddouska
025fba8ec6 Merge pull request #2093 from dgarske/tls13_async_dh 
Fix for TLSv1.3 with DH key share when using QAT
 2019-02-20 09:16:54 -08:00
John Safranek
1f6314746c Secure Renegotiation 
1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
 2019-02-19 15:50:55 -08:00
David Garske
c2fbef2f7f Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c. 2019-02-19 13:01:21 -08:00
Sean Parkinson
e3997558a9 Fixes from review and added REAMEs and setup.sh 
Add README.md and setup.sh.
Add READMEs with license information.
 2019-02-19 11:47:45 +10:00
Sean Parkinson
5e1eee091a Add threaded samples using buffers and sockets 2019-02-19 11:47:45 +10:00
Sean Parkinson
3366acc9ce Zephyr port of crypto 2019-02-19 11:47:44 +10:00
Sean Parkinson
7aa5cd6f10 Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support. 
Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS
1.3 already. On by default - no checking of prime required.
Add option to require client to see FFDHE parameters from server as per
'may' requirements in RFC 7919.

Change TLS 1.3 ClientHello and ServerHello parsing to find the
SupportedVersions extension first and process it. Then it can handle
other extensions knowing which protocol we are using.
 2019-02-18 14:51:59 +10:00
John Safranek
c0d1241786 Modify the TLSv1.3 calls to the AES-GCM and AES-CCM encrypt functions to 
use the FIPS compatible APIs with external nonce.
 2019-02-15 13:52:23 -08:00
toddouska
7275ee5f19 Merge pull request #2089 from SparkiDev/tls13_sup_ver 
Make SupportedVersions respect SSL_OP_NO_TLSv*
 2019-02-15 10:36:32 -08:00
toddouska
d9a5898e91 Merge pull request #2082 from SparkiDev/parse_kse 
Fix length passed to key share entry parsing
 2019-02-15 10:31:14 -08:00
Sean Parkinson
e47797f700 Make SupportedVersions respect SSL_OP_NO_TLSv* 2019-02-15 08:26:03 +10:00
John Safranek
e2d7b402e7 Update so TLSv1.3 will work. Needed to make the implicit IVs full sized 
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
 2019-02-14 12:04:32 -08:00
John Safranek
3223920fd9 Add a guard for AES-GCM and AES-CCM for the change in Encrypt for the 
AES-AEAD type and macros.
 2019-02-14 12:04:05 -08:00
John Safranek
cd7f8cc653 Update AES-GCM/CCM use in TLS with a wrapper to select the correct API 
depending on using old FIPS, or non-FIPS/FIPSv2.
 2019-02-14 12:04:05 -08:00
John Safranek
67e70d6cb6 Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on 
encrypt rather than take the IV as an input.
 2019-02-14 12:04:05 -08:00
David Garske
d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
David Garske
95db819d45 Fixes for warnings when building with --enable-pkcs11. 2019-02-12 16:05:48 -08:00
David Garske
454687f429 Fix for TLS HMAC constant timing to ensure final is called for dummy operations. Added devCtx to AES for CryptoCb. 2019-02-12 16:03:10 -08:00
David Garske
838652c03b Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake. 2019-02-12 16:03:10 -08:00
David Garske
7e3082906e Fix for ensuring devId is passed into symmetric init. 2019-02-12 16:03:10 -08:00