toddouska
d195009dcb
Merge pull request #1090 from JacobBarthelmeh/Release
...
update readme for known issue
2017-08-07 13:36:53 -07:00
Jacob Barthelmeh
6717035563
update readme for known issue
2017-08-07 13:13:43 -06:00
toddouska
d949832059
Merge pull request #1088 from JacobBarthelmeh/Release
...
prepare for release v3.12.0
2017-08-07 11:49:27 -07:00
toddouska
e9c6fa5f22
Merge pull request #1089 from JacobBarthelmeh/StaticAnalysisTests
...
fix potential memory leaks
2017-08-07 11:47:33 -07:00
Jacob Barthelmeh
1dc2889388
fix potential memory leaks
2017-08-04 16:49:31 -06:00
Jacob Barthelmeh
b55f981d5b
prepare for release v3.12.0
2017-08-04 15:32:27 -06:00
toddouska
df4387cff4
Merge pull request #1083 from dgarske/chacha_noasm
...
Option to disable Intel speedups for ChaCha using `--enable-chacha=noasm`
2017-08-03 15:45:47 -07:00
David Garske
3be4e0823e
Adds option --enable-chacha=noasm to allow disabling the Intel AVX/AVX2 speedups when used with --enable-intelasm.
2017-08-03 13:39:46 -07:00
toddouska
4d6cb66bc1
Merge pull request #1082 from dgarske/fix_intelasm_aesgcm
...
Fixes for `intelasm` and AES GCM with AVX2
2017-08-03 12:35:00 -07:00
toddouska
3f2de7154f
Merge pull request #1080 from abrahamsonn/vcxproj_update
...
added files to wolfssl.vcxproj includes list for windows config testing
2017-08-03 12:15:23 -07:00
toddouska
977e909f60
Merge pull request #1081 from dgarske/chacha20_asm
...
Fix for `intelasm` and ChaCha20
2017-08-03 12:11:59 -07:00
David Garske
4a5ecb8a15
Fix typo with xmm5 (was xxm5). Workaround for Clang issues with AVX2 and using register __m128i tmp3 asm("xmm6"); syntax by using NO_UNROLL option.
2017-08-03 10:47:21 -07:00
abrahamsonn
089a050d7a
added files to wolfssl.vcxproj includes list for windows config testing
2017-08-03 11:00:30 -06:00
David Garske
b0eeed364b
Fix for intelasm and ChaCha20 with causing "error: unknown type name '__m256i'" on some compilers. Fix is to change the __m128i and __m256i to arrays of word64 (source Sean PR #1079 ).
2017-08-03 10:00:20 -07:00
dgarske
80bc089cb5
Merge pull request #1078 from SparkiDev/intel_asm_fixup
...
Stop using positional parameters in inline asm. Fixes issue with `--enable-intelasm --enable-debug` for AES GCM.
2017-08-03 09:32:50 -07:00
Sean Parkinson
31854c1566
Stop using positional parameters in inline asm
2017-08-03 13:55:30 +10:00
dgarske
108f6a4958
Merge pull request #1077 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2017-08-02 15:08:32 -07:00
toddouska
635bacef28
Merge pull request #357 from kojo1/PIC32
...
Fixes for PIC32MZ
2017-08-02 13:14:06 -07:00
Jacob Barthelmeh
433ca50292
remove unneeded XMEMSETs
2017-08-02 14:04:41 -06:00
toddouska
e77e93ef2e
Merge pull request #1065 from JacobBarthelmeh/Testing
...
update DTLS export session version and tests
2017-08-02 11:40:38 -07:00
Jacob Barthelmeh
edce23b563
use memset when initializing DecodedCert structure
2017-08-02 10:50:34 -06:00
Jacob Barthelmeh
43b04af388
adjust sanity check in integer.c to avoid reading uninitialized values
2017-08-02 10:39:05 -06:00
Jacob Barthelmeh
062f3efa6d
adjust integer.c for loop range
2017-08-02 10:29:34 -06:00
David Garske
65b8389af0
Fix for handling hash copies to make sure copied buffer is not free’d. Resolves issues when testing TLS connection with wolfssl_tcp_client and openurl https://www.google.com/ .
2017-08-02 08:42:04 -07:00
dgarske
9f1b17effc
Merge pull request #1076 from JacobBarthelmeh/UnitTests
...
place macro guard on test of RSA-OAEP with SHA1 dependency
2017-08-01 14:05:58 -07:00
dgarske
2d94a3954a
Merge pull request #1075 from JacobBarthelmeh/fast-rsa
...
add sanity check in fast-rsa and change loop behavior when generating…
2017-08-01 14:05:03 -07:00
dgarske
bd20729fba
Merge pull request #1069 from ejohnstown/dtls-mac
...
DTLS Bad MAC Checks
2017-08-01 13:45:19 -07:00
Jacob Barthelmeh
c93d348ecd
fix sesion export buffer to be not dependent on macros defined
2017-08-01 14:19:06 -06:00
David Garske
be432d8d3a
Fix for building in Harmony with crypto.h path.
2017-08-01 12:48:44 -07:00
David Garske
4e735631e7
Fixes for PIC32MZ:
...
* Adds crypto HW support for AES Direct and AES CCM.
* Fixes to enable PIC32MZ hardware hashing where updates are cached via heap buffer and final performs single operations against hardware.
* Fix for benchmark with 1024-bit certs passing in wrong size for `wc_RsaPrivateDecrypt` when using `USE_CERT_BUFFERS_1024`.
* Fix to resolve missing `strncasecmp` for the Microchip XC32. Workaround to use case sensitive version instead. This error occurred when building with HAVE_ECC defined in Harmony with XC32.
* Cleanup of the PIC32MZ crypto and hashing hardware code. Replace `pic32mz-hash.c` with `pic32mz-crypt.c`
* Add user_settings.h for mplabx and mcapi examples.
* Sync up with Harmony changes for MCAPI.
2017-08-01 12:42:09 -07:00
Jacob Barthelmeh
af0514704f
place macro guard on test of RSA-OAEP with SHA1 dependency
2017-08-01 11:46:49 -06:00
Jacob Barthelmeh
c20859e67d
add sanity check in fast-rsa and change loop behavior when generating fast-rsa key
2017-08-01 11:29:16 -06:00
JacobBarthelmeh
b553d36548
Merge pull request #1074 from SparkiDev/tls13_cr
...
Add NULL check after signature alg extension search
2017-08-01 09:01:42 -06:00
Sean Parkinson
24e9f7c43d
Add NULL check after signature alg extension search
2017-08-01 13:55:06 +10:00
dgarske
7cee1c5e8a
Merge pull request #1072 from toddouska/alert
...
add AlertCount to detect dos attempt
2017-07-31 18:29:23 -07:00
toddouska
2296f4806c
Merge pull request #1073 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2017-07-31 18:24:17 -07:00
toddouska
0c753718bd
Merge pull request #1042 from SparkiDev/chacha_asm
...
Intel Assembly optimizations for ChaCha20 - AVX and AVX2
2017-07-31 16:27:17 -07:00
toddouska
a27738b5f9
Merge pull request #1071 from dgarske/cleanup_tests
...
Cleanup AES GCM large test
2017-07-31 16:13:06 -07:00
toddouska
a55e42c14f
Merge pull request #1070 from dgarske/fix_qat_normal_math
...
Fix normal math issue with async and `mp_read_unsigned_bin`
2017-07-31 16:12:08 -07:00
Jacob Barthelmeh
01099fd97e
cast for when compiling with g++-7
2017-07-31 16:58:53 -06:00
Jacob Barthelmeh
08da8df455
sanity check on peer sequence for static analysis report
2017-07-31 16:37:34 -06:00
toddouska
66852a9252
add AlertCount to detect dos attempt
2017-07-31 15:17:54 -07:00
David Garske
2051a05139
Cleanup AES GCM large test. Move test into stack and disable if using BENCH_EMBEDDED.
2017-07-31 14:09:30 -07:00
David Garske
8a11b78960
Fix for normal math mp_read_unsigned_bin where mp_zero was also resetting the raw source. This caused failures with QAT when using normal math.
2017-07-31 14:09:15 -07:00
John Safranek
36a539760a
DTLS Bad MAC Checks
...
1. Make the decrypt and verify MAC failure cases behave the same with
respect to DTLS messages. It should pretend the message never happened.
2. Allow the echoclient to survive the echoserver sending a message with
a bad MAC.
3. Allow the server to survive the client sending a message with a bad MAC.
2017-07-31 13:54:53 -07:00
toddouska
fb53fac1c1
Merge pull request #1067 from JacobBarthelmeh/Memory
...
sanity check on index when adding cipher suites
2017-07-31 12:03:49 -07:00
toddouska
62ce8c8b81
Merge pull request #1066 from dgarske/no_certs
...
Fix for building with `NO_CERTS` or `NO_WOLFSSL_SERVER` defined.
2017-07-31 12:01:39 -07:00
toddouska
87611fdb5d
Merge pull request #1064 from SparkiDev/cpuid_fix
...
Fix cpuid to work with different configs
2017-07-31 11:59:17 -07:00
Jacob Barthelmeh
5564be6113
sanity check on index when adding cipher suites
2017-07-28 17:42:52 -06:00
David Garske
3387b12a9a
Fix for building with NO_CERTS or NO_WOLFSSL_SERVER defined.
2017-07-28 15:24:53 -07:00
Jacob Barthelmeh
e1ccc5acad
update DTLS export session version and tests
2017-07-28 14:27:24 -06:00
Sean Parkinson
d452f97e99
Fix cpuid to work with different configs
...
Fix 'may be uninitialized' warning in aes.c
Fix memory overwrite in AES-CBC when using AESNI.
2017-07-28 08:41:49 +10:00
dgarske
bc72d0c2d5
Merge pull request #1063 from JacobBarthelmeh/Testing
...
C89 compliance with variable declaration
2017-07-26 16:19:25 -07:00
dgarske
d5cf5f9887
Merge pull request #1062 from JacobBarthelmeh/UnitTests
...
update sanity checks with ARMv8 port
2017-07-26 16:18:37 -07:00
Jacob Barthelmeh
0978dd4285
C89 compliance with variable declaration
2017-07-26 15:29:00 -06:00
JacobBarthelmeh
dc7acc0400
Merge pull request #1059 from dgarske/fix_leaks
...
Fix for PKCS12 dynamic type names
2017-07-26 11:52:42 -06:00
Jacob Barthelmeh
637ca44e6a
update sanity checks with ARMv8 port
2017-07-26 11:05:20 -06:00
dgarske
05ed5cafc2
Merge pull request #1061 from SparkiDev/tls13_leantls
...
Fixes for LEANTLS and TLS13 builds
2017-07-25 21:01:00 -07:00
dgarske
41e2b236aa
Merge pull request #1051 from kaleb-himes/fsanitize-fixes
...
Fsanitize fixes
2017-07-25 20:57:43 -07:00
dgarske
fbf4e94bcf
Merge pull request #1060 from SparkiDev/tls13_memleak
...
Fix memory leak when not using fast math and TLS13.
2017-07-25 20:55:42 -07:00
Sean Parkinson
038d16212f
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
Sean Parkinson
59450e83fa
Fix memory leak when not using fast math.
2017-07-26 09:48:34 +10:00
Chris Conlon
e1830772de
Merge pull request #1056 from JacobBarthelmeh/UnitTests
...
check return values with new unit tests
2017-07-25 16:34:41 -06:00
David Garske
55b07019a0
Fix for PKCS12 dynamic type names (also fix to use manual realloc since its NUMA type and that behaves different).
2017-07-25 15:19:34 -07:00
David Garske
c03487d463
Fix for dynamic type of ED25519 key and PK_CALLBACK buffer not being free’d. Fix for portNumber stack var being used out of scope.
2017-07-25 15:07:58 -07:00
Jacob Barthelmeh
4fead493e7
add to return values checked
2017-07-25 14:44:40 -06:00
Jacob Barthelmeh
4438b8e92d
update unit test case with DES3 and FIPS
2017-07-25 14:42:17 -06:00
Jacob Barthelmeh
5b0022fba0
HMAC key size when testing with FIPS
2017-07-25 14:42:17 -06:00
Jacob Barthelmeh
1b80e5a75f
check return values with new unit tests
2017-07-25 14:42:17 -06:00
toddouska
ef98e96767
Merge pull request #1058 from jrblixt/fix-AesFipsSanityCheck
...
Unit test GCM sanity check Fips change.
2017-07-25 13:30:35 -07:00
toddouska
a076a2f0d8
Merge pull request #1055 from JacobBarthelmeh/Memory
...
fix memory management with --enable-fast-rsa make key and free RSA ke…
2017-07-25 11:03:16 -07:00
toddouska
69d4bcbfd5
Merge pull request #1048 from dgarske/fix_custcurve
...
Fixes for using custom curves with `wc_ecc_set_custom_curve`
2017-07-25 10:59:58 -07:00
toddouska
f9dee9adcc
Merge pull request #1057 from kaleb-himes/TIRTOS-UPDATE
...
Add dependancy file to tirtos package.bld
2017-07-25 10:25:52 -07:00
toddouska
4939c3eeef
Merge pull request #1030 from SparkiDev/aesni_sha384
...
Assembly optimization for AES-NI, and AVX1 and AVX2
2017-07-25 09:35:43 -07:00
Chris Conlon
874144be73
Merge pull request #1046 from kojo1/zendesk-3052
...
io.h for VxWorks
2017-07-25 09:53:15 -06:00
jrblixt
f8e2f596d6
Unit test GCM sanity check Fips change.
2017-07-25 09:23:19 -06:00
Chris Conlon
e9f87b9f33
Merge pull request #1054 from jrblixt/fix-RsaSetRng
...
Fix rsa set rng
2017-07-25 09:16:14 -06:00
Sean Parkinson
e8e1504d9f
Alignment fix
2017-07-25 15:41:33 +10:00
David Garske
08488b52b7
Fix for wolfCrypt test custom curve test not setting wc_ecc_set_custom_curvebefore calling wc_ecc_import_x963_ex. Fix for using ECC_CACHE_CURVE option and wc_ecc_set_custom_curve. Added error checking for wc_ecc_set_custom_curve calls. Reverted ASN header change in test.c.
2017-07-24 21:04:18 -07:00
David Garske
33e214ffc1
Fix to allow ECC set curve size with curve_id == 0. Added wolfCrypt tests / example for using wc_ecc_set_custom_curve for BRAINPOOLP256R1.
2017-07-24 17:24:23 -07:00
David Garske
5180cf4cce
Fix ECC sign with custom curves so the custom params (dp) are passed to public key used for sign.
2017-07-24 17:21:51 -07:00
David Garske
f147b01674
Fixes for using WOLFSSL_CUSTOM_CURVES and wc_ecc_set_custom_curve. Fixes resolves issue with ->dp and ->idx getting reset which caused curve parameters to not be set correctly. Proper sequence for using custom curves is ‘wc_ecc_init, wc_ecc_set_custom_curve then wc_ecc_make_key_ex(…, ECC_CUSTOM_IDX)’ or wc_ecc_import_x963_ex(…, ECC_CUSTOM_IDX). Test case and example to follow shortly.
2017-07-24 17:21:51 -07:00
Sean Parkinson
b23f983604
Intel Assembly optimizations for ChaCha20 - AVX and AVX2
2017-07-25 10:19:02 +10:00
Takashi Kojo
2329e37d97
Remove options outside VxWorks
2017-07-25 09:07:30 +09:00
Sean Parkinson
8e38dcc347
Tidy code up - use local static for cpuid flags
2017-07-25 08:50:39 +10:00
Sean Parkinson
bde6a35ac4
Assembly optimization for AES-NI, and AVX1 and AVX2
...
Unroll the loop for 8.
Use new optimized maths.
Fix SHA-384 to use SHA-512 assembly code.
Only perform CPU id check in one place.
2017-07-25 08:50:39 +10:00
toddouska
36c2ee92dc
Merge pull request #1050 from JacobBarthelmeh/ARMv8
...
Xilinx port
2017-07-24 15:37:05 -07:00
Jacob Barthelmeh
1040bbde16
fix memory management with --enable-fast-rsa make key and free RSA key before calling make key function
2017-07-24 16:20:27 -06:00
toddouska
be61d7fca3
Merge pull request #1044 from ejohnstown/dtls-multicast
...
DTLS Multicast
2017-07-24 14:20:26 -07:00
jrblixt
6df9bc07a4
RSA Fips harness fix.
2017-07-24 13:21:06 -06:00
jrblixt
e68ceb3d2c
Guard against WC_RSA_BLINDING in api.c unit test.
2017-07-24 09:51:50 -06:00
toddouska
95664fdd05
Merge pull request #1041 from dgarske/armc0
...
Fixes for building with custom options
2017-07-24 08:40:51 -07:00
toddouska
9d919ca947
Merge pull request #1049 from dgarske/fix_asynchmac
...
Fixes for building with Async
2017-07-24 08:36:20 -07:00
kaleb-himes
0fed9c1dc5
Add dependancy file to tirtos package.bld
2017-07-24 08:32:01 -06:00
Jacob Barthelmeh
59a46d08d9
Xilinx port
2017-07-21 17:39:47 -06:00
David Garske
26ac5e1ab7
Fix for error: array subscript is below array bounds warning with GCC 7. Added check to prevent negative value from being used against array.
2017-07-21 12:00:28 -07:00
David Garske
b7dac4911b
Fix for using Async and HMAC when its not Intel QuickAssist.
2017-07-21 11:43:01 -07:00
dgarske
9e3497b3d5
Merge pull request #1047 from JacobBarthelmeh/Testing
...
macro guard to check if ECC is enabled
2017-07-21 10:34:13 -07:00
David Garske
f0d6299581
Fix issue with benchmark_init refactor where malloc failure could use null pointer. Added error checking on the wolfCrypt_Init().
2017-07-21 09:31:12 -07:00
Takashi Kojo
173283208b
add WOLFSSL_HAVE_MAX in settings.h
2017-07-21 12:42:24 +09:00
Takashi Kojo
bd6633a31c
#elif defined(WOLFSSL_VXWORKS) in io.h
2017-07-21 12:37:32 +09:00
Jacob Barthelmeh
e3ffd7d539
macro guard to check if ECC is enabled
2017-07-20 16:38:53 -06:00
David Garske
7a972d9611
Fix warning for signed/unsigned comparison.
2017-07-20 11:35:52 -07:00
toddouska
cf9dfac877
Merge pull request #1043 from SparkiDev/sha3_be
...
Big endian fix for SHA-3
2017-07-20 09:14:00 -07:00
Sean Parkinson
d6190507ac
Big endian fix for SHA-3
2017-07-20 16:53:36 +10:00
dgarske
8bfbabd147
Merge pull request #1040 from jrblixt/fix-FreeToHash
...
Added Free functions to hash unit test.
2017-07-19 18:19:28 -07:00
David Garske
0a63221220
Fix for SHA3 benchmark digest size for 224. Fix for building track and debug memory together. Fix for hash test order of SHA256 wrong. Fix for asn SkipObjectId missing, when RSA and ECC disabled. Enhancement to allow individual bench calls with bench init/free.
2017-07-19 18:14:57 -07:00
dgarske
7d82d7235a
Merge pull request #1038 from JacobBarthelmeh/Testing
...
fix warnings found building on a PPC
2017-07-19 16:54:50 -07:00
John Safranek
0fee243b75
Multicast DTLS
...
Restored the multicast key setting code that was lost during rebase.
2017-07-19 14:01:29 -07:00
John Safranek
935bf9028d
DTLS Multicast
...
1. Keep track of the number of records a session drops for having a
bad MAC or detected as replayed.
2. Add function to access the drop statistics.
2017-07-19 13:38:31 -07:00
John Safranek
3329aa7bef
DTLS Multicast
...
Added an API so a session may be queried to see if it has seen any messages
from a specified peerId.
2017-07-19 13:38:31 -07:00
John Safranek
6223f4cd8e
fix a couple rebase merge errors
2017-07-19 13:38:31 -07:00
John Safranek
43f3e304e6
DTLS Multicast
...
Added a parameter check to wolfSSL_mcast_read().
2017-07-19 13:36:42 -07:00
John Safranek
1d32409651
DTLS Multicast
...
1. Allow the MTU size to be changed at compile time for memory
contrained environments using static memory.
2. Add compile time option to disable the check for DTLS messages
in the current epoch with an outside-the-window sequence number.
2017-07-19 13:36:42 -07:00
John Safranek
3b5e537f08
DTLS Multicast
...
wolfSSL_set_secret() was checking the preMasterSz against the sizeof
the preMasterSecret member of the Arrays structure. That member
was changed to a pointer and allocated dynamically for the session
write-duping. The comparison between the passed in size and the size
of the parameter started failing. The check now uses the constant
that is used for allocating the preMasterSecret member.
2017-07-19 13:36:42 -07:00
John Safranek
4c5ddc8482
Multicast DTLS
...
Handshake resources are required for Multicast DTLS to calculate the
session keys. When the session key is set, free the handshake resources.
2017-07-19 13:36:42 -07:00
John Safranek
6509faa78d
Several parameters stored with DTLS session export have moved into
...
a wrapper structure. Updated the references.
2017-07-19 13:36:42 -07:00
John Safranek
1d5c6cce00
Fix some small things compiling with a different compiler, and some
...
other options.
1. Missing prototype for the Mcast receive I/O callback.
2. When disabling SHA-1, the old DTLS cookie callback wouldn't work.
Allow for SHA-256.
2017-07-19 13:36:42 -07:00
John Safranek
fbd7f7972b
Multicast
...
1. Used quotes rather than angle-brackets when including
user_settings.h.
2. Used angle-brackets rather than quotes when including
the ThreadX and NetX headers.
3. Added a define flag to include types.h with NetX or ThreadX.
4. Added a void typecast to hush a warning about an unused variable
in the I/O callbacks for NetX.
5. Clean up static analysis warning in the peer sequence
number selection for DTLS.
2017-07-19 13:36:41 -07:00
David Garske
b40aad3f9e
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-07-19 13:35:59 -07:00
John Safranek
6097d29045
DTLS Multicast
...
1. Restore original EmbedRecvFrom callback.
2. Add new EmbedRecvFromMcast callback. (EmbedSendTo still the same.)
3. Set new receive from callback when setting the member ID.
4. Fixed bad rebase change.
2017-07-19 13:34:32 -07:00
John Safranek
af1a9ca908
Multicast
...
1. Squash a couple unused variable warnings.
2017-07-19 13:34:32 -07:00
John Safranek
1657569605
DTLS Multicast
...
1. Adding the prototypes for the sequence number high water callback.
2. Added the accessors to set the highwater callback function,
trigger levels, and application context.
3. Calls the highwater callback at specified sequence number thresholds
per peer.
2017-07-19 13:34:32 -07:00
John Safranek
96c25b2caa
DTLS Multicast
...
1. Separated the peer ID from the array index into the peer sequence
list. This allows peer IDs to range from 0..255, and to have an
arbitrary size for the sequence list.
2. Add API to add and remove peer IDs from the sequence number list.
2017-07-19 13:33:58 -07:00
John Safranek
3f330a2b21
Multicast
...
1. Move the function `wolfSSL_mcast_read()` to
follow `wolfSSL_read_internal()`.
2. Implemented `wolfSSL_mcast_read()`.
2017-07-19 13:33:58 -07:00
John Safranek
60c6c32ad3
Multicast DTLS
...
Tweak the size of the Peer Sequence list.
2017-07-19 13:33:58 -07:00
John Safranek
fa4a8fee8c
DTLS Multicast
...
1. Temporary change to io.c to recieve datagrams from any peer.
2. Uses an array of Peer Sequence structures to track the current
sequence number of all the peers.
2017-07-19 13:33:57 -07:00
John Safranek
0457df83d4
Multicast
...
1. When setting the key data, use same keys for server and client
sides of the different keys. This feels a little kludgey, and
won't work when using separate senders and listeners who may
use unicast messages. But this works for the all peers are
multicast senders case.
2017-07-19 13:33:57 -07:00
John Safranek
30a54a4860
Multicast
...
1. Add haveMcast as an exception case for needing a signing key along
with havePSK and haveAnon.
2017-07-19 13:31:39 -07:00
John Safranek
41638b437b
DTLS Multicast
...
1. Add configured group ID to outbound DTLS datagrams.
2. Parse the group ID from inbound DTLS datagrams.
2017-07-19 13:31:39 -07:00
John Safranek
dd9800856d
Multicast DTLS
...
When setting the new secret, in DTLS mode, update the sequence
numbers, message windows, and epoch.
2017-07-19 13:31:39 -07:00
John Safranek
431a0cbea9
Multicast
...
1. Since multicast's only cipher suite uses null cipher
automatically enable it.
2. Add options to example client and server to start
testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
2017-07-19 13:31:39 -07:00
jrblixt
f83a593f27
Added Free functions to hash unit test.
2017-07-19 14:28:41 -06:00
John Safranek
b616b8df02
Multicast DTLS
...
1. Update API
2. Update unit test
3. Partially implemented wolfSSL_set_secret().
2017-07-19 13:26:23 -07:00
John Safranek
0838a3828b
Multicast DTLS
...
1. Added new cipher suite for use with Multicast DTLS,
WDM_WITH_NULL_SHA256. (It should be a private suite.)
2. Update the API test to use the new suite.
2017-07-19 13:26:23 -07:00
John Safranek
5154584576
Multicast DTLS
...
1. Add DTLS-multicast to the enable options.
2. Reorg DTLS related enable options together.
3. Update a couple enable option texts to use the AS_HELP_STRING() macro.
4. Add three new APIs for managing a DTLS Multicast session.
5. Add test code for new APIs.
6. Add stub code for the new APIs.
2017-07-19 13:26:23 -07:00
Chris Conlon
b3a20470fd
Merge pull request #1036 from jrblixt/unitTest_api_addHc128-PR07182017
...
Unit test functions for HC128.
2017-07-19 13:29:18 -06:00
jrblixt
5c19b7bfe0
Changes per Chris.
2017-07-19 11:24:56 -06:00
Chris Conlon
667b8431cc
Merge pull request #683 from moisesguimaraes/wolfssl-py
...
wolfssl python wrapper
2017-07-19 09:22:02 -07:00
Jacob Barthelmeh
81f09e575e
fix warnings found building on a PPC
2017-07-19 09:24:45 -06:00
jrblixt
d2245b9614
Unit test functions for HC128.
2017-07-19 09:18:48 -06:00
Chris Conlon
5f17598d47
Merge pull request #1035 from jrblixt/Api_c-Fix
...
api.c fix.
