4dacd31ea4
Force to zero the buffer used to generate the DH private key.
2018-05-16 15:47:13 -04:00
6a31f103aa
Test Fixes
...
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
2018-05-16 15:47:13 -04:00
12edf80e2b
FIPS Revalidation
...
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
2018-05-16 15:47:13 -04:00
ceed6e08fd
FIPS Revalidation
...
1. Add second RNG initialization API to let caller pass in a nonce.
2018-05-16 15:47:13 -04:00
20d8a4a376
FIPS Revalidation
...
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
2018-05-16 15:47:13 -04:00
1ff4ea1ec9
Test Fixes
...
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.
This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
2018-05-16 15:47:13 -04:00
6b6ed2c42f
FIPS Revalidation
...
1. Created a new IDE project directory for WIN10.
2. Reverted the Windows IDE project files.
2018-05-16 15:47:13 -04:00
a8dbdd6c28
Test Fixes
...
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
2018-05-16 15:47:13 -04:00
4d0a061acb
FIPS Revalidation
...
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
2018-05-16 15:47:13 -04:00
3be824ad68
Test Fixes
...
1. Changed the _InitHmac() function in ssl.c to have a different name.
2. Added switch in ssl.c to use _InitHmac or _HMAC_Init depending on FIPS option.
2018-05-16 15:47:13 -04:00
f7fa648f77
Test Fixes
...
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
2018-05-16 15:47:13 -04:00
1538ceef47
FIPS Revalidation
...
1. Update the Windows project settings.
2018-05-16 15:47:13 -04:00
dde1f87de9
Test Fixes
...
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
2018-05-16 15:47:13 -04:00
6d4777f3ca
Test Fixes
...
1. MSC doesn't allow for inline assembly. Restore the intrinsic version of AES_GCM_encrypt and AES_GCM_decrypt for MSC AES-NI builds. This is lacking AVX.
2018-05-16 15:47:13 -04:00
418cca5efd
Test Fixes
...
1. Something changed in the wolfSSL layer with respect to setting some constants for old FIPS mode, didn't take into account new FIPS mode.
2018-05-16 15:47:13 -04:00
b120a27c3e
FIPS Revalidation
...
1. Update the GenerateSeed() function for RDSEED on Windows to use the intrinsic function instead of inline assembly.
2018-05-16 15:47:13 -04:00
4f1dd3b9a7
Test Fixes
...
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
2018-05-16 15:47:13 -04:00
eea4d6da50
Test Fixes
...
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
2018-05-16 15:47:12 -04:00
dc31dbaeaf
FIPS Revalidation/Test Fixes
...
1. Added APIs to perform RSA-PSS verify and padding operation in the same call.
2. Change to RsaPSS sign and verify to pick the proper salt length if the key is 1024-bits and the hash is SHA-512.
2018-05-16 15:47:12 -04:00
27470aa704
FIPS Revalidation/Test Fixes
...
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
2018-05-16 15:47:12 -04:00
8fb3a0c078
FIPS Revalidation
...
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
2018-05-16 15:47:12 -04:00
6796ab5f8c
FIPS Revalidation
...
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
2018-05-16 15:47:12 -04:00
c2f964039e
FIPS Revalidation
...
1. Updated the configure.ac to add in the RSA direct function to FIPS builds
2018-05-16 15:47:12 -04:00
6d7599cf47
FIPS Revalidation
...
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
2018-05-16 15:47:12 -04:00
4ba026c0bf
Test Fixes
...
1. Added error code for ECDHE FIPS KAT failure.
2018-05-16 15:47:12 -04:00
19da916102
Test Fixes
...
1. Removed redundant forward declaration of RsaKey from hmac.h.
2. Updated gitignore with the first and last files.
3. Updated autogen with touching the first and last files.
2018-05-16 15:47:12 -04:00
3685b7b176
Test Fixes
...
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-05-16 15:47:12 -04:00
13ff245166
FIPS Revalidation
...
1. AES-GCM encrypt IV length allowed to be 8-bits.
2018-05-16 15:47:12 -04:00
90a5bde0f2
FIPS Revalidation
...
1. Update the const data and code segment tags for the Windown builds.
2018-05-16 15:47:12 -04:00
4b3933aa1b
FIPS Revalidation
...
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
2018-05-16 15:47:12 -04:00
33040a25d8
FIPS Revalidation
...
1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
2018-05-16 15:47:12 -04:00
d0d2527950
FIPS Revalidation
...
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
2018-05-16 15:47:12 -04:00
4bcd7b7986
AES-GCM
...
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
2018-05-16 15:47:12 -04:00
eb1a76bf2a
FIPS Revalidation
...
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
2018-05-16 15:47:12 -04:00
aa968eac98
FIPS Revalidation
...
1. Enable SHA-224 by default if building for FIPSv2.
2018-05-16 15:47:12 -04:00
fe8d46da95
FIPS Revalidation
...
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
2018-05-16 15:47:12 -04:00
be61204fd7
FIPS Revalidation
...
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
2018-05-16 15:47:12 -04:00
f6fe3744a7
FIPS Update
...
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-05-16 15:47:12 -04:00
df4d748f59
FIPS Update
...
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
2018-05-16 15:47:12 -04:00
6352208e04
FIPS Update
...
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
2018-05-16 15:47:12 -04:00
0c5d704c7f
AES-CCM FIPS
...
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
2018-05-16 15:47:12 -04:00
8ff328cb39
Merge pull request #1551 from dgarske/asynccheck
...
Added new `async-check.sh` script
2018-05-16 08:02:11 -07:00
b5e0499022
Merge pull request #1550 from dgarske/rsaverify
...
Check returned size matches signature size for RSA verify in openssl compatibility
2018-05-16 08:00:31 -07:00
bbc178a704
Merge pull request #1548 from JacobBarthelmeh/Testing
...
fix ecc public key print with X509 print function
2018-05-16 07:59:19 -07:00
8619062ae7
Merge pull request #1522 from dgarske/mbedtls_compat
...
Port for using AWS FreeRTOS
2018-05-16 07:57:55 -07:00
1be8a6e4ef
Merge pull request #1502 from ejohnstown/update-m4
...
Update M4 Autoconf Files
2018-05-16 07:57:13 -07:00
9c33244158
Update ax_pthread.m4
...
The AX_PTHREAD macro has a check for side-effects of the pthread flag beyond the functions being available. It also checks for a particular macro being set when compiling the test file. When running the build through the scan-build static analysis, for some reason, the check value isn't set. The build fails. I commented the check out for now.
2018-05-11 17:39:51 -07:00
2a4d386a50
Update ax_pthread.m4
...
1. Updated to the most recent copy of ax_pthread.m4.
2. Removed the darwin-clang check m4.
3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib.
2018-05-11 10:21:47 -07:00
83257d662a
Also check returned size matches for RSA verfiy in openssl compatability layer.
2018-05-11 17:09:07 +02:00
af9507391a
Fixes and improvements for FreeRTOS AWS. Fixes for building openssl compatibility with FreeRTOS. Fixes for TLS 1.3 possibly uninitialized vars.
2018-05-11 16:40:32 +02:00
cb2f1d6d7d
Added new async-check.sh script for setting up the async simulator for internal testing.
2018-05-11 16:38:24 +02:00
7a4da340d4
Merge pull request #1547 from JacobBarthelmeh/Docs
...
add aes init function to docs
2018-05-09 16:40:36 -07:00
110c41613f
cast on return of malloc
2018-05-09 14:50:26 -06:00
c910d84507
Merge pull request #1527 from kojo1/RenesasCSPlus
...
Renesas CS+ projects
2018-05-09 10:07:16 -06:00
66e59e4a6a
Rollback #if condition
2018-05-09 10:58:10 +09:00
4f0893bda5
fix ecc public key print with X509 print function
2018-05-07 14:16:27 -06:00
fd691a5795
add aes init function to docs
2018-05-07 10:24:44 -06:00
08165d5a16
Merge pull request #1540 from SparkiDev/tls13_ticket_fix
...
NewSessionTicket parsing error fix
2018-05-04 10:54:23 -07:00
0fec651338
Merge pull request #1539 from cconlon/toradix
...
expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined
2018-05-04 10:49:21 -07:00
6e5258b56e
Merge pull request #1538 from dgarske/fixmatchdomainnull
...
Fix for handling match on domain name that may have a null terminator inside
2018-05-04 10:25:28 -07:00
ecd2e75564
#ifndef FREESCALE_LTC_ECC with fe_init
2018-05-04 07:34:47 +09:00
69ce10f292
NewSessionTicket parsing error fix
2018-05-04 08:18:54 +10:00
3fd47bdff3
Fix for example client/server with -H exitWithRet option to make sure all cleanup is performed. Resolves valgrind report due to TicketCleanup() not being called.
2018-05-03 13:39:37 -07:00
bb7bcfd877
expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined
2018-05-03 13:41:23 -06:00
a2fa61cd3d
Merge pull request #1534 from SparkiDev/tls13_static_rsa
...
Fix TLS 1.3, change Client Hello version to work with static RSA (TLS 1.0 - TLS 1.2)
2018-05-03 12:38:55 -07:00
1c09c06349
Merge pull request #1533 from SparkiDev/tls13_draft26
...
Allow building TLS 1.3 at draft 26
2018-05-03 12:37:39 -07:00
74618d0e3c
Merge pull request #1532 from SparkiDev/test_fix
...
Fixes for tests
2018-05-03 11:44:01 -07:00
73d85774df
Merge pull request #1525 from dgarske/sockclose
...
Cleanup of the socket close code
2018-05-03 11:42:30 -07:00
325402cf5a
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
89a4c98670
* Added support for expected fail test cases with example client/server and suites unit test.
...
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
d43aa37041
Fix for handling match on domain name that may have a null terminator inside. The check should match on len from ASN.1 reguardless of a null character.
2018-05-03 09:33:05 -07:00
996ee78d50
Fix Client Hello version to work with static RSA
2018-05-02 10:20:55 +10:00
d60b16c5b8
Merge pull request #1531 from kaleb-himes/FIPS-CHECK-SCRIPT
...
revert to default but exclude for sgx/netos
2018-05-01 15:14:00 -06:00
27c3a70e13
Allow building TLS 1.3 at draft 26
2018-05-01 15:19:18 +10:00
5845482fc0
Fixes for tests
...
Fix the benchmark client to set all groups supported.
Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
c5a39b9048
rever to default but exclude for sgx/netos projects
2018-04-30 15:17:58 -06:00
65eb79e5cd
Merge pull request #1519 from dgarske/buildfixes
...
Build fixes for a few configurations
2018-04-30 11:49:16 -07:00
d53716496a
Merge pull request #1521 from dgarske/tlsx_returncodes
...
Refactor of the TLSX code to support returning error codes
2018-04-30 11:46:41 -07:00
3ad708fb20
Merge pull request #1514 from dgarske/certdates
...
Enhancements and cleanup to ASN date/time
2018-04-30 11:14:38 -07:00
8311628f93
Merge pull request #1508 from kaleb-himes/FIPS-CHECK-SCRIPT
...
Fips check script
2018-04-30 10:50:03 -07:00
4c5982949e
minor fix
2018-04-28 13:25:41 +09:00
7de23d65ce
Merge pull request #1517 from dgarske/sighash
...
Added new signature wrapper functions to allow use of hash directly
2018-04-27 16:07:56 -07:00
6e96318785
Readme.txt
2018-04-28 06:36:56 +09:00
8ef777315a
Merge pull request #1516 from dgarske/gccarm
...
GCC-ARM IDE example improvements
2018-04-27 14:13:45 -07:00
e69af98a7e
fix warnings
2018-04-28 06:06:45 +09:00
3e9028387f
test project
2018-04-28 05:46:42 +09:00
c5df9d56ad
wolfssl_lib project
2018-04-28 05:39:42 +09:00
ac791610dd
USE_WOLF_TIMEVAL_T
2018-04-28 05:28:49 +09:00
22a2b45108
duplicated fe_init for non-configure based IDE
2018-04-28 05:07:00 +09:00
a91ac55e24
define valiable before exec statements
2018-04-28 05:05:45 +09:00
2cc2f224f8
XTIME in LowResTimer
2018-04-28 05:03:51 +09:00
e9dd44a667
Merge pull request #1524 from abrahamsonn/master
...
Doxygen landing page update
2018-04-27 11:44:00 -07:00
3200040d1a
Cleanup of the socket close code used for examples, CRL/OCSP and BIO. Now only a single macro is responsible for closing a socket CloseSocket and all duplicate code is eliminated.
2018-04-27 10:29:19 -07:00
9424a96289
Doxygen landing page update
2018-04-27 10:56:13 -06:00
e45f0efc3f
Documentation Fixes ( #1520 )
...
* Fixed documentation errors found by check_api script
* Formatting changes so that comments/API pairs are more obvious
2018-04-27 09:50:34 -07:00
5c97374156
Fix for RSA RSS check to make sure RSA is enabled. Added TLS 1.3 DH check for key sizes.
2018-04-26 14:04:54 -07:00
ef7b40dcab
Refactor of the TLSX code to support returning error codes.
...
* The `SANITY_MSG_E` responses in `TLSX_SupportedVersions_GetSize`, `TLSX_SupportedVersions_Write`, `TLSX_Cookie_GetSize` and `TLSX_Cookie_Write` would incorrectly be handled.
* Added build-time checks in `tls13.c` for dependencies on `HAVE_HKDF` and `WC_RSA_PSS`.
2018-04-26 11:30:57 -07:00
fe4cbb2a03
Fix for Jenkins report Expected Configurations Test - NIGHTLY BUILD #267, building ./configure --disable-asn --disable-ecc --disable-rsa --enable-psk --enable-sni. Reported unused variables, parameters and function.
2018-04-26 05:47:48 -07:00
04626c6a1f
Fixes build issue using wrong DES define for WC_MAX_SYM_KEY_SIZE macro. Reproduced using ./configure --enable-leanpsk --enable-des3. Fixes issue #1518 .
2018-04-26 05:35:04 -07:00
fc02003f76
Added new signature wrapper functions to allow direct use of hash wc_SignatureVerifyHash and wc_SignatureGenerateHash. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC.
2018-04-25 13:10:53 -07:00
c1d4f659ad
Merge pull request #1511 from ejohnstown/dist-tweak
...
Make Dist Automation Tweak
2018-04-25 10:56:40 -07:00
107290b552
Merge pull request #1515 from dgarske/buildfixes
...
Fixes for various build configurations
2018-04-25 10:23:27 -07:00
5c61810d4d
Merge pull request #1497 from SparkiDev/tls13_draft28
...
Tls13 draft28
2018-04-25 10:17:37 -07:00
a9f32c30da
Fix for SGX build after C99 changes strings.h: No such file or directory.
2018-04-25 07:56:54 -07:00
3c684886ad
Fixes to resolve building --enable-tls13 --disable-ecc --enable-curve25519 --enable-ed25519.
2018-04-25 07:54:53 -07:00
089e1b6b9b
Fix for expected Configurations Test - NIGHTLY BUILD #265 and ifdef cleanup.
2018-04-25 07:54:53 -07:00
2e6c195b43
GCC-ARM IDE improvements:
...
* Added documentation for `ECC_USER_CURVES`.
* Added option for RSA PSS padding support.
2018-04-24 15:26:53 -07:00
65c9277213
More fixes from Jenkins testing.
2018-04-24 14:01:33 -07:00
ff1559275d
Merge pull request #1512 from dgarske/c99
...
Fixes to resolve issues with c99 compliance
2018-04-24 13:36:41 -07:00
1ddccf63dc
Merge pull request #1496 from JacobBarthelmeh/Compatibility-Layer
...
Compatibility layer
2018-04-24 13:33:33 -07:00
e63afa08bd
Fix a couple of minor Jenkins issues.
2018-04-24 13:25:28 -07:00
56025f38b9
Enhancements and cleanup to ASN date/time:
...
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
2018-04-24 13:04:36 -07:00
b48a9ded15
Fix to allow user to force build using WOLF_C99 option.
2018-04-23 13:52:58 -07:00
289a282183
Fixes to resolve issues with c99 compliance (building with ./configure CFLAGS="-std=c99").
...
* Fix for ReadDir checking for file flag to use `S_ISREG(ctx->s.st_mode)` syntax.
* Added macro for strsep `XSTRSEP`. Added wolf implementation as `wc_strsep` enabled as C99 or `USE_WOLF_STRSEP`.
* Fix to use `gethostbyname` for c99 instead of `getaddrinfo`.
* For c99 use wolf strtok `wc_strtok`.
* Exposed API's for `wc_strtok` and `wc_strsep` when available.
* Include `sys/time.h` when available from autocon `HAVE_SYS_TIME_H` or c99.
* include `<strings.h>` when `HAVE_STRINGS_H` or c99.
2018-04-23 13:47:22 -07:00
568d24c63c
Coverity fixes ( #1509 )
...
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
9831a8ac94
Added a dist-hook target to the Makefile to copy the default options.h.in over options.h.
2018-04-20 11:07:57 -07:00
7d425a5ce6
Added support for an anonymous cipher suite ( #1267 )
...
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
853756a73c
Added a TLS alert message 115 ( #1391 )
...
Added a new TLS alert message `unknown_psk_identity` (115) from RFC 4279, section 2.
2018-04-20 10:23:57 -07:00
94157634e1
TLS 1.3 fixes/improvements
...
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
2018-04-20 09:44:02 +10:00
3476a9b55a
versions for Baxter updated, new tag in fips v3.12.6
2018-04-19 15:24:22 -06:00
9e4bb3fee1
Merge pull request #1504 from SparkiDev/nginx-pemenc
...
Key derivation for encrypted PEM uses salt length of 8 in OpenSSL
2018-04-19 11:23:39 -07:00
f7cb5c5c15
Merge pull request #1507 from kaleb-himes/README-update
...
Bring special notes inline with commit 8edbca1b21b6fcd6d09910c66bbf35…
2018-04-19 11:17:25 -07:00
b7c61a72c8
Merge pull request #1503 from kojo1/Ticket3793
...
HMAC with SHA2
2018-04-19 09:38:55 -06:00
23615dd15f
Bring special notes inline with commit 8edbca1b21
2018-04-18 09:58:03 -06:00
bf950198f2
api.c: option conditions
2018-04-18 13:02:40 +09:00
6689ee965a
Key derivation for encrypted PEM uses salt length of 8 in OpenSSL
2018-04-18 12:37:06 +10:00
7c7913264b
remove printf
2018-04-18 09:25:24 +09:00
56af3a5b36
add HMAC SHA2
2018-04-18 08:47:39 +09:00
57d40bc6d1
remove internal data types in ssl.h
2018-04-17 15:57:23 -06:00
11065f9222
added the missing macro file ax_require_defined.m4.
2018-04-17 13:23:17 -07:00
48b3aa90d3
Update autoconf m4 files, except pthreads which should be its own commit
2018-04-17 13:20:33 -07:00
a116b5ba83
Merge pull request #1500 from BrianAker/patch-1
...
Adding Copyright notice to autoconf files.
2018-04-17 11:15:36 -07:00
09706a4ed2
Merge pull request #1488 from SparkiDev/tls13_perf
...
Changes for interop and performance
2018-04-16 09:16:13 -07:00
3179d6ce2b
Adding Copyright notice to autoconf files.
2018-04-14 22:30:02 -10:00
942c720dc4
Merge pull request #1499 from ejohnstown/aes-asm
...
AES assembly file name change
2018-04-13 11:23:03 -07:00
f9eda5d790
free test certificate after use
2018-04-13 09:16:22 -06:00
a0d8327320
Coverity fixes 2 ( #1493 )
...
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
9600266483
WOLFSSL_FUNC_TIME changes
...
Warning in code about using this define.
Remove usage of WOLFSSL_FUNC_TIME from server.c.
2018-04-13 12:13:31 +10:00
0b47811c46
Changes for interop and performance
...
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
425cee64a7
AES assembly file name change
...
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
2018-04-12 16:47:58 -07:00
84f7bd8cde
Merge pull request #1494 from dgarske/wpas
...
Fix for building wpa_supplicant
2018-04-12 13:49:31 -07:00
eacd98fe4e
Merge pull request #1491 from dgarske/config
...
Configure improvements and new options
2018-04-12 13:48:20 -07:00
8f1e8be2d0
Merge pull request #1490 from dgarske/hashoid_cleanup
...
Hash OID cleanup
2018-04-12 13:46:47 -07:00
cfaed48f90
adjust GetInt call with ASN1 integer to big number
2018-04-12 14:40:20 -06:00
df06707496
Handle larger values with ASN1 INTEGER structure
2018-04-12 14:07:29 -06:00
cf1230d232
Fix for building wpa_supplicant (./configure --enable-wpas) after PemToDer refactor in PR #1467 .
2018-04-12 06:53:44 -07:00
1f7b954d47
Fix for wc_GetCTC_HashOID in FIPS mode. Uses the new wc_HashTypeConvert to handle conversion from unique WC_ALGO (int) to WC_HASH_TYPE_ALGO (enum wc_HashType).
2018-04-12 06:51:23 -07:00
ce6728951f
Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-11 13:54:07 -07:00
689203d310
Added some more features to the --enable-all. Added new --enable-webclient option.
2018-04-11 13:54:07 -07:00
ee5d78f84f
Added new wc_OidGetHash API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated wc_GetCTC_HashOID to use wc_HashGetOID and maintain back compat.
2018-04-11 13:53:30 -07:00
d85580691b
Merge pull request #1492 from dgarske/fix_noasn_pwdbased
...
Fixes for ASN disabled and PWDBASED enabled / Win FIPS
2018-04-11 12:09:30 -07:00
83bfdb1594
Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location).
2018-04-11 09:30:30 -07:00
3f3e332a3a
Fix for evp.c statement will never be executed in wolfSSL_EVP_CIPHER_CTX_block_size.
2018-04-11 08:18:39 -07:00
38aa56cc40
Fix for Windows FIPS build in current master. Resolves issue with missing DES/AES key size enums.
2018-04-10 20:07:14 -07:00
565f394972
Fix for building without ASN and PWDBASED enabled (./configure --disable-asn --enable-pwdbased).
2018-04-10 16:36:11 -07:00
e25da80766
Merge pull request #1467 from dgarske/asnpemtoder
...
PEM Encrypted Keys cleanup and PemToDer move to wolfCrypt asn.c
2018-04-09 16:33:30 -07:00
a38576146e
* Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
...
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
5a46bdf6f6
Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys).
2018-04-09 13:28:15 -07:00
d68a6fb4c7
Make sure wc_encrypt.h includes the ciphers.
2018-04-09 13:28:15 -07:00
98c186017a
Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha.
2018-04-09 13:28:15 -07:00
2c72f72752
Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability.
2018-04-09 13:28:15 -07:00
9be11bf62c
Fix to correct missing wolfSSL_EVP_BytesToKey header int he NO_MD5 case.
2018-04-09 13:28:15 -07:00
1f00ea2115
Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased.
2018-04-09 13:28:15 -07:00
e60032b961
Fix for duplicate API defs.
2018-04-09 13:28:15 -07:00
b01535b483
Fix for stray character.
2018-04-09 13:28:15 -07:00
8a31f13cb6
Remove obsolete WOLFSSL_PEMPUBKEY_TODER_DEFINED header logic.
2018-04-09 13:28:15 -07:00
6de8348918
Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
1315fad7dc
Added ForceZero on the password buffer after done using it.
2018-04-09 13:28:15 -07:00
3a8b08cdbf
Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz.
2018-04-09 13:28:15 -07:00
c83e63853d
Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming.
2018-04-09 13:28:15 -07:00
264496567a
Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option.
2018-04-09 13:28:15 -07:00
f9e830bce7
First pass at changes to move PemToDer into asn.c.
2018-04-09 13:28:14 -07:00
2ded38ec2b
Merge pull request #1485 from dgarske/tlskeygeneccorcurve
...
Fix TLS 1.3 with ED25519/CURVE25519 enabled and ECC disabled
2018-04-09 12:12:31 -07:00
21833e245f
Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using ./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13. Refactor TLSX_KeyShare_GenEccKey to support either ECC or CURVE25519. Fix for PemToDer to handle ED25519 without ECC enabled.
2018-04-09 10:10:08 -07:00
2a460d3d05
Merge pull request #1484 from embhorn/coverity
...
Coverity fixes
2018-04-06 18:18:38 -07:00
36b9b0b558
Updates from code review
2018-04-06 17:29:27 -05:00
86767e727c
Fixes for CID 185033 185028 185142 185064 185068 185079 185147
2018-04-06 13:15:16 -05:00
d2c1a1906d
Fixes for CID 184980 185017 185047 185167
2018-04-06 11:10:37 -05:00
6090fb9020
Merge pull request #1483 from dgarske/winvs
...
Fixes for unused `heap` warnings
2018-04-06 09:01:49 -07:00
e56209cee4
Merge pull request #1482 from dgarske/nourand
...
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
2018-04-06 09:00:37 -07:00
920e6ed911
Fix warning in ssl.c
2018-04-06 09:30:54 -05:00
c6ad885459
Coverity fixes for tls.c/n CID 184996 185112 185122
2018-04-06 09:08:00 -05:00
ec429e50b1
Fixes for ssl.c
2018-04-06 07:45:12 -05:00
426335b68f
Found additional VS unused heap warnings. Replace tabs with 4-spaces.
2018-04-05 12:28:32 -07:00
2b48a074eb
Merge pull request #1480 from dgarske/extcache
...
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA
2018-04-05 10:52:44 -07:00
bab62cc435
Added new define NO_DEV_URANDOM to disable the use of /dev/urandom. Added better named define WC_RNG_BLOCKING to indicate block w/sleep(0) is okay.
2018-04-05 09:34:43 -07:00
ede006b3e1
Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
...
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
5439402c1d
Refactor for max record size ( #1475 )
...
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
2018-04-05 09:11:58 -07:00
412d4d76ee
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
a1d6bc68de
Merge pull request #1478 from dgarske/fixeccmaxsize
...
Fix for ECC max bits
2018-04-04 16:27:15 -07:00
815219b589
fix pic32 AES-CBC and add test case
2018-04-04 16:09:11 -06:00
bc76f57959
Fix for ECC max bits ( MAX_ECC_BITS).
2018-04-04 13:39:14 -07:00
a78c6ba4ea
Fix for unused heap warnings.
2018-04-04 12:51:45 -07:00
aa660bc9b8
Merge pull request #1477 from dgarske/fix_strtok
...
Fix for issue with `wc_strtok` function declaration
2018-04-04 12:35:38 -07:00
2189827287
Fix for issue with wc_strtok function declaration not being available because of include order. Fixes issue #1469 .
2018-04-04 10:41:14 -07:00
0da4a8f1fe
Merge pull request #1476 from dgarske/fix_haveextcache
...
Fix building with `HAVE_EXT_CACHE` when `OPENSSL_EXTRA` is not defined
2018-04-04 10:34:07 -07:00
2deb977ecf
Merge pull request #1473 from dgarske/pkcs7_norsa
...
Enabled PKCS7 support without RSA
2018-04-04 10:33:11 -07:00
960d2ec031
Merge pull request #1471 from JacobBarthelmeh/Fuzzer
...
sanity check on buffer read
2018-04-04 10:31:55 -07:00
1196a3b64d
Merge pull request #1455 from dgarske/nitroxv
...
Nitrox V fixes and additions
2018-04-04 10:27:53 -07:00
5702e8ee48
Fix building with HAVE_EXT_CACHE when OPENSSL_EXTRA is not defined. Fixes issue #1474 .
2018-04-04 09:02:52 -07:00
c288d0815d
Added support for building and using PKCS7 without RSA (assuming ECC is enabled).
2018-04-03 09:26:57 -07:00
0c898f513d
Nitrox V fixes and additions:
...
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
adb817e8d2
Feature update for tls_bench test that will allow passing in arguments ( #1466 )
...
* Feature update for tls_bench test that will allow passing in command line arguments that enable test features.
* Fix type conversion errors.
* Fixed use of uninitialized data. Declare DH arrays as const.
2018-04-02 14:00:34 -07:00
6a1013888f
sanity check on buffer read
2018-04-02 14:30:58 -06:00
b33feb9dbf
Merge pull request #1470 from kojo1/EVP
...
EVP_CipherUpdate return value for inlen == 0
2018-04-02 14:03:48 -06:00
c60d9ff983
if(ret != 1) error
2018-04-01 13:27:08 +09:00
1c0b84d47d
openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1;
2018-04-01 12:13:18 +09:00
effaa18b32
Fixing some kinks
2018-03-30 12:46:59 -06:00
87c1658ab8
Merge pull request #1464 from jrblixt/unitTest_api_addPkcs7-nightlyBuildFix2
...
Nightly build fix for PKCS#7 errors.
2018-03-29 15:26:11 -06:00
86a5330b31
Merge pull request #1462 from ejohnstown/cxxflags
...
Configure Update
2018-03-28 16:41:15 -07:00
e59bb43878
Configure Update
...
Revise default compiler optimization flags enable name to something more descriptive.
2018-03-28 13:19:46 -07:00
3a8a7b8a55
Merge pull request #1458 from dgarske/cleanupthreaded
...
wolfCrypt ECC FP cleanup for thread local storage cases
2018-03-28 12:25:20 -07:00
e6a19bb1e8
Configure Update
...
Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
2018-03-27 16:41:39 -07:00
1cd6075b9d
Nightly build fix.
2018-03-27 16:54:14 -06:00
c9d840ed8d
Fix for the HAVE_THEAD_LS case with FP_ECC where starting a new thead and doing ECC operations and not calling wc_ecc_fp_free. Added missing wolfCrypt_Init to API docs.
2018-03-27 14:29:39 -07:00
f62d372bbe
Merge pull request #1461 from cconlon/netbsd-update
...
update NetBSD fips-check version to include selftest ECDSA fix
2018-03-27 13:28:49 -07:00
9de2bdce24
Merge pull request #1460 from dgarske/winecc
...
Enable ECC, AES-GCM and SHA-512/384 by default in VS
2018-03-27 13:28:23 -07:00
504b13530e
Merge pull request #1459 from cconlon/selftest_fixes
...
Fix for wolfCrypt test and CAVP selftest build
2018-03-27 13:27:28 -07:00
477d2413cd
Configure Update
...
1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS.
2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
2018-03-27 10:23:44 -07:00
9f231e0020
Merge pull request #1453 from dgarske/ecc508a_linux
...
Support for building with `WOLFSSL_ATECC508A` on other targets
2018-03-27 09:57:39 -07:00
42e6ea8685
Added ECC_TIMING_RESISTANT to eliminate harden warnings.
2018-03-26 15:54:29 -07:00
8fbc765dba
Enable ECC, AES-GCM and SHA-512/384 by default in Windows Visual Studio projects.
2018-03-26 15:09:51 -07:00
9edaac8e1c
update NetBSD fips-check version to include selftest ECDSA fix
2018-03-26 14:37:39 -06:00
021560035b
fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS
2018-03-26 09:43:37 -06:00
d2aa7d0a37
exclude ecc_import_unsigned test when building for CAVP selftest
2018-03-23 16:31:17 -06:00
c08f5b86cf
Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018
...
Unit test functions for PKCS#7.
2018-03-23 10:00:33 -06:00
aee6f4d0ca
Merge pull request #1457 from dgarske/base16
...
Base16/64 improvements
2018-03-22 15:14:57 -07:00
316a2b9fb4
Review changes: Chris.
2018-03-22 15:35:25 -06:00
a92696edec
Merge pull request #1454 from dgarske/noprivkey
...
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
2018-03-22 12:47:22 -07:00
040e0ab752
Merge pull request #1456 from dgarske/iocbname
...
Refactor IO callback function names to use `_CTX_`
2018-03-22 12:40:48 -07:00
43f4faa7be
Merge pull request #1452 from cconlon/mcapifix
...
fix unused param warning with NO_ERROR_STRINGS
2018-03-22 12:39:19 -07:00
3bf325290d
Base16/64 improvements:
...
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 10:36:56 -07:00
0cff2f8b10
Replace use of PUB_KEY_SIZE (from CryptoAuthLib) with new ECC_MAX_CRYPTO_HW_PUBKEY_SIZE.
2018-03-22 09:45:27 -07:00
8c4bfd825a
Support for building the ATECC508A without WOLFSSL_ATMEL defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with WOLFSSL_ATECC508A defined on other targets such as Linux.
2018-03-22 09:39:21 -07:00
2989c73411
Merge pull request #1447 from JacobBarthelmeh/PKCS7
...
remove pkcs7 requirement of x963kdf when ecc is disabled
2018-03-22 10:01:55 -06:00
e564c973b6
Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter.
2018-03-21 16:08:55 -07:00
4b51431546
Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519.
2018-03-21 15:46:08 -07:00
104f7a0170
Merge pull request #1451 from JacobBarthelmeh/Optimizations
...
Adjust X509 small build and add more macro guards
2018-03-21 15:15:27 -07:00
f3d0879ed7
Merge pull request #1449 from dgarske/asn_nullterm
...
ASN improvements for building header/footer in `wc_DerToPemEx`
2018-03-21 15:13:46 -07:00
2a356228be
Merge pull request #1445 from SparkiDev/wpas_fix
...
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
dbb34126f6
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
...
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
26bb86690a
fix for unused parameter warning
2018-03-21 10:06:06 -06:00
14bb14c6ab
fix unused param warning with NO_ERROR_STRINGS
2018-03-21 09:56:08 -06:00
90f97f4a5a
fix for unused variable
2018-03-21 09:16:43 -06:00
0aa3b5fa0e
macros for conditionally compiling code
2018-03-21 00:09:29 -06:00
d9917049c4
use bit fields with WOLFSSL_CTX structure
2018-03-20 22:07:42 -06:00
087df8f1cd
more macro guards to reduce size
2018-03-20 17:15:16 -06:00
c9c2e1a8a7
Don't base signature algorithm support on certificate
...
The signature algorithm support is what you can do with another key, not
what you can do with your key.
2018-03-21 08:33:54 +10:00
4d65e4cc1e
add WOLFSSL_NO_DH186 macro to optionally compile out DH186 function
2018-03-20 15:31:20 -06:00
df6ea54cd5
add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build
2018-03-20 15:06:35 -06:00
2788183e79
Known config. tests fix.
2018-03-20 14:35:26 -06:00
bba0a3e88c
Merge pull request #1448 from dgarske/ecc_cleanup
...
ECC import/export cleanups and additions
2018-03-20 11:05:15 -07:00
38d1eea8cd
Merge pull request #1446 from SparkiDev/tls13_draft27
...
TLS v1.3 support for Draft 23 and Draft 27
2018-03-20 09:13:03 -07:00
18879ce271
Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback
...
Added VerifyRsaSign PK callback
2018-03-20 09:02:18 -07:00
764aec071c
Further improvement to the null termination and newline logic in wc_DerToPemEx.
2018-03-19 22:58:18 -07:00
59aa893260
Cleanup ECC point import/export code. Added new API wc_ecc_import_unsigned to allow importing public x/y and optional private as unsigned char. Cleanup wc_ecc_sign_hash to move the hardware crypto code into a separate function. Added missing tests for wc_ecc_export_public_raw, wc_ecc_export_private_raw and new test for wc_ecc_import_unsigned.
2018-03-19 13:28:57 -07:00
87c70e76a9
Merge pull request #1441 from dgarske/ocsp_nb
...
Fix for handling OCSP with non-blocking
2018-03-19 12:05:59 -07:00
2cc1a1c5bf
Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb.
2018-03-19 10:19:24 -07:00
cb8f8a953b
Merge pull request #1438 from SparkiDev/nginx_pem_write
...
Fix PEM_write_bio_X509 to work with new BIO code
2018-03-19 09:13:51 -07:00
1040cf9caa
Merge pull request #1437 from dgarske/eccrsrawtosig
...
Added new ECC API `wc_ecc_rs_raw_to_sig`
2018-03-19 09:12:39 -07:00
467608b6c9
remove pkcs7 requirement of x963kdf when ecc is disabled
2018-03-19 10:08:46 -06:00
7ce2efd572
Merge pull request #1431 from JacobBarthelmeh/Optimizations
...
more aes macro key size guards
2018-03-19 09:07:05 -07:00
b28c6a394f
Merge pull request #1428 from JacobBarthelmeh/Certs
...
Update to certificate renew scripts
2018-03-19 09:05:15 -07:00
bd53d7ba59
TLS v1.3 support for Draft 23 and Draft 27
...
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
2018-03-19 16:15:02 +10:00
b325e0ff91
Fixes for wpa_supplicant
2018-03-19 11:46:38 +10:00
465f1d491f
Merge pull request #1443 from cconlon/dhagree
...
check z against 1 in wc_DhAgree()
2018-03-17 20:15:31 -07:00
250cd3b7eb
Merge pull request #1433 from SparkiDev/sp_size
...
Fix size on Intel and improve 32-bit C code performance
2018-03-16 17:05:46 -07:00
1aba6e9b44
Prepare for PR.
2018-03-16 17:07:28 -06:00
3118c8826b
check z against 1 in wc_DhAgree()
2018-03-16 15:59:48 -06:00
323abafc1c
backup updates for SGX and DB jobs
2018-03-16 15:34:30 -06:00
fa73f7bc55
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:05:07 -07:00
e858ec11ac
Fix unused arg when building with pk callbacks disabled.
2018-03-16 09:37:07 -07:00
ed7774e94a
Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context.
2018-03-15 14:43:41 -07:00
f70351242b
Merge pull request #1432 from kojo1/mdk5
...
3.14.0 update on mdk5 pack
2018-03-15 14:47:14 -06:00
3f99a2a391
Fix PEM_write_bio_X509 to work with new BIO code
2018-03-15 10:45:49 +10:00
a207cae0f4
add some more macro guards to reduce size
2018-03-14 17:24:23 -06:00
607bd96317
add ocsp cert renew and test-pathlen to script
2018-03-14 16:35:16 -06:00
4d1986fc21
Improve speed of 32-bit C code
2018-03-15 08:33:04 +10:00
9ccf876a21
Added new ECC API wc_ecc_rs_raw_to_sig to take raw unsigned R and S and encodes them into ECDSA signature format.
2018-03-14 10:59:25 -07:00
d8fe341998
First pass at added PK_CALLBACK support for VerifyRsaSign.
2018-03-14 09:54:18 -07:00
717ba83deb
Merge pull request #1434 from SparkiDev/tls13_multi_recs
...
Fix multiple handshake messages in last record of certs
2018-03-14 09:46:32 -07:00
262aa7c9a4
Merge pull request #1429 from JacobBarthelmeh/Testing
...
fix for build with NTRU and certgen
2018-03-14 09:42:39 -07:00
afe300acc0
Fix multiple handshake messages in last record of certs
2018-03-14 16:37:58 +10:00
8d750a22b1
Update project files
2018-03-14 08:15:18 +09:00
1de291be8d
macro INLINE
2018-03-14 07:14:07 +09:00
c4dfa41088
SP improvements
...
Tag functions to not be inlined so llvm doesn't make huge builds.
Add sp_mod to support new DH key generation function.
2018-03-13 14:16:48 +10:00
8fb3ccacb7
opensslextra fixs and warning for unused variable
2018-03-12 18:05:24 -06:00
c41bc8205c
account for build with no aes and no des3
2018-03-12 16:41:26 -06:00
6b04ebe3a4
fix for compiling with different build settings
2018-03-12 16:12:10 -06:00
fa21fb4a27
more aes macro key size guards
2018-03-12 15:44:48 -06:00
15805d626d
Merge pull request #1430 from SparkiDev/srp_test_fix
...
Fix SRP test to have 2048 bit test data
2018-03-12 11:33:50 -07:00
b297d9dce0
Merge pull request #1427 from JacobBarthelmeh/Compatibility-Layer
...
return value on bad mutex with error nodes and add x509 host check to OPENSSL_EXTRA
2018-03-12 11:33:20 -07:00
00203d66d5
Fix SRP test to have 2048 bit test data
2018-03-12 17:32:27 +10:00
8fdb99443a
fix for build with NTRU and certgen
2018-03-09 14:21:43 -07:00
72f390a102
Merge pull request #1361 from connerWolfSSL/doxygen_project
...
wolfSSL with Doxygen Documentation
2018-03-09 13:17:54 -08:00
e41f5de556
default generate ed25519 cert with renew and add ecc crls to script
2018-03-09 14:09:34 -07:00
d9738563af
add ed25519 certificate generation to renewcerts.sh
2018-03-09 10:43:36 -07:00
f6b5427f2b
bad sig certificate renew script
2018-03-09 09:50:52 -07:00
849e1eb10d
updating renewcerts script
2018-03-09 00:35:14 -07:00
3b4d1bc796
Merge pull request #1425 from dgarske/config_defaults
...
Enable ECC by default and for aarch64 more algos
2018-03-08 14:05:03 -08:00
0ab4166a80
Merge pull request #1421 from JacobBarthelmeh/Optimizations
...
trim out more strings and fix DN tag
2018-03-08 14:03:10 -08:00
1f9583c59c
Merge pull request #1409 from SparkiDev/tls13_old_ver_fix
...
Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)
2018-03-08 13:59:59 -08:00
200077c62c
Merge pull request #1426 from cconlon/dh186
...
DH - Use q parameter when available, add wc_DhSetKey_ex()
2018-03-08 13:57:54 -08:00
e0afec0600
fix RSA macro, tickets without server, and add test case
2018-03-08 14:36:43 -07:00
e960e0544a
try to clear out error queue with failing mutex
2018-03-08 11:49:16 -07:00
2a0ef55a66
fix for check on return value with mutex error case
2018-03-08 11:26:22 -07:00
74475a26ba
compile more functions in with OPENSSL_EXTRA
2018-03-08 11:06:40 -07:00
0535a8a68a
Added isntall flag, improved pathing for using doxygen to generate documentation
2018-03-08 10:53:44 -07:00
0ac833790d
check q in wc_CheckPubKey_ex() if available in DhKey
2018-03-08 10:17:52 -07:00
6f95677bb8
add wc_DhSetKey_ex() with support for q and SP 800-56A
2018-03-08 09:36:44 -07:00
9e6b9a3793
Merge https://github.com/wolfssl/wolfssl into doxygen_project
2018-03-08 08:10:10 -07:00
d6ffa0dd8e
Fix downgrade when doing TLS v1.3
2018-03-08 15:05:36 +10:00
d35a3f1e69
Fixes from code review
...
If doing TLS v1.3 and version on ServerHello is below TLS v1.2 then
handle message with old code.
If doing TLS v1.3, downgrading and version ClientHello is less than
minimum downgrade then this is a version error.
2018-03-08 09:00:36 +10:00
8edbca1b21
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 09:41:07 -08:00
612a80609a
warning about extra set of parentheses
2018-03-07 10:35:31 -07:00
799a6b6d2d
fix warning of unused variable and add guard for disable ecc build
2018-03-07 10:35:31 -07:00
a9c6385fd1
trim out more strings and fix DN tag
2018-03-07 10:35:31 -07:00
a4000ba196
Merge pull request #1418 from SparkiDev/sp_armasm
...
Add assembly code for ARM and 64-bit ARM
2018-03-07 09:18:16 -08:00
91a59eb625
Merge pull request #1422 from JacobBarthelmeh/Compatibility-Layer
...
add stub code for flag with x509 check host
2018-03-07 08:55:21 -08:00
35f8460e8a
Merge pull request #1419 from dgarske/stm32f1
...
Added support for `WOLFSSL_STM32F1`
2018-03-07 08:51:22 -08:00
cd940ccb5c
Merge pull request #1417 from dgarske/asn_x509_header
...
Cleanup of the ASN X509 header logic
2018-03-07 08:50:00 -08:00
71ba87bb4d
Merge pull request #1416 from dgarske/fix_pluton_ecc_sign
...
Fix for Pluton ECC sign (2nd try)
2018-03-07 08:47:46 -08:00
89182f5ca9
Add assembly code for ARM and 64-bit ARM
...
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
602874cff4
Merge pull request #1423 from ejohnstown/touch-file
...
Fix issue with the creation of dummy fips.h header.
2018-03-06 16:29:05 -08:00
a7fe5e3502
Fix issue with the creation of dummy fips.h header.
2018-03-06 13:15:35 -08:00
3f80006b25
add stub code for flag with x509 check host
2018-03-06 11:55:20 -07:00
fcae6d46be
Merge https://github.com/wolfssl/wolfssl into doxygen_project
2018-03-06 10:16:21 -07:00
5a1bdff0bd
Added wolfssl vs doxygen api checking, removed storing warnings and errors in files
2018-03-06 10:13:13 -07:00
5699afe63d
Fix for minor typos in OPENSTM32 README.md.
2018-03-06 09:09:44 -08:00
5174ad77f2
Added support for WOLFSSL_STM32F1.
2018-03-06 09:07:43 -08:00
b879d138af
Fix for using non-const as array sizer (resolves build error with VS).
2018-03-06 09:04:12 -08:00
57e9b3c994
Cleanup of the ASN X509 header and XSTRNCPY logic.
2018-03-05 16:11:12 -08:00
d75b3f99ac
Proper fix for Pluton ECC sign.
2018-03-05 15:29:34 -08:00
317c890961
Fix minimum downgrade when NO_OLD_TLS is defined
2018-03-05 10:12:04 +10:00
dee74e98dd
Fix downgrading when WOLFSSL_TLS13 is defined (despite NO_OLD_TLS being defined)
2018-03-05 10:11:51 +10:00
e95fa69a9b
Merge pull request #1414 from JacobBarthelmeh/Certs
...
update certificate after dates
2018-03-02 15:17:25 -08:00
f223f8fdfd
update certificate after dates
2018-03-02 14:31:08 -07:00
a82dc1ad22
Merge pull request #1413 from JacobBarthelmeh/Release
...
bump version to 3.14.0
2018-03-02 12:58:31 -08:00
48cd2806af
Merge pull request #1412 from JacobBarthelmeh/PKCS12
...
clean up memory in error case with PKCS12 create
2018-03-02 12:37:12 -08:00
2c12b0d678
Merge pull request #1411 from ejohnstown/dtls-null-fix
...
DTLS Import/Export with Null Cipher
2018-03-02 11:41:04 -08:00
922d65d97c
bump version to 3.14.0
2018-03-02 12:31:41 -07:00
ae23f777d6
clean up memory in error case with PKCS12 create
2018-03-02 11:35:16 -07:00
53c0bf6a20
Merge pull request #1408 from JacobBarthelmeh/Release
...
Testing in preparation for release
2018-03-02 10:12:27 -08:00
e698084eac
Merge pull request #1406 from dgarske/mmcau_sha256_cast
...
Fix for cast warning with NXP CAU and SHA256.
2018-03-02 10:10:14 -08:00
edfe16ef8c
Merge pull request #1410 from dgarske/fix_pluton_ecc_sign
...
Fix for pluton ECC sign
2018-03-02 11:07:01 -07:00
da76ee0877
allow import of DTLS sessions with null cipher as the null cipher is allowed with dtls when enabled
2018-03-02 09:57:07 -08:00
223903717a
add sanity check for short read
2018-03-02 09:38:11 -07:00
f6869dfe09
AES ECB build with ARMv8 instructions enabled
2018-03-02 09:30:43 -07:00
f6d770b5bd
Fix for pluton ECC sign.
2018-03-02 07:57:22 +01:00
223facc46a
sanity check on index before reading from input
2018-03-01 18:03:21 -07:00
ae21c03d69
check on certificate index when getting Name
2018-03-01 18:00:52 -07:00
e80e82a89b
sanity check on reading newline character
2018-03-01 18:00:52 -07:00
e7b0fefd7a
add sanity check on read index
2018-03-01 18:00:52 -07:00
d46a2b449d
fix for smallstack buffer size
2018-03-01 18:00:52 -07:00
df1c73c8e5
check for case that BER to DER API is available
2018-03-01 18:00:52 -07:00
db18e49920
gcc-7 warning about misleading indentation
2018-03-01 18:00:52 -07:00
2a368abd20
fix build for haproxy
2018-03-01 18:00:52 -07:00
b25ebf64b9
Merge pull request #1407 from ejohnstown/new-ca-cert
...
added another CA to the wolfssl website ca file
2018-03-01 17:58:19 -07:00
ecb2463bbe
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
7b1f6967c8
added another CA to the wolfssl website ca file
2018-03-01 11:57:12 -08:00
ba40a71a3c
added script so ensure doxygen api documentation matches wolfssl api
2018-03-01 10:27:30 -07:00
59c8d3cdf7
Fix for cast warning with NXP CAU and SHA256.
2018-03-01 08:06:29 +01:00
1b2e43478d
Merge pull request #1405 from ejohnstown/selftest-errors
...
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-28 14:16:59 -07:00
d035c1dd81
added error code for the FIPS DH agreement KAT test in the POST
2018-02-28 10:54:53 -08:00
b6aae0c2d1
Merge pull request #1402 from JacobBarthelmeh/Testing
...
Improve bounds and sanity checks
2018-02-28 09:45:19 -08:00
02970c9a11
Merge pull request #1404 from JacobBarthelmeh/Compatibility-Layer
...
reduce impact of NO_OLD_SHA256_NAMES macro
2018-02-28 16:12:37 +01:00
25e7dbd17a
add comment on sanity check
2018-02-27 23:30:50 -07:00
5cc046eb6d
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-27 12:42:25 -08:00
06163f2bbb
reduce impact of NO_OLD_SHA256_NAMES macro
2018-02-27 12:21:11 -07:00
91141e43c9
Merge pull request #1403 from cconlon/shadow_warnings
...
Fix shadow warnings on older compilers in tls_bench example
2018-02-27 08:32:56 -08:00
00b6419964
use XSTRLEN and revert adding outLen parameter
2018-02-26 16:52:09 -07:00
306600cba6
resolve variable shadow warnings on older compilers in tls_bench example
2018-02-26 16:14:15 -07:00
e6c95a0854
sanity check on input size
2018-02-26 14:41:00 -07:00
5ef4296b3d
sanity check on buffer length with ASNToHexString
2018-02-26 14:25:39 -07:00
e4f40fb6c0
add sanity checks and change index increment
2018-02-26 13:55:56 -07:00
f7d70e4650
Merge pull request #1401 from kaleb-himes/NETOS-SV
...
possible shadowed global variable declaration in NETOS
2018-02-26 12:21:13 -08:00
442430d39e
Merge pull request #1392 from ejohnstown/rsa-decrypt-check
...
RSA Decrypt Bounds Checking
2018-02-26 12:19:37 -08:00
f58619bb9f
possible shadowed global variable declaration in NETOS
2018-02-26 11:48:33 -07:00
68b8557878
Merge pull request #1400 from JacobBarthelmeh/Testing
...
possible shadowed global variable declaration
2018-02-26 10:37:17 -08:00
512a0be75e
possible shadowed global variable declaration
2018-02-26 09:52:51 -07:00
b527f6fb81
Merge pull request #1397 from JacobBarthelmeh/Optimizations
...
Optimizations
2018-02-26 08:43:22 -08:00
73dbc8f6e7
Merge pull request #1395 from JacobBarthelmeh/Certs
...
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-26 08:39:58 -08:00
a49553df6a
RSA Decrypt Bounds Checking
...
1. Added some bounds checking on the ciphertext passed into the RSA decrypt function. NIST SP 800-56B specifies that the ciphertext shouldn't be a number larger than the modulus.
2. Added an API test to check that the direct RSA decrypt function returns an error with a "bad" message.
3. Added an ifndef guard to disable the bounds check. Default is to keep the bounds check.
4. RSA Decrypt bounds check only checked the first time into wc_RsaFunction().
2018-02-23 17:04:05 -08:00
942f39de3b
cast return from XSTRLEN
2018-02-23 17:35:44 -07:00
9391c608cc
remove error string function when no error strings is defined
2018-02-23 17:31:20 -07:00
f2cbab95b0
change _EncodeName, add test with wc_MakeCertReq, add XMEMSET with Cert init
2018-02-23 17:22:48 -07:00
1c2506f94c
Merge pull request #1393 from SparkiDev/sp_math_dh
...
DH public key check working with sp-math
2018-02-23 16:15:15 -08:00
9b90cdc919
Merge pull request #1396 from JacobBarthelmeh/Testing
...
fix for static analysis warning of null dereference
2018-02-23 15:51:29 -08:00
22e55e72c1
Merge pull request #1394 from cconlon/selftest
...
Add CAVP-only Self Test for special build
2018-02-23 15:50:06 -08:00
be8cfcf587
Merge pull request #1379 from JacobBarthelmeh/Compatibility-Layer
...
Compatibility layer
2018-02-23 14:59:22 -08:00
9757effdc1
fix for static analysis warning of null dereference
2018-02-23 14:49:06 -07:00
79f13478df
add AES macro guards and reduce code in GetName
2018-02-23 13:45:42 -07:00
453aa16e8d
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-23 10:46:26 -07:00
ad53037852
add CAVP selftest option for special build
2018-02-23 10:14:56 -07:00
30e8429a3f
DH public key check working with sp-math
2018-02-23 15:10:54 +10:00
89390180a0
Merge branch 'master' into Compatibility-Layer
2018-02-22 15:24:31 -07:00
6500c40015
Merge pull request #1386 from JacobBarthelmeh/RSA
...
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
2018-02-22 13:34:20 -08:00
fcb82d561e
Merge pull request #1388 from cconlon/dh_check_pubkey
...
add wc_DhCheckPubKey_ex() with checks against large prime q
2018-02-22 13:10:03 -08:00
de4893486e
add wc_DhCheckPubKey_ex() with checks against large prime q
2018-02-22 11:09:06 -07:00
63802849a1
remove magic number
2018-02-22 09:55:20 -07:00
41ae47fa3c
Merge pull request #1390 from SparkiDev/tls13_downgrade
...
Fix downgrading from TLS v1.3 to TLS v1.2
2018-02-22 08:53:48 -08:00
dda7dbd7fd
Merge pull request #1389 from JacobBarthelmeh/CAAM
...
fix unused function warning with CAAM and AES
2018-02-22 08:51:34 -08:00
4154492d4b
Merge pull request #1387 from JacobBarthelmeh/Testing
...
fix for unused variables
2018-02-22 08:46:32 -08:00
06abc12d40
Merge pull request #1384 from SparkiDev/sp_math_dh
...
Enable DH public key check code with sp-math
2018-02-22 08:41:25 -08:00
5c07aadc41
Merge pull request #1383 from SparkiDev/explicit_curve
...
Explicit curve
2018-02-22 08:32:44 -08:00
20e7d2d426
Merge pull request #1380 from SparkiDev/ber_indef
...
Support indefinite length BER encodings in PKCS #7
2018-02-22 08:31:26 -08:00
6bf5f06397
Fixes from code review
2018-02-22 14:59:19 +10:00
7160384a19
Explicit curve data in public ECC key
...
Certificate's public key data contains more of the encoding.
PKCS #7 using public key from certificates calls proper decode.
2018-02-22 14:59:19 +10:00
274110a10c
Added tests and fixes from testing
2018-02-22 14:58:37 +10:00
da4024b46a
Fix downgrading from TLS v1.3 to TLS v1.2
...
Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when
downgrading.
Added support in client and server examples for using downgrade method:
wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex().
Add tests, using downgrade version, of client or server downgrading from
TLS v1.3 to TLS v1.2.
2018-02-22 12:48:50 +10:00
76b0464a3b
Fixes from review
2018-02-22 08:31:19 +10:00
312d1a2aaf
fix unused function warning with CAAM and AES
2018-02-21 15:21:07 -07:00
fd7ffc992f
fix for unused variables
2018-02-21 11:19:49 -07:00
08e199d78a
add support for async with wc_RsaDirect function
2018-02-21 11:09:38 -07:00
7374e2e751
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
2018-02-21 10:10:35 -07:00
dc4edd0cd9
SNI fix for nginx
2018-02-21 23:48:43 +10:00
d1f19e8ecc
Fix resumption code around when not available
...
Can't set a ticket if the encryption callback is NULL.
If no useable pre-shared key is found then we won't do PSK.
2018-02-21 17:45:13 +10:00
7d4c693d7e
Enable DH public key check code with sp-math
2018-02-21 09:13:00 +10:00
3dfc2d87f3
Fix leak when wc_PKCS7_InitWithCert is called in verify
2018-02-21 08:29:50 +10:00
6dad94c0fa
Change wc_BerToDer signature to have length as param
...
Clean up code to make readable
2018-02-21 08:29:50 +10:00
d09f26a69f
Support indefinite length BER encodings in PKCS #7
2018-02-21 08:29:50 +10:00
7a2aa6bc13
Merge pull request #1382 from dgarske/cleanup_strncpy
...
Fixes for ensuring null termination on all strncpy calls
2018-02-20 08:18:08 -08:00
d34309b141
Merge pull request #1381 from JacobBarthelmeh/Testing
...
macro guard for redefinition warning
2018-02-20 08:14:30 -08:00
3586ae04dc
Merge pull request #1373 from JacobBarthelmeh/Optimizations
...
Some memory optimizations
2018-02-20 08:13:02 -08:00
a275022dbe
account for pwdbased being enabled with x509small
2018-02-19 17:32:39 -07:00
33b699f81a
macro guards on PEM strings
2018-02-19 17:32:39 -07:00
e4df21df94
More cleanup for const strings.
2018-02-19 17:32:39 -07:00
772651c17a
update tests and benchmark for HAVE_AES_DECRYPT
2018-02-19 17:32:39 -07:00
4614bd4e56
scan-build warning and AES key size builds for ARMv8
2018-02-19 17:32:39 -07:00
94b7ab92f3
fix for unused variable
2018-02-19 17:32:39 -07:00
801ce67fc9
surround BIO function with macro guard
2018-02-19 17:32:39 -07:00
2a15b3912b
revert pkcs7 attrib structure for scep and add more macro guards for AES key size
2018-02-19 17:32:39 -07:00
8006b68cac
more macro guards
2018-02-19 17:32:39 -07:00
c9525d9c1d
add opensslextra=x509small build option
2018-02-19 17:32:39 -07:00
ae2306ebcf
more structure packing and macro guards
2018-02-19 17:32:39 -07:00
e187ce42da
more macro guards for asn
2018-02-19 17:28:53 -07:00
16a4aef18e
clean up of macro guards on OIDs
2018-02-19 17:28:53 -07:00
02753e53a5
add some of AES key size macros to benchmark.c and test.c
2018-02-19 17:28:53 -07:00
7143b09786
pack PKCS7 structure
2018-02-19 17:28:53 -07:00
c2f660c0fc
first round of adding AES key size macros
2018-02-19 17:23:49 -07:00
08696449f6
Merge pull request #1349 from JacobBarthelmeh/PKCS7
...
pkcs7 attribute parsing
2018-02-19 15:36:55 -08:00
44079e4bb8
Fixes for ensuring null termination on all strncpy calls. Cleanup of the null termination character '\0'; for char types.
2018-02-19 13:33:16 -08:00
b6f96d68be
macro guard for redefinition warning
2018-02-19 14:11:41 -07:00
a2d96bad49
update SHA names with mcapi build
2018-02-19 09:29:21 -07:00
165059226e
add HAVE_AES_ECB to enable all build
2018-02-16 17:06:26 -07:00
f569645212
add wolfSSL_SHA256 function
2018-02-16 16:57:45 -07:00
a651b08afa
add wolfSSL_AES_ecb_encrypt function
2018-02-16 15:08:31 -07:00
223edab6d9
Merge pull request #1378 from dgarske/evp_gcc7_async_test
...
Fixes a few build errors with EVP/wolfCrypt test and async API test hang
2018-02-16 13:11:36 -07:00
62c2145e74
Merge pull request #1376 from JacobBarthelmeh/Compatibility-Layer
...
add wolfSSL_PEM_read_bio_RSAPrivateKey function
2018-02-16 10:20:07 -08:00
ae5dac8994
Fixes for GCC 7 build errors with evp.c and switch fall through. General EVP code formatting cleanup. Fix for wolfCrypt test un-used var when HAVE_AES_CBC not defined. Fix for async in test_wolfSSL_SESSION with err not being initialized.
2018-02-16 09:32:40 -08:00
488a795747
add wolfSSL_PEM_read_bio_RSAPrivateKey function
2018-02-15 22:34:50 -07:00
74ebf510a3
Merge pull request #1374 from dgarske/pub_ecc_mul2add
...
Add option for `ecc_mul2add` to be made as exposed API
2018-02-15 14:21:42 -08:00
cbd7612324
Merge pull request #1375 from dgarske/ifm_feedback
...
Add support for `WOLFSSL_NO_MALLOC` with memory callbacks
2018-02-15 14:19:21 -08:00
d8eff923f1
Merge pull request #1372 from JacobBarthelmeh/UnitTests
...
clear error node queue after test case and initialize logging buffer
2018-02-15 08:40:45 -08:00
8c8ed06202
Added the WOLFSSL_NO_MALLOC option for the realloc callback as well.
2018-02-15 07:15:30 -08:00
32547e280a
Added ecc_mul2add to ecc.h header and is exposed as an API if WOLFSSL_PUBLIC_ECC_ADD_DBL is defined.
2018-02-15 07:04:29 -08:00
8285648e46
Fix to support using memory callbacks with no malloc / free using WOLFSSL_NO_MALLOC. Fix to only include <errno.h> if LWIP_PROVIDE_ERRNO is not defined.
2018-02-15 06:54:14 -08:00
ad1fc26d4e
Merge pull request #1370 from JacobBarthelmeh/Testing
...
check on verify depth for certificates with opensslextra
2018-02-14 16:29:25 -08:00
1b98ccbac8
add else condition for logging string with OPENSSL_EXTRA
2018-02-14 17:21:42 -07:00
9ff97997a6
Merge pull request #1360 from SparkiDev/sp_math
...
Minimal implementation of MP when using SP.
2018-02-14 15:49:23 -08:00
a7a8ce8721
Merge pull request #1371 from ejohnstown/asn-fix
...
Update wc_GetKeyOID()
2018-02-14 15:10:01 -08:00
641af487ea
Changed missed MP_API change
2018-02-15 08:23:49 +10:00
c1b1fbaf7e
clear error node queue after test case
2018-02-14 13:55:43 -07:00
0853fcb202
Update wc_GetKeyOID()
...
1. Check that the algoID is not NULL.
2. Initialize algoID to 0.
3. Moved the key variables around.
2018-02-14 12:43:02 -08:00
9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict
...
Added RFC 5280 "must" checks
2018-02-14 10:01:58 -08:00
2e15842ef2
revert verify depth check and increase array size to account for possible cert index
2018-02-14 10:01:22 -07:00
09f1247007
Support WOLFSSL_PUBLIC_MP define in SP math
2018-02-14 15:30:33 +10:00
b18fdea2ce
Fixes from code review
2018-02-14 11:09:20 +10:00
4b5524b39a
Merge pull request #1368 from JacobBarthelmeh/PKCS12
...
add check for having ECC enabled when testing with ECC certificate
2018-02-13 11:42:11 -08:00
8b5864c475
Merge pull request #1366 from ejohnstown/hmac-sha3
...
HMAC-SHA-3
2018-02-13 11:41:34 -08:00
4d04f0951c
Merge pull request #1363 from SparkiDev/tls13_draft23
...
Support TLS v1.3 Draft 23
2018-02-13 11:39:53 -08:00
9bb29c46e3
Merge pull request #1347 from kaleb-himes/SGX-FIPS-WINDOWS
...
windows configuration changes
2018-02-13 10:38:25 -07:00
6f1e5383da
check on verify depth for certificates with opensslextra
2018-02-13 10:29:23 -07:00
e48eb1ded8
added hmac-sha-3
2018-02-12 13:24:06 -08:00
c09e55c749
add check for having ECC enabled when testing with ECC certificate
2018-02-12 09:59:35 -07:00
95ed1a88ed
Merge pull request #1364 from SparkiDev/aesni_authtagsz
...
AES-GCM AES-NI code now handles different tag lengths
2018-02-09 13:19:14 -08:00
e254f25baf
Merge pull request #1359 from SparkiDev/nginx_fixes
...
Fixes to get Nginx working again.
2018-02-09 13:17:38 -08:00
44be47a83b
Merge pull request #1358 from dgarske/fix_aesgcm_emb
...
Fix for missing `ret` in some `wc_AesGcmEncrypt` functions
2018-02-09 13:16:21 -08:00
a27d2448e2
Merge pull request #1344 from dgarske/portability_cleanups
...
Portability cleanups and `tls_bench` fixes
2018-02-09 13:15:47 -08:00
d827e93af9
Merge pull request #1329 from JacobBarthelmeh/PKCS12
...
PKCS12 reverse order that certificates are compared for keypair
2018-02-09 13:15:07 -08:00
87179837e7
Merge pull request #1365 from cconlon/p7karifix
...
detect and set keyAgreeOID from CMS EnvelopedData if user has not set
2018-02-09 13:27:40 -07:00
fa676d96cf
detect and set keyAgreeOID from CMS EnvelopedData if user has not set
2018-02-09 09:37:51 -07:00
35c993e55d
AES-GCM AES-NI code now handles different tag lengths
...
Encrypt and decrypt code modified.
AES-NI, AVX1 and AVX2 code modified.
Test of 15 byte tag added.
2018-02-09 17:21:06 +10:00
0da8694ff3
Fix Hello Retry Request parsing of new KeyShare choice
2018-02-09 11:12:04 +10:00
9a0c822582
Support TLS v1.3 Draft 23
...
Change KeyShare number.
Support SignatureAlgorithmsCert extension - nothing done with
information as only one chain supported on server.
Compiling for Draft 22 supported: --enable-tls-draft22
Compiling for Draft 18 still supported.
2018-02-09 10:42:15 +10:00
e8a5af2651
Merge pull request #1362 from ejohnstown/aesgcmtest
...
Add AES-GCM Test Case
2018-02-08 16:41:06 -08:00
6907241180
Add AES-GCM Test Case
...
Added a new AES-GCM test case where the provided IV is of length 1 byte.
2018-02-08 11:37:21 -08:00
fab99f9f44
Merge https://github.com/wolfssl/wolfssl into doxygen_project
2018-02-08 10:13:43 -07:00
17e88b47f6
Migrated documentation directory to doc. README updated. Error fixes. Moved make options to doc/include.am
2018-02-08 10:05:30 -07:00
a3a4f2d59c
Minimal implementation of MP when using SP.
...
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
297fb1a447
Fixes to get Nginx working again.
...
Only use weOwnDH as Nginx can change from client to server.
Allow TLS v1.3 with client method for Nginx.
2018-02-08 11:14:31 +10:00
62b8c0c3fd
add test case for order of certificates with PKCS12 parse
2018-02-07 16:52:39 -07:00
fbdcd3c67f
Fix for missing ret in some wc_AesGcmEncrypt functions due to refactor in commit 0765aa0.
2018-02-07 15:40:28 -08:00
c2a0de93b8
Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type.
2018-02-07 12:48:33 -08:00
266b6fe7a7
Merge pull request #1356 from JacobBarthelmeh/Compatibility-Layer
...
Fix for Windows FIPS build
2018-02-07 13:18:36 -07:00
4a6bb20ba6
Refactor the VERIFY_AND_SET_OID macro to simplify so it works on older C compilers like Visual Studio.
