wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 14:22:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,460 Commits 12 Branches 184 Tags
f2d2dadc89f69bba4651d48ecdf34a0dd3fa465e
Commit Graph

11460 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
f2d2dadc89 ASYNC: Fix issues with TLS and DTLS 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
eb7a49a1d7 ASYNC: Working TLS SCR 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
a7c4d88876 ASYNC: Working AES128-SHA 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
7b604ad714 WIP 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
73105305cf WIP 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
a107688891 Fix asynchronous DTLS issue 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
d88f6f1156 DTLS test cases 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
4e60e4b3b7 DTLS Message Grouping 
Flush output buffer when we suspect that the grouped messages may exceed MTU.
 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
d2542dcf38 Restore StoreKeys functionality for TLS case 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
c2ca9f614e Jenkins tests fixes 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
eb910a64d0 Comments and formatting 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
651a7a97b9 Add secure renegotiation to DTLS 1.2 
- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and  `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
 2020-06-12 11:36:43 +02:00
David Garske
255cc016b3 Merge pull request #3034 from kaleb-himes/FORUM_DSA_ISSUE 
Seperate QT and DSA dependencies
 2020-06-11 15:40:12 -07:00
Chris Conlon
cc13c9f062 Merge pull request #3035 from ejohnstown/changelog 
Fix changelog error
 2020-06-11 10:19:10 -05:00
toddouska
29bdc7d8b5 Merge pull request #3015 from tmael/cov-fix 
Coverity fix in wolfSSL 4.4.0
 2020-06-10 17:07:47 -07:00
John Safranek
f7c233af9c Fix error in the changelog. AES-CTR with AES-NI wasn't actually added. 2020-06-10 15:15:11 -07:00
Kaleb Himes
2fe08e1951 Update comment 
Thanks @dgarske, great catch!
 2020-06-09 17:10:57 -06:00
kaleb-himes
80e888c1c8 Seperate QT and DSA dependencies 2020-06-09 16:47:35 -06:00
Chris Conlon
fb51a2298e Merge pull request #3019 from kaleb-himes/ZD10380 
init components as best practice
 2020-06-09 17:23:55 -05:00
toddouska
e993cb6cc0 Merge pull request #2942 from dgarske/tls13_on 
Enable TLS v1.3 by default
 2020-06-09 13:30:02 -07:00
toddouska
48783c1982 Merge pull request #2996 from dgarske/stm32hal 
Fixes and improvements for STM32 crypto hardware
 2020-06-09 13:24:27 -07:00
toddouska
c023efb2aa Merge pull request #3025 from JacobBarthelmeh/Compatibility-Layer 
fix macro to match *_FLAGS_*
 2020-06-09 13:19:29 -07:00
toddouska
7a7bfce565 Merge pull request #3026 from cconlon/selftestfixes 
Fix warnings with NetBSD gcc compiler
 2020-06-09 13:18:44 -07:00
toddouska
ef742c4a42 Merge pull request #3027 from danielinux/psoc6_crypto 
Cypress PSoC6 wolfcrypt driver
 2020-06-09 13:17:37 -07:00
toddouska
8fc908989a Merge pull request #3029 from SparkiDev/aes-ccm-fix 
Fix optimized AES-CCM - counter
 2020-06-09 13:13:42 -07:00
David Garske
8b6b54603f Add STM32WB55 crypto hardware support for AES. 2020-06-08 08:48:59 -07:00
Tesfa Mael
28913a276f Include GCM in latest FIPS and Windows build 2020-06-08 08:38:59 -07:00
David Garske
5837c70e99 Support for STM32L5 PKA ECC sign/verify acceleration. 2020-06-08 08:37:55 -07:00
David Garske
16c0160e63 Added support for STM32L5. 2020-06-08 08:37:55 -07:00
David Garske
21a34bde8c Fix whitespace. 2020-06-08 08:37:55 -07:00
David Garske
6f82f15d1b Performance improvements for STM32 AES CBC and GCM crypto hardware. 
* AES CBC:
  - Do all blocks, not just one at a time.
* AES GCM:
  - Use local stack for authentication header if < block size.
  - Use hardware GHASH for all authentication header sizes.

Tested with STM32F437II (old/new Cube HAL/StdPeriLib), STM32F777ZI (CubeMX) and STM32L4A6ZG (CubeMX).
 2020-06-08 08:37:55 -07:00
David Garske
efe9da0994 Fix for STM32 crypto hash with WOLFSSL_SMALL_STACK_CACHE possible free of invalid pointer. 2020-06-08 08:37:55 -07:00
David Garske
dff7c0fcfa Fix for hardware mutex protection in case where STM32 hardware acceleration is used for RNG or HASH only. 2020-06-08 08:37:55 -07:00
David Garske
42ee313286 Fix for using WOLFSSL_SMALL_STACK_CACHE with STM32 SHA256 hardware acceleration. 2020-06-08 08:37:55 -07:00
David Garske
8791573dfe Fix for building with NO_PUBLIC_GCM_SET_IV when ChaCha20/Poly1305 is enabled. Cleanup use of not used STD_PERI_LIB. 2020-06-08 08:37:54 -07:00
Sean Parkinson
d543e305f1 Fix optimized AES-CCM - counter 
AES-NI optimized 4 block at a time was not incrementing counter
poprerly.
 2020-06-08 10:48:19 +10:00
David Garske
3af4316cfd Fix for session test with TLS v1.3 and session tickets not enabled. Cleanups in AddSession. 2020-06-05 13:33:03 -07:00
David Garske
fb5c9e5268 Adjust static memory case with TLS v1.3 enabled. 2020-06-05 11:11:23 -07:00
David Garske
3b8455fcd0 Fix for building without ECC and DH (TLS v1.3 cannot be enabled). 2020-06-05 10:26:32 -07:00
Daniele Lacamera
254dd9f823 Added new files to include.am 2020-06-05 15:28:49 +02:00
Daniele Lacamera
76ab8bfb6b Added psoc6 ECDSA verification support 2020-06-05 11:30:29 +02:00
Daniele Lacamera
b1947478bb Added support for SHA512 via psoc6 crypto 2020-06-05 11:30:29 +02:00
Daniele Lacamera
82520572b0 Initial support for psoc6_crypto (sha256 only) 2020-06-05 11:30:29 +02:00
David Garske
dffc677561 Fix for TLS v1.3 with --enable-sniffer. 2020-06-04 16:42:40 -07:00
David Garske
7879e83ae0 Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3). 2020-06-04 16:31:19 -07:00
David Garske
1d01b87741 Fix to detect if NO_CERTS / --disable-asn is used in scripts/tls13.test. 2020-06-04 16:08:08 -07:00
David Garske
66fdc2c536 Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH". 2020-06-04 15:31:19 -07:00
David Garske
93be04f380 Can't send empty list for the client when sniffer is enabled or it will use AES128-SHA. 2020-06-04 15:31:18 -07:00
David Garske
ad93813d75 Fix for expected failure case on client write. Resolves test-fails.con server TLSv1.3 fail on no client certificate test. 2020-06-04 15:31:18 -07:00
David Garske
d4fdd1e590 Fix for TLS v1.3 test PSK callback to support cipher list. Add support for GetCipherSuiteFromName to accept a name ending with colon. 2020-06-04 15:31:18 -07:00