2017-07-18 15:46:12 -07:00
Chris Conlon
0e6b0a6156
Merge pull request #1033 from jrblixt/unitTest_api_addAesCcm-PR07172017
...
Unit test functions for AES-CCM.
2017-07-18 15:44:12 -07:00
jrblixt
e68f1b2cec
api.c fix.
2017-07-18 11:02:19 -06:00
Moisés Guimarães
c93a903cae
atualiza lista de arquivos incluídos na versão de distribuição.
2017-07-18 11:36:07 -03:00
dgarske
47fd21dc63
Merge pull request #1032 from JacobBarthelmeh/SGX
...
fix macro check with SGX settings
2017-07-17 19:07:28 -07:00
jrblixt
5671a4cb49
Added unit test functions for AES-CCM.
2017-07-17 15:58:11 -06:00
Chris Conlon
808f4692c7
Merge pull request #993 from jrblixt/unitTest_api_addRsa-PR06222017
...
Add RSA to unit test.
2017-07-17 13:42:42 -07:00
jrblixt
fdb371e82e
Changes per Chris.
2017-07-17 10:43:36 -06:00
Jacob Barthelmeh
c4f0bd6172
fix macro check with SGX settings
2017-07-17 09:36:45 -06:00
dgarske
cc4ca6a44a
Merge pull request #1029 from kaleb-himes/RIOT_OS_PORTABILITY
...
Riot os portability and minor design modifications
2017-07-17 05:16:56 -07:00
kaleb-himes
a7390e32ec
Identified two more old-style definitions in test app
2017-07-16 16:01:52 -06:00
kaleb-himes
e51225aca6
Address typo in RIOT_OS settings and removed ECC as a default feature
2017-07-16 14:22:15 -06:00
kaleb-himes
8acf709b59
Address some old-style function definitions found in RIOT testing
2017-07-16 14:18:58 -06:00
dgarske
f7cd8a0f15
Merge pull request #1028 from JacobBarthelmeh/SGX
...
update SGX macros for harden
2017-07-14 19:42:29 -07:00
Jacob Barthelmeh
12795e9a40
update SGX macros for harden
2017-07-14 16:59:11 -06:00
toddouska
9e9dbc5e97
Merge pull request #1026 from dgarske/curve_128bit
...
Fix for ARMv8 and Curve25519 with debug enabled
2017-07-14 13:27:22 -07:00
David Garske
8612d52844
Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the __int128_t as const for integers. Also added ./configure --enable-curve25519=no128bit option to force FE to not use the int128_t math.
2017-07-14 10:39:30 -07:00
dgarske
8b55122ba0
Merge pull request #1024 from JacobBarthelmeh/UnitTests
...
adjust size of test buffer
2017-07-13 16:48:00 -07:00
dgarske
a0e918c350
Merge pull request #1022 from JacobBarthelmeh/curve25519
...
build for ed25519 only
2017-07-13 12:30:26 -07:00
Jacob Barthelmeh
ba48221c41
adjust size of test buffer
2017-07-13 13:21:09 -06:00
dgarske
af8b96e277
Merge pull request #1021 from toddouska/zeroret
...
don't treat peer closed / zero return as hard error in example servers
2017-07-13 09:11:31 -07:00
toddouska
4491102eed
Merge pull request #1018 from dgarske/fix_tfm_rusb_max
...
Fix for fast math `fp_read_unsigned_bin` function to check max size
2017-07-13 09:27:02 -06:00
David Garske
d559eb0f4f
Fix for fast math fp_read_unsigned_bin function to check max and correctly set a->used (is handled in fp_mul_2d).
2017-07-12 16:39:26 -07:00
Chris Conlon
43260f02f4
Merge pull request #1020 from toddouska/null
...
add NULL checks to check_domain_name()
2017-07-12 14:58:07 -07:00
toddouska
b12e3c6579
Merge pull request #1019 from JacobBarthelmeh/Testing
...
update AES CTR API with ARMv8 port
2017-07-12 15:57:25 -06:00
Jacob Barthelmeh
c4fe67b633
build for ed25519 only
2017-07-12 15:53:11 -06:00
JacobBarthelmeh
b4f9c46069
Merge pull request #1011 from dgarske/fixes_armv8
...
Fixes for building ARMv8 (--enable-armasm)
2017-07-12 15:44:31 -06:00
toddouska
19787e6d4f
don't treat peer closed / zero return as hard error in example servers
2017-07-12 14:15:16 -06:00
David Garske
c777097e54
Fix wc_AesGcmDecrypt arg check for authIn.
2017-07-12 09:49:27 -07:00
toddouska
b02c995fff
add NULL checks to check_domain_name()
2017-07-12 10:16:31 -06:00
David Garske
5bb8de627e
Fixes based on peer review (thanks).
2017-07-12 09:04:10 -07:00
toddouska
43ad30d364
Merge pull request #1016 from dgarske/fix_harden
...
Warn if hardening options are not defined and not disabled using `WC_NO_HARDEN`
2017-07-12 09:27:32 -06:00
toddouska
dc5e6f789d
Merge pull request #1017 from dgarske/bigend
...
Fix for big endian seg fault in `SendCertificateVerify`
2017-07-12 09:25:25 -06:00
Jacob Barthelmeh
9d7e8a83c9
update AES CTR API with ARMv8 port
2017-07-11 17:13:32 -06:00
toddouska
7853440d89
Merge pull request #1015 from dgarske/config_ignore_cleanup
...
Improve the Git ignore formula for `config`
2017-07-11 15:42:08 -07:00
toddouska
3ff088b92f
Merge pull request #1014 from dgarske/atecc508a
...
Fixes for building with ATECC508A
2017-07-11 15:41:05 -07:00
jrblixt
00724c95a9
Add RSA to unit test.
2017-07-11 09:57:33 -06:00
Chris Conlon
f8c0a52170
Merge pull request #996 from jrblixt/unitTest_api_addAes-PR06152017
...
Unit test api add AES.
2017-07-11 08:36:13 -07:00
David Garske
69e9aa29f2
Fix for big endian platform in SendCertificateVerify where seg fault occurred due to passing a int pointer to a word16 pointer, which caused wrong bits to get set. Fix to replace int with word16. Tests pass now. Also searched for other (word16*)& scenarios and only other place was in ntru code, which was also fixed.
2017-07-10 20:00:37 -07:00
David Garske
a5cdbb18cb
Reworked the AES Key Wrap to use existing code in aes.c (instead of duplicating code in armv8-aes.c). Cleanup for GE/FE math on 32-bit to remove duplicate #ifdef check. Fixed AES GCM arg check for authIn to allows NULL.
2017-07-10 19:12:41 -07:00
David Garske
792fcefbb7
Fix to not warn about WC_RSA_BLINDING in FIPS mode. Add WC_RSA_BLINDING to Windows user_settings.h.
2017-07-10 18:41:22 -07:00
David Garske
171796e8e2
Fix up for building without ./configure to warn if hardening options are not enabled. Currently ./configure defaults to --enable-harden, but if building sources directly and using settings.h or user_settings.h the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining WC_NO_HARDEN.
2017-07-10 14:40:07 -07:00
David Garske
cebcee34dd
Improve the Git ignore formula for config. Fixes issue #1012 .
2017-07-10 14:21:19 -07:00
dgarske
f9c949e7e5
Merge pull request #871 from danielinux/rm-wolfssl.pc
...
Remove automatically generated file wolfssl.pc
2017-07-10 14:16:48 -07:00
David Garske
58c05123da
Fixes for building with ATECC508A. Allow ECC check key to pass if slot numb is valid.
2017-07-10 11:07:24 -07:00
David Garske
205da48416
Fixes for building ARMv8. Adds missing SHA224 and AES KeyWrap. Fixes for FE/GE warning with Aarch32. Fix possible build error with ed25519_test with ret not defined.
2017-07-07 15:12:51 -07:00
toddouska
b6854d620f
Merge pull request #1009 from dgarske/fix_tls13_async_aes
...
Fix problem with async TLS 1.3 and raw AES encryption key change
2017-07-06 15:39:22 -07:00
toddouska
626eeaa63d
Merge pull request #1005 from SparkiDev/nginx-1.13.2
...
Changes for Nginx
2017-07-06 14:33:46 -07:00
jrblixt
ced45ced41
Changes requested by Chris.
2017-07-06 13:42:54 -06:00
Sean Parkinson
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
toddouska
4b9069f786
Merge pull request #1008 from dgarske/fix_async_frag
...
Fixes for using async with max fragment
2017-07-05 11:00:26 -07:00
toddouska
e767d40656
Merge pull request #1006 from cconlon/mqx
...
Update MQX Classic, mmCAU Ports
2017-07-05 10:30:20 -07:00
David Garske
df119692d1
Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment.
2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
toddouska
2939fbe242
Merge pull request #1004 from dgarske/fix_qat_dh
...
Fixes for QAT with DH and HMAC
2017-07-03 12:31:48 -07:00
Moisés Guimarães
1729e0205f
reads _CADATA from file
2017-07-03 12:39:42 -03:00
Moisés Guimarães
54177c14b4
imports certs from ./certs
2017-07-03 12:31:47 -03:00
Moisés Guimarães
bba3fcf772
removes certs
2017-07-03 12:22:22 -03:00
David Garske
c9a2c4ef02
Fix problem with async TLS 1.3 with hardware where encryption key is referenced into ssl->keys and changes before it should be used. Solution is to make raw copy of key and IV for async AES.
2017-06-30 16:41:01 -07:00
David Garske
6a695b76cb
Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration).
2017-06-30 11:48:59 -07:00
David Garske
a025417877
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
2017-06-30 11:35:51 -07:00
JacobBarthelmeh
a3375ef961
Merge pull request #997 from NickolasLapp/master
...
Updates to Linux-SGX README, and disable automatic include of
2017-06-30 11:48:12 -06:00
dgarske
d956181911
Merge pull request #1003 from jrblixt/asn_cMemLeak-fix
...
Fix possible memory leak in wc_SetKeyUsage.
2017-06-29 15:28:53 -07:00
jrblixt
baf6bdd6e1
asn.c memory leak fix.
2017-06-29 14:55:19 -06:00
toddouska
31e1d469c0
Merge pull request #1002 from SparkiDev/tls13_imprv
...
Improvements to TLS v1.3 code
2017-06-29 09:21:20 -07:00
Chris Conlon
bba914f92e
protect wolfSSL_BN_print_fp with NO_STDIO_FILESYSTEM
2017-06-29 08:52:45 -06:00
Sean Parkinson
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
Chris Conlon
c099137450
add classic Kinetis mmCAU support, FREESCALE_USE_MMCAU_CLASSIC
2017-06-28 16:32:35 -06:00
Chris Conlon
15a1c9d48e
fixes for MQX classic with Codewarrior
2017-06-28 12:28:40 -06:00
Chris Conlon
a89e50b7b7
include settings.h in wc_port.h to pick up user_settings.h
2017-06-28 12:25:44 -06:00
toddouska
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
toddouska
b29cd414ef
Merge pull request #995 from SparkiDev/tls13_cookie
...
Add TLS v1.3 Cookie extension support
2017-06-28 10:12:49 -07:00
David Garske
47cc3ffdbc
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
Sean Parkinson
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
Nickolas Lapp
d4e104231c
Updates to Linux-SGX README, and disable automatic include of
...
benchmark/wolfcrypt tests in static library compile
2017-06-26 14:55:13 -07:00
jrblixt
a3b21f0394
Aes unit test functions.
2017-06-26 15:16:51 -06:00
Sean Parkinson
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
JacobBarthelmeh
3bdf8b3cfd
remove fcntl.h include when custom generate seed macro is defined ( #994 )
2017-06-23 14:03:07 -07:00
Kincade Pavich
fbc4123ec0
Added -x option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
toddouska
8ef556c2a0
Merge pull request #991 from JacobBarthelmeh/Testing
...
update .am files for make dist
2017-06-22 15:02:12 -07:00
Jacob Barthelmeh
b0f87fdcf7
update .am files for make dist
2017-06-22 14:14:45 -06:00
toddouska
72da8a9a07
Merge pull request #731 from moisesguimaraes/fixes-ocsp-responder
...
adds OCSP Responder extKeyUsage validation
2017-06-22 11:43:51 -07:00
toddouska
d017274bff
Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix
...
Fix potential buffer over-read in PemToDer()
2017-06-22 10:07:11 -07:00
David Garske
3a4edf75bd
Rename the option to disable the new issuer sign check to ‘WOLFSSL_NO_OCSP_ISSUER_CHECK`.
2017-06-22 09:56:43 -07:00
dgarske
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
Chris Conlon
ccb8e8c976
Merge pull request #988 from jrblixt/unitTest_api_addArc4-PR06212017
...
Add Arc4 to unit test.
2017-06-22 09:15:28 -06:00
Sean Parkinson
207b275d24
Fix HelloRetryRequest for Draft 18
2017-06-22 14:40:09 +10:00
Sean Parkinson
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
Levi Rak
a37808b32c
Sanity checkes added
2017-06-21 17:14:20 -06:00
jrblixt
1aee054902
Add Arc4 to unit test.
2017-06-21 17:03:27 -06:00
David Garske
a3578c6643
Adds WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN option to provide backwards compatibility option for OCSP checking.
2017-06-21 14:12:12 -07:00
David Garske
7a3769f435
Fix wolfCrypt errors test to allow -178.
2017-06-21 14:12:12 -07:00
Moisés Guimarães
4bb17205fe
adds new ocsp test
2017-06-21 14:12:12 -07:00
Moisés Guimarães
a9d5dcae58
updates ocsp tests; adds check for OCSP response signed by issuer.
2017-06-21 14:12:12 -07:00
Moisés Guimarães
42a2f5858e
adds OCSP Responder extKeyUsage validation
2017-06-21 14:12:12 -07:00
toddouska
9ead657723
Merge pull request #989 from dgarske/testing
...
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
2017-06-21 14:10:49 -07:00
toddouska
cd570a01f2
Merge pull request #975 from dgarske/ed_curve_small
...
Allow different Ed25519/Curve25519 math versions
2017-06-21 13:00:33 -07:00
Levi Rak
247388903b
Remove double cast + move min() calls
2017-06-21 13:56:34 -06:00
David Garske
fec75e445e
Fix for build error in master from QAT fixes in PR #967 . Odd that this build error didn’t show up till just now.
2017-06-21 12:52:03 -07:00
Kaleb Himes
64873489ef
Merge pull request #977 from cconlon/cms
...
add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
2017-06-21 11:54:20 -06:00
David Garske
d75a9f2436
Fix for wc_ReadDirFirst to return non-zero value if no files found. Fix for wolfSSL_CTX_load_verify_locations to not return failure due to wc_ReadDirNext “no more files” -1 response.
2017-06-21 10:36:49 -07:00
David Garske
2f9f746053
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-21 10:36:49 -07:00
David Garske
0fa99fcc2e
Fix for openssl script test reporting ./scripts/openssl.test: line 219: psk: command not found.
2017-06-21 10:36:49 -07:00
David Garske
3e06beac19
Additional edge case build error with 32-bit and small where int32_t not defined due to stdint.h not being included.
2017-06-21 10:13:20 -07:00
Chris Conlon
c183e03802
Merge pull request #986 from jrblixt/unitTest_api_addRabbit-PR06192017
...
Add Rabbit unit test functions.
2017-06-21 10:45:41 -06:00
Sean Parkinson
decdf7ae8b
Cleanup
2017-06-21 16:56:51 +10:00
Sean Parkinson
1549a60aa5
Put back Draft 18 code
2017-06-21 08:35:28 +10:00
Sean Parkinson
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
Kaleb Himes
97906bfdb2
Merge pull request #982 from JacobBarthelmeh/Testing
...
set return code to TEST_SUCCESS on successful connection
2017-06-20 16:21:50 -06:00
toddouska
8b637cbd1b
Merge pull request #967 from dgarske/fix_qat
...
Fixes and Improvements for Intel QuickAssist
2017-06-20 14:49:56 -07:00
toddouska
a555b5e54a
Merge pull request #987 from SparkiDev/nginx_fix
...
Fix for Nginx - return specific error when at end of file
2017-06-20 14:28:34 -07:00
jrblixt
c14e2d5888
Add Rabbit unit test functions.
2017-06-20 15:16:12 -06:00
Daniele Lacamera
6e6b341b46
Removed automatically generated file wolfssl.pc
2017-06-20 10:39:02 +02:00
Sean Parkinson
d5b1698c43
Fix for Nginx - return specific error when at end of file
2017-06-20 09:27:24 +10:00
David Garske
4950c644cd
Fix edge case on 32-bit with ED small only.
2017-06-19 10:15:05 -07:00
David Garske
7fdb7037d8
Fixes for building Ed/Curve for building on 32/64 bit with uint64_t. Fixes for build with Ed/Curve with ECC disabled.
2017-06-19 10:09:12 -07:00
Chris Conlon
2a688bf905
Merge pull request #972 from jrblixt/unitTest_api_addCamellia-PR06142017
...
Add Camellia unit test functions.
2017-06-19 09:33:19 -06:00
Jacob Barthelmeh
c118146803
set return code to TEST_SUCCESS on successful connection
2017-06-19 09:26:16 -06:00
David Garske
ee83710a0a
Fix for building only curve small and ed disabled. Fix for client assuming supported curves is enabled with curve.
2017-06-16 16:17:01 -07:00
jrblixt
6a2824f199
Add Camellia unit test functions..
2017-06-16 16:27:03 -06:00
Chris Conlon
e0e8d14630
Merge pull request #970 from jrblixt/unitTest_api_addChacha-PR06142017
...
Add ChaCha unit test functions.
2017-06-16 16:15:39 -06:00
Chris Conlon
816b0b058c
add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
2017-06-16 15:16:32 -06:00
jrblixt
43d6b7a145
Add ChaCha unit test functions.
2017-06-16 13:00:17 -06:00
Levi Rak
17936d65e0
please Jenkins + a bit of cleanup
2017-06-16 12:27:59 -06:00
dgarske
2f36b24796
Merge pull request #973 from JacobBarthelmeh/Testing
...
add sanity check for wolfSSL_X509_NAME_oneline function
2017-06-16 10:54:02 -07:00
Levi Rak
4389d271cc
Fixed potential buffer overflows when configured with --enable-opensslextra
2017-06-16 11:02:06 -06:00
David Garske
3c173ba366
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with CURVED25519_SMALL define. Adds new defines CURVE25519_SMALL and ED25519_SMALL to allow individual enabling of math library choice (_low_mem or _operations). Example: ./configure --enable-ed25519=small --enable-curve25519.
2017-06-16 09:41:10 -07:00
Chris Conlon
e6f0ee84ec
Merge pull request #971 from jrblixt/unitTest_api_addIdea-PR06142017
...
Add IDEA unit test functions.
2017-06-15 13:12:52 -06:00
Jacob Barthelmeh
bb6582896d
add sanity check for wolfSSL_X509_NAME_oneline function
2017-06-15 11:55:37 -06:00
jrblixt
d5a43af751
Code review changes. Reviewer: Chris.
2017-06-15 11:12:01 -06:00
dgarske
1d303f5f61
Merge pull request #966 from cconlon/ecc_asn
...
fix wc_EccPrivateKeyDecode when pub exists
2017-06-15 08:42:09 -07:00
jrblixt
25ce52cd0c
Add IDEA unit test functions.
2017-06-14 23:43:00 -06:00
dgarske
2b085351b6
Merge pull request #968 from JacobBarthelmeh/Testing
...
silence "may be used uninitialized" warning
2017-06-14 18:05:45 -07:00
toddouska
55d421d8b6
Merge pull request #964 from SparkiDev/ecc_priv_only
...
Ecc priv only
2017-06-14 16:42:24 -07:00
Jacob Barthelmeh
e1fef39aa2
silence "may be used uninitialized" warning
2017-06-14 16:58:22 -06:00
David Garske
f008350afd
Added QAT DRBG support.
2017-06-14 15:45:34 -07:00
David Garske
73567853d3
Fix possible memory leak in DSA and ECC (mp_clear should always be called since async was implemented… even for fast math). Fix dynamic type mismatch in PKCS7.
2017-06-14 15:11:43 -07:00
David Garske
68439d4317
Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure.
2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f
Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware.
2017-06-14 15:11:43 -07:00
David Garske
40d94724eb
Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU.
2017-06-14 15:11:43 -07:00
David Garske
131ccf289f
Disable large alloc scrypt test. Fix unused ret warning in DH key gen from prev change.
2017-06-14 15:11:43 -07:00
David Garske
a77f9fe3e6
Fix for DH so software math is used if prime is under 768 bits.
2017-06-14 15:11:43 -07:00
toddouska
b778ddfea2
Merge pull request #957 from SparkiDev/tls13_updates
...
Tls13 updates
2017-06-14 14:59:11 -07:00
JacobBarthelmeh
c283d4aece
Merge pull request #962 from NickolasLapp/linux-sgx
...
Add LINUX SGX Support for building of wolfSSL static library. See README
2017-06-14 15:56:30 -06:00
toddouska
70eddc4336
Merge pull request #965 from cconlon/threadx
...
ThreadX/NetX warning and optional dc_log_printf exclusion
2017-06-14 14:56:12 -07:00
Chris Conlon
ff48d19727
fix wc_EccPrivateKeyDecode when pub exists
2017-06-14 14:49:52 -06:00
Sean Parkinson
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
toddouska
6d5c257010
Merge pull request #963 from dgarske/fix_tls13_options
...
Fixes for TLS 1.3 without ECC or RSA
2017-06-14 11:19:14 -07:00
Chris Conlon
ea9e4887e9
ThreadX/NetX warning and optional dc_log_printf exclusion
2017-06-14 11:12:27 -06:00
Nickolas Lapp
1e94868432
Add LINUX SGX Support for building of wolfSSL static library. See README
...
in IDE/LINUX-SGX/README.md.
2017-06-13 17:34:45 -07:00
Sean Parkinson
13c4fe6cc4
Add test
2017-06-14 09:44:26 +10:00
Sean Parkinson
62ae1d3023
Fix for private key only ECC key.
2017-06-14 09:33:27 +10:00
toddouska
19f22edd9a
Merge pull request #949 from cconlon/string_abstraction
...
Fix mystrnstr() prototype declaration
2017-06-13 16:06:31 -07:00
Chris Conlon
1ddd6fd3fe
Merge pull request #933 from jrblixt/unitTest_api_add3des
...
Add 3Des to unit test.
2017-06-13 15:35:54 -06:00
dgarske
189d579bec
Merge pull request #960 from levi-wolfssl/void
...
Add void to function prototype.
2017-06-13 13:58:34 -07:00
jrblixt
76aa1f855f
Merge branch 'masterB' of https://github.com/jrblixt/wolfssl into unitTest_api_add3des-cpy
2017-06-13 14:06:30 -06:00
jrblixt
0ef1129f18
Changes WRT small stack.
2017-06-13 13:44:06 -06:00
Chris Conlon
042ee817f3
Merge pull request #757 from moisesguimaraes/updates-wolfcrypt-py-docs
...
Removes 3DES from the wolfCrypt Python docs
2017-06-13 10:55:21 -06:00
Chris Conlon
048b074894
Merge pull request #932 from jrblixt/unitTest_api_addHmac-mergeWolfMaster
...
Add HMAC test functions to unit test.
2017-06-13 10:53:09 -06:00
David Garske
adf819458c
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
toddouska
a18e9a220f
Merge pull request #956 from dgarske/fix_tls13_async
...
Fixes for asynchronous TLS 1.3
2017-06-13 08:08:34 -07:00
David Garske
af2cbcdbab
Added new arg documentation for asyncOkay in doxygen style.
2017-06-12 11:42:48 -07:00
David Garske
ce231e0cbc
Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages.
2017-06-12 11:42:48 -07:00
toddouska
1d2b4226a4
Merge pull request #959 from SparkiDev/tls_pss_fix
...
Fix check for PSS availability in peer
2017-06-12 11:20:29 -07:00
toddouska
894f4f6fa5
Merge pull request #954 from jrblixt/asn_cSetKeyUsage-fix
...
Fix wc_SetKeyUsage() value error.
2017-06-12 10:48:56 -07:00
toddouska
0fcd1617eb
Merge pull request #952 from JacobBarthelmeh/Testing
...
sanity check on build with ECC or RSA
2017-06-12 10:47:53 -07:00
toddouska
7cc455259e
Merge pull request #941 from SparkiDev/ed25519
...
ED25519 with certificates and TLS
2017-06-12 10:47:21 -07:00
Levi Rak
267753acdd
add void to function prototype
2017-06-12 10:28:10 -06:00
Sean Parkinson
8dbd9a88ee
Fix for CCM - TLS v1.3 needs all nonce/IV bytes
2017-06-12 14:21:43 +10:00
Sean Parkinson
044417ba01
Fix for cache only SNI and TLS v1.3
2017-06-12 09:46:50 +10:00
Sean Parkinson
fdcf25b6d1
Fix check for PSS availability in peer
2017-06-12 09:05:32 +10:00
dgarske
c70fa33094
Merge pull request #958 from kaleb-himes/OPENSSL_EVP
...
Fix compile time Error with openssl extra and cryptonly
2017-06-09 11:12:36 -07:00
kaleb-himes
86809cca74
Fix compile time warning with openssl extra and cryptonly
2017-06-08 20:14:15 -06:00
dgarske
90287c8857
Merge pull request #955 from kaleb-himes/ARG-ERR
...
Fix compile error, too many args with --enable-wpas
2017-06-08 14:59:55 -07:00
kaleb-himes
a00165768c
Fix compile error, too many args with --enabl-wpas
2017-06-08 13:34:44 -06:00
Sean Parkinson
3429b5a3b5
Rework CheckPrivateKey
2017-06-08 09:26:49 +10:00
Sean Parkinson
1db52f0c04
Fix to use different PEM header for EDDSA keys
...
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
2017-06-08 09:26:49 +10:00
Sean Parkinson
a30e8eb4ad
Fix for benchmarking X25519
2017-06-08 09:26:49 +10:00
Sean Parkinson
1bc862ae24
Ed25519 testing in test.c
2017-06-08 09:26:49 +10:00
Sean Parkinson
613d30bcae
ED25519 TLS support
2017-06-08 09:26:49 +10:00
Sean Parkinson
4beda52dcd
Ed25519 Certificates
2017-06-08 09:26:49 +10:00
toddouska
1be0b2aa30
Merge pull request #953 from SparkiDev/tls13_psk
...