2018-02-07 12:17:03 -08:00
d78e45dbb6
Added check to enforce RFC 5280 Sec 4.2: "A certificate MUST NOT include more than one instance of a particular extension". Refactor of the DecodedCert struct to combine bit type options into bit-fields. Fix for wolfCrypt test for error codes to allow -161.
2018-02-07 11:15:22 -08:00
d9002bb072
Fix to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative URI". Verifies the URI contains "://". Can be disabled using WOLFSSL_NO_ASN_STRICT.
2018-02-07 11:15:22 -08:00
f4ad808d12
Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constraints extension, which MUST be used only in a CA certificate". Added new define WOLFSSL_NO_ASN_STRICT to restore old behavior for compatability. Fix wc_port time HAVE_RTP_SYS (noticed it was missed during ASN time move to wc_port).
2018-02-07 11:15:22 -08:00
3e05118995
* Added the tls_bench example to the build output when threading is supported.
...
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
2018-02-07 11:13:13 -08:00
e1c246f918
Merge pull request #1355 from JacobBarthelmeh/Testing
...
Fix for build with having opensslextra and IGNORE_NAME_CONSTRAINTS
2018-02-07 11:12:55 -08:00
69db17fcda
Merge pull request #1352 from dgarske/freertos_static
...
Fix to allow `FREERTOS` and `WOLFSSL_STATIC_MEMORY`
2018-02-07 10:06:51 -08:00
012fb31f00
Merge pull request #1351 from dgarske/fix_ipv6
...
Fix for building with IPV6
2018-02-07 10:04:41 -08:00
7769ba83ad
Merge pull request #1346 from dgarske/stm32_hash_ctx
...
STM32 Hashing Improvements
2018-02-07 10:03:50 -08:00
47aa4bbe2f
handle disable md5 case
2018-02-07 10:44:16 -07:00
61da8ec1dc
Fix for Windows FIPS build
2018-02-07 10:13:28 -07:00
a1a1ca9991
Fix for build with having opensslextra and IGNORE_NAME_CONSTRAINTS
2018-02-07 09:54:24 -07:00
9afd26e853
Fixes for better supporting FREERTOS with and without static memory. Added fallback case to use pvPortMalloc/vPortFree when heap ptr not available.
2018-02-06 09:28:27 -08:00
b3b3a28616
Fix logic typo for IPV6 any addr.
2018-02-06 09:18:42 -08:00
172989c3c4
Merge pull request #1343 from ghoso/dev201801
...
Fix decryption error when EVP_CipherInit is called mulitple times.
2018-02-05 16:51:08 -08:00
82850422fc
Merge pull request #1338 from JacobBarthelmeh/Testing
...
set have session id flag
2018-02-05 14:58:55 -08:00
0be1c10fcd
Moved the STM32 functions to their own .c file. Added GPL header. Finished testing on STM32 CubeMX with F4 and F7 and StdPeriLib with F4.
2018-02-05 12:57:06 -08:00
4803b3316e
Update settings.h
2018-02-05 13:05:24 -07:00
81b64742f3
Fix to allow FREERTOS and WOLFSSL_STATIC_MEMORY.
2018-02-05 11:55:35 -08:00
1ca56f97a4
Fix warning with pointer compare to zero for IPV6 peer == INADDR_ANY in test.h. Fixes issue #1350 .
2018-02-05 11:03:19 -08:00
a196fac0c2
itterate through certificates with PKCS7
2018-02-05 10:52:54 -07:00
0765aa0f20
Merge pull request #1342 from SparkiDev/aes_gcm_sb2
...
Improve performance of AES-GCM for AVX1 and AVX2
2018-02-02 10:56:14 -08:00
7ad0ea808c
Merge pull request #1341 from JacobBarthelmeh/master
...
fix build for OLD_HELLO_ALLOWED macro
2018-02-02 10:53:16 -08:00
02ef52c3cd
Merge pull request #1340 from dgarske/ecc_pub_import_wcurve
...
Adds curve information to public key import for `wc_EccPublicKeyDecode`
2018-02-02 10:52:06 -08:00
d63373066b
Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer
...
add comments and better error checking for PKCS8 strip
2018-02-02 10:50:29 -08:00
c66ebb6748
Merge pull request #1317 from SparkiDev/chacha20_sb_avx2
...
Improve performance of chacha20-poly1305 on AVX and AVX2.
2018-02-02 10:46:39 -08:00
19ce41c3cc
pkcs7 attribute parsing
2018-02-02 09:01:32 -07:00
f5c33a9362
added force flag to not through warning if no file present to remove
2018-02-01 10:23:10 -07:00
841e75afcf
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2018-02-01 09:47:13 -07:00
a6bab49f8a
fixed bn.h header
2018-02-01 09:43:11 -07:00
15486ae379
windows configuration changes
2018-01-31 15:09:16 -07:00
a4a5f4f27a
STM32 refactor to move hashing code into wolfssl/wolfcrypt/port/stm32.h. Supports CubeMX HAL or StdPeriLib with MD5, SHA1, SHA224 and SHA256. Detects if hardware supports SHA2. Adds hashing context save/restore and hashing clock/power optimizations. Fix for building *.c in wolfcrypt/src/port for caam_driver.c. Fix for warning with wolfSSL_CryptHwMutexUnLock when no threading defined and return code not checked.
2018-01-31 11:25:20 -08:00
640015ed5f
Merge pull request #1345 from kaleb-himes/SGX-FIPS-UPDATES
...
Updates to settings necessary for SGX FIPS
2018-01-31 11:09:19 -07:00
5b083497da
Merge pull request #1300 from kaleb-himes/SGX-FIPS-LINUX
...
Add build scripts for default SGX build and improve cleanup
2018-01-31 09:34:06 -07:00
0101440cc8
Fix decryption error when EVP_CipherInit is called mulitple times.
2018-01-31 17:08:06 +09:00
1af85cf9c4
Update include.am
2018-01-30 15:39:20 -07:00
7facff2fd2
Feedback update
2018-01-30 15:36:18 -07:00
229d98e1f8
Updates to settings necessary for SGX FIPS
2018-01-30 15:30:52 -07:00
03fe54dcc4
Update following review
2018-01-30 14:30:44 -07:00
3d3b9f69a6
Test larger variable data size if available
2018-01-30 12:21:25 +10:00
e82e3d3d6e
Improve performance of AES-GCM for AVX1 and AVX2
2018-01-30 12:00:13 +10:00
9d7374348b
Fix the ecc_decode_test to use a real OID (instead of 1), so the tests work properly.
2018-01-29 15:58:04 -08:00
580a55ce49
fix build for OLD_HELLO_ALLOWED macro
2018-01-29 14:55:32 -07:00
90a3daa887
Adds curve information to public key import for wc_EccPublicKeyDecode. Cleanup to remove the ECC_CHECK_PUBLIC_KEY_OID define. The call to wc_ecc_get_oid does the same check as CheckCurve.
2018-01-29 12:09:12 -08:00
ca5b1dbbcb
set have session id flag
2018-01-26 14:18:36 -07:00
d179e442b4
Merge pull request #1337 from dgarske/pkcs7_pad
...
Expose the PKCS 7 pad functionality `wc_PKCS7_PadData`
2018-01-26 10:01:07 -08:00
058c2a7a25
Made public the wc_PKCS7_GetPadSize API. Cleanup to use GetPadSize for the wc_PKCS7_PadData.
2018-01-25 08:14:56 -08:00
4d75f337bb
Fix AVX2 final func to reset state
2018-01-24 16:36:44 -08:00
776e222143
Merge pull request #1336 from SparkiDev/sha256_freescale
...
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
2018-01-23 14:51:30 -08:00
138bc3e6cc
Enhancement to expose the PKCS 7 pad functionality (wc_PKCS7_PadData).
2018-01-23 13:21:56 -08:00
11ea2689d8
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
2018-01-23 12:45:17 -08:00
e476cb2958
Merge pull request #1334 from dgarske/fix_asn_leak
...
Fix for possible leak in error case for `wc_RsaKeyToDer`
2018-01-22 23:20:39 -07:00
4e10173eed
Fix for possible leak in error case for wc_RsaKeyToDer.
2018-01-22 16:17:08 -08:00
79f4b963cd
Merge pull request #1333 from SparkiDev/tls13_no_server
...
Make TLSX_SetResponse available in client and server
2018-01-22 07:43:37 -08:00
6e6085501d
Make TLSX_SetResponse available in client and server
2018-01-21 18:12:34 -08:00
72b8b71082
Merge pull request #1332 from kojo1/part5
...
fix shadow global
2018-01-21 16:48:12 -08:00
162326dfcb
fix shadow global
2018-01-22 01:19:45 +09:00
4d1ebc0827
Merge pull request #1330 from wolfSSL/revert-1315-aes_gcm_sb
...
Revert "Improve AES-GCM code for Intel AVX1 and AVX2"
2018-01-19 17:49:19 -07:00
1428934ad5
add comments and better error checking for PKCS8 strip
2018-01-19 16:53:12 -07:00
f06abdb3ae
Revert "Improve AES-GCM code for Intel AVX1 and AVX2"
2018-01-19 15:12:08 -08:00
085d3dae14
Merge pull request #1315 from SparkiDev/aes_gcm_sb
...
Improve AES-GCM code for Intel AVX1 and AVX2
2018-01-19 15:09:34 -08:00
9045a2562a
Merge pull request #1316 from JacobBarthelmeh/Testing
...
Fix for AES-CFB with --enable-armasm and fix for windows fips tests
2018-01-19 15:02:53 -08:00
8d27a2720c
Merge pull request #1325 from SparkiDev/bench_rsa
...
Added option to benchmark RSA sign/verify instead of enc/dec
2018-01-19 14:52:40 -08:00
0059266b21
Merge pull request #1328 from dgarske/fix_async_rsapss
...
Fixes for wolfCrypt test RSA PSS with async enabled
2018-01-19 14:52:09 -08:00
d5c1cf4fc7
Merge pull request #1327 from dgarske/ignore_file_warn
...
Added `WOLFSSL_IGNORE_FILE_WARN` option
2018-01-19 14:51:31 -08:00
2efe7f6d96
Merge pull request #1319 from JacobBarthelmeh/Compatibility-Layer-Part5
...
Compatibility layer part4
2018-01-19 14:49:12 -08:00
213a2d0a7d
reverse order that certificates are compared with private key when parsing PKCS12
2018-01-19 15:41:52 -07:00
be98e3e7f3
build condition for SendAlerts and fix free of x509 store
2018-01-19 09:48:02 -07:00
025ba1445e
add WOLFSSL_VERIFY_CB_ALL_CERTS macro
2018-01-18 18:26:32 -07:00
8a0bbb0faf
Fixes for wolfCrypt test RSA PSS with async enabled.
2018-01-18 15:35:21 -08:00
5d52466d6f
Merge pull request #1326 from ejohnstown/rsa-test-fix
...
RSA Key Generation Test Fix
2018-01-18 15:01:55 -08:00
f61e56e5b6
Merge pull request #1312 from kojo1/mdk5
...
CMSIS pack 3.13.0
2018-01-18 14:48:37 -08:00
9654f19075
RSA Key Gen Test Fix
...
A recent change to the RSA key generation process is capping the number of attempts of finding a probable prime to a multiple of the prime's size, in FIPS builds. This means it might fail once in a while. (It could also fail for a couple other reasons but this is the most likely.) The API is changed to retry key generation until it succeeds. Non-FIPS builds keep trying until they find a prime.
2018-01-18 12:20:25 -08:00
584520c9b4
increase static memory bucket size with session certs
2018-01-18 10:59:20 -07:00
377f5c304c
update for async build and include for getenv
2018-01-18 09:05:21 -07:00
f2079ca792
Added option to benchmark RSA sign/verify instead of enc/dec
2018-01-18 11:35:19 +10:00
2a308bdda9
add some comments and return domain name
2018-01-17 17:39:17 -07:00
a0f5126076
build option fixes
2018-01-17 16:40:06 -07:00
db970b685a
Merge pull request #1324 from kaleb-himes/INLINE-STATUS
...
Add status of inline configure option to feature output
2018-01-17 15:36:50 -08:00
98f85c9235
wolfssl_tcp_select
2018-01-18 07:25:09 +09:00
f79a3e9ddb
Reverse ByteReversWOrd64
2018-01-18 07:10:55 +09:00
cfe88b37f6
SOCK_LISTEN_MAX_QUEUE, listen arg
2018-01-18 07:04:48 +09:00
1f0171d79b
hard tab
2018-01-18 07:03:19 +09:00
c7ce6ce772
fix main.c under projects
2018-01-18 07:00:51 +09:00
1276d21d8e
Added WOLFSSL_IGNORE_FILE_WARN option to ignore warning for .c files that do not need to be included.
2018-01-17 13:27:59 -08:00
ed95fca448
Add status of inline configure option to feature output
2018-01-17 14:20:49 -07:00
0b8c069119
Merge pull request #1323 from JacobBarthelmeh/RSA-min
...
adjustment to RSA key size check
2018-01-17 13:12:47 -08:00
54acc2df51
Merge pull request #1318 from SparkiDev/tls13_draft22
...
Changes for TLS v1.3 Draft 22
2018-01-17 11:22:50 -08:00
19288ea127
casting values, update names, g++ build
2018-01-17 12:18:00 -07:00
fa3ab4fd61
adjustment to RSA key size check
2018-01-17 11:34:27 -07:00
676e2f1f63
add comments and remove 2999 bit rsa key test for now
2018-01-17 11:19:21 -07:00
57cbd5e53c
Merge pull request #1322 from SparkiDev/poly1305_clang_fix
...
Fix clang using wrong registers in poly1305 AVX2 code
2018-01-17 08:30:33 -08:00
2dc60b9e01
Merge pull request #1321 from SparkiDev/fe_init_small_fix
...
Fix fe_init implementation to appear for small Ed25519
2018-01-17 08:30:13 -08:00
bf57da1914
static analysis fixes, free buffer return in test case, fips build
2018-01-17 09:28:25 -07:00
4915a784ec
Fix clang using wrong registers in poly1305 AVX2 code
2018-01-17 15:02:58 +10:00
c09d972012
Fix fe_init implementation to appear for small Ed25519
2018-01-17 11:34:22 +10:00
5f14de33e7
Changes for TLS v1.3 Draft 22
...
Middlebox compatibility available too.
2018-01-17 09:38:11 +10:00
60b329f7e5
fix example client error print out and ASN1_TIME_print after rebase
2018-01-16 15:39:58 -07:00
b3ab0a9c11
simplify visibility control
2018-01-16 14:59:50 -07:00
dce628ae8e
Eliminate dup _InitHmac
2018-01-16 14:59:48 -07:00
56efe657fc
save iPad, oPad. test long key
2018-01-16 14:57:53 -07:00
30e6ec5396
HMAC_CTX_copy, copy save_len, save_key
2018-01-16 14:54:44 -07:00
e93d7d3c93
fix for MD5 case, "recover hmac", in HMAC_init
2018-01-16 14:54:44 -07:00
937c759998
HMAC_Init, keylen arg check
2018-01-16 14:54:44 -07:00
f38a321e64
HMAC_Init_ex with NULL key to recover Hmac initial state
2018-01-16 14:54:43 -07:00
8f1fc8ad2e
Error return value of checkPad
2018-01-16 14:51:44 -07:00
ed0d4d3b06
Add ECB in wolfSSL_EVP_get_cipherbyname
2018-01-16 14:51:44 -07:00
13325606b7
Peer cert ASN PARSE ERROR
2018-01-16 14:51:42 -07:00
6f44969e23
Signature check compatibility
2018-01-16 14:48:56 -07:00
2fdf98ebd4
eliminate redandant pad block, DES3
2018-01-16 14:48:56 -07:00
e8d628f61b
wrap up no certificate alert related code in OPENSSL_EXTRA directive.
2018-01-16 14:48:55 -07:00
f690a980bf
Avoid duplicated callback when error is overriden
2018-01-16 14:48:53 -07:00
92c9ff5f48
reset cipher suites after call to wolfSSL_set_options
2018-01-16 14:45:58 -07:00
0a3d6534c7
add SanityCheckMsgReceived in ProcessOldClientHello
2018-01-16 14:42:17 -07:00
d6e22346e3
Regarding with commit #4899aad884880bb8ef1859ea6b57eded013cd2b4, send no certificate alert only if SSLv3, otherwise proceed with size 0 certificate.
2018-01-16 14:42:17 -07:00
a918dfdb33
discard session chain in SSL_clear
2018-01-16 14:42:17 -07:00
2a4766198a
add SendAlert(ssl, alert_fatal, bad_certificate);
2018-01-16 14:42:15 -07:00
401db67bcd
WOLFSSL_MIN_DOWNGRADE, default: TLSv1_MINOR
2018-01-16 14:41:03 -07:00
5a40d8b3c2
rollingback certErr_ovrdn, VerifyCallback
2018-01-16 14:41:01 -07:00
dbad348537
DES3_cbc_encrypt with fragmentary size
2018-01-16 14:39:42 -07:00
a19813eab2
CertificateVerify, getting past when the error is overridden by VerifyCallback
2018-01-16 14:39:40 -07:00
2f1f86d5f2
VerifyCallback with any reason
2018-01-16 14:35:10 -07:00
8336e02931
send no certificate alert on SSLv3 if certificate size is 0.
2018-01-16 14:32:52 -07:00
b40218f7f4
certificate verify callback override
2018-01-16 14:32:50 -07:00
3d0c850e10
Change to send certificate message on SSLv3 even though certificate size is 0.
2018-01-16 14:27:50 -07:00
21a14403c6
wolfSSL_set_options behavior with downgrade version
2018-01-16 14:27:50 -07:00
973bac429c
eliminate dupricate callbacks on -188 error
2018-01-16 14:27:48 -07:00
2cee800127
verifyCallback and SendAlert on invalid certificate,
2018-01-16 14:24:00 -07:00
4ab0934000
Merge branch 'Compatibility-Layer-Part5' of https://github.com/JacobBarthelmeh/wolfssl into Compatibility-Layer-Part5
2018-01-16 14:16:14 -07:00
c80cadb25f
DES_set_odd_parity to MLB
2018-01-16 14:12:43 -07:00
a3ad8c5bae
Implement DomainComponent in wolfSSL_X509_NAME_get_index_by_NID() and wolfSSL_X509_NAME_get_entry().
2018-01-16 13:50:01 -07:00
aa99031346
restore WOLFSSL_NEITHER_END value.
2018-01-16 13:50:01 -07:00
4b13a0f301
Fix code review suggestion.
2018-01-16 13:50:01 -07:00
0edd97293d
Add read or write phrase at each transaction message in wolfSSL_state_string_long().
2018-01-16 13:50:01 -07:00
54a006f47d
correct wolfSSL_get_state() by code review suggestion.
2018-01-16 13:50:00 -07:00
eb9c225304
Change to 2 dimension array as messages store in wolfSSL_state_string_long().
2018-01-16 13:50:00 -07:00
fd05de8346
Fix some memory issues in wolfSSL_state_string_long().
2018-01-16 13:50:00 -07:00
a32ae3e516
Change to kick info callback when state transition occurs.
2018-01-16 13:50:00 -07:00
7210e881a8
eliminate empty if body
2018-01-16 13:50:00 -07:00
b6abf4596e
SetDhInternal in DH_compute_key
2018-01-16 13:49:59 -07:00
a643ae1907
return code of sk num, X509 store peer chain, and get text by NID fix
2018-01-16 13:49:58 -07:00
19244fc0c9
fix memory management
2018-01-16 13:44:53 -07:00
01cd58cc43
fix wolfSSL_DH_1536_prime
2018-01-16 13:44:53 -07:00
cc5e9e3dae
adjustment for verify callback and certificate error depth
2018-01-16 13:44:52 -07:00
0b4e499e1d
MD4 in md_tbl
2018-01-16 13:37:27 -07:00
47bca28b1d
Fix compatibility, inl == 0, EVP_CipherUpdate
2018-01-16 13:37:26 -07:00
43ae3c9f59
ASN_PARSE_E in GetASNInt
2018-01-16 13:36:35 -07:00
3af8975a66
shadow global value error with cross-compiler
2018-01-16 13:34:35 -07:00
a6e6cc781d
fix comment on function
2018-01-16 13:25:46 -07:00
934d149931
macro guards for checking if sha features used
2018-01-16 13:25:44 -07:00
a18c1abc13
add comments for SHA1 function
2018-01-16 10:39:22 -07:00
479b7e5ca8
SHA1 implementation and test
2018-01-16 10:39:22 -07:00
7cc7de9d4a
add set msg callback tests
2018-01-16 10:39:21 -07:00
990e1f3ddf
implement wolfSSL set msg callback function
2018-01-16 10:39:20 -07:00
01e6feb060
add hmac ctx copy testing to unit tests
2018-01-16 09:27:39 -07:00
47a2783cf1
size of buffer with DES ecb encrypt
2018-01-16 09:27:37 -07:00
982e9ab8ad
implement hmac ctx copy function
2018-01-16 09:25:51 -07:00
b9001d3c4d
implement X509 store ctx set error function
2018-01-16 09:12:02 -07:00
86112a574f
implement X509 store ctx get ssl idx
2018-01-16 02:29:51 -07:00
e1d71d7ab8
add macro guard to RSA key generation
2018-01-16 02:17:43 -07:00
c8381afdc1
implement asn1 object to nid function
2018-01-16 02:17:43 -07:00
189a4d74c0
implement get error line data function
2018-01-16 02:17:42 -07:00
f393eb9176
implement ssl set session id context
2018-01-16 02:17:42 -07:00
ede8127569
implement function for setting CTX verify depth
2018-01-16 02:17:40 -07:00
762b7144e0
implement WOLFSSL get app data and set app data functions
2018-01-16 02:13:16 -07:00
3089fa2d27
group sk x509 functions together and implement sk x509 pop free
2018-01-16 02:10:15 -07:00
b369112ed3
implement CTX check private key function
2018-01-16 01:53:05 -07:00
86deb23d2f
put a macro guard on stub functions and implement quick ones, alo update macro guards on recent BN and RSA tests
2018-01-16 01:51:00 -07:00
266132521c
implement RSA key generation compatibility function and BN get word
2018-01-16 01:50:58 -07:00
248dce258e
update dynamic type when freeing bio mem
2018-01-16 01:44:32 -07:00
39126cbb63
move variable declaration to top of function and silence compiler warning
2018-01-16 01:44:30 -07:00
fcb1a10a3c
upadte memory bio read and setting bios in ssl struct
2018-01-16 01:42:34 -07:00
d0d762c1a2
add 1536bit DH prime from RFC 3526
2018-01-16 01:28:24 -07:00
bbff8f00ae
WOFLSSL_STUB: SSL_CTX_check_private_key
2018-01-16 01:27:36 -07:00
d3f4845c55
EVP_PKEY_decrypt return value
2018-01-16 01:25:17 -07:00
47f234dce2
add wolfSSL_EVP_md4 function
2018-01-16 01:22:48 -07:00
ca50d13149
update const type compatibility
2018-01-16 01:18:32 -07:00
60ea23a6de
fix invalid check on unsigned type
2018-01-16 01:18:30 -07:00
ad6cc6be2e
fix clang build warnings and change return type
2018-01-16 01:12:11 -07:00
db3badb73a
add GENERAL NAME stack functions and fix WOLFSSL_BIO free with files
2018-01-16 01:12:09 -07:00
6455801518
add TLSv1 method, getter function for cipher key length, and start stack functions
2018-01-16 00:58:33 -07:00
071e11ed58
Remove key->rsa setting in EVP_PKEY_get1_RSA
2018-01-16 00:29:08 -07:00
2cc7057071
Rollback
2018-01-16 00:29:07 -07:00
b7ffc263cf
set pkey->rsa in d2i_PUBKEY
2018-01-16 00:29:07 -07:00
522e989292
set pkey->rsa in EVP_PKEY_get1_RSA
2018-01-16 00:29:07 -07:00
84bc5ba678
update DER to internal public key and add alert functions
2018-01-16 00:29:05 -07:00
1d792b0b44
detect SHA256, SHA384, and SHA512 NID types when signing
2018-01-16 00:19:53 -07:00
1f8df3e403
fix copy of RSA key from WOLFSSL_EVP_PKEY
2018-01-16 00:16:34 -07:00
32ca91cd2f
fix return value type of fread
2018-01-16 00:16:34 -07:00
d1c05c1883
fix DER to internal private key function
2018-01-16 00:14:08 -07:00
d7e844d7a2
Refined NO_WOLFSSL_STUB
2018-01-16 00:05:33 -07:00
f49e58a169
Eliminat cross compiler warnings: BUF_MEM, SESSION_set_ex_data
2018-01-15 23:43:34 -07:00
7baa65e515
OpenSSL_add_all_digests, ciphers() to wolfCrypt_Init()
2018-01-15 23:40:02 -07:00
f5913d875f
return type compatibility AES_set_encrypt/decrypt_key
2018-01-15 23:39:52 -07:00
31fe154d1c
removed STUB mark from wolfSSL_ERR_load_crypto_strings
2018-01-15 23:34:15 -07:00
18019f1bae
evp key flags and add WOLFSSL_BUF_MEM struct to WOLFSSL_BIO
2018-01-15 23:34:13 -07:00
4ab9cc65f3
fix EVP_get_cipherbyname("RC4")
2018-01-15 23:17:05 -07:00
46a0cedb08
return value for printing asn1 time
2018-01-15 23:17:03 -07:00
be1aba1f70
Improve performance of chacha20-poly1305 on AVX and AVX2.
...
Create an AVX2 version of the small block size chacha20 encryption code.
Only update the poly1305 once for the two lengths in chacha20-poly1305.
Poly1305 AVX2 uses AVX code to handle last bytes, store H whole.
Fix error codes in poly1305 test and add a longer data test case.
2018-01-16 13:45:36 +10:00
9a2b1636f9
xstat2err stat shadows global
2018-01-15 18:26:10 -07:00
8db170250e
add support for file type BIO to PEM read private key
2018-01-15 18:03:24 -07:00
90179e554e
add RC4 to EVP_get_cipherbyname
2018-01-15 18:03:24 -07:00
8ae1b7823e
ecc.c, logging.c: local value shadows global
2018-01-15 18:03:21 -07:00
32bf163633
update base64 WOLFSSL_BIO encoding and checking session context ID
2018-01-15 17:54:46 -07:00
b5ab505d1e
testing with WOLFSSL_BIO write
2018-01-15 17:40:51 -07:00
cda44c89ac
account for different build options
2018-01-15 17:40:46 -07:00
dc4159546b
refactor WOLFSSL_BIO read/write to bio.c and update read and write for base64 formating
2018-01-15 17:22:54 -07:00
91632d64f1
word32 casting inSz, wolfSSL_d2i_PrivateKey
2018-01-15 16:19:58 -07:00
c20bff79ad
fix to fix EVP_CipherFinal stream cipher outlen
2018-01-15 16:19:57 -07:00
52a89349dd
resolves redefinition warnings with clang builds
2018-01-15 16:13:45 -07:00
60b21ffa62
add compat functions; rand egd, rand file, bio_f_base64, bio pop, bio set flags, crypto set id callback, crypto set locking callback, evp pkey get1 RSA, PEM write bio RSA private key, set info callback and alter ERR GET REASON
2018-01-15 16:06:36 -07:00
d0abfbf3f3
turn on AES Direct if AES-CFB is enabled
2018-01-15 16:00:31 -07:00
455ffc2ad7
fix for windows fips build
2018-01-15 15:39:33 -07:00
6fd949279d
fix EVP_CipherFinal outlen for stream cipher
2018-01-15 13:48:31 -07:00
27a9b23d2b
fix ToTraditionalInline inSz type
2018-01-15 13:46:19 -07:00
930930ebc4
update DER to internal function with private RSA key
2018-01-15 13:46:18 -07:00
de2e7d4f75
fix some WOLFSSL_STUB api names
2018-01-15 13:46:17 -07:00
9910c51e67
add #ifndef NO_WOLFSSL_STUB
2018-01-15 13:41:55 -07:00
3415b05732
Merge pull request #1311 from ejohnstown/rsakeygen
...
RSA Key Generation (FIPS 186-4)
2018-01-15 13:26:44 -07:00
9e1283aedb
update WOLFSSL_STUB - Part2
2018-01-15 13:05:39 -07:00
0c4f9c39c9
adjust AES-CFB location in code or --enable-armasm build and use wc_AesEncryptDirect function calls
2018-01-15 13:00:25 -07:00
6a129ca5c7
undate WOLFSSL_STUB - Part 1
2018-01-15 12:58:31 -07:00
e9f3d7f898
add the function ERR remove state and test for it
2018-01-15 10:56:54 -07:00
2e6f97621a
Merge pull request #764 from JacobBarthelmeh/Compatibility-Layer-Part3
...
Compatibility layer part3
2018-01-13 09:57:14 -08:00
862e59f474
FIPS Update
...
1. White space changes. Converting tabs to spaces.
2. Add some comments explaining where a loop bound came from.
3. Added parameter checks to a function.
2018-01-12 15:37:22 -08:00
2945213871
update to d2i_PUBKEY function
2018-01-12 16:01:23 -07:00
0590f2493e
Merge pull request #1314 from dgarske/cleanups
...
Minor fixes and cleanups for hash digest/block size
2018-01-12 13:00:53 -08:00
df7917fcd9
add --enable-aescfb, add comments, include of stdio with snprintf
2018-01-12 11:05:43 -07:00
3f8ecb4e70
Merge pull request #1313 from JacobBarthelmeh/Testing
...
DHE suite with test case and set server/client method
2018-01-12 10:03:03 -08:00
d04775ecfb
Add check for AES with using AES cipher suite
2018-01-12 09:10:55 -07:00
3d6d80fe21
Improve AES-GCM code for Intel AVX1 and AVX2
...
Improve AES-GCM Intel performance by converting to pure inline ASM.
Improve AES-GCM Intel code algorithmically.
Split out platform specific code for AES-GCM encrypt and decrypt.
Move C implementation of AES-GCM to separate function to speed up Intel
ASM code.
Modified test to try all input byte sizes up to large benchmark size
when defined.
2018-01-12 10:51:32 +10:00
e8179b29ff
Merge pull request #1299 from JacobBarthelmeh/PKCS7
...
handle degenerate case with PKCS7
2018-01-11 16:56:39 -07:00
f254a002a8
fix small stack with X509 print function
2018-01-11 15:41:23 -07:00
29ccc36fc2
refactor openssl test in test.c and update AES CFB compatibility function
2018-01-11 15:35:38 -07:00
953fc0d4a8
update CFB mode to handle partial AES block sizes
2018-01-11 15:28:56 -07:00
c2a6c6c395
add CFB mode for AES
2018-01-11 15:23:15 -07:00
857bbe65b5
update OID check for domain component
2018-01-11 14:47:12 -07:00
e2a16190a6
add NID_domainComponent in X509_NAME_get_text_by_NID
2018-01-11 14:37:49 -07:00
2fc494f66b
add NID_domainComponent
2018-01-11 14:37:49 -07:00
289ad7a42c
add CRYPTO_cleanup_all_ex_data
2018-01-11 14:31:32 -07:00
ae7783847c
accept no key, IV case in EVP_CipherInit
2018-01-11 14:31:32 -07:00
d39ca40fee
wrapper for Aes structure added and checks on structure size
2018-01-11 14:23:51 -07:00
f5d9cf0e5d
XSNPRINTF not defined in the case of having no filesystem
2018-01-11 14:17:25 -07:00
68d7d26839
account for C++ compiler and fast rsa option
2018-01-11 14:12:11 -07:00
064a54f552
static analysis and windows fix
2018-01-11 14:08:22 -07:00
d2f1ced52f
added x509 functions : x509 name cmp, i2d x509 name, i2d x509, x509 print
2018-01-11 14:04:03 -07:00
31186cd341
add RSA compat function and stub for x509 name compare
2018-01-11 13:30:02 -07:00
f968e65314
add macro for get thread id and update debug message for wolfSSL_HMAC
2018-01-11 11:54:24 -07:00
f2518ecbc4
RC4 compatibility functions added
2018-01-11 11:54:24 -07:00
40b56e724f
AES cbc wrapper and AES cbf stub function
2018-01-11 11:54:24 -07:00
cf03aa4f52
Fix for building with FIPS where wolfCrypt FIPS already has enum value for MAX_DIGEST_SIZE.
2018-01-11 10:53:12 -08:00
4a9f5f3a7e
add DES cksum and DES set odd parity
2018-01-11 11:32:00 -07:00
481f4765eb
Cleanup to remove duplicate MAX_DIGEST_SIZE in hmac.h and refactor to use WC_MAX_DIGEST_SIZE. Cleanup for HMAC to include hash.h and refactor HMAC_BLOCK_SIZE to WC_HMAC_BLOCK_SIZE. Fix build warning in benchmark.c with unused variable if features are disabled.
2018-01-11 09:52:49 -08:00
e442f8dccf
DHE suite with test case and set server/client method
2018-01-11 10:24:48 -07:00
bb52b0a7b9
Merge pull request #724 from JacobBarthelmeh/Compatibility-Layer-Part2
...
Compatibility layer part2
2018-01-11 08:28:54 -08:00
2cdcd560a2
Merge pull request #1307 from JacobBarthelmeh/Testing
...
fix check key pair match with ECC
2018-01-11 08:26:25 -08:00
df3c775f1d
Merge pull request #1304 from cconlon/dsa1864
...
DSA 186-4 Key Generation, raw params and key import/export
2018-01-11 08:25:27 -08:00
e4093a56f5
remove .uvguix
2018-01-11 07:14:13 +09:00
f55fa9260d
user_settings.h under RTE
2018-01-11 06:55:51 +09:00
c53961d4c5
fix MPU menu
2018-01-11 06:55:51 +09:00
e0ab3888ec
remove NO_64BIT from STM32 options
2018-01-11 06:55:51 +09:00
379c6d0ad8
dummy RTC
2018-01-11 06:55:50 +09:00
a429f5ef98
add MPU menu to user_settings.h
2018-01-11 06:55:50 +09:00
8c000c05ee
refactor MDK options in client/server.c
2018-01-11 06:55:50 +09:00
d8ca8586c0
remove ByteReverseWord64 in sha512
2018-01-11 06:55:50 +09:00
28e18e35f8
mdk5 error
2018-01-11 06:53:34 +09:00
f49bd43ba1
add HAL_HASH, HAL_RNG to benchmark project
2018-01-11 06:53:33 +09:00
f1cba97773
remove wolfssl_fgets
2018-01-11 06:53:33 +09:00
109dd05bb3
Fix benchmark and test project
2018-01-11 06:53:33 +09:00
d34fb44df2
listen parrameter for Keil tcp net
2018-01-11 06:53:33 +09:00
cd0c5d4b93
refactor WOLFSSL_DMK_ARM and WOLFSSL_KEIL_TCP_NET in wolfio.h
2018-01-11 06:53:33 +09:00
bb2e73566b
add WOLFSSL_CMSIS_RTOS option in internal.h
2018-01-11 06:53:32 +09:00
c1fe2f36db
add WOLFSSL_CMSIS_RTOS option
2018-01-11 06:53:32 +09:00
a53b7a8ced
clean up files under projects
2018-01-11 06:53:32 +09:00
cf5708d156
Update SimpleServer, clean up other project files
2018-01-11 06:53:32 +09:00
84c216a5f7
new user_settings.h for mdk5 config menu
2018-01-11 06:53:32 +09:00
76e1a34fd0
update SimpleClient example
2018-01-11 06:53:32 +09:00
3f922b4254
update CryptBenchmark
2018-01-11 06:53:31 +09:00
b569dff905
update CryptTest project
2018-01-11 06:53:31 +09:00
59b9ab9097
place buffer on stack instead and zero it when done
2018-01-10 13:36:03 -07:00
d01d255985
FIPS Update
...
1. When configuring FIPSv2, force enable RSA-PSS and ECC.
2. Add more checks for FIPSv2 around the code.
2018-01-10 11:29:01 -08:00
788cc39498
FIPS Update
...
1. Switch in different versions of rsa.c depending on FIPS v1 or v2.
2. Add the Windows pragmas to rsa.c if building for FIPS v2.
3. Leave out FIPS wrappers from rsa.c if not building for FIPS v1.
2018-01-10 11:29:01 -08:00
6fdbe02291
ECC FIPS
...
Add the ECC API to the FIPS boundary. Included are ECDHE and ECDSA.
2018-01-10 11:29:01 -08:00
274c6ca492
RSA Update
...
1. Fix issue with new key gen options and using old FIPS releases.
2. Modify the FIPS configure option to handle an option for the updated FIPS.
2018-01-10 11:29:01 -08:00
a784142edf
RSA Update
...
1. Added FIPS wrappers for MakeRsaKey(), CheckProbablePrime(), and RsaFlattenPublicKey().
2. Update the API test so that it used appropriate key and message sizes for the RSA testing.
3. Add function to get all parts of a flattened RSA key.
2018-01-10 11:29:01 -08:00
84f6093068
RSA Update
...
1. Replaced MakeRsaKey() function wth a version that follows the NIST prescribed process closer.
2. Added an additional check to RSA key generation to ensure that |p-q| > 2^((nlen/2)-100) per NIST FIPS 186-4 sec B.3.1.
3. Added public API for checking a number being probably prime according to FIPS 186-4.
4. Added a large integer used to check the lower bound of a possible prime.
2018-01-10 11:13:23 -08:00
4afa7c7e22
RSA Update
...
Added mp wrappers for fp_abs() and fp_2expt().
2018-01-10 11:11:56 -08:00
32a345e2f2
Merge pull request #1309 from SparkiDev/pss_var_salt_len
...
Add support in PSS for salt lengths up to hash length
2018-01-10 11:00:47 -08:00
8c900a2391
added in comments and check on return code
2018-01-10 10:33:48 -07:00
d78a6cebd8
allow DSA raw export functions to return buffer sizes
2018-01-10 10:21:58 -07:00
9839809c99
add better comments and update return values
2018-01-10 09:28:56 -07:00
89973a7eaf
cast for call to ecc_point copy function
2018-01-10 09:28:56 -07:00
e9432005d4
build for no old names and fix valgrind report
2018-01-10 09:28:56 -07:00
439498b3c1
remove redefinitions and add guards
2018-01-10 09:28:56 -07:00
23b271da84
clean up after rebase
2018-01-10 09:28:56 -07:00
0deaf1e227
increase max memory bucket size to account for larger WOLFSSL structure with sessioncerts
2018-01-10 09:28:56 -07:00
a60db81d09
check on key type with SetRsaExternal and fix for function name after rebase
2018-01-10 09:28:56 -07:00
d1b24f2bb1
remove unneeded XFREE with small stack
2018-01-10 09:28:56 -07:00
13bc1f64b8
account for larger WOLFSSL structure with save session certs
2018-01-10 09:28:56 -07:00
cecdd50eab
make NID values avaliable with OPENSSL_EXTRA build
2018-01-10 09:28:56 -07:00
4d9675bebe
fix for PKCS12 create with small stack
2018-01-10 09:28:56 -07:00
d758c114b0
fix return value
2018-01-10 09:28:56 -07:00
1b7f4ad1dd
return value check in EVP_PKEY_encrypt
2018-01-10 09:28:56 -07:00
09eeafe4f0
add cipher name "DES-EDE3"
2018-01-10 09:28:56 -07:00
c0db7d02f7
cast for const qualifier match on argument
2018-01-10 09:28:56 -07:00
06891fa14a
session SSL object size increase with compatibility layer
2018-01-10 09:28:56 -07:00
513e3b7338
rebasing compatiblity layer on nginx work
2018-01-10 09:28:56 -07:00
641af21cb0
Fix AES192-ECB in EVP_CipherInit
2018-01-10 09:28:56 -07:00
5237a25699
Add rc4 to EVP_CipherUpdate
2018-01-10 09:28:56 -07:00
21021aa408
Fix EVP_Cipher padding control
2018-01-10 09:28:56 -07:00
326d889658
initialize extra name entries to 0
2018-01-10 09:28:56 -07:00
ab0bc32d4c
resolve rebase by adding an error node pull function
2018-01-10 09:28:56 -07:00
7763a002f3
fix for static analysis warning
2018-01-10 09:28:56 -07:00
0f2a4be832
update tests and memory checking
2018-01-10 09:28:56 -07:00
7a7f686f16
add test case for X509_get_pubkey, d2i_PrivateKey
2018-01-10 09:28:56 -07:00
f802103923
add RSA_new, RSA_LoadDer in d2i_PrivateKey
2018-01-10 09:28:56 -07:00
00670233af
account for fast rsa when testing get rsa size
2018-01-10 09:28:56 -07:00
c8233177c3
fix bio gets and enhance x509 get public key
2018-01-10 09:28:56 -07:00
734e728fba
Fix padding control: EVP_CipherUpdate
2018-01-10 09:28:56 -07:00
150481699f
add BIO_new_file: ssl.c, tests/api.c
2018-01-10 09:28:56 -07:00
546d31c51c
add X509_load_certificate_file
2018-01-10 09:28:56 -07:00
8928160df7
memset structures to 0 in Init functions
2018-01-10 09:28:56 -07:00
340963742a
memory bio flag mapped to wolfSSL
2018-01-10 09:28:56 -07:00
1765246cf7
bio gets test, certificate buffer tests, and increase max static memory bucket size with sessioncerts
2018-01-10 09:28:56 -07:00
ff8da2d4fe
windows and no filesystem build warnings
2018-01-10 09:28:56 -07:00
79ea6b78bb
add name entry and fix build without RSA
2018-01-10 09:28:56 -07:00
03a4b9d2fe
return code checks for PKEY, EVP Sign test
2018-01-10 09:28:56 -07:00
54246053de
WOLFSSL_RSA in EVP_PKEY structure and fixes for PKCS12 build
2018-01-10 09:28:56 -07:00
863034f20f
Fixed RSA_verify. Add test on EVP_Sign/Verify
2018-01-10 09:28:56 -07:00
8e41d32950
EVP MD and PKEY test. Add PKEY_new/free
2018-01-10 09:28:56 -07:00
49816b95e0
Type mismatch AssertInt(x, y, op, er) in api.c
2018-01-10 09:28:56 -07:00
7252a138e0
ASN1 object functions
2018-01-10 09:28:56 -07:00
492809203d
templates for upcoming compatibility functions
2018-01-10 09:28:56 -07:00
35ad1269a8
expand compatibility layer, hmac, dsa gen, pubkey from bio, pseudo rand
2018-01-10 09:28:56 -07:00
e391931711
error put function
2018-01-10 09:28:56 -07:00
704d765501
adjust compat. layer to not include wolfSSL headers where possible, add d2i for X509's, clang-3.3 build
2018-01-10 09:28:56 -07:00
e213e60471
PKCS 8 info function
2018-01-10 09:28:56 -07:00
03b0a07adb
add BN pseudo random function
2018-01-10 09:28:56 -07:00
c552de77f4
PKCS12 create function
2018-01-10 09:28:56 -07:00
2e1068f30c
Added stubs for new OBJ_cleanup, OBJ_nid2obj, OBJ_obj2txt. Added openssl/objects.h for compatibility. Moved around OBJ function defs.
2018-01-10 09:28:30 -07:00
aac050369a
Added API unit tests for new BUF_MEM. Fixed wolfSSL_BUF_MEM_grow handling of negative “len” input. Added GPLv2 header to new buffer.h.
2018-01-10 09:28:30 -07:00
2a4ea5843d
Added new openssl compatibility functions for BUF_MEM_new, BUF_MEM_grow and BUF_MEM_free.
2018-01-10 09:28:30 -07:00
c237980d47
typedef struct Aes in openssl/aes.h
2018-01-10 09:28:30 -07:00
d5a0b81e97
fix SSL_load_error_strings redefinition
2018-01-10 09:28:30 -07:00
392b1c6f36
EVP verify final type change. Resolve Ubuntu build and clang warning
2018-01-10 09:26:58 -07:00
921eb03a01
add PEM read bio private key function and update reading a memory bio
2018-01-10 09:26:58 -07:00
f9eb8f8f6d
missing rename SSL_check_private_key, DSA_dup_DH
2018-01-10 09:26:58 -07:00
9290b2e464
RAND cleanup and no-op functions for compatibility -- brackets added to ssl.c if statements for gcc-6
2018-01-10 09:26:58 -07:00
4f76e33bc7
add test on EVP_Encrypt/DecryptFinal
2018-01-10 09:26:58 -07:00
d113acb5ab
add EVP_MD_CTX_type
2018-01-10 09:26:58 -07:00
a29f15feff
add EVP_VerifyFinal, RSA_verify
2018-01-10 09:26:58 -07:00
54af9fb884
compatibility mapping for STORE_CTX functions and added test case
2018-01-10 09:26:58 -07:00
f0c19ba9b2
add internal to DER X509 function
2018-01-10 09:26:58 -07:00
11d42f5112
add X509 new function
2018-01-10 09:26:58 -07:00
7da0f50457
tests for added DES functions and fix check on DES key
2018-01-10 09:26:58 -07:00
cf6f4718e8
add public function to check if a DES key is weak
2018-01-10 09:26:58 -07:00
bebe60a4c1
EVP PKEY RSA encrypt/decrypt, tentative
2018-01-10 09:26:58 -07:00
a11e389bc8
EVP_PKEY templates
2018-01-10 09:26:58 -07:00
f695683fd0
begin BIO gets functions
2018-01-10 09:26:58 -07:00
2b75d0faf3
asn1 string compatibility
2018-01-10 09:26:58 -07:00
b9197f96db
Merge pull request #1305 from JacobBarthelmeh/DH
...
add dh header to test.h and adjust macro guards
2018-01-10 08:09:51 -08:00
36f621db1c
Merge pull request #1308 from JacobBarthelmeh/Compatibility-Layer
...
change place holders to be void* type and add comment to compatibilit…
2018-01-10 08:08:54 -08:00
87109dd46e
Add support in PSS for salt lengths up to hash length
...
Added non-inline RSA-PSS verify
Added tests of RSA-PSS
Fixed comments in TLS v1.3 code
Added PSS salt length error
2018-01-10 10:16:32 +10:00
e77a05c3b2
change place holders to be void* type and add comment to compatibility header files
2018-01-09 17:08:54 -07:00
0bfa399b6c
fix check key pair match with ECC
2018-01-09 16:13:46 -07:00
fc754ba88e
Merge https://github.com/wolfssl/wolfssl
2018-01-09 14:15:39 -07:00
e6cef73658
html and pdf documentation for wolfssl, generated by doxygen
2018-01-09 14:12:06 -07:00
7d3c502c47
add dh header to test.h and adjust macro gaurds
2018-01-09 12:06:43 -07:00
30f8f7d409
Make clean rules more portable
...
(If this directory were ever to move using ../../ is insufficient. Use the WOLFSS_ROOT variable instead.
2018-01-09 10:48:13 -07:00
09bb2e5837
clarify DSA variable names, use WOLFSSL_BIT_SIZE
2018-01-08 17:06:33 -07:00
4c65726091
Merge pull request #1296 from JacobBarthelmeh/DH
...
add DH Agree callback
2018-01-08 15:19:12 -08:00
e42fea8710
add unit tests for DSA raw key and param import/export functions
2018-01-08 13:36:06 -07:00
fc563550c6
add DSA raw params import export, raw key export functions
2018-01-08 13:36:01 -07:00
61f6b9ce0f
add DSA 186-4 key generation
2018-01-08 09:54:27 -07:00
11fdef0206
Merge pull request #1297 from cconlon/pkcs7signedfix
...
fix for PKCS#7 SignedData RSA signature types, include hash function
2018-01-05 13:34:12 -07:00
b22ae9de4c
add DH callback to example server and client
2018-01-05 11:56:59 -07:00
91138648aa
Merge pull request #1302 from dgarske/fix_readme
...
Fix typo in readme for enabling old TLS 1.0
2018-01-05 09:15:30 -07:00
e1505bb857
Merge pull request #1301 from ejohnstown/drbg-warn
...
DRBG Warning Fix
2018-01-04 18:43:31 -08:00
bc8625cbea
Fix typo in readme for enabling old TLS 1.0 using ./configure --enable-tlsv10.
2018-01-04 15:46:03 -08:00
983aa97f94
DRBG Warning Fix
...
1. Some compilers will warn on unused constants. Removed the constant DRBG_ERROR which is unused and causing warnings on a particular build.
2. Renumbered the remaining internal return codes.
2018-01-04 15:22:58 -08:00
9315d18901
Merge pull request #1294 from dgarske/log_improve
...
Improvements to logging
2018-01-04 10:15:22 -08:00
34df8b98bf
fix for PKCS#7 SignedData RSA signature types, include hash function
2018-01-04 10:55:17 -07:00
effb751204
Add build scripts for default SGX build and improve cleanup
2018-01-04 10:38:56 -07:00
bc7b1a8a1f
handle degenerate case with PKCS7
2018-01-04 09:45:43 -07:00
915f628bc7
add DH Agree callback
2018-01-03 16:47:15 -07:00
3f53e8d1dd
Merge pull request #1270 from JacobBarthelmeh/CAAM
...
add CAAM with INTEGRITY support
2018-01-03 08:14:46 -08:00
ab3d1e85cf
Fix to disable log output for WOLFSSL_ERROR with WOLFSSL_NGINX defined. Cleanup on the loggingEnabled.
2018-01-02 19:30:33 -08:00
d0bd52910f
Fix for issue with unit test where mutliple threads are outputting log data.
2018-01-02 18:20:23 -08:00
01f603ad65
add documentation, macro for no AES hw or HASH hw, use usleep when waiting for entropy
2018-01-02 15:00:35 -07:00
f2375f3fee
Merge pull request #1271 from SparkiDev/chacha20_sb
...
Improve performance of small number of blocks for chacha20
2018-01-02 09:40:49 -08:00
d8ff36e692
Merge pull request #1285 from jrblixt/unitTest_api_addEcc-PR08042017
...
Add ECC unit test functions.
2017-12-29 15:02:07 -07:00
6c76a89785
Add ECC unit test functions.
...
Change per David RE: WOLFSSL_ATECC508A
Jenkins fix.
Changes per Chris.
2017-12-29 13:03:45 -07:00
b53f2a1ac1
Improvements to logging. Added new build option WOLFSSL_DEBUG_ERRORS_ONLY to reduce logging/code size when building with DEBUG_WOLFSSL. Added new WOLFSSL_ERROR_MSG(const char* msg) API for logging errors. Exposed the logging API's. Improvements to the wolfCrypt logging_test. Moved wolfSSL_Debugging_ON and wolfSSL_Debugging_OFF to logging.h.
2017-12-29 10:44:51 -08:00
0af93ffd08
Merge pull request #1290 from jrblixt/unitTest_api_addEd25519-PR08092017
...
Added Ed25519 to unit test functions.
2017-12-29 11:31:48 -07:00
ad4cf69993
Moved doxygen API comments in to a seperate directory
2017-12-29 10:57:14 -07:00
8a51df9fd8
Spacing issue per Chris.
2017-12-29 09:48:35 -07:00
272e37767b
Merge pull request #1293 from dgarske/bench_emb
...
Fix for building with `BENCH_EMBEDDED`
2017-12-29 09:19:50 -07:00
f71047ef2d
Fix for building with BENCH_EMBEDDED. Fix for building without OPENSSL_EXTRA where wolfSSL_OPENSSL_malloc assumes size_t is defined. Improvements to the GCC-ARM IDE example.
2017-12-29 08:19:21 -08:00
f492c4f120
Merge pull request #1264 from dgarske/wolf_extra
...
Adds new `WOLFSSL_EXTRA` define to expose useful compatibility API's
2017-12-28 16:10:09 -08:00
555551b745
Added Ed25519 to unit test functions.
2017-12-28 09:42:51 -07:00
83cb000958
Merge pull request #1289 from jrblixt/unitTest_api_addCmac-PR08162017
...
AES_CMAC unit test functions added.
2017-12-27 15:54:32 -07:00
84ecf94263
spelling mistakes, formatting, and change error name
2017-12-27 15:24:14 -07:00
0c709a9088
Merge pull request #1098 from jrblixt/unitTest_api_addSha3-PR08112017
...
Sha3 unit test functions.
2017-12-27 15:23:14 -07:00
3c6443e1e5
Added wolfSSL_CTX_set_client_CA_list and wolfSSL_SSL_CTX_get_client_CA_list to WOLF_EXTRA.
2017-12-27 08:55:28 -08:00
d75c2e2a91
Added new WOLFSSL_EXTRA define for expanded API's without openssl extra. Removed old GOAHEAD_WS, which had build errors and current project requires full openssl extra compatability. Fix unused arg build warnings for OCSP. The WOLFSSL_EXTRA adds: wolfSSL_CTX_set_quiet_shutdown, wolfSSL_set_quiet_shutdown, wolfSSL_set_accept_state and wolfSSL_set_connect_state.
2017-12-27 08:55:28 -08:00
0e9cd7a3d7
Merge pull request #1292 from moisesguimaraes/fixes-ocsp-stapling
...
fixes OCSP Stapling v2 tests
2017-12-27 08:53:18 -08:00
263525d812
enables OCSPStapling CM for ocspstapling2
2017-12-26 22:57:20 -03:00
43c234029b
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:32:21 -03:00
22fc90006b
AES-XTS performance enhancement
2017-12-23 14:44:32 -07:00
cf1575fafb
AES-GCM performance enhancement
2017-12-23 14:44:32 -07:00
6d3166316b
set input size constraints for AES-ECB mode with driver
2017-12-23 14:44:31 -07:00
fe7dec0edb
refactor input/output with AES and fix sizes passed in
2017-12-22 12:18:04 -07:00
1bbe18bb8d
Merge pull request #1234 from abrahamsonn/readme-fix
...
README updates to attempt to improve GitHub search positioning
2017-12-21 16:29:03 -07:00
2660ff0b93
Merge pull request #1251 from kojo1/openSSL-Compat-201711
...
openSSL compatibility 201711
2017-12-21 16:25:46 -07:00
b3eef2b10e
formating and removing white space, also added sanity check on blob arguments
2017-12-21 14:26:22 -07:00
d1ee0f3d0d
Merge pull request #1288 from cconlon/release3.13
...
wolfSSL 3.13.0 README and version updates
2017-12-21 12:01:38 -08:00
9c74c4d69b
update library version for 3.13.0 in rpm/spec.in
2017-12-21 10:09:29 -07:00
8bebadcd4b
update library version for 3.13.0 in configure.ac/version.h
2017-12-21 09:54:19 -07:00
d848a15fc8
update README for 3.13.0
2017-12-21 09:48:52 -07:00
5f4cc1a5ed
Merge pull request #1287 from cconlon/inferfixes
...
Release fixes from Facebook infer
2017-12-20 17:57:17 -08:00
212f2d0ca8
Merge pull request #1286 from cconlon/fixes
...
Release prep fixes
2017-12-20 16:32:45 -08:00
22f25fa9bb
add NULL ctx argument check to wolfSSL_X509_STORE_CTX_set_time()
2017-12-20 17:30:09 -07:00
8ab4e5d18c
fix NULL pointer dereference in wolfSSL_CTX_new() for ctx->srp if ctx is NULL
2017-12-20 17:21:57 -07:00
6bb60581ea
free WOLFSSL_BIGNUM when wolfSSL_BN_mod_inverse() fails if dynamic
2017-12-20 17:04:59 -07:00
4552c8a4a7
AES_CMAC unit test functions added.
2017-12-20 15:44:44 -07:00
adc8ca0f16
api.c fix for fast-rsa
2017-12-20 15:13:13 -07:00
be4d3c8321
fix for SetBitString() defined but not used
2017-12-20 15:02:35 -07:00
7bc5bcb86a
benchmark.c fixes for NO_MAIN_DRIVER, const arrays
2017-12-20 14:55:35 -07:00
fd292b1ae4
check key for NULL in wc_ecc_import_private_key_ex()
2017-12-20 14:45:46 -07:00
28582ad5d9
remove HMAC from driver, it was never completely stable yet
2017-12-20 14:21:15 -07:00
51c3427a27
Merge pull request #1284 from cconlon/fixes
...
scan-build, valgrind, and test.c fixes
2017-12-20 13:06:26 -08:00
20e69460b0
minor change of variable name and add settings check
2017-12-20 13:59:20 -07:00
0c01533fe4
Merge pull request #1280 from dgarske/crypto_hw
...
Add crypto hardware support for ECC sign
2017-12-20 11:34:39 -08:00
2460a3de3d
fix asn_test print in test.c
2017-12-20 12:28:27 -07:00
e97f8b5a9c
fix scanbuild issues, internal.c and tfm.c
2017-12-20 12:18:49 -07:00
f93ed32cb3
fix scanbuild issue, use of NULL pointer in wc_Sha256Update
2017-12-20 11:48:09 -07:00
4dc49590db
Merge pull request #1282 from SparkiDev/tls13_win
...
Fix for building TLS v1.3 code on Windows
2017-12-20 10:38:27 -08:00
e4ac38c532
fix valgrind use of uninitialized value warning
2017-12-20 11:35:30 -07:00
351a673ec0
Add AES-CCM hardware acceleration support and other fixes
2017-12-20 11:16:11 -07:00
3a6d5b8f90
formating / add c files to distro / remove unneeded macros
2017-12-20 11:16:11 -07:00
5fa9455bf9
add CAAM with INTEGRITY support
2017-12-20 11:16:11 -07:00
98603d9e74
Sha3 unit test functions.
...
Code review changes per Chris.
2017-12-20 10:49:24 -07:00
696ddc9b71
Added wolfSSL_CTX_SetDevId and wolfSSL_SetDevId to allow setting devId. Use #define macro to map the original async wolfSSL_CTX_UseAsync and wolfSSL_UseAsync API's to the new ones.
2017-12-20 09:08:01 -08:00
ac8996c9bc
Merge pull request #1281 from dgarske/fix_ocsp_nb_checkall
...
Fix for OCSP non-blocking with check all flag set
2017-12-20 09:04:09 -08:00
d94d90a22e
Merge pull request #1276 from dgarske/http_appstr_list
...
Fix for processing HTTP responses to accept a list of application strings
2017-12-20 09:03:14 -08:00
b40b13c0eb
Merge pull request #1279 from SparkiDev/fe_init_ed25519
...
Fix fe_init to be avaible when compiling ED25519 only
2017-12-20 09:12:42 -07:00
4712376ce1
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
fa2db8b22e
Fix for building TLS v1.3 code on Windows
2017-12-20 10:32:33 +10:00
9f51674be4
Merge pull request #1278 from cconlon/winfix
...
fix Windows Visual Studio warnings
2017-12-19 15:55:13 -08:00
aa4f38143e
Fix fe_init to be avaible when compiling ED25519 only
2017-12-20 09:27:50 +10:00
574beff4cc
fix Windows Visual Studio warnings
2017-12-19 13:57:33 -07:00
c0f2a0c77b
Support for crypto hardware on ECC sign using Crypto_EccSign.
2017-12-19 12:51:45 -08:00
5235e256c7
Merge pull request #1277 from JacobBarthelmeh/Testing
...
Testing
2017-12-19 12:38:35 -08:00
89e57f4159
protect against AES-CCM copy to smaller local buffer
2017-12-19 11:55:40 -07:00
0d5a772348
revert macro to allow AES keywrap and AES XTS with ARM assembly
2017-12-19 11:49:30 -07:00
d6472c7f71
Merge pull request #1272 from ejohnstown/pkcs5-fix
...
PKCS5 Fixes
2017-12-19 10:09:14 -08:00
05d0176b84
Fix for processing HTTP responses to accept a list of application strings. Specifically for CRL which has both "application/pkix-crl" and "application/x-pkcs7-crl". Both CRL formats are the same and both parse correctly. Applies to --enable-crl with HAVE_CRL_IO only.
2017-12-19 09:54:03 -08:00
ba4ff62953
Merge pull request #1169 from JacobBarthelmeh/Testing
...
fix DH free with switch from server to client side
2017-12-19 09:50:41 -08:00
9a6a4f6e02
Merge pull request #1245 from danielinux/chibios_port
...
Chibios port
2017-12-19 09:19:38 -08:00
fd0088fb34
Merge pull request #1269 from ghoso/signal-dev
...
Add support for libsignal-protocol-c
2017-12-19 09:30:03 -07:00
b9cda18be9
change type with free to match malloc'd type
2017-12-19 09:08:41 -07:00
7662bd58f0
fix DH free with switch from server to client side
2017-12-19 09:08:41 -07:00
5be8c7fa1a
Merge pull request #1275 from dgarske/fix_async_sim_wctest
...
Fix for wolfCrypt test with async
2017-12-19 07:19:04 -08:00
d08572164f
Merge pull request #1148 from dgarske/fix_ecc508a
...
Fixes to `WOLFSSL_ATECC508A` support to allow import/export
2017-12-19 07:17:41 -08:00
f939f407c5
Merge pull request #1268 from cconlon/eccpkcs8
...
Add ECC private key export for unencrypted PKCS#8
2017-12-19 07:16:21 -08:00
31aa5e308d
Improve performance of small number of blocks for chacha20
2017-12-19 18:02:21 +10:00
bfed9f28d3
Modification for compliling application with libsignal-protocol-c.
2017-12-19 13:19:05 +09:00
e6334fdaf8
PKCS5 Fixes
...
1. Fix issue where optional and default items in the ASN.1 blob were not getting "parsed" correctly.
2. Added OIDs for the SHA based HMACs.
3. Removed some redundant constants from key decryption.
4. Updated the DecryptKey() function to handle AES256-CBC.
5. Updated the DecryptContent() function to act like DecryptKey().
2017-12-18 17:08:29 -08:00
ddae61afbd
Merge pull request #1259 from dgarske/fix_ocsp_nonblock
...
Fixes for handling non-blocking OCSP
2017-12-18 16:43:24 -08:00
6b4b17a07d
Fix for wolfCrypt test with async simulator, which requires polling on the ECC make key.
2017-12-18 16:39:53 -08:00
680f78f2ae
Merge pull request #1274 from dgarske/fix_jenkins
...
Fixes to address Jenkins issues
2017-12-18 16:31:02 -08:00
57c0b5d4ac
Adjustment to fix for --enable-32bit where time_t is not long.
2017-12-18 14:34:40 -08:00
5b003918ef
Fix for #ifdef issue causing some X509 functions to be unavailable when DH and ECC were disabled. Fix for HashAlgoToType not being available if building with DH and ECC disabled and RSA PSS enabled.
2017-12-18 11:10:12 -08:00
bbd27b491e
Fix for building with --enable-32bit where test assumes time_t is long.
2017-12-18 11:04:40 -08:00
7a59275688
add arg check, wolfSSL_CTX_clear_options
2017-12-16 09:03:44 +09:00
6421324287
add arg check
2017-12-15 05:45:45 +09:00
db7cd22645
remove ECC key conversion functions from WOLFSSL_KEY_GEN
2017-12-13 09:44:47 -07:00
43ef843257
add ECC private key export for unencrypted PKCS#8
2017-12-13 09:44:36 -07:00
bacbc06856
Merge pull request #1263 from SparkiDev/fe_init_fix
...
Only implement and call fe_init when available
2017-12-12 16:25:09 -08:00
26019b3441
Merge pull request #1262 from SparkiDev/benchmark
...
Improve benchmark program
2017-12-11 15:55:00 -08:00
1bf8dc5246
Merge pull request #1265 from SparkiDev/sp_init_mp
...
Initialize mp for compilers that don't track if conditions
2017-12-11 09:19:16 -08:00
704b332960
Add usage information
...
Only recognize on command line algorithms compiled in.
2017-12-11 11:40:11 +10:00
8ee1996e39
Initialize mp for compilers that don't track if conditions
2017-12-11 09:44:47 +10:00
137eb291cd
Merge pull request #1261 from SparkiDev/tls_def_fix
...
Fix placement of #endif
2017-12-08 07:57:10 -08:00
c457ca462a
Only implement and call fe_init when available
2017-12-08 14:16:24 +10:00
2954b67f96
Improve benchmark program
...
Supports command line choosing of algorithms to benchmark.
Display benchmarks in powers of 10 (1000, 1000*1000) instead of
powers of 2 (1024, 1024*1024).
2017-12-08 13:57:34 +10:00
de05c563b6
Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS.
2017-12-08 03:12:33 +01:00
4f97a49213
Fix placement of #endif
2017-12-08 09:13:53 +10:00
87690ce8bd
Merge pull request #1257 from dgarske/xcode_fixes
...
Xcode project improvements inc/benchmark tool
2017-12-07 08:44:03 -08:00
bababf115a
Moved to IDE/XCODE. Fixed build warnings with xcode. Updated the user_settings.h to support fast math, ECC, timing resistance, single precision math, ARMv8, SHA3, ChaCha20/Poly1305, Ed/Curve25519 and ensure default disables are defined. Added Xcode iOS benchmark example. Runs wolfCrypt test, wolfCrypt benchmark and the new TLS benchmark by cipher suite.
2017-12-07 11:02:19 +01:00
24ef88f6f0
Merge pull request #1258 from SparkiDev/sp_from_mp_fix
...
Fix loading of MP
2017-12-07 01:58:56 -08:00
d78734f37d
Fix loading of MP
2017-12-07 17:50:47 +10:00
4c4b02bb31
Merge pull request #1256 from SparkiDev/ed25519_perf
...
Ed25519 perf
2017-12-04 14:42:03 -08:00
5a56757018
Merge pull request #1250 from SparkiDev/curve25519_asm
...
Intel ASM code for Curve25519
2017-12-04 14:38:12 -08:00
d11581aaff
new lines, BAD_FUNC_ARG
2017-12-01 09:49:38 +09:00
34ecfda145
Check for ADX instructions
2017-12-01 08:55:46 +10:00
e8e5179d1c
Optimize the Ed25519 operations
2017-12-01 08:54:12 +10:00
29943dc352
Redo reduce and muladd to be cleaner
2017-12-01 08:54:12 +10:00
f2b8ffa919
Check for ADX instructions
2017-12-01 08:51:24 +10:00
3cdf3565c8
Intel ASM code for Curve25519
...
AVX2 added as well
2017-11-30 12:34:05 +10:00
98235f9e36
fix hard tabs
2017-11-30 09:08:59 +09:00
57e5648a5d
Merge pull request #1247 from kaleb-himes/pre-processor-logic-fix
...
Proposed fix for build-time errors with (mp/fp)_s_rmap when debug ena…
2017-11-30 09:29:28 +10:00
909b519139
Merge pull request #1254 from dgarske/fix_ecpoint_leak
...
Fix leak with `wolfSSL_EC_POINT_mul`
2017-11-29 14:51:56 -08:00
eeca36dc75
Merge pull request #1249 from SparkiDev/avx2_fix
...
Make AVX2 code compile in on Mac
2017-11-29 14:49:30 -08:00
8e91d9ffd9
Merge pull request #1244 from SparkiDev/sha3_fast
...
SHA-3 fast code is smaller and a bit faster
2017-11-29 14:45:57 -08:00
ecb9e799a9
Merge pull request #1243 from dgarske/def_sec_reneg
...
Adds new define to enable secure-renegotiation by default
2017-11-29 14:40:23 -08:00
b664a1187b
fix hard tabs, new line
2017-11-29 07:03:00 +09:00
af1f48ccb5
Fix leak with EC Point mul, where inSet wasn't being set, which caused a leak.
2017-11-28 13:00:26 -08:00
64caf325f8
add ctx == NULL checks, fix spacing
2017-11-28 10:16:24 +09:00
792672e77b
Merge pull request #1252 from kojo1/IAR-EWARM
...
update IAR-EWARM projects
2017-11-27 11:37:57 -07:00
718455f9c6
Merge pull request #1248 from cconlon/oidfix
...
fix CTC_SHA224wECDSA oid sum
2017-11-27 09:13:03 -08:00
a4f5b2e29f
Added the requested changes
2017-11-27 09:50:12 -07:00
a14b67100b
refactor following feedback
2017-11-27 08:47:58 -07:00
4cd39b4bfb
refine dummy current_time to avoid infinit waiting loop
2017-11-27 09:03:50 +09:00
a3b2817036
refine user_settings.h for EWARM projects
2017-11-27 09:02:40 +09:00
86a287be01
fix compile error with EWARM
2017-11-27 09:01:33 +09:00
f53fca88e6
Eliminate unused macro options in project properties
2017-11-27 09:00:19 +09:00
8a1de2f69d
update file listed in wolflib project
2017-11-27 07:59:06 +09:00
8f31d36bcd
gurde SSL_get_peer_cert_chain->count check by macro option
2017-11-25 06:25:15 +09:00
eb85accea9
Fix 'buffer' shadows a global (2)
2017-11-25 03:59:35 +09:00
79b648c006
Fix ‘buffer’ shadows a global
2017-11-24 18:21:32 +09:00
ac83445032
eliminate redundant dec, wolfSSL_CTX_get_options
2017-11-24 13:26:40 +09:00
a320ca92fb
fix rebase miss
2017-11-24 08:21:27 +09:00
fce1b90b63
SSL_get_peer_cert_chain(ssl)->count value check in api.c
2017-11-24 08:09:41 +09:00
91c1a0a810
move (void) for Visual Studio
2017-11-24 08:07:32 +09:00
803bd7c612
Review feedbacks: refactor test_SSL_set_options and add SSL_clear_option
2017-11-24 08:07:32 +09:00
c6988b74b1
Remove unused files
2017-11-24 08:03:16 +09:00
c195c85999
merge master
2017-11-24 08:03:16 +09:00
f1befc0e87
Make AVX2 code compile in on Mac
...
Fix problems not seen due to AVX2 define being off.
2017-11-24 08:49:45 +10:00
3c0a146cd7
SSL_CTX_clear_options return verue
2017-11-24 06:27:36 +09:00
dace30cfac
Missing X509_STORE_CTX_free(ctx);
2017-11-24 06:27:36 +09:00
a8bc2df19c
static bucket size for SSL
2017-11-24 06:27:36 +09:00
05b9b39e06
free ctx->alpn_cli_protos
2017-11-24 06:27:36 +09:00
196bcf6f51
remove unused velues
2017-11-24 06:27:36 +09:00
279f12cc7d
fix test_wolfSSL_msgCb
2017-11-24 06:27:35 +09:00
0d69376e95
SSL_CTX_clear_options macro switch
2017-11-24 06:05:01 +09:00
527c94c06b
add test_wolfSSL_msgCb
2017-11-24 06:02:01 +09:00
a9cbb0ee10
add api tests
2017-11-24 05:52:25 +09:00
5f025de0f8
pull ssl->protoMsgCb() from Part5
2017-11-24 05:49:41 +09:00
06455436d3
add ERR_load_BIO_strings
2017-11-24 05:49:41 +09:00
5b16fe2f3c
add X509_STORE_CTX_set_verify_cb
2017-11-24 05:49:41 +09:00
b8c5218ad3
add SSL_CTX_set_alpn_protos
2017-11-24 05:49:41 +09:00
1bcec16509
add SSL_get_peer_cert_chain
2017-11-24 05:47:20 +09:00
a320464c5a
add SSL_set_msg_callback_arg
2017-11-24 05:44:54 +09:00
7e579e46aa
pull SSL_set_msg_callback from Part5
2017-11-24 05:42:35 +09:00
12a9f41755
add SSL_CTX_clear_options
2017-11-24 05:38:24 +09:00
d967129581
add BN_mod_mul
2017-11-24 05:38:24 +09:00
cf00f6ae1d
fix CTC_SHA224wECDSA oid sum
2017-11-22 17:07:13 -07:00
8c15c65343
Merge pull request #1216 from abrahamsonn/windows-errors
...
Windows errors
2017-11-21 15:21:14 -08:00
2308b0769a
Changed "ifdef _WIN32" to "ifdef USE_WINDOWS_API"
2017-11-21 14:15:47 -07:00
ff64ca17f4
Merge branch 'origin/master' into chibios_port
2017-11-21 20:00:07 +01:00
400d56a1a9
SHA-3 fast code is smaller and a bit faster
2017-11-21 12:22:08 +10:00
01233edb44
Merge pull request #1242 from cconlon/pkcs7des
...
PKCS7 and SCEP need either AES or 3DES enabled, error out if not
2017-11-20 16:27:50 -08:00
60a6da1c14
Adds new option to enable secure-renegotiation by default (used by IIS for client authentication). WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT.
2017-11-20 16:15:06 -08:00
e3a4f468c1
PKCS7 and SCEP need either AES or 3DES enabled, error out if not
2017-11-20 13:16:44 -07:00
baf655df23
Merge pull request #1241 from SparkiDev/tls13_rec_pad
...
Handle reading record layer padding in TLS v1.3
2017-11-20 11:35:15 -08:00
5ccf54dd1a
Handle reading record layer padding
2017-11-20 12:08:18 +10:00
935f33ab54
Merge pull request #1240 from cconlon/tls13issue
...
fix illegal use of type warning on Windows for TLS 1.3
2017-11-17 13:12:41 -08:00
21e391fbce
Merge pull request #1235 from SparkiDev/tls13_draft21
...
Update code to support Draft 21 of TLS v1.3
2017-11-17 13:11:03 -08:00
4839aca7ba
fix illegal use of type warning on Windows for TLS 1.3
2017-11-17 06:42:15 -07:00
8badc334ea
Merge pull request #1239 from JacobBarthelmeh/AES
...
fix AES ECB sanity checks
2017-11-16 13:57:47 -08:00
6793a7bc4c
Voided 2 variables outside of their ifdef's
2017-11-16 14:54:54 -07:00
53ec80b291
Merge pull request #1238 from cconlon/pkcs7cleanup
...
PKCS7 cleanup: remove dependencies on 3DES and SHA1
2017-11-16 13:51:57 -08:00
653cce17e5
Merge pull request #1237 from cconlon/pkcs7encrypted
...
PKCS7: optionally compile out EncryptedData content type
2017-11-16 13:50:43 -08:00
9d2c739d6d
Merge pull request #1236 from kaleb-himes/sean-changes
...
Fix AES-GCM code to compile with GCC 4.8.*
2017-11-16 13:50:08 -08:00
947fceda6d
Merge pull request #1232 from dgarske/disable_oldtls_v1_0
...
Disable TLS v1.0 by default
2017-11-16 13:49:03 -08:00
d741474f03
Merge pull request #1220 from SparkiDev/sha2_asm_perf
...
Improve speed of Intel AVX1/2 ASM for SHA-256 and SHA-512
2017-11-16 13:47:12 -08:00
877b6c35a2
Merge pull request #1233 from kaleb-himes/TI_CRYPT_UPDATE
...
resolving build-time issues when using TI-CRYPT
2017-11-16 12:40:46 -08:00
a89280ac91
fix AES ECB sanity checks
2017-11-16 13:27:57 -07:00
30e8f5539b
PKCS7 cleanup: remove dependencies on 3DES and SHA1
2017-11-16 10:37:47 -07:00
ea7f2e4548
PKCS7: optionally compile out EncryptedData type with NO_PKCS7_ENCRYPTED_DATA
2017-11-16 09:15:02 -07:00
20edc0e961
Remove use of data from SHA-2 data structures
...
Only compiled and used with Intel speed-up code
2017-11-16 08:59:21 +10:00
fd9a2a8d62
Change function to macro for GCC 4.8.*
...
GCC 4.8.* bug can't handle parameter that is a pointer to __m128i
2017-11-16 08:32:45 +10:00
098edc2845
Merge pull request #1229 from dgarske/fix_static_rsa_pad
...
Fix for handling of static RSA padding failures
2017-11-15 12:31:38 -08:00
9dd8baecc0
Fix when RORX implementations are compiled and used
2017-11-15 16:56:19 +10:00
cb8e284464
Update code to support Draft 21 of TLS v1.3
2017-11-15 16:40:48 +10:00
901eab7e06
README updates to attempt to improve GitHub search positioning
2017-11-14 15:51:32 -07:00
9ce73cf1a6
Add stub functions for Aes/Des Init/Free in TI_CRYPT
2017-11-14 15:30:16 -07:00
fe7318455f
Incorrect placement of variable casting
2017-11-14 15:19:40 -07:00
110409218c
Fix for sniffer to use TLS v1.2 client method.
2017-11-14 14:09:44 -08:00
fd455d5a5e
Fix for handling of static RSA PKCS formatting failures so they are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete PMS_VERSION_ERROR.
2017-11-14 14:05:50 -08:00
f17470b42b
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
d5cc3ca198
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 14:01:31 -08:00
cc65429946
Merge pull request #1231 from dgarske/fix_max_sigalgo
...
Fixes and cleanup for handling of sig/algo
2017-11-14 13:25:29 -08:00
815cbd8f68
Merge pull request #1227 from moisesguimaraes/adds-client-side-get-sni
...
enables wolfSSL_SNI_GetRequest() at client side.
2017-11-14 13:22:37 -08:00
a0931313dd
Merge pull request #1226 from SparkiDev/aes_gcm_avx1_avx2
...
Improve AES-GCM performance on AVX1 (IvyBridge) and AVX2
2017-11-14 13:03:22 -08:00
20f5c61675
Added debug message when signature/algorithm list is truncated.
2017-11-14 10:31:48 -08:00
67451cc3e2
Fix for older compilers and AVX2
2017-11-14 11:36:22 +10:00
1ede982495
Improve speed of Intel AVX1/2 ASM for SHA-256 and SHA-512
2017-11-14 10:36:17 +10:00
0ade0eb55b
Merge pull request #1224 from dgarske/get_version
...
Improvements to wolfSSL get/set version
2017-11-13 16:05:22 -08:00
fd4b3b40ac
Merge pull request #1222 from dgarske/pem_public
...
Fixes for PEM public key functions
2017-11-13 16:03:04 -08:00
69461ae5e2
Merge pull request #1217 from dgarske/sha_slow
...
New `--enable-lowresource` option and SHA256 not unrolled support
2017-11-13 16:02:01 -08:00
35377d933e
Merge pull request #1228 from abrahamsonn/2275
...
Moved variable declaration to beginning of block
2017-11-13 15:19:27 -08:00
b08a99057c
Cleanup of hashSigAlgo handling in DoClientHello.
2017-11-13 15:02:13 -08:00
9f7e40ad5c
Fix to make sure provided sigalgo list doesn't overflow the buffer.
2017-11-13 14:52:53 -08:00
2b5c4ffa7f
Enhancement to allow override of maximum sig/algos using new WOLFSSL_MAX_SIGALGO define (default is 32).
2017-11-13 14:35:15 -08:00
5da82f43ed
makes SNI.status available at client side
2017-11-13 16:10:23 -02:00
020a004bad
makes SNI.status available at client side
2017-11-13 15:39:24 -02:00
9f72f018e0
Moved variable declaration to beginning of block
2017-11-13 10:28:22 -07:00
fe5b512af7
fixes commnet typos
2017-11-13 14:59:47 -02:00
f82f03f982
fixes API visibility
2017-11-13 14:53:56 -02:00
a23b65751d
enables wolfSSL_SNI_GetRequest() at client side.
2017-11-13 13:58:14 -02:00
6c848e7133
Improve AES-GCM performance on AVX1 (IvyBridge) and AVX2
2017-11-13 15:43:30 +10:00
3b0d415ad9
Merge pull request #1223 from JacobBarthelmeh/Memory
...
fix for logging file names
2017-11-10 14:04:55 -08:00
149559e40f
change WOLFSSL_MAX_ERROR_SZ to be a macro instead of enum
2017-11-10 13:29:49 -07:00
54c663ed49
Added new API wolfSSL_GetVersion to get version as wolfSSL value which can be passed into wolfSSL_SetVersion. Fixed duplicate CyaSSL_CTX_use_PrivateKey_buffer define. Added TLS1.3 to wolfSSL_SetVersion.
2017-11-10 11:13:48 -08:00
686f18825a
Merge pull request #1209 from moisesguimaraes/tlsx-fix2
...
TLSX fixes
2017-11-10 08:44:58 -08:00
d7abd5c8fb
changes WOLFSSL_SKIP_UNSUPPORTED_EXTENSION to WOLFSSL_OLD_UNSUPPORTED_EXTENSION
2017-11-10 11:35:49 -02:00
39ad478973
make the WOLFSSL_MAX_ERROR_SZ overridable
2017-11-09 17:07:00 -07:00
7733ee7e89
fix for logging file names
2017-11-09 15:54:24 -07:00
2ba5475cf3
Merge pull request #1219 from JacobBarthelmeh/master
...
fix unused variable warning
2017-11-09 14:33:49 -08:00
8ced766d61
fix warning for static analysis report
2017-11-09 13:16:29 -07:00
717ebf0146
Fix for wolfSSL_PubKeyPemToDer so its available when NO_FILESYSTEM is defined (moved it out of NO_FILESYSTEM block). Added wc_DerToPemEx support for PUBLICKEY_TYPE.
2017-11-09 11:15:33 -08:00
5a5fea7b46
Add USE_SLOW_SHA256 and USE_SLOW_SHA512 options for reduced code size of SHA. Existing USE_SLOW_SHA2 applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new ./configure --lowresource option, which defines the memory reduction defines. Fix for make check resume.test scipt with NO_SESSION_CACHE defined.
2017-11-09 11:05:28 -08:00
40be578415
fix unused variable warning
2017-11-09 11:22:10 -07:00
29b091eae6
Merge pull request #1221 from SparkiDev/warn_fix1
...
Fix warnings and g++ casting error
2017-11-09 09:35:54 -08:00
127c849594
Merge pull request #1215 from dgarske/fix_stm32_cubemx_sha
...
Fix accidental removal of wc_Sha hashHandle for STM32 w/CubeMX
2017-11-09 09:07:34 -08:00
ddec639712
Merge pull request #1218 from dgarske/fix_powerpc_debug
...
Fix for build error on PowerPC with enable debug
2017-11-09 09:06:43 -08:00
6a825ea0ce
Fix warnings and g++ casting error
2017-11-09 17:30:59 +10:00
a97ee6c232
Fix for build error on PowerPC with enable debug.
2017-11-08 09:21:05 -08:00
55ec382093
Merge pull request #1212 from dgarske/emscripten
...
Fixes for building with Emscripten (adds `--disable-asm` option).
2017-11-07 09:19:49 -08:00
1a69fb9430
Fix accidental removal of wc_Sha hashHandle for STM32 w/CubeMX. This was removed during merge of 6707be2 on 10/11/17. Thanks liubing for the report.
2017-11-07 09:10:12 -08:00
a5f7b182bf
Merge pull request #1214 from moisesguimaraes/fix-tlsx-unreachable
...
Removes unreachable code in TLSX supported-curves and ec-point-format.
2017-11-07 08:49:15 -08:00
1c19c8847b
fixes while loop
2017-11-07 10:57:06 -03:00
7674a24972
removes unreachable code with a single return point
2017-11-07 10:43:47 -03:00
7df0e7f286
Fix typo with with extra paren.
2017-11-06 16:24:12 -08:00
90c5a64547
Merge pull request #1211 from dgarske/cleanup_hardcoded
...
Cleanup hard coded values
2017-11-06 16:10:34 -08:00
2c5778215d
Merge pull request #1210 from dgarske/fix_ti_newnames
...
Fix for building with TI using new names.
2017-11-06 15:59:57 -08:00
b8cc132e99
Added ability to force 32-bit mode using --enable-32bit. Added ability to disable all inline asembly using --disable-asm. Added check for __EMSCRIPTEN__ define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-06 14:37:34 -08:00
096e850adb
Fix a few places where there are break; and break; when TLS 1.3 is not defined. Fix TIRTOS logic for XSTRNCASECMP and XSTRTOK.
2017-11-06 13:59:36 -08:00
e591576cdf
Cleanup of the RSA exponent hard coded value.
2017-11-06 10:23:06 -08:00
231ebeea0e
Add unit test for BN_bn2hex. Cleanup math radix constants.
2017-11-06 09:16:37 -08:00
d2938dd13a
Fix for building with TI using new names. Update TI settings for timing, blinding and strtok_r.
2017-11-06 08:25:35 -08:00
775487cab1
Support for ChibiOS.
2017-11-06 09:45:12 +01:00
94c1aab67e
Merge pull request #1208 from dgarske/fix_nightlyreports
...
Fixes from nightly builds for time_t and no AES
2017-11-03 12:28:55 -07:00
b672616b38
fixes cast to void
2017-11-03 15:31:13 -03:00
caf5708bb6
adds unsupported_extension behavior to ALPN
2017-11-03 15:31:13 -03:00
56b38946ed
adds unsupported_extension behavior to Session Tickets and Supported Curves
2017-11-03 15:31:13 -03:00
c8e5558f3f
adds unsupported_extension behavior to CSR and CSR2
2017-11-03 15:31:13 -03:00
a636858a49
adds unsupported_extension behavior to THMAC
2017-11-03 15:31:13 -03:00
cd4eb2c5b1
adds unsupported_extension behavior to MFL
2017-11-03 15:31:13 -03:00
0dd2ba2d80
adds unsupported_extension behavior to SNI
2017-11-03 15:31:13 -03:00
57ea7ba319
Various fixes from nightly Jenkins builds. Fix for new test_wolfSSL_ASN1_TIME_adj API unit test to skip generalized time test when on PowerPC (which has time_t as int). Fix for building with AES disabled and PKCS7 enabled. Fix for building without openssl_extra when time_t is not present.
2017-11-03 10:16:45 -07:00
8f687e9905
Merge pull request #1206 from ejohnstown/vs-arm-update
...
VS-ARM Update
2017-11-02 17:14:00 -06:00
5e02100921
Merge pull request #1192 from dgarske/client_staticmem
...
Added static memory support to client example
2017-11-02 14:49:33 -06:00
1d1e904acb
Merge pull request #942 from ghoso/dev201705
...
New openssl compatibility functions for: `BN_mod_inverse`, `PKCS5_PBKDF2_HMAC_SHA1` and
`SSL_set_tlsext_status_type`.
2017-11-02 10:47:14 -07:00
4084255fd5
Improve SSL failure cleanup case where ssl->ctx isn't set yet.
2017-11-02 09:48:43 -07:00
229cecfb61
Fix static memory failure case (insuficient mem) in InitSSL case where ssl->ctx isn't set yet and SSL_ResourceFree is called NULL dereferece happens.
2017-11-02 09:48:43 -07:00
72f44aba87
Fix for X509 FreeAltNames with static memory enabled.
2017-11-02 09:48:43 -07:00
0e34f35c08
Increase the static memory pool in client to better support ECC or session certs.
2017-11-02 09:48:43 -07:00
6369794b6f
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-11-02 09:48:43 -07:00
a4f94366a4
Added static memory code to client example.
2017-11-02 09:48:43 -07:00
a14ea92d78
Merge pull request #1204 from dgarske/ec_tests
...
Fixes and improvements for `EC_POINT_mul`
2017-11-02 08:50:34 -07:00
cd4dd6bd40
Merge pull request #1207 from SparkiDev/rem_cov
...
Remove coverage rules not required.
2017-11-02 07:03:00 -07:00
32cbff7257
Remove coverage rules not required.
2017-11-02 09:46:57 +10:00
57853fa3e9
Merge pull request #1202 from dgarske/fix_nofs
...
Build fixes for building without filesystem
2017-11-01 10:14:22 -07:00
d8ef0d7df1
Merge pull request #1203 from dgarske/fix_const2
...
Fix issue with `fp_s_rmap` not being const
2017-11-01 10:12:45 -07:00
f91b2e19d7
Merge pull request #1205 from SparkiDev/tls_ext_fix
...
Fix TLS extension code
2017-11-01 10:10:10 -07:00
cc7a5fd490
Fix for bug in wolfSSL_EC_POINT_free not freeing the internal ECC point. Unit test fixup for test_wolfSSL_EVP_PKEY_new_mac_key with malloc and size 0. Cleanup the EC_POINT unit test to not set Gxy->inSet, since its already 0.
2017-11-01 09:44:19 -07:00
f4ae86dc1b
Fix TLS extension code
...
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
9c9978ce9f
OpenSSL Compatibility functions on PR#942.
2017-11-01 13:00:47 +09:00
8a016879f0
Fixes to WOLFSSL_ATECC508A support to enable use of wc_ecc_export_x963_ex and wc_ecc_import_x963_ex. These changes are experimental (builds, but not tested).
2017-10-31 16:17:03 -07:00
72a33136f5
Fix for EC_POINT_mul population of result. Add NULL arg checks for a few compatability functions. Added unit tests for compatability layer API's EC_POINT_ and EC_GROUP_ in test_wolfSSL_EC. Cleanup of the EC_POINT_dump.
2017-10-31 16:09:39 -07:00
5b55d384a7
VS-ARM Update
...
1. Added HAVE_SUPPORTED_CURVES and WOLFSSL_SHA384 to the user settings file.
2017-10-31 13:19:10 -07:00
68371c8e66
Merge pull request #1201 from moisesguimaraes/fix-tlsx-sig-algo
...
adds check for server side sig-algo extension
2017-10-31 11:40:30 -07:00
5cf175c49b
adds check for server side sig-algo extension
2017-10-30 23:02:36 -03:00
fa01c41ea9
Build fixes for building without filesystem.
2017-10-30 15:25:47 -07:00
2037a6c9ea
Merge pull request #1199 from JacobBarthelmeh/fast-rsa
...
increase test buffer size to account for edge case
2017-10-27 15:48:14 -07:00
d42ebb836f
Merge pull request #1200 from JacobBarthelmeh/staticmemory
...
allow for adjusting static IO buffer size
2017-10-27 15:01:17 -07:00
e8627f1f93
Fix issue with fp_s_rmap not being const.
2017-10-27 11:46:24 -07:00
92b71da6d2
allow for adjusting static IO buffer size
2017-10-26 16:40:16 -06:00
016f7357d2
increase test buffer size to account for edge case
2017-10-26 16:19:56 -06:00
264c481c71
Merge pull request #1191 from SparkiDev/tls13_no_ecc
...
Fix no ECC builds with TLS13 code.
2017-10-26 10:49:59 -07:00
ee489b12ef
Merge pull request #1198 from dgarske/fix_build
...
Fix build errors with various configs.
2017-10-26 09:46:50 -07:00
aa95c6bdd1
Merge pull request #1197 from dgarske/fix_const
...
Fix `cipher_name_idx` to be const.
2017-10-26 09:45:30 -07:00
94e0b06b9f
Fix build errors with configs for no ASN and no PKI with PSK.
2017-10-26 07:34:41 -07:00
b4d802d524
Fix cipher_name_idx to be const.
2017-10-25 16:57:53 -07:00
182028819d
Merge pull request #1195 from dgarske/rel_fixes2
...
Release updates for ec_point_formats and ASN1 SetSerialNumber bug
2017-10-24 15:20:15 -06:00
323db1a95d
Fix no ECC builds with TLS13 code.
...
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
8a01d725da
Merge pull request #1177 from dgarske/certreq_tests
...
Testing improvements for cert gen and TLS cert validation
2017-10-24 08:21:37 -07:00
c0105b3008
Merge pull request #1175 from dgarske/cleanup_inlines
...
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
e0734d56df
Fix to handle valid serial number with MSB set. Cleanup to consolidate max serial number length check.
2017-10-24 06:49:00 -07:00
2dfad0918a
Updated release notes for added ec_point_formats extension. Fix for setting serial number with random data where the MSB was cleared and resulted in a zero. Fix for build type mismatch error in wolfCrypt test with ed25519 and WOLFSSL_TEST_CERT defined.
2017-10-23 15:36:58 -07:00
96667b47ee
ec point format TLS extension ( #1034 )
...
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
d46ab1f724
Merge pull request #1194 from dgarske/rel_fixes
...
Release cleanup: Remove execute bit on all code files
2017-10-23 14:23:33 -06:00
7f30397252
Remove execute bit on all code files.
2017-10-23 11:16:40 -07:00
372e8b04d0
Merge pull request #1193 from dgarske/rel_v3.12.2
...
Release v3.12.2 (lib 14.0.0)
2017-10-23 11:53:55 -06:00
911b6f95f8
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
39749ed5be
Merge pull request #1190 from dgarske/fix_ocspstaplingenable
...
Fix to not send OCSP stapling extensions in client_hello when not enabled
2017-10-20 12:16:56 -07:00
d7ae1df778
Fix to add keyUsage keyAgreement for the ECC server certificate. Resolves issue with openssl test using "ECDH-ECDSA" cipher suite.
2017-10-20 11:26:15 -07:00
c5f80760a8
Merge pull request #1145 from JacobBarthelmeh/HardwareAcc
...
init hardware acc. use of public RSA key with public key decode funct…
2017-10-20 10:32:18 -07:00
bdefdfe860
Merge pull request #1165 from JacobBarthelmeh/mysql
...
add check for SIZEOF_LONG with sun and LP64
2017-10-20 10:16:58 -07:00
024c8725ad
Testing improvements for cert gen and TLS cert validation:
...
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
e904a38092
Fix to not send OCSP stapling extensions in client_hello when not enabled. Fix for typo in WOLFSSL_SHUTDOWN_NOT_DONE.
2017-10-19 11:18:34 -07:00
5362d46da9
Fix issues building with inline disabled.
2017-10-18 14:26:34 -07:00
06f564dea3
Merge pull request #1189 from dgarske/fix_oldnames
...
Fix for building with `--disable-oldnames`
2017-10-18 13:34:26 -06:00
c9558ee27b
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
f23ec7d5f2
Fix for building with --disable-oldnames.
2017-10-18 10:22:35 -07:00
e82807024b
Switched word24 back to byte for compatability.
2017-10-18 09:08:22 -07:00
7f2e6e1d8a
Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h.
2017-10-18 09:06:48 -07:00
1377577af5
Merge pull request #1187 from dgarske/build_fixes
...
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
c9516e20b2
Merge pull request #1158 from dgarske/openssl_compat
...
Minor openssl compatibility layer improvements to AES, MD5 and SSL.
2017-10-18 08:54:28 -07:00
ccda176bfa
Merge pull request #1183 from SparkiDev/tls13_nu
...
Disallow upgrading to TLS v1.3
2017-10-18 08:53:00 -07:00
9bea6cca52
Merge pull request #1186 from SparkiDev/sha2_asm
...
Fix SHA-256 Intel assembly code to work with 'fasthugemath'
2017-10-18 08:51:05 -07:00
9920bdf097
Merge pull request #1103 from SparkiDev/sp_rsa
...
Single Precision maths for RSA, DH and ECC
2017-10-18 08:44:47 -07:00
1bf9d092af
Merge pull request #1179 from ejohnstown/evp-aes
...
EVP-AES
2017-10-17 19:23:11 -07:00
1a7d58715a
Merge pull request #1188 from dgarske/ocsp_enables
...
Added missing API's for disabling OCSP stapling
2017-10-17 15:26:48 -07:00
3d7e86f08d
Added missing API's for disabling OCSP stapling. Added OCSP stapling enable/disable for WOLFSSL.
2017-10-17 13:52:05 -07:00
ddb5e57811
Merge pull request #1185 from cconlon/bench
...
Add HMAC benchmark, expand AES key size benchmarks
2017-10-17 11:15:12 -07:00
b82a529ec2
Cleanup to move the secret length to ssl.h so its accessible for the compatability layer as well.
2017-10-17 09:56:34 -07:00
aab1e060a0
Minor openssl compatability layer improvements to AES, MD5 and SSL.
2017-10-17 09:50:25 -07:00
8659140494
Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
2017-10-17 09:39:32 -07:00
32103891e2
Merge pull request #1117 from dgarske/gcc_arm
...
Added simple GCC ARM Makefile example
2017-10-17 10:23:32 -06:00
e49560fbf0
add missing parameter in SHOW_INTEL_CYCLES
2017-10-17 09:31:21 -06:00
7dccd9d478
set hash size for PIC32MZ hardware crypto
2017-10-17 09:30:26 -06:00
d5b7c13fbf
change enc/dec labels for AES, move scrypt bench below HMAC
2017-10-17 09:30:26 -06:00
d65704c6b4
add benchmarks for AES-128/192/256-ECB
2017-10-17 09:30:16 -06:00
c0472a3a89
Fix SHA-256 Intel assembly code to work with 'fasthugemath'
2017-10-17 18:35:18 +10:00
c49188cc89
Turn off SP by default
2017-10-17 09:32:24 +10:00
9e4e58fe8c
Disallow upgrading to TLS v1.3
...
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
f724206e37
Add test for 3072-bit RSA and DH and fix modexp
2017-10-17 08:36:39 +10:00
90f8f67982
Single Precision maths for RSA (and DH)
...
Single Precision ECC implementation
2017-10-17 08:36:39 +10:00
9a6e4b2939
add separate benchmarks for AES-128/192/256-GCM
2017-10-16 14:43:39 -06:00
1e445e10a1
add separate benchmarks for AES-128/192/256-CTR
2017-10-16 14:43:38 -06:00
2b077b2792
add separate benchmarks for AES-128/192/256-CBC
2017-10-16 14:43:38 -06:00
1f72696359
add HMAC-MD5/SHA/SHA224/SHA384/SHA512 benchmarks
2017-10-16 14:43:38 -06:00
130e026139
Merge pull request #1184 from dgarske/fix_fips
...
Fix for FIPS build to support new names
2017-10-16 13:20:05 -07:00
de34ec0f0c
Fix scan-build report of possible use of unitialized output[i].
2017-10-16 11:24:41 -07:00
02ee22e73b
Support for mapping to new names with old for FIPS build. Fix to revert HMAC SHA224 type check, since SHA224 type isn't in FIPS wolfCrypt.
2017-10-16 09:57:22 -07:00
819acd18a7
Merge pull request #1180 from SparkiDev/tls13_nd
...
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
2017-10-13 09:24:55 -07:00
2c2217fcdc
Merge pull request #1181 from dgarske/cert_serial
...
Certificate serial number enhancements
2017-10-13 09:22:11 -07:00
b79b816276
Merge pull request #1168 from dgarske/ctx_get_cm
...
Add method to get WOLFSSL_CTX certificate manager
2017-10-13 09:13:54 -07:00
6fd53d31c2
Merge pull request #1157 from dgarske/old-names
...
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
04106a0089
Merge pull request #1174 from dgarske/ocsp_cb_ctx
...
Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
2017-10-12 10:02:49 -07:00
de77d5cc83
Merge pull request #1170 from dgarske/alt_cert_chains
...
Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`
2017-10-12 10:02:29 -07:00
34cac68f81
Added wolfCrypt test example for setting a custom serial number. Changed CTC_SERIAL_SIZE to 16 (more common max).
2017-10-11 19:16:58 -07:00
6548f32ee0
Enhancement to allow a serial number to be customized via Cert.serial and Cert.serialSz for cert request or generation. Fix to make sure serial number is always postive and has no leading zeros. Increase the size of the certificate serial number to 20 bytes.
2017-10-11 17:21:26 -07:00
6021c37ec7
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:10:43 -07:00
6707be2b0e
Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.
2017-10-11 09:10:42 -07:00
7dca25ea88
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
...
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
2017-10-11 12:17:28 +10:00
09f8ddd0f0
EVP-AES
...
1. Fixed using wolfSSL_EVP_CipherFinal() when a message's size is a round multiple of a block size. It wasn't adding the appropriate padding.
2. Update the EVP_Cipher test to call CipherUpdate and CipherFinal instead. It checks a message that is 24 bytes long and a second that is 16 bytes long.
2017-10-10 13:44:06 -07:00
4c8d228080
Added WOLFSSL_ALT_CERT_CHAINS option to enable checking cert aginst multiple CA's. Added new API's for wolfSSL_get_peer_alt_chain and wolfSSL_is_peer_alt_cert_chain, which allow a way to know if alternate cert chain is used and provides a way to get it (when SESSION_CERTS is defined). Cleanup of the defines to enable debugging certs (just use SHOW_CERTS now).
2017-10-10 08:55:35 -07:00
35141c335d
Merge pull request #1178 from SparkiDev/asm_mulx_2
...
Fix for MULX asm
2017-10-09 18:33:29 -07:00
898893fbcd
Fix for MULX asm
2017-10-10 09:41:17 +10:00
280de41515
Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next.
2017-10-06 12:18:21 -07:00
effad6e91c
clean up include paths for MySQL cmake build
2017-10-06 09:05:56 -06:00
c945e65479
Merge pull request #1171 from ejohnstown/wolfssh
...
wolfSSH Option
2017-10-05 09:43:17 -07:00
541f60801d
Merge pull request #1172 from SparkiDev/aesgcm_avx2_fix
...
Fix aesni code for avx2
2017-10-05 09:10:50 -07:00
152c24f210
Fix aesni code for avx2
2017-10-05 13:02:33 +10:00
f344f04e60
wolfSSH Option
...
Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-04 16:11:52 -07:00
d855fd9452
Merge pull request #1166 from JacobBarthelmeh/Compatibility-Layer
...
fix for wolfSSL_ASN1_TIME_print function
2017-10-04 14:10:53 -07:00
75e04a08cd
Merge pull request #1167 from ejohnstown/install-update
...
update INSTALL with VS-ARM build
2017-10-04 13:58:23 -07:00
c4052607d7
Updated README.md to include instructions for how to build on a different ARM architecture (like Raspberry Pi CortexA53). Moved the -T into SRC_LD so its easier to disable.
2017-10-04 13:53:39 -07:00
6058362970
Fix bug in user_settings.h which was incorrectly setting FP_MAX_BITS to 512 when RSA was enabled. This resulted in RSA_FUNCTION MP_EXPTMOD_E: memory/config problem.
2017-10-04 13:53:39 -07:00
614736cbb2
Add code to detect if Cortex M series and disable architecture specific code in armtarget.c. Improved Makefile.common to include toolchain prefix.
2017-10-04 13:53:39 -07:00
d88d8c3ed8
Updates to GCC ARM README.md for the ARCHFLAGS and correct file to update.
2017-10-04 13:53:39 -07:00
d4b18a6d3f
Added warning for IO callback stubs to make sure they get implemented.
2017-10-04 13:53:39 -07:00
a02903c43e
Improvements to Makefile templates. Added missing Makefile. Added new static library support.
2017-10-04 13:53:39 -07:00
2d67f46247
Minor cleanups for the GCC ARM example. Fixed build with DH enabled. Changed random.h to always make sure CUSTOM_RAND_TYPE is defined. Added TLS13 option to reference user_settings.h.
2017-10-04 13:53:39 -07:00
69b25ee508
Added simple GCC ARM gcc-arm-none-eabi Makefile project example for wolfCrypt test/benchmark and wolfSSL Client.
2017-10-04 13:53:39 -07:00
19ea4716f3
Add unit tests for wolfSSL_CTX_GetCertManager, wolfSSL_CTX_UnloadCAs, wolfSSL_CertManagerUnloadCAs and wolfSSL_CTX_get_cert_cache_memsize. Fixed comment typo PERSISTE_CERT_CACHE.
2017-10-03 10:00:20 -07:00
dcf61bd10e
Added new API wolfSSL_CTX_GetCertManager for getting the WOLFSSL_CTX certificate manager.
2017-10-03 08:46:15 -07:00
5c636b4f4a
update INSTALL with VS-ARM build
2017-10-02 12:00:11 -07:00
918a5fd5a6
Merge pull request #1164 from SparkiDev/asm_mulx
...
Get the multiplcation code using MULX to work consistently
2017-09-30 09:51:03 +09:00
9bf14a152f
change return value for wolfSSL_ASN1_TIME_print
2017-09-29 10:28:10 -06:00
cb94911e1f
add check for SIZEOF_LONG with sun and LP64
2017-09-28 16:39:30 -06:00
8cd0b7dfc7
fix for wolfSSL_ASN1_TIME_print function
2017-09-28 15:30:46 -06:00
09e92c518d
Merge pull request #1163 from cconlon/mysql_sha
...
Add returns to OpenSSL compatibility SHA functions
2017-09-28 13:12:14 -06:00
3b12b7223a
Merge pull request #1160 from dgarske/asn_extkeyusage
...
ASN Extended Key Usage Support
2017-09-28 11:31:04 -06:00
34ef7207f9
check hash function returns in wolfSSL_EVP_DigestInit
2017-09-28 11:19:51 -06:00
eff781c0aa
add int return to OpenSSL compatibility MD5 functions
2017-09-28 11:12:18 -06:00
c836724685
Merge pull request #1162 from cconlon/mysql_compat
...
wolfSSL_ERR_peek_error() with WOLFSSL_MYSQL_COMPATIBLE
2017-09-28 09:51:07 -06:00
7350bf93b3
Merge pull request #1153 from dgarske/fix_testbench_castwarns
...
Fix cast warnings with wolfCrypt test/benchmark
2017-09-28 09:41:21 -06:00
fd9b2d3b8d
Merge pull request #1116 from dgarske/stm32_hash
...
Fixes for STM32 hardware acceleration
2017-09-28 09:35:36 -06:00
0376a53f6b
Get the multiplcation code using MULX to work consistently
2017-09-28 09:12:29 +10:00
ef141c3ce9
add int return to OpenSSL compatibility SHA functions
2017-09-27 14:28:19 -06:00
6c85bc5d3d
enable functionality of wolfSSL_ERR_peek_error() when WOLFSSL_MYSQL_COMPATIBLE defined
2017-09-27 10:56:04 -06:00
fadee8fbf2
Merge pull request #1161 from cconlon/mysql_compat
...
Enable ASN1_TIME_print when WOLFSSL_MYSQL_COMPATIBLE is defined
2017-09-26 15:44:50 -07:00
4f15cde2eb
Merge pull request #1155 from dgarske/fixes_pic32mz
...
PIC32MZ minor build warning fixes
2017-09-26 16:26:32 -06:00
e8dd7d0c4a
Merge pull request #840 from koichi-tsujino/EVP
...
add EVP_get_cipherbynid
2017-09-26 16:23:26 -06:00
b4f7997fdc
enable ASN1_TIME_print when WOLFSSL_MYSQL_COMPATIBLE is defined
2017-09-26 15:02:13 -06:00
19aaa88c72
Merge pull request #1156 from ejohnstown/ios-android
...
iOS and Android Project Updates
2017-09-26 12:06:17 -07:00
9eb7e2aafa
ASN1 Extended Key Usage support. Adds new wc_SetExtKeyUsage() API. Available only with --enable-certext or WOLFSSL_CERT_EXT.
2017-09-26 12:05:46 -07:00
931fbde41d
iOS/Android
...
1. Updated the iOS user_settings.h with the hardened settings.
2. Updated the iOS project file with Xcode's suggested settings.
3. Added an IDE project for building wolfSSL for Android using Visual Studio 2017.
2017-09-26 09:08:34 -07:00
b172585fc3
Resolved conflicts
2017-09-26 09:01:23 +09:00
e8f95b9252
add EVP_get_cipherbynid
2017-09-26 08:58:36 +09:00
8f3aa49ef6
Merge pull request #1149 from ejohnstown/aesgcm-init
...
AES-GCM-NI Init
2017-09-25 16:13:55 -07:00
d15704b2ba
Merge pull request #1159 from cconlon/session_cache
...
exclude wolfSSL_SSL_get0_session when NO_SESSION_CACHE is defined
2017-09-25 15:20:27 -07:00
46f7e786cb
exclude wolfSSL_SSL_get0_session when NO_SESSION_CACHE is defined
2017-09-25 14:07:17 -06:00
0ced1f4847
AESGCM Init
...
1. Update the AES-GCM with AES-NI 128-bit constant initializers so they work on both GCC/Clang and MSC.
* MSC uses a union for the type where the first member is a 16-byte array.
* GCC/Clang uses a 16-byte vector masking as a long long array.
2. Disable AES-GCM loop unrolling for Windows, when using AES-NI in 32-bit mode.
2017-09-22 15:28:47 -07:00
ee6f88cd98
Fix cast warnings with wolfCrypt test/benchmark. Cleanup of 80 char max line length in wolfCrypt test.
2017-09-22 15:22:42 -07:00
6451e12313
Merge pull request #1154 from dgarske/fix_async
...
Fixes for building with async
2017-09-22 16:01:28 -06:00
763d5f26c7
Merge pull request #1031 from dgarske/math_update
...
Math updates
2017-09-22 15:26:34 -06:00
2c4844d5ef
Merge pull request #1146 from ejohnstown/compat
...
OpenSSL Compatibility Additions and Fixes
2017-09-22 14:19:28 -07:00
4a510218c2
Tested PPC32 with TFM_PPC32. Fixed warning with possible uninitialized use of sc0, sc1 and sc2.
2017-09-22 11:37:00 -07:00
eec5f9bb41
Fixes for benchmark after buffers were moved into thread. Needed THREAD_LS_T and fixed benchmark alloc failure cleanup.
2017-09-22 11:35:46 -07:00
218f944984
Fix for building async with AES XTS.
2017-09-22 11:12:23 -07:00
a2ed22286f
Adds TFM_MIPS (tested on PIC32MZ2048EFM144 with XC32 v1.44). Adds check for mp_read_radix to return failure for invalid character. Adds checking for s_mp_sub response code. Improved mp_init_copy error handling. Improved init to use size where applicable. Asm PPC 32 changes to add r to register. Asm formatting cleanups.
2017-09-22 09:48:35 -07:00
824eb55648
Merge pull request #1151 from dgarske/fix_asn_keyusage
...
Fixes bug with creation of the KeyUsage BitString
2017-09-21 10:41:08 -06:00
f5c4a68ab3
Merge pull request #1152 from JacobBarthelmeh/Testing
...
fix for wolfSSL_X509_NAME_get_text_by_NID
2017-09-20 18:52:14 -07:00
80333979a9
fix for wolfSSL_X509_NAME_get_text_by_NID
2017-09-20 17:31:53 -06:00
3f493770d4
Fixes bug with creation of the KeyUsage BitString which was always adding the optional second byte reguardless of len, which created invalid ASN if value provided was less than 256. Bug was introduced with ASN refactor in commit fd9e41dd99.
2017-09-20 15:00:24 -07:00
2f96f1ae9f
Merge pull request #1150 from kaleb-himes/HASH_DRBG_UPDATE
...
Update HASH_DRBG Reseed mechanism and add test case
2017-09-20 13:15:17 -07:00
1c2199be24
Merge pull request #1137 from JacobBarthelmeh/Windows
...
rename the file io.h to wolfio.h
2017-09-20 11:34:33 -07:00
5777b92745
Improved solution
2017-09-20 11:25:51 -06:00
5e6213bfa1
Merge pull request #1140 from JacobBarthelmeh/RSA-fix
...
account for 8k keys with MySQL compatibility
2017-09-20 10:05:32 -07:00
28c15bed1c
Merge pull request #1141 from SparkiDev/chacha_avx1
...
Fix ChaCha to check for AVX1
2017-09-20 09:57:20 -07:00
3763b88397
rename the file io.h to wolfio.h
2017-09-20 10:53:11 -06:00
60dca94821
Update HASH_DRBG Reseed mechanism and add test case
2017-09-20 10:36:36 -06:00
4d8e1c9e5a
Minor build fixes for unused function and variable.
2017-09-19 12:48:57 -07:00
816767744f
Fix for STM32 AES-CTR (tested on STM32F437). Improvement to the STM32 RNG code to detect improper RNG_CLK. Cleanup of the PIC32MZ Aes struct variables and the AES-CTR (tested on PIC32MZ2048).
2017-09-18 16:08:09 -07:00
2620cb4559
OpenSSL Compatibility Additions and Fixes
...
1. Added a check on the hex2bn function for null strings to be treated like the NULL pointer.
2. Added some more test cases to the big number unit test.
3. Added wolfSSL_EVP_add_cipher() analogous to wolfSSL_EVP_add_digest().
4. Implemented `RSA_public_encrypt()` and `RSA_private_decrypt()` for the OpenSSL compatibility layer.
5. Added `RSA_PKCS1_OAEP_PADDING` as an option to the new functions.
6. Fixed the constness on the `from` parameter in function `RSA_public_decrypt()`. Note: this does not allow OAEP to be used in FIPS mode.
7. Added size constants for EVP_MAX_BLOCK_LENGTH, RSA_PKCS1_PADDING_SIZE, and RSA_PKCS1_OAEP_PADDING_SIZE.
8. Added functions `wolfSSL_EVP_PKEY_new_mac_key()` and `wolfSSL_EVP_PKEY_get0_hmac()` for storing HMAC keys in an EVP_PKEY structure for use later.
9. Added the routines EVP_DigestSignXXX(). They only work w.r.t HMAC.
10. Added the ForceZero() to EVP_MD_CTX_cleanup().
11. Modified the EVP_MD_CTX structure to have a union with both the hasher and a wolfCrypt Hmac structure.
12. Added a mapping of SHA1->SHA to the list of digest name aliases in wolfSSL_EVP_get_digestbyname().
13. Changed the mapping of ssl3-sha1->SHA.
14. When using RSA blinding, the OpenSSL compatibility layer RSA object was attempting to decrypt without an RNG. Added an RNG if needed.
15. Add comment to wolfSSL_BN_hex2bn() to cover usage w.r.t. string length. Remember to keep the length even, front-pad with zeroes if needed.
16. Added tests for the new functions.
2017-09-18 13:53:44 -07:00
c4e87c8cc4
Merge pull request #1121 from ejohnstown/solution-update
...
Update VS Solution Files
2017-09-15 18:22:44 -06:00
a9e540fc07
Moved the bench_ buffer allocation/free into the thread, so the THREAD_LS has a unique one for each which resolves issues with benchmark when using the USE_QAE_THREAD_LS option.
2017-09-15 14:02:06 -07:00
23903ec903
Merge pull request #1144 from kaleb-himes/FIPS-TEST
...
NULL plaintext input is supported in FIPS testing
2017-09-15 13:21:32 -07:00
3f16fba4f8
Fix build warning with possible use of unitialized ret.
2017-09-15 10:41:43 -07:00
27d607efa3
Fixes for AES on STM32 with StdPeriLib and fix for building with NO_STM32_CYPTO. Researching better solution for AES-CTR.
2017-09-15 10:39:09 -07:00
dcab2f47ee
Fixes for STM32 hardware acceleration. Adds CubeMX HAL hashing support for MD5, SHA1, SHA224 and SHA256. Adds support for STM32F7 (WOLFSSL_STM32F7). Fixes issue with AES-GCM and STM32F2. Cleanup of the STM32 macros (adds NO_STM32_HASH, NO_STM32_CRYPTO and NO_STM32_RNG to optionally disable hardware acceleration).
2017-09-15 10:39:09 -07:00
63e8d63943
Update following review
2017-09-15 10:52:33 -06:00
0b11b265f6
Merge pull request #1143 from SparkiDev/wpas_aesctr
...
Fix WPAS config to not use FORTRESS config
2017-09-15 10:39:13 -06:00
5f0afcfe88
Merge pull request #1142 from JacobBarthelmeh/fast-rsa
...
fix for clang warning on RsaKey redefinition
2017-09-15 09:40:42 -06:00
1f7d73f626
NULL plaintext input is supported in FIPS testing
2017-09-14 20:14:21 -06:00
00e073424a
Fix WPAS config to not use FORTRESS config
2017-09-15 10:49:07 +10:00
f97f9a6158
init hardware acc. use of public RSA key with public key decode functions
2017-09-14 17:07:19 -06:00
e10b2f027f
fix for clang warning on RsaKey redefinition
2017-09-14 15:08:15 -06:00
1b3a8f40b8
account for 8k keys with MySQL compatibility
2017-09-14 09:37:32 -06:00
7721aca114
Fix ChaCha to check for AVX1
2017-09-14 09:07:04 +10:00
afcef7d394
Merge pull request #1136 from JacobBarthelmeh/Testing
...
anon flag with interop script
2017-09-13 14:40:30 -07:00
23fff62d8b
Merge pull request #1135 from dgarske/cy
...
Fix issue with empty array (requires C99 compliance).
2017-09-13 14:39:50 -07:00
4c31c53f37
Merge pull request #1128 from JacobBarthelmeh/AES
...
AES XTS feature addition
2017-09-13 14:38:15 -07:00
bea82ce214
Merge pull request #1118 from JacobBarthelmeh/mysql
...
downgrade with options set when using opensslextra feature
2017-09-13 14:12:09 -07:00
a5eaecaa0e
Fix unit API test call to wolfSSL_CertManagerLoadCA when building without file system.
2017-09-11 06:51:27 -07:00
932773735b
Cleanup the wolfIO_Send function.
2017-09-11 05:48:41 -07:00
398252ddad
add XtsAes structure and change XTS-AES API
2017-09-08 16:00:33 -06:00
2c39219f2a
Fix issue with empty array (requires C99 compliance).
2017-09-08 11:24:55 -07:00
c018a1abf3
Merge pull request #1130 from SparkiDev/cpuid_fix
...
MSVC fix around cpuid check
2017-09-08 11:04:50 -06:00
1d1fc66374
double check support of SSLv3 with interop testing
2017-09-08 10:50:23 -06:00
ee9d410326
anon flag with interop script
2017-09-07 16:58:37 -06:00
a073d5d448
Merge pull request #1129 from JacobBarthelmeh/Testing
...
additional sanity checks
2017-09-06 15:34:26 -07:00
c482524b78
big endian testing and packing Aes struct
2017-09-01 15:32:55 -06:00
f7ea118dd7
downgrade with options set when using opensslextra feature
2017-09-01 13:47:56 -06:00
6a226efd15
MSVC fix around cpuid check
2017-09-01 08:43:28 +10:00
8807b8af4f
additional sanity checks
2017-08-31 16:00:08 -06:00
3da5ddd49e
Merge pull request #1123 from SparkiDev/poly1305_fix
...
Fix for the AVX implemetation of Poly1305
2017-08-31 10:21:00 -06:00
d48c940334
add comments for AES-XTS functions to aes.h
2017-08-30 17:52:26 -06:00
ef73c1df7c
add AES-XTS mode --enable-xts
2017-08-30 17:50:15 -06:00
7ac0bab37e
Merge pull request #1114 from kojo1/tls1.3
...
bring up settings.h in tls13.c
2017-08-30 13:00:40 -07:00
9aef8a91fd
Merge pull request #1120 from JacobBarthelmeh/Testing
...
fix creating shared secret with ECC private only key
2017-08-30 11:02:14 -07:00
1ba77e4306
Merge pull request #1122 from JacobBarthelmeh/Compatibility-Layer
...
using memory bio with no filesystem and adjustment for Windows line e…
2017-08-30 10:58:30 -07:00
3b351fd640
Fix to stop inlining of assembly code with fixed label
2017-08-30 10:51:44 +10:00
3dbe5d2af9
fixes for Windows build
2017-08-29 12:02:24 -06:00
34dc4a493d
Merge pull request #1124 from JacobBarthelmeh/UnitTests
...
fix memory management in unit test with --disable-fastmath
2017-08-29 09:06:14 -06:00
61ff3e136a
fix memory management in unit test with --disable-fastmath
2017-08-28 16:23:44 -06:00
e6cf3c88f2
Fix for the AVX implemetation of Poly1305
...
Need one more multiple of r (0..6 instead of 0..5)
2017-08-28 11:44:27 +10:00
a8417c1078
using memory bio with no filesystem and adjustment for Windows line ending
2017-08-25 15:11:10 -06:00
6970333473
1. Set the base address of the 32-bit DLL builds.
...
2. Add LTCG option for 64-bit DLL Debug build. Fixes issue with VS2015.
3. Fixed sln issue where test tools linked against the DLL are built outside the DLL build directories.
2017-08-25 11:21:11 -07:00
a308a56044
fix creating shared secret with ECC private only key
2017-08-25 09:07:03 -06:00
59358fd91d
Merge pull request #1119 from JacobBarthelmeh/Windows
...
cast to fix warning on Windows with Visual Studio
2017-08-25 07:04:42 -07:00
7918b31cae
cast to fix warning on Windows with Visual Studio
2017-08-24 15:22:32 -06:00
23342337ab
Merge pull request #1115 from JacobBarthelmeh/Compatibility-Layer
...
fix advancing memory WOLFSSL_BIO when reading
2017-08-24 10:45:32 -07:00
2d5194cdf0
Merge pull request #1113 from JacobBarthelmeh/Testing
...
add function to generate public ECC key from private key
2017-08-24 10:40:27 -07:00
b10e0b789b
fix error return value when unable to extract ECC public key
2017-08-23 14:45:08 -06:00
4b630b67fa
fix advancing memory WOLFSSL_BIO when reading
2017-08-23 11:37:19 -06:00
73b8be8fcc
Merge pull request #1039 from jrblixt/unitTest_api_addDsa-PR07192017
...
Add Dsa unit test functions.
2017-08-22 15:46:46 -06:00
7c604bfc48
Fixes for building with WOLFSSL_ATECC508A.
2017-08-22 13:11:20 -07:00
c25832ad14
type cast the return of fread
2017-08-22 14:06:25 -06:00
71f4d546a8
add function to generate public ECC key from private key
2017-08-22 14:06:25 -06:00
fbae4420ad
Merge pull request #1110 from dgarske/pic32mz_largehash
...
Fixes for PIC32MZ to support large hashing using hardware
2017-08-22 09:24:05 -07:00
8865b272bb
Merge pull request #1112 from dgarske/async_sniff
...
Adds async blocking support for sniffer tool
2017-08-22 09:19:45 -07:00
439e803bd1
Merge pull request #1107 from JacobBarthelmeh/UnitTests
...
build option for certificate buffers with PKCS7 test
2017-08-22 10:05:36 -06:00
7892714516
bring up settings.h before #ifdef WOLFSSL_TLS13
2017-08-22 20:13:17 +09:00
07d137480d
Fix to PIC32MZ handling of hashing empty string. Changed default MPLABX/MCAPI user_settings.h to use 2048-bit. All tests passed!
2017-08-21 15:19:18 -07:00
075adcb15b
Add wolfCrypt hash tests for empty string. Add large hash test for SHA2 384/512 and SHA3. Cleanup hashing error handling to call free. RSA spelling fixes. RSA error detail for bad padding.
2017-08-21 14:03:48 -07:00
5a27e2f621
Fix so PIC32MZ works in caching mode after large hash. Reduced default block size for large hash to 256 (512 bytes total).
2017-08-21 11:10:16 -07:00
2b7f4b0903
Adds async blocking support for sniffer tool.
2017-08-21 11:07:13 -07:00
c9d6a4de6f
Fixes for building --enable-mcapi.
2017-08-21 09:18:53 -07:00
c330c6b7f9
Merge pull request #1109 from JacobBarthelmeh/Testing
...
fix check on ephemeral key type before free'ing
2017-08-18 11:53:08 -07:00
8a37af42bf
Merge pull request #1108 from dgarske/fix_async_misc
...
Fixes for async ECC encrypt, ParseCertRelative and API Unit test inits
2017-08-18 11:44:28 -07:00
d7f7c27e0a
Merge pull request #1106 from JacobBarthelmeh/NTRU
...
QSH update
2017-08-18 11:35:48 -07:00
74ed94ddb1
Fixes to support large hashing against HW without caching (in exclusive hardware access) Large hashing uses previous hash code with two descriptors and polling. Added wolfCrypt large hash tests for MD5, SHA and SHA256. Add missing MCAPI set size API's. Cleanup AES GCM large test. Changed MPLABX projects to default to PIC32MZ2048EFM144.
2017-08-18 11:25:30 -07:00
7460aaf5ea
build option for certificate buffers with PKCS7 test
2017-08-18 11:07:40 -06:00
c6e722170e
fix check on ephemeral key type before free'ing
2017-08-18 10:55:38 -06:00
c9efcc4561
Merge pull request #1105 from dgarske/strtok
...
Enhancement to add strtok implementation for platforms where its not avail
2017-08-17 14:02:32 -07:00
84a396b7dc
Additional init fixes for unit tests based on async valgrind report.
2017-08-17 12:41:18 -07:00
f6ad5524eb
remove invalid test-qsh version tests, revert if statement check in internal.c
2017-08-17 11:27:47 -06:00
c06e672eb7
Added missing AES/DES3/HMAC init functions for helping with valgrind reports on unitialized use for async markers.
2017-08-17 09:58:46 -07:00
9909c8428c
Code review changes per Chris.
2017-08-16 16:08:50 -06:00
3ca679c1d7
Added ability to force use of `USE_WOLF_STRTOK.
2017-08-16 13:21:31 -07:00
9fb0862bc1
Fix for TI RTOS (WOLFSSL_TIRTOS) to use our wc_strtok for the XSTRTOK macro.
2017-08-16 13:21:31 -07:00
ff6a136b8a
Enhancement to add strtok implementation for platforms where it is not available such as MinGW.
2017-08-16 13:21:31 -07:00
3fda99cbc4
seperate build of QSH from build of NTRU
2017-08-16 14:19:38 -06:00
f7ca2f157d
Improvement on the ParseCertRelative fixes for intializing the event prior to operation. Fix possible uninitialized value with DecryptKey and DES3.
2017-08-16 13:19:31 -07:00
68c04bd821
Fix for ECC encrypt/decrypt with async enabled. Reverts previous change from PR #1101 and adds return code checking for wc_AsyncWait. ECC shared secret needs to be in loop to call again for completion.
2017-08-16 12:04:57 -07:00
53e05786da
Merge pull request #1101 from dgarske/fix_bench_async
...
Fixes for async multi-threading
2017-08-16 10:15:55 -07:00
ad4849d692
Merge pull request #1100 from JacobBarthelmeh/Testing
...
Fix for test script: add ECDH-RSA server for interop tests
2017-08-16 09:54:16 -07:00
0ed03987df
Merge pull request #1099 from cconlon/micrium
...
Update Micrium uC/OS-III Port
2017-08-16 09:48:56 -07:00
2e4000acb4
Merge pull request #1102 from cconlon/ocsp-certs
...
Update root certs for OCSP scripts
2017-08-16 09:50:02 -06:00
1f80fb952f
Fix issue with using wrong asyncDev in ConfirmSignature. Fix un-initialized Hmac in API unit tests.
2017-08-15 21:20:32 -07:00
ccc226eae4
Fixes for refactor to initialize the asyncDev.event prior to call for ParseCertRelative, ConfirmSignature and ECC shared secret (return code). Scan-build and G++ fixes.
2017-08-15 21:20:32 -07:00
b32be20110
Refactored async event intialization so its done prior to making possible async calls. Added threadId and removed volatile attribs in WOLF_EVENT. Fixed possible unitialized value in benchmark ret.
2017-08-15 21:19:28 -07:00
a9c943d5bd
Fix jenkins warning with possible uninitialized 'ret'.
2017-08-15 21:19:28 -07:00
b4aaeb5768
Fix for possible leak with multi-threading and curve cache. Note memory leak still possible with --enable-fpecc and async multithreading. Add voltaile on event state and ret to resolve possible multi-thread timing issue. Use define for --enable-stacksize init value.
2017-08-15 21:19:28 -07:00
44a3622248
Fixes to better handle threading with async. Fix wc_CamelliaCbcEncrypt return code checking. Fix to ensure cycles per byte shows on same line. Refactor of async event state. Refactor to initalize event prior to operation (in case it finishes before adding to queue). Add HAVE_AES_DECRYPT to --enable-all option. Cleanup benchmark error display.
2017-08-15 21:19:28 -07:00
dd5430d188
Code review changes, Chris.
2017-08-14 16:09:35 -06:00
af00787f80
update root certs for ocsp scripts
2017-08-14 12:58:36 -06:00
a6db5fc882
add ECDH-RSA server for interop tests
2017-08-11 16:41:27 -06:00
2f92998529
update test.c for Micrium port and XSTRNCPY
2017-08-11 14:30:25 -06:00
f6d0b2898d
update Micrium uC/OS-III port
2017-08-11 14:30:15 -06:00
2740d313a7
fix unused variable warning in load_verify_locations with NO_WOLFSSL_DIR
2017-08-11 11:37:30 -06:00
7736125156
Merge pull request #1095 from jrblixt/unitTest_hashReorder
...
Re-order hash functions in unit test.
2017-08-11 10:15:37 -06:00
21a8662948
Merge pull request #1093 from toddouska/polyold
...
have poly asm detect older compilers w/o avx2 like chacha does
2017-08-11 08:27:34 +10:00
963746fb3e
Merge pull request #1094 from JacobBarthelmeh/Testing
...
Testing
2017-08-10 13:01:46 -07:00
294a13f9a2
Merge pull request #1097 from cconlon/validate_ecc_import
...
WOLFSSL_VALIDATE_ECC_IMPORT fixes
2017-08-10 12:45:26 -07:00
5865816198
fix wc_ecc_import_private_key_ex() with WOLFSSL_VALIDATE_ECC_IMPORT with private only, wolfcrypt test
2017-08-10 10:04:14 -06:00
3c1140d90e
Re-order hash functions in unit test.
2017-08-09 15:23:01 -06:00
8b41fc841b
remove setting variable that is currently not used after being set
2017-08-09 13:43:28 -06:00
219fcde773
fix shadow declaration warning
2017-08-09 11:58:29 -06:00
36b1a666d0
have poly asm detect older compilers w/o avx2 like chacha does
2017-08-09 09:52:06 -07:00
df1e5f2e1a
Merge pull request #1091 from dgarske/fix_async_aes
...
Fix async issue with AES set key trying to use a NULL IV.
2017-08-09 09:44:46 -07:00
04c16ca843
Merge pull request #1086 from SparkiDev/sha256_sha512_gcc44
...
GCC 4.4 on Linux doesn't like empty clobber list
2017-08-09 09:41:58 -07:00
af4158d231
Merge pull request #1084 from SparkiDev/aesni_avx2_fix
...
Fix for AVX2 unrolled code
2017-08-09 09:39:38 -07:00
d12e98eea3
Merge pull request #1079 from SparkiDev/poly1305_asm
...
Poly1305 Intel Assembly code - AVX and AVX2
2017-08-09 09:37:09 -07:00
f27b3a83aa
Fix async issue with AES set key trying to use a NULL IV.
2017-08-07 17:47:59 -07:00
d195009dcb
Merge pull request #1090 from JacobBarthelmeh/Release
...
update readme for known issue
2017-08-07 13:36:53 -07:00
6717035563
update readme for known issue
2017-08-07 13:13:43 -06:00
d949832059
Merge pull request #1088 from JacobBarthelmeh/Release
...
prepare for release v3.12.0
2017-08-07 11:49:27 -07:00
e9c6fa5f22
Merge pull request #1089 from JacobBarthelmeh/StaticAnalysisTests
...
fix potential memory leaks
2017-08-07 11:47:33 -07:00
1dc2889388
fix potential memory leaks
2017-08-04 16:49:31 -06:00
b55f981d5b
prepare for release v3.12.0
2017-08-04 15:32:27 -06:00
032d606f99
GCC 4.4 on Linux doesn't like empty clobber list
2017-08-04 14:07:55 +10:00
32cedb2b12
Fix for AVX2 unrolled code
2017-08-04 12:40:10 +10:00
d0ff6067a6
Chacha asm fix - can't use buffer in old compiler
2017-08-04 12:17:41 +10:00
df4387cff4
Merge pull request #1083 from dgarske/chacha_noasm
...
Option to disable Intel speedups for ChaCha using `--enable-chacha=noasm`
2017-08-03 15:45:47 -07:00
ea6b719ec2
Fix register issue
2017-08-04 08:39:09 +10:00
3be4e0823e
Adds option --enable-chacha=noasm to allow disabling the Intel AVX/AVX2 speedups when used with --enable-intelasm.
2017-08-03 13:39:46 -07:00
4d6cb66bc1
Merge pull request #1082 from dgarske/fix_intelasm_aesgcm
...
Fixes for `intelasm` and AES GCM with AVX2
2017-08-03 12:35:00 -07:00
3f2de7154f
Merge pull request #1080 from abrahamsonn/vcxproj_update
...
added files to wolfssl.vcxproj includes list for windows config testing
2017-08-03 12:15:23 -07:00
977e909f60
Merge pull request #1081 from dgarske/chacha20_asm
...
Fix for `intelasm` and ChaCha20
2017-08-03 12:11:59 -07:00
4a5ecb8a15
Fix typo with xmm5 (was xxm5). Workaround for Clang issues with AVX2 and using register __m128i tmp3 asm("xmm6"); syntax by using NO_UNROLL option.
2017-08-03 10:47:21 -07:00
089a050d7a
added files to wolfssl.vcxproj includes list for windows config testing
2017-08-03 11:00:30 -06:00
b0eeed364b
Fix for intelasm and ChaCha20 with causing "error: unknown type name '__m256i'" on some compilers. Fix is to change the __m128i and __m256i to arrays of word64 (source Sean PR #1079 ).
2017-08-03 10:00:20 -07:00
80bc089cb5
Merge pull request #1078 from SparkiDev/intel_asm_fixup
...
Stop using positional parameters in inline asm. Fixes issue with `--enable-intelasm --enable-debug` for AES GCM.
2017-08-03 09:32:50 -07:00
5c2736f1a9
Poly1305 Intel Assembly code - AVX and AVX2
2017-08-03 14:35:09 +10:00
31854c1566
Stop using positional parameters in inline asm
2017-08-03 13:55:30 +10:00
108f6a4958
Merge pull request #1077 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2017-08-02 15:08:32 -07:00
635bacef28
Merge pull request #357 from kojo1/PIC32
...
Fixes for PIC32MZ
2017-08-02 13:14:06 -07:00
433ca50292
remove unneeded XMEMSETs
2017-08-02 14:04:41 -06:00
e77e93ef2e
Merge pull request #1065 from JacobBarthelmeh/Testing
...
update DTLS export session version and tests
2017-08-02 11:40:38 -07:00
edce23b563
use memset when initializing DecodedCert structure
2017-08-02 10:50:34 -06:00
43b04af388
adjust sanity check in integer.c to avoid reading uninitialized values
2017-08-02 10:39:05 -06:00
062f3efa6d
adjust integer.c for loop range
2017-08-02 10:29:34 -06:00
65b8389af0
Fix for handling hash copies to make sure copied buffer is not free’d. Resolves issues when testing TLS connection with wolfssl_tcp_client and openurl https://www.google.com/ .
2017-08-02 08:42:04 -07:00
9f1b17effc
Merge pull request #1076 from JacobBarthelmeh/UnitTests
...
place macro guard on test of RSA-OAEP with SHA1 dependency
2017-08-01 14:05:58 -07:00
2d94a3954a
Merge pull request #1075 from JacobBarthelmeh/fast-rsa
...
add sanity check in fast-rsa and change loop behavior when generating…
2017-08-01 14:05:03 -07:00
bd20729fba
Merge pull request #1069 from ejohnstown/dtls-mac
...