External PSK working in TLS13
2017-06-07 13:58:03 -07:00
John Blixt
2c84eee2df
Fix wc_SetKeyUsage() value error.
2017-06-07 13:58:13 -06:00
Sean Parkinson
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
toddouska
26f106c42b
Merge pull request #948 from SparkiDev/tls13_down
...
Implement TLS v1.3 specified downgrade protection mechanism
2017-06-05 16:17:49 -07:00
Jacob Barthelmeh
63c85f72d2
sanity check on build with ECC or RSA
2017-06-05 15:21:34 -06:00
toddouska
af03b7a4ff
Merge pull request #944 from SparkiDev/tls13_20
...
Updates for Draft 20 of TLS v1.3
2017-06-05 14:06:09 -07:00
toddouska
026a95ff10
Merge pull request #950 from dgarske/fix_ocsp_crl
...
Fixes for OCSP and CRL with non-blocking sockets
2017-06-05 13:59:36 -07:00
Sean Parkinson
642795db1b
Implement TLS v1.3 specified downgrade protection mechanism
...
TLS v1.2 implementations whould implement the downgrade protection
mechanism too and so is included.
2017-06-05 09:18:46 +10:00
David Garske
c55575665f
Cleanup to use WANT_READ instead of async WC_PENDING_E for non-blocking OCSP and CRL.
2017-06-02 10:35:26 -07:00
toddouska
c3d29ddfe3
Merge pull request #946 from SparkiDev/jenkins
...
Fix NO_DH build issue
2017-06-02 09:46:55 -07:00
David Garske
b3a85bc2c7
Fixes for OCSP and CRL with non-blocking sockets. Fix for OCSP and CRL file descriptor check to allow 0.
2017-06-02 09:36:35 -07:00
Chris Conlon
3df565475a
protect mystrnstr prototype with WOLFSSL_LEANPSK instead of STRING_USER
2017-06-02 09:26:40 -06:00
Sean Parkinson
0b32d0368f
Updates for Draft 20 of TLS v1.3
2017-06-02 15:59:49 +10:00
Sean Parkinson
6b34a94589
Fix NO_DH build issue
2017-06-01 11:56:53 +10:00
Moisés Guimarães
7a52b5b394
fixes makefiles and requiremets
2017-05-29 20:44:28 -03:00
Moisés Guimarães
38c6d2e3eb
Merge pull request #737 from embray/patch-1
...
wolfcrypt Python: work around minor issue in Random.__del__
2017-05-29 20:19:21 -03:00
toddouska
320ad56139
Merge pull request #939 from dgarske/fixes_async
...
Fixes for build with async
2017-05-26 17:04:57 -07:00
toddouska
c0408aebb4
Merge pull request #938 from dgarske/fix_asn_noocspoptcert
...
Fixes for OCSP workaround for incomplete cert chain
2017-05-26 17:02:31 -07:00
jrblixt
e345471b21
Logical error fix.
2017-05-26 13:27:27 -06:00
David Garske
a0345f6ba9
Fix for building without WOLFSSL_NO_TRUSTED_CERTS_VERIFY.
2017-05-26 10:53:42 -07:00
David Garske
53021a5df7
Increased security for WOLFSSL_NO_TRUSTED_CERTS_VERIFY workaround so it only applies to OCSP. Fix for the workaround to still return date or parsing errors.
2017-05-26 10:01:42 -07:00
jrblixt
1c0006882a
Remove AssertIntEq from within function.
2017-05-26 09:44:12 -06:00
toddouska
a44df73151
Merge pull request #937 from SparkiDev/sha3
...
Initial revision of SHA-3
2017-05-25 10:48:28 -07:00
Sean Parkinson
7ef5aeaf13
Fixes from review and tidy up code.
2017-05-25 09:09:50 +10:00
Sean Parkinson
4134073c8d
Initial revision of SHA-3
2017-05-25 09:09:50 +10:00
jrblixt
0e22752af4
Jenkins fixes.
2017-05-24 16:32:21 -06:00
jrblixt
47b0a62c88
Hmac unit test functions ready for PR.
2017-05-24 16:32:17 -06:00
jrblixt
edddd05226
Changes per Chris.
2017-05-24 11:50:18 -06:00
jrblixt
4d458831b7
Jenkins fixes.
2017-05-24 11:50:18 -06:00
jrblixt
b47fca5760
Patched and Clean up for PR.
2017-05-24 11:50:13 -06:00
Chris Conlon
60c51db831
Merge pull request #928 from jrblixt/unitTest_api_sha224-RipeMd
...
Add sha224 RipeMd to unit test
2017-05-24 09:00:35 -06:00
David Garske
c1664bd1a0
Fixes for async with benchmark tool.
2017-05-23 15:41:42 -07:00
David Garske
64de29f277
Fix for wolfCrypt test with enable-all and asynccrypt.
2017-05-23 15:23:58 -07:00
toddouska
77dbf539c8
Merge pull request #934 from JacobBarthelmeh/mysql
...
some MYSQL updates for cmake and with sun 64 bit
2017-05-23 15:01:39 -07:00
David Garske
720f3fdad2
Fixed a few minor build errors with async enabled.
2017-05-23 15:00:55 -07:00
toddouska
d2b6ab0796
Merge pull request #935 from JacobBarthelmeh/Testing
...
remove size_t dependency with default build
2017-05-23 14:58:50 -07:00
toddouska
6b09a7c6e1
Merge pull request #922 from SparkiDev/tls_pss
...
TLS v1.2 and v1.3 RSA PSS
2017-05-23 14:57:10 -07:00
David Garske
1880677232
Disable wc_scrypt tests that use high memory for BENCH_EMBEDDED.
2017-05-23 14:42:19 -07:00
jrblixt
fc5a37ac02
Changes per Chris.
2017-05-23 10:01:31 -06:00
toddouska
9f5f1dd00f
Merge pull request #936 from SparkiDev/cplusplus
...
Compiling with g++ when configured with --enable-distro
2017-05-22 16:02:56 -07:00
toddouska
19edd47018
Merge pull request #917 from SparkiDev/tls_curve25519
...
Enable X25519 for Key Exchange in TLS
2017-05-22 16:00:00 -07:00
Sean Parkinson
47d04ebaff
Fix from review.
2017-05-23 08:54:25 +10:00
toddouska
c85d07a49d
Merge pull request #929 from dgarske/fix_asn_perm_dirname
...
Fix for parsing permitted name constraint for subject directory name
2017-05-22 09:55:49 -07:00
toddouska
a8f08d1d70
Merge pull request #807 from kojo1/AES-GCM-stm32f4
...
Fixes for STM32F4 AES GCM
2017-05-22 09:53:53 -07:00
toddouska
0e860b0d55
Merge pull request #925 from dgarske/enable_all
...
Added new `./configure --enable-all` option to enable all features
2017-05-22 09:22:50 -07:00
Sean Parkinson
15a2323c09
Compiling with g++ when configured with --enable-distro
2017-05-22 10:14:02 +10:00
Sean Parkinson
6c6069bed8
Fixes from review
2017-05-22 09:47:45 +10:00
Sean Parkinson
8920cd89e4
Fixes from review
2017-05-22 09:09:31 +10:00
dgarske
570c3f02b8
Merge pull request #931 from JacobBarthelmeh/Memory
...
add trackmemory enable option
2017-05-19 17:21:56 -07:00
Jacob Barthelmeh
398c27d848
remove size_t dependency with default build
2017-05-19 16:16:08 -06:00
Jacob Barthelmeh
b6c2e2acf9
require using wolfSSL memory when enabling trackmemory
2017-05-19 15:24:38 -06:00
David Garske
184e9c4090
Fix typo from intermediate change for unaligned CBC fixes. Thanks Nick.
2017-05-19 14:10:50 -07:00
David Garske
a616513860
Added support for AES GCM with STM32F2/STM32F4 using Standard Peripheral Library and CubeMX. Added AES ECB Decrypt for Standard Peripheral Library. Fixes for wolfCrypt test with STM32 crypto hardware for unsupported tests (AES CTR plus 9 and AES GCM with IV != 12). Improve AES CBC for STM32 to handle block aligned only. Added IDE example for SystemWorkbench for STM32 (Open STM32 tools) IDE.
2017-05-19 11:15:46 -07:00
David Garske
0a28b76e8b
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 10:54:13 -07:00
David Garske
1cf3530124
Fix for building with WOLFSSL_NO_OCSP_OPTIONAL_CERTS defined.
2017-05-19 09:59:03 -07:00
toddouska
bdaa827114
Merge pull request #927 from dgarske/fix_nxp_ltc
...
Build fixes for NXP KSDK with MMCAU / LTC after Hexiwear changes
2017-05-19 08:49:54 -07:00
toddouska
7f01aa917a
Merge pull request #930 from dgarske/fix_win
...
Fixes for building AES key wrap and PKCS7 on Windows
2017-05-19 08:16:21 -07:00
Sean Parkinson
4390f4c711
TLS v1.2 and PSS
...
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
2017-05-19 11:49:43 +10:00
Sean Parkinson
5ef977aa3d
Put X25519 behind P256
...
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
toddouska
7f350a726b
Merge pull request #926 from dgarske/bench_block_size
...
Added argument for benchmark block size
2017-05-18 16:45:00 -07:00
toddouska
452e057dbf
Merge pull request #919 from dgarske/bshg
...
Add `WOLFSSL_NO_TRUSTED_CERTS_VERIFY` option
2017-05-18 16:44:14 -07:00
toddouska
c3a7497562
Merge pull request #923 from JacobBarthelmeh/staticmemory
...
updated static memory feature with pkcs7
2017-05-18 16:42:21 -07:00
Jacob Barthelmeh
4737b97503
add trackmemory enable option
2017-05-18 16:46:56 -06:00
David Garske
cbb2c73828
Improve NXP MMCAU/LTC AES CBC handling for unaligned sizes. Cleanup formatting in a few places.
2017-05-18 15:04:01 -07:00
David Garske
d61e0243a3
Fixes for building AES key wrap and PKCS7 on Windows. Cleanup snprintf to use XSNPRINTF and changed so define is always setup.
2017-05-18 14:44:19 -07:00
David Garske
36e1fb5e5b
Fix for parsing permitted name constraint for subject directory name. Cleanup to use switch in ConfirmNameConstraints.
2017-05-18 14:06:56 -07:00
Jacob Barthelmeh
09ca962d66
use LP64 for CPU arch type when sun or __sun is defined
2017-05-18 14:39:26 -06:00
Jacob Barthelmeh
2086394a35
compatibility of get cipher list function and update cmake files
2017-05-18 14:36:34 -06:00
jrblixt
77ac61c0f4
Prepare for PR Add Sha224 and RipeMd to unit test.
2017-05-18 13:08:25 -06:00
David Garske
30db8e95a7
Build fixes for KSDK NXP MMCAU / LTC after Hexiwear changes.
2017-05-18 11:52:20 -07:00
David Garske
48895cf03b
Added argument for benchmark block size. Usage: ./wolfcrypt/benchmark/benchmark 128. Automatic calculation for showing as bytes, KB or MB.
2017-05-18 11:24:32 -07:00
David Garske
7bd1e0b80a
Added new ./configure --enable-all option to enable all features. Allows building all features without using the --enable-distro option, which only allows shared build and does not generate an options.h file.
2017-05-18 10:57:28 -07:00
David Garske
c5cc9f5392
Patch from customer that adds new WOLFSSL_NO_TRUSTED_CERTS_VERIFY option to load CA using subject and match using publicKey. This is a workaround for situation where entire cert chain is not loaded/available. This is not a secure solution because it does not perform PKI validation.
2017-05-18 09:55:39 -07:00
toddouska
4370a01778
Merge pull request #921 from dgarske/fix_crl
...
Fix for CRL issue with XFREE using invalid arg for heap.
2017-05-18 09:40:40 -07:00
jrblixt
b5e74878b3
Merge with wolfSSL master for PR includes RipeMd and Sha224 unit test
...
functions.
2017-05-18 10:05:22 -06:00
David Garske
4edcbc79c1
RipeMd and Sha224 added to unit test.
2017-05-18 09:32:11 -06:00
Jacob Barthelmeh
548c01ce54
updated static memory feature with pkcs7
2017-05-18 09:31:09 -06:00
Sean Parkinson
9fb6373cfb
Get PSS going on server side
2017-05-18 15:36:01 +10:00
David Garske
c1f82ece7a
Fix for CRL issue with XFREE using invalid arg for heap.
2017-05-17 16:39:35 -07:00
toddouska
2f15d57a6f
Merge pull request #640 from jrblixt/unitTest_api_dev
...
unit test md5, sha, sha256, sha384, sha512
2017-05-17 09:17:32 -07:00
Sean Parkinson
63a6618feb
Enable X25519 for Key Exchange in TLS
2017-05-17 08:58:12 +10:00
toddouska
4c451a6c61
Merge pull request #920 from dgarske/fix_sb_tls
...
Fix for scan-build warning for possible use of uninitialized `eccKey`
2017-05-16 12:56:50 -07:00
dgarske
5621fad02b
Merge pull request #918 from cconlon/vxworksreadme
...
fix VxWorks README formatting
2017-05-16 12:46:26 -07:00
jrblixt
cb3b10054d
unwanted removal added back.
2017-05-16 13:13:53 -06:00
jrblixt
270d6cbae3
Merge branch 'unitTest_api_dev' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-05-16 13:05:26 -06:00
jrblixt
6acd5dafa7
Changes from Todd's code review.
2017-05-16 12:58:07 -06:00
toddouska
81b6894f6f
Merge pull request #841 from SparkiDev/nginx2
...
Fix loading of CRLs and certs from a file.
2017-05-16 09:13:29 -07:00
jrblixt
289f60e2c9
Changes from Todd's code review.
2017-05-16 10:04:30 -06:00
David Garske
79b0311952
Fix for scan-build warning src/tls.c:4898:20: warning: The left operand of '!=' is a garbage value.
2017-05-16 08:50:06 -07:00
Chris Conlon
c960faffeb
fix VxWorks README formatting
2017-05-16 09:21:54 -06:00
Sean Parkinson
e5fe1a3750
Unlock on memory allocation failure.
2017-05-16 09:41:17 +10:00
toddouska
da15b54529
Merge pull request #915 from SparkiDev/blake2b_init
...
Blake2b fix for GCC 5.4
2017-05-15 08:59:54 -07:00
toddouska
bb60f7a4a4
Merge pull request #914 from JacobBarthelmeh/Testing
...
check return value of test case
2017-05-15 08:58:31 -07:00
dgarske
d53a77a589
Merge pull request #916 from SparkiDev/ecc_unused
...
Fix for scan_build_known_configs warning
2017-05-14 21:51:02 -07:00
Sean Parkinson
1a08143946
Fixup for async on master
2017-05-15 10:10:28 +10:00
Sean Parkinson
1e2a6412d7
Find the CRL entry again after lock
2017-05-15 10:10:28 +10:00
Sean Parkinson
ff4fcf21d6
Add test for private key only ecc key
2017-05-15 10:04:42 +10:00
Sean Parkinson
c6ce1fe330
Allow private key only ECC key to be loaded
2017-05-15 10:04:42 +10:00
Sean Parkinson
c7e57e9c6c
Late CRL check - copy data before use
2017-05-15 10:04:42 +10:00
Sean Parkinson
c8e6c64e51
Fix warning when building for Windows
2017-05-15 10:04:42 +10:00
Sean Parkinson
4723b8470a
Allow a CRL's signature to be verified on use
2017-05-15 10:04:42 +10:00
Sean Parkinson
4d77e80d04
Fix loading of CRLs and certs.
...
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
2017-05-15 10:04:42 +10:00
Sean Parkinson
224c1b2645
Fix for scan_build_known_configs warning
2017-05-15 09:59:34 +10:00
Sean Parkinson
f8023b808f
Blake2b fix for GCC 5.4
...
Memsetting P and then setting non-zero fields works with GCC 5.4.
2017-05-15 09:47:11 +10:00
toddouska
3297280e62
Merge pull request #913 from JacobBarthelmeh/Compatibility-Layer
...
allow re-using WOLFSSL structure after calling shutdown
2017-05-12 16:50:14 -07:00
toddouska
dcd3a6a478
Merge pull request #907 from dgarske/fix_verifycb
...
Fixes for verify callback override
2017-05-12 16:45:55 -07:00
Jacob Barthelmeh
66e086a0bf
check return value of test case
2017-05-12 16:40:37 -06:00
Jacob Barthelmeh
0374907acc
allow re-using WOLFSSL structure after calling shutdown
2017-05-12 13:54:20 -06:00
toddouska
d03f97dafc
Merge pull request #911 from dgarske/gcc_7
...
Fixes to work with gcc 7.1
2017-05-12 12:08:08 -07:00
jrblixt
606aca9916
Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-05-12 02:04:58 -06:00
toddouska
01a5f901d0
Merge pull request #909 from dgarske/fix_no_harden
...
Fix issue with --disable-harden
2017-05-11 16:42:19 -07:00
David Garske
53a837b230
Fix to only use FALL_THROUGH macro for GCC 7.1 or later.
2017-05-11 15:52:32 -07:00
David Garske
7c7503449f
Removed the -Wimplicit-fallthrough=5 from autogen.sh, since older GCC throws “error: unknown warning option”.
2017-05-11 15:28:49 -07:00
David Garske
562db08c3d
Implemented strict switch fall-through handling using new macro FALL_THROUGH.
2017-05-11 15:15:19 -07:00
David Garske
c0c98c8f64
Fixes to address build warnings for GCC 7. Used -Wimplicit-fallthrough=0 to suppress all switch fall-through warnings.
2017-05-11 15:12:16 -07:00
David Garske
f1e6f7d01d
Attempt to fix Visual Studio 2012 compiler issue with test.h myVerify callback.
2017-05-11 13:53:04 -07:00
toddouska
ce42738198
Merge pull request #900 from dgarske/coverity_part3
...
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-11 13:05:53 -07:00
toddouska
5c652e398f
Merge pull request #896 from dgarske/async_cleanups
...
Fixes for async and smallstack
2017-05-11 13:05:25 -07:00
toddouska
e12545ac38
Merge pull request #846 from SparkiDev/renum
...
Renumbered return values in test.c
2017-05-11 13:05:08 -07:00
David Garske
05d2032661
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
David Garske
1b21df9b2b
Fix issue with --disable-harden build due to wc_off_on_addr defined but not used. Cleanup of the wc_off_on_addr code to combine duplicate definitions. Fixes issue #908 .
2017-05-11 12:49:34 -07:00
David Garske
2efa7d5b8b
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904 . Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
toddouska
a79f9c93c9
Merge pull request #906 from cconlon/tls13beta
...
wolfSSL 3.11.1 release, TLS 1.3 BETA
2017-05-11 11:46:10 -07:00
Chris Conlon
7d6597fe55
wolfSSL 3.11.1 release, TLS 1.3 BETA
2017-05-11 10:01:04 -06:00
toddouska
dcc9f9ae63
Merge pull request #903 from SparkiDev/tls13_interop3
...
Interop testing fixes
2017-05-10 23:04:56 -07:00
Sean Parkinson
22ce2f183d
Interop testing fixes
...
Fix TLS13 cipher suite name to CHACHA20
Include SignatureAlgorithm in older versions of TLS when compiling for
TLS v1.3.
BIT STRING unused bits doesn't necessarily indicate last unused bit.
Fix ecc_dsa_sa_algo value.
2017-05-11 10:42:09 +10:00
toddouska
01586b26ae
Merge pull request #902 from SparkiDev/tls13_interop2
...
TLS v1.3 Interop changes
2017-05-10 09:28:22 -07:00
Sean Parkinson
ec6d8f48b8
Add PSS for TLS v1.3
2017-05-10 17:22:53 +10:00
Sean Parkinson
df3abee72c
TLS v1.3 Interop changes
...
Added Curve25519 for TLS v1.3 only. Curve25519 won't work with older
protocol versions.
Always send signature algorithm extension in TLS v1.3 for server
certificates. If only doing PSK doesn't need to be sent though.
2017-05-10 15:16:27 +10:00
David Garske
8d4f8c6d80
Fixes for build with distro for BuildTls13HandshakeHmac arg change.
2017-05-09 10:09:43 -07:00
David Garske
c47826cc8f
Additional TLS 1.3 return code checking.
2017-05-09 09:45:40 -07:00
David Garske
e8cf4b5ff0
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-09 09:13:21 -07:00
toddouska
dea092fa0a
Merge pull request #901 from SparkiDev/tls13_interop
...
TLS v1.3 interop fixes
2017-05-09 09:08:31 -07:00
Sean Parkinson
46c4adcf4c
TLS v1.3 interop fixes
2017-05-09 14:49:21 +10:00
David Garske
2e016f3b25
Refactor of the rsa_test and dh_test to better handle cleanup.
2017-05-08 12:30:54 -07:00
JacobBarthelmeh
285a338054
Merge pull request #899 from kaleb-himes/release-update
...
Credit E.S. from W.A. with report of DTLS interop bug
2017-05-08 12:06:41 -06:00
kaleb-himes
7b6e2b1002
Credit E.S. from W.A. with report of DTLS interop bug
2017-05-08 10:26:08 -06:00
David Garske
5726c23d81
Fix for scan-build warning with ret not being read in DoServerHello.
2017-05-06 14:00:24 -07:00
David Garske
8cd78edac1
Fixes for building with smallstack
2017-05-06 00:39:12 -04:00
David Garske
011178994b
Fix typos with goto exit labels and heap.
2017-05-06 00:32:02 -04:00
David Garske
6cc3983894
Fix for using async with —enable-eccencrypt.
2017-05-06 00:28:01 -04:00
David Garske
17587d38f8
Fix for new AES 192/256 tests to handle async wait.
2017-05-06 00:28:01 -04:00
toddouska
d23f1e5637
Merge pull request #895 from JacobBarthelmeh/Testing
...
use type with XFREE
2017-05-05 16:27:03 -07:00
toddouska
176193a835
Merge pull request #877 from dgarske/tls13
...
Add TLS 1.3 support
2017-05-05 12:50:40 -07:00
Jacob Barthelmeh
a4ceeed462
use type with XFREE
2017-05-05 13:27:33 -06:00
David Garske
fdb46ac24c
Fix typo with blake2b_test return code.
2017-05-05 11:11:17 -07:00
David Garske
0ca2d7c137
Renumbered return values.
2017-05-04 14:53:39 -07:00
David Garske
af0103bc94
Fix for Valgrind memory leak with the “ssl->hsHashes”. The DTLS wolfSSL_connect for “IsDtlsNotSctpMode” at line 8134 calls InitHandshakeHashes, but doesn’t free existing. Best overall solution is to make sure and free an existing on InitHandshakeHashes, since WOLFSSL is memset to 0.
2017-05-04 14:51:31 -07:00
Sean Parkinson
758c2a761c
Increase timeout on ready file for tls13.test
2017-05-04 14:51:31 -07:00
Sean Parkinson
902f5cf53f
Stack size enabled config fix
2017-05-04 14:51:31 -07:00
Sean Parkinson
f0204de881
Fix for async and tls13 config
2017-05-04 14:51:31 -07:00
David Garske
570befb63f
Fixes for using async. Combine duplicate DoCertificate and DoTls13Certificate code into ProcessPeerCerts. Cleanup of the XMALLOC/XFREE to use ssl->heap.
2017-05-04 14:51:31 -07:00
David Garske
efb4b3c183
Fix for unit test with non-blocking set.
2017-05-04 14:51:31 -07:00
David Garske
253140f37e
Fixes for TLS 1.3. Fix issue with wc_AesGcmDecrypt checking for authIn arg (allowed to be NULL). Fix for preMasterSz in TLSX_KeyShare_ProcessEcc. Fix for building with --disable-asn (NO_CERTS). Fix to remove client “-t” option from help, which no longer exists. Added new WOLFSSL_DEBUG_TLS option for new messages added.
2017-05-04 14:51:31 -07:00
David Garske
77f9126edf
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-05-04 14:51:31 -07:00
Sean Parkinson
2b1e9973ec
Add TLS v1.3 as an option
2017-05-04 14:51:30 -07:00
toddouska
edf5d6d777
Merge pull request #894 from JacobBarthelmeh/Release
...
Prepare for release 3.11.0
2017-05-04 14:49:43 -07:00
Jacob Barthelmeh
b51643c344
prepare for release version 3.11.0
2017-05-04 14:17:35 -06:00
Jacob Barthelmeh
7dd877554b
build for windows visual studio with AES GCM
2017-05-04 14:14:12 -06:00
Jacob Barthelmeh
9b5340d3af
sanity checks before copying copying peer certificate
2017-05-04 13:10:46 -06:00
toddouska
bfc43cee15
Merge pull request #893 from cconlon/pkcs7-valgrind-fix
...
fix PKCS7 signedData valgrind issue
2017-05-03 18:14:32 -07:00
Chris Conlon
5e06d59c79
fix PKCS7 signedData valgrind issue
2017-05-03 17:16:44 -06:00
toddouska
e771611c29
Merge pull request #891 from JacobBarthelmeh/Testing
...
sanity check on input buffer index
2017-05-03 12:13:43 -07:00
toddouska
86f10086bb
Merge pull request #890 from dgarske/fix_sb_sni
...
Fix for scan build warning for `TLSX_SNI_GetRequest` possible use of null ptr
2017-05-03 10:03:59 -07:00
Jacob Barthelmeh
55538b5de0
sanity check on input buffer index
2017-05-03 10:21:03 -06:00
David Garske
338194be25
Fix for scan build warning for TLSX_SNI_GetRequest possible use of null pointer.
2017-05-03 07:33:13 -07:00
toddouska
1dc5a0fba2
Merge pull request #889 from JacobBarthelmeh/master
...
add digsigku to renewcerts script and update the not after date
2017-05-02 19:59:07 -07:00
toddouska
a8a5841b7c
Merge pull request #888 from JacobBarthelmeh/Testing
...
Testing
2017-05-02 17:52:14 -07:00
Jacob Barthelmeh
4c8fdf99c5
add digsigku to renewcerts script and update the not after date
2017-05-02 18:08:10 -06:00
Jacob Barthelmeh
8146f73eff
warnings when using g++ compiler
2017-05-02 15:20:20 -06:00
Jacob Barthelmeh
aa990ed1ce
in error case close FILE
2017-05-02 14:54:27 -06:00
Jacob Barthelmeh
dbb67d8582
warnings for builds of haproxy, nginx, and leanpsk
2017-05-02 14:29:53 -06:00
toddouska
0532adf653
Merge pull request #887 from dgarske/minor_cleanups
...
Added return code checking for `wolfCrypt_Init()`
2017-05-02 12:19:12 -07:00
David Garske
ddcf11011e
Added return code checking for wolfCrypt_Init(). Added initRefCount check on wolfCrypt_Cleanup(). Fix link for tenAsys INtime RTOS readme.
2017-05-02 10:20:31 -07:00
toddouska
27aafd674a
Merge pull request #886 from dgarske/fixes_coverity2
...
Fixes for coverity scan (part 2)
2017-05-02 08:53:03 -07:00
Chris Conlon
8d032081ae
Merge pull request #767 from shihrer/hexiwear_pr
...
Hexiwear changes and KDS Project for Hexiwear platform
2017-05-02 07:31:41 -06:00
John Safranek
4135279f82
Merge pull request #843 from kaleb-himes/dtls-interop
...
DTLS update per RFC 6347 Section 4.2.3
2017-05-01 19:29:27 -07:00
toddouska
f61380da21
Merge pull request #870 from kaleb-himes/PSK-UPDATE
...
Update PSK identity length per RFC 4279 - section 5.3
2017-05-01 19:04:32 -07:00
David Garske
3647e50c17
Fixes for the GrowInputBuffer and GrowOutputBuffer changes to only use align when WOLFSSL_GENERAL_ALIGNMENT > 0.
2017-05-01 18:48:54 -07:00
David Garske
9491027c85
Fixes for coverity scan (part 2).
2017-05-01 16:34:24 -07:00
toddouska
1a0b408658
Merge pull request #883 from dgarske/fixes_coverity
...
Fixes for coverity scan
2017-05-01 16:30:04 -07:00
toddouska
9655a1e38c
Merge pull request #885 from dgarske/async_cavium
...
Fixes for Cavium Nitrox with async
2017-05-01 13:36:59 -07:00
David Garske
f19cf4cb34
Fix the client PSK callback to always null terminate after callback. Remove the +1 on the test.h examples for PSK callbacks.
2017-05-01 12:10:05 -07:00
John Safranek
7a1776e931
Merge pull request #881 from cconlon/sniffer
...
fix sniffer with AES-GCM, add scratch authTag buffer
2017-05-01 11:51:01 -07:00
toddouska
893b6f7d75
Merge pull request #884 from JacobBarthelmeh/Testing
...
fix warnings and errors with FreeBSD PowerPC
2017-05-01 11:37:04 -07:00
Michael Shihrer
9269298034
Merge branch 'hexiwear_pr' of https://github.com/shihrer/wolfssl into hexiwear_pr
2017-05-01 12:04:35 -06:00
Michael Shihrer
abe5a318f2
Added hexiwear to include.am and removed dev environment specific variable
2017-05-01 10:44:09 -06:00
Jacob Barthelmeh
2de6c88b80
correct typo when checking if variable rng is null
2017-04-30 18:53:58 -06:00
Takashi Kojo
7270134aec
Merge pull request #788 from takotakot/readme
...
Fix spacing and comma
2017-04-30 06:48:45 +09:00
Jacob Barthelmeh
450ff55d83
fix warnings and errors with FreeBSD PowerPC
2017-04-28 17:57:48 -06:00
David Garske
db63fe83d4
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
toddouska
4387e1f08e
Merge pull request #855 from insane-adding-machines/master
...
Added support for HAproxy load balancer
2017-04-28 13:10:58 -07:00
toddouska
885b301e72
Merge pull request #882 from dgarske/fix_memleak
...
Fix memory leak with InitSSL having duplicate RNG creation code
2017-04-28 12:07:45 -07:00
David Garske
c92b497ea3
Fix async merge error which duplicated the wolfSSL_new RNG creation and caused a memory leak. Fix for build error with plainDigestSz not being initialized.
2017-04-28 10:11:17 -07:00
toddouska
ab78bd0d90
Merge pull request #880 from dgarske/intime_rtos2
...
tenAsys INtime RTOS port fixes from customer peer review
2017-04-27 21:47:53 -07:00
Chris Conlon
b8917baa6a
fix sniffer with AES-GCM, add scratch authTag buffer
2017-04-27 15:22:30 -06:00
David Garske
053594eb98
Workaround for expected failed RSA operations in test.c not failing for Cavium Nitrox V.
2017-04-27 14:21:38 -07:00
Chris Conlon
2deced22dc
Merge pull request #879 from dgarske/fix_builderrors2
...
Fix for scan-build issues with possible use of null’s
2017-04-27 15:06:37 -06:00
dgarske
b61f279b61
Merge pull request #878 from cconlon/serialfix
...
skip removal of leading zero in GetASNInt() when INTEGER is only a si…
2017-04-27 13:13:21 -07:00
David Garske
a4efaf5eaa
Fix mutex to use single count for semaphore so behavior is like mutex. Fix typo with “received”. Fix for mp_clear with fast math to do null check on arg (noticed null with ecc make key benchmark with wc_ecc_free).
2017-04-27 13:09:11 -07:00
David Garske
3e6243eb08
Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”.
2017-04-27 10:53:47 -07:00
Chris Conlon
8118762dc4
skip removal of leading zero in GetASNInt() when INTEGER is only a single zero byte
2017-04-27 11:07:59 -06:00
David Garske
fd2996bdeb
Progress with RSA fixes for Cavium Nitrox after async refactor. Improved method for RsaKey and ecc_key typedef to work with async.
2017-04-26 16:40:10 -07:00
David Garske
774ce1a47c
Fixes for build with Cavium.
2017-04-26 16:39:41 -07:00
Chris Conlon
4363cf8a5c
Merge pull request #876 from dgarske/fix_jenkins_errors
...
Fix minor build errors and warnings
2017-04-26 16:54:49 -06:00
David Garske
d612b827b7
Fixes for build warnings on Windows. Fix PKCS7 to use const for byte array declaration. Cleanup of the pkcs7 MAX_PKCS7_DIGEST_SZ. Fix for unsigned / signed comparison warning for pkcs7_load_certs_keys in test.c. Fix for cast warning from word16 to byte in asn.c. Fix for build error with io.h refactor for InTime RTOS.
2017-04-26 09:40:33 -07:00
JacobBarthelmeh
325a3ce418
Merge pull request #875 from dgarske/fix_asn_setname_len
...
Fix issue with ASN encoding SetName function header length
2017-04-26 10:03:25 -06:00
David Garske
5a77eaa579
Fix issue with XFREE in asn.c using invalid heap pointer. Fix issue with bad variable names and missing asterisk in test.c pkcs7_load_certs_keys.
2017-04-26 08:45:05 -07:00
dgarske
7db30ef550
Merge pull request #690 from embray/build/enable_aes_counter
...
Add a configure flag specifically for enabling AES CTR mode
2017-04-25 15:14:13 -07:00
Chris Conlon
1f923a11ee
Merge pull request #874 from dgarske/fix_builderrors
...
Build fixes to address Jenkins reports
2017-04-25 15:14:37 -06:00
Chris Conlon
ac2835ec2e
Merge pull request #873 from dgarske/fix_crl_smallstack
...
Fix build error with CRL and WOLFSSL_SMALL_STACK.
2017-04-25 15:02:04 -06:00
David Garske
d435c16fe8
Fix issue with ASN encoding, where the SetName function was incorrectly adding extra byte for object id tag. Refactor changed lines 7694 and 7700 to use SetObjectId which handles length (was using SetLength prior to refactor). Issue was noticed via compatibility testing using generated cert against openssl asn1parse.
2017-04-25 12:06:08 -07:00
David Garske
fb90a4e498
Fix issue with PSK max length by adding 1 for the null terminator on the strings and allowing up to 128 characters for the PSK. Improved the test.h example for PSK callbacks.
2017-04-25 11:43:45 -07:00
David Garske
be6b12a350
Build fixes to address Jenkins reports. Additionally tested with enable-distro and small-stack identified issue in ssl.c (note: we need to add this combination to Jenkins).
2017-04-25 11:10:36 -07:00
dgarske
92d3c7cd59
Merge pull request #872 from JacobBarthelmeh/Testing
...
handle redefinition warnings
2017-04-24 15:08:13 -07:00
David Garske
8b0784bdfa
Fix build error with CRL and WOLFSSL_SMALL_STACK.
2017-04-24 14:08:59 -07:00
Jacob Barthelmeh
4dad4b6962
handle redefinition warnings
2017-04-24 10:40:56 -06:00
dgarske
dd2915f4fa
Merge pull request #869 from cconlon/ecckeytoder
...
Fix leading zero in wc_BuildEccKeyDer
2017-04-24 09:02:41 -07:00
Daniele Lacamera
08787621ea
wolfssl.pc: Prefix reset to /usr/local
2017-04-24 12:45:23 +02:00
Maxime Vincent
6ada67f93f
Prefix stubs with wolfSSL_
2017-04-24 11:43:19 +02:00
Maxime Vincent
7bd7de350c
More fixes for haproxy port
2017-04-24 10:41:39 +02:00
Daniele Lacamera
7058211860
Merge from latest masterbranch
2017-04-24 06:18:44 +02:00
Daniele Lacamera
ebb32265eb
Minor fixes after PR review
2017-04-24 06:16:35 +02:00
Maxime Vincent
db835da00b
Fixes after wolfSSL feedback
2017-04-22 10:58:05 +02:00
kaleb-himes
348536af9a
Update PSK identity length per RFC 4279 - 5.3
2017-04-21 16:38:19 -06:00
JacobBarthelmeh
3600371abf
Merge pull request #848 from ghoso/des_ecb_encrypt_impl
...
openSSL compatibility API
2017-04-21 14:05:22 -06:00
Chris Conlon
af26708330
Fix leading zero in wc_BuildEccKeyDer
2017-04-21 11:40:50 -06:00
toddouska
7a3f7ad9be
Merge pull request #868 from kaleb-himes/ARDUINO-UPDATE
...
Update ARDUINO script per issue #859 from @pasko-zh
2017-04-20 17:02:49 -07:00
toddouska
a857da23c0
Merge pull request #862 from kaleb-himes/STUNNEL-FIX
...
Fix this issue: PKCS12 is defined to be WC_PKCS12, then redefined as an enumerated value of 12 in asn.h
2017-04-20 13:24:39 -07:00
kaleb-himes
1dd16e6702
Update enum name from peer review
2017-04-20 10:05:12 -06:00
toddouska
c9d53a4ca2
Merge pull request #854 from NickolasLapp/master
...
Add AES 192/256 bit wolfCrypt tests
2017-04-19 16:50:18 -07:00
toddouska
d6abd4d131
Merge pull request #867 from JacobBarthelmeh/mutex
...
fix mutex allocation sanity checks
2017-04-19 13:32:55 -07:00
Nickolas Lapp
a8eb2614f6
Update reference for aes192/256 test to remove bad url and give specific
...
NIST reference document.
2017-04-19 13:13:34 -06:00
Kaleb Himes
14e37cdc4c
Change variable name, add comment
2017-04-19 13:10:55 -06:00
toddouska
5b257d6fd8
Merge pull request #866 from JacobBarthelmeh/Testing
...
add back in haveTrustPeer variable and put macro guard on WC_RNG typedef
2017-04-19 11:57:56 -07:00
kaleb-himes
32e83cb55d
Update ARDUINO script per issue #859 from @pasko-zh
2017-04-19 11:53:58 -06:00
Nickolas Lapp
344c0ec747
Merge branch 'master' of github.com:wolfSSL/wolfssl
2017-04-19 10:10:23 -06:00
Jacob Barthelmeh
4eecaf2574
fix mutex allocation sanity checks
2017-04-18 17:18:19 -06:00
Jacob Barthelmeh
a8115d51fa
add back in haveTrustPeer variable and put macro guard on WC_RNG typedef
2017-04-18 16:53:02 -06:00
toddouska
5b82c2f6ec
Merge pull request #853 from JacobBarthelmeh/Windows
...
testsuite time check on Windows system and fix dh_test if statement
2017-04-18 14:57:53 -07:00
jrblixt
1215203c39
Update sha384 fips.
2017-04-18 12:53:54 -06:00
jrblixt
4a8259b2ad
Jenkin's Fips corrections.
2017-04-18 11:29:35 -06:00
jrblixt
5486a60326
sha512.c updates.
2017-04-18 11:18:29 -06:00
Daniele Lacamera
3279865610
Fixes after jenkins report
...
https://test.wolfssl.com/jenkins/job/windows_pull_request_builder/1453/
2017-04-18 18:47:04 +02:00
Daniele Lacamera
bf877a636f
Merge from masterbranch
2017-04-18 18:34:14 +02:00
toddouska
7df7a07a68
Merge pull request #863 from JacobBarthelmeh/Testing
...
fix old version of AEAD cipher suite
2017-04-18 09:33:00 -07:00
toddouska
8e7d0ba243
Merge pull request #860 from dgarske/fix_allow_old_tls_wsha1
...
Fix for building with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1
2017-04-18 09:31:45 -07:00
toddouska
fbd5d5bfc6
Merge pull request #865 from cconlon/pkcs7-signed-ecc
...
PKCS#7 SignedData - ECDSA and hash options
2017-04-18 09:30:47 -07:00
Chris Conlon
bab3fd5925
fix clang/scan-build warnings for PKCS7
2017-04-17 14:23:37 -06:00
Chris Conlon
4f26e0341b
allow different hashes with PKCS7 SignedData, cleanup conditional builds
2017-04-17 09:46:26 -06:00
jrblixt
f7c58b0643
Updated wolfcrypt/src/sha256.c.
2017-04-14 16:42:18 -06:00
jrblixt
3749988ee2
Updated wolfcrypt/src/sha.c.
2017-04-14 16:24:25 -06:00
jrblixt
5b5c8f1e95
Updated mcapi/mcapi_test.c ; wolfcrypt/src/md5.c ; wolfcrypt/src/pwdbased.c.
2017-04-14 16:12:29 -06:00
Michael
b08e5f3b82
Merge branch 'master' into hexiwear_pr
2017-04-14 12:03:42 -06:00
Jacob Barthelmeh
53eca92cc0
change type for test instead and add RSA blinding check
2017-04-14 12:02:49 -06:00
Michael Shihrer
21d2becd6b
Modified settings.h to allow building on KSDK 1.3, modified test.c and benchmark.c to work with KSDK, added KDS project for building wolfSSL for Hexiwear
2017-04-14 12:02:28 -06:00
Jacob Barthelmeh
999328f2a0
fix old version of AEAD cipher suite
2017-04-14 10:32:15 -06:00
kaleb-himes
3f067bccf0
fix redefinition of PKCS12 version and PKCS12 struct when building w/ STUNNEL
2017-04-14 10:20:35 -06:00
Chris Conlon
74aafb1679
add PKCS7 SignedData with ECDSA
2017-04-14 09:29:22 -06:00
jrblixt
609ca3c823
Jenkin's Visual Studio status check correction.
2017-04-14 02:34:31 -06:00
jrblixt
b5d856eada
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-04-14 02:17:57 -06:00
jrblixt
00ea508751
Param check fix in hash files.
2017-04-14 02:16:04 -06:00
David Garske
7779a64cae
Fix for building with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1.
2017-04-13 21:26:20 -07:00
toddouska
f2ac410f1e
Merge pull request #858 from dgarske/fix_bench_count
...
Fix build/test error with `--enable-scrypt` and build error for ARMv8 AES init
2017-04-13 21:14:44 -07:00
jrblixt
ac6b840dc5
Merge Conflict with wolfSSL master.
2017-04-13 16:51:08 -06:00
jrblixt
85b78835a6
Merge branch 'master' into unitTest_api_dev
...
src/keys.c
wolfcrypt/src/hmac.c
wolfcrypt/src/md5.c
wolfcrypt/src/sha256.c
wolfcrypt/src/sha512.c
wolfssl/wolfcrypt/md5.h
2017-04-13 16:33:23 -06:00
Jacob Barthelmeh
ebde18af59
silence static analysis tool warning about null parameter after sanity check
2017-04-13 15:32:31 -06:00
Jacob Barthelmeh
620d21c850
fix scrypt test with no password
2017-04-13 15:06:26 -06:00
David Garske
3df47d57ab
Fix error with armv8-aes wc_AesInit function using h instead of heap variable. (moved from PR #852 ).
2017-04-13 14:50:55 -06:00
David Garske
4c6a70861b
Fix build errors with --enable-scrypt.
2017-04-13 09:37:48 -07:00
Daniele Lacamera
723ee69114
Fixed missing braces in wolfcrypt test
2017-04-13 15:31:50 +02:00
Daniele Lacamera
ef231a039d
Updated to latest masterbranch
2017-04-13 15:28:19 +02:00
Go Hosohara
fe215c4a57
Fix DES_ecb_encrypt function in terms of reviewing point.
2017-04-13 12:31:52 +09:00
Nickolas Lapp
460197a5e0
Add aes192 and aes256 tests
...
Fix bug with AES decrypt for non-128 bit sizes on STM32F4 hardware
crypto
2017-04-12 20:09:47 -06:00
JacobBarthelmeh
3ac35ce3b3
Merge pull request #838 from SparkiDev/curve25519_51-bit
...
Curve25519 51-bit Implementation
2017-04-12 16:06:37 -06:00
Jacob Barthelmeh
26c8958d1e
testsuite time check on Windows system and fix dh_test if statement
2017-04-12 15:56:45 -06:00
dgarske
8ee9e4ff8b
Merge pull request #851 from toddouska/nosessid
...
don't send session ID on server side if session cache is off unless w…
2017-04-12 14:50:43 -07:00
toddouska
3abcff4db5
Merge pull request #850 from JacobBarthelmeh/Testing
...
fix invalid check on unsigned type
2017-04-12 13:56:44 -07:00
toddouska
27d009475c
Merge pull request #847 from dgarske/distro_options
...
Fixes for --enable-distro to include more features by default
2017-04-12 13:56:24 -07:00
toddouska
e1a53a6c36
Merge pull request #845 from SparkiDev/cert_file
...
Rename caCertFile
2017-04-12 13:55:56 -07:00
toddouska
4f7b27fc88
Merge pull request #844 from SparkiDev/size_t-printf
...
32-bit size_t and printf fix
2017-04-12 13:54:52 -07:00
toddouska
3810571e0d
Merge pull request #715 from dgarske/async_intelqa
...
Intel QuickAssist (QAT) support and async enhancements/fixes
2017-04-12 13:54:19 -07:00
toddouska
b1d59a2334
don't send session ID on server side if session cache is off unless we're echoing session ID as part of session tickets
2017-04-12 10:54:19 -07:00
David Garske
11133e578d
Fixes and cleanups based on feedback from Sean. Added ifdef checks around WC_PENDING_E code to reduce code size for non-async builds. Cleanup accumulative result code checking in SSL_hmac. Cleanup of the RSA async state advancement.
2017-04-12 10:07:38 -07:00
Jacob Barthelmeh
b510c8199e
fix invalid check on unsigned type
2017-04-12 10:41:35 -06:00
Daniele Lacamera
df70b3c859
Removed empty ifdef
2017-04-12 12:50:17 +02:00
Daniele Lacamera
3e9a5fd433
Updated to latest masterbranch
2017-04-12 12:48:38 +02:00
Maxime Vincent
9ca49e7f56
Add more stubs for haproxy
2017-04-12 11:59:17 +02:00
Maxime Vincent
02513792b6
Make new function stubs public
2017-04-12 10:37:17 +02:00
David Garske
d0f31d4a30
Fix issue with wc_ecc_make_key where state failure can occur if the wc_ecc_init hasn’t been called on key prior. Now wc_ecc_make_key and wc_ecc_import_private_key (and _ex versions) can be called without having to call wc_ecc_init first. This keeps backwards compatibility. If async or static memory is desired then wc_ecc_init_ex must be called first.
2017-04-11 15:57:09 -07:00
David Garske
85bef98331
Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode.
2017-04-11 14:13:08 -07:00
Go Hosohara
0cebc2172c
Fix WolfSSL_DES_ecb_encrypt().
2017-04-12 00:03:35 +09:00
Go Hosohara
d399b51ba8
Fix WolfSSL_DES_ecb_encrypt().
2017-04-11 23:49:10 +09:00
Daniele Lacamera
de017b0028
Added stubs required to compile HAPROXY
2017-04-11 16:03:08 +02:00
Daniele Lacamera
8f300515bd
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag
...
now haproxy compatible wolfssl builds with:
./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \
iam * ] 2:18 PM
--disable-fasthugemath --disable-bump \
--enable-opensslextra \
--enable-keygen --enable-certgen \
--disable-ntru --disable-examples \
--enable-tlsx --enable-haproxy \
--enable-savecert --enable-savesession --enable-sessioncerts \
--enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 14:18:41 +02:00
dgarske
213afe18c3
Merge pull request #842 from JacobBarthelmeh/Testing
...
fix c32toa needed with --enable-session-ticket
2017-04-10 19:10:35 -07:00
David Garske
eb1a191fd2
Refactor to add the wc_HmacInit and wc_HmacFree calls.
2017-04-10 14:47:08 -07:00
David Garske
e419a6f899
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:47:07 -07:00
David Garske
62e7dc87c3
Fix merge error with verify callback and totalCerts.
2017-04-10 14:45:05 -07:00
David Garske
56a1618ba0
Fixes to a few things based on peer review.
2017-04-10 14:45:05 -07:00
David Garske
c1640e8a3d
Intel QuickAssist (QAT) support and async enhancements/fixes:
...
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
David Garske
dc65a9a277
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 11:45:26 -07:00
Go Hosohara
dccff615d5
Add wolfSSL_DES_ecb_encrypt() encrypt/decrypt parameter check.
2017-04-10 16:19:44 +09:00
Go Hosohara
97c22c88d8
Add test result message for test_wolfSSL_DES_ecb_encrypt().
2017-04-10 15:37:47 +09:00
Go Hosohara
27c6625bfe
Fix #ifdef in WolfSSL_DES_ecb_encrypt and test_WolfSSL_DES_ecb_encrypt.
2017-04-10 14:44:48 +09:00
Sean Parkinson
5edcf685ca
Rename caCertFile
2017-04-10 10:38:16 +10:00
Sean Parkinson
335b6d41c1
32-bit size_t and printf fix
2017-04-10 10:26:36 +10:00
Sean Parkinson
cbe46f8d74
Include new file in dist
2017-04-10 08:30:44 +10:00
Go Hosohara
b19cf2cfb8
Add test_wolfSSL_DES_ecb_encrypt()
2017-04-08 17:03:58 +09:00
toddouska
e8971c361a
Merge pull request #830 from kaleb-himes/suite-typo
...
Fixes for using default ciphers
2017-04-07 17:20:54 -07:00
kaleb-himes
8953ed9f30
DTLS update per RFC 6347 Section 4.2.3
2017-04-07 14:26:33 -06:00
jrblixt
3478c9b937
Added return checks to src/keys.c.
2017-04-07 14:15:53 -06:00
Jacob Barthelmeh
80d88b9421
fix c32toa needed with --enable-session-ticket
2017-04-07 11:46:27 -06:00
David Garske
4ff2903b55
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-07 10:20:41 -07:00
David Garske
eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
David Garske
6a1ae7ee5b
Fix on server side to make sure SHA hash is setup even with NO_OLD_TLS. Fix to initialize hsHashes to zero. Fix in PickHashSigAlgo to not default to SHA if NO_OLD_TLS is defined (unless WOLFSSL_ALLOW_TLS_SHA1 is set). Fix to allow pre TLS 1.2 for “AES128-SHA256” and “AES256-SHA256”.
2017-04-07 10:20:18 -07:00
David Garske
b14da2622e
Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf.
2017-04-07 10:20:18 -07:00
David Garske
4dcad96f97
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-07 10:20:18 -07:00
kaleb-himes
b827380baf
Typo in cipher suite pre-processor macro
2017-04-07 10:19:24 -07:00
toddouska
4e703b6805
Merge pull request #839 from JacobBarthelmeh/Testing
...
build with session tickets and without client
2017-04-07 09:39:47 -07:00
toddouska
2b443a79f2
Merge pull request #836 from dgarske/stack_check_free
...
Fix leak in StackSizeCheck and build error with debug enabled
2017-04-07 09:35:01 -07:00
toddouska
ecaaf19ebf
Merge pull request #835 from dgarske/fix_name_conflict
...
Fix name conflicts in wolfCrypt test with --enable-stacksize
2017-04-07 09:33:00 -07:00
Go Hosohara
c466e3c078
Implements wolfSSL_DES_ecb_encrypt function.
2017-04-07 11:21:32 +09:00
David Garske
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
Jacob Barthelmeh
b49a2561bc
build with session tickets and without client
2017-04-06 16:19:21 -06:00
jrblixt
6e16410e25
Modifications per Todd's requests.
2017-04-06 15:47:53 -06:00
jrblixt
d62d0aaa26
Changes made per Todd's instruction.
2017-04-06 14:42:42 -06:00
dgarske
9ef26679df
Merge pull request #833 from SparkiDev/asn_func
...
ASN Code Rework
2017-04-06 12:47:40 -07:00
JacobBarthelmeh
bb8e67b79c
Merge pull request #837 from cconlon/release-3.10.4
...
3.10.4 release
2017-04-06 11:39:31 -06:00
jrblixt
706c02deed
Changes Chris requested.
2017-04-06 10:53:14 -06:00
toddouska
c8400e9ff1
Merge pull request #824 from dgarske/fix_asn_confirm_sig
...
Fix for return code checking on ConfirmSignature
2017-04-05 16:58:47 -07:00
Sean Parkinson
b11bb5325a
Implementation of 51-bit curve25519
2017-04-06 09:48:01 +10:00
Chris Conlon
c9bb75c0f3
3.10.4 release
2017-04-05 16:37:35 -06:00
David Garske
d648d4f6c7
Fix leak in StackSizeCheck. Fix build error with debug enabled and stack size check.
2017-04-05 14:24:55 -07:00
dgarske
338c70a1ab
Merge pull request #834 from cconlon/ecc_name_from_params
...
add wc_ecc_get_curve_id_from_params()
2017-04-05 14:09:41 -07:00
David Garske
3328b4d38b
Cleanup the unit test naming for new signature failure tests.
2017-04-05 11:24:22 -07:00
Chris Conlon
0c61a5b1fd
add invalid test case for wc_ecc_get_curve_id_from_params()
2017-04-05 11:18:47 -06:00
JacobBarthelmeh
4eefa22629
Merge pull request #810 from toddouska/write-dup
...
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
2017-04-05 10:06:20 -06:00
David Garske
15091675fe
Fix VS warning about long to size_t conversion in load_buffer.