DTLS Bad MAC Checks
2017-08-01 13:45:19 -07:00
c93d348ecd
fix sesion export buffer to be not dependent on macros defined
2017-08-01 14:19:06 -06:00
be432d8d3a
Fix for building in Harmony with crypto.h path.
2017-08-01 12:48:44 -07:00
4e735631e7
Fixes for PIC32MZ:
...
* Adds crypto HW support for AES Direct and AES CCM.
* Fixes to enable PIC32MZ hardware hashing where updates are cached via heap buffer and final performs single operations against hardware.
* Fix for benchmark with 1024-bit certs passing in wrong size for `wc_RsaPrivateDecrypt` when using `USE_CERT_BUFFERS_1024`.
* Fix to resolve missing `strncasecmp` for the Microchip XC32. Workaround to use case sensitive version instead. This error occurred when building with HAVE_ECC defined in Harmony with XC32.
* Cleanup of the PIC32MZ crypto and hashing hardware code. Replace `pic32mz-hash.c` with `pic32mz-crypt.c`
* Add user_settings.h for mplabx and mcapi examples.
* Sync up with Harmony changes for MCAPI.
2017-08-01 12:42:09 -07:00
af0514704f
place macro guard on test of RSA-OAEP with SHA1 dependency
2017-08-01 11:46:49 -06:00
c20859e67d
add sanity check in fast-rsa and change loop behavior when generating fast-rsa key
2017-08-01 11:29:16 -06:00
b553d36548
Merge pull request #1074 from SparkiDev/tls13_cr
...
Add NULL check after signature alg extension search
2017-08-01 09:01:42 -06:00
24e9f7c43d
Add NULL check after signature alg extension search
2017-08-01 13:55:06 +10:00
7cee1c5e8a
Merge pull request #1072 from toddouska/alert
...
add AlertCount to detect dos attempt
2017-07-31 18:29:23 -07:00
2296f4806c
Merge pull request #1073 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2017-07-31 18:24:17 -07:00
0c753718bd
Merge pull request #1042 from SparkiDev/chacha_asm
...
Intel Assembly optimizations for ChaCha20 - AVX and AVX2
2017-07-31 16:27:17 -07:00
a27738b5f9
Merge pull request #1071 from dgarske/cleanup_tests
...
Cleanup AES GCM large test
2017-07-31 16:13:06 -07:00
a55e42c14f
Merge pull request #1070 from dgarske/fix_qat_normal_math
...
Fix normal math issue with async and `mp_read_unsigned_bin`
2017-07-31 16:12:08 -07:00
01099fd97e
cast for when compiling with g++-7
2017-07-31 16:58:53 -06:00
08da8df455
sanity check on peer sequence for static analysis report
2017-07-31 16:37:34 -06:00
66852a9252
add AlertCount to detect dos attempt
2017-07-31 15:17:54 -07:00
2051a05139
Cleanup AES GCM large test. Move test into stack and disable if using BENCH_EMBEDDED.
2017-07-31 14:09:30 -07:00
8a11b78960
Fix for normal math mp_read_unsigned_bin where mp_zero was also resetting the raw source. This caused failures with QAT when using normal math.
2017-07-31 14:09:15 -07:00
36a539760a
DTLS Bad MAC Checks
...
1. Make the decrypt and verify MAC failure cases behave the same with
respect to DTLS messages. It should pretend the message never happened.
2. Allow the echoclient to survive the echoserver sending a message with
a bad MAC.
3. Allow the server to survive the client sending a message with a bad MAC.
2017-07-31 13:54:53 -07:00
fb53fac1c1
Merge pull request #1067 from JacobBarthelmeh/Memory
...
sanity check on index when adding cipher suites
2017-07-31 12:03:49 -07:00
62ce8c8b81
Merge pull request #1066 from dgarske/no_certs
...
Fix for building with `NO_CERTS` or `NO_WOLFSSL_SERVER` defined.
2017-07-31 12:01:39 -07:00
87611fdb5d
Merge pull request #1064 from SparkiDev/cpuid_fix
...
Fix cpuid to work with different configs
2017-07-31 11:59:17 -07:00
5564be6113
sanity check on index when adding cipher suites
2017-07-28 17:42:52 -06:00
3387b12a9a
Fix for building with NO_CERTS or NO_WOLFSSL_SERVER defined.
2017-07-28 15:24:53 -07:00
e1ccc5acad
update DTLS export session version and tests
2017-07-28 14:27:24 -06:00
d452f97e99
Fix cpuid to work with different configs
...
Fix 'may be uninitialized' warning in aes.c
Fix memory overwrite in AES-CBC when using AESNI.
2017-07-28 08:41:49 +10:00
bc72d0c2d5
Merge pull request #1063 from JacobBarthelmeh/Testing
...
C89 compliance with variable declaration
2017-07-26 16:19:25 -07:00
d5cf5f9887
Merge pull request #1062 from JacobBarthelmeh/UnitTests
...
update sanity checks with ARMv8 port
2017-07-26 16:18:37 -07:00
0978dd4285
C89 compliance with variable declaration
2017-07-26 15:29:00 -06:00
dc7acc0400
Merge pull request #1059 from dgarske/fix_leaks
...
Fix for PKCS12 dynamic type names
2017-07-26 11:52:42 -06:00
637ca44e6a
update sanity checks with ARMv8 port
2017-07-26 11:05:20 -06:00
3560eed52b
Add Dsa unit test functions.
2017-07-26 09:01:36 -06:00
05ed5cafc2
Merge pull request #1061 from SparkiDev/tls13_leantls
...
Fixes for LEANTLS and TLS13 builds
2017-07-25 21:01:00 -07:00
41e2b236aa
Merge pull request #1051 from kaleb-himes/fsanitize-fixes
...
Fsanitize fixes
2017-07-25 20:57:43 -07:00
fbf4e94bcf
Merge pull request #1060 from SparkiDev/tls13_memleak
...
Fix memory leak when not using fast math and TLS13.
2017-07-25 20:55:42 -07:00
038d16212f
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
59450e83fa
Fix memory leak when not using fast math.
2017-07-26 09:48:34 +10:00
e1830772de
Merge pull request #1056 from JacobBarthelmeh/UnitTests
...
check return values with new unit tests
2017-07-25 16:34:41 -06:00
55b07019a0
Fix for PKCS12 dynamic type names (also fix to use manual realloc since its NUMA type and that behaves different).
2017-07-25 15:19:34 -07:00
c03487d463
Fix for dynamic type of ED25519 key and PK_CALLBACK buffer not being free’d. Fix for portNumber stack var being used out of scope.
2017-07-25 15:07:58 -07:00
4fead493e7
add to return values checked
2017-07-25 14:44:40 -06:00
4438b8e92d
update unit test case with DES3 and FIPS
2017-07-25 14:42:17 -06:00
5b0022fba0
HMAC key size when testing with FIPS
2017-07-25 14:42:17 -06:00
1b80e5a75f
check return values with new unit tests
2017-07-25 14:42:17 -06:00
ef98e96767
Merge pull request #1058 from jrblixt/fix-AesFipsSanityCheck
...
Unit test GCM sanity check Fips change.
2017-07-25 13:30:35 -07:00
a076a2f0d8
Merge pull request #1055 from JacobBarthelmeh/Memory
...
fix memory management with --enable-fast-rsa make key and free RSA ke…
2017-07-25 11:03:16 -07:00
69d4bcbfd5
Merge pull request #1048 from dgarske/fix_custcurve
...
Fixes for using custom curves with `wc_ecc_set_custom_curve`
2017-07-25 10:59:58 -07:00
f9dee9adcc
Merge pull request #1057 from kaleb-himes/TIRTOS-UPDATE
...
Add dependancy file to tirtos package.bld
2017-07-25 10:25:52 -07:00
4939c3eeef
Merge pull request #1030 from SparkiDev/aesni_sha384
...
Assembly optimization for AES-NI, and AVX1 and AVX2
2017-07-25 09:35:43 -07:00
874144be73
Merge pull request #1046 from kojo1/zendesk-3052
...
io.h for VxWorks
2017-07-25 09:53:15 -06:00
f8e2f596d6
Unit test GCM sanity check Fips change.
2017-07-25 09:23:19 -06:00
e9f87b9f33
Merge pull request #1054 from jrblixt/fix-RsaSetRng
...
Fix rsa set rng
2017-07-25 09:16:14 -06:00
e8e1504d9f
Alignment fix
2017-07-25 15:41:33 +10:00
08488b52b7
Fix for wolfCrypt test custom curve test not setting wc_ecc_set_custom_curvebefore calling wc_ecc_import_x963_ex. Fix for using ECC_CACHE_CURVE option and wc_ecc_set_custom_curve. Added error checking for wc_ecc_set_custom_curve calls. Reverted ASN header change in test.c.
2017-07-24 21:04:18 -07:00
33e214ffc1
Fix to allow ECC set curve size with curve_id == 0. Added wolfCrypt tests / example for using wc_ecc_set_custom_curve for BRAINPOOLP256R1.
2017-07-24 17:24:23 -07:00
5180cf4cce
Fix ECC sign with custom curves so the custom params (dp) are passed to public key used for sign.
2017-07-24 17:21:51 -07:00
f147b01674
Fixes for using WOLFSSL_CUSTOM_CURVES and wc_ecc_set_custom_curve. Fixes resolves issue with ->dp and ->idx getting reset which caused curve parameters to not be set correctly. Proper sequence for using custom curves is ‘wc_ecc_init, wc_ecc_set_custom_curve then wc_ecc_make_key_ex(…, ECC_CUSTOM_IDX)’ or wc_ecc_import_x963_ex(…, ECC_CUSTOM_IDX). Test case and example to follow shortly.
2017-07-24 17:21:51 -07:00
b23f983604
Intel Assembly optimizations for ChaCha20 - AVX and AVX2
2017-07-25 10:19:02 +10:00
2329e37d97
Remove options outside VxWorks
2017-07-25 09:07:30 +09:00
8e38dcc347
Tidy code up - use local static for cpuid flags
2017-07-25 08:50:39 +10:00
bde6a35ac4
Assembly optimization for AES-NI, and AVX1 and AVX2
...
Unroll the loop for 8.
Use new optimized maths.
Fix SHA-384 to use SHA-512 assembly code.
Only perform CPU id check in one place.
2017-07-25 08:50:39 +10:00
36c2ee92dc
Merge pull request #1050 from JacobBarthelmeh/ARMv8
...
Xilinx port
2017-07-24 15:37:05 -07:00
1040bbde16
fix memory management with --enable-fast-rsa make key and free RSA key before calling make key function
2017-07-24 16:20:27 -06:00
be61d7fca3
Merge pull request #1044 from ejohnstown/dtls-multicast
...
DTLS Multicast
2017-07-24 14:20:26 -07:00
6df9bc07a4
RSA Fips harness fix.
2017-07-24 13:21:06 -06:00
e68ceb3d2c
Guard against WC_RSA_BLINDING in api.c unit test.
2017-07-24 09:51:50 -06:00
95664fdd05
Merge pull request #1041 from dgarske/armc0
...
Fixes for building with custom options
2017-07-24 08:40:51 -07:00
9d919ca947
Merge pull request #1049 from dgarske/fix_asynchmac
...
Fixes for building with Async
2017-07-24 08:36:20 -07:00
0fed9c1dc5
Add dependancy file to tirtos package.bld
2017-07-24 08:32:01 -06:00
59a46d08d9
Xilinx port
2017-07-21 17:39:47 -06:00
26ac5e1ab7
Fix for error: array subscript is below array bounds warning with GCC 7. Added check to prevent negative value from being used against array.
2017-07-21 12:00:28 -07:00
b7dac4911b
Fix for using Async and HMAC when its not Intel QuickAssist.
2017-07-21 11:43:01 -07:00
9e3497b3d5
Merge pull request #1047 from JacobBarthelmeh/Testing
...
macro guard to check if ECC is enabled
2017-07-21 10:34:13 -07:00
f0d6299581
Fix issue with benchmark_init refactor where malloc failure could use null pointer. Added error checking on the wolfCrypt_Init().
2017-07-21 09:31:12 -07:00
173283208b
add WOLFSSL_HAVE_MAX in settings.h
2017-07-21 12:42:24 +09:00
bd6633a31c
#elif defined(WOLFSSL_VXWORKS) in io.h
2017-07-21 12:37:32 +09:00
e3ffd7d539
macro guard to check if ECC is enabled
2017-07-20 16:38:53 -06:00
7a972d9611
Fix warning for signed/unsigned comparison.
2017-07-20 11:35:52 -07:00
cf9dfac877
Merge pull request #1043 from SparkiDev/sha3_be
...
Big endian fix for SHA-3
2017-07-20 09:14:00 -07:00
d6190507ac
Big endian fix for SHA-3
2017-07-20 16:53:36 +10:00
8bfbabd147
Merge pull request #1040 from jrblixt/fix-FreeToHash
...
Added Free functions to hash unit test.
2017-07-19 18:19:28 -07:00
0a63221220
Fix for SHA3 benchmark digest size for 224. Fix for building track and debug memory together. Fix for hash test order of SHA256 wrong. Fix for asn SkipObjectId missing, when RSA and ECC disabled. Enhancement to allow individual bench calls with bench init/free.
2017-07-19 18:14:57 -07:00
7d82d7235a
Merge pull request #1038 from JacobBarthelmeh/Testing
...
fix warnings found building on a PPC
2017-07-19 16:54:50 -07:00
0fee243b75
Multicast DTLS
...
Restored the multicast key setting code that was lost during rebase.
2017-07-19 14:01:29 -07:00
935bf9028d
DTLS Multicast
...
1. Keep track of the number of records a session drops for having a
bad MAC or detected as replayed.
2. Add function to access the drop statistics.
2017-07-19 13:38:31 -07:00
3329aa7bef
DTLS Multicast
...
Added an API so a session may be queried to see if it has seen any messages
from a specified peerId.
2017-07-19 13:38:31 -07:00
6223f4cd8e
fix a couple rebase merge errors
2017-07-19 13:38:31 -07:00
43f3e304e6
DTLS Multicast
...
Added a parameter check to wolfSSL_mcast_read().
2017-07-19 13:36:42 -07:00
1d32409651
DTLS Multicast
...
1. Allow the MTU size to be changed at compile time for memory
contrained environments using static memory.
2. Add compile time option to disable the check for DTLS messages
in the current epoch with an outside-the-window sequence number.
2017-07-19 13:36:42 -07:00
3b5e537f08
DTLS Multicast
...
wolfSSL_set_secret() was checking the preMasterSz against the sizeof
the preMasterSecret member of the Arrays structure. That member
was changed to a pointer and allocated dynamically for the session
write-duping. The comparison between the passed in size and the size
of the parameter started failing. The check now uses the constant
that is used for allocating the preMasterSecret member.
2017-07-19 13:36:42 -07:00
4c5ddc8482
Multicast DTLS
...
Handshake resources are required for Multicast DTLS to calculate the
session keys. When the session key is set, free the handshake resources.
2017-07-19 13:36:42 -07:00
6509faa78d
Several parameters stored with DTLS session export have moved into
...
a wrapper structure. Updated the references.
2017-07-19 13:36:42 -07:00
1d5c6cce00
Fix some small things compiling with a different compiler, and some
...
other options.
1. Missing prototype for the Mcast receive I/O callback.
2. When disabling SHA-1, the old DTLS cookie callback wouldn't work.
Allow for SHA-256.
2017-07-19 13:36:42 -07:00
fbd7f7972b
Multicast
...
1. Used quotes rather than angle-brackets when including
user_settings.h.
2. Used angle-brackets rather than quotes when including
the ThreadX and NetX headers.
3. Added a define flag to include types.h with NetX or ThreadX.
4. Added a void typecast to hush a warning about an unused variable
in the I/O callbacks for NetX.
5. Clean up static analysis warning in the peer sequence
number selection for DTLS.
2017-07-19 13:36:41 -07:00
b40aad3f9e
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-07-19 13:35:59 -07:00
6097d29045
DTLS Multicast
...
1. Restore original EmbedRecvFrom callback.
2. Add new EmbedRecvFromMcast callback. (EmbedSendTo still the same.)
3. Set new receive from callback when setting the member ID.
4. Fixed bad rebase change.
2017-07-19 13:34:32 -07:00
af1a9ca908
Multicast
...
1. Squash a couple unused variable warnings.
2017-07-19 13:34:32 -07:00
1657569605
DTLS Multicast
...
1. Adding the prototypes for the sequence number high water callback.
2. Added the accessors to set the highwater callback function,
trigger levels, and application context.
3. Calls the highwater callback at specified sequence number thresholds
per peer.
2017-07-19 13:34:32 -07:00
96c25b2caa
DTLS Multicast
...
1. Separated the peer ID from the array index into the peer sequence
list. This allows peer IDs to range from 0..255, and to have an
arbitrary size for the sequence list.
2. Add API to add and remove peer IDs from the sequence number list.
2017-07-19 13:33:58 -07:00
3f330a2b21
Multicast
...
1. Move the function `wolfSSL_mcast_read()` to
follow `wolfSSL_read_internal()`.
2. Implemented `wolfSSL_mcast_read()`.
2017-07-19 13:33:58 -07:00
60c6c32ad3
Multicast DTLS
...
Tweak the size of the Peer Sequence list.
2017-07-19 13:33:58 -07:00
fa4a8fee8c
DTLS Multicast
...
1. Temporary change to io.c to recieve datagrams from any peer.
2. Uses an array of Peer Sequence structures to track the current
sequence number of all the peers.
2017-07-19 13:33:57 -07:00
0457df83d4
Multicast
...
1. When setting the key data, use same keys for server and client
sides of the different keys. This feels a little kludgey, and
won't work when using separate senders and listeners who may
use unicast messages. But this works for the all peers are
multicast senders case.
2017-07-19 13:33:57 -07:00
30a54a4860
Multicast
...
1. Add haveMcast as an exception case for needing a signing key along
with havePSK and haveAnon.
2017-07-19 13:31:39 -07:00
41638b437b
DTLS Multicast
...
1. Add configured group ID to outbound DTLS datagrams.
2. Parse the group ID from inbound DTLS datagrams.
2017-07-19 13:31:39 -07:00
dd9800856d
Multicast DTLS
...
When setting the new secret, in DTLS mode, update the sequence
numbers, message windows, and epoch.
2017-07-19 13:31:39 -07:00
431a0cbea9
Multicast
...
1. Since multicast's only cipher suite uses null cipher
automatically enable it.
2. Add options to example client and server to start
testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
2017-07-19 13:31:39 -07:00
f83a593f27
Added Free functions to hash unit test.
2017-07-19 14:28:41 -06:00
b616b8df02
Multicast DTLS
...
1. Update API
2. Update unit test
3. Partially implemented wolfSSL_set_secret().
2017-07-19 13:26:23 -07:00
0838a3828b
Multicast DTLS
...
1. Added new cipher suite for use with Multicast DTLS,
WDM_WITH_NULL_SHA256. (It should be a private suite.)
2. Update the API test to use the new suite.
2017-07-19 13:26:23 -07:00
5154584576
Multicast DTLS
...
1. Add DTLS-multicast to the enable options.
2. Reorg DTLS related enable options together.
3. Update a couple enable option texts to use the AS_HELP_STRING() macro.
4. Add three new APIs for managing a DTLS Multicast session.
5. Add test code for new APIs.
6. Add stub code for the new APIs.
2017-07-19 13:26:23 -07:00
b3a20470fd
Merge pull request #1036 from jrblixt/unitTest_api_addHc128-PR07182017
...
Unit test functions for HC128.
2017-07-19 13:29:18 -06:00
5c19b7bfe0
Changes per Chris.
2017-07-19 11:24:56 -06:00
667b8431cc
Merge pull request #683 from moisesguimaraes/wolfssl-py
...
wolfssl python wrapper
2017-07-19 09:22:02 -07:00
81f09e575e
fix warnings found building on a PPC
2017-07-19 09:24:45 -06:00
d2245b9614
Unit test functions for HC128.
2017-07-19 09:18:48 -06:00
5f17598d47
Merge pull request #1035 from jrblixt/Api_c-Fix
...
api.c fix.
2017-07-18 15:46:12 -07:00
0e6b0a6156
Merge pull request #1033 from jrblixt/unitTest_api_addAesCcm-PR07172017
...
Unit test functions for AES-CCM.
2017-07-18 15:44:12 -07:00
e68f1b2cec
api.c fix.
2017-07-18 11:02:19 -06:00
c93a903cae
atualiza lista de arquivos incluídos na versão de distribuição.
2017-07-18 11:36:07 -03:00
47fd21dc63
Merge pull request #1032 from JacobBarthelmeh/SGX
...
fix macro check with SGX settings
2017-07-17 19:07:28 -07:00
5671a4cb49
Added unit test functions for AES-CCM.
2017-07-17 15:58:11 -06:00
808f4692c7
Merge pull request #993 from jrblixt/unitTest_api_addRsa-PR06222017
...
Add RSA to unit test.
2017-07-17 13:42:42 -07:00
fdb371e82e
Changes per Chris.
2017-07-17 10:43:36 -06:00
c4f0bd6172
fix macro check with SGX settings
2017-07-17 09:36:45 -06:00
cc4ca6a44a
Merge pull request #1029 from kaleb-himes/RIOT_OS_PORTABILITY
...
Riot os portability and minor design modifications
2017-07-17 05:16:56 -07:00
a7390e32ec
Identified two more old-style definitions in test app
2017-07-16 16:01:52 -06:00
e51225aca6
Address typo in RIOT_OS settings and removed ECC as a default feature
2017-07-16 14:22:15 -06:00
8acf709b59
Address some old-style function definitions found in RIOT testing
2017-07-16 14:18:58 -06:00
f7cd8a0f15
Merge pull request #1028 from JacobBarthelmeh/SGX
...
update SGX macros for harden
2017-07-14 19:42:29 -07:00
12795e9a40
update SGX macros for harden
2017-07-14 16:59:11 -06:00
9e9dbc5e97
Merge pull request #1026 from dgarske/curve_128bit
...
Fix for ARMv8 and Curve25519 with debug enabled
2017-07-14 13:27:22 -07:00
8612d52844
Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the __int128_t as const for integers. Also added ./configure --enable-curve25519=no128bit option to force FE to not use the int128_t math.
2017-07-14 10:39:30 -07:00
8b55122ba0
Merge pull request #1024 from JacobBarthelmeh/UnitTests
...
adjust size of test buffer
2017-07-13 16:48:00 -07:00
a0e918c350
Merge pull request #1022 from JacobBarthelmeh/curve25519
...
build for ed25519 only
2017-07-13 12:30:26 -07:00
ba48221c41
adjust size of test buffer
2017-07-13 13:21:09 -06:00
af8b96e277
Merge pull request #1021 from toddouska/zeroret
...
don't treat peer closed / zero return as hard error in example servers
2017-07-13 09:11:31 -07:00
4491102eed
Merge pull request #1018 from dgarske/fix_tfm_rusb_max
...
Fix for fast math `fp_read_unsigned_bin` function to check max size
2017-07-13 09:27:02 -06:00
d559eb0f4f
Fix for fast math fp_read_unsigned_bin function to check max and correctly set a->used (is handled in fp_mul_2d).
2017-07-12 16:39:26 -07:00
43260f02f4
Merge pull request #1020 from toddouska/null
...
add NULL checks to check_domain_name()
2017-07-12 14:58:07 -07:00
b12e3c6579
Merge pull request #1019 from JacobBarthelmeh/Testing
...
update AES CTR API with ARMv8 port
2017-07-12 15:57:25 -06:00
c4fe67b633
build for ed25519 only
2017-07-12 15:53:11 -06:00
b4f9c46069
Merge pull request #1011 from dgarske/fixes_armv8
...
Fixes for building ARMv8 (--enable-armasm)
2017-07-12 15:44:31 -06:00
19787e6d4f
don't treat peer closed / zero return as hard error in example servers
2017-07-12 14:15:16 -06:00
c777097e54
Fix wc_AesGcmDecrypt arg check for authIn.
2017-07-12 09:49:27 -07:00
b02c995fff
add NULL checks to check_domain_name()
2017-07-12 10:16:31 -06:00
5bb8de627e
Fixes based on peer review (thanks).
2017-07-12 09:04:10 -07:00
43ad30d364
Merge pull request #1016 from dgarske/fix_harden
...
Warn if hardening options are not defined and not disabled using `WC_NO_HARDEN`
2017-07-12 09:27:32 -06:00
dc5e6f789d
Merge pull request #1017 from dgarske/bigend
...
Fix for big endian seg fault in `SendCertificateVerify`
2017-07-12 09:25:25 -06:00
9d7e8a83c9
update AES CTR API with ARMv8 port
2017-07-11 17:13:32 -06:00
7853440d89
Merge pull request #1015 from dgarske/config_ignore_cleanup
...
Improve the Git ignore formula for `config`
2017-07-11 15:42:08 -07:00
3ff088b92f
Merge pull request #1014 from dgarske/atecc508a
...
Fixes for building with ATECC508A
2017-07-11 15:41:05 -07:00
00724c95a9
Add RSA to unit test.
2017-07-11 09:57:33 -06:00
f8c0a52170
Merge pull request #996 from jrblixt/unitTest_api_addAes-PR06152017
...
Unit test api add AES.
2017-07-11 08:36:13 -07:00
69e9aa29f2
Fix for big endian platform in SendCertificateVerify where seg fault occurred due to passing a int pointer to a word16 pointer, which caused wrong bits to get set. Fix to replace int with word16. Tests pass now. Also searched for other (word16*)& scenarios and only other place was in ntru code, which was also fixed.
2017-07-10 20:00:37 -07:00
a5cdbb18cb
Reworked the AES Key Wrap to use existing code in aes.c (instead of duplicating code in armv8-aes.c). Cleanup for GE/FE math on 32-bit to remove duplicate #ifdef check. Fixed AES GCM arg check for authIn to allows NULL.
2017-07-10 19:12:41 -07:00
792fcefbb7
Fix to not warn about WC_RSA_BLINDING in FIPS mode. Add WC_RSA_BLINDING to Windows user_settings.h.
2017-07-10 18:41:22 -07:00
171796e8e2
Fix up for building without ./configure to warn if hardening options are not enabled. Currently ./configure defaults to --enable-harden, but if building sources directly and using settings.h or user_settings.h the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining WC_NO_HARDEN.
2017-07-10 14:40:07 -07:00
cebcee34dd
Improve the Git ignore formula for config. Fixes issue #1012 .
2017-07-10 14:21:19 -07:00
f9c949e7e5
Merge pull request #871 from danielinux/rm-wolfssl.pc
...
Remove automatically generated file wolfssl.pc
2017-07-10 14:16:48 -07:00
58c05123da
Fixes for building with ATECC508A. Allow ECC check key to pass if slot numb is valid.
2017-07-10 11:07:24 -07:00
205da48416
Fixes for building ARMv8. Adds missing SHA224 and AES KeyWrap. Fixes for FE/GE warning with Aarch32. Fix possible build error with ed25519_test with ret not defined.
2017-07-07 15:12:51 -07:00
b6854d620f
Merge pull request #1009 from dgarske/fix_tls13_async_aes
...
Fix problem with async TLS 1.3 and raw AES encryption key change
2017-07-06 15:39:22 -07:00
626eeaa63d
Merge pull request #1005 from SparkiDev/nginx-1.13.2
...
Changes for Nginx
2017-07-06 14:33:46 -07:00
ced45ced41
Changes requested by Chris.
2017-07-06 13:42:54 -06:00
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
4b9069f786
Merge pull request #1008 from dgarske/fix_async_frag
...
Fixes for using async with max fragment
2017-07-05 11:00:26 -07:00
e767d40656
Merge pull request #1006 from cconlon/mqx
...
Update MQX Classic, mmCAU Ports
2017-07-05 10:30:20 -07:00
df119692d1
Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment.
2017-07-03 19:57:37 -07:00
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
2939fbe242
Merge pull request #1004 from dgarske/fix_qat_dh
...
Fixes for QAT with DH and HMAC
2017-07-03 12:31:48 -07:00
1729e0205f
reads _CADATA from file
2017-07-03 12:39:42 -03:00
54177c14b4
imports certs from ./certs
2017-07-03 12:31:47 -03:00
bba3fcf772
removes certs
2017-07-03 12:22:22 -03:00
c9a2c4ef02
Fix problem with async TLS 1.3 with hardware where encryption key is referenced into ssl->keys and changes before it should be used. Solution is to make raw copy of key and IV for async AES.
2017-06-30 16:41:01 -07:00
6a695b76cb
Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration).
2017-06-30 11:48:59 -07:00
a025417877
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
2017-06-30 11:35:51 -07:00
a3375ef961
Merge pull request #997 from NickolasLapp/master
...
Updates to Linux-SGX README, and disable automatic include of
2017-06-30 11:48:12 -06:00
d956181911
Merge pull request #1003 from jrblixt/asn_cMemLeak-fix
...
Fix possible memory leak in wc_SetKeyUsage.
2017-06-29 15:28:53 -07:00
baf6bdd6e1
asn.c memory leak fix.
2017-06-29 14:55:19 -06:00
31e1d469c0
Merge pull request #1002 from SparkiDev/tls13_imprv
...
Improvements to TLS v1.3 code
2017-06-29 09:21:20 -07:00
bba914f92e
protect wolfSSL_BN_print_fp with NO_STDIO_FILESYSTEM
2017-06-29 08:52:45 -06:00
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
c099137450
add classic Kinetis mmCAU support, FREESCALE_USE_MMCAU_CLASSIC
2017-06-28 16:32:35 -06:00
15a1c9d48e
fixes for MQX classic with Codewarrior
2017-06-28 12:28:40 -06:00
a89e50b7b7
include settings.h in wc_port.h to pick up user_settings.h
2017-06-28 12:25:44 -06:00
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
b29cd414ef
Merge pull request #995 from SparkiDev/tls13_cookie
...
Add TLS v1.3 Cookie extension support
2017-06-28 10:12:49 -07:00
47cc3ffdbc
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
d4e104231c
Updates to Linux-SGX README, and disable automatic include of
...
benchmark/wolfcrypt tests in static library compile
2017-06-26 14:55:13 -07:00
a3b21f0394
Aes unit test functions.
2017-06-26 15:16:51 -06:00
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
3bdf8b3cfd
remove fcntl.h include when custom generate seed macro is defined ( #994 )
2017-06-23 14:03:07 -07:00
fbc4123ec0
Added -x option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
8ef556c2a0
Merge pull request #991 from JacobBarthelmeh/Testing
...
update .am files for make dist
2017-06-22 15:02:12 -07:00
b0f87fdcf7
update .am files for make dist
2017-06-22 14:14:45 -06:00
72da8a9a07
Merge pull request #731 from moisesguimaraes/fixes-ocsp-responder
...
adds OCSP Responder extKeyUsage validation
2017-06-22 11:43:51 -07:00
d017274bff
Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix
...
Fix potential buffer over-read in PemToDer()
2017-06-22 10:07:11 -07:00
3a4edf75bd
Rename the option to disable the new issuer sign check to ‘WOLFSSL_NO_OCSP_ISSUER_CHECK`.
2017-06-22 09:56:43 -07:00
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
ccb8e8c976
Merge pull request #988 from jrblixt/unitTest_api_addArc4-PR06212017
...
Add Arc4 to unit test.
2017-06-22 09:15:28 -06:00
207b275d24
Fix HelloRetryRequest for Draft 18
2017-06-22 14:40:09 +10:00
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
a37808b32c
Sanity checkes added
2017-06-21 17:14:20 -06:00
1aee054902
Add Arc4 to unit test.
2017-06-21 17:03:27 -06:00
a3578c6643
Adds WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN option to provide backwards compatibility option for OCSP checking.
2017-06-21 14:12:12 -07:00
7a3769f435
Fix wolfCrypt errors test to allow -178.
2017-06-21 14:12:12 -07:00
4bb17205fe
adds new ocsp test
2017-06-21 14:12:12 -07:00
a9d5dcae58
updates ocsp tests; adds check for OCSP response signed by issuer.
2017-06-21 14:12:12 -07:00
42a2f5858e
adds OCSP Responder extKeyUsage validation
2017-06-21 14:12:12 -07:00
9ead657723
Merge pull request #989 from dgarske/testing
...
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
2017-06-21 14:10:49 -07:00
cd570a01f2
Merge pull request #975 from dgarske/ed_curve_small
...
Allow different Ed25519/Curve25519 math versions
2017-06-21 13:00:33 -07:00
247388903b
Remove double cast + move min() calls
2017-06-21 13:56:34 -06:00
fec75e445e
Fix for build error in master from QAT fixes in PR #967 . Odd that this build error didn’t show up till just now.
2017-06-21 12:52:03 -07:00
64873489ef
Merge pull request #977 from cconlon/cms
...
add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
2017-06-21 11:54:20 -06:00
d75a9f2436
Fix for wc_ReadDirFirst to return non-zero value if no files found. Fix for wolfSSL_CTX_load_verify_locations to not return failure due to wc_ReadDirNext “no more files” -1 response.
2017-06-21 10:36:49 -07:00
2f9f746053
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-21 10:36:49 -07:00
0fa99fcc2e
Fix for openssl script test reporting ./scripts/openssl.test: line 219: psk: command not found.
2017-06-21 10:36:49 -07:00
3e06beac19
Additional edge case build error with 32-bit and small where int32_t not defined due to stdint.h not being included.
2017-06-21 10:13:20 -07:00
c183e03802
Merge pull request #986 from jrblixt/unitTest_api_addRabbit-PR06192017
...
Add Rabbit unit test functions.
2017-06-21 10:45:41 -06:00
decdf7ae8b
Cleanup
2017-06-21 16:56:51 +10:00
1549a60aa5
Put back Draft 18 code
2017-06-21 08:35:28 +10:00
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
97906bfdb2
Merge pull request #982 from JacobBarthelmeh/Testing
...
set return code to TEST_SUCCESS on successful connection
2017-06-20 16:21:50 -06:00
8b637cbd1b
Merge pull request #967 from dgarske/fix_qat
...
Fixes and Improvements for Intel QuickAssist
2017-06-20 14:49:56 -07:00
a555b5e54a
Merge pull request #987 from SparkiDev/nginx_fix
...
Fix for Nginx - return specific error when at end of file
2017-06-20 14:28:34 -07:00
c14e2d5888
Add Rabbit unit test functions.
2017-06-20 15:16:12 -06:00
6e6b341b46
Removed automatically generated file wolfssl.pc
2017-06-20 10:39:02 +02:00
d5b1698c43
Fix for Nginx - return specific error when at end of file
2017-06-20 09:27:24 +10:00
4950c644cd
Fix edge case on 32-bit with ED small only.
2017-06-19 10:15:05 -07:00
7fdb7037d8
Fixes for building Ed/Curve for building on 32/64 bit with uint64_t. Fixes for build with Ed/Curve with ECC disabled.
2017-06-19 10:09:12 -07:00
2a688bf905
Merge pull request #972 from jrblixt/unitTest_api_addCamellia-PR06142017
...
Add Camellia unit test functions.
2017-06-19 09:33:19 -06:00
c118146803
set return code to TEST_SUCCESS on successful connection
2017-06-19 09:26:16 -06:00
ee83710a0a
Fix for building only curve small and ed disabled. Fix for client assuming supported curves is enabled with curve.
2017-06-16 16:17:01 -07:00
6a2824f199
Add Camellia unit test functions..
2017-06-16 16:27:03 -06:00
e0e8d14630
Merge pull request #970 from jrblixt/unitTest_api_addChacha-PR06142017
...
Add ChaCha unit test functions.
2017-06-16 16:15:39 -06:00
816b0b058c
add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
2017-06-16 15:16:32 -06:00
43d6b7a145
Add ChaCha unit test functions.
2017-06-16 13:00:17 -06:00
17936d65e0
please Jenkins + a bit of cleanup
2017-06-16 12:27:59 -06:00
2f36b24796
Merge pull request #973 from JacobBarthelmeh/Testing
...
add sanity check for wolfSSL_X509_NAME_oneline function
2017-06-16 10:54:02 -07:00
4389d271cc
Fixed potential buffer overflows when configured with --enable-opensslextra
2017-06-16 11:02:06 -06:00
3c173ba366
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with CURVED25519_SMALL define. Adds new defines CURVE25519_SMALL and ED25519_SMALL to allow individual enabling of math library choice (_low_mem or _operations). Example: ./configure --enable-ed25519=small --enable-curve25519.
2017-06-16 09:41:10 -07:00
e6f0ee84ec
Merge pull request #971 from jrblixt/unitTest_api_addIdea-PR06142017
...
Add IDEA unit test functions.
2017-06-15 13:12:52 -06:00
bb6582896d
add sanity check for wolfSSL_X509_NAME_oneline function
2017-06-15 11:55:37 -06:00
d5a43af751
Code review changes. Reviewer: Chris.
2017-06-15 11:12:01 -06:00
1d303f5f61
Merge pull request #966 from cconlon/ecc_asn
...
fix wc_EccPrivateKeyDecode when pub exists
2017-06-15 08:42:09 -07:00
25ce52cd0c
Add IDEA unit test functions.
2017-06-14 23:43:00 -06:00
2b085351b6
Merge pull request #968 from JacobBarthelmeh/Testing
...
silence "may be used uninitialized" warning
2017-06-14 18:05:45 -07:00
55d421d8b6
Merge pull request #964 from SparkiDev/ecc_priv_only
...
Ecc priv only
2017-06-14 16:42:24 -07:00
e1fef39aa2
silence "may be used uninitialized" warning
2017-06-14 16:58:22 -06:00
f008350afd
Added QAT DRBG support.
2017-06-14 15:45:34 -07:00
73567853d3
Fix possible memory leak in DSA and ECC (mp_clear should always be called since async was implemented… even for fast math). Fix dynamic type mismatch in PKCS7.
2017-06-14 15:11:43 -07:00
68439d4317
Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure.
2017-06-14 15:11:43 -07:00
88afc7a92f
Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware.
2017-06-14 15:11:43 -07:00
40d94724eb
Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU.
2017-06-14 15:11:43 -07:00
131ccf289f
Disable large alloc scrypt test. Fix unused ret warning in DH key gen from prev change.
2017-06-14 15:11:43 -07:00
a77f9fe3e6
Fix for DH so software math is used if prime is under 768 bits.
2017-06-14 15:11:43 -07:00
b778ddfea2
Merge pull request #957 from SparkiDev/tls13_updates
...
Tls13 updates
2017-06-14 14:59:11 -07:00
c283d4aece
Merge pull request #962 from NickolasLapp/linux-sgx
...
Add LINUX SGX Support for building of wolfSSL static library. See README
2017-06-14 15:56:30 -06:00
70eddc4336
Merge pull request #965 from cconlon/threadx
...
ThreadX/NetX warning and optional dc_log_printf exclusion
2017-06-14 14:56:12 -07:00
ff48d19727
fix wc_EccPrivateKeyDecode when pub exists
2017-06-14 14:49:52 -06:00
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
6d5c257010
Merge pull request #963 from dgarske/fix_tls13_options
...
Fixes for TLS 1.3 without ECC or RSA
2017-06-14 11:19:14 -07:00
ea9e4887e9
ThreadX/NetX warning and optional dc_log_printf exclusion
2017-06-14 11:12:27 -06:00
1e94868432
Add LINUX SGX Support for building of wolfSSL static library. See README
...
in IDE/LINUX-SGX/README.md.
2017-06-13 17:34:45 -07:00
13c4fe6cc4
Add test
2017-06-14 09:44:26 +10:00
62ae1d3023
Fix for private key only ECC key.
2017-06-14 09:33:27 +10:00
19f22edd9a
Merge pull request #949 from cconlon/string_abstraction
...
Fix mystrnstr() prototype declaration
2017-06-13 16:06:31 -07:00
1ddd6fd3fe
Merge pull request #933 from jrblixt/unitTest_api_add3des
...
Add 3Des to unit test.
2017-06-13 15:35:54 -06:00
189d579bec
Merge pull request #960 from levi-wolfssl/void
...
Add void to function prototype.
2017-06-13 13:58:34 -07:00
76aa1f855f
Merge branch 'masterB' of https://github.com/jrblixt/wolfssl into unitTest_api_add3des-cpy
2017-06-13 14:06:30 -06:00
0ef1129f18
Changes WRT small stack.
2017-06-13 13:44:06 -06:00
042ee817f3
Merge pull request #757 from moisesguimaraes/updates-wolfcrypt-py-docs
...
Removes 3DES from the wolfCrypt Python docs
2017-06-13 10:55:21 -06:00
048b074894
Merge pull request #932 from jrblixt/unitTest_api_addHmac-mergeWolfMaster
...
Add HMAC test functions to unit test.
2017-06-13 10:53:09 -06:00
adf819458c
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
a18e9a220f
Merge pull request #956 from dgarske/fix_tls13_async
...
Fixes for asynchronous TLS 1.3
2017-06-13 08:08:34 -07:00
af2cbcdbab
Added new arg documentation for asyncOkay in doxygen style.
2017-06-12 11:42:48 -07:00
ce231e0cbc
Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages.
2017-06-12 11:42:48 -07:00
1d2b4226a4
Merge pull request #959 from SparkiDev/tls_pss_fix
...
Fix check for PSS availability in peer
2017-06-12 11:20:29 -07:00
894f4f6fa5
Merge pull request #954 from jrblixt/asn_cSetKeyUsage-fix
...
Fix wc_SetKeyUsage() value error.
2017-06-12 10:48:56 -07:00
0fcd1617eb
Merge pull request #952 from JacobBarthelmeh/Testing
...
sanity check on build with ECC or RSA
2017-06-12 10:47:53 -07:00
7cc455259e
Merge pull request #941 from SparkiDev/ed25519
...
ED25519 with certificates and TLS
2017-06-12 10:47:21 -07:00
267753acdd
add void to function prototype
2017-06-12 10:28:10 -06:00
8dbd9a88ee
Fix for CCM - TLS v1.3 needs all nonce/IV bytes
2017-06-12 14:21:43 +10:00
044417ba01
Fix for cache only SNI and TLS v1.3
2017-06-12 09:46:50 +10:00
fdcf25b6d1
Fix check for PSS availability in peer
2017-06-12 09:05:32 +10:00
c70fa33094
Merge pull request #958 from kaleb-himes/OPENSSL_EVP
...
Fix compile time Error with openssl extra and cryptonly
2017-06-09 11:12:36 -07:00
86809cca74
Fix compile time warning with openssl extra and cryptonly
2017-06-08 20:14:15 -06:00
90287c8857
Merge pull request #955 from kaleb-himes/ARG-ERR
...
Fix compile error, too many args with --enable-wpas
2017-06-08 14:59:55 -07:00
a00165768c
Fix compile error, too many args with --enabl-wpas
2017-06-08 13:34:44 -06:00
3429b5a3b5
Rework CheckPrivateKey
2017-06-08 09:26:49 +10:00
1db52f0c04
Fix to use different PEM header for EDDSA keys
...
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
2017-06-08 09:26:49 +10:00
a30e8eb4ad
Fix for benchmarking X25519
2017-06-08 09:26:49 +10:00
1bc862ae24
Ed25519 testing in test.c
2017-06-08 09:26:49 +10:00
613d30bcae
ED25519 TLS support
2017-06-08 09:26:49 +10:00
4beda52dcd
Ed25519 Certificates
2017-06-08 09:26:49 +10:00
1be0b2aa30
Merge pull request #953 from SparkiDev/tls13_psk
...
External PSK working in TLS13
2017-06-07 13:58:03 -07:00
2c84eee2df
Fix wc_SetKeyUsage() value error.
2017-06-07 13:58:13 -06:00
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
26f106c42b
Merge pull request #948 from SparkiDev/tls13_down
...
Implement TLS v1.3 specified downgrade protection mechanism
2017-06-05 16:17:49 -07:00
63c85f72d2
sanity check on build with ECC or RSA
2017-06-05 15:21:34 -06:00
af03b7a4ff
Merge pull request #944 from SparkiDev/tls13_20
...
Updates for Draft 20 of TLS v1.3
2017-06-05 14:06:09 -07:00
026a95ff10
Merge pull request #950 from dgarske/fix_ocsp_crl
...
Fixes for OCSP and CRL with non-blocking sockets
2017-06-05 13:59:36 -07:00
642795db1b
Implement TLS v1.3 specified downgrade protection mechanism
...
TLS v1.2 implementations whould implement the downgrade protection
mechanism too and so is included.
2017-06-05 09:18:46 +10:00
c55575665f
Cleanup to use WANT_READ instead of async WC_PENDING_E for non-blocking OCSP and CRL.
2017-06-02 10:35:26 -07:00
c3d29ddfe3
Merge pull request #946 from SparkiDev/jenkins
...
Fix NO_DH build issue
2017-06-02 09:46:55 -07:00
b3a85bc2c7
Fixes for OCSP and CRL with non-blocking sockets. Fix for OCSP and CRL file descriptor check to allow 0.
2017-06-02 09:36:35 -07:00
3df565475a
protect mystrnstr prototype with WOLFSSL_LEANPSK instead of STRING_USER
2017-06-02 09:26:40 -06:00
0b32d0368f
Updates for Draft 20 of TLS v1.3
2017-06-02 15:59:49 +10:00
6b34a94589
Fix NO_DH build issue
2017-06-01 11:56:53 +10:00
7a52b5b394
fixes makefiles and requiremets
2017-05-29 20:44:28 -03:00
38c6d2e3eb
Merge pull request #737 from embray/patch-1
...
wolfcrypt Python: work around minor issue in Random.__del__
2017-05-29 20:19:21 -03:00
320ad56139
Merge pull request #939 from dgarske/fixes_async
...
Fixes for build with async
2017-05-26 17:04:57 -07:00
c0408aebb4
Merge pull request #938 from dgarske/fix_asn_noocspoptcert
...
Fixes for OCSP workaround for incomplete cert chain
2017-05-26 17:02:31 -07:00
e345471b21
Logical error fix.
2017-05-26 13:27:27 -06:00
a0345f6ba9
Fix for building without WOLFSSL_NO_TRUSTED_CERTS_VERIFY.
2017-05-26 10:53:42 -07:00
53021a5df7
Increased security for WOLFSSL_NO_TRUSTED_CERTS_VERIFY workaround so it only applies to OCSP. Fix for the workaround to still return date or parsing errors.
2017-05-26 10:01:42 -07:00
1c0006882a
Remove AssertIntEq from within function.
2017-05-26 09:44:12 -06:00
a44df73151
Merge pull request #937 from SparkiDev/sha3
...
Initial revision of SHA-3
2017-05-25 10:48:28 -07:00
7ef5aeaf13
Fixes from review and tidy up code.
2017-05-25 09:09:50 +10:00
4134073c8d
Initial revision of SHA-3
2017-05-25 09:09:50 +10:00
0e22752af4
Jenkins fixes.
2017-05-24 16:32:21 -06:00
47b0a62c88
Hmac unit test functions ready for PR.
2017-05-24 16:32:17 -06:00
edddd05226
Changes per Chris.
2017-05-24 11:50:18 -06:00
4d458831b7
Jenkins fixes.
2017-05-24 11:50:18 -06:00
b47fca5760
Patched and Clean up for PR.
2017-05-24 11:50:13 -06:00
60c51db831
Merge pull request #928 from jrblixt/unitTest_api_sha224-RipeMd
...
Add sha224 RipeMd to unit test
2017-05-24 09:00:35 -06:00
c1664bd1a0
Fixes for async with benchmark tool.
2017-05-23 15:41:42 -07:00
64de29f277
Fix for wolfCrypt test with enable-all and asynccrypt.
2017-05-23 15:23:58 -07:00
77dbf539c8
Merge pull request #934 from JacobBarthelmeh/mysql
...
some MYSQL updates for cmake and with sun 64 bit
2017-05-23 15:01:39 -07:00
720f3fdad2
Fixed a few minor build errors with async enabled.
2017-05-23 15:00:55 -07:00
d2b6ab0796
Merge pull request #935 from JacobBarthelmeh/Testing
...
remove size_t dependency with default build
2017-05-23 14:58:50 -07:00
6b09a7c6e1
Merge pull request #922 from SparkiDev/tls_pss
...
TLS v1.2 and v1.3 RSA PSS
2017-05-23 14:57:10 -07:00
1880677232
Disable wc_scrypt tests that use high memory for BENCH_EMBEDDED.
2017-05-23 14:42:19 -07:00
fc5a37ac02
Changes per Chris.
2017-05-23 10:01:31 -06:00
9f5f1dd00f
Merge pull request #936 from SparkiDev/cplusplus
...
Compiling with g++ when configured with --enable-distro
2017-05-22 16:02:56 -07:00
19edd47018
Merge pull request #917 from SparkiDev/tls_curve25519
...
Enable X25519 for Key Exchange in TLS
2017-05-22 16:00:00 -07:00
47d04ebaff
Fix from review.
2017-05-23 08:54:25 +10:00
c85d07a49d
Merge pull request #929 from dgarske/fix_asn_perm_dirname
...
Fix for parsing permitted name constraint for subject directory name
2017-05-22 09:55:49 -07:00
a8f08d1d70
Merge pull request #807 from kojo1/AES-GCM-stm32f4
...
Fixes for STM32F4 AES GCM
2017-05-22 09:53:53 -07:00
0e860b0d55
Merge pull request #925 from dgarske/enable_all
...
Added new `./configure --enable-all` option to enable all features
2017-05-22 09:22:50 -07:00
15a2323c09
Compiling with g++ when configured with --enable-distro
2017-05-22 10:14:02 +10:00
6c6069bed8
Fixes from review
2017-05-22 09:47:45 +10:00
8920cd89e4
Fixes from review
2017-05-22 09:09:31 +10:00
570c3f02b8
Merge pull request #931 from JacobBarthelmeh/Memory
...
add trackmemory enable option
2017-05-19 17:21:56 -07:00
398c27d848
remove size_t dependency with default build
2017-05-19 16:16:08 -06:00
b6c2e2acf9
require using wolfSSL memory when enabling trackmemory
2017-05-19 15:24:38 -06:00
184e9c4090
Fix typo from intermediate change for unaligned CBC fixes. Thanks Nick.
2017-05-19 14:10:50 -07:00
a616513860
Added support for AES GCM with STM32F2/STM32F4 using Standard Peripheral Library and CubeMX. Added AES ECB Decrypt for Standard Peripheral Library. Fixes for wolfCrypt test with STM32 crypto hardware for unsupported tests (AES CTR plus 9 and AES GCM with IV != 12). Improve AES CBC for STM32 to handle block aligned only. Added IDE example for SystemWorkbench for STM32 (Open STM32 tools) IDE.
2017-05-19 11:15:46 -07:00
0a28b76e8b
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 10:54:13 -07:00
1cf3530124
Fix for building with WOLFSSL_NO_OCSP_OPTIONAL_CERTS defined.
2017-05-19 09:59:03 -07:00
bdaa827114
Merge pull request #927 from dgarske/fix_nxp_ltc
...
Build fixes for NXP KSDK with MMCAU / LTC after Hexiwear changes
2017-05-19 08:49:54 -07:00
7f01aa917a
Merge pull request #930 from dgarske/fix_win
...
Fixes for building AES key wrap and PKCS7 on Windows
2017-05-19 08:16:21 -07:00
4390f4c711
TLS v1.2 and PSS
...
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
2017-05-19 11:49:43 +10:00
5ef977aa3d
Put X25519 behind P256
...
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
7f350a726b
Merge pull request #926 from dgarske/bench_block_size
...
Added argument for benchmark block size
2017-05-18 16:45:00 -07:00
452e057dbf
Merge pull request #919 from dgarske/bshg
...
Add `WOLFSSL_NO_TRUSTED_CERTS_VERIFY` option
2017-05-18 16:44:14 -07:00
c3a7497562
Merge pull request #923 from JacobBarthelmeh/staticmemory
...
updated static memory feature with pkcs7
2017-05-18 16:42:21 -07:00
4737b97503
add trackmemory enable option
2017-05-18 16:46:56 -06:00
cbb2c73828
Improve NXP MMCAU/LTC AES CBC handling for unaligned sizes. Cleanup formatting in a few places.
2017-05-18 15:04:01 -07:00
d61e0243a3
Fixes for building AES key wrap and PKCS7 on Windows. Cleanup snprintf to use XSNPRINTF and changed so define is always setup.
2017-05-18 14:44:19 -07:00
36e1fb5e5b
Fix for parsing permitted name constraint for subject directory name. Cleanup to use switch in ConfirmNameConstraints.
2017-05-18 14:06:56 -07:00
09ca962d66
use LP64 for CPU arch type when sun or __sun is defined
2017-05-18 14:39:26 -06:00
2086394a35
compatibility of get cipher list function and update cmake files
2017-05-18 14:36:34 -06:00
77ac61c0f4
Prepare for PR Add Sha224 and RipeMd to unit test.
2017-05-18 13:08:25 -06:00
30db8e95a7
Build fixes for KSDK NXP MMCAU / LTC after Hexiwear changes.
2017-05-18 11:52:20 -07:00
48895cf03b
Added argument for benchmark block size. Usage: ./wolfcrypt/benchmark/benchmark 128. Automatic calculation for showing as bytes, KB or MB.
2017-05-18 11:24:32 -07:00
7bd1e0b80a
Added new ./configure --enable-all option to enable all features. Allows building all features without using the --enable-distro option, which only allows shared build and does not generate an options.h file.
2017-05-18 10:57:28 -07:00
c5cc9f5392
Patch from customer that adds new WOLFSSL_NO_TRUSTED_CERTS_VERIFY option to load CA using subject and match using publicKey. This is a workaround for situation where entire cert chain is not loaded/available. This is not a secure solution because it does not perform PKI validation.
2017-05-18 09:55:39 -07:00
4370a01778
Merge pull request #921 from dgarske/fix_crl
...
Fix for CRL issue with XFREE using invalid arg for heap.
2017-05-18 09:40:40 -07:00
b5e74878b3
Merge with wolfSSL master for PR includes RipeMd and Sha224 unit test
...
functions.
2017-05-18 10:05:22 -06:00
4edcbc79c1
RipeMd and Sha224 added to unit test.
2017-05-18 09:32:11 -06:00
548c01ce54
updated static memory feature with pkcs7
2017-05-18 09:31:09 -06:00
9fb6373cfb
Get PSS going on server side
2017-05-18 15:36:01 +10:00
c1f82ece7a
Fix for CRL issue with XFREE using invalid arg for heap.
2017-05-17 16:39:35 -07:00
2f15d57a6f
Merge pull request #640 from jrblixt/unitTest_api_dev
...
unit test md5, sha, sha256, sha384, sha512
2017-05-17 09:17:32 -07:00
63a6618feb
Enable X25519 for Key Exchange in TLS
2017-05-17 08:58:12 +10:00
4c451a6c61
Merge pull request #920 from dgarske/fix_sb_tls
...
Fix for scan-build warning for possible use of uninitialized `eccKey`
2017-05-16 12:56:50 -07:00
5621fad02b
Merge pull request #918 from cconlon/vxworksreadme
...
fix VxWorks README formatting
2017-05-16 12:46:26 -07:00
cb3b10054d
unwanted removal added back.
2017-05-16 13:13:53 -06:00
270d6cbae3
Merge branch 'unitTest_api_dev' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-05-16 13:05:26 -06:00
6acd5dafa7
Changes from Todd's code review.
2017-05-16 12:58:07 -06:00
81b6894f6f
Merge pull request #841 from SparkiDev/nginx2
...
Fix loading of CRLs and certs from a file.
2017-05-16 09:13:29 -07:00
289f60e2c9
Changes from Todd's code review.
2017-05-16 10:04:30 -06:00
79b0311952
Fix for scan-build warning src/tls.c:4898:20: warning: The left operand of '!=' is a garbage value.
2017-05-16 08:50:06 -07:00
c960faffeb
fix VxWorks README formatting
2017-05-16 09:21:54 -06:00
e5fe1a3750
Unlock on memory allocation failure.
2017-05-16 09:41:17 +10:00
da15b54529
Merge pull request #915 from SparkiDev/blake2b_init
...
Blake2b fix for GCC 5.4
2017-05-15 08:59:54 -07:00
bb60f7a4a4
Merge pull request #914 from JacobBarthelmeh/Testing
...
check return value of test case
2017-05-15 08:58:31 -07:00
d53a77a589
Merge pull request #916 from SparkiDev/ecc_unused
...
Fix for scan_build_known_configs warning
2017-05-14 21:51:02 -07:00
1a08143946
Fixup for async on master
2017-05-15 10:10:28 +10:00
1e2a6412d7
Find the CRL entry again after lock
2017-05-15 10:10:28 +10:00
ff4fcf21d6
Add test for private key only ecc key
2017-05-15 10:04:42 +10:00
c6ce1fe330
Allow private key only ECC key to be loaded
2017-05-15 10:04:42 +10:00
c7e57e9c6c
Late CRL check - copy data before use
2017-05-15 10:04:42 +10:00
c8e6c64e51
Fix warning when building for Windows
2017-05-15 10:04:42 +10:00
4723b8470a
Allow a CRL's signature to be verified on use
2017-05-15 10:04:42 +10:00
4d77e80d04
Fix loading of CRLs and certs.
...
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
2017-05-15 10:04:42 +10:00
224c1b2645
Fix for scan_build_known_configs warning
2017-05-15 09:59:34 +10:00
f8023b808f
Blake2b fix for GCC 5.4
...
Memsetting P and then setting non-zero fields works with GCC 5.4.
2017-05-15 09:47:11 +10:00
3297280e62
Merge pull request #913 from JacobBarthelmeh/Compatibility-Layer
...
allow re-using WOLFSSL structure after calling shutdown
2017-05-12 16:50:14 -07:00
dcd3a6a478
Merge pull request #907 from dgarske/fix_verifycb
...
Fixes for verify callback override
2017-05-12 16:45:55 -07:00
66e086a0bf
check return value of test case
2017-05-12 16:40:37 -06:00
0374907acc
allow re-using WOLFSSL structure after calling shutdown
2017-05-12 13:54:20 -06:00
d03f97dafc
Merge pull request #911 from dgarske/gcc_7
...
Fixes to work with gcc 7.1
2017-05-12 12:08:08 -07:00
606aca9916
Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-05-12 02:04:58 -06:00
01a5f901d0
Merge pull request #909 from dgarske/fix_no_harden
...
Fix issue with --disable-harden
2017-05-11 16:42:19 -07:00
53a837b230
Fix to only use FALL_THROUGH macro for GCC 7.1 or later.
2017-05-11 15:52:32 -07:00
7c7503449f
Removed the -Wimplicit-fallthrough=5 from autogen.sh, since older GCC throws “error: unknown warning option”.
2017-05-11 15:28:49 -07:00
562db08c3d
Implemented strict switch fall-through handling using new macro FALL_THROUGH.
2017-05-11 15:15:19 -07:00
c0c98c8f64
Fixes to address build warnings for GCC 7. Used -Wimplicit-fallthrough=0 to suppress all switch fall-through warnings.
2017-05-11 15:12:16 -07:00
f1e6f7d01d
Attempt to fix Visual Studio 2012 compiler issue with test.h myVerify callback.
2017-05-11 13:53:04 -07:00
ce42738198
Merge pull request #900 from dgarske/coverity_part3
...
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-11 13:05:53 -07:00
5c652e398f
Merge pull request #896 from dgarske/async_cleanups
...
Fixes for async and smallstack
2017-05-11 13:05:25 -07:00
e12545ac38
Merge pull request #846 from SparkiDev/renum
...
Renumbered return values in test.c
2017-05-11 13:05:08 -07:00
05d2032661
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
1b21df9b2b
Fix issue with --disable-harden build due to wc_off_on_addr defined but not used. Cleanup of the wc_off_on_addr code to combine duplicate definitions. Fixes issue #908 .
2017-05-11 12:49:34 -07:00
2efa7d5b8b
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904 . Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
a79f9c93c9
Merge pull request #906 from cconlon/tls13beta
...
wolfSSL 3.11.1 release, TLS 1.3 BETA
2017-05-11 11:46:10 -07:00
7d6597fe55
wolfSSL 3.11.1 release, TLS 1.3 BETA
2017-05-11 10:01:04 -06:00
dcc9f9ae63
Merge pull request #903 from SparkiDev/tls13_interop3
...
Interop testing fixes
2017-05-10 23:04:56 -07:00
22ce2f183d
Interop testing fixes
...
Fix TLS13 cipher suite name to CHACHA20
Include SignatureAlgorithm in older versions of TLS when compiling for
TLS v1.3.
BIT STRING unused bits doesn't necessarily indicate last unused bit.
Fix ecc_dsa_sa_algo value.
2017-05-11 10:42:09 +10:00
01586b26ae
Merge pull request #902 from SparkiDev/tls13_interop2
...
TLS v1.3 Interop changes
2017-05-10 09:28:22 -07:00
ec6d8f48b8
Add PSS for TLS v1.3
2017-05-10 17:22:53 +10:00
df3abee72c
TLS v1.3 Interop changes
...
Added Curve25519 for TLS v1.3 only. Curve25519 won't work with older
protocol versions.
Always send signature algorithm extension in TLS v1.3 for server
certificates. If only doing PSK doesn't need to be sent though.
2017-05-10 15:16:27 +10:00
8d4f8c6d80
Fixes for build with distro for BuildTls13HandshakeHmac arg change.
2017-05-09 10:09:43 -07:00
c47826cc8f
Additional TLS 1.3 return code checking.
2017-05-09 09:45:40 -07:00
e8cf4b5ff0
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-09 09:13:21 -07:00
dea092fa0a
Merge pull request #901 from SparkiDev/tls13_interop
...
TLS v1.3 interop fixes
2017-05-09 09:08:31 -07:00
46c4adcf4c
TLS v1.3 interop fixes
2017-05-09 14:49:21 +10:00
2e016f3b25
Refactor of the rsa_test and dh_test to better handle cleanup.
2017-05-08 12:30:54 -07:00
285a338054
Merge pull request #899 from kaleb-himes/release-update
...
Credit E.S. from W.A. with report of DTLS interop bug
2017-05-08 12:06:41 -06:00
7b6e2b1002
Credit E.S. from W.A. with report of DTLS interop bug
2017-05-08 10:26:08 -06:00
5726c23d81
Fix for scan-build warning with ret not being read in DoServerHello.
2017-05-06 14:00:24 -07:00
8cd78edac1
Fixes for building with smallstack
2017-05-06 00:39:12 -04:00
011178994b
Fix typos with goto exit labels and heap.
2017-05-06 00:32:02 -04:00
6cc3983894
Fix for using async with —enable-eccencrypt.
2017-05-06 00:28:01 -04:00
17587d38f8
Fix for new AES 192/256 tests to handle async wait.
2017-05-06 00:28:01 -04:00
d23f1e5637
Merge pull request #895 from JacobBarthelmeh/Testing
...
use type with XFREE
2017-05-05 16:27:03 -07:00
176193a835
Merge pull request #877 from dgarske/tls13
...
Add TLS 1.3 support
2017-05-05 12:50:40 -07:00
a4ceeed462
use type with XFREE
2017-05-05 13:27:33 -06:00
fdb46ac24c
Fix typo with blake2b_test return code.
2017-05-05 11:11:17 -07:00
0ca2d7c137
Renumbered return values.
2017-05-04 14:53:39 -07:00
af0103bc94
Fix for Valgrind memory leak with the “ssl->hsHashes”. The DTLS wolfSSL_connect for “IsDtlsNotSctpMode” at line 8134 calls InitHandshakeHashes, but doesn’t free existing. Best overall solution is to make sure and free an existing on InitHandshakeHashes, since WOLFSSL is memset to 0.
2017-05-04 14:51:31 -07:00
758c2a761c
Increase timeout on ready file for tls13.test
2017-05-04 14:51:31 -07:00
902f5cf53f
Stack size enabled config fix
2017-05-04 14:51:31 -07:00
f0204de881
Fix for async and tls13 config
2017-05-04 14:51:31 -07:00
570befb63f
Fixes for using async. Combine duplicate DoCertificate and DoTls13Certificate code into ProcessPeerCerts. Cleanup of the XMALLOC/XFREE to use ssl->heap.
2017-05-04 14:51:31 -07:00
efb4b3c183
Fix for unit test with non-blocking set.
2017-05-04 14:51:31 -07:00
253140f37e
Fixes for TLS 1.3. Fix issue with wc_AesGcmDecrypt checking for authIn arg (allowed to be NULL). Fix for preMasterSz in TLSX_KeyShare_ProcessEcc. Fix for building with --disable-asn (NO_CERTS). Fix to remove client “-t” option from help, which no longer exists. Added new WOLFSSL_DEBUG_TLS option for new messages added.
2017-05-04 14:51:31 -07:00
77f9126edf
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-05-04 14:51:31 -07:00
2b1e9973ec
Add TLS v1.3 as an option
2017-05-04 14:51:30 -07:00
edf5d6d777
Merge pull request #894 from JacobBarthelmeh/Release
...
Prepare for release 3.11.0
2017-05-04 14:49:43 -07:00
b51643c344
prepare for release version 3.11.0
2017-05-04 14:17:35 -06:00
7dd877554b
build for windows visual studio with AES GCM
2017-05-04 14:14:12 -06:00
9b5340d3af
sanity checks before copying copying peer certificate
2017-05-04 13:10:46 -06:00
bfc43cee15
Merge pull request #893 from cconlon/pkcs7-valgrind-fix
...
fix PKCS7 signedData valgrind issue
2017-05-03 18:14:32 -07:00
5e06d59c79
fix PKCS7 signedData valgrind issue
2017-05-03 17:16:44 -06:00
e771611c29
Merge pull request #891 from JacobBarthelmeh/Testing
...
sanity check on input buffer index
2017-05-03 12:13:43 -07:00
86f10086bb
Merge pull request #890 from dgarske/fix_sb_sni
...
Fix for scan build warning for `TLSX_SNI_GetRequest` possible use of null ptr
2017-05-03 10:03:59 -07:00
55538b5de0
sanity check on input buffer index
2017-05-03 10:21:03 -06:00
338194be25
Fix for scan build warning for TLSX_SNI_GetRequest possible use of null pointer.
2017-05-03 07:33:13 -07:00
1dc5a0fba2
Merge pull request #889 from JacobBarthelmeh/master
...
add digsigku to renewcerts script and update the not after date
2017-05-02 19:59:07 -07:00
a8a5841b7c
Merge pull request #888 from JacobBarthelmeh/Testing
...
Testing
2017-05-02 17:52:14 -07:00
4c8fdf99c5
add digsigku to renewcerts script and update the not after date
2017-05-02 18:08:10 -06:00
8146f73eff
warnings when using g++ compiler
2017-05-02 15:20:20 -06:00
aa990ed1ce
in error case close FILE
2017-05-02 14:54:27 -06:00
dbb67d8582
warnings for builds of haproxy, nginx, and leanpsk
2017-05-02 14:29:53 -06:00
0532adf653
Merge pull request #887 from dgarske/minor_cleanups
...