2017-04-05 07:23:53 -07:00
Chris Conlon
e101dfa26e
add wc_ecc_get_curve_id_from_params()
2017-04-04 14:49:46 -06:00
David Garske
deb80e5ddb
Fix load_file/load_buffer enables. Fix error in load_buffer with “ret”.
2017-04-04 11:45:55 -07:00
David Garske
e0a4758c0f
Fixes with load_file helper to make sure return code is set correctly and args are initialized.
2017-04-04 11:40:54 -07:00
David Garske
2aa523e0ea
Added API unit test for certificate validation failure using corrupted signature in cert.
2017-04-04 11:15:32 -07:00
David Garske
26f3924c93
Fix for return code checking on ConfirmSignature, so it returns actual error codes or 0 on success.
2017-04-04 10:55:22 -07:00
dgarske
e740756706
Merge pull request #832 from toddouska/rdrand64
...
allow rdrand to use full 64bit output
2017-04-04 08:58:06 -07:00
Sean Parkinson
36e81b650e
Fix missing symbol for specific configs
2017-04-04 14:33:14 +10:00
Sean Parkinson
683a655908
Starting 128-bit FE implementation
2017-04-04 14:17:54 +10:00
Sean Parkinson
b02a75510e
Fix Windows warnings
2017-04-04 11:19:06 +10:00
Sean Parkinson
abaf820537
Improvements and comments
2017-04-04 10:42:04 +10:00
toddouska
cd358bd2ab
protect against multiple write dups
2017-04-03 15:58:33 -07:00
toddouska
2d323dee42
Merge pull request #829 from cconlon/ecc_import
...
fix curve selection on ecc private only import
2017-04-03 15:44:42 -07:00
toddouska
59dc839341
Merge pull request #819 from dgarske/test_static_fixes
...
Fixes for wolfCrypt test/benchmark with static memory
2017-04-03 15:25:45 -07:00
toddouska
1d48fba032
allow rdrand to use full 64bit output
2017-04-03 15:08:35 -07:00
toddouska
68076dee45
Merge pull request #805 from dgarske/rng_cleanup
...
Fix RNG issue with Intel RD and cleanup to remove old ARC4 support
2017-04-03 14:57:09 -07:00
David Garske
29eabe5535
Better stack size check return code handling.
2017-04-03 09:41:12 -07:00
Chris Conlon
8cde26a6c5
fix curve selection on ecc private only import
2017-04-03 09:50:46 -06:00
toddouska
e168d4db09
Merge pull request #821 from SparkiDev/wpas_fips
...
FIPS changes and fixups for wpa_supplicant
2017-04-03 08:27:25 -07:00
Sean Parkinson
fd9e41dd99
ASN functions added to simplify code
...
Functions to get and set different ASN.1 tags have been added.
The functions are used in the asn.c file to simplify the code and ensure
all checks are done.
2017-04-03 16:56:21 +10:00
jrblixt
d626c917dd
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-03-31 14:18:27 -06:00
David Garske
d69c860ab8
Fix bad #elif logic cleanup for using “USE_TEST_GENSEED”.
2017-03-31 13:16:21 -07:00
David Garske
c532819659
Fixes for building with “CUSTOM_RAND_GENERATE_BLOCK”. Removed seed as backup RNG source. Fixed building on embedded system with time_t not defined (test.c should use long for asn_test).
2017-03-31 13:16:21 -07:00
David Garske
69535198ca
Fix RNG to only allow disabling HASHDRBG if CUSTOM_RAND_GENERATE_BLOCK is defined. Added support for CUSTOM_RAND_GENERATE_BLOCK with Intel RDRAND.
2017-03-31 13:16:21 -07:00
David Garske
1251607b04
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-31 13:16:21 -07:00
David Garske
5e3d8e705e
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-31 13:16:21 -07:00
David Garske
34a4f1fae0
Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper.
2017-03-31 13:11:23 -07:00
toddouska
ccad9f5575
Merge pull request #818 from dgarske/tkernel_port
...
TKernel port
2017-03-31 10:10:26 -07:00
dgarske
9455c3b469
Merge pull request #826 from cconlon/ecc_adds
...
add XSTRLEN cast in ecc helper
2017-03-31 10:08:05 -07:00
toddouska
6a4b71de05
Merge pull request #822 from JacobBarthelmeh/Testing
...
testing buffer size with const DH and remove redeclaration of WOLFSSL…
2017-03-31 08:53:49 -07:00
Chris Conlon
e1f6dbe74e
add XSTRLEN cast in ecc helper
2017-03-31 09:17:42 -06:00
dgarske
cc4cc41ccf
Merge pull request #825 from cconlon/ecc_der
...
add EccPrivateKeyToDer()
2017-03-30 20:07:26 -07:00
dgarske
5d840751c0
Merge pull request #823 from cconlon/ecc_adds
...
add ECC helpers to get size and id from curve name
2017-03-30 17:28:29 -07:00
David Garske
4e829bc0a5
Fix to assign default OID for TLS supported curves based on loaded extension order.
2017-03-30 13:54:24 -07:00
Chris Conlon
507f052b3f
ECC helper cleanup
2017-03-30 14:34:12 -06:00
Chris Conlon
6735dd7031
add EccPrivateKeyToDer()
2017-03-30 13:56:48 -06:00
Chris Conlon
347f4e3e4d
Merge pull request #820 from JacobBarthelmeh/PKCS8
...
PKCS8 create function
2017-03-30 13:54:30 -06:00
Chris Conlon
61d82790e4
add ECC helpers to get size and id from curve name
2017-03-30 11:32:56 -06:00
Jacob Barthelmeh
5c2b5f86b9
testing buffer size with const DH and remove redeclaration of WOLFSSL_CRL
2017-03-30 10:53:13 -06:00
Jacob Barthelmeh
71b75efd63
move PKCS8 create function and remove PWDBASED requirement
2017-03-30 10:46:58 -06:00
Sean Parkinson
c74c2ce00c
FIPS changes and fixups
...
Enable ex data explicitly.
Keep the peer cert for verification callback.
External session cache for hostapd.
Enable DES_ECB when not FIPS.
Don't send the peer cert if it is not received from peer.
Initialize the peer cert after free as will be freed on tear down of
SSL.
Allow a server to become a client.
2017-03-30 11:53:35 +10:00
Jacob Barthelmeh
9ebfb0e953
make the function wc_CreatePKCS8Key public
2017-03-29 16:42:51 -06:00
Jacob Barthelmeh
5663fbf41a
adjust placement of ECC curve OID in PKCS8 and add parameter notes
2017-03-29 16:17:54 -06:00
Jacob Barthelmeh
219fb584e2
fix for lenght of PKCS8 with ECC and for ECC get key algo ID
2017-03-29 16:17:26 -06:00
Jacob Barthelmeh
72d11e19cd
add create PKCS8 key
2017-03-29 16:14:34 -06:00
David Garske
36d9504bc3
Added NO_WRITE_TEMP_FILES option to prevent writing temp files during wolfCrypt test.
2017-03-28 19:37:55 -07:00
David Garske
75abeaecfc
Updates for TKernel port (WOLFSSL_uTKERNEL2). Added support for InterNiche prconnect_pro using WOLFSSL_PRCONNECT_PRO. Cleanup the min/max functions. Add NO_STDIO_FGETS_REMAP to not include the fgets remap for WOLFSSL_uTKERNEL2. Fix TFM build warning. Added HAVE_POCO_LIB. Added wolfCrypt test temp cert path for WOLFSSL_uTKERNEL2 = /uda/. Added WOLFSSL_CURRTIME_REMAP for benchmark to allow different function name to be used for system which have a conflicting name. Add ability to use normal malloc/free with WOLFSSL_uTKERNEL2 using NO_TKERNEL_MEM_POOL. Added new XMALLOC_OVERRIDE to allow custom XMALLOC/XFREE/XREALLOC macros. Move CUSTOM_RAND_GENERATE up in RNG choices. Rename tls.c STK macros due to conflict.
2017-03-28 19:10:19 -07:00
Maxime Vincent
25779dfb4f
Introduce HAPROXY config flag + get/set app_data
2017-03-28 13:28:36 +02:00
Maxime Vincent
d94fcd8b69
Implemented wolfSSL_EVP_PKEY_base_id, wolfSSL_BIO_read_filename. Added wolfSSL_EVP_PKEY_type stub
2017-03-28 11:42:30 +02:00
dgarske
14efd9735d
Merge pull request #816 from kaleb-himes/eccCaKeyFile-undefined
...
Fix for: 'Fix for build error with unused eccCaKeyFile'
2017-03-27 21:18:46 -07:00
kaleb-himes
2bcb8e53fc
Address case from review
2017-03-27 16:53:13 -06:00
kaleb-himes
5cffae2e3f
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into eccCaKeyFile-undefined
2017-03-27 16:52:51 -06:00
dgarske
10bf955b70
Merge pull request #817 from kaleb-himes/ocsp-cert-update
...
add 'Class 3 Public Primary Certification Authority' to ocspstapling …
2017-03-27 15:21:55 -07:00
JacobBarthelmeh
9c8574111e
Merge pull request #815 from toddouska/switchcerts
...
better handling of TLS layer switching out CTX layer keys/certs
2017-03-27 15:57:58 -06:00
kaleb-himes
bddf0c52a6
add 'Class 3 Public Primary Certification Authority' to ocspstapling test certificate
2017-03-27 14:13:22 -06:00
kaleb-himes
00ca1dcbb7
Fix for: 'Fix for build error with unused eccCaKeyFile'
2017-03-24 14:01:06 -06:00
toddouska
a7c131c0a1
fix vs warning
2017-03-24 11:19:01 -07:00
toddouska
86efbbbb1d
simplify reset suites on cert/key changes to end of function
2017-03-24 10:40:42 -07:00
toddouska
4783fbfc4f
better handling of TLS layer switching out CTX layer keys/certs
2017-03-24 10:19:01 -07:00
toddouska
d8261796a6
Merge pull request #813 from cconlon/addcert
...
add server-keyPkcs8.der to include.am
2017-03-22 14:58:22 -07:00
JacobBarthelmeh
a216da38d2
Merge pull request #798 from toddouska/trackmem
...
add deallocs to memory tracker
2017-03-22 13:59:29 -06:00
toddouska
0983536c98
Merge pull request #814 from dgarske/fix_crl_redef
...
Fix build warning with redefinition of typedef 'WOLFSSL_CRL’
2017-03-22 08:59:02 -07:00
jrblixt
5f7e77f131
Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
2017-03-21 16:48:55 -06:00
toddouska
4e6f70e15e
Merge pull request #784 from JacobBarthelmeh/Cert-Report2
...
error out with duplicate policy OID in a certificate policies extension
2017-03-21 15:21:46 -07:00
toddouska
a6ecf793ba
Merge pull request #806 from dgarske/tfm_heap_reduce
...
Reduce heap usage with fast math when not using ALT_ECC_SIZE
2017-03-21 15:21:09 -07:00
dgarske
360fb2db0a
Merge pull request #808 from kojo1/TrialProj
...
eccCaKeyFile in RSA/ECC test
2017-03-21 15:21:00 -07:00
toddouska
3e2fe536ad
Merge pull request #809 from JacobBarthelmeh/Testing
...
test case when not using RSA blinding
2017-03-21 15:18:53 -07:00
toddouska
30024b7e7f
Merge pull request #812 from SparkiDev/valgrind_ecc
...
Fix leak in test
2017-03-21 15:18:09 -07:00
jrblixt
88679a6a0c
Merge wolfSSL master.
2017-03-21 15:33:40 -06:00
jrblixt
739436d7a8
Merge with wolfSSL master.
2017-03-21 15:23:47 -06:00
David Garske
d829e5ba5a
Fix build warning with redefinition of typedef 'WOLFSSL_CRL’.
2017-03-21 09:13:50 -07:00
Chris Conlon
c46eb36b4e
add server-keyPkcs8.der to include.am
2017-03-21 09:53:24 -06:00
David Garske
7be1077216
Fix for build error with unused “eccCaKeyFile”.
2017-03-21 08:31:07 -07:00
Sean Parkinson
8bf22b253a
Fix leak in test
...
Use new points for compressed point testing.
2017-03-21 23:34:48 +10:00
toddouska
15423428ed
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-20 15:08:34 -07:00
Jacob Barthelmeh
f26d584cec
test case when not using RSA blinding
2017-03-20 14:15:34 -06:00
JacobBarthelmeh
4cb891334d
Merge pull request #801 from toddouska/fipscheck
...
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-20 13:44:01 -06:00
David Garske
15e442637d
Fix “#error old TLS requires MD5 and SHA” to only occur if !WOLFCRYPT_ONLY.
2017-03-20 10:42:08 -07:00
Takashi Kojo
e35489fd75
eccCaKeyFile in RSA/ECC test
2017-03-20 13:46:26 +09:00
JacobBarthelmeh
52215b3ecf
Merge pull request #734 from kaleb-himes/csharp-addition
...
Adds wrapper for CTX_load_verify_locations to C# wrapper
2017-03-17 18:18:17 -06:00
toddouska
10bf3c4d1d
Merge pull request #804 from SparkiDev/wpas_shared
...
Wpas shared
2017-03-17 16:15:51 -07:00
David Garske
6cc42dcacb
Reduce TFM fp_int size by only adding the “int size” if ALT_ECC_SIZE or WOLFSSL_ASYNC_CRYPT is defined. Fix couple of async build errors in wolfCrypt test.
2017-03-17 15:01:18 -07:00
toddouska
3bb1723476
Merge pull request #768 from dgarske/crl_lookup
...
Added support for inline CRL lookup when HAVE_CRL_IO is defined
2017-03-17 12:18:45 -07:00
toddouska
b9d3db8b47
Merge pull request #800 from SparkiDev/no_fs
...
If there is no filesystem then still compile and run
2017-03-17 12:08:49 -07:00
toddouska
ad57738cc6
Merge pull request #795 from JacobBarthelmeh/Testing
...
bounds checking with adding string terminating character
2017-03-17 12:07:55 -07:00
toddouska
db526999c3
Merge pull request #803 from dgarske/fix_int_cast_warn
...
Fix warning with "implicit conversion loses integer precision”.
2017-03-17 12:05:29 -07:00
toddouska
c69dea624c
Merge pull request #802 from cconlon/rsa_decode
...
add wc_GetPkcs8TraditionalOffset()
2017-03-17 12:04:44 -07:00
Sean Parkinson
461f051ef1
Only expose ECC APIs on config define
2017-03-17 10:52:38 +10:00
Sean Parkinson
37a52414cc
Make MP and ECC APIs public
...
These APIs are needed by wpa_supplicant.
2017-03-17 10:23:37 +10:00
David Garske
141210dcc0
Fix warning with "implicit conversion loses integer precision”.
2017-03-16 14:56:03 -07:00
Jacob Barthelmeh
3f33f2b995
add duplicate policy OID cert to dist
2017-03-16 15:49:40 -06:00
Jacob Barthelmeh
92587651c9
variable i is not used when WOLFSSL_SEP is enabled
2017-03-16 15:48:15 -06:00
Jacob Barthelmeh
faf2bacd56
error out with duplicate policy OID in a certificate policies extension
2017-03-16 15:48:15 -06:00
Chris Conlon
efc2bb43d2
add wc_GetPkcs8TraditionalOffset()
2017-03-16 15:14:20 -06:00
toddouska
ce6e3ce8d0
Merge pull request #799 from cconlon/ecc_decode
...
remove EccPublicKeyDecode() from WOLFSSL_CERT_EXT guard
2017-03-16 12:47:19 -07:00
toddouska
c62b4e8ed5
Merge pull request #797 from cconlon/ecc_private
...
allow ECC private key only import
2017-03-16 12:45:49 -07:00
toddouska
7651afbd38
Merge pull request #794 from dgarske/fix_rsa_e_overflow_w32bit
...
Fix issue with TFM mp_set_int, which should handle unsigned long.
2017-03-16 11:49:07 -07:00
toddouska
2b1b7632fc
add keep option to fips-check.sh to keep FIPS temp folder around
2017-03-16 11:10:12 -07:00
Sean Parkinson
d22dcdb78d
If there is no filesystem then still compile and run
...
Defaults to 2048-bit FF and 256-bit EC keys.
2017-03-16 16:00:31 +10:00
Sean Parkinson
94d56fda59
Merge pull request #796 from toddouska/noasntime
...
fix NO_ASN_TIME build with --enable-wpas
2017-03-16 14:46:10 +10:00
Chris Conlon
a7f8bdb387
remove EccPublicKeyDecode() from WOLFSSL_CERT_EXT guard
2017-03-15 17:28:52 -06:00
toddouska
5839bd0177
add deallocs to memory tracker
2017-03-15 15:36:12 -07:00
Chris Conlon
a13cce9213
allow ECC private key only import
2017-03-15 16:04:17 -06:00
toddouska
36ecbfb1a8
fix NO_ASN_TIME build with --enable-wpas
2017-03-15 14:57:38 -07:00
Jacob Barthelmeh
0ef1b5d298
bounds checking with adding string terminating character
2017-03-15 13:40:41 -06:00
David Garske
2c890e6827
Fix mp_set_int to use calc for 32 const. Changed it to sizeof(b) instead of sizeof(long).
2017-03-15 12:34:55 -07:00
David Garske
4eb76e1d71
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 12:27:02 -07:00
David Garske
cf73a2244f
Fix for stray brace in wolfIO_TcpConnect. Fix to typedef sockaddr_in6 only when TEST_IPV6 is defined. Moved XSOCKLENT into io.h. Added useful WOLFSSL_NO_SOCK, which can be used with WOLFSSL_USER_IO.
2017-03-15 12:26:40 -07:00
David Garske
d3a07858c0
Fixes based on peer review feedback. Fix to only include the non-blocking / select timeout functions when HAVE_IO_TIMEOUT is defined. Fix to only include TCP connect if HAVE_GETADDRINFO or HAVE_SOCKADDR defined. Cleanup of the “struct sockaddr*” to use typedef with HAVE_SOCKADDR. Moved helpful XINET_* and XHTONS/XNTOHS macros to io.h.
2017-03-15 12:26:18 -07:00
David Garske
628f740363
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-15 12:26:18 -07:00
David Garske
5a24fd9237
Fix TFM mp_set_int to handle long. Enhance mp_set_int to use mp_set if less than max mp_digit. Added new MP_SET_CHUNK_BITS to eliminate hard coded const’s and allow build time adjustment.
2017-03-15 12:23:50 -07:00
JacobBarthelmeh
4725a8aea6
Merge pull request #775 from SparkiDev/wpas
...
Changes for WPA Supplicant
2017-03-15 11:19:46 -06:00
toddouska
f38d23a315
Merge pull request #791 from dgarske/fix_ecc_test_curve_idx
...
Fix wc_ecc_export_point_der to use curve_id
2017-03-14 19:22:53 -07:00
toddouska
916a5c97ce
Merge pull request #793 from SparkiDev/scan_build
...
Fixes for scan-build
2017-03-14 19:19:09 -07:00
Sean Parkinson
003e18ecbc
Fixes for scan-build
2017-03-15 09:38:53 +10:00
Sean Parkinson
97b98c5c44
Changes from review
...
Add a free handshake resources API.
Rename to wolfSSL_KeepHandshakeResources().
Add APIs to indicate the client's preference order is to be used when
matching cipher suites.
2017-03-15 09:09:25 +10:00
Sean Parkinson
ac713e62c5
Code review fixes
...
Put back check for server end when setting DH.
Add option to keep resources rather than free after handshake.
2017-03-15 09:09:25 +10:00
Sean Parkinson
122f648fd8
Only support client preference order as default for WPAS.
2017-03-15 09:09:02 +10:00
Sean Parkinson
7897d04145
Need GetHMACSize and GetIVSize for wpas 2.0
2017-03-15 09:09:02 +10:00
Sean Parkinson
fd3093f937
Protect code with #ifdefs
2017-03-15 09:09:02 +10:00
Sean Parkinson
e2930b0a43
Changes for WPA Supplicant
2017-03-15 09:09:02 +10:00
toddouska
7bef7aaa81
Merge pull request #792 from SparkiDev/valgrind
...
Fix valgrind issues
2017-03-14 13:50:26 -07:00
toddouska
4210ce0f67
Merge pull request #789 from SparkiDev/jenkins
...
Fixes for extended configuration testing
2017-03-14 10:00:39 -07:00
toddouska
cccaa8671e
Merge pull request #778 from dgarske/intime_rtos
...
INtime RTOS port
2017-03-14 09:55:50 -07:00
David Garske
2fbce65975
Revert change in types.h for INTIME_RTOS. HAVE_THREAD_LS is not supported here, so don’t define out. Added note in INtime RTOS user_settings.h to indicate this.
2017-03-13 20:03:09 -07:00
David Garske
0eb01698f4
Fix for wolfCrypt ECC import/export point test to not use const idx and instead lookup using the “ecc_curve_id” enum value. Added new “wc_ecc_get_curve_idx” and “wc_ecc_get_curve_id” API’s. Redirected duplicate ECC function “wc_ecc_get_curve_name_from_id” to “wc_ecc_get_name”. Added “ECC_CURVE_INVALID” to indicate invalid curve_id.
2017-03-13 19:58:15 -07:00
Sean Parkinson
72728b21af
Undo as mp_digit is not allowed to get as large as tested
2017-03-14 10:23:13 +10:00
Sean Parkinson
81731df72f
Fix valgrind issues
...
Test program was re-using RSA and ECC key with multiple imports ops.
wc_RsaPublicKeyDecode() leaked if n parseable but not e.
2017-03-14 09:47:34 +10:00
David Garske
8a562c817c
Fix build issues with DEBUG_WOLFSSL defined. Fix typo in user_settings.h for DEBUG_WOLFSSL. Fix issue with example client waiting on local server (shouldn’t be). Updated README.md with example output.
2017-03-13 12:22:44 -07:00
David Garske
e98a0465ae
tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled.
2017-03-13 09:48:55 -07:00
Sean Parkinson
610ac07cd8
Add MP_MASK
2017-03-13 16:28:36 +10:00
Sean Parkinson
8ac2f5cb9c
Windows warning about negating unsigned fix
2017-03-13 12:29:58 +10:00
Sean Parkinson
d4f0c79272
Cast for Windows
2017-03-13 12:18:45 +10:00
Sean Parkinson
614231f71c
Fixes for extended configuration testing
2017-03-13 11:33:39 +10:00
Takuho Nakano
9780f1faef
Fix spacing and comma
2017-03-12 23:01:32 +09:00
toddouska
a6cbfe6f93
Merge pull request #787 from SparkiDev/def_p256
...
Fix elliptic curve selection.
2017-03-11 08:35:11 -08:00
toddouska
91737ceb3f
Merge pull request #786 from JacobBarthelmeh/Testing
...
Testing
2017-03-10 17:03:24 -08:00
Sean Parkinson
80fe2a3524
Fix elliptic curve selection.
...
Preference by:
1. the default for the curve strength (eccTempKeySz),
2. a curve at the curve strength (eccTempKeySz),
3. the default for next higher curve strength,
4. the first curve (client order) with the next highest curve strength
2017-03-11 10:17:15 +10:00
Jacob Barthelmeh
93f1e7cf2e
remove magic number in test case
2017-03-10 13:16:22 -07:00
Jacob Barthelmeh
bb81ea804c
add AES get key to ARMv8 port and add check for BASE 64 encode to tests
2017-03-10 09:55:27 -07:00
Jacob Barthelmeh
dee3159f0f
update byte size conversion
2017-03-10 09:39:18 -07:00
Jacob Barthelmeh
e8d97c9b1e
make test buffers large enough for results
2017-03-10 09:36:29 -07:00
toddouska
5a803730b8
Merge pull request #785 from SparkiDev/fixes
...
Fixes from merge of test coverage changes
2017-03-09 17:58:15 -08:00
toddouska
2b5dba798f
Merge pull request #783 from JacobBarthelmeh/Cert-Report1
...
Add error case for critical Subject Key ID extension
2017-03-09 15:39:23 -08:00
Sean Parkinson
5c9eedbf69
Fixes from merge of test coverage changes
...
Include new certificates in distribution.
Casting changes for clang.
Extra error code - recognize in test.
2017-03-10 09:15:18 +10:00
toddouska
2444a55afe
Merge pull request #708 from SparkiDev/test_cov
...
Extend testing for coverage
2017-03-09 12:52:17 -08:00
toddouska
2bb14903f9
Merge pull request #698 from SparkiDev/nginx
...
Get Nginx working with wolfSSL
2017-03-09 10:23:20 -08:00
toddouska
0e64c7708f
Merge pull request #769 from JacobBarthelmeh/Testing
...
Testing
2017-03-09 10:17:48 -08:00
Jacob Barthelmeh
fd50fd8a3e
Add error case for critical Subject Key ID extension
2017-03-08 16:40:07 -07:00
toddouska
df32c6fb0b
Merge pull request #782 from dgarske/ecc_mem
...
Fix to reduce ECC memory usage when async crypt is not enabled
2017-03-08 15:35:47 -08:00
toddouska
2b0963c42a
Merge pull request #780 from dgarske/crl_win
...
Fixes for building CRL with Windows
2017-03-08 15:31:02 -08:00
David Garske
a55ebb4c18
Fixes for building CRL with Windows. Refactor load_verify_buffer and LoadCRL to use new wc_ReadDir* functions. Added new directory/file API's: wc_ReadDirFirst(), wc_ReadDirNext(), wc_ReadDirClose(). Moved MAX_PATH and MAX_FILENAME_SZ to wc_port.h. Moved BAD_PATH_ERROR into error-crypt.h. The wc_ReadDir is only supported when NO_WOLFSSL_DIR and NO_FILESYSTEM are not defined. Add map to __FUNCTION__ macro in Windows with debug enabled (to resolve build error with VS and __func__ missing). Fix cast warning on response from EncodeOcspRequestExtensions. Fix for cast to call to BuildCertificateStatus.
2017-03-08 11:21:11 -08:00
Jacob Barthelmeh
a0effa6329
call mp_clear to match call to mp_init
2017-03-08 11:26:16 -07:00
David Garske
e115205d18
Fix to reduce ECC memory usage when async crypt is not enabled. Fix uses local for r and s instead of key->r and key->s.
2017-03-07 13:45:02 -08:00
toddouska
e7445b8e49
Merge pull request #781 from dgarske/fix_sb_int_dp
...
Fix integer.c scan-build warning for possible use of NULL dp
2017-03-07 12:03:20 -08:00
David Garske
be42a575da
Fix additional integer.c report of possible use of NULL dp (after normal math performance improvement to defer dp pointer alloc commit bdbb98ed20
2017-03-06 13:19:52 -08:00
JacobBarthelmeh
ebef5083ca
Merge pull request #777 from toddouska/dhpub
...
add check dh public key to agree()
2017-03-06 10:16:57 -07:00
JacobBarthelmeh
bb3bea3d4c
Merge pull request #773 from toddouska/authtag
...
add defined for default AES AUTH_TAG_MIN_SZ
2017-03-06 09:53:01 -07:00
Sean Parkinson
ae6fbb220f
Pass the context to statusCb (needed in Nginx 1.10.3)
2017-03-06 10:58:25 +10:00
toddouska
ba1a8d7681
Merge pull request #765 from dgarske/scanbuild_fixes
...
Fixes for scan-build warnings
2017-03-03 15:58:10 -08:00
toddouska
0d3ef0b399
Merge pull request #776 from dgarske/fix_iis_signature_algorithms
...
Fix issue with IIS servers and NO_OLD_TLS
2017-03-03 12:51:22 -08:00
toddouska
a348898e96
add AUTH_SZ size check to ti and armv8 ports
2017-03-03 11:42:24 -08:00
toddouska
7bcd26e321
add check dh public key to agree()
2017-03-03 11:30:38 -08:00
JacobBarthelmeh
6800ffe8fa
Merge pull request #772 from toddouska/sr3-fix
...
fix signer memory takeover on malformed data
2017-03-03 10:21:01 -07:00
toddouska
eef3ec4a87
Merge pull request #763 from NickolasLapp/master
...
Changes to bring wolfssl up to date with stunnel 5.40
2017-03-03 09:00:11 -08:00
JacobBarthelmeh
ace417b087
Merge pull request #774 from ejohnstown/psk-staticmemory
...
Static Memory Handshake Fix
2017-03-03 09:38:19 -07:00
toddouska
2b937e2f23
Merge pull request #771 from JacobBarthelmeh/master
...
account for static memory IO_POOL free when general memory was used
2017-03-03 08:31:55 -08:00
David Garske
431f363520
Better fixes for suppressing scan-build warning with normal math enabled.
2017-03-03 07:35:26 -08:00
Sean Parkinson
0182d99efb
Updates for nginx 1.10.3
...
Don't return global error when: SOCKET_PEER_CLOSED_E or SOCKET_ERROR_E
Increase max ex_data items to 5
2017-03-03 16:38:29 +10:00
David Garske
b5fe3ddbfa
Fix to allow connection to IIS server which requires SHA1 hash algo to be present in signature_algos extension. Issue only exists when NO_OLD_TLS is defined. To enable SHA1 with TLS 1.2 define "WOLFSSL_ALLOW_TLS_SHA1”.
2017-03-02 18:18:05 -08:00
David Garske
67a8626430
Fix for scan-build warning with “->dp == NULL”. Scenario can’t happen, but adding sanity check to suppress warning.
2017-03-02 15:56:31 -08:00
John Safranek
ec1d8c7090
Fixed where the client was using NULL instead of ssl->heap when allocating memory during SendClientKeyExchange(). Failing on an embedded static build.
2017-03-02 10:05:24 -08:00
David Garske
d903059e05
Fixes to allow signature_algorithms extension to send SHA1 (if enabled) and NO_OLD_TLS is defined. This resolves an issue connected to ISS servers.
2017-03-01 19:07:13 -08:00
toddouska
c1c7c90345
add defined for default AES AUTH_TAG_MIN_SZ
2017-03-01 11:17:24 -08:00
Jacob Barthelmeh
9ab28f9756
account for static memory IO_POOL free when general memory was used
2017-03-01 11:39:00 -07:00
toddouska
2d612da9f4
fix signer memory takeover on malformed data
2017-03-01 10:25:54 -08:00
Sean Parkinson
7ca19f9fff
Protect other call to wc_EccPublicKeyDecode
2017-03-01 09:37:18 +10:00
Sean Parkinson
292a17fff8
wc_EccPublicKeyDecode changes from review
2017-03-01 09:37:18 +10:00
Sean Parkinson
455fb96faa
Extend testing for coverage
2017-03-01 09:37:18 +10:00
dgarske
0608cd0dd3
Merge pull request #770 from JacobBarthelmeh/master
...
adjust return value of hash update and address warning with NO_SHA
2017-02-28 14:56:43 -08:00
Sean Parkinson
13e6217fd5
Changes from code review
2017-03-01 08:38:54 +10:00
Sean Parkinson
d4abeb56db
Fixes required after logging changes to master.
2017-03-01 08:38:54 +10:00
Sean Parkinson
e6434f380b
Get Nginx working with wolfSSL
2017-03-01 08:38:54 +10:00
jrblixt
d5d7a4ae7b
Report failure but continue to run.
2017-02-28 14:44:11 -07:00
Jacob Barthelmeh
f77458992e
resolve windows warnings and add sanity check with PKCS12 parse
2017-02-28 14:33:07 -07:00
Jacob Barthelmeh
0ed8024bcf
adjust return value of hash update and address warning with NO_SHA
2017-02-28 13:40:03 -07:00
toddouska
b86dfd582f
Merge pull request #766 from JacobBarthelmeh/Testing
...
debug message fix
2017-02-27 12:09:43 -08:00
jrblixt
b2fc525a1d
update MD5, SHA, SHA256, SHA384, SHA512 Update functions.
2017-02-24 15:58:47 -07:00
jrblixt
c467bbd776
Reasses return values on all Init, Update, Final functions.
2017-02-24 15:16:54 -07:00
Jacob Barthelmeh
26bd19bbd8
debug message fix
2017-02-23 17:15:44 -07:00
David Garske
9db6a27921
Fixes for scan-build warnings. Fix possible memory leak in wolfSSL_DH_new on failure. Add null checks in integer.c for destination to make sure “dp” grows when NULL (even though never happens in real-use). Added suppression of wc_port.c warning “Value stored to 'ret' is never read”.
2017-02-23 14:47:36 -08:00
jrblixt
6ca16b06d2
MergeConflicts
2017-02-23 11:13:32 -07:00
toddouska
6425a654be
Merge pull request #761 from dgarske/stm32_fixes
...
Fix for AES-GCM with STM32 and CubeMX HAL
2017-02-22 14:31:36 -08:00
toddouska
302db35b2f
Merge pull request #752 from dgarske/fix_ecc_import_wstaticmem
...
Fix issue with wc_ecc_import_x963_ex() loosing heap pointer
2017-02-22 14:30:57 -08:00
toddouska
bdbb98ed20
Merge pull request #735 from dgarske/norm_math_speedup
...
Normal math speed-up to not allocate on mp_int and defer until mp_grow
2017-02-22 14:29:51 -08:00
John Safranek
d52f44108c
Merge pull request #762 from moisesguimaraes/fix-ocsp-request
...
Adds missing free(request) in CheckOcspRequest()
2017-02-22 14:19:51 -08:00
Moisés Guimarães
8bbcdf977d
adds missing free(request) in CheckOcspRequest()
2017-02-22 10:43:07 -08:00
Nickolas Lapp
2ef4525d4d
Changes to bring wolfssl up to date with stunnel 5.40
2017-02-22 11:15:59 -07:00
David Garske
5a539751a2
Fixes for AES with STM32 and CubeMX. The key size was not being set and causing issues with AES GCM.
2017-02-21 15:12:40 -08:00
dgarske
aeea24a5e3
Merge pull request #760 from toddouska/mcheck
...
fix small stack malloc checks
2017-02-21 14:33:44 -08:00
David Garske
e01da5c44c
Fix mp_set to return int after rebase.
2017-02-21 14:12:27 -08:00
David Garske
b05cfec057
Fix build warning with missing “mp_to_unsigned_bin_at_pos” declaration.
2017-02-21 14:03:21 -08:00
David Garske
4cbfec1c7d
Implemented ksdk_port fixes to handle mp_ response codes. Added KSDK support for normal math. Regression testing against K82 hardware (MMCAU/LTC) and software with normal and fast math.
2017-02-21 14:03:21 -08:00
David Garske
3008c888bf
Fix mp_cmp_d logic to handle a->used == 0. Revert mp_copy and mp_set 0 size workarounds.
2017-02-21 14:03:21 -08:00
David Garske
9c7407d18c
Added return codes to wc_InitDhKey, wc_InitDsaKey and mp_set. Added missing return code checks on mp_copy in ecc.c. Fixed build with DSA and no ECC where mp_set function def would be missing.
2017-02-21 14:03:21 -08:00
David Garske
d14be65315
Improve handling of mp_clear for RSA after speed-up.
2017-02-21 13:59:38 -08:00
David Garske
bced81d234
Improve handling of mp_init / mp_clear for DH and DSA after speed-up.
2017-02-21 13:59:38 -08:00
David Garske
da5825b94d
Normal math speed-up to not allocate on mp_int and defer until mp_grow. Added memory tracker support to ./tests/unit.test. Fix memory leak with curve cache enabled, by adding to wolfSSL_Cleanup.
2017-02-21 13:59:38 -08:00
toddouska
e9c806a639
Merge pull request #743 from JacobBarthelmeh/master
...
change pem_password_cb typedef for compatibility
2017-02-21 13:23:05 -08:00
toddouska
ce94243a20
Merge pull request #746 from cconlon/pkcs7ukm
...
PKCS7: fix optional UserKeyingMaterial encoding
2017-02-21 13:22:31 -08:00
toddouska
f4f5d2d569
Merge pull request #747 from dgarske/integer_min_max
...
Fix naming for integer.c min/max local variables
2017-02-21 13:21:52 -08:00
toddouska
988f7fa983
Merge pull request #759 from dgarske/fix_smallstack_procuserhcain
...
Fix for ProcessUserChain with WOLFSSL_SMALL_STACK defined causing stack corruption
2017-02-21 13:20:43 -08:00
dgarske
c01fb8f655
Merge pull request #758 from kaleb-himes/mp_set
...
Fix for building with ECC disabled and DSA enabled with mp_set API.
2017-02-21 12:59:53 -08:00
David Garske
7125d16f3e
Fix issue with wc_ecc_import_x963_ex() and wc_ecc_import_raw_private() loosing heap pointer. Fixes issue #750 .
2017-02-21 12:19:48 -08:00
toddouska
fc85b8189c
fix small stack malloc checks
2017-02-21 11:18:09 -08:00
David Garske
f0112c2f7d
Fix for ProcessUserChain with WOLFSSL_SMALL_STACK defined causing stack corruption.
2017-02-21 10:38:44 -08:00
kaleb-himes
fddf3bc664
pre-processor-macro update for mp_set API
2017-02-20 16:31:19 -07:00
JacobBarthelmeh
db1f205522
Merge pull request #756 from toddouska/release3-10-3
...
3.10.3 rel
2017-02-20 10:08:14 -07:00
toddouska
ebb21fc284
update rpm spec
2017-02-17 15:02:04 -08:00
toddouska
e3503b8f9b
3.10.3 rel
2017-02-17 14:49:18 -08:00
toddouska
3837173f93
Merge pull request #754 from wolfSSL/ecc_cdh
...
Added ECC Cofactor DH (ECC-CDH) support
2017-02-17 14:26:09 -08:00
Sean Parkinson
19ee115392
Merge pull request #755 from toddouska/kat-errors
...
add ECC_CDH KAT error code
2017-02-17 14:25:51 -08:00
toddouska
b4802cd73d
add ECC_CDH KAT error code
2017-02-17 12:26:35 -08:00
Sean Parkinson
bdd3f2be41
Make sure ecc key is always memset to 0
2017-02-17 12:15:18 -08:00
Sean Parkinson
3e6ef835b1
Free the ecc keys
2017-02-17 12:06:27 -08:00
Sean Parkinson
09bae9da3e
Fixup from review
2017-02-17 11:18:05 -08:00
Sean Parkinson
24cd46f1f1
Fixes from code review
2017-02-17 11:05:29 -08:00
David Garske
d625645338
Refactor to combine ECC-CDH with existing “wc_ecc_shared_secret()” and use flag to perform cofactor computation on private key. Added new API “wc_ecc_set_flags()” and flag “WC_ECC_FLAG_COFACTOR” to indicate key should use cofactor. Added NIST CAVS test vector for ECC CDH Primitive with P-256.
2017-02-16 16:30:30 -08:00
David Garske
39607984f7
Added ECC Cofactor DH (ECC-CDH) support with new “wc_ecc_cdh()” and “wc_ecc_cdh_ex()” API’s. Enable using “HAVE_ECC_CDH” define.
2017-02-16 13:17:08 -08:00
toddouska
7da446c25a
Merge pull request #748 from JacobBarthelmeh/Release
...
Release
2017-02-12 21:55:31 -08:00
Jacob Barthelmeh
337c52b4cf
prepare for release 3.10.2
2017-02-10 10:19:34 -07:00
Jacob Barthelmeh
6c55701725
c89 build with ECC compresed key
2017-02-10 10:09:45 -07:00
David Garske
4f53761faf
Fix naming for integer.c min/max local variables to resolve reported “error: declaration of 'min' shadows a global declaration”.
2017-02-09 15:52:25 -08:00
Jacob Barthelmeh
e307f3e89d
free decoded cert with small stack build
2017-02-09 16:06:34 -07:00
Jacob Barthelmeh
0cbc640aad
memory managment in crl.c with crl monitor
2017-02-09 15:39:55 -07:00
toddouska
c022614e07
Merge pull request #742 from dgarske/fix_asn_getlen
...
Improved ASN error checking
2017-02-09 13:05:26 -08:00
Chris Conlon
93642cfcb9
PKCS7: fix optional UserKeyingMaterial encoding
2017-02-09 12:04:19 -07:00
toddouska
8763a71420
Merge pull request #745 from JacobBarthelmeh/Windows
...
wolfCrypt cleanup in test.c moved and add wolfSSL init to testsuite w…
2017-02-09 10:19:51 -08:00
toddouska
3a6e8bf0d0
Merge pull request #744 from JacobBarthelmeh/Testing
...
static analysis fixes for memory management and possible null dereference
2017-02-09 10:18:26 -08:00
David Garske
321392998d
Additional ASN checks for GetSequence and GetSet. Cleanup of the buffer space check error to use BUFFER_E.
2017-02-09 09:50:06 -08:00
Jacob Barthelmeh
6a6e61f1d8
wolfCrypt cleanup in test.c moved and add wolfSSL init to testsuite with single threaded
2017-02-08 18:52:16 -07:00
Jacob Barthelmeh
b6b3021def
gcc-6 uninitialized warning with srp build
2017-02-08 16:49:58 -07:00
Jacob Barthelmeh
b0728645c9
static analysis fixes for memory management and possible null derefrence
2017-02-08 16:29:54 -07:00
toddouska
ef38ab8fc5
Merge pull request #701 from JacobBarthelmeh/mutex
...
better compatibility with printing errors to a file
2017-02-08 11:12:17 -08:00
Jacob Barthelmeh
c02f35c128
change pem_password_cb typedef for compatibility
2017-02-08 11:48:50 -07:00
John Safranek
868e704b82
Merge pull request #732 from kaleb-himes/openrtos-3.9.2-checkout
...
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM…
2017-02-07 21:19:43 -08:00
dgarske
c074ab273f
Merge pull request #740 from toddouska/ocsp
...
Fix OCSP signature leading zero, certdecode free on parse failure. Add WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certs, responder issuer must still be trusted. Add user clock skew defines for date skew before checks (WOLFSSL_AFTER_DATE_CLOCK_SKEW=# and WOLFSSL_BEFORE_DATE_CLOCK_SKEW=#).
2017-02-07 18:46:31 -08:00
Jacob Barthelmeh
993a604124
remove extern variables and use error queue instead
2017-02-07 17:16:22 -07:00
toddouska
6fc81652b7
Merge pull request #738 from JacobBarthelmeh/Testing
...
align compatibility layer sha256 and sha224 structs
2017-02-07 13:59:34 -08:00
David Garske
8f1c2965af
Fix build warning in asn.c with “potentially uninitialized local variable 'length' used”.
2017-02-07 13:34:27 -08:00
toddouska
468df109b6
add WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certs, responder issuer must still be trusted
2017-02-07 13:31:59 -08:00
David Garske
19204ab1ac
Fix comment.
2017-02-07 11:07:48 -08:00
David Garske
a2984553d7
Fixes for build with user-crypto RSA (--enable-fast-rsa).
2017-02-07 11:03:17 -08:00
David Garske
3a1921e107
Fixes to ASN GetLength changes. Additional GetLength checks in PKCS7 and PKCS12.
2017-02-07 10:59:34 -08:00
David Garske
0286d157a7
First pass at cleanup of the GetLength function handling of 0 length value. Added some asn.c build option comments.
2017-02-06 20:05:04 -08:00
toddouska
7ddeb1afd9
add user clock skew defines for date skew before checks
2017-02-06 16:30:48 -08:00
toddouska
f938a75780
fix OCSP signature leading zero, certdecode free on parse failure
2017-02-06 14:10:38 -08:00
Jacob Barthelmeh
53bebb4785
add error code for wolfCrypt_Cleanup
2017-02-06 14:51:55 -07:00
toddouska
1f7976a587
Merge pull request #739 from JacobBarthelmeh/Memory
...
reduction of mp_jacobi stack usage
2017-02-06 11:59:52 -08:00
Moisés Guimarães
daafb2c5ac
changes docs to single page
2017-02-05 18:56:19 -03:00
Moisés Guimarães
e33d4c0172
adds full docs
2017-02-05 18:51:13 -03:00
Moisés Guimarães
00a74d0da4
adds initial doc files
2017-02-05 16:43:43 -03:00
Jacob Barthelmeh
0f91542cf4
add peek error node function to make use of debug mutex
2017-02-03 11:52:36 -07:00
Jacob Barthelmeh
e8110e773e
reduction of mp_jacobi stack usage
2017-02-02 17:13:26 -07:00
Jacob Barthelmeh
b1522e0c59
pack Sha256 struct
2017-02-02 14:55:51 -07:00
Jacob Barthelmeh
e722459df3
align compatibility layer sha256 and sha224 structs
2017-02-02 11:57:29 -07:00
Erik Bray
bf12e4ecca
wolfcrypt Python: work around minor issue in Random.__del__
...
During interpreter shutdown, depending on the order in which things happen, a module can be unloaded before all instances of classes defined in that module are garbage collected.
In particular, this means that any global variables (including imported modules) become `None` by the time the instances `__del__` is called, resulting in
```
AttributeError: 'NoneType' object has no attribute 'wc_FreeRng'
```
being displayed while the process exits. This can be avoided simply by catching and ignoring the `AttributeError` in this case, since the process is shutting down anyways.
2017-02-02 16:51:41 +01:00
Moisés Guimarães
895bf8dfbc
Merge pull request #728 from embray/patch-1
...
Fixes a serious bug in Random.byte
2017-02-01 21:07:20 -03:00
dgarske
16698db48f
Merge pull request #733 from kaleb-himes/tirtos-updates
...
updates for TIRTOS build following release 3.10.0
2017-02-01 14:47:12 -08:00
Kaleb Himes
fde6700d89
fix typo
2017-01-31 15:10:49 -07:00
kaleb-himes
d1f323ca58
Adds wrapper for CTX_load_verify_locations to C# wrapper
2017-01-31 14:45:33 -07:00
jrblixt
b11265dbf5
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-31 14:34:58 -07:00
jrblixt
de9f05f3c5
Update sha256.c function punctuation.
2017-01-31 14:33:21 -07:00
Kaleb Himes
af355f7472
updates for TIRTOS build following release 3.10.0
2017-01-31 13:15:45 -08:00
kaleb-himes
b2e4a50bf4
fips checkout for OpenRTOS v9.0.0 w/ wolfCrypt v3.9.2 on Atmels ATSAM4L CPU
2017-01-30 15:32:59 -07:00
Moisés Guimarães
29f52ec735
Merge pull request #730 from toddouska/ocsp
...
Better CheckOcspRequest error detection on retry
2017-01-30 12:59:58 -03:00
toddouska
ea96fa95b3
add new OCSP response validated debug message and remove redundant ret set
2017-01-28 11:11:25 -08:00
Erik Bray
a094a36fa8
Update random.py
...
Realized that `ffi.string()` could truncate the output on null bytes.
2017-01-28 15:55:42 +01:00
toddouska
a10d464126
fix scan-build warning and simplify CheckOcspRequest validation
2017-01-27 17:07:31 -08:00
toddouska
f44bbe9ba3
Better CheckOcspRequest error detection on retry
2017-01-27 15:42:00 -08:00
John Safranek
1108ea0303
Merge pull request #729 from JacobBarthelmeh/staticmemory
...
account for unaligned memory when computing optimum size and update s…
2017-01-27 15:00:18 -08:00
Jacob Barthelmeh
0b8730f0b6
check bounds of buffer and get file buffer size
2017-01-27 15:14:25 -07:00
Jacob Barthelmeh
fc899029fb
account for unaligned memory when computing optimum size and update static memory tests
2017-01-27 10:50:47 -07:00
jrblixt
e4942eaa3d
Reorder restore statement.
2017-01-26 17:03:05 -07:00
jrblixt
74f72b5c6b
Jenkins fix.
2017-01-26 13:15:11 -07:00
Erik Bray
e96a720f04
Fixes a serious bug in Random.byte
...
Python's bytecode compiler has a peephole optimizer which, among other things, can recognize constant expressions and replace them with a constant.
In `Random.byte` the expression `t2b('\0')` is recognized as a constant and is replaced with a single constant compiled into the function's bytecode.
This means that every time you run `Random.byte`, rather than creating a new `str` object (or `bytes` in Python 3) it's reusing the same one each time, and `wc_RNG_GenerateByte` is writing right into that constant object's buffer; hence the following behavior:
```
In [55]: rng = Random()
In [56]: a = rng.byte()
In [57]: a
Out[57]: "'"
In [58]: rng.byte()
Out[58]: '\x11'
In [59]: a
Out[59]: '\x11'
In [60]: rng.byte()
Out[60]: '\x16'
In [61]: a
Out[61]: '\x16'
In [62]: rng.byte.__func__.__code__.co_consts
Out[62]:
('\n Generate and return a random byte.\n ',
'\x16',
0,
'RNG generate byte error (%d)')
In [63]: rng.byte()
Out[63]: '\xad'
In [64]: rng.byte.__func__.__code__.co_consts
Out[64]:
('\n Generate and return a random byte.\n ',
'\xad',
0,
'RNG generate byte error (%d)')
```
`Random.bytes` does not necessarily have this problem since its result buffer is not a constant expression, though I feel like it could also in principle be affected if the string were interned (though I couldn't produce such a result). Nevertheless, it doesn't seem like a good idea to be updating `str` objects' buffers directly.
2017-01-26 20:48:15 +01:00
jrblixt
3ca087e850
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-26 12:48:03 -07:00
jrblixt
79e8bd2f2b
Restore the ssl->hsHashes->hashSha384 before returning on failure.
2017-01-26 12:44:20 -07:00
jrblixt
be768f5395
Made changes in api.c to reflect Update() changes.
2017-01-26 12:34:09 -07:00
dgarske
d22bc5d347
Merge pull request #727 from ejohnstown/minor-cleanups
...
Minor Cleanups
2017-01-26 08:50:28 -08:00
John Safranek
d93f856081
Minor Cleanups
...
1. Removed the execute bit from a few C source files.
2. Changed a couple letters in Moises's name in tfm.h to
the non-extended/accented versions of "e" and "a".
2017-01-25 14:17:17 -08:00
dgarske
1e02d00f61
Merge pull request #725 from toddouska/psk
...
add PSK test support to openssl script interop
2017-01-24 13:52:23 -08:00
JacobBarthelmeh
d60d0b4e3f
Merge pull request #726 from ejohnstown/static-memory-fix
...
Allow Static Memory...
2017-01-24 09:38:08 -07:00
John Safranek
13d0908b09
Allow static memory option when not using fast math or not using
...
slow math for anything.
2017-01-23 16:38:29 -08:00
toddouska
a9a0cdfe71
add PSK test support to openssl script interop
2017-01-23 16:10:01 -08:00
toddouska
52bc606ef9
Merge pull request #723 from dgarske/fix_ecc_noshamir_wstaticmem
...
Fix issue with wc_ecc_verify_hash_ex when not using SHAMIR and using static memory
2017-01-23 14:00:43 -08:00
toddouska
a1b79abedb
Merge pull request #717 from wolfSSL/auto_ecc_sup_curves
...
Added code to automatically populate supported ECC curve information
2017-01-23 13:57:56 -08:00
David Garske
b7c3a340c1
Fix issue with wc_ecc_verify_hash_ex when not using SHAMIR and using static memory. Fixes issue #722 .
2017-01-23 09:12:03 -08:00
dgarske
008a69f185
Merge pull request #721 from ejohnstown/cleanups-for-multicast
...
Small Fixes for Multicast
2017-01-22 13:19:10 -08:00
Moisés Guimarães
d3d7446a24
removes 3DES from docs
2017-01-21 15:31:26 -02:00
Chris Conlon
8e0affb4a3
Merge pull request #692 from moisesguimaraes/fixes-ocsp-stapling-parser
...
Fixes certificate status parsing, adds behavior for unknown status type
2017-01-20 16:41:28 -07:00
John Safranek
ac0181d527
In benchmark, change the calls to InitRNG to the explicit
...
heap versions like all the other crypt calls so it works
with static memory. Plays nice with FIPS mode if available.
2017-01-20 15:36:08 -08:00
Chris Conlon
4d83ef1c23
Merge pull request #712 from moisesguimaraes/fixes-ocsp-lookup
...
fixes CA matching when using NO_SKID
2017-01-20 16:15:12 -07:00
John Safranek
497313978f
Multicast
...
1. Opt-out the wolfmath code if not using big integers.
2. Opt-in a few functions when using lean PSK and DTLS.
3. Add a couple (void)heap to hush the compiler for
usused variables in lean PSK.
4. Add include limits.h to internal.h if CHAR_BIT isn't
defined. This is mainly for DTLS with lean PSK.
2017-01-20 11:59:28 -08:00
jrblixt
3918cdef03
Wrapped functions.
2017-01-19 13:35:23 -07:00
David Garske
784ce57f45
Fix for TLSX_PopulateExtensions to not use #else HAVE_QSH case for populating supported curves.
2017-01-19 09:23:07 -08:00
toddouska
835e3b7953
Merge pull request #719 from dgarske/fix_aes_no_dec
...