Added return code checking for `wolfCrypt_Init()`
2017-05-02 12:19:12 -07:00
ddcf11011e
Added return code checking for wolfCrypt_Init(). Added initRefCount check on wolfCrypt_Cleanup(). Fix link for tenAsys INtime RTOS readme.
2017-05-02 10:20:31 -07:00
27aafd674a
Merge pull request #886 from dgarske/fixes_coverity2
...
Fixes for coverity scan (part 2)
2017-05-02 08:53:03 -07:00
8d032081ae
Merge pull request #767 from shihrer/hexiwear_pr
...
Hexiwear changes and KDS Project for Hexiwear platform
2017-05-02 07:31:41 -06:00
4135279f82
Merge pull request #843 from kaleb-himes/dtls-interop
...
DTLS update per RFC 6347 Section 4.2.3
2017-05-01 19:29:27 -07:00
f61380da21
Merge pull request #870 from kaleb-himes/PSK-UPDATE
...
Update PSK identity length per RFC 4279 - section 5.3
2017-05-01 19:04:32 -07:00
3647e50c17
Fixes for the GrowInputBuffer and GrowOutputBuffer changes to only use align when WOLFSSL_GENERAL_ALIGNMENT > 0.
2017-05-01 18:48:54 -07:00
9491027c85
Fixes for coverity scan (part 2).
2017-05-01 16:34:24 -07:00
1a0b408658
Merge pull request #883 from dgarske/fixes_coverity
...
Fixes for coverity scan
2017-05-01 16:30:04 -07:00
9655a1e38c
Merge pull request #885 from dgarske/async_cavium
...
Fixes for Cavium Nitrox with async
2017-05-01 13:36:59 -07:00
f19cf4cb34
Fix the client PSK callback to always null terminate after callback. Remove the +1 on the test.h examples for PSK callbacks.
2017-05-01 12:10:05 -07:00
7a1776e931
Merge pull request #881 from cconlon/sniffer
...
fix sniffer with AES-GCM, add scratch authTag buffer
2017-05-01 11:51:01 -07:00
893b6f7d75
Merge pull request #884 from JacobBarthelmeh/Testing
...
fix warnings and errors with FreeBSD PowerPC
2017-05-01 11:37:04 -07:00
9269298034
Merge branch 'hexiwear_pr' of https://github.com/shihrer/wolfssl into hexiwear_pr
2017-05-01 12:04:35 -06:00
abe5a318f2
Added hexiwear to include.am and removed dev environment specific variable
2017-05-01 10:44:09 -06:00
2de6c88b80
correct typo when checking if variable rng is null
2017-04-30 18:53:58 -06:00
7270134aec
Merge pull request #788 from takotakot/readme
...
Fix spacing and comma
2017-04-30 06:48:45 +09:00
450ff55d83
fix warnings and errors with FreeBSD PowerPC
2017-04-28 17:57:48 -06:00
db63fe83d4
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
4387e1f08e
Merge pull request #855 from insane-adding-machines/master
...
Added support for HAproxy load balancer
2017-04-28 13:10:58 -07:00
885b301e72
Merge pull request #882 from dgarske/fix_memleak
...
Fix memory leak with InitSSL having duplicate RNG creation code
2017-04-28 12:07:45 -07:00
c92b497ea3
Fix async merge error which duplicated the wolfSSL_new RNG creation and caused a memory leak. Fix for build error with plainDigestSz not being initialized.
2017-04-28 10:11:17 -07:00
ab78bd0d90
Merge pull request #880 from dgarske/intime_rtos2
...
tenAsys INtime RTOS port fixes from customer peer review
2017-04-27 21:47:53 -07:00
b8917baa6a
fix sniffer with AES-GCM, add scratch authTag buffer
2017-04-27 15:22:30 -06:00
053594eb98
Workaround for expected failed RSA operations in test.c not failing for Cavium Nitrox V.
2017-04-27 14:21:38 -07:00
2deced22dc
Merge pull request #879 from dgarske/fix_builderrors2
...
Fix for scan-build issues with possible use of null’s
2017-04-27 15:06:37 -06:00
b61f279b61
Merge pull request #878 from cconlon/serialfix
...
skip removal of leading zero in GetASNInt() when INTEGER is only a si…
2017-04-27 13:13:21 -07:00
a4efaf5eaa
Fix mutex to use single count for semaphore so behavior is like mutex. Fix typo with “received”. Fix for mp_clear with fast math to do null check on arg (noticed null with ecc make key benchmark with wc_ecc_free).
2017-04-27 13:09:11 -07:00
3e6243eb08
Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”.
2017-04-27 10:53:47 -07:00
8118762dc4
skip removal of leading zero in GetASNInt() when INTEGER is only a single zero byte
2017-04-27 11:07:59 -06:00
fd2996bdeb
Progress with RSA fixes for Cavium Nitrox after async refactor. Improved method for RsaKey and ecc_key typedef to work with async.
2017-04-26 16:40:10 -07:00
774ce1a47c
Fixes for build with Cavium.
2017-04-26 16:39:41 -07:00
4363cf8a5c
Merge pull request #876 from dgarske/fix_jenkins_errors
...
Fix minor build errors and warnings
2017-04-26 16:54:49 -06:00
d612b827b7
Fixes for build warnings on Windows. Fix PKCS7 to use const for byte array declaration. Cleanup of the pkcs7 MAX_PKCS7_DIGEST_SZ. Fix for unsigned / signed comparison warning for pkcs7_load_certs_keys in test.c. Fix for cast warning from word16 to byte in asn.c. Fix for build error with io.h refactor for InTime RTOS.
2017-04-26 09:40:33 -07:00
325a3ce418
Merge pull request #875 from dgarske/fix_asn_setname_len
...
Fix issue with ASN encoding SetName function header length
2017-04-26 10:03:25 -06:00
5a77eaa579
Fix issue with XFREE in asn.c using invalid heap pointer. Fix issue with bad variable names and missing asterisk in test.c pkcs7_load_certs_keys.
2017-04-26 08:45:05 -07:00
7db30ef550
Merge pull request #690 from embray/build/enable_aes_counter
...
Add a configure flag specifically for enabling AES CTR mode
2017-04-25 15:14:13 -07:00
1f923a11ee
Merge pull request #874 from dgarske/fix_builderrors
...
Build fixes to address Jenkins reports
2017-04-25 15:14:37 -06:00
ac2835ec2e
Merge pull request #873 from dgarske/fix_crl_smallstack
...
Fix build error with CRL and WOLFSSL_SMALL_STACK.
2017-04-25 15:02:04 -06:00
d435c16fe8
Fix issue with ASN encoding, where the SetName function was incorrectly adding extra byte for object id tag. Refactor changed lines 7694 and 7700 to use SetObjectId which handles length (was using SetLength prior to refactor). Issue was noticed via compatibility testing using generated cert against openssl asn1parse.
2017-04-25 12:06:08 -07:00
fb90a4e498
Fix issue with PSK max length by adding 1 for the null terminator on the strings and allowing up to 128 characters for the PSK. Improved the test.h example for PSK callbacks.
2017-04-25 11:43:45 -07:00
be6b12a350
Build fixes to address Jenkins reports. Additionally tested with enable-distro and small-stack identified issue in ssl.c (note: we need to add this combination to Jenkins).
2017-04-25 11:10:36 -07:00
92d3c7cd59
Merge pull request #872 from JacobBarthelmeh/Testing
...
handle redefinition warnings
2017-04-24 15:08:13 -07:00
8b0784bdfa
Fix build error with CRL and WOLFSSL_SMALL_STACK.
2017-04-24 14:08:59 -07:00
4dad4b6962
handle redefinition warnings
2017-04-24 10:40:56 -06:00
dd2915f4fa
Merge pull request #869 from cconlon/ecckeytoder
...
Fix leading zero in wc_BuildEccKeyDer
2017-04-24 09:02:41 -07:00
08787621ea
wolfssl.pc: Prefix reset to /usr/local
2017-04-24 12:45:23 +02:00
6ada67f93f
Prefix stubs with wolfSSL_
2017-04-24 11:43:19 +02:00
7bd7de350c
More fixes for haproxy port
2017-04-24 10:41:39 +02:00
7058211860
Merge from latest masterbranch
2017-04-24 06:18:44 +02:00
ebb32265eb
Minor fixes after PR review
2017-04-24 06:16:35 +02:00
db835da00b
Fixes after wolfSSL feedback
2017-04-22 10:58:05 +02:00
348536af9a
Update PSK identity length per RFC 4279 - 5.3
2017-04-21 16:38:19 -06:00
3600371abf
Merge pull request #848 from ghoso/des_ecb_encrypt_impl
...
openSSL compatibility API
2017-04-21 14:05:22 -06:00
af26708330
Fix leading zero in wc_BuildEccKeyDer
2017-04-21 11:40:50 -06:00
7a3f7ad9be
Merge pull request #868 from kaleb-himes/ARDUINO-UPDATE
...
Update ARDUINO script per issue #859 from @pasko-zh
2017-04-20 17:02:49 -07:00
a857da23c0
Merge pull request #862 from kaleb-himes/STUNNEL-FIX
...
Fix this issue: PKCS12 is defined to be WC_PKCS12, then redefined as an enumerated value of 12 in asn.h
2017-04-20 13:24:39 -07:00
1dd16e6702
Update enum name from peer review
2017-04-20 10:05:12 -06:00
c9d53a4ca2
Merge pull request #854 from NickolasLapp/master
...
Add AES 192/256 bit wolfCrypt tests
2017-04-19 16:50:18 -07:00
d6abd4d131
Merge pull request #867 from JacobBarthelmeh/mutex
...
fix mutex allocation sanity checks
2017-04-19 13:32:55 -07:00
a8eb2614f6
Update reference for aes192/256 test to remove bad url and give specific
...
NIST reference document.
2017-04-19 13:13:34 -06:00
14e37cdc4c
Change variable name, add comment
2017-04-19 13:10:55 -06:00
5b257d6fd8
Merge pull request #866 from JacobBarthelmeh/Testing
...
add back in haveTrustPeer variable and put macro guard on WC_RNG typedef
2017-04-19 11:57:56 -07:00
32e83cb55d
Update ARDUINO script per issue #859 from @pasko-zh
2017-04-19 11:53:58 -06:00
344c0ec747
Merge branch 'master' of github.com:wolfSSL/wolfssl
2017-04-19 10:10:23 -06:00
4eecaf2574
fix mutex allocation sanity checks
2017-04-18 17:18:19 -06:00
a8115d51fa
add back in haveTrustPeer variable and put macro guard on WC_RNG typedef
2017-04-18 16:53:02 -06:00
5b82c2f6ec
Merge pull request #853 from JacobBarthelmeh/Windows
...
testsuite time check on Windows system and fix dh_test if statement
2017-04-18 14:57:53 -07:00
1215203c39
Update sha384 fips.
2017-04-18 12:53:54 -06:00
4a8259b2ad
Jenkin's Fips corrections.
2017-04-18 11:29:35 -06:00
5486a60326
sha512.c updates.
2017-04-18 11:18:29 -06:00
3279865610
Fixes after jenkins report
...
https://test.wolfssl.com/jenkins/job/windows_pull_request_builder/1453/
2017-04-18 18:47:04 +02:00
bf877a636f
Merge from masterbranch
2017-04-18 18:34:14 +02:00
7df7a07a68
Merge pull request #863 from JacobBarthelmeh/Testing
...
fix old version of AEAD cipher suite
2017-04-18 09:33:00 -07:00
8e7d0ba243
Merge pull request #860 from dgarske/fix_allow_old_tls_wsha1
...
Fix for building with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1
2017-04-18 09:31:45 -07:00
fbd5d5bfc6
Merge pull request #865 from cconlon/pkcs7-signed-ecc
...
PKCS#7 SignedData - ECDSA and hash options
2017-04-18 09:30:47 -07:00
bab3fd5925
fix clang/scan-build warnings for PKCS7
2017-04-17 14:23:37 -06:00
4f26e0341b
allow different hashes with PKCS7 SignedData, cleanup conditional builds
2017-04-17 09:46:26 -06:00
f7c58b0643
Updated wolfcrypt/src/sha256.c.
2017-04-14 16:42:18 -06:00
3749988ee2
Updated wolfcrypt/src/sha.c.
2017-04-14 16:24:25 -06:00
5b5c8f1e95
Updated mcapi/mcapi_test.c ; wolfcrypt/src/md5.c ; wolfcrypt/src/pwdbased.c.
2017-04-14 16:12:29 -06:00
b08e5f3b82
Merge branch 'master' into hexiwear_pr
2017-04-14 12:03:42 -06:00
53eca92cc0
change type for test instead and add RSA blinding check
2017-04-14 12:02:49 -06:00
21d2becd6b
Modified settings.h to allow building on KSDK 1.3, modified test.c and benchmark.c to work with KSDK, added KDS project for building wolfSSL for Hexiwear
2017-04-14 12:02:28 -06:00
999328f2a0
fix old version of AEAD cipher suite
2017-04-14 10:32:15 -06:00
3f067bccf0
fix redefinition of PKCS12 version and PKCS12 struct when building w/ STUNNEL
2017-04-14 10:20:35 -06:00
74aafb1679
add PKCS7 SignedData with ECDSA
2017-04-14 09:29:22 -06:00
609ca3c823
Jenkin's Visual Studio status check correction.
2017-04-14 02:34:31 -06:00
b5d856eada
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-04-14 02:17:57 -06:00
00ea508751
Param check fix in hash files.
2017-04-14 02:16:04 -06:00
7779a64cae
Fix for building with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1.
2017-04-13 21:26:20 -07:00
f2ac410f1e
Merge pull request #858 from dgarske/fix_bench_count
...
Fix build/test error with `--enable-scrypt` and build error for ARMv8 AES init
2017-04-13 21:14:44 -07:00
ac6b840dc5
Merge Conflict with wolfSSL master.
2017-04-13 16:51:08 -06:00
85b78835a6
Merge branch 'master' into unitTest_api_dev
...
src/keys.c
wolfcrypt/src/hmac.c
wolfcrypt/src/md5.c
wolfcrypt/src/sha256.c
wolfcrypt/src/sha512.c
wolfssl/wolfcrypt/md5.h
2017-04-13 16:33:23 -06:00
ebde18af59
silence static analysis tool warning about null parameter after sanity check
2017-04-13 15:32:31 -06:00
620d21c850
fix scrypt test with no password
2017-04-13 15:06:26 -06:00
3df47d57ab
Fix error with armv8-aes wc_AesInit function using h instead of heap variable. (moved from PR #852 ).
2017-04-13 14:50:55 -06:00
4c6a70861b
Fix build errors with --enable-scrypt.
2017-04-13 09:37:48 -07:00
723ee69114
Fixed missing braces in wolfcrypt test
2017-04-13 15:31:50 +02:00
ef231a039d
Updated to latest masterbranch
2017-04-13 15:28:19 +02:00
fe215c4a57
Fix DES_ecb_encrypt function in terms of reviewing point.
2017-04-13 12:31:52 +09:00
460197a5e0
Add aes192 and aes256 tests
...
Fix bug with AES decrypt for non-128 bit sizes on STM32F4 hardware
crypto
2017-04-12 20:09:47 -06:00
3ac35ce3b3
Merge pull request #838 from SparkiDev/curve25519_51-bit
...
Curve25519 51-bit Implementation
2017-04-12 16:06:37 -06:00
26c8958d1e
testsuite time check on Windows system and fix dh_test if statement
2017-04-12 15:56:45 -06:00
8ee9e4ff8b
Merge pull request #851 from toddouska/nosessid
...
don't send session ID on server side if session cache is off unless w…
2017-04-12 14:50:43 -07:00
3abcff4db5
Merge pull request #850 from JacobBarthelmeh/Testing
...
fix invalid check on unsigned type
2017-04-12 13:56:44 -07:00
27d009475c
Merge pull request #847 from dgarske/distro_options
...
Fixes for --enable-distro to include more features by default
2017-04-12 13:56:24 -07:00
e1a53a6c36
Merge pull request #845 from SparkiDev/cert_file
...
Rename caCertFile
2017-04-12 13:55:56 -07:00
4f7b27fc88
Merge pull request #844 from SparkiDev/size_t-printf
...
32-bit size_t and printf fix
2017-04-12 13:54:52 -07:00
3810571e0d
Merge pull request #715 from dgarske/async_intelqa
...
Intel QuickAssist (QAT) support and async enhancements/fixes
2017-04-12 13:54:19 -07:00
b1d59a2334
don't send session ID on server side if session cache is off unless we're echoing session ID as part of session tickets
2017-04-12 10:54:19 -07:00
11133e578d
Fixes and cleanups based on feedback from Sean. Added ifdef checks around WC_PENDING_E code to reduce code size for non-async builds. Cleanup accumulative result code checking in SSL_hmac. Cleanup of the RSA async state advancement.
2017-04-12 10:07:38 -07:00
b510c8199e
fix invalid check on unsigned type
2017-04-12 10:41:35 -06:00
df70b3c859
Removed empty ifdef
2017-04-12 12:50:17 +02:00
3e9a5fd433
Updated to latest masterbranch
2017-04-12 12:48:38 +02:00
9ca49e7f56
Add more stubs for haproxy
2017-04-12 11:59:17 +02:00
02513792b6
Make new function stubs public
2017-04-12 10:37:17 +02:00
d0f31d4a30
Fix issue with wc_ecc_make_key where state failure can occur if the wc_ecc_init hasn’t been called on key prior. Now wc_ecc_make_key and wc_ecc_import_private_key (and _ex versions) can be called without having to call wc_ecc_init first. This keeps backwards compatibility. If async or static memory is desired then wc_ecc_init_ex must be called first.
2017-04-11 15:57:09 -07:00
85bef98331
Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode.
2017-04-11 14:13:08 -07:00
0cebc2172c
Fix WolfSSL_DES_ecb_encrypt().
2017-04-12 00:03:35 +09:00
d399b51ba8
Fix WolfSSL_DES_ecb_encrypt().
2017-04-11 23:49:10 +09:00
de017b0028
Added stubs required to compile HAPROXY
2017-04-11 16:03:08 +02:00
8f300515bd
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag
...
now haproxy compatible wolfssl builds with:
./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \
iam * ] 2:18 PM
--disable-fasthugemath --disable-bump \
--enable-opensslextra \
--enable-keygen --enable-certgen \
--disable-ntru --disable-examples \
--enable-tlsx --enable-haproxy \
--enable-savecert --enable-savesession --enable-sessioncerts \
--enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 14:18:41 +02:00
213afe18c3
Merge pull request #842 from JacobBarthelmeh/Testing
...
fix c32toa needed with --enable-session-ticket
2017-04-10 19:10:35 -07:00
eb1a191fd2
Refactor to add the wc_HmacInit and wc_HmacFree calls.
2017-04-10 14:47:08 -07:00
e419a6f899
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:47:07 -07:00
62e7dc87c3
Fix merge error with verify callback and totalCerts.
2017-04-10 14:45:05 -07:00
56a1618ba0
Fixes to a few things based on peer review.
2017-04-10 14:45:05 -07:00
c1640e8a3d
Intel QuickAssist (QAT) support and async enhancements/fixes:
...
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
dc65a9a277
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 11:45:26 -07:00
dccff615d5
Add wolfSSL_DES_ecb_encrypt() encrypt/decrypt parameter check.
2017-04-10 16:19:44 +09:00
97c22c88d8
Add test result message for test_wolfSSL_DES_ecb_encrypt().
2017-04-10 15:37:47 +09:00
27c6625bfe
Fix #ifdef in WolfSSL_DES_ecb_encrypt and test_WolfSSL_DES_ecb_encrypt.
2017-04-10 14:44:48 +09:00
5edcf685ca
Rename caCertFile
2017-04-10 10:38:16 +10:00
335b6d41c1
32-bit size_t and printf fix
2017-04-10 10:26:36 +10:00
cbe46f8d74
Include new file in dist
2017-04-10 08:30:44 +10:00
b19cf2cfb8
Add test_wolfSSL_DES_ecb_encrypt()
2017-04-08 17:03:58 +09:00
e8971c361a
Merge pull request #830 from kaleb-himes/suite-typo
...
Fixes for using default ciphers
2017-04-07 17:20:54 -07:00
8953ed9f30
DTLS update per RFC 6347 Section 4.2.3
2017-04-07 14:26:33 -06:00
3478c9b937
Added return checks to src/keys.c.
2017-04-07 14:15:53 -06:00
80d88b9421
fix c32toa needed with --enable-session-ticket
2017-04-07 11:46:27 -06:00
4ff2903b55
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-07 10:20:41 -07:00
eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
6a1ae7ee5b
Fix on server side to make sure SHA hash is setup even with NO_OLD_TLS. Fix to initialize hsHashes to zero. Fix in PickHashSigAlgo to not default to SHA if NO_OLD_TLS is defined (unless WOLFSSL_ALLOW_TLS_SHA1 is set). Fix to allow pre TLS 1.2 for “AES128-SHA256” and “AES256-SHA256”.
2017-04-07 10:20:18 -07:00
b14da2622e
Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf.
2017-04-07 10:20:18 -07:00
4dcad96f97
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-07 10:20:18 -07:00
b827380baf
Typo in cipher suite pre-processor macro
2017-04-07 10:19:24 -07:00
4e703b6805
Merge pull request #839 from JacobBarthelmeh/Testing
...
build with session tickets and without client
2017-04-07 09:39:47 -07:00
2b443a79f2
Merge pull request #836 from dgarske/stack_check_free
...
Fix leak in StackSizeCheck and build error with debug enabled
2017-04-07 09:35:01 -07:00
ecaaf19ebf
Merge pull request #835 from dgarske/fix_name_conflict
...
Fix name conflicts in wolfCrypt test with --enable-stacksize
2017-04-07 09:33:00 -07:00
c466e3c078
Implements wolfSSL_DES_ecb_encrypt function.
2017-04-07 11:21:32 +09:00
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
b49a2561bc
build with session tickets and without client
2017-04-06 16:19:21 -06:00
6e16410e25
Modifications per Todd's requests.
2017-04-06 15:47:53 -06:00
d62d0aaa26
Changes made per Todd's instruction.
2017-04-06 14:42:42 -06:00
9ef26679df
Merge pull request #833 from SparkiDev/asn_func
...
ASN Code Rework
2017-04-06 12:47:40 -07:00
bb8e67b79c
Merge pull request #837 from cconlon/release-3.10.4
...
3.10.4 release
2017-04-06 11:39:31 -06:00
706c02deed
Changes Chris requested.
2017-04-06 10:53:14 -06:00
c8400e9ff1
Merge pull request #824 from dgarske/fix_asn_confirm_sig
...
Fix for return code checking on ConfirmSignature
2017-04-05 16:58:47 -07:00
b11bb5325a
Implementation of 51-bit curve25519
2017-04-06 09:48:01 +10:00
c9bb75c0f3
3.10.4 release
2017-04-05 16:37:35 -06:00
d648d4f6c7
Fix leak in StackSizeCheck. Fix build error with debug enabled and stack size check.
2017-04-05 14:24:55 -07:00
338c70a1ab
Merge pull request #834 from cconlon/ecc_name_from_params
...
add wc_ecc_get_curve_id_from_params()
2017-04-05 14:09:41 -07:00
3328b4d38b
Cleanup the unit test naming for new signature failure tests.
2017-04-05 11:24:22 -07:00
0c61a5b1fd
add invalid test case for wc_ecc_get_curve_id_from_params()
2017-04-05 11:18:47 -06:00
4eefa22629
Merge pull request #810 from toddouska/write-dup
...
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
2017-04-05 10:06:20 -06:00
15091675fe
Fix VS warning about long to size_t conversion in load_buffer.
2017-04-05 07:23:53 -07:00
e101dfa26e
add wc_ecc_get_curve_id_from_params()
2017-04-04 14:49:46 -06:00
deb80e5ddb
Fix load_file/load_buffer enables. Fix error in load_buffer with “ret”.
2017-04-04 11:45:55 -07:00
e0a4758c0f
Fixes with load_file helper to make sure return code is set correctly and args are initialized.
2017-04-04 11:40:54 -07:00
2aa523e0ea
Added API unit test for certificate validation failure using corrupted signature in cert.
2017-04-04 11:15:32 -07:00
26f3924c93
Fix for return code checking on ConfirmSignature, so it returns actual error codes or 0 on success.
2017-04-04 10:55:22 -07:00
e740756706
Merge pull request #832 from toddouska/rdrand64
...
allow rdrand to use full 64bit output
2017-04-04 08:58:06 -07:00
36e81b650e
Fix missing symbol for specific configs
2017-04-04 14:33:14 +10:00
683a655908
Starting 128-bit FE implementation
2017-04-04 14:17:54 +10:00
b02a75510e
Fix Windows warnings
2017-04-04 11:19:06 +10:00
abaf820537
Improvements and comments
2017-04-04 10:42:04 +10:00
cd358bd2ab
protect against multiple write dups
2017-04-03 15:58:33 -07:00
2d323dee42
Merge pull request #829 from cconlon/ecc_import
...
fix curve selection on ecc private only import
2017-04-03 15:44:42 -07:00
59dc839341
Merge pull request #819 from dgarske/test_static_fixes
...
Fixes for wolfCrypt test/benchmark with static memory
2017-04-03 15:25:45 -07:00
1d48fba032
allow rdrand to use full 64bit output
2017-04-03 15:08:35 -07:00
68076dee45
Merge pull request #805 from dgarske/rng_cleanup
...
Fix RNG issue with Intel RD and cleanup to remove old ARC4 support
2017-04-03 14:57:09 -07:00
29eabe5535
Better stack size check return code handling.
2017-04-03 09:41:12 -07:00
8cde26a6c5
fix curve selection on ecc private only import
2017-04-03 09:50:46 -06:00
e168d4db09
Merge pull request #821 from SparkiDev/wpas_fips
...
FIPS changes and fixups for wpa_supplicant
2017-04-03 08:27:25 -07:00
fd9e41dd99
ASN functions added to simplify code
...
Functions to get and set different ASN.1 tags have been added.
The functions are used in the asn.c file to simplify the code and ensure
all checks are done.
2017-04-03 16:56:21 +10:00
d626c917dd
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-03-31 14:18:27 -06:00
d69c860ab8
Fix bad #elif logic cleanup for using “USE_TEST_GENSEED”.
2017-03-31 13:16:21 -07:00
c532819659
Fixes for building with “CUSTOM_RAND_GENERATE_BLOCK”. Removed seed as backup RNG source. Fixed building on embedded system with time_t not defined (test.c should use long for asn_test).
2017-03-31 13:16:21 -07:00
69535198ca
Fix RNG to only allow disabling HASHDRBG if CUSTOM_RAND_GENERATE_BLOCK is defined. Added support for CUSTOM_RAND_GENERATE_BLOCK with Intel RDRAND.
2017-03-31 13:16:21 -07:00
1251607b04
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-31 13:16:21 -07:00
5e3d8e705e
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-31 13:16:21 -07:00
34a4f1fae0
Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper.
2017-03-31 13:11:23 -07:00
ccad9f5575
Merge pull request #818 from dgarske/tkernel_port
...
TKernel port
2017-03-31 10:10:26 -07:00
9455c3b469
Merge pull request #826 from cconlon/ecc_adds
...
add XSTRLEN cast in ecc helper
2017-03-31 10:08:05 -07:00
6a4b71de05
Merge pull request #822 from JacobBarthelmeh/Testing
...
testing buffer size with const DH and remove redeclaration of WOLFSSL…
2017-03-31 08:53:49 -07:00
e1f6dbe74e
add XSTRLEN cast in ecc helper
2017-03-31 09:17:42 -06:00
cc4cc41ccf
Merge pull request #825 from cconlon/ecc_der
...
add EccPrivateKeyToDer()
2017-03-30 20:07:26 -07:00
5d840751c0
Merge pull request #823 from cconlon/ecc_adds
...
add ECC helpers to get size and id from curve name
2017-03-30 17:28:29 -07:00
4e829bc0a5
Fix to assign default OID for TLS supported curves based on loaded extension order.
2017-03-30 13:54:24 -07:00
507f052b3f
ECC helper cleanup
2017-03-30 14:34:12 -06:00
6735dd7031
add EccPrivateKeyToDer()
2017-03-30 13:56:48 -06:00
347f4e3e4d
Merge pull request #820 from JacobBarthelmeh/PKCS8
...
PKCS8 create function
2017-03-30 13:54:30 -06:00
61d82790e4
add ECC helpers to get size and id from curve name
2017-03-30 11:32:56 -06:00
5c2b5f86b9
testing buffer size with const DH and remove redeclaration of WOLFSSL_CRL
2017-03-30 10:53:13 -06:00
71b75efd63
move PKCS8 create function and remove PWDBASED requirement
2017-03-30 10:46:58 -06:00
c74c2ce00c
FIPS changes and fixups
...
Enable ex data explicitly.
Keep the peer cert for verification callback.
External session cache for hostapd.
Enable DES_ECB when not FIPS.
Don't send the peer cert if it is not received from peer.
Initialize the peer cert after free as will be freed on tear down of
SSL.
Allow a server to become a client.
2017-03-30 11:53:35 +10:00
9ebfb0e953
make the function wc_CreatePKCS8Key public
2017-03-29 16:42:51 -06:00
5663fbf41a
adjust placement of ECC curve OID in PKCS8 and add parameter notes
2017-03-29 16:17:54 -06:00
219fb584e2
fix for lenght of PKCS8 with ECC and for ECC get key algo ID
2017-03-29 16:17:26 -06:00
72d11e19cd
add create PKCS8 key
2017-03-29 16:14:34 -06:00
36d9504bc3
Added NO_WRITE_TEMP_FILES option to prevent writing temp files during wolfCrypt test.
2017-03-28 19:37:55 -07:00
75abeaecfc
Updates for TKernel port (WOLFSSL_uTKERNEL2). Added support for InterNiche prconnect_pro using WOLFSSL_PRCONNECT_PRO. Cleanup the min/max functions. Add NO_STDIO_FGETS_REMAP to not include the fgets remap for WOLFSSL_uTKERNEL2. Fix TFM build warning. Added HAVE_POCO_LIB. Added wolfCrypt test temp cert path for WOLFSSL_uTKERNEL2 = /uda/. Added WOLFSSL_CURRTIME_REMAP for benchmark to allow different function name to be used for system which have a conflicting name. Add ability to use normal malloc/free with WOLFSSL_uTKERNEL2 using NO_TKERNEL_MEM_POOL. Added new XMALLOC_OVERRIDE to allow custom XMALLOC/XFREE/XREALLOC macros. Move CUSTOM_RAND_GENERATE up in RNG choices. Rename tls.c STK macros due to conflict.
2017-03-28 19:10:19 -07:00
25779dfb4f
Introduce HAPROXY config flag + get/set app_data
2017-03-28 13:28:36 +02:00
d94fcd8b69
Implemented wolfSSL_EVP_PKEY_base_id, wolfSSL_BIO_read_filename. Added wolfSSL_EVP_PKEY_type stub
2017-03-28 11:42:30 +02:00
14efd9735d
Merge pull request #816 from kaleb-himes/eccCaKeyFile-undefined
...
Fix for: 'Fix for build error with unused eccCaKeyFile'
2017-03-27 21:18:46 -07:00
2bcb8e53fc
Address case from review
2017-03-27 16:53:13 -06:00
5cffae2e3f
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into eccCaKeyFile-undefined
2017-03-27 16:52:51 -06:00
10bf955b70
Merge pull request #817 from kaleb-himes/ocsp-cert-update
...
add 'Class 3 Public Primary Certification Authority' to ocspstapling …
2017-03-27 15:21:55 -07:00
9c8574111e
Merge pull request #815 from toddouska/switchcerts
...
better handling of TLS layer switching out CTX layer keys/certs
2017-03-27 15:57:58 -06:00
bddf0c52a6
add 'Class 3 Public Primary Certification Authority' to ocspstapling test certificate
2017-03-27 14:13:22 -06:00
00ca1dcbb7
Fix for: 'Fix for build error with unused eccCaKeyFile'
2017-03-24 14:01:06 -06:00
a7c131c0a1
fix vs warning
2017-03-24 11:19:01 -07:00
86efbbbb1d
simplify reset suites on cert/key changes to end of function
2017-03-24 10:40:42 -07:00
4783fbfc4f
better handling of TLS layer switching out CTX layer keys/certs
2017-03-24 10:19:01 -07:00
d8261796a6
Merge pull request #813 from cconlon/addcert
...
add server-keyPkcs8.der to include.am
2017-03-22 14:58:22 -07:00
a216da38d2
Merge pull request #798 from toddouska/trackmem
...
add deallocs to memory tracker
2017-03-22 13:59:29 -06:00
0983536c98
Merge pull request #814 from dgarske/fix_crl_redef
...
Fix build warning with redefinition of typedef 'WOLFSSL_CRL’
2017-03-22 08:59:02 -07:00
5f7e77f131
Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-03-21 16:48:55 -06:00
4e6f70e15e
Merge pull request #784 from JacobBarthelmeh/Cert-Report2
...
error out with duplicate policy OID in a certificate policies extension
2017-03-21 15:21:46 -07:00
a6ecf793ba
Merge pull request #806 from dgarske/tfm_heap_reduce
...
Reduce heap usage with fast math when not using ALT_ECC_SIZE
2017-03-21 15:21:09 -07:00
360fb2db0a
Merge pull request #808 from kojo1/TrialProj
...
eccCaKeyFile in RSA/ECC test
2017-03-21 15:21:00 -07:00
3e2fe536ad
Merge pull request #809 from JacobBarthelmeh/Testing
...
test case when not using RSA blinding
2017-03-21 15:18:53 -07:00
30024b7e7f
Merge pull request #812 from SparkiDev/valgrind_ecc
...
Fix leak in test
2017-03-21 15:18:09 -07:00
88679a6a0c
Merge wolfSSL master.
2017-03-21 15:33:40 -06:00
739436d7a8
Merge with wolfSSL master.
2017-03-21 15:23:47 -06:00
d829e5ba5a
Fix build warning with redefinition of typedef 'WOLFSSL_CRL’.
2017-03-21 09:13:50 -07:00
c46eb36b4e
add server-keyPkcs8.der to include.am
2017-03-21 09:53:24 -06:00
7be1077216
Fix for build error with unused “eccCaKeyFile”.
2017-03-21 08:31:07 -07:00
8bf22b253a
Fix leak in test
...
Use new points for compressed point testing.
2017-03-21 23:34:48 +10:00
15423428ed
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-20 15:08:34 -07:00
f26d584cec
test case when not using RSA blinding
2017-03-20 14:15:34 -06:00
4cb891334d
Merge pull request #801 from toddouska/fipscheck
...
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-20 13:44:01 -06:00
15e442637d
Fix “#error old TLS requires MD5 and SHA” to only occur if !WOLFCRYPT_ONLY.
2017-03-20 10:42:08 -07:00
e35489fd75
eccCaKeyFile in RSA/ECC test
2017-03-20 13:46:26 +09:00
52215b3ecf
Merge pull request #734 from kaleb-himes/csharp-addition
...
Adds wrapper for CTX_load_verify_locations to C# wrapper
2017-03-17 18:18:17 -06:00
10bf3c4d1d
Merge pull request #804 from SparkiDev/wpas_shared
...
Wpas shared
2017-03-17 16:15:51 -07:00
6cc42dcacb
Reduce TFM fp_int size by only adding the “int size” if ALT_ECC_SIZE or WOLFSSL_ASYNC_CRYPT is defined. Fix couple of async build errors in wolfCrypt test.
2017-03-17 15:01:18 -07:00
3bb1723476
Merge pull request #768 from dgarske/crl_lookup
...
Added support for inline CRL lookup when HAVE_CRL_IO is defined
2017-03-17 12:18:45 -07:00
b9d3db8b47
Merge pull request #800 from SparkiDev/no_fs
...
If there is no filesystem then still compile and run
2017-03-17 12:08:49 -07:00
ad57738cc6
Merge pull request #795 from JacobBarthelmeh/Testing
...
bounds checking with adding string terminating character
2017-03-17 12:07:55 -07:00
db526999c3
Merge pull request #803 from dgarske/fix_int_cast_warn
...
Fix warning with "implicit conversion loses integer precision”.
2017-03-17 12:05:29 -07:00
c69dea624c
Merge pull request #802 from cconlon/rsa_decode
...
add wc_GetPkcs8TraditionalOffset()
2017-03-17 12:04:44 -07:00
461f051ef1
Only expose ECC APIs on config define
2017-03-17 10:52:38 +10:00
37a52414cc
Make MP and ECC APIs public
...
These APIs are needed by wpa_supplicant.
2017-03-17 10:23:37 +10:00
141210dcc0
Fix warning with "implicit conversion loses integer precision”.
2017-03-16 14:56:03 -07:00
3f33f2b995
add duplicate policy OID cert to dist
2017-03-16 15:49:40 -06:00
92587651c9
variable i is not used when WOLFSSL_SEP is enabled
2017-03-16 15:48:15 -06:00
faf2bacd56
error out with duplicate policy OID in a certificate policies extension
2017-03-16 15:48:15 -06:00
efc2bb43d2
add wc_GetPkcs8TraditionalOffset()
2017-03-16 15:14:20 -06:00
ce6e3ce8d0
Merge pull request #799 from cconlon/ecc_decode
...
remove EccPublicKeyDecode() from WOLFSSL_CERT_EXT guard
2017-03-16 12:47:19 -07:00
c62b4e8ed5
Merge pull request #797 from cconlon/ecc_private
...
allow ECC private key only import
2017-03-16 12:45:49 -07:00
7651afbd38
Merge pull request #794 from dgarske/fix_rsa_e_overflow_w32bit
...
Fix issue with TFM mp_set_int, which should handle unsigned long.
2017-03-16 11:49:07 -07:00
2b1b7632fc
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
d22dcdb78d
If there is no filesystem then still compile and run
...
Defaults to 2048-bit FF and 256-bit EC keys.
2017-03-16 16:00:31 +10:00
94d56fda59
Merge pull request #796 from toddouska/noasntime
...
fix NO_ASN_TIME build with --enable-wpas
2017-03-16 14:46:10 +10:00
a7f8bdb387
remove EccPublicKeyDecode() from WOLFSSL_CERT_EXT guard
2017-03-15 17:28:52 -06:00
5839bd0177
add deallocs to memory tracker
2017-03-15 15:36:12 -07:00
a13cce9213
allow ECC private key only import
2017-03-15 16:04:17 -06:00
36ecbfb1a8
fix NO_ASN_TIME build with --enable-wpas
2017-03-15 14:57:38 -07:00
0ef1b5d298
bounds checking with adding string terminating character
2017-03-15 13:40:41 -06:00
2c890e6827
Fix mp_set_int to use calc for 32 const. Changed it to sizeof(b) instead of sizeof(long).
2017-03-15 12:34:55 -07:00
4eb76e1d71
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 12:27:02 -07:00
cf73a2244f
Fix for stray brace in wolfIO_TcpConnect. Fix to typedef sockaddr_in6 only when TEST_IPV6 is defined. Moved XSOCKLENT into io.h. Added useful WOLFSSL_NO_SOCK, which can be used with WOLFSSL_USER_IO.
2017-03-15 12:26:40 -07:00
d3a07858c0
Fixes based on peer review feedback. Fix to only include the non-blocking / select timeout functions when HAVE_IO_TIMEOUT is defined. Fix to only include TCP connect if HAVE_GETADDRINFO or HAVE_SOCKADDR defined. Cleanup of the “struct sockaddr*” to use typedef with HAVE_SOCKADDR. Moved helpful XINET_* and XHTONS/XNTOHS macros to io.h.
2017-03-15 12:26:18 -07:00
628f740363
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-15 12:26:18 -07:00
5a24fd9237
Fix TFM mp_set_int to handle long. Enhance mp_set_int to use mp_set if less than max mp_digit. Added new MP_SET_CHUNK_BITS to eliminate hard coded const’s and allow build time adjustment.
2017-03-15 12:23:50 -07:00
4725a8aea6
Merge pull request #775 from SparkiDev/wpas
...
Changes for WPA Supplicant
2017-03-15 11:19:46 -06:00
f38d23a315
Merge pull request #791 from dgarske/fix_ecc_test_curve_idx
...
Fix wc_ecc_export_point_der to use curve_id
2017-03-14 19:22:53 -07:00
916a5c97ce
Merge pull request #793 from SparkiDev/scan_build
...
Fixes for scan-build
2017-03-14 19:19:09 -07:00
003e18ecbc
Fixes for scan-build
2017-03-15 09:38:53 +10:00
97b98c5c44
Changes from review
...
Add a free handshake resources API.
Rename to wolfSSL_KeepHandshakeResources().
Add APIs to indicate the client's preference order is to be used when
matching cipher suites.
2017-03-15 09:09:25 +10:00
ac713e62c5
Code review fixes
...
Put back check for server end when setting DH.
Add option to keep resources rather than free after handshake.
2017-03-15 09:09:25 +10:00
122f648fd8
Only support client preference order as default for WPAS.
2017-03-15 09:09:02 +10:00
7897d04145
Need GetHMACSize and GetIVSize for wpas 2.0
2017-03-15 09:09:02 +10:00
fd3093f937
Protect code with #ifdefs
2017-03-15 09:09:02 +10:00
e2930b0a43
Changes for WPA Supplicant
2017-03-15 09:09:02 +10:00
7bef7aaa81
Merge pull request #792 from SparkiDev/valgrind
...
Fix valgrind issues
2017-03-14 13:50:26 -07:00
4210ce0f67
Merge pull request #789 from SparkiDev/jenkins
...
Fixes for extended configuration testing
2017-03-14 10:00:39 -07:00
cccaa8671e
Merge pull request #778 from dgarske/intime_rtos
...
INtime RTOS port
2017-03-14 09:55:50 -07:00
2fbce65975
Revert change in types.h for INTIME_RTOS. HAVE_THREAD_LS is not supported here, so don’t define out. Added note in INtime RTOS user_settings.h to indicate this.
2017-03-13 20:03:09 -07:00
0eb01698f4
Fix for wolfCrypt ECC import/export point test to not use const idx and instead lookup using the “ecc_curve_id” enum value. Added new “wc_ecc_get_curve_idx” and “wc_ecc_get_curve_id” API’s. Redirected duplicate ECC function “wc_ecc_get_curve_name_from_id” to “wc_ecc_get_name”. Added “ECC_CURVE_INVALID” to indicate invalid curve_id.
2017-03-13 19:58:15 -07:00
72728b21af
Undo as mp_digit is not allowed to get as large as tested
2017-03-14 10:23:13 +10:00
81731df72f
Fix valgrind issues
...
Test program was re-using RSA and ECC key with multiple imports ops.
wc_RsaPublicKeyDecode() leaked if n parseable but not e.
2017-03-14 09:47:34 +10:00
8a562c817c
Fix build issues with DEBUG_WOLFSSL defined. Fix typo in user_settings.h for DEBUG_WOLFSSL. Fix issue with example client waiting on local server (shouldn’t be). Updated README.md with example output.
2017-03-13 12:22:44 -07:00
e98a0465ae
tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled.
2017-03-13 09:48:55 -07:00
610ac07cd8
Add MP_MASK
2017-03-13 16:28:36 +10:00
8ac2f5cb9c
Windows warning about negating unsigned fix
2017-03-13 12:29:58 +10:00
d4f0c79272
Cast for Windows
2017-03-13 12:18:45 +10:00
614231f71c
Fixes for extended configuration testing
2017-03-13 11:33:39 +10:00
9780f1faef
Fix spacing and comma
2017-03-12 23:01:32 +09:00
a6cbfe6f93
Merge pull request #787 from SparkiDev/def_p256
...
Fix elliptic curve selection.
2017-03-11 08:35:11 -08:00
91737ceb3f
Merge pull request #786 from JacobBarthelmeh/Testing
...
Testing
2017-03-10 17:03:24 -08:00
80fe2a3524
Fix elliptic curve selection.
...
Preference by:
1. the default for the curve strength (eccTempKeySz),
2. a curve at the curve strength (eccTempKeySz),
3. the default for next higher curve strength,
4. the first curve (client order) with the next highest curve strength
2017-03-11 10:17:15 +10:00
93f1e7cf2e
remove magic number in test case
2017-03-10 13:16:22 -07:00
bb81ea804c
add AES get key to ARMv8 port and add check for BASE 64 encode to tests
2017-03-10 09:55:27 -07:00
dee3159f0f
update byte size conversion
2017-03-10 09:39:18 -07:00
e8d97c9b1e
make test buffers large enough for results
2017-03-10 09:36:29 -07:00
5a803730b8
Merge pull request #785 from SparkiDev/fixes
...
Fixes from merge of test coverage changes
2017-03-09 17:58:15 -08:00
2b5dba798f
Merge pull request #783 from JacobBarthelmeh/Cert-Report1
...
Add error case for critical Subject Key ID extension
2017-03-09 15:39:23 -08:00
5c9eedbf69
Fixes from merge of test coverage changes
...
Include new certificates in distribution.
Casting changes for clang.
Extra error code - recognize in test.
2017-03-10 09:15:18 +10:00
2444a55afe
Merge pull request #708 from SparkiDev/test_cov
...
Extend testing for coverage
2017-03-09 12:52:17 -08:00
2bb14903f9
Merge pull request #698 from SparkiDev/nginx
...
Get Nginx working with wolfSSL
2017-03-09 10:23:20 -08:00
0e64c7708f
Merge pull request #769 from JacobBarthelmeh/Testing
...
Testing
2017-03-09 10:17:48 -08:00
fd50fd8a3e
Add error case for critical Subject Key ID extension
2017-03-08 16:40:07 -07:00
df32c6fb0b
Merge pull request #782 from dgarske/ecc_mem
...
Fix to reduce ECC memory usage when async crypt is not enabled
2017-03-08 15:35:47 -08:00
2b0963c42a
Merge pull request #780 from dgarske/crl_win
...
Fixes for building CRL with Windows
2017-03-08 15:31:02 -08:00
a55ebb4c18
Fixes for building CRL with Windows. Refactor load_verify_buffer and LoadCRL to use new wc_ReadDir* functions. Added new directory/file API's: wc_ReadDirFirst(), wc_ReadDirNext(), wc_ReadDirClose(). Moved MAX_PATH and MAX_FILENAME_SZ to wc_port.h. Moved BAD_PATH_ERROR into error-crypt.h. The wc_ReadDir is only supported when NO_WOLFSSL_DIR and NO_FILESYSTEM are not defined. Add map to __FUNCTION__ macro in Windows with debug enabled (to resolve build error with VS and __func__ missing). Fix cast warning on response from EncodeOcspRequestExtensions. Fix for cast to call to BuildCertificateStatus.
2017-03-08 11:21:11 -08:00
a0effa6329
call mp_clear to match call to mp_init
2017-03-08 11:26:16 -07:00
e115205d18
Fix to reduce ECC memory usage when async crypt is not enabled. Fix uses local for r and s instead of key->r and key->s.
2017-03-07 13:45:02 -08:00
e7445b8e49
Merge pull request #781 from dgarske/fix_sb_int_dp
...
Fix integer.c scan-build warning for possible use of NULL dp
2017-03-07 12:03:20 -08:00
be42a575da
Fix additional integer.c report of possible use of NULL dp (after normal math performance improvement to defer dp pointer alloc commit bdbb98ed20
2017-03-06 13:19:52 -08:00
ebef5083ca
Merge pull request #777 from toddouska/dhpub
...
add check dh public key to agree()
2017-03-06 10:16:57 -07:00
bb3bea3d4c
Merge pull request #773 from toddouska/authtag
...
add defined for default AES AUTH_TAG_MIN_SZ
2017-03-06 09:53:01 -07:00
ae6fbb220f
Pass the context to statusCb (needed in Nginx 1.10.3)
2017-03-06 10:58:25 +10:00
ba1a8d7681
Merge pull request #765 from dgarske/scanbuild_fixes
...
Fixes for scan-build warnings
2017-03-03 15:58:10 -08:00
0d3ef0b399
Merge pull request #776 from dgarske/fix_iis_signature_algorithms
...
Fix issue with IIS servers and NO_OLD_TLS
2017-03-03 12:51:22 -08:00
a348898e96
add AUTH_SZ size check to ti and armv8 ports
2017-03-03 11:42:24 -08:00
7bcd26e321
add check dh public key to agree()
2017-03-03 11:30:38 -08:00
6800ffe8fa
Merge pull request #772 from toddouska/sr3-fix
...
fix signer memory takeover on malformed data
2017-03-03 10:21:01 -07:00
eef3ec4a87
Merge pull request #763 from NickolasLapp/master
...
Changes to bring wolfssl up to date with stunnel 5.40
2017-03-03 09:00:11 -08:00
ace417b087
Merge pull request #774 from ejohnstown/psk-staticmemory
...
Static Memory Handshake Fix
2017-03-03 09:38:19 -07:00
2b937e2f23
Merge pull request #771 from JacobBarthelmeh/master
...
account for static memory IO_POOL free when general memory was used
2017-03-03 08:31:55 -08:00
431f363520
Better fixes for suppressing scan-build warning with normal math enabled.
2017-03-03 07:35:26 -08:00
0182d99efb
Updates for nginx 1.10.3
...
Don't return global error when: SOCKET_PEER_CLOSED_E or SOCKET_ERROR_E
Increase max ex_data items to 5
2017-03-03 16:38:29 +10:00
b5fe3ddbfa
Fix to allow connection to IIS server which requires SHA1 hash algo to be present in signature_algos extension. Issue only exists when NO_OLD_TLS is defined. To enable SHA1 with TLS 1.2 define "WOLFSSL_ALLOW_TLS_SHA1”.
2017-03-02 18:18:05 -08:00
67a8626430
Fix for scan-build warning with “->dp == NULL”. Scenario can’t happen, but adding sanity check to suppress warning.
2017-03-02 15:56:31 -08:00
ec1d8c7090
Fixed where the client was using NULL instead of ssl->heap when allocating memory during SendClientKeyExchange(). Failing on an embedded static build.
2017-03-02 10:05:24 -08:00
d903059e05
Fixes to allow signature_algorithms extension to send SHA1 (if enabled) and NO_OLD_TLS is defined. This resolves an issue connected to ISS servers.
2017-03-01 19:07:13 -08:00
c1c7c90345
add defined for default AES AUTH_TAG_MIN_SZ
2017-03-01 11:17:24 -08:00
9ab28f9756
account for static memory IO_POOL free when general memory was used
2017-03-01 11:39:00 -07:00
2d612da9f4
fix signer memory takeover on malformed data
2017-03-01 10:25:54 -08:00
7ca19f9fff
Protect other call to wc_EccPublicKeyDecode
2017-03-01 09:37:18 +10:00
292a17fff8
wc_EccPublicKeyDecode changes from review
2017-03-01 09:37:18 +10:00
455fb96faa
Extend testing for coverage
2017-03-01 09:37:18 +10:00
0608cd0dd3
Merge pull request #770 from JacobBarthelmeh/master
...
adjust return value of hash update and address warning with NO_SHA
2017-02-28 14:56:43 -08:00
13e6217fd5
Changes from code review
2017-03-01 08:38:54 +10:00
d4abeb56db
Fixes required after logging changes to master.
2017-03-01 08:38:54 +10:00
e6434f380b
Get Nginx working with wolfSSL
2017-03-01 08:38:54 +10:00
d5d7a4ae7b
Report failure but continue to run.
2017-02-28 14:44:11 -07:00
f77458992e
resolve windows warnings and add sanity check with PKCS12 parse
2017-02-28 14:33:07 -07:00
0ed8024bcf
adjust return value of hash update and address warning with NO_SHA
2017-02-28 13:40:03 -07:00
b86dfd582f
Merge pull request #766 from JacobBarthelmeh/Testing
...
debug message fix
2017-02-27 12:09:43 -08:00
b2fc525a1d
update MD5, SHA, SHA256, SHA384, SHA512 Update functions.
2017-02-24 15:58:47 -07:00
c467bbd776
Reasses return values on all Init, Update, Final functions.
2017-02-24 15:16:54 -07:00
26bd19bbd8
debug message fix
2017-02-23 17:15:44 -07:00
9db6a27921
Fixes for scan-build warnings. Fix possible memory leak in wolfSSL_DH_new on failure. Add null checks in integer.c for destination to make sure “dp” grows when NULL (even though never happens in real-use). Added suppression of wc_port.c warning “Value stored to 'ret' is never read”.
2017-02-23 14:47:36 -08:00
6ca16b06d2
MergeConflicts
2017-02-23 11:13:32 -07:00
6425a654be
Merge pull request #761 from dgarske/stm32_fixes
...
Fix for AES-GCM with STM32 and CubeMX HAL
2017-02-22 14:31:36 -08:00
302db35b2f
Merge pull request #752 from dgarske/fix_ecc_import_wstaticmem
...
Fix issue with wc_ecc_import_x963_ex() loosing heap pointer
2017-02-22 14:30:57 -08:00
bdbb98ed20
Merge pull request #735 from dgarske/norm_math_speedup
...
Normal math speed-up to not allocate on mp_int and defer until mp_grow
2017-02-22 14:29:51 -08:00
d52f44108c
Merge pull request #762 from moisesguimaraes/fix-ocsp-request
...
Adds missing free(request) in CheckOcspRequest()
2017-02-22 14:19:51 -08:00
8bbcdf977d
adds missing free(request) in CheckOcspRequest()
2017-02-22 10:43:07 -08:00
2ef4525d4d
Changes to bring wolfssl up to date with stunnel 5.40
2017-02-22 11:15:59 -07:00
5a539751a2
Fixes for AES with STM32 and CubeMX. The key size was not being set and causing issues with AES GCM.
2017-02-21 15:12:40 -08:00
aeea24a5e3
Merge pull request #760 from toddouska/mcheck
...
fix small stack malloc checks
2017-02-21 14:33:44 -08:00
e01da5c44c
Fix mp_set to return int after rebase.
2017-02-21 14:12:27 -08:00
b05cfec057
Fix build warning with missing “mp_to_unsigned_bin_at_pos” declaration.
2017-02-21 14:03:21 -08:00
4cbfec1c7d
Implemented ksdk_port fixes to handle mp_ response codes. Added KSDK support for normal math. Regression testing against K82 hardware (MMCAU/LTC) and software with normal and fast math.
2017-02-21 14:03:21 -08:00
3008c888bf
Fix mp_cmp_d logic to handle a->used == 0. Revert mp_copy and mp_set 0 size workarounds.
2017-02-21 14:03:21 -08:00
9c7407d18c
Added return codes to wc_InitDhKey, wc_InitDsaKey and mp_set. Added missing return code checks on mp_copy in ecc.c. Fixed build with DSA and no ECC where mp_set function def would be missing.
2017-02-21 14:03:21 -08:00
d14be65315
Improve handling of mp_clear for RSA after speed-up.
2017-02-21 13:59:38 -08:00
bced81d234
Improve handling of mp_init / mp_clear for DH and DSA after speed-up.
2017-02-21 13:59:38 -08:00
da5825b94d
Normal math speed-up to not allocate on mp_int and defer until mp_grow. Added memory tracker support to ./tests/unit.test. Fix memory leak with curve cache enabled, by adding to wolfSSL_Cleanup.
2017-02-21 13:59:38 -08:00
e9c806a639
Merge pull request #743 from JacobBarthelmeh/master
...
change pem_password_cb typedef for compatibility
2017-02-21 13:23:05 -08:00
ce94243a20
Merge pull request #746 from cconlon/pkcs7ukm
...
PKCS7: fix optional UserKeyingMaterial encoding
2017-02-21 13:22:31 -08:00
f4f5d2d569
Merge pull request #747 from dgarske/integer_min_max
...
Fix naming for integer.c min/max local variables
2017-02-21 13:21:52 -08:00
988f7fa983
Merge pull request #759 from dgarske/fix_smallstack_procuserhcain
...
Fix for ProcessUserChain with WOLFSSL_SMALL_STACK defined causing stack corruption
2017-02-21 13:20:43 -08:00
c01fb8f655
Merge pull request #758 from kaleb-himes/mp_set
...
Fix for building with ECC disabled and DSA enabled with mp_set API.
2017-02-21 12:59:53 -08:00
7125d16f3e
Fix issue with wc_ecc_import_x963_ex() and wc_ecc_import_raw_private() loosing heap pointer. Fixes issue #750 .
2017-02-21 12:19:48 -08:00
fc85b8189c
fix small stack malloc checks
2017-02-21 11:18:09 -08:00
f0112c2f7d
Fix for ProcessUserChain with WOLFSSL_SMALL_STACK defined causing stack corruption.
2017-02-21 10:38:44 -08:00
fddf3bc664
pre-processor-macro update for mp_set API
2017-02-20 16:31:19 -07:00
db1f205522
Merge pull request #756 from toddouska/release3-10-3
...
3.10.3 rel
2017-02-20 10:08:14 -07:00
ebb21fc284
update rpm spec
2017-02-17 15:02:04 -08:00
e3503b8f9b
3.10.3 rel
2017-02-17 14:49:18 -08:00
3837173f93
Merge pull request #754 from wolfSSL/ecc_cdh
...
Added ECC Cofactor DH (ECC-CDH) support
2017-02-17 14:26:09 -08:00
19ee115392
Merge pull request #755 from toddouska/kat-errors
...
add ECC_CDH KAT error code
2017-02-17 14:25:51 -08:00
b4802cd73d
add ECC_CDH KAT error code
2017-02-17 12:26:35 -08:00
bdd3f2be41
Make sure ecc key is always memset to 0
2017-02-17 12:15:18 -08:00
3e6ef835b1
Free the ecc keys
2017-02-17 12:06:27 -08:00
09bae9da3e
Fixup from review
2017-02-17 11:18:05 -08:00
24cd46f1f1
Fixes from code review
2017-02-17 11:05:29 -08:00
d625645338
Refactor to combine ECC-CDH with existing “wc_ecc_shared_secret()” and use flag to perform cofactor computation on private key. Added new API “wc_ecc_set_flags()” and flag “WC_ECC_FLAG_COFACTOR” to indicate key should use cofactor. Added NIST CAVS test vector for ECC CDH Primitive with P-256.
2017-02-16 16:30:30 -08:00
39607984f7
Added ECC Cofactor DH (ECC-CDH) support with new “wc_ecc_cdh()” and “wc_ecc_cdh_ex()” API’s. Enable using “HAVE_ECC_CDH” define.
2017-02-16 13:17:08 -08:00
7da446c25a
Merge pull request #748 from JacobBarthelmeh/Release
...
Release
2017-02-12 21:55:31 -08:00
337c52b4cf
prepare for release 3.10.2
2017-02-10 10:19:34 -07:00
6c55701725
c89 build with ECC compresed key
2017-02-10 10:09:45 -07:00
4f53761faf
Fix naming for integer.c min/max local variables to resolve reported “error: declaration of 'min' shadows a global declaration”.
2017-02-09 15:52:25 -08:00
e307f3e89d
free decoded cert with small stack build
2017-02-09 16:06:34 -07:00
0cbc640aad
memory managment in crl.c with crl monitor
2017-02-09 15:39:55 -07:00
c022614e07
Merge pull request #742 from dgarske/fix_asn_getlen
...
Improved ASN error checking
2017-02-09 13:05:26 -08:00
93642cfcb9
PKCS7: fix optional UserKeyingMaterial encoding
2017-02-09 12:04:19 -07:00
8763a71420
Merge pull request #745 from JacobBarthelmeh/Windows
...
wolfCrypt cleanup in test.c moved and add wolfSSL init to testsuite w…
2017-02-09 10:19:51 -08:00
3a6e8bf0d0
Merge pull request #744 from JacobBarthelmeh/Testing
...
static analysis fixes for memory management and possible null dereference
2017-02-09 10:18:26 -08:00
321392998d
Additional ASN checks for GetSequence and GetSet. Cleanup of the buffer space check error to use BUFFER_E.
2017-02-09 09:50:06 -08:00
6a6e61f1d8
wolfCrypt cleanup in test.c moved and add wolfSSL init to testsuite with single threaded
2017-02-08 18:52:16 -07:00
b6b3021def
gcc-6 uninitialized warning with srp build
2017-02-08 16:49:58 -07:00
b0728645c9
static analysis fixes for memory management and possible null derefrence
2017-02-08 16:29:54 -07:00
ef38ab8fc5
Merge pull request #701 from JacobBarthelmeh/mutex
...
better compatibility with printing errors to a file
2017-02-08 11:12:17 -08:00
c02f35c128
change pem_password_cb typedef for compatibility
2017-02-08 11:48:50 -07:00
868e704b82
Merge pull request #732 from kaleb-himes/openrtos-3.9.2-checkout
...
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM…
2017-02-07 21:19:43 -08:00
c074ab273f
Merge pull request #740 from toddouska/ocsp
...
Fix OCSP signature leading zero, certdecode free on parse failure. Add WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certs, responder issuer must still be trusted. Add user clock skew defines for date skew before checks (WOLFSSL_AFTER_DATE_CLOCK_SKEW=# and WOLFSSL_BEFORE_DATE_CLOCK_SKEW=#).
2017-02-07 18:46:31 -08:00
993a604124
remove extern variables and use error queue instead
2017-02-07 17:16:22 -07:00
6fc81652b7
Merge pull request #738 from JacobBarthelmeh/Testing
...
align compatibility layer sha256 and sha224 structs
2017-02-07 13:59:34 -08:00
8f1c2965af
Fix build warning in asn.c with “potentially uninitialized local variable 'length' used”.
2017-02-07 13:34:27 -08:00
468df109b6
add WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certs, responder issuer must still be trusted
2017-02-07 13:31:59 -08:00
19204ab1ac
Fix comment.
2017-02-07 11:07:48 -08:00
a2984553d7
Fixes for build with user-crypto RSA (--enable-fast-rsa).
2017-02-07 11:03:17 -08:00
3a1921e107
Fixes to ASN GetLength changes. Additional GetLength checks in PKCS7 and PKCS12.
2017-02-07 10:59:34 -08:00
0286d157a7
First pass at cleanup of the GetLength function handling of 0 length value. Added some asn.c build option comments.
2017-02-06 20:05:04 -08:00
7ddeb1afd9
add user clock skew defines for date skew before checks
2017-02-06 16:30:48 -08:00
f938a75780
fix OCSP signature leading zero, certdecode free on parse failure
2017-02-06 14:10:38 -08:00
53bebb4785
add error code for wolfCrypt_Cleanup
2017-02-06 14:51:55 -07:00
1f7976a587
Merge pull request #739 from JacobBarthelmeh/Memory
...
reduction of mp_jacobi stack usage
2017-02-06 11:59:52 -08:00
daafb2c5ac
changes docs to single page
2017-02-05 18:56:19 -03:00
e33d4c0172
adds full docs
2017-02-05 18:51:13 -03:00
00a74d0da4
adds initial doc files
2017-02-05 16:43:43 -03:00
0f91542cf4
add peek error node function to make use of debug mutex
2017-02-03 11:52:36 -07:00
e8110e773e
reduction of mp_jacobi stack usage
2017-02-02 17:13:26 -07:00
b1522e0c59
pack Sha256 struct
2017-02-02 14:55:51 -07:00
e722459df3
align compatibility layer sha256 and sha224 structs
2017-02-02 11:57:29 -07:00
bf12e4ecca
wolfcrypt Python: work around minor issue in Random.__del__
...
During interpreter shutdown, depending on the order in which things happen, a module can be unloaded before all instances of classes defined in that module are garbage collected.
In particular, this means that any global variables (including imported modules) become `None` by the time the instances `__del__` is called, resulting in
```
AttributeError: 'NoneType' object has no attribute 'wc_FreeRng'
```
being displayed while the process exits. This can be avoided simply by catching and ignoring the `AttributeError` in this case, since the process is shutting down anyways.
2017-02-02 16:51:41 +01:00
895bf8dfbc
Merge pull request #728 from embray/patch-1
...
Fixes a serious bug in Random.byte
2017-02-01 21:07:20 -03:00
16698db48f
Merge pull request #733 from kaleb-himes/tirtos-updates
...
updates for TIRTOS build following release 3.10.0
2017-02-01 14:47:12 -08:00
fde6700d89
fix typo
2017-01-31 15:10:49 -07:00
d1f323ca58
Adds wrapper for CTX_load_verify_locations to C# wrapper
2017-01-31 14:45:33 -07:00
b11265dbf5
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-31 14:34:58 -07:00
de9f05f3c5
Update sha256.c function punctuation.
2017-01-31 14:33:21 -07:00
af355f7472
updates for TIRTOS build following release 3.10.0
2017-01-31 13:15:45 -08:00
b2e4a50bf4
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
29f52ec735
Merge pull request #730 from toddouska/ocsp
...
Better CheckOcspRequest error detection on retry
2017-01-30 12:59:58 -03:00
ea96fa95b3
add new OCSP response validated debug message and remove redundant ret set
2017-01-28 11:11:25 -08:00
a094a36fa8
Update random.py
...
Realized that `ffi.string()` could truncate the output on null bytes.
2017-01-28 15:55:42 +01:00
a10d464126
fix scan-build warning and simplify CheckOcspRequest validation
2017-01-27 17:07:31 -08:00
f44bbe9ba3
Better CheckOcspRequest error detection on retry
2017-01-27 15:42:00 -08:00
1108ea0303
Merge pull request #729 from JacobBarthelmeh/staticmemory
...
account for unaligned memory when computing optimum size and update s…
2017-01-27 15:00:18 -08:00
0b8730f0b6
check bounds of buffer and get file buffer size
2017-01-27 15:14:25 -07:00
fc899029fb
account for unaligned memory when computing optimum size and update static memory tests
2017-01-27 10:50:47 -07:00
e4942eaa3d
Reorder restore statement.
2017-01-26 17:03:05 -07:00
74f72b5c6b
Jenkins fix.
2017-01-26 13:15:11 -07:00
e96a720f04
Fixes a serious bug in Random.byte
...
Python's bytecode compiler has a peephole optimizer which, among other things, can recognize constant expressions and replace them with a constant.
In `Random.byte` the expression `t2b('\0')` is recognized as a constant and is replaced with a single constant compiled into the function's bytecode.
This means that every time you run `Random.byte`, rather than creating a new `str` object (or `bytes` in Python 3) it's reusing the same one each time, and `wc_RNG_GenerateByte` is writing right into that constant object's buffer; hence the following behavior:
```
In [55]: rng = Random()
In [56]: a = rng.byte()
In [57]: a
Out[57]: "'"
In [58]: rng.byte()
Out[58]: '\x11'
In [59]: a
Out[59]: '\x11'
In [60]: rng.byte()
Out[60]: '\x16'
In [61]: a
Out[61]: '\x16'
In [62]: rng.byte.__func__.__code__.co_consts
Out[62]:
('\n Generate and return a random byte.\n ',
'\x16',
0,
'RNG generate byte error (%d)')
In [63]: rng.byte()
Out[63]: '\xad'
In [64]: rng.byte.__func__.__code__.co_consts
Out[64]:
('\n Generate and return a random byte.\n ',
'\xad',
0,
'RNG generate byte error (%d)')
```
`Random.bytes` does not necessarily have this problem since its result buffer is not a constant expression, though I feel like it could also in principle be affected if the string were interned (though I couldn't produce such a result). Nevertheless, it doesn't seem like a good idea to be updating `str` objects' buffers directly.
2017-01-26 20:48:15 +01:00
3ca087e850
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-26 12:48:03 -07:00
79e8bd2f2b
Restore the ssl->hsHashes->hashSha384 before returning on failure.
2017-01-26 12:44:20 -07:00
be768f5395
Made changes in api.c to reflect Update() changes.
2017-01-26 12:34:09 -07:00
d22bc5d347
Merge pull request #727 from ejohnstown/minor-cleanups
...
Minor Cleanups
2017-01-26 08:50:28 -08:00
d93f856081
Minor Cleanups
...
1. Removed the execute bit from a few C source files.
2. Changed a couple letters in Moises's name in tfm.h to
the non-extended/accented versions of "e" and "a".
2017-01-25 14:17:17 -08:00
1e02d00f61
Merge pull request #725 from toddouska/psk
...
add PSK test support to openssl script interop
2017-01-24 13:52:23 -08:00
d60d0b4e3f
Merge pull request #726 from ejohnstown/static-memory-fix
...
Allow Static Memory...
2017-01-24 09:38:08 -07:00
13d0908b09
Allow static memory option when not using fast math or not using
...
slow math for anything.
2017-01-23 16:38:29 -08:00
a9a0cdfe71
add PSK test support to openssl script interop
2017-01-23 16:10:01 -08:00
52bc606ef9
Merge pull request #723 from dgarske/fix_ecc_noshamir_wstaticmem
...
Fix issue with wc_ecc_verify_hash_ex when not using SHAMIR and using static memory
2017-01-23 14:00:43 -08:00
a1b79abedb
Merge pull request #717 from wolfSSL/auto_ecc_sup_curves
...
Added code to automatically populate supported ECC curve information
2017-01-23 13:57:56 -08:00
b7c3a340c1
Fix issue with wc_ecc_verify_hash_ex when not using SHAMIR and using static memory. Fixes issue #722 .
2017-01-23 09:12:03 -08:00
008a69f185
Merge pull request #721 from ejohnstown/cleanups-for-multicast
...
Small Fixes for Multicast
2017-01-22 13:19:10 -08:00
d3d7446a24
removes 3DES from docs
2017-01-21 15:31:26 -02:00
8e0affb4a3
Merge pull request #692 from moisesguimaraes/fixes-ocsp-stapling-parser
...
Fixes certificate status parsing, adds behavior for unknown status type
2017-01-20 16:41:28 -07:00
ac0181d527
In benchmark, change the calls to InitRNG to the explicit
...
heap versions like all the other crypt calls so it works
with static memory. Plays nice with FIPS mode if available.
2017-01-20 15:36:08 -08:00
4d83ef1c23
Merge pull request #712 from moisesguimaraes/fixes-ocsp-lookup
...
fixes CA matching when using NO_SKID
2017-01-20 16:15:12 -07:00
497313978f
Multicast
...
1. Opt-out the wolfmath code if not using big integers.
2. Opt-in a few functions when using lean PSK and DTLS.
3. Add a couple (void)heap to hush the compiler for
usused variables in lean PSK.
4. Add include limits.h to internal.h if CHAR_BIT isn't
defined. This is mainly for DTLS with lean PSK.
2017-01-20 11:59:28 -08:00
3918cdef03
Wrapped functions.
2017-01-19 13:35:23 -07:00
784ce57f45
Fix for TLSX_PopulateExtensions to not use #else HAVE_QSH case for populating supported curves.
2017-01-19 09:23:07 -08:00
835e3b7953
Merge pull request #719 from dgarske/fix_aes_no_dec
...
Fixes for building with NO_AES_DECRYPT
2017-01-19 08:52:32 -08:00
e86d59b3f7
Merge pull request #718 from dgarske/fix_ecc_comp_err
...
Fix scan-build warning with err not being read with HAVE_COMP_KEY defined
2017-01-19 08:50:44 -08:00
18b78795fb
Merge pull request #716 from dgarske/fix_no_asn_time
...
Fix build with NO_ASN_TIME
2017-01-19 08:43:50 -08:00
fa2882322d
Merge pull request #713 from JacobBarthelmeh/master
...
chacha20_poly1305 function expects a key size of 32 bytes
2017-01-19 08:41:48 -08:00
1afe613512
Fixes for building with NO_AES_DECRYPT. Added new HAVE_AESGCM_DECRYPT to allow AES GCM Decrypt with NO_AES_DECRYPT defined, since GCM uses only encrypt routine. Only allow TLS AES if NO_AES_DECRYPT is not defined.
2017-01-18 15:56:18 -08:00
b3721c6808
Fix scan-build warning with err not being read with HAVE_COMP_KEY defined. Okay to always call wc_ecc_curve_free, since DECLARE_CURVE_SPECS does a memset.
2017-01-18 14:05:32 -08:00
a761a7fc64
updates provisioners
2017-01-18 19:19:03 -02:00
feb6617dc9
updates centos provisioner
2017-01-18 18:41:15 -02:00
51bf46288b
adds client example
2017-01-18 18:18:19 -02:00
5c8e69eb5e
updates vagrant configs; updates server example, updates copyright year.
2017-01-18 17:59:48 -02:00
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
31981cc365
Merge pull request #711 from cconlon/ecc
...
add ECC export raw, sig to (R,S), helper functions
2017-01-18 09:27:42 -08:00
58f1fd2cc9
Merge pull request #704 from SparkiDev/memfail
...
Fixes from failure testing
2017-01-17 12:53:56 -08:00
c5bd24c1b7
Added changes Chris requested.
...
Moved error-crypt.h location and corrected FIPS return code.
Made requested changes to printf where 0 == 0.
2017-01-17 13:51:17 -07:00
a00bdb0de7
Merge pull request #714 from wolfSSL/fix_intelasm_debug
...
Fixed issue with intelasm and debug with SHA256
2017-01-17 12:50:17 -08:00
e84528205e
chacha20_poly1305 function expects a key size of 32 bytes
2017-01-17 13:39:26 -07:00
2281560f1a
Merge pull request #710 from JacobBarthelmeh/staticmemory
...
pass heap hint to temporary public ECC key
2017-01-17 12:15:45 -08:00
2e60330796
Merge pull request #703 from JacobBarthelmeh/SGX
...
wolfcrypt only build with Windows
2017-01-17 12:13:37 -08:00
c7ecf23c85
Merge pull request #696 from JacobBarthelmeh/Testing
...
fix possible memory leak on error case with ASN1 INTEGER to BN function
2017-01-17 12:10:21 -08:00
a0dc8dc8f9
Fix build with NO_ASN_TIME. Kaleb, add to future build options tests.
2017-01-17 10:35:48 -08:00
bb97e03a44
initial server tests
2017-01-16 19:40:46 -02:00
089387906e
updates tests
2017-01-16 18:52:34 -02:00
715d6afeda
updates tox config
2017-01-16 18:48:01 -02:00
0a9f66338c
adds coverity tests
2017-01-15 12:51:09 -02:00
2d56f09320
adds accept() behavior to SSLSocket; Migrates tests to pytest.
2017-01-15 12:26:22 -02:00
1aeab91828
Fixed issue with intelasm and debug with SHA256 due to stack variable W_K alignment. Removed obsolete DEBUG_XMM code.
2017-01-13 15:50:04 -08:00
56091e267f
moving source code into src
2017-01-12 19:27:36 -02:00
00fed61d36
Merge pull request #709 from JacobBarthelmeh/PKCS12
...
heap hint with PKCS7
2017-01-12 09:34:20 -07:00
75e3b5a297
pass heap hint to temporary public ECC key
2017-01-12 09:10:25 -07:00
86a3039e0b
fixes CA matching when using NO_SKID
2017-01-12 13:56:38 -02:00
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
f6647fbf84
add ECC export raw, sig to (R,S), helper functions
2017-01-11 17:08:35 -07:00
36d34ce069
free WOLFSSL_BN in SetIndividualExternal error case and simplify mpi_clear call
2017-01-11 14:53:32 -07:00
fc8ab42612
Merge pull request #671 from dgarske/ecc_curve_cache
...
New ECC curve cache feature to improve performance
2017-01-11 13:34:32 -08:00
575ac7b9d3
Merge pull request #707 from JacobBarthelmeh/master
...
fix location in tfm.c that could result in potential cache attack
2017-01-11 12:35:22 -08:00
bafddd1ba8
heap hint with PKCS7
2017-01-11 11:38:21 -07:00
e3277c19b7
fix location in tfm.c that could result in potential cache attack
2017-01-10 15:00:00 -07:00
8954de40ff
Merge pull request #706 from JacobBarthelmeh/Windows
...
open test file in binary mode
2017-01-10 11:54:47 -08:00
c191a19a77
Merge pull request #705 from cconlon/pkcs7rng
...
fix RNG to WC_RNG typo in pkcs7.c
2017-01-10 10:15:05 -07:00
6732961e0d
open test file in binary mode
2017-01-10 09:57:29 -07:00
993e6298ac
fix RNG to WC_RNG typo in pkcs7.c
2017-01-09 16:59:42 -07:00
3338ea9ef7
Added ecc.c documentation for WOLFSSL_VALIDATE_ECC_IMPORT. Note: Add this define to enable checks for Jenkins (after this is merged).
2017-01-09 15:01:17 -08:00
0722f4d20f
Fixes to reduce stack usage with ECC_CACHE_CURVE disabled (same as previous code). Added USE_ECC_B_PARAM macro (enabled with ECC_CACHE_CURVE or HAVE_COMP_KEY). Fixed bug with WOLFSSL_VALIDATE_ECC_KEYGEN defined and args to ecc_check_pubkey_order. Fixed counts for DECLARE_CURVE_SPECS(). Fixed wc_ecc_import_point_der to use curve cache. Enhance wc_ecc_check_key to support ECC_CACHE_CURVE for b or load using read_radix. Enhance to expose wc_ecc_is_point with all required mp_int* args directly.
2017-01-09 11:15:13 -08:00
6edb639d9d
wolfcrypt only build with Windows
2017-01-09 10:33:46 -07:00
af00ad7683
Merge pull request #700 from JacobBarthelmeh/master
...
run peek last error line test only when NO_OLD_TLS is not defined
2017-01-07 11:37:27 -08:00
4be5f624e8
include logging.h in test.c
2017-01-06 16:40:19 -07:00
dcb9ef6651
better compatibility with printing errors to a file
2017-01-06 14:29:16 -07:00
274ac21450
Merge pull request #699 from kaleb-himes/FREERTOS_TCP
...
Remove toolchain level define from OS_TCP section
2017-01-06 13:23:22 -08:00
d3604f1061
run peek last error line test only when NO_OLD_TLS is not defined
2017-01-06 13:22:49 -07:00
2b49f4205f
Remove toolchain level define from OS level define section
2017-01-06 11:44:04 -07:00
08f188ab44
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-06 11:26:06 -07:00
2c87f8d33c
merge with wolfSSL master.
2017-01-06 11:06:01 -07:00
050ba9d6e0
unit test md5, sha, sha256, sha384, sha512
...
Memory leak fix.
2017-01-06 10:57:50 -07:00
c20a35f1db
Merge pull request #697 from JacobBarthelmeh/master
...
adjust dynamic types with PKCS12 parse
2017-01-05 14:39:17 -08:00
1afb7e20db
fix for freeing copy of mpi in the case of not using fastmath
2017-01-05 13:49:07 -07:00
147a7d5096
adjust dynamic types with PKCS12 parse
2017-01-05 10:21:14 -07:00
1a55309207
fix possible memory leak on error case with ASN1 INTEGER to BN function
2017-01-05 10:00:17 -07:00
ea47d76bf7
Merge pull request #695 from dgarske/openssl_compat_enums
...
Additional openssl compatibility enums for X509_V_ERR and SSL_CB
2017-01-04 16:35:09 -07:00
cb0cc92ff2
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2017-01-04 15:27:15 -07:00
2f3ec778bd
For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent.
2017-01-04 15:27:15 -07:00
d3195d0b75
Pulled in patches from Debian package.
2017-01-04 15:27:15 -07:00
fc6217e4f6
Added stubs for the set_msg_callback functions. Cleanup of the SSL_ST_* and SSL_CB_* enums.
2017-01-04 12:14:09 -08:00
7c7b1233f7
Additional enums needed for compatibility with openssl for paho c mqtt client SSLSocket.c layer.
2017-01-04 11:00:08 -08:00
f25416d424
Merge pull request #689 from dgarske/fix_iar_arm
...
Fixes for compiler warnings with IAR EWARM 8
2017-01-03 15:46:12 -08:00
916e58b93c
Merge pull request #694 from moisesguimaraes/fixes-ocsp-nonce-check
...
removes request->nonceSz check to fully validate response->nonce.
2017-01-03 13:04:24 -08:00
dd737ca103
Merge pull request #618 from kojo1/openssl-ex
...
Openssl Extra
2017-01-03 12:40:51 -08:00
11775acb86
Merge pull request #691 from JacobBarthelmeh/Windows
...
random port for MinGW with unit tests
2017-01-03 11:46:33 -08:00
c82372cf78
removes request->nonceSz check to fully validate response->nonce.
2017-01-02 14:59:00 -02:00
07ce995b12
Fix issue with imported key not having a reset key->r, key->s and key->state, which was causing wc_ecc_encrypt to fail.
2016-12-30 12:24:03 -08:00
762064c292
fixes certificate status parsing, adds behavior for unknown status type.
2016-12-29 22:29:46 -02:00
e3ec769107
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT
...
If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-29 21:26:34 +01:00
073aa95496
Merge pull request #678 from dgarske/cleanup_macros
...
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32
2016-12-29 11:19:05 -08:00
0decefed11
Merge pull request #679 from dgarske/wolfmath
...
Combine generic math functions into new wolfmath.c/.h
2016-12-29 11:17:44 -08:00
fab72ed163
Merge pull request #688 from JacobBarthelmeh/master
...
fix C++ compiler warnings for distro build
2016-12-29 11:06:47 -08:00
f550172fd4
Merge pull request #687 from JacobBarthelmeh/Testing
...
update Windows FIPS build
2016-12-29 11:06:11 -08:00
5abfe9d1cf
random port for MinGW with unit tests
2016-12-29 11:05:10 -07:00
19ee499c96
Fix to improve fp_copy performance without ALT_ECC_SIZE defined. This change is required for async because we can’t memcpy/memset the entire fp_int.
2016-12-28 16:47:14 -08:00
e75fddd49e
Moving macType below hash in WOLFSSL_EVP_MD_CTX (instead of ALIGN16) to resolve 16-bit alignment crash I was seeing on CentOS due to size change of “WOLFSSL_Hasher”.
2016-12-28 16:31:41 -08:00
a854320a96
Revert changes to aes.c roll_auth.
2016-12-28 16:28:02 -08:00
6c90f097ca
remove extra white space
2016-12-28 15:40:34 -07:00
c77a18f0ec
add EVP_CIPHER_CTX_mode
2016-12-28 14:45:29 -07:00
f60cb08c29
macro and tests for get_passwd_cb functions
2016-12-28 14:45:29 -07:00
4f317a9a1d
wolfSSL_EVP_CipherInit_ex handle ENGINE argument and add a sanity check
2016-12-28 14:45:29 -07:00
1326fe1b0d
return values of DES set key and return block size for EVP block_size getter function
2016-12-28 14:45:29 -07:00
ccc72d72c2
change argument to pointer. In most cases NULL is used for this argument, as was the case in previous ports
2016-12-28 14:45:29 -07:00
95ea74a91e
sanity checks and one function return type for better compatibility
2016-12-28 14:45:29 -07:00
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
724e50c4fd
cast flag to byte type from int
2016-12-28 14:45:29 -07:00
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
ed5ff77e4f
account for BIO with no filesystem and rebase commits
2016-12-28 14:45:29 -07:00
f7737fdc55
expand BIO compatibility
2016-12-28 14:45:29 -07:00
a2d1db4b73
Merge branch 'openssl-ex' of https://github.com/kojo1/wolfssl into openssl-ex
2016-12-28 14:45:29 -07:00
5a2794fe9c
add EVP_MD_CTX_md, EVP_MD_type
2016-12-28 14:45:29 -07:00
2b3438e11b
pem x509 read from bio and bio set fd
2016-12-28 14:45:29 -07:00
80efc366df
add wolfSSL_EVP_MD_CTX_new/free
2016-12-28 14:45:29 -07:00
b377125ad1
add alias to EVP_get_cipher/digestbyname
2016-12-28 14:45:29 -07:00
c57803a4a5
add test EVP_CIPHER_CTX_new/free
2016-12-28 14:45:29 -07:00
a774f26613
add EVP_get_cipherbyname
2016-12-28 14:45:29 -07:00
2ef85e3d4d
EVP_CIPHER_CTX_new/free, EVP_get_digestbyname
2016-12-28 14:45:29 -07:00
0c742654dc
EVP_add_digest
2016-12-28 14:45:29 -07:00
64a3333870
adjust wolfSSL_set_options and test case
2016-12-28 14:45:29 -07:00
2daeecdb90
BIO s_socket and BN mod exp
2016-12-28 14:45:29 -07:00
e741a24089
add get last error and line function, fix ASN1 object redeclaration
2016-12-28 14:45:29 -07:00
1d0fc83d40
function to add X509 to cert chain
2016-12-28 14:45:29 -07:00
280f5cb542
fix int long type mismatch
2016-12-28 14:45:29 -07:00
1704a8d683
expand compatibility layer with write bio function
2016-12-28 14:45:29 -07:00
778680116e
HMAC_cleanup, MD5xxx for bsd
2016-12-28 14:45:29 -07:00
570486b90c
add SL_CTX_need/set_tmp_RSA
2016-12-28 14:45:29 -07:00
4baf494ddd
add EVP_CipherUpdate/Final
2016-12-28 14:45:29 -07:00
869529642d
Add #define EVP_DigestInit_ex
2016-12-28 14:45:29 -07:00
781c7d0055
check for user RSA
2016-12-28 14:45:29 -07:00
7e91838d4a
memory management and add to compatibility layer
2016-12-28 14:45:29 -07:00
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
9d1cb18616
add function X509_get_ext_d2i
2016-12-28 14:45:29 -07:00
5f3fa171cd
templates wolfSSL_ctrl and wolfSSL_CTX_ctrl
2016-12-28 14:44:05 -07:00
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
fed4ed40a9
compatibility functions for X509
2016-12-28 14:44:05 -07:00
0d7c259282
compatibility functions for ssl cert and private key
2016-12-28 14:44:05 -07:00
d8d3cd5269
staub: SSL_get_server_random
2016-12-28 14:44:05 -07:00
3946931320
stubs: SSL_get_server_random/verify_result/session/set_accept_state
2016-12-28 14:44:05 -07:00
a09a761d07
stubs: PEM_read_bio_DSAparams/X509_AUX/PrivateKey,SSL_CTX_get_default_passwd_cb/userdata
2016-12-28 14:44:05 -07:00
ee86325ae4
template: ERR_peek_last_error_line/print_errors_fp, EVP_add_digest
2016-12-28 14:44:05 -07:00
63dcacb437
templates: ENGINE_cleanup, BN_mod_exp
2016-12-28 14:44:05 -07:00
f3435eefbd
templates: ASN1_INTEGER_to_BN, BN_mod_exp, CONF_modules_free/unload, DSA_dup_DH
2016-12-28 14:44:05 -07:00
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
6520a77fac
DES ECB prototypes
2016-12-28 14:44:05 -07:00
526b602ebd
AESNI support with EVP AES
2016-12-28 14:44:05 -07:00
8554912d68
COMPAT. LAYER : jenkins warnings and build configurations
2016-12-28 14:44:05 -07:00
464543df26
COMPAT. LAYER : jenkins warnings and spacing around if statements
2016-12-28 14:44:05 -07:00
8844554fca
Templates BIO/SSL/SSL_CTX_ctrl
2016-12-28 14:44:05 -07:00
86014fb0d0
add BIO_ctrl and other BIO templates
2016-12-28 14:44:05 -07:00
8ed0b83c21
Test on EVP_Cipher AES Counter
2016-12-28 14:44:05 -07:00
de91e7df03
add EVP_Cipher with AES Counter
2016-12-28 14:44:05 -07:00
aed9b2d3bb
add EVP_CIPHER_CTX_block_size/mode/set_flags/set_padding
2016-12-28 14:44:05 -07:00
bb400789b8
add EVP_Cipher with EVP_aes_256_ecb()
2016-12-28 14:44:05 -07:00
0fd50cd57a
Added AES_set_encrypt/decrypt_key, AES_ecnrypt/decrypt
2016-12-28 14:44:05 -07:00
b57e576abd
Fixes for compiler warnings with IAR EWARM 8.
...
* Fix “wc_PKCS7_DecodeUnprotectedAttributes” return prior to free in GetSet error case.
* Fix “wc_PKCS7_KariGenerateKEK” type mismatch for kdfType.
* Fix aes.c roll_auth use of inSz over 24-bit.
* Fix ecc “build_lut”, “accel_fp_mul” and “accel_fp_mul2add” use of err as unsigned.
* Fix “wc_HKDF” use of un-initialized “myHmac” for heap.
* Fix undefined reference to __REV for IAR due to missing intrinsics.h.
* Fix build error for “wolfSSL_CTX_set_tmp_dh” if OPENSSL_EXTRA not defined and “HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE”.
* Cleanup of “wolfSSL_get_chain_X509” brace..
* Cleanup SSL_CtxResourceFree use of `i` and define comments.
* Added “SIZEOF_LONG_LONG” to IAR-EWARM user_settings.h to support word64 (required for SHA512, etc).
2016-12-28 11:18:41 -08:00
a40a3cb142
Merge pull request #686 from jay/fix_poly1305_ADD_macros
...
poly1305: fix ADD macros for multi-line
2016-12-27 17:52:53 -07:00
511f41b0e4
fix C++ compiler warnings for distro build
2016-12-27 14:38:14 -07:00
fb49dbd083
update Windows FIPS build
2016-12-27 10:34:13 -07:00
3b6dac9751
poly1305: fix ADD macros for multi-line
2016-12-24 02:46:35 -05:00
2cf7785068
Merge pull request #682 from JacobBarthelmeh/Release
...
prepare for release 3.10.0
2016-12-23 09:10:35 -07:00
c4af58b973
Refined the FIPS “min” logic.
2016-12-22 18:11:25 -08:00
fc16890641
Fix “min” with ctaocrypt FIPS.
2016-12-22 14:01:05 -08:00
7752f9ad05
prepare for release 3.10.0
2016-12-22 14:23:41 -07:00
784b24eebc
Merge pull request #680 from ejohnstown/dtls-sctp-fix
...
DTLS-SCTP fix
2016-12-22 13:10:29 -07:00
53d4c171c8
adds more client tests
2016-12-22 17:58:13 -02:00
35f03eb00a
fixes docs.
2016-12-22 16:59:50 -02:00
1c9147a41e
adds supported curves to context; fixes compatibility issues with py27
2016-12-22 15:01:58 -02:00
9b58ab0211
renames exceptions file
2016-12-22 15:01:58 -02:00
4b75d11164
fixes socket calls
2016-12-22 15:01:58 -02:00
f3c1522608
always treat native_object as a pointer
2016-12-22 15:01:58 -02:00
b9934695fb
pretest version of SSLSocket
2016-12-22 15:01:58 -02:00
567dfd76b3
adds initial code for SSLSocket
2016-12-22 15:01:58 -02:00
2cbdd45e8f
adds negotiate() to ssl interface
2016-12-22 15:01:58 -02:00
07072ef266
moving SSLContext and SSLSocket to __init__ to avoid ciclic includes
2016-12-22 15:01:58 -02:00
baeba53527
adds wrap_socket to the context
2016-12-22 15:01:58 -02:00
445e375daa
adds ssl interface to ffi
2016-12-22 15:01:58 -02:00
52eb0becf0
adds set_ciphers to context
2016-12-22 15:01:58 -02:00
368f2baf88
adds verify_mode to context
2016-12-22 15:01:58 -02:00
8eec3cb874
adds initial code for SSLSocket
2016-12-22 15:01:58 -02:00
0ed0672b16
fixes pylint warnings
2016-12-22 15:01:58 -02:00
c0b59a585b
adds support for buffered ca certificates
2016-12-22 15:01:58 -02:00
015ffecbab
fixes unicode quotes and adds load_cert_chain test.
2016-12-22 15:01:58 -02:00
760ddd14f5
fixes pylint warnings;
...
adds more tests to load_verify_locations;
fixes data type when calling C functions;
fixes result verification when calling C functions.
2016-12-22 15:01:58 -02:00
7201435f2d
adds initial context tests.
2016-12-22 15:01:58 -02:00
bd14611879
adds load_verify_locations and load_cert_chain implementations.
2016-12-22 15:01:58 -02:00
c8ae6abb43
adds context functions.
2016-12-22 15:01:58 -02:00
e1c01378c7
fixes ssl version in test to maintain backward compatibility.
2016-12-22 15:01:58 -02:00
20cfbe399c
fixes integer comparison and adds virtual env to ignored files.
2016-12-22 15:01:58 -02:00
e06b17e170
adds methods and client tests;
...
adds context creation;
adds memory module;
removes init and cleanup functions.
2016-12-22 15:01:58 -02:00
0df897d4b9
adds methods
2016-12-22 15:01:58 -02:00
7b884ad72a
removes non-ASCII chars from docs.
2016-12-22 15:01:58 -02:00
8b0edafef3
adds build_ffI.py
2016-12-22 15:01:58 -02:00
f4d6890b51
adds basic files and exception classes.
2016-12-22 15:01:58 -02:00
d6a6226c8e
Merge pull request #681 from JacobBarthelmeh/Testing
...
static analysis check of null dereference and memory management
2016-12-22 08:43:55 -08:00
93c87eb777
Merge pull request #677 from ejohnstown/dtls-prevseq
...
DTLS Previous Epoch Sequence Number Update
2016-12-22 08:42:56 -08:00
1c17b8eed6
static analysis check of null dereference and memory management
2016-12-21 16:20:18 -07:00
40800d8065
DTLS-SCTP fix
...
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
338cc9e873
Added wolfevent.c and wolfmath.c to ltc project.
2016-12-21 14:09:19 -08:00
3bec816f97
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32. Replace only use of BYTE3_LEN with OPAQUE24_LEN. Replace “ “ with “\t” (saves bytes and is consistent). Fix align issue with “WOLFSSL_EVP_MD_CTX” hash.
2016-12-21 14:05:00 -08:00
d73338851d
Combine generic math functions into new wolfmath.c/.h. Cleanup of the !ALT_ECC_SIZE code so fp_int always has size. This is in prep for async changes for new WC_BIGINT type for hardware crypto.
2016-12-21 13:39:33 -08:00
6cc1fd293e
Fixed issue with stack increase with curve cache disabled. Fixed issue with missing wc_ecc_curve_free() in wc_ecc_verify_hash_ex() causing mem leak. Changed ecc_curve_spec_cache to be allocated per curve. Added new wc_ecc_curve_cache_free() API to release all curve cache memory. Moved ecc_curve_spec struct and ecc_curve_load_mask enum to ecc.c. Add missing wc_ecc_fp_free() to wolfCrypt test. Added ecc.c comment for FP_ECC.
2016-12-21 12:31:02 -08:00
ac27d6d7ca
DTLS Sequence Number update
...
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
2016-12-20 09:30:46 -08:00
1a5c5d0011
Merge pull request #676 from cconlon/fortify
...
address fortify high issues
2016-12-19 20:03:24 -08:00
07e7521f34
Merge pull request #674 from JacobBarthelmeh/Testing
...
Bug fix for cache attack
2016-12-19 18:31:04 -08:00
125cfcacc3
Merge pull request #675 from JacobBarthelmeh/SGX
...
fix make dist with SGX project
2016-12-19 17:06:14 -07:00
46f3b2a367
address fortify high issues
2016-12-19 15:50:11 -07:00
345df93978
Bug fix for cache attack
2016-12-19 14:51:42 -07:00
6cefca6a49
Merge pull request #672 from cconlon/pkcs7fix
...
PKCS#7: fixes for building with AES disabled, smallstack
2016-12-19 13:46:35 -08:00
dca57bf2f0
Merge pull request #673 from cconlon/fortify
...
address fortify critical issues
2016-12-19 13:42:11 -08:00
4d637146d7
fix make dist with SGX project
2016-12-19 14:03:07 -07:00
060ff5e5ef
address fortify critical issues
2016-12-19 11:53:14 -07:00
168203ff9d
Merge pull request #649 from dgarske/distro
...
Linux Distro Patches
2016-12-16 16:03:16 -08:00
c313d97579
Merge pull request #622 from SparkiDev/sha384
...
SHA384
2016-12-16 15:57:40 -08:00
50cf1df8da
Merge pull request #669 from SparkiDev/scrypt
...
Implementation of scrypt
2016-12-16 15:53:48 -08:00
c73ddf3f8a
Merge pull request #670 from dgarske/executebit
...
Removed the execute bit on the new port files.
2016-12-16 15:52:26 -08:00
c5fbf96557
PKCS#7: fixes for building with AES disabled, smallstack
2016-12-16 15:58:18 -07:00
57571cb45e
Fix merge issues with ECC HAVE_COMP_KEY after rebase.
2016-12-16 14:20:00 -08:00
f990775451
Fix issue with ECC_SHAMIR disabled due to curve->b remnant from async branch.
2016-12-16 11:53:33 -08:00
cbc3cc6e91
Removed the execute bit on the new port files.
2016-12-16 11:35:40 -08:00
f1ead30987
New ECC curve cache feature to improve performance. Disabled by default and enabled using ./configure CFALGS="-DECC_CACHE_CURVE" or #define ECC_CACHE_CURVE. Added internal ECC states. Combined wc_ecc_mulmod_ex versions for timing rest / not. Tested with all math, timing, FP variants and NXP LTC and ECC508A hardware. Pulled in from latest async branch. Added new ECC_MAX_SIG_SIZE enum to help with sizing the sign buffer.
...
Performance Increases with ECC_CACHE_CURVE enabled:
* Key Gen 4.2%
* Key Agree, 4.0%
* Sign 6.8%
* Verify 5.8%
2016-12-16 11:32:59 -08:00
a9e7c4081f
Merge pull request #660 from ejohnstown/win-renegotiation
...
Enable secure renegotiation by default for Windows library build.
2016-12-15 16:17:15 -08:00
7b948fe04d
Merge pull request #667 from JacobBarthelmeh/SGX
...
add Windows build for SGX
2016-12-15 16:23:29 -07:00
ec90d72412
Merge pull request #666 from cconlon/chachafix
...
fix CertificateRequest cert type for ECDSA ChaCha suites
2016-12-15 12:08:08 -08:00
01d8201284
Merge pull request #665 from cconlon/certs
...
add missing certs and keys to certs/include.am
2016-12-15 12:03:12 -08:00
d0533c6dad
Merge pull request #664 from cconlon/pkcs7
...
PKCS#7/CMS expansion
2016-12-15 12:01:00 -08:00
9d94474133
Merge pull request #668 from ejohnstown/handshake-size
...
Fail on redundant handshake message data
2016-12-15 11:41:53 -08:00
6959c21fdd
Merge pull request #663 from dgarske/stm32_iar
...
Fixes to build STM32 with IAR
2016-12-15 11:26:43 -08:00
be65f26dd2
If there is a badly formed handshake message with extra data at the
...
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
2016-12-14 16:02:29 -08:00
33f21e8b8d
set correct cert type in CertificateRequest when using ChaCha suite with ECDSA
2016-12-14 11:34:10 -07:00
e16f2c0722
add Windows build for SGX
2016-12-14 10:41:52 -07:00
41f6863970
add missing certs and keys to certs/include.am
2016-12-14 09:46:41 -07:00
55554b79a9
PKCS#7: fix use after free in wc_DecodeKtri
2016-12-14 09:15:45 -07:00
20887a8c35
Implementation of scrypt
...
Tests and benchmarking added.
Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 16:57:41 +10:00
e5d1e3ae10
PKCS#7: only output test bundles when PKCS7_OUTPUT_TEST_BUNDLES is defined
2016-12-13 15:27:46 -07:00
22ecd55964
Don't ForceZero in assembly optimized versions.
2016-12-14 08:22:05 +10:00
a1b92dc809
Tidy up CPU Id check not not reference SHA384
2016-12-14 08:22:05 +10:00
24cfba4276
Fix ForceZero calls
2016-12-14 08:22:05 +10:00
0e4aa233ba
Use ForceZero in all implementations of Transform
2016-12-14 08:22:05 +10:00
fd21023823
Share code between SHA512 and SHA384
2016-12-14 08:22:05 +10:00
811be0eb9e
Faster zeroize on x86_64
2016-12-14 08:22:05 +10:00
f70860a9af
Make sure NO_64BIT is defined.
2016-12-13 12:18:21 -08:00
fd9a94b2bd
Fixes to build STM32 with IAR.
2016-12-13 10:24:55 -08:00
dad0cfda92
add EnvelopedData ECC support, refactor pkcs7
2016-12-13 09:40:54 -07:00
483e461c49
Merge pull request #647 from kaleb-himes/RIOT_OS
...
RIOT OS support, test scripts will be submitted to RIOT-OS repository
2016-12-10 19:13:19 -08:00
6c7e1785aa
EXIT_TEST macro added for cleaner implementation and maintenance
2016-12-09 19:39:36 -07:00
1748045d52
use NO_WRITEV for portability
2016-12-09 19:12:25 -07:00
5006306bb8
PKCS#7: add support for optional unprotectedAttributes with EncryptedData
2016-12-09 17:02:57 -07:00
abf18858a8
refactor PKCS#7 functionality into separate functions for Enveloped and EncryptedData
2016-12-09 17:02:57 -07:00
b5eb8dce2f
add PKCS#7/CMS EncryptedContent support
2016-12-09 16:57:31 -07:00
e80331e03a
fix Windows debug build warning with secure renegotiation
2016-12-09 14:31:21 -08:00
7fa825fde0
Enable secure renegotiation by default for Windows library build.
2016-12-09 13:39:00 -08:00
e3b57211d5
undo whitespace modification
2016-12-09 14:36:06 -07:00
fc9d689bc6
fastmath works with RIOT_OS if defined TFM_NO_ASM
2016-12-09 14:34:14 -07:00
b0b80bed78
Merge pull request #657 from cconlon/x963kdf
...
add ANSI-X9.63-KDF support [SEC1]
2016-12-09 13:29:41 -08:00
ad2b0810c6
Merge pull request #648 from cconlon/keywrap
...
add AES key wrap support, RFC 3394
2016-12-09 13:23:39 -08:00
7a76baa83e
restore .am and gitignore
2016-12-09 13:13:43 -07:00
c957107d76
merge with master and remove RIOT_Make directory, keep changes for working on Mac OS X
2016-12-09 13:11:45 -07:00
9e17b2b0aa
Merge branch 'master' of https://github.com/wolfssl/wolfssl into RIOT_OS
2016-12-09 13:09:25 -07:00
8b1a6d4c70
Merge pull request #658 from kaleb-himes/sniffer
...
Prevent forcezero from running on freed memory
2016-12-09 09:04:01 -08:00
33e840b01b
add AES key wrap support, RFC 3394
2016-12-09 09:30:56 -07:00
fdbb142699
Merge pull request #659 from toddouska/distcheck
...
fix nxp distcheck filename typo
2016-12-09 08:04:02 -08:00
d2ed611757
fix nxp distcheck filename typo
2016-12-08 16:52:12 -08:00
6cfb8e30b2
Merge pull request #591 from dgarske/STM32_CUBEMX
...
STM32 F2/F4 CubeMX and Std Peripheral Library hardware crypto support
2016-12-08 16:36:43 -08:00
ab7849be0d
Merge pull request #655 from JacobBarthelmeh/ARMv8
...
ARMv8
2016-12-08 16:34:19 -08:00
2db7bf0dc0
use static digest for X9.63 KDF, add smallstack support
2016-12-08 17:28:53 -07:00
5da564d03c
Merge pull request #656 from SparkiDev/hashes
...
Get the hash of the handshake messages rather than finalize.
2016-12-08 16:23:28 -08:00
d2b5a9538d
Prevent forcezero from running on freed memory
2016-12-08 15:11:41 -07:00
289acd088a
Remove state save and restore
2016-12-08 15:21:04 +10:00
ea1a03d538
Get the hash of the handshake messages rather than finalize.
...
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
2016-12-08 15:21:04 +10:00
a5b267087f
add ANSI-X9.63-KDF support [SEC1]
2016-12-07 20:26:09 -07:00
2a3f3433e7
Merge pull request #652 from ejohnstown/autoconf-size-check
...
Move autoconf size checks
2016-12-07 15:23:25 -08:00
3dec222969
Merge pull request #523 from dgarske/atmel_pr
...
Support for Atmel ATECC508A
2016-12-07 15:01:08 -08:00
074741aabf
Merge pull request #651 from dgarske/ksdk_dup_dec
...
Remove obsolete duplicate declaration for wc_RsaFunction in the KSDK header
2016-12-07 13:48:53 -08:00
a1bd2c8b35
Merge pull request #654 from dgarske/smallstackfixes
...
Fixes for build with WOLFSSL_SMALL_STACK defined
2016-12-07 13:41:45 -08:00
da4a46ddf6
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into RIOT_OS
2016-12-07 14:16:34 -07:00
477ec3c3d1
Merge pull request #2 from NickolasLapp/STM32_CUBEmX
...
Fix DES3 on STM32 CUBEMX
2016-12-07 11:27:24 -08:00
82c12fb7be
Fix DES3 on STM32 CUBEMX
2016-12-07 10:20:46 -07:00
5c59ccdeb9
Fix scan-build warning. Updated "side" variable failure case to return proper error code.
2016-12-07 07:57:55 -08:00
4dd393077f
Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.
2016-12-07 07:57:55 -08:00
45d26876c8
Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API.
2016-12-07 07:57:55 -08:00
eaca90db28
New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port.
2016-12-07 07:57:55 -08:00
9399cc05cb
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 07:07:27 -08:00
fdc297f6bd
Moved the check for the size of long, long long, and __m128 to before
...
the checks for libraries. In some combination of autotools, making a
32-bit build, the autoconf test code can't link libnetwork and crashes,
leaving those sizes all set to 0.
2016-12-06 16:15:45 -08:00
55b1ced783
Merge pull request #653 from toddouska/pkcallbacks
...
add pkcallbacks script test
2016-12-06 15:15:50 -08:00
944e5fba03
ARMv8 : load pointer to AES key and counter into a register along with pointer to SHA256 K table to handle tight optimized loops on function call with -flto
2016-12-06 21:42:15 +00:00
ed8e0132a7
do_cleanup on pkcallbacks.test
2016-12-06 13:04:12 -08:00
c0e006d42c
Fixes for build with small stack enabled.
2016-12-06 12:38:05 -08:00
80cc737ffa
add pkcallbacks script test
2016-12-06 11:27:05 -08:00
9fcb6e4e3c
Remove obsolete duplicate declaration for wc_RsaFunction in the KSDK port header.
2016-12-06 10:25:56 -08:00
932199c5e9
Fix build warning about unused static functions wc_AesEncrypt and wc_AesDecrypt with STM32.
2016-12-05 14:22:59 -08:00
4a7651a09a
STM32 F2/F4 CubeMX and Std Peripheral Library hardware crypto support for RNG, AES, SHA1, DES3 and MD5. Adds new WOLFSSL_STM32_CUBEMX and WOLFSSL_STM32F4 defines. Tested on STM32F437II.
2016-12-05 14:22:59 -08:00
f3816a4dc5
Merge pull request #597 from dgarske/NXPLTC
...
NXP (K82) LTC math hardware acceleration support
2016-12-05 13:50:31 -08:00
1d14ac5ff3
Fixes to include.am and sha256.c after master rebase. Retested on NXP K82 with and without HW accel (all tests/benchmarks pass).
2016-12-05 09:15:58 -08:00
877ea7011c
Fix for LTC RSA-4096. Use original wolfSSL code for RSA operation, reduce in LTC port layer.
2016-12-05 09:01:59 -08:00
0611c45869
Attempt to fix sha.c error with older visual studio compiler.
2016-12-05 09:01:59 -08:00
08b8af5f83
Fix for forced software crypto build.
2016-12-05 09:01:59 -08:00
c35daa877e
Fix to allow disabling MMCAU/LTC for software only test (moved preprocessor defines to Kinetis). Updated K82 software benchmark with actual values.
2016-12-05 09:01:59 -08:00
ae75842021
Fix build issues with rebase for ECC and RSA. Changed user_settings.h example when LTC is enabled to disable Shamir and ECC-521. Cleanup to add USE_NXP_MMCAU and USE_NXP_LTC for the example user_settings.h, so the project file can automatically configure.
2016-12-05 09:01:59 -08:00
a6b96b17ff
Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC.
2016-12-05 09:01:59 -08:00
8e64d564dc
NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2.
2016-12-05 09:01:59 -08:00
ddeb9da502
warning on empty translation units ignored, move cflags to Makefile
2016-12-03 11:55:24 -07:00
d2aef9a82a
README update
2016-12-03 11:03:17 -07:00
43525343fc
add RIOT tests to dist and make sure Makefiles are not excluded by .gitignore
2016-12-02 17:30:57 -07:00
162294e3e5
added benchmark app for RIOT and updated test error handling
2016-12-02 14:39:37 -07:00
684f9bad22
RIOT OS build and test scripts, build instructions
2016-12-02 13:53:05 -07:00
4317141260
Merge pull request #646 from JacobBarthelmeh/master
...
remove fPIE flag
2016-12-01 12:56:56 -08:00
d32af7e44b
remove fPIE flag : fPIE is suitable for use with executables and not when creating libraries
2016-12-01 12:01:38 -07:00
92377140b7
Merge pull request #520 from dgarske/compat_fixes
...
Add user cert chain DER support and OpenSSL compatibility fixes/improvements
2016-12-01 09:23:49 -08:00
650ddb8d23
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-30 16:27:24 -08:00
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
3d920b23a0
Fix for building with NO_ERROR_STRINGS.
2016-11-30 16:26:02 -08:00
7a35d904c2
Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA.
2016-11-30 16:26:02 -08:00
c3c3419138
Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h.
2016-11-30 16:26:01 -08:00
cfc5de8c5a
Merge pull request #645 from toddouska/fds
...
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 13:17:58 -08:00
8f89d4922f
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 11:15:57 -08:00
a2dc01413c
For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent.
2016-11-29 13:29:19 -08:00
235060eff2
Merge pull request #644 from cconlon/return_fix
...
correct MEMORY_E returns in asn.c
2016-11-28 10:58:06 -08:00
a9936cf3ee
correct MEMORY_E returns in asn.c
2016-11-28 10:39:07 -07:00
2cbc6ed673
ARMv8 : handle aggressive optimizers
2016-11-23 15:44:53 -07:00
7dab97fb01
Merge pull request #641 from dgarske/verifycb_peer_cert_chain
...
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
2016-11-23 12:59:00 -08:00
1240014fab
Fix OCSP to use public buffer type (now WOLFSSL_BUFFER_INFO).
2016-11-22 19:33:40 -08:00
8a8274d403
Merge pull request #643 from dgarske/fix_hmac_224
...
Fix wc_HmacSizeByType for SHA224.
2016-11-23 13:28:37 +10:00
50131b410d
Added new "WOLFSSL_BUFFER_INFO" type to represent internal "buffer" type and the "WOLFSSL_X509_STORE_CTX" certs. Added "VERIFY_CALLBACK_SHOW_PEER_CERTS" to print peer certs pointer and length.
2016-11-22 19:24:54 -08:00
ff16ecda5e
Merge pull request #642 from dgarske/ecc_custcurve_speedup
...
ECC performance increase with custom curves enabled
2016-11-22 16:05:57 -08:00
a540169b72
Merge pull request #638 from ejohnstown/dtls-window-update
...
DTLS Sequence Window Tracking Update
2016-11-22 16:53:04 -07:00
16907de633
Fix wc_HmacSizeByType for SHA224.
2016-11-22 14:45:10 -08:00
13cf313001
ECC performance increase with custom curves enabled (WOLFSSL_CUSTOM_CURVES) when A param is 3.
2016-11-22 13:43:18 -08:00
5b76a37234
Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627 .
2016-11-22 11:45:00 -08:00
13bdcc518d
Pulled in patches from Debian package.
2016-11-22 11:25:40 -08:00
2d9d3aeb91
DTLS Window Update: fixes and changes
2016-11-22 10:12:18 -08:00
b61e6e1219
Merge pull request #639 from moisesguimaraes/fixes-srp-priv-key-size
...
fixes random keys size ('a' and 'b')
2016-11-21 15:59:32 -07:00
64fc68920d
fixes random keys size ('a' and 'b')
2016-11-21 18:08:19 -03:00
ec6fec452d
Update session export with the new sequence number windows.
2016-11-21 09:16:53 -08:00
2507c4da8a
DTLS Sequence Window Tracking Update
...
1. Modify the DTLS sequence window to use an array of word32 instead
of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
2016-11-18 11:52:43 -08:00
b380eef3e2
Merge pull request #637 from JacobBarthelmeh/master
...
PKCS12 : return on memory error
2016-11-18 11:03:57 -08:00
ac5436b462
PKCS12 : return on memory error
2016-11-18 09:40:26 -07:00
1289e66641
Merge pull request #636 from dgarske/fix-ti-hash-mem-leak
...
Fix memory leak issue in ti-hash.c with small stack
2016-11-17 16:19:37 -08:00
f167fe3d4a
Merge pull request #625 from dgarske/tls_nosha256
...
Fix to allow TLS with NO_SHA256
2016-11-17 16:14:28 -08:00
bfd0a1b405
Fix to allow SHA384 cipher suite with NO_SHA256 defined. Without this fix the BUILD_AESGCM wasn't getting defined.
2016-11-17 10:29:48 -08:00
b01952ea40
Cleanup the hash free in FreeHandshakeResources.
2016-11-17 09:34:31 -08:00
de1ee91863
Fix memory leak issue with WOLFSSL_SMALL_STACK defined and using TI hardware accelerated hashing.
2016-11-17 09:24:56 -08:00
f275331e44
Merge pull request #634 from toddouska/sha512-length
...
Sha512 length
2016-11-16 15:06:20 -08:00
5c3bd7e1a0
Merge pull request #635 from cconlon/pkcs7signed
...
fix wc_PKCS7_EncodeSignedData with no signed attributes
2016-11-16 14:07:58 -08:00
8cea6ad148
fix wc_PKCS7_EncodeSignedData when used with empty or no signed attributes
2016-11-16 13:35:57 -07:00
44a23b072f
fix mcapi with size change
2016-11-16 09:39:21 -08:00
afc54c3dff
change sha512 hi/loLen to 64bits
2016-11-16 09:30:35 -08:00
f922d3f2d6
Merge pull request #624 from SparkiDev/sha224
...
SHA224 implementation added
2016-11-15 13:53:34 -08:00
98b57e045a
Merge pull request #629 from SparkiDev/rsa-crt
...
Make RSA CRT constant time
2016-11-15 13:36:32 -08:00
f27159f2db
Merge pull request #633 from cconlon/renegotiation_info
...
add server side empty renegotiation_info support
2016-11-15 11:11:17 -08:00
a10ec0ff91
adjust suiteSz and use SUITE_LEN in FindSuite()
2016-11-15 10:49:37 -07:00
ee53853d2f
Merge pull request #632 from toddouska/init_multi
...
fix non ecc_make_key init_mulit potential problems
2016-11-14 19:34:14 -08:00
cbb2ce6baf
Merge pull request #626 from dgarske/fix_ecc_make_rngfail
...
Fix for "wc_ecc_make_key_ex" if call to rng fails
2016-11-14 17:35:15 -08:00
49978d1417
server side empty renegotiation_info support
2016-11-14 15:33:36 -07:00
1a7fe0d4c5
fix non ecc_make_key init_mulit potential problems
2016-11-14 12:49:42 -08:00
82e8210208
Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes.
2016-11-14 12:47:24 -08:00
cee321323a
Better handle "mp_init_multi" failure in "wc_ecc_make_key_ex".
2016-11-14 12:38:01 -08:00
fa816f0460
Merge pull request #631 from dgarske/ecc_privkey_import_oid
...
Fix for "wc_EccPrivateKeyDecode" to handle custom curve OID.
2016-11-14 11:52:48 -08:00
047b6df1a2
Merge pull request #630 from JacobBarthelmeh/master
...
remove include of ec.h in ecc.c
2016-11-14 11:51:15 -08:00
ecc5fccf07
Merge pull request #628 from JacobBarthelmeh/Testing
...
revert AESNI padding and handle the case in aes.c
2016-11-14 11:50:35 -08:00
a2d29e4c71
Further improve the "wc_EccPrivateKeyDecode" to use the CheckCurve return code, which is the curve_id in the success case. Fixes scan-build warning.
2016-11-14 10:06:20 -08:00
07efd88e4d
Fix for "wc_EccPrivateKeyDecode" to handle custom curve OID.
2016-11-14 09:53:31 -08:00
dad628cb0d
remove include of ec.h in ecc.c
2016-11-14 10:03:19 -07:00
2023b65f4c
Make RSA CRT constant time
...
Identifying which part of the CRT failed, through timing, reveals
information useful to an attacker.
2016-11-14 08:57:28 +10:00
6d5485b88f
Fix to "mp_init_multi" so failure ensures a later "mp_clear" won't free on un-initialized pointer. Applies to !USE_FAST_MATH only. No measurable benchmark difference.
2016-11-11 20:03:58 -08:00
9b0d53ba50
Fixes from review
...
Remove ForceZero changes (better version in another pull request)
Remove SHA-224 APIs for FIPS (algorithm not avaialable in FIPS.
2016-11-12 09:52:07 +10:00
0b3d9cbccd
revert AESNI padding and handle the case in aes.c
2016-11-11 16:26:29 -07:00
cc303a3035
Merge pull request #623 from SparkiDev/ecc
...
ECC improvements/fixes
2016-11-11 12:53:12 -08:00
478f279b3c
Fix logic
2016-11-11 16:38:28 +10:00
abcd6af512
Disable SHA-224 in FIPS
2016-11-11 16:29:34 +10:00
9e81261f1e
Fixes
2016-11-11 16:11:16 +10:00
8a7bb3fad4
Z will be 0 not 1
2016-11-11 12:53:48 +10:00
71259113b2
ECC improvements/fixes
...
When checking for 1 actually check for 1 and not the digit count.
When checking for negative use a macro - for speed.
2016-11-11 12:41:25 +10:00
45983c3b32
Fix SHA224 enum in HMAC code
2016-11-11 12:17:32 +10:00
a0ee159fa5
Merge pull request #617 from JacobBarthelmeh/Compatibility-Layer
...
Compatibility layer
2016-11-10 11:47:42 -08:00
1aca9a6079
Fix for "wc_ecc_make_key_ex" if call to rng fails. Issue only applies to !USE_FAST_MATH case on failure response from call to "wc_RNG_GenerateBlock".
2016-11-10 11:39:29 -08:00
eb0de32aa2
Merge pull request #621 from JacobBarthelmeh/Testing
...
adjust alignment of arrays used for case with AESNI
2016-11-10 10:00:54 -08:00
fdfc177254
SHA224 implementation added
...
Added SHA24 implementation and tetss.
Added HMAC-SHA224 implementation and tests.
Added RSA-SHA224 and ECDSA-SHA224.
Added MGF1-SHA224
Added OpenSSL APIs for SHA224
Configuration option to enable SHA224 and it is on by default for x86_64
2016-11-10 15:52:26 +10:00
55401fceb8
adjust alignment of arrays used for case with AESNI
2016-11-09 15:03:26 -07:00
af44b2527a
Merge pull request #620 from JacobBarthelmeh/PKCS12
...
PKCS12 : visibility of structs and guards
2016-11-09 08:59:31 -07:00
e9cda7b93f
Merge pull request #619 from JacobBarthelmeh/ARMv8
...
ARMv8
2016-11-08 16:21:01 -08:00
fa48bca262
PKCS12 : visibility of structs and guards
2016-11-08 16:49:09 -07:00
c122558810
COMPAT. LAYER : fix missing return value and alignment
2016-11-08 14:16:02 -07:00
208f747a47
ARMv8 : add armv8-aes.c to EXTRA_DIST
2016-11-08 10:28:01 -07:00
d4b45c4299
Merge pull request #616 from moisesguimaraes/fixes-wolfcrypt-py
...
Fixes wolfcrypt py
2016-11-08 09:07:21 -08:00
5f6cf282b1
fixes include.am comments
2016-11-07 21:15:23 -03:00
88df983251
moves include.am into wolfcrypt-py folder
2016-11-07 21:09:08 -03:00
46dee9e792
ARMv8 : clang 32 bit build
2016-11-07 15:48:06 -08:00
668af9b32f
POLY1305 : clang 32 bit warning about macros
2016-11-07 15:28:30 -08:00
f7a951709f
COMPAT. LAYER : get SSL client random bytes
2016-11-07 13:21:35 -07:00
f06a392764
COMPAT. LAYER : DES set key and malloc/free
2016-11-07 13:21:05 -07:00
b50914f2c7
Drops 3DES and adds int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); for RSA blinding
2016-11-07 16:06:35 -03:00
08f6d23e84
moves wolfcrypt-py implementation to wrapper/python/wolfcrypt
2016-11-07 16:02:41 -03:00
68c43e4344
Merge pull request #615 from ejohnstown/dtls-verify-retry-fix
...
Fix dropped DTLS Hello Verify retransmit
2016-11-04 15:52:13 -07:00
70b227011d
Merge pull request #604 from JacobBarthelmeh/PKCS12
...
Pkcs12
2016-11-04 15:50:50 -07:00
c271806936
Merge pull request #614 from toddouska/scr-verify
...
add SCR client and server verify data check
2016-11-04 10:11:05 -07:00
ada2573009
Increment the expected handshake number if the call to the handhsake
...
message processing function is successful, but not if the handshake
message is the client_hello. Process client hello clears that counter
and incrementing it breaks the handshake. Fixes issue #612 .
2016-11-03 14:49:21 -07:00
87e3f45f52
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
356c3a37aa
Merge pull request #613 from JacobBarthelmeh/Testing
...
MODE : change source file mode back to 644
2016-11-03 13:16:59 -07:00
0839925797
PKCS12 : visibility, check on key match, sanity check on malloc
2016-11-03 11:14:29 -06:00
668e9a8e08
MODE : change source file mode back to 644
2016-11-03 10:08:13 -06:00
3780f452e8
Merge pull request #609 from JacobBarthelmeh/ARMv8
...
ARMv8 : clang build with ARMv8
2016-11-03 09:02:20 -07:00
8e0ab18924
Merge pull request #611 from cconlon/pkcs7
...
allow PKCS#7 to be compiled with AES disabled
2016-11-03 09:00:46 -07:00
9a735fc873
allow PKCS#7 to be compiled with AES disabled
2016-11-02 12:18:45 -06:00
d4b8320226
Merge pull request #606 from ejohnstown/dtls-pool
...
DTLS Pool Change
2016-11-02 10:54:53 -07:00
a3ea8378ec
Cap the size of the transmit and receive DTLS message lists at 255.
2016-11-02 09:15:05 -07:00
6f06b60bc0
ARMv8 : clang build with ARMv8
2016-11-01 13:38:01 -07:00
624ec3d492
Merge pull request #607 from cconlon/pkcs7
...
add AES content encryption support to PKCS#7 EnvelopedData
2016-11-01 12:03:24 -07:00
22c5e22698
Merge pull request #608 from JacobBarthelmeh/master
...
Option to disable RNG (WC_NO_RNG or --disable-rng). If RNG is disabled and building in crypto that makes calls to RNG functions the build will fail with linker undefined symbol errors.
2016-11-01 11:53:53 -07:00
ffe905afbf
Moved the checks for the new session ticket and certificate verify
...
messages from the change cipher spec handler to the sanity check
handshake message function. It provides support for DTLS missing
and duplicate messages.
2016-11-01 09:53:53 -07:00
3075269326
Replace the DTLS MsgPool for saving transmit handshake messages with
...
the DTLS MsgList.
2016-11-01 09:53:53 -07:00
3065bb2178
Merge pull request #588 from steweg/fix_dtls_retranmission
...
Adjust DTLS retranmission logic
2016-11-01 09:29:30 -07:00
70e7e34c87
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 10:21:29 -06:00
09c32de412
RNG : option to not use RNG
2016-10-31 16:51:02 -06:00
50464d4aef
gitignore PKCS#7 test files, delete on make clean
2016-10-31 14:46:03 -06:00
fa9a9175d0
add AES-256-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:45:57 -06:00
8c23c3cdd0
add AES-192-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:27:21 -06:00
17c184e720
add AES-128-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:27:14 -06:00
b686deecbe
PKCS12 : Add PKCS12 parsing
2016-10-29 13:12:26 -06:00
79cba75925
Merge pull request #603 from ejohnstown/aes-ctr
...
expand the AES-CTR test to 4 blocks for 192 and 256 bit cases
2016-10-28 13:52:50 -06:00
849ae72d3a
expand the AES-CTR test to 4 blocks for 192 and 256 bit cases
2016-10-27 15:54:22 -07:00
7ef037af0f
Merge pull request #602 from kaleb-himes/forums-support-case-user-sp
...
IAR compiler for ARM 7.70.2.11706 - unitialized warning
2016-10-26 20:04:02 -07:00
2122ee2eb5
IAR compiler for ARM 7.70.2.11706 - unitialized warning
2016-10-26 09:33:15 -06:00
59fdd98f1d
Adjust DTLS retranmission logic
...
This patch adjust DTLS retranmission logic
in order to avoid message floods between client
and server
2016-10-26 10:37:23 +02:00
703d504b58
Merge pull request #600 from kaleb-himes/scan-build-async
...
Check for sigLen size to resolve scan-build warning.
2016-10-25 11:08:14 -07:00
bc1fca5620
modified handler to return error on invalid condition post review
...
update
2016-10-25 11:07:35 -06:00
33ab901b3f
prevent allocation of size 0
2016-10-24 16:44:43 -06:00
b8aa335dd6
Merge pull request #598 from dgarske/ecc_cacheres_w_altsize
...
Fix for ECC with ALT_ECC_SIZE and cache resistance enabled
2016-10-17 15:01:43 -07:00
d2a6c6838e
Fix for ECC with !WC_NO_CACHE_RESISTANT and ALT_ECC_SIZE causing invalid mp_int*. An ecc_point with ALT_ECC_SIZE is "mp_int* x" vs. "mp_int x[1]". The resulting pointer for &M[0]->x is not valid in the ALT_ECC_SIZE case. This was found while testing ECC on a Cortex M4 (32-bit) and caused a hard fault.
2016-10-14 16:44:57 -07:00
2ecf7090ca
Merge pull request #595 from JacobBarthelmeh/Testing
...
static analysis : Fix warnings with wc_AesCcmSetKey
2016-10-12 11:27:29 -07:00
88a82f519e
Merge pull request #594 from JacobBarthelmeh/DTLS-MultiCore
...
session export : Increment DTLS export version with serialization cha…
2016-10-12 11:25:23 -07:00
ffb2a8ff12
Merge pull request #593 from JacobBarthelmeh/ARMv8
...
ARMv8 : sanity checks
2016-10-12 11:23:27 -07:00
11102b6726
Merge pull request #585 from NickolasLapp/master
...
Rename *Mutex Functions with wc_ prefix. Expose these functions for Stunnel.
2016-10-12 11:19:32 -07:00
9cf4d7ca8e
Merge pull request #584 from kaleb-himes/aes-gcm-bo
...
sanity check on memcpy and xorbuf
2016-10-12 11:18:03 -07:00
54c51ec4a0
static analysis : Fix warnings with wc_AesCcmSetKey
2016-10-12 10:02:53 -06:00
3c03aa453b
session export : Increment DTLS export version with serialization changes
2016-10-11 14:01:38 -06:00
86bf50ea70
Ensure dh->q is nulled on init and free
2016-10-10 16:21:30 -06:00
eb9161d8a7
ARMv8 : sanity checks
2016-10-10 15:08:59 -06:00
395972e6a8
Merge pull request #592 from cconlon/eccfix
...
fix ecc_check_privkey_gen() parameters with WOLFSSL_VALIDATE_ECC_IMPORT
2016-10-07 14:30:06 -07:00
ab966a72da
fix ecc_check_privkey_gen() parameters with WOLFSSL_VALIDATE_ECC_IMPORT
2016-10-07 14:14:50 -06:00
05fcbb001a
move sanity check and remove silent truncation
2016-10-06 15:01:16 -06:00
ef5f55f6e4
Optimize memory usage for ARM Cortex M and similar embedded systems ( #578 )
...
* Changed ge_precomp data to const to reduce RAM usage on embedded systems.
* Add configuration option "WOLFSSL_NRF5x" for Nordic nRF5x platform in settings.h
2016-10-06 12:49:14 -07:00
f4c654dd6e
Merge pull request #590 from JacobBarthelmeh/ARMv8
...
ARMv8 additions
2016-10-06 10:04:07 -07:00
4181b744ab
stunnel 5.36 requires des3. Enable by default
2016-10-05 13:17:26 -06:00
d07746de09
ARMv8 : Remove dependency on load
2016-10-05 11:02:51 -06:00
69483366fb
Fixes for fips compatibility
2016-10-05 10:20:13 -06:00
89aec2c565
Add cast for g++ compiler
2016-10-05 09:37:44 -06:00
21dd236ef2
ARMv8 : increase performance
2016-10-05 09:04:18 -06:00
1e028c3566
Merge pull request #589 from cconlon/ipproto
...
Wrap IPPROTO_SCTP use with WOLFSSL_SCTP in test.h
2016-10-04 19:48:32 -07:00
29cf90a425
protect IPPROTO_SCTP with WOLFSSL_SCTP in test.h
2016-10-04 16:42:53 -06:00
81a8ad0a48
Merge pull request #587 from ejohnstown/seq64
...
64-bit Sequence Number
2016-10-04 06:01:26 -07:00
1792eba1a2
Rename *Mutex Functions with wc_ prefix. Expose these functions for
...
Stunnel. Various other changes to enable stunnel compling
2016-10-03 16:36:05 -06:00
12ac0346f5
change magic numbers to constants, rename verify parameter of WriteSEQ() and subfunctions
2016-10-03 13:51:10 -07:00
a839b61e81
initialize temp sequence number
2016-10-02 13:02:20 -07:00
575785db3e
Fixes for DTLS sequence number checking.
2016-10-02 12:03:44 -07:00
ab371365b9
updated sequence number window
2016-09-30 17:02:05 -07:00
62d58a7084
updated session import/export for seq number
2016-09-29 23:09:42 -07:00
4522fa335e
Fixing DTLS for 64-bit sequence numbering
...
1. Simplify away the DtlsState record.
2. Adding in high order bits for the DTLS sequence number.
3. For DTLS, separated copying the sequence number from incrementing it.
2016-09-29 15:51:33 -07:00
a630fda509
Sanity check on memcpy and xorbuf
...
Sanity check on memcpy and xorbuf
2016-09-29 13:26:50 -06:00
1a7f1d3b26
Merge pull request #583 from JacobBarthelmeh/CSharp
...
C# Wrapper : TCP check connection termination
2016-09-28 16:31:29 -06:00
1ed06b53df
C# Wrapper : TCP check connection termination
2016-09-28 15:00:30 -06:00
6f4b704552
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 10:22:27 -06:00
be86308a33
Merge pull request #556 from danielinux/frosted-fix
...
Fix compilation on Frosted
2016-09-26 12:53:39 -06:00
124a8c0c1f
Merge pull request #582 from ejohnstown/lean-psk
...
Fixes for building the library for Lean PSK
2016-09-24 10:59:54 -06:00
af5d790aea
Merge pull request #581 from ejohnstown/tlsx
...
Fixes for building the library with a C++ compiler with TLSX enabled
2016-09-24 10:45:33 -06:00
8d1aa2238b
Fixes for building the library for Lean PSK
...
1. Needed to enable static PSK when using Lean PSK
2. Fixed complaints about unused variables.
2016-09-24 00:18:36 -07:00
5e852dc1a1
Fixes for building the library with a C++ compiler with TLSX enabled
...
1. Add many typecasts for malloc() data to proper pointer type.
2. Add many typecasts for constants in tertiary operators.
3. ECC to use local copy of wc_off_on_addr instead of extern copy.
2016-09-23 23:22:58 -07:00
5ec5b9b07d
Merge pull request #580 from JacobBarthelmeh/Testing
...
NTRU : warning of variable size as argument
2016-09-23 15:52:48 -07:00
02b3aa51bd
NTRU : warning of variable size as argument
2016-09-23 15:30:33 -06:00
fb01cf7e1b
Merge pull request #579 from ejohnstown/release-v3.9.10
...
Prepare release v3.9.10
2016-09-23 15:05:21 -06:00
6895803f2b
Prepare release v3.9.10
2016-09-23 12:19:24 -07:00
049956d852
Merge pull request #577 from kaleb-himes/fix-typos
...
Fixing typos
2016-09-23 12:18:23 -07:00
4fc0c6c646
fix unused parameter build time error
...
fix unused parameter build time error
2016-09-23 12:23:26 -06:00
3bd86d3f87
Fixing typos
2016-09-23 10:45:29 -06:00
91580552bc
ARMv8 : AES-GCM encryption speed ups
2016-09-23 10:20:52 -06:00
78246e0fc2
Merge pull request #575 from ejohnstown/fix-option
...
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 16:15:49 -06:00
98841e8b47
Merge pull request #576 from toddouska/dsa_zero
...
add dsa sign sanity check on r/s
2016-09-22 15:14:43 -06:00
e4b8e6a447
Merge pull request #574 from JacobBarthelmeh/Testing
...
Static Analysis : fix a warning of unused variable
2016-09-22 14:09:46 -07:00
d9163e4554
add dsa sign sanity check on r/s
2016-09-22 12:04:48 -07:00
ba6e2b1037
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 11:41:16 -07:00
c43fd150e9
Static Analysis : fix a warning of unused variable
2016-09-22 09:31:26 -07:00
18944dacbf
Merge pull request #573 from toddouska/dsa_pad
...
fix dsa pre padding
2016-09-22 09:42:23 -06:00
9e4e08d7a7
fix dsa pre padding
2016-09-21 18:51:11 -07:00
2368d49678
Merge pull request #572 from ejohnstown/pathlen
...
CA Certificate Path Length Checking
2016-09-21 14:36:24 -07:00
b8704d2dfe
Merge pull request #571 from toddouska/new_rng
...
Fix Jenkins build 389 single-threaded issue
2016-09-21 12:59:06 -07:00
74002ce66a
Add the new path length test certs to include.am.
2016-09-21 12:34:01 -07:00
ab887b88dc
Merge pull request #570 from ejohnstown/des3-disable-fix
...
Disable DES3 compiler warning fix
2016-09-21 13:25:00 -06:00
de81c81eae
Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled
...
and when AES is disabled.