Fixes for building with NO_AES_DECRYPT
2017-01-19 08:52:32 -08:00
toddouska
e86d59b3f7
Merge pull request #718 from dgarske/fix_ecc_comp_err
...
Fix scan-build warning with err not being read with HAVE_COMP_KEY defined
2017-01-19 08:50:44 -08:00
toddouska
18b78795fb
Merge pull request #716 from dgarske/fix_no_asn_time
...
Fix build with NO_ASN_TIME
2017-01-19 08:43:50 -08:00
toddouska
fa2882322d
Merge pull request #713 from JacobBarthelmeh/master
...
chacha20_poly1305 function expects a key size of 32 bytes
2017-01-19 08:41:48 -08:00
David Garske
1afe613512
Fixes for building with NO_AES_DECRYPT. Added new HAVE_AESGCM_DECRYPT to allow AES GCM Decrypt with NO_AES_DECRYPT defined, since GCM uses only encrypt routine. Only allow TLS AES if NO_AES_DECRYPT is not defined.
2017-01-18 15:56:18 -08:00
David Garske
b3721c6808
Fix scan-build warning with err not being read with HAVE_COMP_KEY defined. Okay to always call wc_ecc_curve_free, since DECLARE_CURVE_SPECS does a memset.
2017-01-18 14:05:32 -08:00
Moisés Guimarães
a761a7fc64
updates provisioners
2017-01-18 19:19:03 -02:00
Moisés Guimarães
feb6617dc9
updates centos provisioner
2017-01-18 18:41:15 -02:00
Moisés Guimarães
51bf46288b
adds client example
2017-01-18 18:18:19 -02:00
Moisés Guimarães
5c8e69eb5e
updates vagrant configs; updates server example, updates copyright year.
2017-01-18 17:59:48 -02:00
David Garske
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
toddouska
31981cc365
Merge pull request #711 from cconlon/ecc
...
add ECC export raw, sig to (R,S), helper functions
2017-01-18 09:27:42 -08:00
toddouska
58f1fd2cc9
Merge pull request #704 from SparkiDev/memfail
...
Fixes from failure testing
2017-01-17 12:53:56 -08:00
jrblixt
c5bd24c1b7
Added changes Chris requested.
...
Moved error-crypt.h location and corrected FIPS return code.
Made requested changes to printf where 0 == 0.
2017-01-17 13:51:17 -07:00
toddouska
a00bdb0de7
Merge pull request #714 from wolfSSL/fix_intelasm_debug
...
Fixed issue with intelasm and debug with SHA256
2017-01-17 12:50:17 -08:00
Jacob Barthelmeh
e84528205e
chacha20_poly1305 function expects a key size of 32 bytes
2017-01-17 13:39:26 -07:00
toddouska
2281560f1a
Merge pull request #710 from JacobBarthelmeh/staticmemory
...
pass heap hint to temporary public ECC key
2017-01-17 12:15:45 -08:00
toddouska
2e60330796
Merge pull request #703 from JacobBarthelmeh/SGX
...
wolfcrypt only build with Windows
2017-01-17 12:13:37 -08:00
toddouska
c7ecf23c85
Merge pull request #696 from JacobBarthelmeh/Testing
...
fix possible memory leak on error case with ASN1 INTEGER to BN function
2017-01-17 12:10:21 -08:00
David Garske
a0dc8dc8f9
Fix build with NO_ASN_TIME. Kaleb, add to future build options tests.
2017-01-17 10:35:48 -08:00
Moisés Guimarães
bb97e03a44
initial server tests
2017-01-16 19:40:46 -02:00
Moisés Guimarães
089387906e
updates tests
2017-01-16 18:52:34 -02:00
Moisés Guimarães
715d6afeda
updates tox config
2017-01-16 18:48:01 -02:00
Moisés Guimarães
0a9f66338c
adds coverity tests
2017-01-15 12:51:09 -02:00
Moisés Guimarães
2d56f09320
adds accept() behavior to SSLSocket; Migrates tests to pytest.
2017-01-15 12:26:22 -02:00
David Garske
1aeab91828
Fixed issue with intelasm and debug with SHA256 due to stack variable W_K alignment. Removed obsolete DEBUG_XMM code.
2017-01-13 15:50:04 -08:00
Moisés Guimarães
56091e267f
moving source code into src
2017-01-12 19:27:36 -02:00
Chris Conlon
00fed61d36
Merge pull request #709 from JacobBarthelmeh/PKCS12
...
heap hint with PKCS7
2017-01-12 09:34:20 -07:00
Jacob Barthelmeh
75e3b5a297
pass heap hint to temporary public ECC key
2017-01-12 09:10:25 -07:00
Moisés Guimarães
86a3039e0b
fixes CA matching when using NO_SKID
2017-01-12 13:56:38 -02:00
Sean Parkinson
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
Chris Conlon
f6647fbf84
add ECC export raw, sig to (R,S), helper functions
2017-01-11 17:08:35 -07:00
Jacob Barthelmeh
36d34ce069
free WOLFSSL_BN in SetIndividualExternal error case and simplify mpi_clear call
2017-01-11 14:53:32 -07:00
toddouska
fc8ab42612
Merge pull request #671 from dgarske/ecc_curve_cache
...
New ECC curve cache feature to improve performance
2017-01-11 13:34:32 -08:00
toddouska
575ac7b9d3
Merge pull request #707 from JacobBarthelmeh/master
...
fix location in tfm.c that could result in potential cache attack
2017-01-11 12:35:22 -08:00
Jacob Barthelmeh
bafddd1ba8
heap hint with PKCS7
2017-01-11 11:38:21 -07:00
Jacob Barthelmeh
e3277c19b7
fix location in tfm.c that could result in potential cache attack
2017-01-10 15:00:00 -07:00
dgarske
8954de40ff
Merge pull request #706 from JacobBarthelmeh/Windows
...
open test file in binary mode
2017-01-10 11:54:47 -08:00
JacobBarthelmeh
c191a19a77
Merge pull request #705 from cconlon/pkcs7rng
...
fix RNG to WC_RNG typo in pkcs7.c
2017-01-10 10:15:05 -07:00
Jacob Barthelmeh
6732961e0d
open test file in binary mode
2017-01-10 09:57:29 -07:00
Chris Conlon
993e6298ac
fix RNG to WC_RNG typo in pkcs7.c
2017-01-09 16:59:42 -07:00
David Garske
3338ea9ef7
Added ecc.c documentation for WOLFSSL_VALIDATE_ECC_IMPORT. Note: Add this define to enable checks for Jenkins (after this is merged).
2017-01-09 15:01:17 -08:00
David Garske
0722f4d20f
Fixes to reduce stack usage with ECC_CACHE_CURVE disabled (same as previous code). Added USE_ECC_B_PARAM macro (enabled with ECC_CACHE_CURVE or HAVE_COMP_KEY). Fixed bug with WOLFSSL_VALIDATE_ECC_KEYGEN defined and args to ecc_check_pubkey_order. Fixed counts for DECLARE_CURVE_SPECS(). Fixed wc_ecc_import_point_der to use curve cache. Enhance wc_ecc_check_key to support ECC_CACHE_CURVE for b or load using read_radix. Enhance to expose wc_ecc_is_point with all required mp_int* args directly.
2017-01-09 11:15:13 -08:00
Jacob Barthelmeh
6edb639d9d
wolfcrypt only build with Windows
2017-01-09 10:33:46 -07:00
dgarske
af00ad7683
Merge pull request #700 from JacobBarthelmeh/master
...
run peek last error line test only when NO_OLD_TLS is not defined
2017-01-07 11:37:27 -08:00
Jacob Barthelmeh
4be5f624e8
include logging.h in test.c
2017-01-06 16:40:19 -07:00
Jacob Barthelmeh
dcb9ef6651
better compatibility with printing errors to a file
2017-01-06 14:29:16 -07:00
dgarske
274ac21450
Merge pull request #699 from kaleb-himes/FREERTOS_TCP
...
Remove toolchain level define from OS_TCP section
2017-01-06 13:23:22 -08:00
Jacob Barthelmeh
d3604f1061
run peek last error line test only when NO_OLD_TLS is not defined
2017-01-06 13:22:49 -07:00
kaleb-himes
2b49f4205f
Remove toolchain level define from OS level define section
2017-01-06 11:44:04 -07:00
jrblixt
08f188ab44
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
2017-01-06 11:26:06 -07:00
jrblixt
2c87f8d33c
merge with wolfSSL master.
2017-01-06 11:06:01 -07:00
David Garske
050ba9d6e0
unit test md5, sha, sha256, sha384, sha512
...
Memory leak fix.
2017-01-06 10:57:50 -07:00
toddouska
c20a35f1db
Merge pull request #697 from JacobBarthelmeh/master
...
adjust dynamic types with PKCS12 parse
2017-01-05 14:39:17 -08:00
Jacob Barthelmeh
1afb7e20db
fix for freeing copy of mpi in the case of not using fastmath
2017-01-05 13:49:07 -07:00
Jacob Barthelmeh
147a7d5096
adjust dynamic types with PKCS12 parse
2017-01-05 10:21:14 -07:00
Jacob Barthelmeh
1a55309207
fix possible memory leak on error case with ASN1 INTEGER to BN function
2017-01-05 10:00:17 -07:00
JacobBarthelmeh
ea47d76bf7
Merge pull request #695 from dgarske/openssl_compat_enums
...
Additional openssl compatibility enums for X509_V_ERR and SSL_CB
2017-01-04 16:35:09 -07:00
David Garske
cb0cc92ff2
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2017-01-04 15:27:15 -07:00
David Garske
2f3ec778bd
For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent.
2017-01-04 15:27:15 -07:00
David Garske
d3195d0b75
Pulled in patches from Debian package.
2017-01-04 15:27:15 -07:00
David Garske
fc6217e4f6
Added stubs for the set_msg_callback functions. Cleanup of the SSL_ST_* and SSL_CB_* enums.
2017-01-04 12:14:09 -08:00
David Garske
7c7b1233f7
Additional enums needed for compatibility with openssl for paho c mqtt client SSLSocket.c layer.
2017-01-04 11:00:08 -08:00
toddouska
f25416d424
Merge pull request #689 from dgarske/fix_iar_arm
...
Fixes for compiler warnings with IAR EWARM 8
2017-01-03 15:46:12 -08:00
John Safranek
916e58b93c
Merge pull request #694 from moisesguimaraes/fixes-ocsp-nonce-check
...
removes request->nonceSz check to fully validate response->nonce.
2017-01-03 13:04:24 -08:00
John Safranek
dd737ca103
Merge pull request #618 from kojo1/openssl-ex
...
Openssl Extra
2017-01-03 12:40:51 -08:00
dgarske
11775acb86
Merge pull request #691 from JacobBarthelmeh/Windows
...
random port for MinGW with unit tests
2017-01-03 11:46:33 -08:00
Moisés Guimarães
c82372cf78
removes request->nonceSz check to fully validate response->nonce.
2017-01-02 14:59:00 -02:00
David Garske
07ce995b12
Fix issue with imported key not having a reset key->r, key->s and key->state, which was causing wc_ecc_encrypt to fail.
2016-12-30 12:24:03 -08:00
Moisés Guimarães
762064c292
fixes certificate status parsing, adds behavior for unknown status type.
2016-12-29 22:29:46 -02:00
Erik M. Bray
e3ec769107
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT
...
If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-29 21:26:34 +01:00
toddouska
073aa95496
Merge pull request #678 from dgarske/cleanup_macros
...
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32
2016-12-29 11:19:05 -08:00
toddouska
0decefed11
Merge pull request #679 from dgarske/wolfmath
...
Combine generic math functions into new wolfmath.c/.h
2016-12-29 11:17:44 -08:00
toddouska
fab72ed163
Merge pull request #688 from JacobBarthelmeh/master
...
fix C++ compiler warnings for distro build
2016-12-29 11:06:47 -08:00
toddouska
f550172fd4
Merge pull request #687 from JacobBarthelmeh/Testing
...
update Windows FIPS build
2016-12-29 11:06:11 -08:00
Jacob Barthelmeh
5abfe9d1cf
random port for MinGW with unit tests
2016-12-29 11:05:10 -07:00
David Garske
19ee499c96
Fix to improve fp_copy performance without ALT_ECC_SIZE defined. This change is required for async because we can’t memcpy/memset the entire fp_int.
2016-12-28 16:47:14 -08:00
David Garske
e75fddd49e
Moving macType below hash in WOLFSSL_EVP_MD_CTX (instead of ALIGN16) to resolve 16-bit alignment crash I was seeing on CentOS due to size change of “WOLFSSL_Hasher”.
2016-12-28 16:31:41 -08:00
David Garske
a854320a96
Revert changes to aes.c roll_auth.
2016-12-28 16:28:02 -08:00
Jacob Barthelmeh
6c90f097ca
remove extra white space
2016-12-28 15:40:34 -07:00
Takashi Kojo
c77a18f0ec
add EVP_CIPHER_CTX_mode
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
f60cb08c29
macro and tests for get_passwd_cb functions
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
4f317a9a1d
wolfSSL_EVP_CipherInit_ex handle ENGINE argument and add a sanity check
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
1326fe1b0d
return values of DES set key and return block size for EVP block_size getter function
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ccc72d72c2
change argument to pointer. In most cases NULL is used for this argument, as was the case in previous ports
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
95ea74a91e
sanity checks and one function return type for better compatibility
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
724e50c4fd
cast flag to byte type from int
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ed5ff77e4f
account for BIO with no filesystem and rebase commits
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
f7737fdc55
expand BIO compatibility
2016-12-28 14:45:29 -07:00
Takashi Kojo
a2d1db4b73
Merge branch 'openssl-ex' of https://github.com/kojo1/wolfssl into openssl-ex
2016-12-28 14:45:29 -07:00
Takashi Kojo
5a2794fe9c
add EVP_MD_CTX_md, EVP_MD_type
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
2b3438e11b
pem x509 read from bio and bio set fd
2016-12-28 14:45:29 -07:00
Takashi Kojo
80efc366df
add wolfSSL_EVP_MD_CTX_new/free
2016-12-28 14:45:29 -07:00
Takashi Kojo
b377125ad1
add alias to EVP_get_cipher/digestbyname
2016-12-28 14:45:29 -07:00
Takashi Kojo
c57803a4a5
add test EVP_CIPHER_CTX_new/free
2016-12-28 14:45:29 -07:00
Takashi Kojo
a774f26613
add EVP_get_cipherbyname
2016-12-28 14:45:29 -07:00
Takashi Kojo
2ef85e3d4d
EVP_CIPHER_CTX_new/free, EVP_get_digestbyname
2016-12-28 14:45:29 -07:00
Takashi Kojo
0c742654dc
EVP_add_digest
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
64a3333870
adjust wolfSSL_set_options and test case
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
2daeecdb90
BIO s_socket and BN mod exp
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
e741a24089
add get last error and line function, fix ASN1 object redeclaration
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
1d0fc83d40
function to add X509 to cert chain
2016-12-28 14:45:29 -07:00
Takashi Kojo
280f5cb542
fix int long type mismatch
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
1704a8d683
expand compatibility layer with write bio function
2016-12-28 14:45:29 -07:00
Takashi Kojo
778680116e
HMAC_cleanup, MD5xxx for bsd
2016-12-28 14:45:29 -07:00
Takashi Kojo
570486b90c
add SL_CTX_need/set_tmp_RSA
2016-12-28 14:45:29 -07:00
Takashi Kojo
4baf494ddd
add EVP_CipherUpdate/Final
2016-12-28 14:45:29 -07:00
Takashi Kojo
869529642d
Add #define EVP_DigestInit_ex
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
781c7d0055
check for user RSA
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
7e91838d4a
memory management and add to compatibility layer
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
9d1cb18616
add function X509_get_ext_d2i
2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
5f3fa171cd
templates wolfSSL_ctrl and wolfSSL_CTX_ctrl
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
fed4ed40a9
compatibility functions for X509
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
0d7c259282
compatibility functions for ssl cert and private key
2016-12-28 14:44:05 -07:00
Takashi Kojo
d8d3cd5269
staub: SSL_get_server_random
2016-12-28 14:44:05 -07:00
Takashi Kojo
3946931320
stubs: SSL_get_server_random/verify_result/session/set_accept_state
2016-12-28 14:44:05 -07:00
Takashi Kojo
a09a761d07
stubs: PEM_read_bio_DSAparams/X509_AUX/PrivateKey,SSL_CTX_get_default_passwd_cb/userdata
2016-12-28 14:44:05 -07:00
Takashi Kojo
ee86325ae4
template: ERR_peek_last_error_line/print_errors_fp, EVP_add_digest
2016-12-28 14:44:05 -07:00
Takashi Kojo
63dcacb437
templates: ENGINE_cleanup, BN_mod_exp
2016-12-28 14:44:05 -07:00
Takashi Kojo
f3435eefbd
templates: ASN1_INTEGER_to_BN, BN_mod_exp, CONF_modules_free/unload, DSA_dup_DH
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
6520a77fac
DES ECB prototypes
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
526b602ebd
AESNI support with EVP AES
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
8554912d68
COMPAT. LAYER : jenkins warnings and build configurations
2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
464543df26
COMPAT. LAYER : jenkins warnings and spacing around if statements
2016-12-28 14:44:05 -07:00
Takashi Kojo
8844554fca
Templates BIO/SSL/SSL_CTX_ctrl
2016-12-28 14:44:05 -07:00
Takashi Kojo
86014fb0d0
add BIO_ctrl and other BIO templates
2016-12-28 14:44:05 -07:00
Takashi Kojo
8ed0b83c21
Test on EVP_Cipher AES Counter
2016-12-28 14:44:05 -07:00
Takashi Kojo
de91e7df03
add EVP_Cipher with AES Counter
2016-12-28 14:44:05 -07:00
Takashi Kojo
aed9b2d3bb
add EVP_CIPHER_CTX_block_size/mode/set_flags/set_padding
2016-12-28 14:44:05 -07:00
Takashi Kojo
bb400789b8
add EVP_Cipher with EVP_aes_256_ecb()
2016-12-28 14:44:05 -07:00
Takashi Kojo
0fd50cd57a
Added AES_set_encrypt/decrypt_key, AES_ecnrypt/decrypt
2016-12-28 14:44:05 -07:00
David Garske
b57e576abd
Fixes for compiler warnings with IAR EWARM 8.
...
* Fix “wc_PKCS7_DecodeUnprotectedAttributes” return prior to free in GetSet error case.
* Fix “wc_PKCS7_KariGenerateKEK” type mismatch for kdfType.
* Fix aes.c roll_auth use of inSz over 24-bit.
* Fix ecc “build_lut”, “accel_fp_mul” and “accel_fp_mul2add” use of err as unsigned.
* Fix “wc_HKDF” use of un-initialized “myHmac” for heap.
* Fix undefined reference to __REV for IAR due to missing intrinsics.h.
* Fix build error for “wolfSSL_CTX_set_tmp_dh” if OPENSSL_EXTRA not defined and “HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE”.
* Cleanup of “wolfSSL_get_chain_X509” brace..
* Cleanup SSL_CtxResourceFree use of `i` and define comments.
* Added “SIZEOF_LONG_LONG” to IAR-EWARM user_settings.h to support word64 (required for SHA512, etc).
2016-12-28 11:18:41 -08:00
JacobBarthelmeh
a40a3cb142
Merge pull request #686 from jay/fix_poly1305_ADD_macros
...
poly1305: fix ADD macros for multi-line
2016-12-27 17:52:53 -07:00
Jacob Barthelmeh
511f41b0e4
fix C++ compiler warnings for distro build
2016-12-27 14:38:14 -07:00
Jacob Barthelmeh
fb49dbd083
update Windows FIPS build
2016-12-27 10:34:13 -07:00
Jay Satiro
3b6dac9751
poly1305: fix ADD macros for multi-line
2016-12-24 02:46:35 -05:00
JacobBarthelmeh
2cf7785068
Merge pull request #682 from JacobBarthelmeh/Release
...
prepare for release 3.10.0
2016-12-23 09:10:35 -07:00
David Garske
c4af58b973
Refined the FIPS “min” logic.
2016-12-22 18:11:25 -08:00
David Garske
fc16890641
Fix “min” with ctaocrypt FIPS.
2016-12-22 14:01:05 -08:00
Jacob Barthelmeh
7752f9ad05
prepare for release 3.10.0
2016-12-22 14:23:41 -07:00
JacobBarthelmeh
784b24eebc
Merge pull request #680 from ejohnstown/dtls-sctp-fix
...
DTLS-SCTP fix
2016-12-22 13:10:29 -07:00
Moisés Guimarães
53d4c171c8
adds more client tests
2016-12-22 17:58:13 -02:00
Moisés Guimarães
35f03eb00a
fixes docs.
2016-12-22 16:59:50 -02:00
Moisés Guimarães
1c9147a41e
adds supported curves to context; fixes compatibility issues with py27
2016-12-22 15:01:58 -02:00
Moisés Guimarães
9b58ab0211
renames exceptions file
2016-12-22 15:01:58 -02:00
Moisés Guimarães
4b75d11164
fixes socket calls
2016-12-22 15:01:58 -02:00
Moisés Guimarães
f3c1522608
always treat native_object as a pointer
2016-12-22 15:01:58 -02:00
Moisés Guimarães
b9934695fb
pretest version of SSLSocket
2016-12-22 15:01:58 -02:00
Moisés Guimarães
567dfd76b3
adds initial code for SSLSocket
2016-12-22 15:01:58 -02:00
Moisés Guimarães
2cbdd45e8f
adds negotiate() to ssl interface
2016-12-22 15:01:58 -02:00
Moisés Guimarães
07072ef266
moving SSLContext and SSLSocket to __init__ to avoid ciclic includes
2016-12-22 15:01:58 -02:00
Moisés Guimarães
baeba53527
adds wrap_socket to the context
2016-12-22 15:01:58 -02:00
Moisés Guimarães
445e375daa
adds ssl interface to ffi
2016-12-22 15:01:58 -02:00
Moisés Guimarães
52eb0becf0
adds set_ciphers to context
2016-12-22 15:01:58 -02:00
Moisés Guimarães
368f2baf88
adds verify_mode to context
2016-12-22 15:01:58 -02:00
Moisés Guimarães
8eec3cb874
adds initial code for SSLSocket
2016-12-22 15:01:58 -02:00
Moisés Guimarães
0ed0672b16
fixes pylint warnings
2016-12-22 15:01:58 -02:00
Moisés Guimarães
c0b59a585b
adds support for buffered ca certificates
2016-12-22 15:01:58 -02:00
Moisés Guimarães
015ffecbab
fixes unicode quotes and adds load_cert_chain test.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
760ddd14f5
fixes pylint warnings;
...
adds more tests to load_verify_locations;
fixes data type when calling C functions;
fixes result verification when calling C functions.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
7201435f2d
adds initial context tests.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
bd14611879
adds load_verify_locations and load_cert_chain implementations.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
c8ae6abb43
adds context functions.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
e1c01378c7
fixes ssl version in test to maintain backward compatibility.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
20cfbe399c
fixes integer comparison and adds virtual env to ignored files.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
e06b17e170
adds methods and client tests;
...
adds context creation;
adds memory module;
removes init and cleanup functions.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
0df897d4b9
adds methods
2016-12-22 15:01:58 -02:00
Moisés Guimarães
7b884ad72a
removes non-ASCII chars from docs.
2016-12-22 15:01:58 -02:00
Moisés Guimarães
8b0edafef3
adds build_ffI.py
2016-12-22 15:01:58 -02:00
Moisés Guimarães
f4d6890b51
adds basic files and exception classes.
2016-12-22 15:01:58 -02:00
toddouska
d6a6226c8e
Merge pull request #681 from JacobBarthelmeh/Testing
...
static analysis check of null dereference and memory management
2016-12-22 08:43:55 -08:00
toddouska
93c87eb777
Merge pull request #677 from ejohnstown/dtls-prevseq
...
DTLS Previous Epoch Sequence Number Update
2016-12-22 08:42:56 -08:00
Jacob Barthelmeh
1c17b8eed6
static analysis check of null dereference and memory management
2016-12-21 16:20:18 -07:00
John Safranek
40800d8065
DTLS-SCTP fix
...
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
David Garske
338cc9e873
Added wolfevent.c and wolfmath.c to ltc project.
2016-12-21 14:09:19 -08:00
David Garske
3bec816f97
Cleanup min(), TRUE, FALSE, ALIGN16 and ALIGN32. Replace only use of BYTE3_LEN with OPAQUE24_LEN. Replace “ “ with “\t” (saves bytes and is consistent). Fix align issue with “WOLFSSL_EVP_MD_CTX” hash.
2016-12-21 14:05:00 -08:00
David Garske
d73338851d
Combine generic math functions into new wolfmath.c/.h. Cleanup of the !ALT_ECC_SIZE code so fp_int always has size. This is in prep for async changes for new WC_BIGINT type for hardware crypto.
2016-12-21 13:39:33 -08:00
David Garske
6cc1fd293e
Fixed issue with stack increase with curve cache disabled. Fixed issue with missing wc_ecc_curve_free() in wc_ecc_verify_hash_ex() causing mem leak. Changed ecc_curve_spec_cache to be allocated per curve. Added new wc_ecc_curve_cache_free() API to release all curve cache memory. Moved ecc_curve_spec struct and ecc_curve_load_mask enum to ecc.c. Add missing wc_ecc_fp_free() to wolfCrypt test. Added ecc.c comment for FP_ECC.
2016-12-21 12:31:02 -08:00
John Safranek
ac27d6d7ca
DTLS Sequence Number update
...
1. Set the prevSeq to nextSeq on CCS.
2. Fully clear nextSeq on CCS.
2016-12-20 09:30:46 -08:00
toddouska
1a5c5d0011
Merge pull request #676 from cconlon/fortify
...
address fortify high issues
2016-12-19 20:03:24 -08:00
toddouska
07e7521f34
Merge pull request #674 from JacobBarthelmeh/Testing
...
Bug fix for cache attack
2016-12-19 18:31:04 -08:00
Kaleb Himes
125cfcacc3
Merge pull request #675 from JacobBarthelmeh/SGX
...
fix make dist with SGX project
2016-12-19 17:06:14 -07:00
Chris Conlon
46f3b2a367
address fortify high issues
2016-12-19 15:50:11 -07:00
Jacob Barthelmeh
345df93978
Bug fix for cache attack
2016-12-19 14:51:42 -07:00
toddouska
6cefca6a49
Merge pull request #672 from cconlon/pkcs7fix
...