2016-09-21 10:21:03 -07:00
489345f0d4
move CTX new_rng out of with certs block
2016-09-21 09:02:38 -07:00
95acd9c907
Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
2016-09-21 07:32:17 -07:00
a42bd30278
CA Certificate Path Length Checking
...
1. Check the path length between an intermediate CA cert and its
signer's path length.
2. Always decode the path length if present and store it in the decoded
certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
2016-09-20 21:36:37 -07:00
ef7183dcf7
delete redundant #else
2016-09-20 15:59:08 -07:00
d9862c1c1a
Merge pull request #569 from kaleb-himes/CUSTOMER_REQUEST
...
addition to previous customer request
2016-09-20 12:09:15 -07:00
65a7978dec
Merge pull request #567 from toddouska/rng
...
RDSEED enhancements
2016-09-20 12:09:01 -07:00
df1d8200ef
Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and DES3 are disabled.
2016-09-20 12:07:58 -07:00
67a112773e
fix secure renegotiation
2016-09-19 17:31:20 -07:00
21726d5ae4
64bit sequence tls proof of concept, dlts needs some work
2016-09-19 16:02:27 -07:00
4214f52d77
addition to previous customer request
2016-09-19 16:01:24 -06:00
0718aba655
fix comment typo
2016-09-19 13:28:14 -07:00
485d814aed
Merge pull request #563 from JacobBarthelmeh/ARMv8
...
ARMv8 : AES-GCM constraint fix
2016-09-19 09:30:08 -07:00
e0b8e55198
Merge pull request #553 from ejohnstown/disable-des3
...
Disable DES3 by default
2016-09-19 09:27:32 -07:00
b4b0b2433e
Merge pull request #555 from ejohnstown/autogen-tweak
...
Autogen tweak for git worktrees
2016-09-19 09:26:06 -07:00
4c295cd13d
Merge pull request #564 from kaleb-himes/CUSTOMER_REQUEST
...
Implement requested change from customer
2016-09-19 09:24:43 -07:00
1bab8822a9
Merge pull request #565 from ejohnstown/enable-ecccurveext
...
Enable the ECC Supported Curves extension by default
2016-09-19 09:24:05 -07:00
afd039d2e1
Merge pull request #566 from JacobBarthelmeh/master
...
Benchmark App : fixed some invalid set key sizes
2016-09-19 09:23:12 -07:00
6d73175b22
Benchmark App : fixed some invalid set key sizes
2016-09-17 15:07:38 -06:00
c51444bec5
update rdseed to 64bit get, more retries, fallback to /dev/urandom on failure
2016-09-16 18:54:47 -07:00
3f95bac55f
Merge pull request #562 from ejohnstown/pre-release3.9.9
...
Bump version for pre-release REDUX
2016-09-16 15:07:00 -06:00
67c7e7c8de
Implement requested change from customer
...
Implement requested change from customer
2016-09-16 14:38:33 -06:00
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
781e800486
1. Enable the extension ECC Supported Curves by default.
...
2. Force the extention disabled if ECC is disabled.
2016-09-16 13:26:56 -07:00
f755591316
ARMv8 : AES-GCM constraint fix
2016-09-16 19:43:47 +00:00
7a7f2fbe78
Bump version for pre-release.
2016-09-16 10:58:31 -07:00
ef0cd908ea
Merge pull request #557 from kaleb-himes/arduino-updates
...
fix distribution issue
2016-09-16 10:55:48 -07:00
c85b3b84d9
Merge pull request #554 from JacobBarthelmeh/ARMv8
...
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
2016-09-16 09:34:24 -07:00
03ebb4825e
Merge pull request #552 from toddouska/aesca
...
prevent compiler from optimzing out PreFetch Td4
2016-09-16 09:16:07 -07:00
14a7065f6e
fix distribution issue
2016-09-16 10:04:50 -06:00
b869641de6
Merge branch 'master' into frosted-fix
2016-09-16 11:46:01 +02:00
890bcde1cd
Don't include <sys/uio.h> when running on Frosted
2016-09-16 11:43:34 +02:00
4087f6904c
Treat project directory as in version control if .git is
...
either directory or file.
2016-09-15 16:09:27 -07:00
6d82cba29c
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
2016-09-15 22:50:00 +00:00
ef9c4bf5c9
Add client-ca.pem to the automake include for dist.
2016-09-15 15:38:41 -07:00
bad6be5c76
1. Updated sniffer to allow DES3 to be disabled.
...
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
2016-09-15 14:53:28 -07:00
e92f0e32b0
Undo making the ECC supported curves extension default to enabled.
2016-09-15 13:15:49 -07:00
78c0f98ea9
Merge pull request #551 from kaleb-himes/arduino-updates
...
Updates to make building for ARDUINO more intuitive
2016-09-15 13:01:42 -07:00
0ee7d7cc17
1. Add DES3 enable to full commit test.
...
2. Added DES3 to the list of FIPS prereqs.
2016-09-15 12:19:32 -07:00
e3bb4c29e2
Fix openssl.test with the lean-TLS option
...
1. Make new CA cert for test that is both client-cert.pem andr
client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
2016-09-15 11:39:30 -07:00
c1ac0c0f8c
Merge pull request #545 from ejohnstown/ems
...
Extended Master Secret
2016-09-15 11:25:41 -07:00
2d4757b446
Disable DES3 by default. Force it enabled when it is a prereq for
...
another option. (SCEP and PKCS7)
2016-09-15 11:23:36 -07:00
19434e285a
Update the resume test to rerun itself with the "-n" option to disable
...
extended master secret if the option is enabled.
2016-09-15 10:13:31 -07:00
8cdaa06127
prevent compiler from optimzing out PreFetch Td4
2016-09-15 10:02:30 -07:00
9d49fae600
Updates to make building for ARDUINO more intuitive
...
NO_INLINE not necessary, update README
2016-09-14 17:01:35 -06:00
01be5cdc07
Merge pull request #550 from toddouska/rsainit
...
make sure rsa rng is null on init
2016-09-14 16:31:07 -06:00
dc337946d5
make sure rsa rng is null on init
2016-09-14 14:33:08 -07:00
8b713adcfd
Extended Master Secret Peer Review Changes
...
1. Checked the returns on the hash functions in the sniffer,
return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
2016-09-14 13:43:02 -07:00
7410b5784f
Merge pull request #548 from toddouska/nocache
...
add WC_NO_CACHE_RESISTANT option for old code paths
2016-09-14 10:24:29 -07:00
e039fcefc0
Merge pull request #549 from JacobBarthelmeh/master
...
aes.c : check ILP32 macro defined
2016-09-14 09:58:19 -07:00
109642fef4
aes.c : check ILP32 macro defined
2016-09-14 09:33:48 -06:00
b6937626b4
don't require uneeded temp with WC_NO_CACHE_RESISTANT
2016-09-13 17:01:50 -07:00
7b3fc558ec
add WC_NO_CACHE_RESISTANT option for old code path
2016-09-13 16:45:15 -07:00
b77c350153
Merge pull request #547 from toddouska/mathca
...
Remove timing resistant cache key bit monitor leaks
2016-09-13 14:34:23 -07:00
05d78dc2ce
Merge pull request #544 from cconlon/rsafix
...
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-13 11:24:03 -07:00
46a0ee8e69
switch ecc timising resistant mulmod double to use temp instead of leaking key bit to cache monitor
2016-09-13 11:10:10 -07:00
0477d5379e
Merge pull request #546 from toddouska/aesca
...
AES T table cache preload.
2016-09-13 11:05:28 -07:00
6ef9e79ff5
switch timing resistant exptmod to use temp for square instead of leaking key bit to cache monitor
2016-09-13 09:13:39 -07:00
6ae1a14c9f
do aes cache line stride by bytes, not word32s
2016-09-12 21:09:08 -07:00
77cf700657
Update to allow resumption with session tickets and extended master secret.
2016-09-12 16:06:51 -07:00
c6256211d6
compress aes last round decrypt table, prefetch Td tables before aes decrypt rounds, prefecth compressed table before last round
2016-09-12 13:04:30 -07:00
97a64bcc7c
remove unique aes last round Te table, pre fetch Te tables during software aes encrypt
2016-09-12 12:03:37 -07:00
c1136a30e9
1. Enabled the extended master secret in the Windows IDE user_settings.h
...
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
2016-09-12 09:42:42 -07:00
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
a149d83bff
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-09 16:11:56 -06:00
68e48e84fd
Merge pull request #541 from toddouska/comp
...
detect server forcing compression on client w/o support
2016-09-09 13:00:22 -07:00
fc54c53f38
Merge pull request #543 from JacobBarthelmeh/ARMv8
...
ARMv8 : increase performance with SHA256
2016-09-09 10:23:44 -07:00
3ec66dd662
ARMv8 : sanity checks and change constraint type
2016-09-09 00:27:40 +00:00
bd3e40d2fc
Merge pull request #542 from JacobBarthelmeh/master
...
verify case with unexpected input
2016-09-08 16:07:28 -07:00
f4e604dec3
verify case with unexpected input
2016-09-08 15:32:09 -06:00
0c21d76ce3
detect client not sending any compression types
2016-09-08 12:06:22 -07:00
4fb1431727
Added support for the extended master secret extension to the sniffer.
2016-09-08 11:25:02 -07:00
79af4d30e0
ARMv8 : increase performance with SHA256
2016-09-08 18:00:24 +00:00
3e80d966d2
Merge pull request #540 from dgarske/fix_noprng_nosha2
...
Fix to allow disabling P-RNG and SHA256 with CUSTOM_RAND_GENERATE_BLOCK
2016-09-07 16:33:32 -07:00
3aefc42f04
have TLS server side verify no compression is in list if not using compression
2016-09-07 15:28:30 -07:00
f6b786cfb5
Updated the random.h source inline comments to clarify SHA256 and RC4.
2016-09-07 09:23:43 -07:00
baebec4ca4
Merge pull request #538 from JacobBarthelmeh/ARMv8
...
initial ARMv8 instructions
2016-09-07 09:20:14 -07:00
a5db13cd01
detect server forcing compression on client w/o support
2016-09-07 09:17:14 -07:00
8d6ea61a4f
Fix to allow disabling P-RNG and SHA256 when CUSTOM_RAND_GENERATE_BLOCK is used. Added inline documentation to describe RNG source options. Example: ./configure --enable-cryptonly --disable-hashdrbg CFLAGS="-DNO_SHA256 -DCUSTOM_RAND_GENERATE_BLOCK"
2016-09-06 16:42:53 -07:00
09b29cb1d4
ARMv8 AES: remove extra memcpy during encrypt/decrypt
2016-09-02 22:55:17 +00:00
33f24ebaa8
Merge pull request #537 from ejohnstown/ocsp-issuerKeyHash
...
OCSP Fixes
2016-09-02 14:57:07 -06:00
8e4ccd355c
refactor ALIGN16 macro to types.h
2016-09-01 21:24:03 +00:00
0f0e0ca9a5
add extended master to example client
2016-09-01 15:17:46 -06:00
88fab67804
add extended master unit tests
2016-09-01 15:15:17 -06:00
e4f527a332
initial extended master secret support
2016-09-01 15:12:54 -06:00
5bf8806655
add wc_Sha384/512GetHash() functions
2016-09-01 15:05:27 -06:00
41912b92c6
initial ARMv8 instructions
2016-09-01 18:10:06 +00:00
963b9d4c4d
OCSP Fixes
...
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
2016-09-01 09:58:34 -07:00
a0b02236b8
Merge pull request #527 from danielinux/master
...
Support for Frosted OS
2016-08-31 10:07:25 -06:00
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
e0a035a063
DTLS-SCTP Tests
...
1. Added a check to configure for SCTP availablility.
2. Added DTLS-SCTP to the cipher suite test.
2016-08-29 15:24:51 -07:00
de3f66b946
Merge pull request #515 from dgarske/cryptonly_static_mem
...
Added support for static memory with wolfCrypt
2016-08-29 15:23:28 -06:00
ddff90ea26
Fix duplicate declaration of "wolfSSL_init_memory_heap" (errors after rebase).
2016-08-29 11:50:43 -07:00
6a70403547
Fix for "not used" devId in benchmark.
2016-08-29 11:01:16 -07:00
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
05a35a8332
fix scan-build warning on the simple SCTP example server
2016-08-26 20:33:05 -07:00
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
6d5df3928f
SCTP-DTLS examples
...
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
2016-08-26 19:58:36 -07:00
bab071f961
1. Implemented the SCTP MTU size changes for transmit.
...
2. Simplified the MAX_FRAGMENT size when calling SendData().
2016-08-26 19:58:36 -07:00
a6c0d4fed7
1. Added missing -DWOLFSSL_SCTP to configure.ac.
...
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-26 19:58:36 -07:00
52e2f1a7ab
typecasts to clear static analysis warnings on SCTP examples
2016-08-26 19:58:36 -07:00
f3dca48e99
Fix polarity on the DTLS-SCTP check.
2016-08-26 19:58:36 -07:00
7b3255b5bb
1. Simplified the IsDtlsSctpMode() check.
...
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
2016-08-26 19:57:09 -07:00
c1970434d1
simplify the SCTP options
2016-08-26 19:43:52 -07:00
b7a35eabd2
Add simple SCTP example tools
2016-08-26 19:40:50 -07:00
ebbf5ec72b
add new options and accessors for SCTP
2016-08-26 19:40:50 -07:00
2d9b6cf27a
added SCTP to configure.ac
2016-08-26 19:40:50 -07:00
d7ac7af4b0
Merge pull request #532 from toddouska/sb-aiaddr
...
make sure static analysis realizes err_sys does exit()
2016-08-26 16:29:20 -07:00
930c692598
Merge pull request #535 from toddouska/ecc521-no64
...
fix normal math 16bit digit_bit for all ecc sizes
2016-08-26 14:59:01 -07:00
bd312cb766
Merge pull request #533 from dgarske/dg_fixes
...
Fixes for HMAC/small stack heap and disable RSA warnings
2016-08-26 14:30:55 -07:00
401463a983
Merge pull request #534 from dgarske/ecc_cust_fix
...
Fixed issue with "wc_ecc_set_custom_curve" function and ECC test improvements
2016-08-26 14:25:15 -07:00
efabbcf305
fix normal math 16bit digit_bit for all ecc sizes
2016-08-26 13:47:53 -07:00
bf23b2f9d1
Fix issue with "wc_ecc_set_custom_curve" function not setting index as "ECC_CUSTOM_IDX". Cleanup of the ECC tests to return actual error code (when available) and make sure keys are free'd. Some trailing whitespace cleanup.
2016-08-26 12:35:47 -07:00
925e5e3484
Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled.
2016-08-26 10:33:01 -07:00
86e889a7fa
only force exit() in all cases with gcc since we know noreturn attribute there
2016-08-26 10:20:58 -07:00
dd7f9b618d
make sure static analysis realizes err_sys does exit()
2016-08-25 12:23:57 -07:00
78ca9e7716
Merge pull request #482 from dgarske/async
...
Asynchronous wolfCrypt RSA and TLS client support
2016-08-25 10:06:18 -07:00
07345579ec
Merge pull request #531 from cconlon/distro
...
Add "--enable-distro" build option
2016-08-23 14:31:23 -07:00
a9278fe492
Added check for GetLength result in asn GetIntRsa function. Fixed return code in random.c for "wolfAsync_DevCtxInit" due to copy/paste error. Added RSA wc_RsaCleanup to make sure allocated tmp buffer is always free'd. Eliminated invalid RSA key type checks and "RSA_CHECK_KEYTYPE".
2016-08-23 11:31:15 -07:00
91ccf1bd86
do not enable ARC4 or sniffer in distro build
2016-08-22 15:33:45 -06:00
45c8ed1436
remove -X from ocsp stapling tests that are not external
2016-08-22 14:18:35 -06:00
ebba0efaa4
Merge pull request #528 from jrblixt/tests_api_develop
...
Added Functions to wolfSSL/test/api.c
2016-08-22 09:38:23 -07:00
1a94c0bbdd
add distro build option
2016-08-22 10:00:37 -06:00
6f0239441b
Merge pull request #530 from ejohnstown/dtls-ticket
...
DTLS and Session Ticket fix
2016-08-22 09:37:28 -06:00
a9935cbc28
Made changes found by Jenkins.
2016-08-19 10:23:55 -06:00
fa1989b729
fix building the new session ticket message for DTLS, take into account the additional header sizes
2016-08-18 17:51:25 -07:00
813a9b05b5
Clean up and Chris check added the changes.
2016-08-18 15:07:07 -06:00
f61c045e65
Changes to the Assert Macros used and added wolfSSL_CTX_use_certificate_buffer()
2016-08-18 10:03:33 -06:00
3d3f8c9dd3
Support for Frosted OS
2016-08-18 14:56:14 +02:00
b068eec96d
added wolfSSL_CTX_SetMinVersion
2016-08-17 14:41:37 -06:00
73089200bf
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into tests_api_develop
2016-08-17 14:12:43 -06:00
cddc771829
Added wolfSSL_SetMinVersion
2016-08-17 14:05:37 -06:00
584733b138
Chris looked at functions added for correctness.
2016-08-17 11:27:14 -06:00
65b2b14a0f
added test functions for wolfCrypt_Init and OCSP stapling v1 and v2
2016-08-17 10:32:03 -06:00
3e6be9bf2c
Fix in "wc_InitRsaKey_ex" for normal math so mp_init isn't called to defer allocation.
2016-08-15 14:07:16 -06:00
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
5347e32d63
Merge pull request #526 from toddouska/fm64-types
...
don't setup 64bit typedef with fastmath if not needed
2016-08-15 13:14:59 -06:00
d1d6571575
Merge pull request #525 from toddouska/session
...
add resume session string script check, make GetDeepCopySession stati…
2016-08-15 13:11:53 -06:00
527c375884
don't setup 64bit typedef with fastmath if not needed
2016-08-15 11:02:06 -07:00
d74fa8299a
add resume session string script check, make GetDeepCopySession static local and check reutrn code
2016-08-15 09:32:36 -07:00
b38218a0b9
Merge pull request #524 from kaleb-himes/certs-buffs-and-tests
...
cert updates, new buffers, new test with buffers
2016-08-14 08:39:37 -07:00
da18e463ed
remove constraints on inclusion of certs_test.h
2016-08-12 17:00:22 -06:00
03295ec6d7
update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test
...
changes from first review
move to 256 bit defines
2016-08-12 13:00:52 -06:00
7cf13f84b7
Merge pull request #522 from JacobBarthelmeh/master
...
help static analysis tools
2016-08-10 16:37:16 -07:00
b502d9dcf7
help static analysis tools
2016-08-10 14:23:27 -06:00
fd9f8125e3
Merge pull request #521 from dgarske/improve_inline_misc
...
Change misc.c error to warning when trying to be compiled and inline enabled
2016-08-09 13:09:20 -06:00
a8b2ced588
Merge pull request #519 from dgarske/fix_compat_wo_ecc
...
Fix for openssl compatibility without ECC
2016-08-08 13:46:58 -07:00
317a7f2662
Change misc.c error to warning and exclude the misc.c code from being compiled. Most people include all .c files and by default inlining is allowed, which in turn causes an #error in misc.c and it must be excluded. Since we know its already been properly included there is no reason to throw error here. Instead, show warning and exclude code in .c file.
2016-08-08 13:13:59 -07:00
b0e4acaac1
Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined.
2016-08-08 10:29:58 -07:00
76e8438059
Merge pull request #518 from dgarske/fix_build_w_callbacks
...
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-06 10:11:53 -07:00
49fb0d56b0
Merge pull request #516 from dgarske/fix_asn_wo_hmac
...
Fix build issue with ASN enabled and no HMAC
2016-08-06 10:07:00 -07:00
c8cfe1ffa1
Merge pull request #511 from dgarske/openssl_compat_fixes
...
Various improvements to support openssl compatibility
2016-08-06 09:59:31 -07:00
dd03af2cf4
Merge pull request #512 from dgarske/fix_crl_pad
...
Fixed issue with CRL check and zero pad
2016-08-06 09:56:59 -07:00
cc462e2c50
Merge pull request #513 from kojo1/Der2Pem
...
Adds "wc_DerToPem" CRL_TYPE support
2016-08-05 14:35:15 -07:00
d8c63b8e66
Various improvements to support openssl compatibility.
...
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
2016-08-05 14:15:47 -07:00
32b0303beb
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-05 14:06:58 -07:00
6b1ff8e9d7
Only try and return serial number or check padding if the serial number size is greater than 1.
2016-08-05 12:53:26 -07:00
a17bc2a42e
Fix build issue with ASN enabled and no HMAC (missing MAX_DIGEST_SIZE). Switch to using WC_MAX_DIGEST_SIZE from hash.h, which is always available. Added small stack option for digest in MakeSignature. Fixed build error with unused "testVerifyCount" if "NO_ECC_SIGN" or "NO_ECC_VERIFY".
2016-08-05 12:19:30 -07:00
eeb506b8c0
Merge pull request #514 from dgarske/fix_arm_cc_warn
...
Fixes for warnings when cross-compiling with GCC ARM.
2016-08-05 10:07:32 -07:00
96da2df7ec
Additional max index and serial number size checks in "GetSerialNumber".
2016-08-03 17:04:44 -07:00
2c1309ffc7
Fixes for warnings when cross-compiling with GCC ARM.
2016-08-03 16:53:53 -07:00
e01dcb671d
eliminate tail nl
2016-08-03 11:12:10 +09:00
ed4cd2438f
CRL_Type to wc_DerToPem
2016-08-03 10:53:54 +09:00
9ddfe93c43
Fixed issue with CRL check and zero pad (the GetRevoked function was not trimming pad). Added new ASN "GetSerialNumber" function and implemented it in three places in asn.c.
2016-08-02 16:47:21 -07:00
67d607324a
Merge pull request #509 from JacobBarthelmeh/Release
...
prepare for release 3.9.8
2016-07-28 18:47:39 -07:00
32c0b6d97a
prepare for release 3.9.8
2016-07-28 15:46:45 -06:00
dcc0f87ce6
Merge pull request #506 from toddouska/del_point
...
fix remaining non fpecc ecc_del_point w/o heap
2016-07-27 18:54:46 -06:00
303561c1a1
Merge pull request #505 from toddouska/timing
...
fix scan-build warning on ecc memory alloc failure
2016-07-27 15:52:01 -07:00
a94f34c8e2
fix remaining non fpecc ecc_del_point w/o heap
2016-07-27 14:24:34 -07:00
6cd4acbdba
Merge pull request #504 from dgarske/oid_unknown_fix
...
Fix for "OID Check Failed"
2016-07-27 14:16:04 -07:00
20c991717f
Merge pull request #503 from JacobBarthelmeh/mysql
...
change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2016-07-27 12:13:47 -07:00
7cf0b8fe85
fix scan-build warning on ecc memory alloc failure
2016-07-27 11:20:08 -07:00
b0e72dd692
Fix for "OID Check Failed". This restores behavior to what it was prior to commit "7a1acc7". If an OID is not known internally skip the verify and return success and the OID sum.
2016-07-27 10:39:42 -07:00
37b84abe0b
change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2016-07-27 09:36:16 -06:00
c834216cca
Merge pull request #501 from ejohnstown/key-usage
...
only check server's cert key encipher on client for RSA key exchange
2016-07-26 15:45:38 -07:00
0265b0f4bb
only check server's cert key encipher on client for RSA key exchange
2016-07-26 13:32:54 -07:00
993838153e
Merge pull request #487 from moisesguimaraes/fix-ocspstapling-getca
...
fixes ocsp signer lookup in the cert manager.
2016-07-26 12:42:47 -07:00
edbec4db20
Merge pull request #500 from dgarske/ocsp2_asn_fix
...
Fix for failing OID check with "ocspstapling2" enabled
2016-07-26 12:41:50 -07:00
242d26eba2
Merge pull request #488 from cconlon/sig_algo
...
leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined
2016-07-26 11:05:24 -07:00
c80f1805f0
Fix for failing OID check with "ocspstapling2" enabled. Found OID type in "ToTraditional" that should be keyType, not sigType. Added optional OID decode function and optional OID info dump in "GetObjectId" (both off by default).
2016-07-26 10:35:40 -07:00
5bb250583e
Merge pull request #499 from toddouska/timing
...
add --enable-harden swtich for timing resistance and blinding, on by …
2016-07-26 10:14:20 -07:00
fc6a5c0702
fix mcapi w/o harden
2016-07-26 09:06:46 -07:00
a274386693
fix user rsa no error codes?
2016-07-25 19:19:46 -07:00
51042e166f
fix mcapi with blinding API addition
2016-07-25 15:57:38 -07:00
cd5486a4e6
fix user_rsa with blinding API addition
2016-07-25 15:33:28 -07:00
ea683f493a
Merge pull request #498 from kaleb-himes/cert-updates
...
update certs pre-release: NTRU certs expired in mid june
2016-07-25 15:19:34 -07:00
16336e37ec
fix blinding with fips
2016-07-25 13:47:53 -07:00
88f847de90
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 13:24:36 -07:00
4121667586
update certs pre-release: NTRU certs expired in mid june
2016-07-25 13:05:52 -06:00
096e3f9b8b
Merge pull request #496 from JacobBarthelmeh/staticmemory
...
add helper functions for choosing static buffer size
2016-07-21 16:17:34 -07:00
e8f7d78fc4
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
b81e687bf3
Merge pull request #490 from JacobBarthelmeh/master
...
Static Memory Fixes
2016-07-20 20:27:03 -07:00
8f2af608a7
Merge pull request #492 from JacobBarthelmeh/staticmemory
...
set heap hint for ctx
2016-07-20 20:25:38 -07:00
e920e6cee0
Merge pull request #495 from toddouska/rng-redef
...
fix WC_RNG redeclare
2016-07-20 19:22:08 -07:00
2c92fee59f
fix WC_RNG redeclare
2016-07-20 17:18:58 -07:00
b265666174
Merge pull request #491 from toddouska/rsab-fixes
...
fix rsablind other builds
2016-07-20 15:22:19 -07:00
81526f8384
move wolfSSL Get RNG out of ifdef in header
2016-07-20 11:35:57 -07:00
1b980867d6
fix rsablind other builds
2016-07-20 11:35:57 -07:00
5d8a78be30
set heap hint for ctx
2016-07-20 11:47:36 -06:00
1f5b6d4e66
sanity check on buffer size
2016-07-20 11:44:22 -06:00
01ecc64052
avoid race condition with IO and handshake counter
2016-07-20 11:44:22 -06:00
17207ff61b
account for when FreeHandshakeResources is not called
2016-07-20 11:44:22 -06:00
8423ad0e96
Merge pull request #493 from dgarske/ecc_fixes
...
ECC fixes with Shamir disabled
2016-07-20 10:40:14 -07:00
e0f2bbd1b4
Added comment about why 0's test is disabled. ECC without Shamir fails with fast or normal math.
2016-07-19 19:12:45 -07:00
5e2502fa95
ECC without Shamir has issues testing all zero's digest, so disable this test if not using Shamir method. Fixed comment about "NO_ECC_SECP".
2016-07-19 14:34:32 -07:00
7a419ba6d8
Merge pull request #472 from dgarske/ecc_brainpool_koblitz
...
ECC and TLS support for all SECP, Koblitz and Brainpool curves
2016-07-19 11:44:53 -07:00
bdbf972d42
Merge pull request #486 from cconlon/openssl-script
...
openssl.test, switch -Verify to -verify to accomodate ADH cipher suites
2016-07-19 11:38:52 -07:00
32a2bd3863
Merge pull request #489 from toddouska/rsablind
...
Adds WC_RSA_BLINDING for RSA Private Operations
2016-07-19 09:03:09 -07:00
f88f501923
add unique RNG missing error
2016-07-18 18:10:38 -07:00
e866b55bb7
removes fallback.
2016-07-18 22:02:41 -03:00
1c71fb4ad1
scope tmpa/b with blinding, document RSA options
2016-07-18 17:37:03 -07:00
c2b55f69fa
fix 32bit mp_add_d need
2016-07-18 12:49:31 -07:00
d235a5f0cc
add WC_RSA_BLINDING, wc_RsaSetRNG() for RSA Private Decrypt which doesn't have an RNG
2016-07-18 11:57:47 -07:00
d3f7ddc486
leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined
2016-07-15 14:32:24 -06:00
dd329ac97b
fixes ocsp signer lookup in the cert manager.
2016-07-15 17:12:04 -03:00
e75642f011
openssl.test, switch -Verify to -verify to accomodate ADH cipher suites
2016-07-15 13:39:32 -06:00
c47f5f404c
Merge pull request #480 from toddouska/noecho
...
don't echo session id on blank ticket if we're going to create a new …
2016-07-15 13:12:27 -06:00
b1de4dcbbb
Merge pull request #481 from wolfSSL/fix_anon_cipher
...
Anonymous cipher fix
2016-07-15 13:05:32 -06:00
9a6f66a093
Merge pull request #484 from JacobBarthelmeh/master
...
add ARM 64bit type macro
2016-07-15 09:50:39 -07:00
aa9b1e964c
Fix for possible seg fault with anonymous cipher mode enabled. Do not perform signature/verify when using anon_cipher.
2016-07-14 15:58:35 -07:00
515bf5e135
add ARM 64bit type macro
2016-07-14 15:29:32 -06:00
c7b969b5b4
don't echo session id on blank ticket if we're going to create a new ticket
2016-07-13 18:45:10 -07:00
9a9a98ac82
Merge pull request #479 from toddouska/idlen
...
allow bogus client sessoinID of non 32 bytes with session ticket
2016-07-13 14:57:33 -06:00
5f21f93c61
allow bogus sessionID when ticket callback rejects ticket
2016-07-13 12:47:59 -06:00
c20551cc56
Merge pull request #478 from toddouska/flatten-fix
...
fix rsa flatten eSz check
2016-07-13 08:50:39 -07:00
7b76c3ab36
allow bogus client sessoinID of non 32 bytes with session ticket
2016-07-13 09:47:49 -06:00
b6aefad568
Merge pull request #477 from JacobBarthelmeh/master
...
remove hard tabs and replace with spaces
2016-07-12 16:31:13 -06:00
7a906e47ed
fix rsa flatten eSz check
2016-07-12 16:28:59 -06:00
97f60bc831
Merge pull request #476 from dgarske/fix_lpcxpresso
...
Fixes for LPCXpresso eclipse project
2016-07-12 15:23:09 -06:00
92341292c7
remove hard tabs and replace with spaces
2016-07-12 14:12:44 -06:00
8a20f7a909
Fix to exclude misc.c by default to eliminate #error about inline.
2016-07-12 13:07:08 -07:00
1c9f013c09
Include the .project and .cproject files in distribution. Fix issue with adding wolfssl to existing project, so the <name> is "wolfssl", not "lib_wolfssl".
2016-07-12 13:03:47 -07:00
1b149d3941
Merge pull request #474 from ejohnstown/dtls-ver
...
One last fix of the DTLS version numbers
2016-07-11 12:35:27 -07:00
3dc09ae0fb
one last fix of the DTLS version numbers
2016-07-08 17:20:56 -07:00
24ad3f7f3e
Merge pull request #473 from toddouska/ecc-timing-fix
...
Fix ecc timming missing variable. Fix fpecc thread local storage size with clang. Don't include comba includes if FP_SIZE is too small for index.
2016-07-08 15:08:58 -07:00
acc5389f9a
Fixed possible issue with OID pointer returned from "wc_ecc_get_oid" if "HAVE_OID_ENCODING" enabled. Was previously returning static pointer, which was shared for all OID's. Now uses cache for each OID, which also improves performance on subsequent calls to the same OID.
2016-07-08 14:22:21 -07:00
19db78fc76
Moved the ECC OID's into separate static const array to reduce ecc_sets size. Added "ecc_oid_t" typedef to determine "oid" size based on HAVE_OID_ENCODING option. Reduced the encoded variable size to word16.
2016-07-08 14:15:54 -07:00
8da8c87fa4
don't include comba includes if FP_SIZE is too small for index
2016-07-08 12:29:38 -07:00
c7318c8576
fix fpecc thread local storage size with clang
2016-07-08 12:01:52 -07:00
68d66d12d6
fix ecc timming missing variable
2016-07-08 11:57:24 -07:00
7a1acc7e56
Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance.
2016-07-07 10:59:45 -07:00
0f25ee703d
Merge pull request #468 from JacobBarthelmeh/master
...
option to use test.h without gettimeofday
2016-07-06 18:48:18 -07:00
5fbab0e6a7
option to use test.h without gettimeofday
...
revert parameter passed to current_time with TIRTOS
2016-07-01 16:57:49 -06:00
00cd0a3146
Merge pull request #471 from dgarske/fixdoubleinit
...
Remove double call to "wolfCrypt_Init()" in test.c
2016-06-30 19:32:52 -07:00
df87ee810f
Merge pull request #469 from cconlon/bug-fixes
...
update README with CU bug fix note
2016-06-30 19:31:58 -07:00
000f1a19e5
Merge pull request #470 from JacobBarthelmeh/Testing
...
sanity checks
2016-06-30 19:30:28 -07:00
dcdc28e014
Remove double call to "wolfCrypt_Init()" in test.c. Appears to have been added in static memory merge on 6/10.
2016-06-30 16:51:13 -07:00
8bba628f3f
sanity check in function GetInputData and when shrinking buffer
2016-06-30 13:42:38 -06:00
f194c216c0
Merge pull request #466 from JacobBarthelmeh/mutex
...
free ctx in case of InitMutex fail
2016-06-30 12:05:06 -07:00
cf522314ce
sanity checks
2016-06-30 11:41:22 -06:00
a2bd4719ee
update README with CU bug fix note
2016-06-29 16:54:25 -06:00
3f36a914da
remove cast from enum to int
2016-06-29 14:28:36 -06:00
c17830e5c7
Merge pull request #467 from dgarske/stdlib_macro_cleanup
...
Cleanup of stdlib function calls
2016-06-29 12:14:09 -07:00
5b3a72d482
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
eb072e0344
Merge pull request #463 from JacobBarthelmeh/master
...
update mysql port
2016-06-28 14:56:57 -07:00
981cf9cbcb
Merge pull request #462 from cconlon/bug-fixes
...
PemToDer Bug Fixes
2016-06-28 09:58:18 -07:00
0589fe0d39
free ctx in case of InitMutex fail
2016-06-28 09:29:28 -06:00
7da797dd4c
Merge pull request #464 from wolfSSL/revert-461-bio
...
Revert "Bio"
2016-06-27 14:50:50 -07:00
f18ff8bfa4
update mysql patch
2016-06-27 15:44:52 -06:00
ac6635593b
Revert "Bio"
2016-06-27 10:53:34 -07:00
9c7bea46d2
fix out of bounds read in PemToDer with 0 size der buffer, CU #4
2016-06-27 10:53:19 -06:00
92e501c8e4
fix possible out of bound read in PemToDer header, CU #3
2016-06-27 10:53:19 -06:00
2951e167b5
check return code of PemToDer in wolfSSL_CertManagerVerifyBuffer, CU #2
2016-06-27 10:23:22 -06:00
8fac3fffea
fix possible out of bounds read in PemToDer, CU #1
2016-06-27 10:23:22 -06:00
3a18b057d7
Merge pull request #460 from dgarske/DerBufMemcpyCleanup
...
Cleanup of DerBuffer duplication
2016-06-24 14:51:30 -07:00
fbef3c2523
Merge pull request #461 from JacobBarthelmeh/bio
...
Bio
2016-06-24 14:50:52 -07:00
49934a5c91
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-24 14:22:14 -06:00
d0e832bda9
change file name from compat-wolfssl to compat-wolfcrypt
2016-06-24 19:10:39 +02:00
033f308a08
change file name from compat-wolfssl to compat-wolfcrypt
2016-06-24 19:00:39 +02:00
19da114c0c
Merge pull request #454 from ejohnstown/dtls-version
...
DTLS Hello Verify Request Version Number
2016-06-24 08:44:55 -07:00
4215182945
fix macro error
2016-06-24 13:27:49 +02:00
0c43123a01
Fix BIO based on review
2016-06-24 10:54:58 +02:00
379af941a8
Merge pull request #459 from ejohnstown/aes-cmac-fixes
...
AES-CMAC Fixes
2016-06-23 22:10:26 -06:00
b0f7d819bd
Cleanup of DerBuffer duplication that was using memcpy still after refractor and should be direct pointer copy.
2016-06-23 18:14:22 -07:00
ffb537c33f
removed dependency on AES-NI for the AES-direct test
2016-06-23 15:34:09 -06:00
0d031fcbd7
added parameter checking to Generate and Verify
2016-06-23 15:34:09 -06:00
746ae2f4e5
Merge pull request #458 from JacobBarthelmeh/master
...
fix secure renegotiation build
2016-06-23 13:34:39 -07:00
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
02ef518a75
Merge pull request #456 from dgarske/FixEccCompKey
...
Fixes for ECC compressed keys
2016-06-22 14:47:42 -07:00
f6bbe845f5
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-22 09:14:53 -06:00
47c1f4e68f
Fix possible use of ForceZero with NULL pointer. Improve init of "kb" when small stack disabled, so memset isn't performed twice.
2016-06-22 07:22:30 -07:00
69db94d668
Fix build error for un-initialized "kb" variable when built with fixed point cache and small stack enabled.
2016-06-22 07:06:07 -07:00
d294dc363e
Fix scan-build warning with "redundant redeclaration of 'fp_isprime'". Changed "fp_isprime" and "fp_isprime_ex" to local static only. Also made "fp_gcd", "fp_lcm", and "fp_randprime" static functions.
2016-06-21 19:35:25 -07:00
1db880b6bf
Fixed issue with compressed keys and custom curves. The inLen adjustment for compressed curves was only be done for built-in curves.
2016-06-21 15:55:17 -07:00
dd52af0872
ECC cleanup / fixes. Improvements to ECC with fast math enabled to avoid mp_clear on stack variables. Refactor of ECC failure cleanup (fixes possible mem leaks with small stack enabled). Refactor of "fp_is*" response checks to use FP_YES or FP_NO. Pulled libtom enhancement/cleanup of fp_isprime. Fix for compressed keys import with custom curves (still having some issues though).
2016-06-21 15:27:51 -07:00
aa1a405dd1
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-21 14:06:02 -07:00
5fa80a2667
Merge pull request #455 from toddouska/version
...
bump dev version
2016-06-20 22:07:18 -07:00
f4473edfb1
bump dev version
2016-06-20 16:20:18 -07:00
335865a5b2
Merge pull request #447 from ejohnstown/dtls-retx
...
DTLS Retransmit Fix
2016-06-20 15:46:55 -07:00
79e2af8c15
Merge pull request #445 from ejohnstown/dtls-alert
...
DTLS bad MAC alert
2016-06-20 15:36:18 -07:00
a859cf189d
Merge pull request #443 from ejohnstown/new-ccm-suite
...
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
6d520e0da9
hello verify request handshake version number to match server hello version number
2016-06-20 11:08:45 -06:00
de4448c59b
Merge pull request #452 from dgarske/fixeccscanbuildwarning
...
Fixes scan-build warning in ecc.c line 2208
2016-06-20 09:09:21 -07:00
3789d9913c
Fixes scan-build warning "wolfcrypt/src/ecc.c:2208:6: warning: Use of memory after it is freed". This is due to a rebase issue with static memory changes after the new ECC custom curves changes. The precomp[] is init to NULL at top so cleanup can always be done at end (shouldn't be done in middle).
2016-06-18 22:35:52 -07:00
9173ecdc04
Merge pull request #450 from dgarske/NidFix
...
Fix for NID names on NIST prime 192 and 256 curves
2016-06-18 16:14:04 -07:00
eb1d8d5df6
Fix for NID names on NIST prime 192 and 256 curves. Cleanup of the memcpy/memset in .i files to use portable names.
2016-06-17 15:59:25 -07:00
ffee1eafd9
add test_bio.txt to .getignore
2016-06-17 16:20:54 -06:00
b8e00a3448
Merge pull request #449 from moisesguimaraes/fix-ocsp-stapling-tests
...
fixes ocsp stapling tests ignoring CRL
2016-06-17 15:16:39 -06:00
ea71814518
Merge https://github.com/wolfSSL/wolfssl
2016-06-17 13:58:53 -06:00
e8c4950a83
Merge pull request #446 from cconlon/cleanup
...
Remove unimplemented function prototypes
2016-06-17 12:57:55 -07:00
4fc07a2e9e
Merge pull request #415 from dgarske/customcurve-mathupdate
...
Support for custom ECC curves and math lib updates
2016-06-17 12:56:52 -07:00
db7aab5e37
fixes ocsp stapling tests ignoring CRL
2016-06-17 08:19:57 -03:00
16b85cee8f
Merge pull request #448 from cconlon/winfix
...
Fix windows example echoserver
2016-06-16 18:18:32 -06:00
a7c7407406
fix windows example echoserver
2016-06-16 16:39:18 -06:00
6da166d83b
Enhancement / cleanup of the "wc_ecc_make_key_ex" API so it can be used with "keysize" or "dp" and allows compatibility with existing "wc_ecc_make_key". Note: "wc_ecc_make_key_ex" was not previously public, so changing it at this point is okay.
2016-06-16 10:38:15 -07:00
d55663eaee
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 10:09:41 -07:00
69b6ac504f
Fixes for ecc heap errors after rebase.
2016-06-16 06:46:22 -07:00
8f3c56c03f
Fix where the last flight was getting retransmit on timeout notification.
2016-06-15 18:44:25 -07:00
31908b7263
remove unused protos for wc_Sha384Free and wc_Sha512Free, not impmlemented by ti-hash.c
2016-06-15 11:34:29 -06:00
3fec69d3f8
remove unused proto for wc_SetCertificatePolicies
2016-06-15 10:50:41 -06:00
237193fdee
Fixed scan-build warning about "len" being used un-initialized in ecc_mul2add. Cleanup of the "mu" variable handling.
2016-06-15 08:41:51 -07:00
7c5483ba0b
Performance improvements in fp_mulmod, fp_submod and fp_submod to handle ALT_ECC_SIZE better. Revert fp_clear to fp_add_d, since it isn't required and slows it down.
2016-06-15 08:41:51 -07:00
5703e5eadb
ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size.
2016-06-15 08:41:51 -07:00
bb17bac018
Updated the naming for the ECC curve sets. Additional comments for each curve parameter.
2016-06-14 16:56:22 -07:00
87c00eb3f3
Math updates from libtom. Fixes in mp_read_radix for to include char 36 and clear the destination before checks. Fix to clear tmp value on fp_sub_d and fp_add_d. Fixes in assembly for x86-32 INNERMUL, PPC32 INNERMUL and PROPCARRY and x86-64 SQRADD. Added mp_isneg. Refactor of mp_iszero, mp_iseven, mp_isodd and mp_isneg to check using MP_YES or MP_NO. Changed fp_read_unsigned_bin "b" arg to const. Removal of the "register" on stack variables to let compiler determine best optimization.
2016-06-14 16:56:22 -07:00
7a3cb23af9
Merge pull request #444 from JacobBarthelmeh/master
...
prepare for version 3.9.6
2016-06-14 15:51:01 -07:00
35f43f9216
In DTLS, if a mac or decrypt error is detected, just drop the datagram and don't send an alert
2016-06-14 14:36:08 -07:00
03de8e3464
prepare for version 3.9.6
2016-06-14 14:35:12 -06:00
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
2752f3f9c9
Merge pull request #442 from toddouska/mcapi-aes
...
fix mcapi aes size with heap
2016-06-11 12:52:59 -07:00
02985b16ac
fix mcapi aes size with heap
2016-06-11 09:29:20 -07:00
a156cedabc
Merge pull request #435 from JacobBarthelmeh/staticmemory
...
Staticmemory
2016-06-10 17:03:49 -07:00
707714dd38
threaded fixes with static memory
2016-06-10 15:35:02 -06:00
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
cbefaef6bc
Merge pull request #440 from toddouska/output-size
...
Output size
2016-06-10 11:33:31 -06:00
2bda6c6449
16 byte aligned static memory
2016-06-10 11:15:54 -06:00
620ea41191
Merge pull request #439 from kaleb-himes/update-cert-buffers
...
update certificate buffers per github issue #422
2016-06-10 10:08:25 -06:00
dede05db9e
Merge pull request #441 from dgarske/time_base64enc
...
Public "wc_GetTime" API and "configure --enable-base64encode"
2016-06-10 08:47:08 -07:00
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
b3068ffef5
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-09 16:26:39 -07:00
6551c9fcab
add getter for max output size
2016-06-09 14:51:07 -07:00
76d960c4c0
update certificate buffers per github issue #422
2016-06-09 13:47:33 -06:00
7943f68f2a
run allocation tool on ocsp and check for mallocs
2016-06-09 12:03:28 -06:00
367b519407
Merge pull request #424 from kojo1/MDK5
...
updated MDK5 projects
2016-06-09 10:47:04 -07:00
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
664d2190ba
session ticket extension fix with static memory heap hint
2016-06-08 10:50:20 -06:00
a2d7ba0dd9
add output size getter
2016-06-08 09:32:34 -07:00
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
c48db891d1
Merge pull request #433 from ejohnstown/aes-cmac
...
Aes cmac
2016-06-07 16:48:46 -07:00
c1c1990247
Merge pull request #437 from tisb-vikram/master
...
Enable ECC features for TI devices
2016-06-07 16:00:20 -07:00
57675dc51d
add ALT_ECC_SIZE for TI build to reduce memory usage
2016-06-07 14:05:35 -07:00
738373038b
clean up staticmemory with crl
2016-06-06 17:50:54 -06:00
e1edadafe1
ocsp with static memory, remove unused function
2016-06-06 16:19:33 -06:00
9f7e8a6f4b
Merge pull request #436 from JacobBarthelmeh/master
...
fix index to check for sperator value
2016-06-06 14:52:20 -07:00
4ba77a7059
add HAVE_SUPPORTED_CURVES to TI-RTOS wolfSSL configuration
2016-06-06 13:50:14 -07:00
db90594909
adjust pointer cast, ssl rng with fips and unused param
2016-06-06 14:32:49 -06:00
e085be9485
fix index to check for sperator value
2016-06-06 10:34:35 -06:00
a25df5b78e
Merge pull request #434 from toddouska/crlbuffer
...
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-06 09:01:25 -07:00
38d5480256
Merge pull request #432 from JacobBarthelmeh/DTLS-MultiCore
...
import / export of peer connection information
2016-06-06 08:51:24 -07:00
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
3f205d19f4
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-03 15:13:16 -07:00
d05754f9db
Merge pull request #404 from moisesguimaraes/wolfcrypt-py
...
wolfcrypt Python wrapper
2016-06-03 08:24:12 -07:00
7f71c526f6
adds python3 support
2016-06-03 10:37:41 -03:00
6736ffe10e
adds links to wolfssl.com
2016-06-02 22:08:57 -03:00
a76291c2e2
adds tox instructions
2016-06-02 21:38:34 -03:00
046b987324
callbacks for setting and getting peer ip/port/family
2016-06-02 09:23:12 -06:00
5be916e336
Merge pull request #403 from ejohnstown/dtls-fix
...
when dropping a DTLS message, drop the whole datagram
2016-05-30 17:26:25 -06:00
73328ac4bc
import / export of peer connection information
2016-05-26 16:26:08 -06:00
a4fa4d5253
Merge pull request #431 from JacobBarthelmeh/master
...
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-26 14:46:58 -07:00
806a0bbaa7
Merge pull request #430 from toddouska/sesstick_type_typo
...
fix dynamic type session ticket typos
2016-05-26 11:35:46 -07:00
61801e06df
add benchmark for AES-CMAC
2016-05-25 16:12:19 -07:00
1b9b7f52c9
1. Reformat a couple of #ifdefs around if(dtls) checks.
...
2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case.
3. DtlsCheckWindow only allows current epoch and last epoch.
4. ProcessReply only retransmits flight on a CCS out of sequence when
still retaining the handshake data.
2016-05-25 15:44:06 -07:00
5e1f06ce52
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-25 10:57:00 -06:00
669cdfc357
fix dynamic type session ticket typos
2016-05-25 09:47:54 -07:00
ae093ded8f
add standalone AES-CMAC generate and verify functions
2016-05-25 09:22:39 -07:00
5d67bb881e
fix memory leaks
2016-05-25 17:44:31 +02:00
bb754bb46a
Fix Win32 warnings
2016-05-25 13:49:06 +02:00
9bf4598772
use constant for Cmac type
2016-05-24 16:46:04 -07:00
dbfd5dffaf
added parameter checks
2016-05-24 11:21:06 -07:00
b3d068dc40
Merge pull request #418 from toddouska/dyntickets
...
Dyntickets
2016-05-24 11:00:14 -07:00
1d675ed1e6
Fix va_copy error for Win32 build and AES-NI segfault
2016-05-24 18:17:26 +02:00
c0cbc97b06
add AES-CMAC
2016-05-23 17:50:36 -07:00
07ce928bf3
adds installation testing with vagrant
2016-05-23 21:10:44 -03:00
04d5ca41df
adds --enable-Sha512 to make sure it is always present
2016-05-23 20:33:11 -03:00
9ab5ec4a36
Merge pull request #428 from dgarske/eccmathfixes
...
Fixed bug with "ecc_projective_add_point"
2016-05-23 11:46:54 -07:00
61f0af5cf3
Merge pull request #429 from dgarske/wolfcryptinit
...
Added missing wolfCrypt_Init() to wolfCrypt test application
2016-05-23 09:23:42 -07:00
ab1d6c91bf
fix errors (win32, met leak)
2016-05-23 13:46:26 +02:00
99b5aa587f
Fix errors (jenkins)
2016-05-23 11:11:57 +02:00
5eb7768d00
Added missing wolfCrypt_Init() to wolfCrypt tests.
2016-05-22 18:18:06 -07:00
15cd06b7ca
Fixed bug with "ecc_projective_add_point" that was not protecting the case where Q == R and using the R variable directly for the result. Now if Q == R then swap P and Q and using a local x,y,z, is only required when used with ALT_ECC_SIZE.
2016-05-22 17:31:36 -07:00
7c93912f1d
reject messages that are too far from the future
2016-05-22 16:10:47 -07:00
eb6153f028
Merge pull request #425 from shihrer/master
...
Fixed scripts/benchmark.test, replaced == with -eq
2016-05-20 14:49:43 -06:00
f369f8a434
Merge pull request #426 from jrblixt/master
...
Changes to date
2016-05-20 14:48:04 -06:00
ed4f67058a
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2016-05-20 21:51:13 +02:00
f1860d6263
Changes to date
2016-05-20 09:48:03 -06:00
fa94f5ffe9
Replaced == with -eq to fix benchmark.test scripting error
2016-05-20 09:43:30 -06:00
fcc0eb7a6a
fixes install instructions
2016-05-20 03:55:57 -03:00
217ccd8b6a
updated MDK5 projects for 3.9.0. Eliminated files for older versions
2016-05-20 13:32:23 +09:00
504081e602
Merge pull request #421 from ejohnstown/limit-country-code
...
Limit Country Name size
2016-05-19 16:05:15 -07:00
1bb5c48080
Merge pull request #423 from dgarske/bench-ecc-encrypt-decrypt
...
Added a benchmark for ECC encrypt/decrypt
2016-05-19 14:47:03 -07:00
c1507957c4
Added a benchmark for ECC encrypt/decrypt when enabled via "HAVE_ECC_ENCRYPT" or "--enable-eccencrypt --enable-hkdf".
2016-05-19 11:42:00 -07:00
bae0fe9b63
MakeCertReq() was not checking return codes correctly for the SetFoo()
...
functions.
2016-05-18 15:14:23 -07:00
5c8daa0ac6
1. SetName() should return error if country code isn't 2 bytes.
...
2. MakeCert() was not checking return codes correctly for the SetFoo()
functions.
3. Added error code for invalid country code length.
2016-05-18 15:04:40 -07:00
03e6f7cca3
RFC 5280 Appendix A.1 states that the Country Name in a certificate
...
shall have a size of 2 octets. Restrict country name length to 2 or 0.
2016-05-18 10:39:18 -07:00
b8c0802e3c
Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore
...
Dtls multi core
2016-05-17 17:39:18 -07:00
47a1dd8cc4
fixes install steps
2016-05-17 14:15:17 -03:00
9fe6ca3130
remove XSNPRINTF
...
add a full BIO client/server test
2016-05-17 17:49:30 +02:00
1b278edfd0
fix unused functions, make WOLFSSL first parameter, add comments
2016-05-16 23:48:26 -06:00
a000ee4db3
remove empty dirs
2016-05-16 22:17:09 -03:00
dc080694b4
reorder installation steps
2016-05-16 21:55:31 -03:00
2851f7d6a1
remove unnecessary dependency
2016-05-16 20:37:42 -03:00
2a0adc74a0
fixes wrapper path
2016-05-16 20:13:26 -03:00
347d80e879
removes folders from include.am
2016-05-16 15:49:32 -03:00
40cf30a13d
adds .gitignore to include.am
2016-05-16 15:31:51 -03:00
4017e0f8dd
fix BIO issues :
...
- remove unrequited tests
- fix compilations for lighty, stunned, openssh
- wc_BioGetAcceptSocket IPv4 / IPv6 support
- remove <stdio.h> from bio.h
- add NO_STDIO_FILESYSTEM for BIO_printf
- memset -> XMEMSET
- strlen -> XSTRLEN
2016-05-15 20:22:19 +02:00
d76d74d6c5
updates Linux deps on README
2016-05-15 15:08:16 -03:00
c8576566cc
add public wolfSSL_dtls_export and api tests
2016-05-14 12:49:09 -06:00
185e60ad19
based on pr#316; turns isDynamic ticket off on some failure cases, move an XFREE out of a Lock that isn't required
2016-05-13 14:11:46 -07:00
1ea01a7ad8
Merge branch 'master' of https://github.com/NickolasLapp/wolfssl into dyntickets
2016-05-13 09:07:55 -07:00
3897f78073
truncated hmac export and sanity checks
2016-05-13 09:11:38 -06:00
67ab30088b
Merge pull request #416 from dgarske/mathmemleakfix
...
Fix mem leak with fast math disabled due to recent ecc_projective_add_point changes
2016-05-12 15:23:19 -07:00
2ad9d41641
Performance improvement for fast math mp_clear to use fp_zero (memset) instead of fp_clear(ForceZero). Added new mp_forcezero function for clearing/free'ing sensitive private key data. Changed ECC and RSA to use mp_forcezero to explicitly handle private key clearing.
2016-05-12 11:50:34 -07:00
8d66ba2923
refactor export/import of cipher specs struct
2016-05-12 10:06:15 -06:00
fbf39a761a
refactor export/import of key struct
2016-05-12 09:23:38 -06:00
f9ce2f2677
verify cipher suite is valid on import
2016-05-12 09:09:07 -06:00
39833768cf
Merge pull request #417 from toddouska/stdio
...
make sure stdio.h can be swtiched off if not available
2016-05-11 14:55:05 -07:00
cc16a543dd
make sure stdio.h can be swtiched off if not available
2016-05-11 10:11:25 -07:00
440956f8d4
Fixed new issue with ecc_projective_add_point not free'ing the local x, y, z if fast math was disabled. Formatting cleanup in integer.c.
2016-05-11 08:47:30 -07:00
3bff6f10e3
Merge pull request #411 from dgarske/mathfixes
...
Math fixes
2016-05-10 14:45:20 -07:00
8c45cb1938
add DTLS session export option
2016-05-10 13:27:45 -06:00
2fb4506922
iFixes to FP_MAX_BITS_ECC calculation. Alignment check against digit_bits is based on max ecc bits times two. If alignment check fails we add a digit_bit to make sure we have enough room.
2016-05-10 12:20:39 -07:00
9659505260
updates python docs
2016-05-09 18:46:01 -03:00
d71d0f2cb4
Fix with fast math disabled so ecc_projective_add_point uses temp local variable for x,y,z result.
2016-05-09 13:29:25 -07:00
412141198e
drops 'import about' requirement
2016-05-09 15:25:18 -03:00
8f6352725a
Fixed math for FP_MAX_BITS_ECC calculations. Error in alignment check. Altered non-aligned formula to be (max bits * 2) + digit, then 8-bit aligned. Cleanup of the example user_settings.h.
2016-05-09 10:34:37 -07:00
8c9b8a596a
Fixed calculation of max ECC bits with ALT_ECC_SIZE defined so it only allocates what is required. For 8-bit aligned curve sizes its double the max bits. For un-aligned curves sized, like ECC521, its 521 8-bit aligned, doubled, plus digit bit.
2016-05-09 09:51:11 -07:00
44b1f98b39
Fixed issue with ALT_ECC_SIZE and default value for FP_MAX_BITS_ECC so its based on max enabled ECC curve bits.
2016-05-09 09:51:11 -07:00
880b2e454b
Refactor of the ecc_projective_add_point and ecc_projective_dbl_point functions to eliminate duplicate versions. Modified new single functions to work with normal, fast and alt_ecc_size math options. Careful use of mp_clear to retain original performance.
2016-05-09 09:51:11 -07:00
fe58db2a07
Fixed typo with new "eccshamir" configure option.
2016-05-09 09:51:11 -07:00
1b602d783c
Fast math correction of "sizeof" to use (). Updates to tfm and ecc comments.
2016-05-09 09:51:11 -07:00
5cbc4bdf29
Added new "WOLFSSL_DEBUG_MATH", which enables use of "mp_dump" to display information about an mp_int.
2016-05-09 09:51:11 -07:00
a4782fcf01
Fix in fast math version of ecc_projective_dbl_point to use a local for x,y,z since ecc_point fp_int's are reduced size and cause math issues with ALT_ECC_SIZE enabled. Added local stack variable cleanups for ecc_projective_add_point.
2016-05-09 09:51:11 -07:00
0ddbe0e60e
Enhancement to RSA math function "_fp_exptmod" (non timing resistant version) to support WOLFSSL_SMALL_STACK, which moves the allocation of the 64 fp_int's from the stack to the heap.
2016-05-09 09:51:11 -07:00
fa5dd01001
Fixes/improvements to the wolfCrypt ECC tests. Fixed bug with sharedA/sharedB being too small when BENCH_EMBEDDED is used and curve size over 256 bit. Added error message for ECC test failures, to show the curve size used. Fix to wc_ecc_verify_hash test to use digest that is not all zeros as that doesn't work correctly for non-Shamir ECC math. Changed return code for wc_ecc_check_check so its unique.
2016-05-09 09:51:11 -07:00
a5d27853fa
Fixes to fp_mul and fp_div to clear any excess digits on the destination. Added compile-time check to confirm FP_SIZE is compatible with TFM_ acceleration defines enabled. Updated comments in other places where excess digits are cleared.
2016-05-09 09:51:11 -07:00
7c3fbd7644
Fix for fp_copy() when used with ALT_ECC_SIZE so any excess digits on the destination that we didn't write to are set to zero.
2016-05-09 09:51:11 -07:00
9001036e09
Fixes memory leak in the wc_RsaFunction if failure happens when using normal math (not fast math) and RSA_LOW_MEM is not defined.
2016-05-09 09:51:11 -07:00
9f0fa7500f
Added configure "--disable-eccshamir" option.
2016-05-09 09:51:11 -07:00
f438e7ac65
Fix for Fedora 32/64
2016-05-09 08:13:17 +02:00
03b571cde4
fix some bugs, add Windows support
2016-05-07 21:12:08 +02:00
ecba5161ac
default copyInto static instead of dynamic
2016-05-06 13:15:21 -06:00
1c664ae710
Merge pull request #412 from cconlon/netRandom
...
add support for Whitewood netRandom
2016-05-06 07:31:18 -07:00
3449990374
add example netRandom config file
2016-05-05 15:34:52 -06:00
8f3e1165a1
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
ee21d33794
Merge pull request #407 from wolfSSL/embOS-port
...
embOS port
2016-05-05 13:27:27 -07:00
4df12e1bd5
Add note for users about embOS directory
2016-05-05 12:29:20 -06:00
e5f1ad5702
Merge pull request #410 from kaleb-himes/master
...
update version to 3.9.1
2016-05-05 10:59:05 -07:00
6b8c6cebc7
Merge pull request #409 from dgarske/rowleyfixes
...
Rowley Crossworks updates/fixes
2016-05-05 11:49:46 -06:00
726703e903
Added details on RTC oscillator startup delay and implemented a delay_us function. Added information about NO_INLINE and USE_SLOW_SHOW to example user_settings.h. Moved the USE_SLOW_SHA2 into the SHA512 area.
2016-05-05 09:43:11 -07:00
b0c23ceafa
fixes about
2016-05-05 12:48:47 -03:00
5d1de3bb33
One file for all BIO functions in wolfcrypt
...
move required functions from wolfssl to wolfcrypt
add client/server tests for BIO
2016-05-05 12:58:21 +02:00
5ee0659e1b
Rowley Crossworks updates/fixes. Fixed issue with the RTC init for scenario where TIF is set. Added support for HW RNG only by providing reference custom_rand_generate_block. Updated kinetis_hw.c comments about serial ports on boards. Updated the stack/heap settings. Updated the user_settings.h with a well documented and configurable reference.
2016-05-04 23:11:08 -07:00
9e9fd24d68
updates metadata; drops py26 tests
2016-05-04 21:38:27 -03:00
ca2f0af2e4
Make suggested changes from first review
...
Add changes to the example user settings noted by david
missed .dep files, exclude these as well
.dep files are necessary
rebase
2016-05-04 17:28:19 -06:00
3e19316f8a
update version to 3.9.1
2016-05-04 16:45:51 -06:00
f9f9546d0e
Merge pull request #408 from cconlon/header-fix
...
fix aes_asm.asm header format
2016-05-04 14:38:23 -07:00
84651e97d3
Merge pull request #405 from dgarske/memtrackdebug
...
Memory tracking cleanup and new debug memory option
2016-05-04 14:01:37 -07:00
41d19b49ae
Remove WOLFSSL_TRACK_MEMORY
2016-05-04 14:09:45 -06:00
6e26cac686
Reworking directories and simplify README
2016-05-04 13:03:05 -07:00
822d71431e
Moved mem_track.h into wolfssl/wolfcrypt. Added new WOLFSSL_DEBUG_MEMORY option. Added documentation for using mem_track and new debug memory option.
2016-05-04 10:04:38 -07:00
ab53d732ce
Merge pull request #398 from JacobBarthelmeh/master
...
update to MYSQL compatibility
2016-05-04 09:10:39 -07:00
1b5ed7fb09
Merge pull request #406 from cconlon/starttls
...
fix type comparison on 32bit for starttls
2016-05-04 09:06:46 -07:00
8176c74b3e
Merge branch 'embOS-port' of https://github.com/wolfssl/wolfssl into embOS-port
2016-05-04 08:57:06 -07:00
197672d4fc
define KEEP_OUR_CERT to set keeping ssl certificate
2016-05-04 09:05:11 -06:00
d91ec3ce77
fix aes_asm.asm header format
2016-05-04 09:02:50 -06:00
d184f8b1aa
wolfSSL embOS port Initialize
...
self-review complete
Removed autogenerated files
2016-05-03 17:09:55 -06:00
4b16600011
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
b2325aad6d
option to keepCert for ssl lifetime, refactor of ourCert process
2016-05-03 09:22:16 -06:00
d1ab51e10f
maintain lighttpd port
2016-05-03 09:22:16 -06:00
05e56b75f6
scan-build, valgrind issues and fix issue with ExtractDate, struct tm
2016-05-03 09:22:16 -06:00
38bbd41f99
add EDH-RSA-AES256-SHA, used in one mysql test
2016-05-03 09:22:16 -06:00
bd4e8ac714
cipher name string format
2016-05-03 09:22:15 -06:00
6613ebb642
persistant X509 struct with ssl session
2016-05-03 09:22:15 -06:00
f88d82375e
add function wolfSSL_ASN1_TIME_to_string
2016-05-03 09:22:15 -06:00
f19541ffe5
update to MYSQL compatibility
2016-05-03 09:22:15 -06:00
3181731404
adds docs
2016-05-03 00:49:56 -03:00
f9ab61db5d
Merge pull request #402 from cconlon/starttls
...
use send/recv instead of write/read with STARTTLS
2016-05-02 17:19:50 -07:00
ddcf47eadd
when dropping a DTLS message, drop the whole datagram
2016-05-02 15:18:08 -07:00
a94383037c
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 14:36:59 -06:00
52d6fb575b
Merge pull request #395 from cconlon/starttls
...
add STARTTLS support to example client
2016-04-29 14:24:08 -07:00
69ac477976
updates docs template
2016-04-29 16:25:53 -03:00
1efd1343ee
initial docs
2016-04-29 16:13:38 -03:00
89f15f9393
Merge pull request #400 from ejohnstown/dtls-sanity-check
...
Fixes DTLS sanity check and bug with DTLS timeout notification deleting the peer's received msg list.
2016-04-29 11:55:40 -07:00
00737d1e82
Ensure that tmpBuff gets assigned null after free.
2016-04-29 09:45:44 -06:00
1bd65cc8a9
First version for OpenSSL BIO compatibility
2016-04-29 16:34:11 +02:00
0a1212924e
Merge pull request #401 from cconlon/warning-fixes
...
fix visual studio code analysis warnings
2016-04-28 16:45:08 -07:00
46addfb130
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
78e62eddd7
fix visual studio code analysis warnings
2016-04-28 13:08:50 -06:00
2f05c96004
added braces to else clause for compiler warning differences
2016-04-28 11:33:29 -07:00
e0c7739fd6
fix bug with non-blocking DTLS where the stored peer messages were deleted after a timeout
2016-04-28 10:50:51 -07:00
0511c8cac8
delay check of DTLS handshake message's RH version until the handshake header check
2016-04-28 10:50:51 -07:00
7123b080ed
fix issue with missing client key exchange and duplicate change cipher spec messages.
2016-04-28 10:50:51 -07:00
66d41eee36
updates python README
2016-04-28 13:36:41 -03:00
d8309ab624
adds python ignored files
2016-04-28 13:26:59 -03:00
7e661ab866
importing wolfcrypt-py repo
2016-04-28 13:20:10 -03:00
a54b0f9d0c
Merge pull request #397 from lchristina26/master
...
VxWorks updates: add pthreads define
2016-04-26 18:17:56 -07:00
b2af02a783
Merge pull request #383 from kojo1/MDK5
...
fixes for MDK5 compiler
2016-04-26 16:11:59 -06:00
8f8f4129fd
VxWorks updates: add pthreads define
2016-04-26 09:36:01 -06:00
ccee49978b
Fix scan-build warning
2016-04-25 11:00:56 -06:00
1c9bf483ec
Reorder check for thread modified in addSession. Make sure tick assigned
...
correctly in non dynamic case
2016-04-25 11:00:56 -06:00
5f12b4c2ae
Add check to see if thread modified session in AddSession
2016-04-25 11:00:56 -06:00
5f9c1ffca6
Initial support for deep copying of session
2016-04-25 11:00:42 -06:00
f27aca0956
Remove redundant dynTicket pointer. Reorder struct for packing/alignment
2016-04-25 11:00:31 -06:00
cc56e1da48
Merge pull request #393 from JacobBarthelmeh/RSA-min
...
use short for RSA min key size and check casts
2016-04-22 13:56:59 -07:00
5abeeff919
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
77a9343973
use short for RSA min key size and check casts
2016-04-22 12:56:51 -06:00
1e821dbd59
Merge pull request #394 from cconlon/sigalgo
...
Omit NULL parameter in AlgorithmIdentifier encoding for ECDSA OIDs
2016-04-22 11:37:17 -07:00
70aa4a99a0
Merge pull request #390 from JacobBarthelmeh/ECC-min
...
minimum ECC key size check at TLS/SSL level
2016-04-22 11:33:43 -07:00
0eb59d5c35
Fix rand num generation on MacOS, Improve organization with tic storage
2016-04-22 10:35:44 -06:00
c8b20d9090
Add support for dynamic session tickets, add openssl.test to testuiste
2016-04-22 10:35:44 -06:00
27814ca1df
omit NULL AlgorithmIdentifier parameter for ECDSA algoOID types in SetAlgoID
2016-04-21 14:32:28 -06:00
1dac3841ca
change type to short for comparision and up default min size
2016-04-20 15:44:45 -06:00
86cbabf035
Merge pull request #392 from wolfSSL/aesni-update
...
AES-NI Update
2016-04-20 14:27:52 -07:00
ee8ec1fb1d
Merge pull request #391 from JacobBarthelmeh/master
...
update oid value for secp160r1
2016-04-20 09:02:50 -07:00
659d6c0689
update oid value for secp160r1
2016-04-19 17:01:39 -06:00
3129bb22cd
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
73c830a576
Merge pull request #388 from JacobBarthelmeh/master
...
fix NID name in openssl compatibility
2016-04-19 13:57:33 -07:00
117231c0e3
Merge pull request #387 from JacobBarthelmeh/RSA-min
...
add check for min RSA key size at TLS/SSL level
2016-04-19 13:57:26 -07:00
e0a9b365cc
fix NID name in openssl compatibility
2016-04-19 13:17:32 -06:00
789f346c5f
follow verifyNone variable when checking key size
2016-04-19 10:23:01 -06:00
0eb57ccab0
set return error before jumping to end of function
2016-04-18 14:27:34 -06:00
0dbdc8eab0
Merge pull request #372 from dgarske/mingwfixes
...
MinGW fixes
2016-04-18 12:50:13 -07:00
09e4e13958
update comment about MinGW
2016-04-18 12:14:47 -06:00
e15aca4189
static and shared library with MinGW
2016-04-15 16:04:15 -06:00
3ce01192ac
Merge pull request #384 from tisb-vikram/master
...
enable aesgcm and alpn support in TI-RTOS/WolfSSL configuration
2016-04-15 14:56:56 -06:00
72bfc2aa09
Merge pull request #382 from JacobBarthelmeh/master
...
build with asn disabled and opensslextra enabled
2016-04-15 10:12:52 -07:00
8cf57845ff
Merge pull request #386 from JacobBarthelmeh/RSA-fix
...
fix check on RSA key size
2016-04-14 17:53:26 -07:00
1e766b23cf
check return value of ping.test
2016-04-14 14:42:01 -06:00
c9891567e8
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
4506839c6d
back out last commit. it was a pain to use.
2016-04-14 11:57:42 -07:00
526606e42f
added conditional assembly for the intel-format AES_NI decrypt procedures
2016-04-14 11:30:10 -07:00
5340ea0d79
fixed a missing operand swap in the AES-CBC decrypt by 6
2016-04-14 10:47:14 -07:00
f998851642
fix check on RSA key size
2016-04-14 09:33:25 -06:00
cab1ebf2d6
move MDK5 current_time to test.h
2016-04-14 18:47:16 +09:00
98dffc070a
current_time in test.h
2016-04-14 18:32:33 +09:00
35c5353698
fixed current_time argument
2016-04-14 16:26:51 +09:00
6f51c2a8f8
1. Fix bad opcode mnemonics in the intel-format source listing.
...
2. Update the aes.c file to call both format assembly routines the same
way.
2016-04-13 16:42:58 -07:00
c34944e389
added intel-format translations of new att-format AES-NI decrypt routines
2016-04-13 16:02:18 -07:00
9781fa3dc9
relabel jump points in new code with D (decrypt) mnemonics rather than E (encrypt)
2016-04-13 15:51:19 -07:00
d0717c7b76
Merge pull request #385 from cconlon/freertos-fix
...
Fix typo in FREERTOS_TCP settings.h
2016-04-13 13:28:04 -07:00
57fce85531
modify AES-CBC with AESNI test to check all key sizes for each message size checked
2016-04-13 12:18:59 -07:00
13f002f186
only compile in the AES-CBC decrypt-by-size variant selected by define, default by 8 blocks at a time
2016-04-13 12:00:53 -07:00
451fd878f9
touching whitespace in assembly routines being touched right now
2016-04-13 11:48:25 -07:00
d5df119c65
fix typo in FREERTOS_TCP settings.h
2016-04-12 15:03:34 -06:00
c7ad33e5d4
enable aesgcm and alpn support in TI-RTOS/WolfSSL configuration
...
These macros enable the AES GCM cipher suites and application layer
protocol negotiation in the TLS layer. Adding these macros would
allow connecting to websites with higher security requirements and
also support newer web technologies like HTTP/2 but the drawback is
that they add ~2K increase in memory footprint. Applications not
requiring these features can comment the macros and rebuild the
library to get smaller footprint.
Signed-off-by: Vikram Adiga <vikram.adiga@ti.com >
2016-04-12 12:25:32 -07:00
8524afc56a
1. Rename routine AES_CBC_decrypt_ex as AES_CBC_decrypt_by8
...
2. Added routine AES_CBC_decrypt_by6 that does six at a time.
3. Setting HAVE_AES_DECRYPT_BY6 or _BY8 (or not setting it) selects
the 6, 8, or 4 way version of the assembly routine.
4. Modified AES-NI decrypt test to loop checking against the test
bolus from 1 AES block to the whole 24 blocks.
2016-04-12 10:10:55 -07:00
cfd5af341b
fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler.
2016-04-12 11:05:30 +09:00
4d38813b0c
Merge pull request #381 from kaleb-himes/scan-build-psk
...
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 14:52:38 -06:00
1b7cd5cb06
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
23ab4247ea
build with asn disabled and opensslextra enabled
2016-04-11 11:56:30 -06:00
c6e9021732
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
85505b99b9
Merge pull request #380 from cconlon/utasker
...
uTasker Port
2016-04-08 15:08:39 -07:00
7a0f8672e7
Merge pull request #375 from dgarske/stm32hashfixes
...
Fixes when using the STM32 with STM32F2_HASH defined.
2016-04-08 15:04:46 -06:00
698b1cc7dc
update benchmark to show AES-CBC decrypt speed
2016-04-08 13:33:41 -07:00
b75dc127f3
1. Attempting to perform 8 AES-CBC decrypt operations simultaneously.
...
2. Added code to test large AES-CBC decrypts.
2016-04-08 11:53:40 -07:00
c6e4fb8cf8
Merge pull request #378 from JacobBarthelmeh/Testing
...
autoconf checks on some builds that break, macro for no server, and u…
2016-04-08 11:01:46 -07:00
993972162e
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-08 11:48:14 -06:00
2aab090c8b
Fixes when using the STM32 with STM32F2_HASH defined.
2016-04-08 11:39:15 -06:00
46f4be357b
uTasker: add note about XTIME to settings.h
2016-04-08 11:20:58 -06:00
8d040ad41f
uTasker: add initial port, WOLFSSL_UTASKER
2016-04-08 11:12:17 -06:00
255d9ecfb3
Merge pull request #377 from JacobBarthelmeh/master
...
add wc_EccPublicKeyToDer function
2016-04-07 12:20:05 -07:00
5b4f17545b
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 15:36:50 -06:00
665fb3076c
add trailing zero enum and correct call for export key size
2016-04-06 15:15:56 -06:00
4f8fffbc37
add wc_EccPublicKeyToDer function
2016-04-06 15:15:56 -06:00
a0cd888fbf
Merge pull request #379 from JacobBarthelmeh/PSK
...
fix c89 build on windows
2016-04-06 14:02:55 -07:00
85a9c55048
fix c89 build on windows
2016-04-06 11:16:40 -06:00
9f86a91dbd
Merge pull request #374 from dgarske/asyncfixes
...
Fix build issues with new async changes
2016-04-01 16:04:08 -07:00
29194bd977
Merge pull request #371 from cconlon/sniffer-fix
...
Extra cleanup in sniffer.c with ForceZero
2016-04-01 13:39:29 -07:00
2d4aa1bbb5
Better fix for scan-build warning regarding possible use of NULL in AddRecordHeader. Scan-build considers paths where output is set to NULL, but ssl->spec.kea is corrupted/changed, which could result in output == NULL (even though it should never happen). So added proper NULL check in SendServerKeyExchange on AddHeader to make sure output isn't NULL.
2016-04-01 12:57:33 -07:00
19f0769ec4
Fix for scan-build warning where async changes make it appear like the output buffer could be NULL (even though its not). Added NULL check on the AddRecordHeader function.
2016-04-01 10:55:01 -07:00
dd28d53cfb
Fix build issues with new async changes. Fixed issue with unused args preSigSz and preSigIdx with PSK enabled and ECC + RSA disabled. Fixed issue with missing qsSz variable in DoClientKeyExchange. Fixed missing DhAgree and DhKeyGen with NO_CERTS and PSK enabled. Fixed a couple scan-build warnings with "Value stored to '' is never read".
2016-04-01 09:23:46 -07:00
2939c3ace1
add ssl_FreeZeroDecode() to sniffer.c
2016-03-31 13:25:39 -06:00
63b1282e67
Merge pull request #335 from dgarske/asynccrypt
...
Asynchronous crypto and wolf event support
2016-03-30 20:12:41 -07:00
4472152b18
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-30 15:15:38 -07:00
6e5b23e102
Merge pull request #370 from dgarske/stm_aes_gcm_ccm
...
Enhancement to the STM32F2_CRYPTO port to support AES GCM, AES CCM an…
2016-03-30 13:39:35 -07:00
ec9f10d74f
extra cleanup in sniffer.c with ForceZero
2016-03-30 10:52:27 -06:00
d30f410768
Merge pull request #368 from JacobBarthelmeh/master
...
Check for compile of misc.c and fix disable inline
2016-03-29 17:26:55 -07:00
49e117ebb5
Merge pull request #369 from JacobBarthelmeh/Testing
...
if using inline do not compile misc.c in iOS XCode builds
2016-03-29 14:41:20 -07:00
e60adfc9da
better naming of macro and alter misc.c check
2016-03-29 13:42:40 -06:00
2437e97d70
if using inline do not compile misc.c in iOS XCode builds
2016-03-28 17:33:38 -06:00
2733f0a7ca
Merge pull request #309 from coletiv/add-tvos-target
...
Add tvos target to the xcode project
2016-03-28 17:29:32 -06:00
7e90e2e540
misc.c compile warning accounts for FIPS
2016-03-28 17:22:39 -06:00
2665db73a4
check for compiling misc.c when not needed
2016-03-28 16:03:15 -06:00
79a212da8d
fix disable inline build
2016-03-28 14:24:12 -06:00
59a84b40c7
Merge pull request #364 from toddouska/ecc-test-free
...
Fixes to cleanup unnecessary ECC make key, check key and free in ECC vector item test.
2016-03-28 13:15:20 -07:00
137f477277
Merge pull request #363 from JacobBarthelmeh/master
...
sanity check on ssl pased to wolfSSL_set_fd
2016-03-28 11:47:22 -07:00
03765ecca7
Fixes to cleanup unnecessary ECC make key, check key and free in ECC vector item test.
2016-03-25 13:22:31 -07:00
67b4d2e2f4
case where memory is exhausted before ctx copied to ssl
2016-03-25 14:19:51 -06:00
696169634e
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
190d30f336
Merge pull request #362 from dgarske/bench_rng
...
Added benchmark for the RNG.
2016-03-25 12:12:20 -07:00
1649af37be
fix ecc curve test in normal math mode, free is needed
2016-03-25 11:33:35 -07:00
57ea1cdcd7
sanity check on ssl pased to wolfSSL_set_fd
2016-03-25 11:32:53 -06:00
5569dfe838
Fix with FIPS build and RNG_MAX_BLOCK_LEN define location.
2016-03-25 08:56:11 -07:00
f539a60a40
Adjusted the RNG benchmark to split into smaller requests of max allowed RNG size.
2016-03-25 06:59:35 -07:00
27e041246f
Added benchmark for the RNG.
2016-03-24 08:42:19 -07:00
855e42b66a
Merge pull request #359 from cconlon/ecc-comment
...
Fix wc_ecc_import_raw() comment
2016-03-24 08:21:42 -07:00
3796fc1322
Enhancement to the STM32F2_CRYPTO port to support AES GCM, AES CCM and AES-Direct (for encrypt only) using combination of software and AES HW acceleration.
2016-03-24 07:08:42 -07:00
3509ff0c73
Merge pull request #358 from JacobBarthelmeh/master
...
fix free of WOLFSSL_METHOD pointer on create ctx fail
2016-03-23 15:35:16 -07:00
20285bec01
fix wc_ecc_import_raw comment, public key instead of base point
2016-03-23 15:33:53 -06:00
8f8f7ac152
remove unecessary XFREE
2016-03-23 13:40:45 -06:00
2dfc7faa73
Merge pull request #355 from dgarske/EccTestCleanup
...
wolfCrypt ECC test improvements and code cleanup
2016-03-23 12:18:42 -07:00
18961e5620
Merge pull request #351 from dgarske/ChaChaRefactor
...
Refactor of the ChaCha hard coded variables
2016-03-23 12:17:23 -07:00
620e4fa5ca
fix free of WOLFSSL_METHOD pointer on create ctx fail
2016-03-23 09:27:27 -06:00
d8fb4b6ee7
Merge pull request #352 from dgarske/DRBGSmallStack
...
Fix to reduce stack usage in the hash-based random number generator h…
2016-03-21 12:20:48 -07:00
0fc5575b8b
Fixed typo with WOLFSSL_VALIDATE_ECC_IMPORT defined. Disable ECC-224 bit compressed key test since it isn't working. Cleanup in accel_fp_mul for KB_SIZE.
2016-03-18 15:41:03 -07:00
71683e23e9
Resolve 2nd unused "typeH" warning.
2016-03-18 06:27:42 -07:00
51a911c727
Merge pull request #354 from JacobBarthelmeh/master
...
prepare for release v3.9.0
2016-03-17 16:10:18 -07:00
0e43fca1f3
Resolve unused "typeH" warning.
2016-03-17 15:56:51 -07:00
369930238a
Cleanup of the ecc_test functions to break areas into separate functions providing WC_RNG and key size. Added ECC tests by key size for all enabled curves. Added actual key size on wc_ecc_make_key for the NIST test vectors. Added ECC testing of wc_ecc_verify_hash with digests having 0's and sequence (1,2,3,...) and made sure it runs verify twice.
2016-03-17 15:31:45 -07:00
e99a5b0483
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
e1787fe160
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-17 13:31:03 -07:00
10e74f7200
Merge pull request #353 from dgarske/EccUnsignedSizeCheckFix
...
Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT…
2016-03-17 10:50:01 -07:00
19967dd264
Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT_MAX (based on -1) resulting in invalid index to an array. Added test case for this if FP_ECC is defined.
2016-03-17 09:39:10 -07:00
bda69decc1
Fix to reduce stack usage in the hash-based random number generator health tests when WOLFSSL_SMALL_STACK is defined.
2016-03-16 17:04:07 -07:00
46a01c29d8
Merge pull request #350 from JacobBarthelmeh/master
...
check for invalid RSA OAEP with SHA512 test case
2016-03-16 16:25:13 -07:00
2dd5efd969
sanity check for RSA key size and hash digest size
2016-03-16 15:25:52 -06:00
4c3ddac23c
catch invalid test case of RSA-OAEP and fix cast
2016-03-16 14:51:25 -06:00
473ea567bd
Refactor of the ChaCha hard coded variables.
2016-03-16 13:36:44 -07:00
7722c4484a
Merge pull request #349 from dgarske/CobiPort
...
Port for Nordic nRF51 RNG, RTC and AES. Added RNG test for wc_RNG_Gen…
2016-03-16 13:36:27 -07:00
0683ecb727
Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround.
2016-03-16 09:41:19 -07:00
f0ea9d747f
Fix possible positive return value for random_rng_test. Removed reference to nrf51_aes_decrypt, which is not supported, and added compile error for it. Corrected ecc_test_raw_vector return code checking. Cleanup in InitMemoryTracker.
2016-03-15 18:33:24 -07:00
bf058ef1b9
Fixed Jenkins error reports for mem_track msg, incorrect #ifdef in aes_test and ecc_test_raw_vector response code checking. Fixed C89 compliance with wc_AesSetKey. Fixed nrf_drv_rng_init response checks in RNG code. Reverted comment change in AES. Fixed nRF51 AES CBC Encrypt support. Added response code checking for nrf51_aes_set_key.
2016-03-15 17:18:03 -07:00
a38183b816
Port for Nordic nRF51 RNG, RTC and AES. Added RNG test for wc_RNG_GenerateBlock 0's check even if HAVE_HASHDRBG is enabled. Added NIST test vectors for ECC P-256, P-384 and P-521. Added helpful debug message in ECC import if issue finding ecc_sets[] for curve. Moved memory tracker into separate file and added support for it to wolfcrypt test and benchmark. Added Ed255519/Curve25519 options for granular control of sign, verify, shared secret, import and export. Added AES options for max key size (AES_MAX_KEY_SIZE), no decrypt (NO_AES_DECRYPT) and no CBC (NO_AES_CBC).
2016-03-15 13:58:51 -07:00
47491e6c22
Merge pull request #332 from JacobBarthelmeh/Certs
...
Certs
2016-03-14 13:24:03 -07:00
db758dc98b
update test script, fall back to cert name search, fix der free
2016-03-12 09:37:32 -07:00
060e278559
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs
2016-03-11 23:48:39 -07:00
154f027c54
Merge pull request #347 from dgarske/ScanBuildFix214
...
Address scan-build issue on build #214 after DerBuffer refactor part 2
2016-03-11 16:53:41 -07:00
81b0ccdb1a
Address scan-build issue on build #214 after DerBuffer refactor part 2 ( ceafb25).
2016-03-11 09:39:13 -08:00
98f40fa132
Merge pull request #345 from moisesguimaraes/remove_unnecessary_condition
...
remove unnecessary condition
2016-03-11 09:27:22 -08:00
2e1c1ca7f8
remove unnecessary condition
2016-03-10 23:07:36 -03:00
0171aefc65
Merge pull request #344 from JacobBarthelmeh/master
...
K64F RNGA register
2016-03-10 16:05:19 -08:00
1bd7de46bb
Merge pull request #342 from dgarske/JenkinsFixes20160310
...
Fixes multiple Jenkins warnings/failures
2016-03-10 14:19:47 -08:00
3976a3e2f2
K64F RNGA register
2016-03-10 14:35:55 -07:00
80aa431689
Fixes multiple Jenkins warnings/failures. First is PickHashSigAlgo is required for client builds or if certs are enabled. Fixed scan-build warning with OCSP not recognized ForceZero as cleaning memory and using possible garbage value. Also cleaned up the OCSP functions to use struct buffer* instead of void* for clarity with a little forward declaration.
2016-03-10 09:38:11 -08:00
1435a6ce92
Merge pull request #341 from JacobBarthelmeh/master
...
SEP and CERTEXT, QSH debug
2016-03-10 09:36:25 -08:00
0a1871e77c
Merge pull request #337 from dgarske/WarnDoubleFree
...
Fixes scan-build warning with "--enable-opensslextra --disable-memory"
2016-03-09 16:28:18 -08:00
6e1c5b3801
disable CERT_EXT policies check when SEP is used instead
2016-03-09 17:22:38 -07:00
49b547db08
make QSH debug compile for C89
2016-03-09 17:15:28 -07:00
ceafb25f49
Merge pull request #338 from dgarske/DerBufferRefactor2
...
Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a re…
2016-03-09 12:36:22 -08:00
2f060dd860
Merge pull request #312 from dgarske/LeanTls
...
New LeanTLS configure option
2016-03-09 10:13:00 -08:00
f17dfa5b03
Moved the x509 XFREE to outside the FreeX509 function. Internally FreeX509 is only used in two places. One is for the ssl->peerCert, which is not dynamic anyways. The second is in the ExternalFreeX509 where it calls FreeX509 if its dynamic and will XFREE there.
2016-03-09 09:15:00 -08:00
c863300805
Fixed scan-build error with possibly using a NULL pointer.
2016-03-08 09:34:56 -08:00
0f93b86b61
Fixes for PK_CALLBACKS and sniffer after DerBuffer refactor #2 .
2016-03-08 08:56:14 -08:00
ce9f14f713
Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a result of additional functionality. Removed InitDer. Changed all DerBuffers to use pointer and pass pointer to DerBuffer* to AllocDer and FreeDer. Result is more efficient code and reduced WOLFSSL object size. AllocDer uses first part of the allocated buffer for the actual DerBuffer.
2016-03-08 08:56:14 -08:00
daa1cd634e
Fixes scan-build warning with "--enable-opensslextra --disable-memory". Problem was different #if defines on the InitX509 and FreeX509, which caused the static analyzer to think the "x509->dynamicMemory" was always true.
2016-03-08 08:38:02 -08:00
0ed26ad262
Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option.
2016-03-08 08:35:28 -08:00
2891939098
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-03-08 08:35:28 -08:00
8e8ee45828
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-03-08 08:35:28 -08:00
375d85fe9a
Merge pull request #336 from dgarske/ASNCertPolicyExtFix
...
Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing
2016-03-08 08:59:24 -07:00
b549c81337
Fix the WOLFSSL_SEP (--enable-sep) build scenario where extCertPoliciesNb is not available.
2016-03-07 14:49:24 -08:00
05fb648747
Remove white-space.
2016-03-07 14:33:22 -08:00
9b79d8643e
Added checks for total length and the cert policy OID len to make sure they don't exceed buffer.
2016-03-07 14:20:37 -08:00
dee3645c4e
Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing. Bug had to do with parsing when OID contains multiple items such as example 2 below. The wolfssl.com server key now contains a URL in the certificate policy " https://secure.comodo.com/CPS0 ", which wasn't being parsed over correctly. Also cleanup to use loop instead of duplicate code.
...
Example 1:
30 12
30 06 06 04 55 1D 20 00
30 08 06 06 67 81 0C 01 02 01
Result:
2.5.29.32.0
2.23.140.1.2.1
Example 2:
30 46
30 3A 06 0B 2B 06 01 04 01 B2 31 01 02 02 07
30 2B 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53
30 08 06 06 67 81 0C 01 02 01
Result:
1.3.6.1.4.1.6449.1.2.2.7
2.23.140.1.2.1
2016-03-07 13:40:25 -08:00
98a72a3f9d
Merge pull request #334 from JacobBarthelmeh/master
...
update wolfssl-ntru vs project and fix warnings
2016-03-03 15:53:52 -08:00
8ca1c3935d
Merge pull request #322 from ejohnstown/dtls-handshake
...
DTLS Handshake Update
2016-03-03 14:33:31 -08:00
c98c457b9b
update wolfssl-ntru vs project and fix warnings
2016-03-03 14:35:39 -07:00
b9ecd9474c
Merge pull request #330 from kaleb-himes/CID-66007-coverity
...
avoid dereference of null pointer if args is null
2016-03-02 18:22:07 -08:00
112cf1f0c9
fix example client help print out
2016-03-02 16:51:57 -07:00
7a599c1309
Account for not used case
2016-03-02 16:31:58 -07:00
a0f1e1e3ea
Merge pull request #331 from kaleb-himes/CID-66006-coverity
...
Move assignment to after the null check
2016-03-02 15:23:58 -08:00
aab44eb26b
adjest example server PSK plus flag
2016-03-02 15:43:17 -07:00
267dc48d95
fixs after testing : hash table, using NO_SKID, sanity check, and freeing dCert
2016-03-02 15:23:50 -07:00
d969e2ba11
automated test for trusted peer certs
2016-03-02 11:42:00 -07:00
85215cc174
clean up braces left over from local declaration of ready
2016-03-02 11:39:34 -07:00
05d2cec7c1
addition to api tests and refactor location of trusted peer cert check
2016-03-02 11:35:03 -07:00
01cd43c319
Seperate declaration and assignment per c99 standards
2016-03-02 11:31:08 -07:00
7df22ee210
Trusted peer certificate use
2016-03-02 11:22:34 -07:00
1f4ddb20df
Move assignment to after the null check
2016-03-01 17:00:27 -07:00
d15dac04b8
remove unnecessary NULL assignment
2016-03-01 16:33:47 -07:00
d473452769
avoid dereference of null pointer if args is null
2016-03-01 16:21:03 -07:00
7c63ac4f6a
Merge pull request #329 from dgarske/BuildErrDerBuf
...
Fixes build error with new DerBuffer with ASN, ECC and RSA disabled.
2016-02-26 08:44:30 -08:00
79ef8e232b
Fixes build error with new DerBuffer with ASN, ECC and RSA disabled.
2016-02-26 15:39:30 +01:00
0c45a7a028
Merge pull request #317 from dgarske/DerBufferRefactor
...
Refactor of the DER buffer handling
2016-02-25 09:35:50 -08:00
a46fd6612b
Changed CopyDecodedToX509 AllocDer error code handing to return MEMORY_E, since that is an explicitly handled case. Also resolves the issue with "warning: Value stored to 'ret' is never read".
2016-02-25 14:35:54 +01:00
f549f71912
Merge pull request #325 from kaleb-himes/CID-66016-coverity
...
Always execute wc_InitRsaKey if we are always going to execute wc_Fre…
2016-02-25 08:45:06 +01:00
f0b1d2fd9d
Merge pull request #324 from JacobBarthelmeh/master
...
argument peer can be NULL when macro INADDR_ANY is NULL
2016-02-25 08:40:37 +01:00
aa7eae3294
Merge pull request #320 from moisesguimaraes/fix-ocsp-dependency-check
...
fixes ocsp dependency check on asn during configure.
2016-02-24 16:21:51 -08:00
16dac5597f
prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ
2016-02-24 16:08:54 -07:00
fb9697bda6
adds check for missing rsa and ecc at the same time
2016-02-24 18:57:16 -03:00
4858a65984
Always execute wc_InitRsaKey if we are always going to execute wc_FreeRsaKey
2016-02-24 14:42:07 -07:00
6ee3c0ae59
argument peer can be NULL when macro INADDR_ANY is NULL
2016-02-24 13:55:44 -07:00
1824a494d1
adds missing ENABLED_OCSP test
2016-02-24 16:45:07 -03:00
35b48250ad
Merge pull request #321 from dgarske/FixCryptBenchEdCurve25519
...
Fixes issue with building crypt benchmark with only ED/Curve25519 ena…
2016-02-24 11:19:30 -08:00
12bb050ec9
Merge pull request #323 from JacobBarthelmeh/master
...
check for RSA and ECC before testing RSA signed ECC cert
2016-02-24 09:34:37 -08:00
1227db4e44
Fixed issue with not properly returning memory error in CopyDecodedToX509 after DER refactor.
2016-02-24 07:04:03 +01:00
dcfec3d2fa
check for RSA and ECC before testing RSA signed ECC cert
2016-02-23 17:03:52 -07:00
143b9fda1b
adds build dependency check for OCSP
2016-02-23 15:19:04 -03:00
a92d2d582f
Revert "fixes ocsp dependency check on asn during configure."
...
This reverts commit 46ade8f03f
2016-02-23 14:13:52 -03:00
69e00a3f97
allow dtls timeout to be 0 in the recvfrom callback, set to 0 if the handshake is done
2016-02-22 21:13:05 -08:00
f621f81fa2
1. Some DTLS code was missing an ifdef.
...
2. If receiving a handshake message that's already been processed,
retransmit the previous message flight.
2016-02-22 14:08:35 -08:00
8dbef9b14b
Merge pull request #318 from dgarske/BuildErrorNoFileSysWCerts
...
Fixes build error with NO_FILESYSTEM and !NO_CERTS
2016-02-22 12:12:24 -08:00
731e13ecf2
Fixes issue with building crypt benchmark with only ED/Curve25519 enabled with static rng missing.
2016-02-22 16:46:13 +01:00
f6fafe6738
for DTLS, retain the handshake resources until peer sends application data record
2016-02-21 21:52:38 -08:00
46ade8f03f
fixes ocsp dependency check on asn during configure.
2016-02-21 20:54:45 -03:00
953a3bd01d
Fixes build error with NO_FILESYSTEM and !NO_CERTS where the wolfssl/test.h load_buffer() function is passing non-existent enum value. Was renamed from CYASSL_ to WOLFSSL_.
2016-02-19 13:52:06 -08:00
3fe5ee1a7c
Refactor of the DER buffer handling. Added new DerBuffer struct that includes the type and heap ptr. Added new InitDer, AllocDer and FreeDer functions. Cleanup of some missing "heap" args on XMALLOC/XFREE. In FreeDer uses ForceZero if type is private key.
2016-02-18 22:42:15 -08:00
b72c83e191
Merge pull request #315 from kaleb-himes/fix-no-sha
...
update for configure option --disable-sha
2016-02-16 13:08:59 -08:00
c1ef4d4521
Merge pull request #313 from kaleb-himes/master
...
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-16 11:05:55 -08:00
24d93c90cd
update for configure option --disable-sha
2016-02-16 12:03:37 -07:00
46b34c19d0
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
3d8f91d418
Merge pull request #302 from dgarske/EccOnlyNoSignVerify
...
New ECC and ASN build options for reduce build size options
2016-02-15 12:13:43 -08:00
d7d2a6f565
Merge pull request #307 from JacobBarthelmeh/PSK
...
New fail with no peer cert behavior and allow RSA signed ECC key certs
2016-02-12 15:27:18 -08:00
7de352a0e9
Merge pull request #311 from dgarske/FixSkipObjectIdWarn
...
Fixes warning with SkipObjectId defined but not used.
2016-02-12 15:04:04 -07:00
951fe0a927
Merge pull request #310 from dgarske/CustRngGenBlock
...
Added new CUSTOM_RAND_GENERATE_BLOCK option that allows override and …
2016-02-12 13:51:06 -08:00
a969dd8efd
Fixed "error: unused function 'StoreRsaKey'" with NO_ASN_TIME and RSA enabled.
2016-02-12 13:19:58 -08:00
aeaac15682
Fixed compile errors in signature.c if ECC on but ECC sign/verify disabled. Added new NO_ASN_TIME option to reduce ASN size for space constrained or missing RTC. Added check to make sure ASN is enabled if ECC sign/verify is enabled.
2016-02-12 13:16:39 -08:00
8073024ee7
fix formatting of .conf file so ephemeral port is used
2016-02-12 13:41:30 -07:00
f328c6bdf7
Fixes warning with SkipObjectId defined but not used.
2016-02-12 12:34:22 -08:00
08c663a4ac
Added new CUSTOM_RAND_GENERATE_BLOCK option that allows override and disabling of the HASHDRBG for customers who have a HW RNG they would like to use instead.
...
Examples:
"./configure --disable-hashdrbg CFLAGS="-DCUSTOM_RAND_GENERATE_BLOCK= custom_rand_generate_block".
OR
/* RNG */
//#define HAVE_HASHDRBG
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
2016-02-12 11:59:51 -08:00
4872f2bc33
Added the following ECC optional config defines: HAVE_ECC_SIGN, HAVE_ECC_VERIFY, HAVE_ECC_DHE, HAVE_ECC_KEY_IMPORT and HAVE_ECC_KEY_EXPORT. Still working through issues with using ECC sign/verify with ASN disabled. Added documentation to top of ecc.c for all the ECC define options.
2016-02-12 11:07:50 -08:00
8f5cd98857
Added tvos target to the xcode project
2016-02-12 10:23:23 +01:00
3e860107f3
remove extra cert and key, plus add new test
2016-02-11 13:49:07 -07:00
1197f88c4f
add psk.test script for testing
2016-02-11 09:15:04 -07:00
09f631238e
Merge pull request #306 from kaleb-himes/master
...
correct logic to allow for static RSA if ECC and no Curves
2016-02-10 16:47:17 -08:00
49a5ea18e8
Merge pull request #303 from ejohnstown/sniffer-check
...
When loading a named key, check that the save buffer mallocs.
2016-02-10 13:19:59 -08:00
b0a51a22a1
Merge pull request #304 from cconlon/testh-fix
...
Check build_addr() arguments for NULL
2016-02-10 13:19:28 -08:00
a83ff6aada
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-10 13:03:53 -08:00
9defe9b42b
fix warning of unused variable and adjust debug statements
2016-02-10 13:57:10 -07:00
ffe7b38409
correct logic to allow for static RSA if ECC and no Curves
...
use same coding standards as the rest of the libraries
2016-02-10 13:39:59 -07:00
69fc400d28
add new certs to EXTRA_DIST
2016-02-10 13:26:03 -07:00
2f74706367
allow use of RSA signed ECC key certs
2016-02-10 13:26:03 -07:00
ff7a9d9f78
option for fail on no peer cert except PSK suites
2016-02-10 13:26:03 -07:00
3293857834
check build_addr() arguments for NULL before memset
2016-02-10 10:35:48 -07:00
8d0d5a3f90
Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.
2016-02-10 08:53:09 -08:00
9a5938432b
Merge pull request #301 from kaleb-himes/master
...
if connecting to google.com and using ECC need supported curves
2016-02-10 08:42:28 -08:00
bf4d6454b1
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
ccffee1617
When loading a named key, check that the save buffer mallocs. It calls a library function that checks the pointer, but an application of the library shouldn't depend on side effects. This fixes #300 .
2016-02-09 15:17:05 -08:00
62a2efdacc
Merge pull request #298 from kaleb-himes/master
...
Avoid unnecessary assignments in client example
2016-02-09 09:54:55 -08:00
f30ef33d8b
Merge pull request #295 from JacobBarthelmeh/master
...
ECDHE-PSK and added cipher suites
2016-02-09 09:40:13 -08:00
66aa1da829
Merge pull request #299 from dgarske/MinGWFixes
...
Fixes for warnings found using MinGW
2016-02-09 09:32:18 -08:00
2e88785358
Merge pull request #282 from dgarske/WinUserSettings
...
Refactor of Visual Studio projects to centralize preprocessors into IDE/WIN/user_settings.h
2016-02-09 09:27:32 -08:00
014740eda0
Merge pull request #289 from dgarske/SigHashFixes
...
Fixes/improvements to the signature and hash wrappers:
2016-02-09 09:23:18 -08:00
2af9fb91b3
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
4ea76b8ac8
Fixes for warnings found using MinGW. Fixes for WOLFSSL_SOCKET_IS_INVALID and WOLFSSL_SOCKET_INVALID to use the SOCKET_T.
2016-02-08 15:44:22 -08:00
53162d5fc4
addjust size according to offset length and add PMS size comment
2016-02-08 15:22:49 -07:00
f6bebc1cf4
Merge pull request #297 from dgarske/RemoveExeBitOnCFiles
...
Removed the execute bit on all .c files
2016-02-08 14:22:05 -07:00
2e0d05f727
Fixes issues with new IDE/WIN/user_settings.h and FIPS. Fixed issue with using CYASSL_USER_SETTINGS in ctaocrypt/settings.h with FIPS by moving settings_comp.h to after user_settings.h. Fixed issue with non-existent ctaocrypt/signature.c file being included. Added the user_settings.h file to the FIPS project.
2016-02-08 12:22:20 -08:00
09615c01cc
Updated the naming for the new encoding DER signature enum and function.
2016-02-08 12:04:38 -08:00
97edaf88d4
Added the new IDE/WIN/user_settings.h to the include.am file. Changed the WOLFSSL library to use macro WOLFSSL_LIB for clarity.
2016-02-08 11:28:46 -08:00
cb3a9cc348
Removed the execute bit on all .c, .h, and .cs files.
2016-02-08 09:45:31 -08:00
a607c5dcc4
Merge pull request #296 from cconlon/freescale-fix
...
Freescale: USER_TIME fixes, enable ECC and AES-GCM by default
2016-02-08 09:36:53 -08:00
c920e6dd30
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
d5f410523a
Fixed possible memory leak on signature wrapper ASN encode and corrected the maximum header size. Added new MAX_ENCODED_HEADER_SZ which is the maximum encoded ASN header size and update asn.c to use it. Added comment about key size sanity check. Renamed wc_SignatureRsaEncode to wc_SignatureAsnEncode.
2016-02-05 16:01:42 -08:00
e031d2fa06
Removed the execute bit on all .c files. These were inadvertently set in PR #293 due to editing files through Windows VMWare shared folder.
2016-02-05 14:25:43 -08:00
fa4da43655
Freescale: remove USER_TIME after recent time fixes, enable ECC and AES-GCM by default
2016-02-05 14:09:43 -07:00
a4f1138e5b
Merge pull request #293 from dgarske/WinWarnFixes
...
Fixes several warnings that were seeing building with Visual Studio 2…
2016-02-05 13:20:22 -07:00
244bea18b9
Merge pull request #292 from dgarske/WolfRootFindFix
...
Fixed bug with "ChangeToWolfRoot" that was incorrectly seeking previo…
2016-02-05 11:28:39 -08:00
25959bfb62
Merge pull request #279 from dgarske/CustRandGenSeed_OSArg
...
Added new CUSTOM_RAND_GENERATE_SEED_OS macro
2016-02-05 11:18:18 -07:00
3dc2e01180
warning from windows build with ECDHE-PSK and fix potential memory leak
2016-02-05 09:54:39 -07:00
be99fcff43
Fixed typo in wc_SignatureGetSize causing error.
2016-02-05 07:32:47 -08:00
ee4b8b2f10
Merge pull request #291 from kaleb-himes/master
...
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Added new NO_CRYPT_BENCHMARK define.
2016-02-04 17:06:59 -08:00
ae19b7a272
Merge pull request #290 from dgarske/PemPubKey_CertExt_Fixes
...
Public key PEM to DER fixes
2016-02-04 15:19:15 -08:00
60668be1c0
Merge pull request #285 from ejohnstown/dtls-hello
...
DTLS server should be able to receive multiple client hellos without …
2016-02-04 14:27:03 -07:00
faf590eb22
Fix for "warning: Value stored to 'ret' is never read". Now explicitly set SIG_TYPE_E in each case. Fixed wc_SignatureGetSize so it will return SIG_TYPE_E for unsupported type scenario.
2016-02-04 12:49:39 -08:00
bc059e12c2
Cleanup to remove trailing whitespace and convert tabs to spaces.
2016-02-04 12:31:08 -08:00
be4c400d16
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 12:06:24 -08:00
2257c1dcef
Fixes several warnings that were seeing building with Visual Studio 2015. Also noticed issue with "struct Options" in internal.h for the bit flags that was causing split due to type difference (byte vs. word16).
2016-02-04 11:30:48 -08:00
e63989dcfd
Fixed bug with "ChangeToWolfRoot" that was incorrectly seeking previous directories where depth 2 was using ..\..\ and skipping one. This bug applied to both Win and Lin*. For example running ./server from inside examples/server would not find the wolf root.
2016-02-04 11:26:33 -08:00
2db6246abc
Fixed typo with testsuite preprocessor. Added missing chacha.c, chacha20_poly1305.c, pkcs7.c and poly1305.c. Also added the IDE/WIN/user_settings.h to the project so its easy to find.
2016-02-04 11:19:51 -08:00
bf1af39027
benchmark needs a main if NO_CRYPT_BENCHMARK defined
2016-02-04 12:07:39 -07:00
7936c7a72e
Merge pull request #286 from dgarske/DisableBench
...
Added optional define "NO_CRYPT_BENCHMARK" to allow disabling benchmark
2016-02-04 10:59:55 -08:00
d39c6a6e13
Merge pull request #287 from JacobBarthelmeh/fast-rsa
...
Force Zero of data when done
2016-02-04 10:59:21 -08:00
42219a327a
refactor ForceZero of memory to gain performance
2016-02-04 10:31:05 -07:00
3ce64da44c
ChaCha20-Poly1305 PSK cipher suites
2016-02-04 09:50:29 -07:00
5a9175a758
add cipher suite ECDHE-PSK-AES128-SHA256 and adjustments to ECDHE-PSK
2016-02-04 09:39:34 -07:00
f3399b6578
Fixes/improvements to the signature and hash wrappers:
...
Fixed output buffer to wc_RsaSSL_Verify so its min size is the key size (needed for inline operations).
Fixed the signature wrapper return codes when using RSA so 0 indicates success.
Fixed signature wrappers use of wc_HashGetDigestSize to return the error code result.
Changed enum wc_HashType and enum wc_SignatureType so all values always exist.
Added new "wc_HashGetOID" which returns the OID for an enum wc_HashType.
Added new "WC_SIGNATURE_TYPE_RSA_W_ENC", that adds the encoded ASN header to the digest using wc_EncodeSignature for RSA signatures.
Added new SIG_TYPE_E and HASH_TYPE_E error types for explicit reporting of sig/hash type not available.
2016-02-03 15:07:56 -08:00
a6b7c00c9c
Fix so WOLFSSL_CERT_EXT can be defined without WOLFSSL_CERT_GEN. Added new WOLFSSL_PUB_PEM_TO_DER to allow the public key PEM to DER functions to be available without CERT_GEN or CERT_EXT. Fix to add NO_FILESYSTEM check around wolfSSL_PemPubKeyToDer in ssl.h. Cleanup in coding.h for the #if check.
2016-02-03 14:58:46 -08:00
d04a7e802a
add ECDHE-PSK and cipher suite ECDHE-PSK-NULL-SHA256
2016-02-03 13:44:13 -07:00
d26ca17efd
Merge pull request #288 from moisesguimaraes/add_python_pbkdf2_tests
...
adds pbkdf_pcscs12 tests
2016-02-03 11:09:28 -08:00
1ad497177a
adds pbkdf_pcscs12 tests
2016-02-02 15:43:48 -03:00
dc316d13bf
Merge pull request #250 from ikudriavtsev/master
...
Wrapping PBKDF PKCS#12 algorithm.
2016-02-02 15:40:50 -03:00
8edf38632b
Merge pull request #284 from JacobBarthelmeh/DH
...
fixed point DH operations
2016-02-02 08:31:30 -08:00
cad6a08f10
comment for clarifying table of DH sizes
2016-02-01 17:11:01 -07:00
f84c0742ad
fix clang warning about potentially unset value
2016-02-01 15:23:24 -07:00
93c54c07ea
cipher suite ECDHE-ECDSA-NULL-SHA
2016-02-01 14:43:17 -07:00
dda0de4baa
Added optional define "NO_CRYPT_BENCHMARK" to allow disabling benchmark code.
2016-02-01 13:04:30 -08:00
7fe73c7cbd
DTLS server should be able to receive multiple client hellos without advancing state
2016-02-01 11:06:24 -08:00
d0f8132cdc
forcing sensitive memory to be all zeros when done with it
2016-02-01 10:45:09 -07:00
b6017c59ba
Merge pull request #275 from dgarske/WolfErrorTypo
...
Fixed spelling errors
2016-02-01 09:00:10 -08:00
6fd5579130
Merge pull request #281 from toddouska/math-rsa-fix
...
fix normal math off by one loop error in fast_s_mp_mul_high_digs
2016-01-29 16:59:36 -08:00
f8876854f4
Spelling fixes in comments and error strings (ALGO_ID_E, ASN_TIME_E and WOLFSSL_ERROR function).
2016-01-29 16:13:09 -08:00
41f7cb0482
Forgot to change the testsuite and sslSniffer projects. Now these also use the IDE/WIN/user_settings.h.
2016-01-29 15:07:03 -08:00
ebd14a657d
Added signature.c to Visual Studio project files. Added new "IDE/WIN/user_settings.h" which contains all the defines for the various Windows Visual Studio projects. Moved the settings into this new file and added the WOLFSSL_USER_SETTINGS and CYASSL_USER_SETTINGS macros and include path to IDE/WIN to all project files. This allows the settings (defines) to be adjusted in a single place for Win VS.
2016-01-29 14:29:31 -08:00
3f87d28190
Merge pull request #280 from JacobBarthelmeh/master
...
Update ChaCha20-Poly1305 cipher suites
2016-01-29 14:12:53 -08:00
fa25e5d09d
fix normal math off by one loop error in fast_s_mp_mul_high_digs
2016-01-29 13:54:41 -08:00
9a5ad356a6
fixed point DH operations
2016-01-29 10:31:49 -07:00
611e37b3e8
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
6856e5bbe6
Merge pull request #261 from dgarske/AsnIoCleanup
...
asm.c time cleanup and io.c include cleanup
2016-01-28 13:25:21 -08:00
2bc0ae05b5
Added new CUSTOM_RAND_GENERATE_SEED_OS macro to allow custom random generation, which includes the OS_Seed. Opted to create new macro instead of modifying existing CUSTOM_RAND_GENERATE_SEED.
2016-01-28 09:31:36 -08:00
fa64abd83e
Fix for deleted USER_TIME gmtime forward declaration. Fix to make sure XGMTIME maps to gmtime just as previous code did.
2016-01-27 13:20:06 -08:00
7d71d756f3
update ChaCha20-Poly1305 to most recent RFCs
2016-01-27 14:03:05 -07:00
fadd97de3a
Moved the forward declarations until after the struct tm and time_t have been defined.
2016-01-27 11:17:54 -08:00
3b6f2b0330
Merge pull request #274 from JacobBarthelmeh/master
...
Updated comments for adding new error id strings and added missing UNKNOWN_MAX_FRAG_LEN_E.
2016-01-27 09:28:56 -08:00
18f1faa13d
check error strings and update comment
2016-01-27 09:50:20 -07:00
71fcc1e478
comment for adding new wolfCrypt error id strings
2016-01-26 17:12:31 -07:00
5c4a3462ee
Cleanup of the time macros in asn.c to allow expanded use of wolf "struct tm", "time_t" and "gmtime". Cleanup of the io.c socket includes for clarity. Cleanup trailing spaces in io.c and asn.c.
2016-01-26 13:47:01 -08:00
02397623be
Merge pull request #273 from toddouska/bump-version
...
bump dev version
2016-01-26 13:18:11 -08:00
ee512cac4a
bump dev version
2016-01-25 13:12:45 -08:00
18c25b5d04
Merge pull request #272 from cconlon/ksdk-fixes
...
Update support for Freescale KSDK 1.3.0, fix Freescale+FreeRTOS build
2016-01-25 12:24:01 -08:00
0801eeac8d
update support for Freescale KSDK 1.3.0
2016-01-25 10:41:26 -07:00
993ae48502
Merge pull request #271 from JacobBarthelmeh/mysql
...
function needed for MYSQL compatibility
2016-01-25 09:39:18 -07:00
5df55e053d
function needed for MYSQL compatibility
2016-01-22 16:33:54 -07:00
e1abf5f623
Merge pull request #270 from JacobBarthelmeh/OAEP
...
Use type enum wc_HashType rather than int for OAEP functions.
2016-01-21 08:50:00 -08:00
63d1f81fb1
cast XMALLOC to byte pointer
2016-01-21 09:05:19 -07:00
197f25f135
use type enum wc_HashType rather than int
2016-01-20 15:31:08 -07:00
3098e09f42
Merge pull request #269 from cconlon/coverity-fix
...
fix recursive include in wc_port.h
2016-01-20 09:01:09 -07:00
122a67139d
fix recursive include in wc_port.h
2016-01-19 14:23:47 -07:00
f84722bbac
Merge pull request #267 from moisesguimaraes/fix_ocspstapling_dtls_typo
...
Fix ocspstapling dtls typo
2016-01-19 10:34:15 -07:00
04a1bf0086
Merge pull request #265 from toddouska/cov-tfm
...
fix coverity report for fp_mont reduce where m is half max size, not …
2016-01-19 10:30:09 -07:00
a7bac3ae9b
Merge pull request #266 from JacobBarthelmeh/master
...
check not CHACHA_BYTE before considering normal suite
2016-01-18 17:55:02 -08:00
a6a2214306
removes 'end of line' spaces;
2016-01-18 20:51:27 -03:00
08c67e5cdc
fixes typo;
2016-01-18 20:51:27 -03:00
33a71fb456
Merge pull request #264 from JacobBarthelmeh/OAEP
...
help out clang static analyzer
2016-01-18 15:31:18 -08:00
3a65f55bd3
check not CHACHA_BYTE before considering normal suite
2016-01-18 15:33:32 -07:00
04b8df09e3
Merge pull request #260 from kaleb-himes/master
...
system read returns ssize_t, cast to int
2016-01-18 13:55:35 -08:00
8e97145682
fix coverity report for fp_mont reduce where m is half max size, not currently called that big but let's allow
2016-01-18 13:53:01 -08:00
93e454f09a
Merge pull request #259 from dgarske/UnusedParamError
...
Fixes unused argument build error seen on CrossWorks (Issue #255 ).
2016-01-18 09:40:30 -08:00
268515018d
help out clang static analyzer
2016-01-18 10:22:12 -07:00
1ab9f19541
Merge pull request #256 from JacobBarthelmeh/fast-rsa
...
fix for size of buffer when reading fast-rsa BN data
2016-01-15 15:47:57 -08:00
71741847d3
system read return size_t, cast to int
...
remove whitespace
2016-01-15 16:03:45 -07:00
014b849af4
Merge pull request #258 from toddouska/no-sha384
...
resolve issue #257 , no sha384 with wolfssl cert chain and external test
2016-01-15 13:29:06 -08:00
81d26b83c3
Merge pull request #246 from JacobBarthelmeh/OAEP
...
RSA OAEP padding
2016-01-15 11:34:37 -08:00
476355b5bf
fix potential memory leak on fail
2016-01-14 23:58:30 -07:00
07c79f9dc3
Fixes unused argument build error seen on CrossWorks (Issue #255 ).
2016-01-14 21:09:01 -08:00
1d473ab7b5
resolve issue #255 , no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
d20b8880f0
Merge pull request #254 from lchristina26/master
...
Fix formatting to VxWorks README
2016-01-14 16:49:13 -08:00
dec13db1e7
Merge pull request #252 from moisesguimaraes/fix_srp_build
...
fixes srp build without sha512
2016-01-14 15:48:39 -08:00
3347bea0d5
fix for size of buffer when reading fast-rsa BN data
2016-01-14 15:00:59 -07:00
008612ec70
OAEP w/ smallstack and fixs
2016-01-14 14:26:17 -07:00
df0d2e8c3a
Merge pull request #248 from JacobBarthelmeh/CSharp
...
C# wrapper fixes account for null terminator. Added additional read/write overrides for byte[] data.
2016-01-14 08:46:18 -08:00
c41b5ac3d2
Fix formatting to VxWorks README
2016-01-13 10:42:30 -07:00
10df002ec5
fixes srp build without sha512
2016-01-12 15:42:58 -03:00
037f4c60ab
Merge pull request #251 from ejohnstown/dtls-handshake
...
fix a sequence number issue with DTLS epoch 0 messages earlier in the…
2016-01-11 11:29:25 -08:00
03fd89bc45
Wrapping PBKDF PKCS#12 algorithm.
2016-01-10 10:50:02 +01:00
db1f321ae3
Merge pull request #249 from lchristina26/master
...
Updates for VxWorks entropy and README, Arduino functionality
2016-01-08 16:08:13 -08:00
5e0fa1de90
utf8 switched to default and added comments
2016-01-08 16:50:49 -07:00
86ddeeb110
Add steps for including wolfSSL as an Arduino library
2016-01-08 12:07:35 -07:00
ae92a41512
Update fork to upstream: Merge https://github.com/wolfSSL/wolfssl
2016-01-08 11:59:35 -07:00
f7baf9e392
settings for Arduino functionality
2016-01-08 11:54:46 -07:00
efae688120
add entropy steps for VxWorks
2016-01-08 11:43:05 -07:00
ee1a767332
account for null terminator
2016-01-07 17:39:00 -07:00
5360e22ba5
fix a sequence number issue with DTLS epoch 0 messages earlier in the handshake
2016-01-07 13:18:01 -08:00
431951a692
Merge pull request #247 from kaleb-himes/null-pointer-excptn
...
safeguards to avoid de-referencing a null pointer
2016-01-06 10:25:14 -08:00
38392ce56a
safeguards to avoid de-referencing a null pointer
2016-01-06 10:12:52 -07:00
251550ea62
Merge pull request #242 from kaleb-himes/scan-build-fixes
...
avoid unused variable warnings
2016-01-05 15:31:52 -08:00
a6ca2c3bdd
Avoid un-necessary cast
2016-01-05 14:32:45 -07:00
29e6f283cf
Implement peer suggestion
2016-01-05 14:19:46 -07:00
ef95000236
Merge pull request #243 from kaleb-himes/scan-build-fixes2
...
Avoid unused variable warnings with dead store in AES_GCM_decrypt
2016-01-05 12:30:32 -08:00
db55f0f8dd
Merge pull request #235 from moisesguimaraes/fix_localhost_ocsp_stapling_tests
...
Fixes --enable-ocspstapling and --enable-ocspstapling2 Jenkins failures
2016-01-05 12:07:43 -08:00
1a16001dac
Merge pull request #245 from kaleb-himes/scan-build-fixes4
...
check err after set
2016-01-05 10:52:53 -08:00
1fd496a5a7
Merge pull request #244 from kaleb-himes/scan-build-fixes3
...
Remove unnecessary assignment prior to return
2016-01-05 15:27:26 -03:00
d815affe83
RSA OAEP padding
2016-01-05 10:56:15 -07:00
e4c4c5a73a
white space change removed
2016-01-05 07:37:31 -07:00
699597bb21
execute undef before checking and return
2016-01-05 07:35:28 -07:00
3725133592
Merge pull request #240 from kaleb-himes/myStack-init-check
...
compiler warning about myStack use in unique environment
2016-01-04 16:45:12 -08:00
fcfef59c43
check err after set
2016-01-04 17:04:10 -07:00
21c972f805
Remove unnecessary assignment prior to return
2016-01-04 16:08:04 -07:00
023052eaf1
Avoid unused variable warnings with dead store in AES_GCM_decrypt
2016-01-04 15:40:10 -07:00
dd469bb67d
avoid unused variable warnings
2016-01-04 15:03:39 -07:00
0718f4b9a3
formatting fixes for VxWorks README
2016-01-04 14:44:08 -07:00
9351f0d2e7
updates to VxWorks README
2016-01-04 14:41:31 -07:00
4834e2d5cf
updates for VxWorks simulator entropy
2016-01-04 14:33:30 -07:00
15918ebd99
initialize myStack to NULL for the later check against NULL
2016-01-04 13:18:43 -07:00
858da86c05
restore original certs, without OCSP Authority Information Access;
2016-01-04 17:15:29 -03:00
e6398998b1
check for NULL after malloc in posix_memalign
2016-01-04 12:55:35 -07:00
723a7fcf90
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into myStack-init-check
2016-01-04 09:17:04 -07:00
8a47c1d01e
Merge pull request #237 from kaleb-himes/32-bit-ocsp
...
Also account for 32-bit users with ocsp test
2016-01-04 09:33:12 -03:00
d817f0fbc8
fixes test scripts to avoid bash-isms
2016-01-04 09:27:58 -03:00
7bbd93b609
Merge pull request #239 from kaleb-himes/openx-curve-unused
...
Fix cases that were not detected in Jenkins
2015-12-31 18:35:03 -08:00
fa3f0660b6
compiler warning about myStack use
2015-12-31 13:59:11 -07:00
51e365541f
Merge pull request #238 from toddouska/aesni-192key
...
fix aesni 192bit key expansion over read of 64bits
2015-12-31 12:55:28 -08:00
b78fb311bb
Fix cases that were not detected in Jenkins
2015-12-31 13:18:37 -07:00
99539b8875
fix aesni 192bit key expansion over read of 64bits
2015-12-31 11:19:47 -08:00
84ae9a9ae5
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
71a3555f6f
Merge pull request #236 from kaleb-himes/ed-openx-unused
...
catching up on old jenkins issues that need fixed
2015-12-31 10:29:32 -08:00
6a56a53545
catching up on old jenkins issues
2015-12-31 09:33:01 -07:00
1bef0ba455
cosmetic changes to OCSP Stapling options.
2015-12-30 17:10:25 -03:00
5fb8ea691a
updates ocsp certs with better OCSP Responder URI.
2015-12-30 16:50:22 -03:00
5040820f98
prepare for 3.8.0 release
2015-12-30 12:09:31 -07:00
2145eebd1a
Merge pull request #234 from JacobBarthelmeh/master
...
add ocsp needed certs to dist
2015-12-30 10:51:17 -08:00
0c21b67bb6
add ocsp needed certs to dist
2015-12-30 10:19:20 -07:00
87e828bf17
Merge pull request #233 from toddouska/hint-types
...
fix hint types for misuse of in_buffer and out_buffer
2015-12-30 09:34:25 -07:00
71218169c1
Merge pull request #232 from kaleb-himes/master
...
accounts for assumptions with external ocsp stapling test
2015-12-29 18:22:11 -08:00
157486ce0d
fix hint types for misuse of in_buffer and out_buffer
2015-12-29 16:13:09 -08:00
a973eca4b8
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
6ba14fa241
fixes some errors from Jenkins Expected Configurations Build # 111
2015-12-29 10:19:27 -03:00
0a14e6f3c6
Merge pull request #230 from cconlon/mcp_time_fix
...
fix LowResTimer on Microchip ports
2015-12-28 21:56:07 -08:00
774d335387
Merge branch 'csr'
2015-12-28 19:53:27 -03:00
ec9d23a9c3
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
487bb4eb5e
fixes before merge
2015-12-28 19:33:06 -03:00
a9894e9033
Merge pull request #229 from ejohnstown/dtls-warnings
...
fix DTLS warnings for Windows
2015-12-28 14:20:03 -07:00
47426b1f8d
fix LowResTimer on Microchip ports
2015-12-28 13:58:01 -07:00
2e00b12b69
updates configure.ac with better option naming.
2015-12-28 17:55:41 -03:00
91c06736cb
Merge pull request #228 from kaleb-himes/typo-corrections
...
minor typo corrections
2015-12-28 11:56:48 -08:00
2d33380abc
Merge pull request #225 from JacobBarthelmeh/master
...
help message to use NTRU key in example server
2015-12-28 11:56:13 -08:00
c3df8af997
Merge pull request #223 from cconlon/vswarnings
...
fix Visual Studio warnings
2015-12-28 11:55:13 -08:00
3a1909dab9
Merge pull request #209 from kaleb-himes/master
...
OpenSSH added support for additional NID types. Update our compatibil…
2015-12-28 11:52:38 -08:00
92cb8eee61
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
99797eb4f6
Merge pull request #227 from ejohnstown/example-comments
...
Example comments
2015-12-23 15:09:54 -07:00
cc8633fe7f
minor typo corrections
2015-12-23 13:28:45 -07:00
4b836f8476
added note to client and server regarding port 0
2015-12-23 12:20:53 -08:00
d17549f848
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
558d2566cc
Merge pull request #226 from toddouska/ranports-scripts
...
add random ports for all make check scripts, unique ready file
2015-12-23 12:49:16 -07:00
5cbaa9de20
Merge pull request #224 from ejohnstown/windows-fips-segments
...
add the Windows object ordering tags to wolfCrypt first and last sources
2015-12-22 17:08:57 -07:00
22385f2b39
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
41f50b7a73
NTRU suites considered part of static RSA suites group
2015-12-22 15:19:11 -07:00
0721b79282
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
44c4f18d3e
fix DTLS warnings for Windows
2015-12-22 09:45:54 -08:00
cbf3213c4f
correct logic on pre-processor macro
2015-12-21 23:33:33 -07:00
0cb2374c69
Ensure configured before assuming message digest is supported
2015-12-21 23:03:45 -07:00
b153ac002c
fix Visual Studio warnings
2015-12-21 16:11:02 -07:00
d5295edbd1
add the Windows object ordering tags to wolfCrypt first and last sources
2015-12-21 11:01:09 -08:00
37b8e60537
Merge branch 'toddouska-hello-size'
2015-12-18 10:00:00 -07:00
4da1ae3947
Merge branch 'hello-size' of https://github.com/toddouska/wolfssl into toddouska-hello-size
2015-12-18 09:33:13 -07:00
917edc5f18
Merge pull request #218 from toddouska/ssl3-aes256
...
add aes256 key derivation to ssl3
2015-12-17 18:30:23 -08:00
b89354880f
switch pragma once uses, causes warnings on some compilers
2015-12-17 13:19:17 -07:00
e503b89ca1
allow sniffer build with -v 0 examples to work
2015-12-17 12:10:22 -08:00
6c69b7f109
make hello suite size user settable, increase default
2015-12-17 09:57:44 -08:00
d395c5aba3
condense to one switch statement for testing of message digests
2015-12-16 11:40:58 -07:00
46c4653f60
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-12-16 11:37:07 -07:00
ed8a50ce69
Merge pull request #211 from lchristina26/master
...
GenerateSeed() Function for VxWorks compatibility
2015-12-15 15:59:20 -08:00
94b1df49ae
Merge pull request #219 from JacobBarthelmeh/master
...
install user_rsa.h and fix leading bit function
2015-12-15 15:57:48 -08:00
3113c8db9b
update VXWORKS GenerateSeed() - no printf, error return
2015-12-15 16:52:21 -07:00
1cdc6d5edb
refactoring dist and install of user/fast-rsa
2015-12-15 16:09:49 -07:00
b87c7fb460
install user_rsa.h and fix leading bit function
2015-12-15 13:50:01 -07:00
eed40eb690
add aes256 key derivation to ssl3
2015-12-15 11:54:03 -08:00
b9e2ff3055
Merge pull request #217 from NickolasLapp/openssl_version_increase
...
Add in stub functions for opensslv1.0.1 w/ stunnel and lighttpd
2015-12-15 11:17:52 -08:00
9688a0f0db
fixes API names (marketing wise);
2015-12-14 23:12:08 -03:00
a15c003211
adds extra certs for ocspstapling tests;
2015-12-14 23:02:49 -03:00
0ca6a5601e
fixes OCSP_MULTI check;
...
adds root-ca-cert to index0.txt;
adds keyUsage to CA certs;
sets fixed serial to root-ca-cert;
2015-12-14 20:22:48 -03:00
bf621f1832
Add in stub functions for opensslv1.0.1 w/ stunnel and lighttpd
2015-12-14 15:36:04 -07:00
196b983b7b
adds ocsp test scripts;
2015-12-13 18:06:08 -03:00
a834c2acf6
improved DTLS handshake sequence numbering when retransmitting finished message
2015-12-11 18:41:09 -08:00
6ab9c87f13
add comment to VXWORKS GenerateSeed()
2015-12-11 13:41:05 -07:00
e2456214f4
update random.c for better entropy with VXWORKS
2015-12-11 13:22:33 -07:00
8b99cea5c8
update README with entropy instructions
2015-12-11 13:19:44 -07:00
af4eb590a6
Merge pull request #214 from aburks/IS-213-AESFailsWithFreescaleCAU
...
Issue #213 : AES fails with Freescale (mm)CAU
2015-12-10 17:08:52 -08:00
838c5297c3
Merge pull request #216 from aburks/IS-215-SignatureUsesOldRNG
...
Issue #215 : Signature module uses old RNG
2015-12-10 17:08:36 -08:00
03a643cc35
Issue #215 : Signature module uses old RNG. Use the new WC_RNG construct instead in order to prevent conflicts with board support packages.
2015-12-10 17:04:48 -08:00
bc54b18cad
Issue #213 : AES fails with Freescale (mm)CAU.
2015-12-10 16:55:49 -08:00
4f0c2177b2
Merge pull request #212 from dgarske/CleanupAsnLeadingZero
...
Cleanup of the leading zero detection in wc_RsaKeyToDer and wc_DsaKey…
2015-12-10 11:11:58 -08:00
89518ad445
Cleanup of the leading zero detection in wc_RsaKeyToDer and wc_DsaKeyToDer to use existing mp_leading_bit function.
2015-12-10 10:48:50 -08:00
1c4b3016e6
set required tls1_2 for when using ChaCha20-Poly1305 suite
2015-12-10 11:45:27 -07:00
5c5c7ffaec
Merge pull request #210 from dgarske/CheckEccAltwFastMath
...
Added compile time check for ALT_ECC_SIZE requiring USE_FAST_MATH.
2015-12-10 10:24:20 -08:00
cb73064c10
format changes to VXWORKS GenerateSeed()
2015-12-09 13:22:13 -07:00
38ac17864e
added entropy, wc_GenerateSeed() for VxWorks
2015-12-09 13:18:42 -07:00
1153c31bbb
Added compile time check for ALT_ECC_SIZE requiring USE_FAST_MATH.
2015-12-09 09:53:59 -08:00
97dcb5e567
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-12-08 13:45:25 -08:00
1d1af6410d
OpenSSH added support for additional NID types. Update our compatibility layer
2015-12-08 07:27:43 -08:00
d30a1be572
adds new certificates for OCSP tests
2015-12-07 19:55:33 -03:00
346dcb0fd9
adds WOLFSSL_CSR2_OCSP_MULTI support;
2015-11-30 21:26:00 -03:00
07356af78e
prepares BuildCertificateStatus() to send more than one certificate status;
2015-11-30 18:34:00 -03:00
1fbaf089ae
adds support to WOLFSSL_CSR2_OCSP in both DoCertificateStatus() and SendCertificateStatus();
...
adds contingence plan for status_request_v2;
2015-11-24 00:47:27 -03:00
f9d6464793
adds basic extension code for CERTIFICATE_STATUS_REQUEST_V2;
...
fixes EncodeOcspRequestExtensions() length check;
2015-11-23 23:42:05 -03:00
96e18a8c68
adds next update verification when decoding the OcspResponse;
...
fixes memleak in GetOcspStatus(); If the status was outdated, the responseBuffer was allocated twice;
consider error in OcspResponseDecode() also a BAD_CERTIFICATE_STATUS_ERROR;
2015-11-23 15:11:51 -03:00
f3131fb5d6
adds next update time to ocspd.sh
2015-11-23 13:34:27 -03:00
b820619e6c
updates certs;
...
adds ocsp certs;
2015-11-23 09:56:45 -03:00
51f5ded392
adds config to generate ocsp certs
2015-11-23 09:44:39 -03:00
aaad9787db
updates box version to trusty64;
...
fixes provisioning errors;
2015-11-23 09:19:33 -03:00
60b1a0c8be
fixes scan-build warnings
2015-11-16 16:16:48 -03:00
5e4955f689
reuse OcspRequest data in ocsp stapling;
2015-11-16 16:03:48 -03:00
6d6ca56e4e
fixes SendCertificateStatus() loading the CA in the server side to build the OCSP request properly.
2015-11-16 15:31:50 -03:00
24907fc818
adds buffer logging;
2015-11-15 18:43:29 -03:00
12802f40c5
finishes SendCertificateStatus(); sending the stored status;
2015-11-15 16:40:47 -03:00
8ae6bf1641
adds server side Certificate Status Request extension;
...
missing: Finish SendCertificateStatus();
2015-11-15 00:26:11 -03:00