PKCS#7: fixes for building with AES disabled, smallstack
2016-12-19 13:46:35 -08:00
toddouska
dca57bf2f0
Merge pull request #673 from cconlon/fortify
...
address fortify critical issues
2016-12-19 13:42:11 -08:00
Jacob Barthelmeh
4d637146d7
fix make dist with SGX project
2016-12-19 14:03:07 -07:00
Chris Conlon
060ff5e5ef
address fortify critical issues
2016-12-19 11:53:14 -07:00
toddouska
168203ff9d
Merge pull request #649 from dgarske/distro
...
Linux Distro Patches
2016-12-16 16:03:16 -08:00
toddouska
c313d97579
Merge pull request #622 from SparkiDev/sha384
...
SHA384
2016-12-16 15:57:40 -08:00
toddouska
50cf1df8da
Merge pull request #669 from SparkiDev/scrypt
...
Implementation of scrypt
2016-12-16 15:53:48 -08:00
toddouska
c73ddf3f8a
Merge pull request #670 from dgarske/executebit
...
Removed the execute bit on the new port files.
2016-12-16 15:52:26 -08:00
Chris Conlon
c5fbf96557
PKCS#7: fixes for building with AES disabled, smallstack
2016-12-16 15:58:18 -07:00
David Garske
57571cb45e
Fix merge issues with ECC HAVE_COMP_KEY after rebase.
2016-12-16 14:20:00 -08:00
David Garske
f990775451
Fix issue with ECC_SHAMIR disabled due to curve->b remnant from async branch.
2016-12-16 11:53:33 -08:00
David Garske
cbc3cc6e91
Removed the execute bit on the new port files.
2016-12-16 11:35:40 -08:00
David Garske
f1ead30987
New ECC curve cache feature to improve performance. Disabled by default and enabled using ./configure CFALGS="-DECC_CACHE_CURVE" or #define ECC_CACHE_CURVE. Added internal ECC states. Combined wc_ecc_mulmod_ex versions for timing rest / not. Tested with all math, timing, FP variants and NXP LTC and ECC508A hardware. Pulled in from latest async branch. Added new ECC_MAX_SIG_SIZE enum to help with sizing the sign buffer.
...
Performance Increases with ECC_CACHE_CURVE enabled:
* Key Gen 4.2%
* Key Agree, 4.0%
* Sign 6.8%
* Verify 5.8%
2016-12-16 11:32:59 -08:00
toddouska
a9e7c4081f
Merge pull request #660 from ejohnstown/win-renegotiation
...
Enable secure renegotiation by default for Windows library build.
2016-12-15 16:17:15 -08:00
Kaleb Himes
7b948fe04d
Merge pull request #667 from JacobBarthelmeh/SGX
...
add Windows build for SGX
2016-12-15 16:23:29 -07:00
toddouska
ec90d72412
Merge pull request #666 from cconlon/chachafix
...
fix CertificateRequest cert type for ECDSA ChaCha suites
2016-12-15 12:08:08 -08:00
toddouska
01d8201284
Merge pull request #665 from cconlon/certs
...
add missing certs and keys to certs/include.am
2016-12-15 12:03:12 -08:00
toddouska
d0533c6dad
Merge pull request #664 from cconlon/pkcs7
...
PKCS#7/CMS expansion
2016-12-15 12:01:00 -08:00
dgarske
9d94474133
Merge pull request #668 from ejohnstown/handshake-size
...
Fail on redundant handshake message data
2016-12-15 11:41:53 -08:00
toddouska
6959c21fdd
Merge pull request #663 from dgarske/stm32_iar
...
Fixes to build STM32 with IAR
2016-12-15 11:26:43 -08:00
John Safranek
be65f26dd2
If there is a badly formed handshake message with extra data at the
...
end, but the correct size with the extra data, send a decode_error
alert and fail the handshake.
2016-12-14 16:02:29 -08:00
Chris Conlon
33f21e8b8d
set correct cert type in CertificateRequest when using ChaCha suite with ECDSA
2016-12-14 11:34:10 -07:00
Jacob Barthelmeh
e16f2c0722
add Windows build for SGX
2016-12-14 10:41:52 -07:00
Chris Conlon
41f6863970
add missing certs and keys to certs/include.am
2016-12-14 09:46:41 -07:00
Chris Conlon
55554b79a9
PKCS#7: fix use after free in wc_DecodeKtri
2016-12-14 09:15:45 -07:00
Sean Parkinson
20887a8c35
Implementation of scrypt
...
Tests and benchmarking added.
Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 16:57:41 +10:00
Chris Conlon
e5d1e3ae10
PKCS#7: only output test bundles when PKCS7_OUTPUT_TEST_BUNDLES is defined
2016-12-13 15:27:46 -07:00
Sean Parkinson
22ecd55964
Don't ForceZero in assembly optimized versions.
2016-12-14 08:22:05 +10:00
Sean Parkinson
a1b92dc809
Tidy up CPU Id check not not reference SHA384
2016-12-14 08:22:05 +10:00
Sean Parkinson
24cfba4276
Fix ForceZero calls
2016-12-14 08:22:05 +10:00
Sean Parkinson
0e4aa233ba
Use ForceZero in all implementations of Transform
2016-12-14 08:22:05 +10:00
Sean Parkinson
fd21023823
Share code between SHA512 and SHA384
2016-12-14 08:22:05 +10:00
Sean Parkinson
811be0eb9e
Faster zeroize on x86_64
2016-12-14 08:22:05 +10:00
David Garske
f70860a9af
Make sure NO_64BIT is defined.
2016-12-13 12:18:21 -08:00
David Garske
fd9a94b2bd
Fixes to build STM32 with IAR.
2016-12-13 10:24:55 -08:00
Chris Conlon
dad0cfda92
add EnvelopedData ECC support, refactor pkcs7
2016-12-13 09:40:54 -07:00
dgarske
483e461c49
Merge pull request #647 from kaleb-himes/RIOT_OS
...
RIOT OS support, test scripts will be submitted to RIOT-OS repository
2016-12-10 19:13:19 -08:00
kaleb-himes
6c7e1785aa
EXIT_TEST macro added for cleaner implementation and maintenance
2016-12-09 19:39:36 -07:00
kaleb-himes
1748045d52
use NO_WRITEV for portability
2016-12-09 19:12:25 -07:00
Chris Conlon
5006306bb8
PKCS#7: add support for optional unprotectedAttributes with EncryptedData
2016-12-09 17:02:57 -07:00
Chris Conlon
abf18858a8
refactor PKCS#7 functionality into separate functions for Enveloped and EncryptedData
2016-12-09 17:02:57 -07:00
Chris Conlon
b5eb8dce2f
add PKCS#7/CMS EncryptedContent support
2016-12-09 16:57:31 -07:00
John Safranek
e80331e03a
fix Windows debug build warning with secure renegotiation
2016-12-09 14:31:21 -08:00
John Safranek
7fa825fde0
Enable secure renegotiation by default for Windows library build.
2016-12-09 13:39:00 -08:00
kaleb-himes
e3b57211d5
undo whitespace modification
2016-12-09 14:36:06 -07:00
kaleb-himes
fc9d689bc6
fastmath works with RIOT_OS if defined TFM_NO_ASM
2016-12-09 14:34:14 -07:00
toddouska
b0b80bed78
Merge pull request #657 from cconlon/x963kdf
...
add ANSI-X9.63-KDF support [SEC1]
2016-12-09 13:29:41 -08:00
toddouska
ad2b0810c6
Merge pull request #648 from cconlon/keywrap
...
add AES key wrap support, RFC 3394
2016-12-09 13:23:39 -08:00
kaleb-himes
7a76baa83e
restore .am and gitignore
2016-12-09 13:13:43 -07:00
kaleb-himes
c957107d76
merge with master and remove RIOT_Make directory, keep changes for working on Mac OS X
2016-12-09 13:11:45 -07:00
kaleb-himes
9e17b2b0aa
Merge branch 'master' of https://github.com/wolfssl/wolfssl into RIOT_OS
2016-12-09 13:09:25 -07:00
John Safranek
8b1a6d4c70
Merge pull request #658 from kaleb-himes/sniffer
...
Prevent forcezero from running on freed memory
2016-12-09 09:04:01 -08:00
Chris Conlon
33e840b01b
add AES key wrap support, RFC 3394
2016-12-09 09:30:56 -07:00
dgarske
fdbb142699
Merge pull request #659 from toddouska/distcheck
...
fix nxp distcheck filename typo
2016-12-09 08:04:02 -08:00
toddouska
d2ed611757
fix nxp distcheck filename typo
2016-12-08 16:52:12 -08:00
toddouska
6cfb8e30b2
Merge pull request #591 from dgarske/STM32_CUBEMX
...
STM32 F2/F4 CubeMX and Std Peripheral Library hardware crypto support
2016-12-08 16:36:43 -08:00
toddouska
ab7849be0d
Merge pull request #655 from JacobBarthelmeh/ARMv8
...
ARMv8
2016-12-08 16:34:19 -08:00
Chris Conlon
2db7bf0dc0
use static digest for X9.63 KDF, add smallstack support
2016-12-08 17:28:53 -07:00
toddouska
5da564d03c
Merge pull request #656 from SparkiDev/hashes
...
Get the hash of the handshake messages rather than finalize.
2016-12-08 16:23:28 -08:00
kaleb-himes
d2b5a9538d
Prevent forcezero from running on freed memory
2016-12-08 15:11:41 -07:00
Sean Parkinson
289acd088a
Remove state save and restore
2016-12-08 15:21:04 +10:00
Sean Parkinson
ea1a03d538
Get the hash of the handshake messages rather than finalize.
...
Inconsistency between SHA256 and SHA384/SHA512 when getting hash.
More handshake messages can be added after this operation.
2016-12-08 15:21:04 +10:00
Chris Conlon
a5b267087f
add ANSI-X9.63-KDF support [SEC1]
2016-12-07 20:26:09 -07:00
toddouska
2a3f3433e7
Merge pull request #652 from ejohnstown/autoconf-size-check
...
Move autoconf size checks
2016-12-07 15:23:25 -08:00
toddouska
3dec222969
Merge pull request #523 from dgarske/atmel_pr
...
Support for Atmel ATECC508A
2016-12-07 15:01:08 -08:00
toddouska
074741aabf
Merge pull request #651 from dgarske/ksdk_dup_dec
...
Remove obsolete duplicate declaration for wc_RsaFunction in the KSDK header
2016-12-07 13:48:53 -08:00
toddouska
a1bd2c8b35
Merge pull request #654 from dgarske/smallstackfixes
...
Fixes for build with WOLFSSL_SMALL_STACK defined
2016-12-07 13:41:45 -08:00
kaleb-himes
da4a46ddf6
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into RIOT_OS
2016-12-07 14:16:34 -07:00
dgarske
477ec3c3d1
Merge pull request #2 from NickolasLapp/STM32_CUBEmX
...
Fix DES3 on STM32 CUBEMX
2016-12-07 11:27:24 -08:00
Nickolas Lapp
82c12fb7be
Fix DES3 on STM32 CUBEMX
2016-12-07 10:20:46 -07:00
David Garske
5c59ccdeb9
Fix scan-build warning. Updated "side" variable failure case to return proper error code.
2016-12-07 07:57:55 -08:00
David Garske
4dd393077f
Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.
2016-12-07 07:57:55 -08:00
David Garske
45d26876c8
Moved wolfSSL_GetEccKey logic to internal.c and use only for PK_CALLBACK. Added other ECC key info to the EccSharedSecretCb. Cleanup of the "if (ssl->ctx->EccSharedSecretCb == NULL)" logic to revert indent so changes are minimized. Removed new wolfSSL_GetEccKey API.
2016-12-07 07:57:55 -08:00
David Garske
eaca90db28
New Atmel support (WOLFSSL_ATMEL) and port for ATECC508A (WOLFSSL_ATECC508A). Adds wolfCrypt support for ECC Hardware acceleration using the ATECC508A. Adds new PK callback for ECC shared secret. Fixed missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Added ATECC508A RNG block function for P-RNG bypass ability. Added internal "wolfSSL_GetEccPrivateKey" function for getting reference to private key for ECC shared secret (used in test.h for testing PK_CALLBACK mode). Added README.md for using the Atmel ATECC508A port.
2016-12-07 07:57:55 -08:00
David Garske
9399cc05cb
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 07:07:27 -08:00
John Safranek
fdc297f6bd
Moved the check for the size of long, long long, and __m128 to before
...
the checks for libraries. In some combination of autotools, making a
32-bit build, the autoconf test code can't link libnetwork and crashes,
leaving those sizes all set to 0.
2016-12-06 16:15:45 -08:00
dgarske
55b1ced783
Merge pull request #653 from toddouska/pkcallbacks
...
add pkcallbacks script test
2016-12-06 15:15:50 -08:00
Jacob Barthelmeh
944e5fba03
ARMv8 : load pointer to AES key and counter into a register along with pointer to SHA256 K table to handle tight optimized loops on function call with -flto
2016-12-06 21:42:15 +00:00
toddouska
ed8e0132a7
do_cleanup on pkcallbacks.test
2016-12-06 13:04:12 -08:00
David Garske
c0e006d42c
Fixes for build with small stack enabled.
2016-12-06 12:38:05 -08:00
toddouska
80cc737ffa
add pkcallbacks script test
2016-12-06 11:27:05 -08:00
David Garske
9fcb6e4e3c
Remove obsolete duplicate declaration for wc_RsaFunction in the KSDK port header.
2016-12-06 10:25:56 -08:00
David Garske
932199c5e9
Fix build warning about unused static functions wc_AesEncrypt and wc_AesDecrypt with STM32.
2016-12-05 14:22:59 -08:00
David Garske
4a7651a09a
STM32 F2/F4 CubeMX and Std Peripheral Library hardware crypto support for RNG, AES, SHA1, DES3 and MD5. Adds new WOLFSSL_STM32_CUBEMX and WOLFSSL_STM32F4 defines. Tested on STM32F437II.
2016-12-05 14:22:59 -08:00
toddouska
f3816a4dc5
Merge pull request #597 from dgarske/NXPLTC
...
NXP (K82) LTC math hardware acceleration support
2016-12-05 13:50:31 -08:00
David Garske
1d14ac5ff3
Fixes to include.am and sha256.c after master rebase. Retested on NXP K82 with and without HW accel (all tests/benchmarks pass).
2016-12-05 09:15:58 -08:00
Martin Latal
877ea7011c
Fix for LTC RSA-4096. Use original wolfSSL code for RSA operation, reduce in LTC port layer.
2016-12-05 09:01:59 -08:00
David Garske
0611c45869
Attempt to fix sha.c error with older visual studio compiler.
2016-12-05 09:01:59 -08:00
David Garske
08b8af5f83
Fix for forced software crypto build.
2016-12-05 09:01:59 -08:00
David Garske
c35daa877e
Fix to allow disabling MMCAU/LTC for software only test (moved preprocessor defines to Kinetis). Updated K82 software benchmark with actual values.
2016-12-05 09:01:59 -08:00
David Garske
ae75842021
Fix build issues with rebase for ECC and RSA. Changed user_settings.h example when LTC is enabled to disable Shamir and ECC-521. Cleanup to add USE_NXP_MMCAU and USE_NXP_LTC for the example user_settings.h, so the project file can automatically configure.
2016-12-05 09:01:59 -08:00
David Garske
a6b96b17ff
Fixes to include path for NXP ksdk_port. Fixes for time USER/OVERRIDES so their #ifdef's are checked first. Fix to initialize LTC via new "ksdk_port_init" function. Cleanup of the ksdk_port.c for formatting, macros, statics and line length. Cleanup of the AES code for key size. Cleanup of the wolfCrypt sha.c for readability. Added support for the KSDK bare metal drivers to the IDE Rowley CrossWorks example. Updated the settings.h to allow for overrides in Freescale section. Updated README with info for using LTC.
2016-12-05 09:01:59 -08:00
David Garske
8e64d564dc
NXP/Freescale K8X MMCAU / LTC core support for RSA, ECC, Ed/Curve25519, AES, DSA, DES3, MD5, RNG, SHA and SHA2.
2016-12-05 09:01:59 -08:00
kaleb-himes
ddeb9da502
warning on empty translation units ignored, move cflags to Makefile
2016-12-03 11:55:24 -07:00
kaleb-himes
d2aef9a82a
README update
2016-12-03 11:03:17 -07:00
kaleb-himes
43525343fc
add RIOT tests to dist and make sure Makefiles are not excluded by .gitignore
2016-12-02 17:30:57 -07:00
kaleb-himes
162294e3e5
added benchmark app for RIOT and updated test error handling
2016-12-02 14:39:37 -07:00
kaleb-himes
684f9bad22
RIOT OS build and test scripts, build instructions
2016-12-02 13:53:05 -07:00
toddouska
4317141260
Merge pull request #646 from JacobBarthelmeh/master
...
remove fPIE flag
2016-12-01 12:56:56 -08:00
Jacob Barthelmeh
d32af7e44b
remove fPIE flag : fPIE is suitable for use with executables and not when creating libraries
2016-12-01 12:01:38 -07:00
toddouska
92377140b7
Merge pull request #520 from dgarske/compat_fixes
...
Add user cert chain DER support and OpenSSL compatibility fixes/improvements
2016-12-01 09:23:49 -08:00
David Garske
650ddb8d23
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-30 16:27:24 -08:00
David Garske
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
David Garske
3d920b23a0
Fix for building with NO_ERROR_STRINGS.
2016-11-30 16:26:02 -08:00
David Garske
7a35d904c2
Added new API "wolfSSL_CIPHER_get_name_from_suite" to allow use of the cipherSuite and cipherSuite0 args directly to get cipher suite name. Changed "wolfSSL_CIPHER_get_name" to call new API (based on original). ASN change to allow ToTraditional and SetName for OPENSSL_EXTRA.
2016-11-30 16:26:02 -08:00
David Garske
c3c3419138
Added processing of user cert chain in DER format. Added arg check on "wolfSSL_get_certificate" to fix NULL dereference if certificate not yet set via "wolfSSL_use_certificate_buffer" or "wolfSSL_use_certificate_file". Added "wolfSSL_CTX_use_certificate_chain_buffer_format" to expose way to import certificate chain buffer as ASN1 (since "wolfSSL_CTX_use_certificate_chain_buffer" assumes PEM) . Changed ProcessFile from static and added as local in internal.h.
2016-11-30 16:26:01 -08:00
John Safranek
cfc5de8c5a
Merge pull request #645 from toddouska/fds
...
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 13:17:58 -08:00
toddouska
8f89d4922f
allow separate set fds for read/write, helpful for DTLS multicast
2016-11-30 11:15:57 -08:00
David Garske
a2dc01413c
For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent.
2016-11-29 13:29:19 -08:00
toddouska
235060eff2
Merge pull request #644 from cconlon/return_fix
...
correct MEMORY_E returns in asn.c
2016-11-28 10:58:06 -08:00
Chris Conlon
a9936cf3ee
correct MEMORY_E returns in asn.c
2016-11-28 10:39:07 -07:00
Jacob Barthelmeh
2cbc6ed673
ARMv8 : handle aggressive optimizers
2016-11-23 15:44:53 -07:00
toddouska
7dab97fb01
Merge pull request #641 from dgarske/verifycb_peer_cert_chain
...
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
2016-11-23 12:59:00 -08:00
David Garske
1240014fab
Fix OCSP to use public buffer type (now WOLFSSL_BUFFER_INFO).
2016-11-22 19:33:40 -08:00
Sean Parkinson
8a8274d403
Merge pull request #643 from dgarske/fix_hmac_224
...
Fix wc_HmacSizeByType for SHA224.
2016-11-23 13:28:37 +10:00
David Garske
50131b410d
Added new "WOLFSSL_BUFFER_INFO" type to represent internal "buffer" type and the "WOLFSSL_X509_STORE_CTX" certs. Added "VERIFY_CALLBACK_SHOW_PEER_CERTS" to print peer certs pointer and length.
2016-11-22 19:24:54 -08:00
toddouska
ff16ecda5e
Merge pull request #642 from dgarske/ecc_custcurve_speedup
...
ECC performance increase with custom curves enabled
2016-11-22 16:05:57 -08:00
JacobBarthelmeh
a540169b72
Merge pull request #638 from ejohnstown/dtls-window-update
...
DTLS Sequence Window Tracking Update
2016-11-22 16:53:04 -07:00
David Garske
16907de633
Fix wc_HmacSizeByType for SHA224.
2016-11-22 14:45:10 -08:00
David Garske
13cf313001
ECC performance increase with custom curves enabled (WOLFSSL_CUSTOM_CURVES) when A param is 3.
2016-11-22 13:43:18 -08:00
David Garske
5b76a37234
Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627 .
2016-11-22 11:45:00 -08:00
David Garske
13bdcc518d
Pulled in patches from Debian package.
2016-11-22 11:25:40 -08:00
John Safranek
2d9d3aeb91
DTLS Window Update: fixes and changes
2016-11-22 10:12:18 -08:00
Kaleb Himes
b61e6e1219
Merge pull request #639 from moisesguimaraes/fixes-srp-priv-key-size
...
fixes random keys size ('a' and 'b')
2016-11-21 15:59:32 -07:00
Moisés Guimarães
64fc68920d
fixes random keys size ('a' and 'b')
2016-11-21 18:08:19 -03:00
John Safranek
ec6fec452d
Update session export with the new sequence number windows.
2016-11-21 09:16:53 -08:00
John Safranek
2507c4da8a
DTLS Sequence Window Tracking Update
...
1. Modify the DTLS sequence window to use an array of word32 instead
of a word32 or word64 depending on the availability of word64.
2. One can change the array size to have a bigger window.
2016-11-18 11:52:43 -08:00
toddouska
b380eef3e2
Merge pull request #637 from JacobBarthelmeh/master
...
PKCS12 : return on memory error
2016-11-18 11:03:57 -08:00
Jacob Barthelmeh
ac5436b462
PKCS12 : return on memory error
2016-11-18 09:40:26 -07:00
toddouska
1289e66641
Merge pull request #636 from dgarske/fix-ti-hash-mem-leak
...
Fix memory leak issue in ti-hash.c with small stack
2016-11-17 16:19:37 -08:00
toddouska
f167fe3d4a
Merge pull request #625 from dgarske/tls_nosha256
...
Fix to allow TLS with NO_SHA256
2016-11-17 16:14:28 -08:00
David Garske
bfd0a1b405
Fix to allow SHA384 cipher suite with NO_SHA256 defined. Without this fix the BUILD_AESGCM wasn't getting defined.
2016-11-17 10:29:48 -08:00
David Garske
b01952ea40
Cleanup the hash free in FreeHandshakeResources.
2016-11-17 09:34:31 -08:00
David Garske
de1ee91863
Fix memory leak issue with WOLFSSL_SMALL_STACK defined and using TI hardware accelerated hashing.
2016-11-17 09:24:56 -08:00
dgarske
f275331e44
Merge pull request #634 from toddouska/sha512-length
...
Sha512 length
2016-11-16 15:06:20 -08:00
toddouska
5c3bd7e1a0
Merge pull request #635 from cconlon/pkcs7signed
...
fix wc_PKCS7_EncodeSignedData with no signed attributes
2016-11-16 14:07:58 -08:00
Chris Conlon
8cea6ad148
fix wc_PKCS7_EncodeSignedData when used with empty or no signed attributes
2016-11-16 13:35:57 -07:00
toddouska
44a23b072f
fix mcapi with size change
2016-11-16 09:39:21 -08:00
toddouska
afc54c3dff
change sha512 hi/loLen to 64bits
2016-11-16 09:30:35 -08:00
toddouska
f922d3f2d6
Merge pull request #624 from SparkiDev/sha224
...
SHA224 implementation added
2016-11-15 13:53:34 -08:00
toddouska
98b57e045a
Merge pull request #629 from SparkiDev/rsa-crt
...
Make RSA CRT constant time
2016-11-15 13:36:32 -08:00
toddouska
f27159f2db
Merge pull request #633 from cconlon/renegotiation_info
...
add server side empty renegotiation_info support
2016-11-15 11:11:17 -08:00
Chris Conlon
a10ec0ff91
adjust suiteSz and use SUITE_LEN in FindSuite()
2016-11-15 10:49:37 -07:00
dgarske
ee53853d2f
Merge pull request #632 from toddouska/init_multi
...
fix non ecc_make_key init_mulit potential problems
2016-11-14 19:34:14 -08:00
toddouska
cbb2ce6baf
Merge pull request #626 from dgarske/fix_ecc_make_rngfail
...
Fix for "wc_ecc_make_key_ex" if call to rng fails
2016-11-14 17:35:15 -08:00
Chris Conlon
49978d1417
server side empty renegotiation_info support
2016-11-14 15:33:36 -07:00
toddouska
1a7fe0d4c5
fix non ecc_make_key init_mulit potential problems
2016-11-14 12:49:42 -08:00
David Garske
82e8210208
Support for building without SHA256 with NO_OLD_TLS and SHA384/512. Although TLS 1.2 default digest for certs is SHA256 and our test cert signatures use SHA256, so make check will fail. Also requires disabling the P-RNG which uses SHA256. Added missing "wc_InitRng_ex" when using "CUSTOM_RAND_GENERATE_BLOCK". Cleanup of the BuildCertHashes, DoRounds, HashInput, HashOutput and HashOutputRaw return codes.
2016-11-14 12:47:24 -08:00
David Garske
cee321323a
Better handle "mp_init_multi" failure in "wc_ecc_make_key_ex".
2016-11-14 12:38:01 -08:00
toddouska
fa816f0460
Merge pull request #631 from dgarske/ecc_privkey_import_oid
...
Fix for "wc_EccPrivateKeyDecode" to handle custom curve OID.
2016-11-14 11:52:48 -08:00
toddouska
047b6df1a2
Merge pull request #630 from JacobBarthelmeh/master
...
remove include of ec.h in ecc.c
2016-11-14 11:51:15 -08:00
toddouska
ecc5fccf07
Merge pull request #628 from JacobBarthelmeh/Testing
...
revert AESNI padding and handle the case in aes.c
2016-11-14 11:50:35 -08:00
David Garske
a2d29e4c71
Further improve the "wc_EccPrivateKeyDecode" to use the CheckCurve return code, which is the curve_id in the success case. Fixes scan-build warning.
2016-11-14 10:06:20 -08:00
David Garske
07efd88e4d
Fix for "wc_EccPrivateKeyDecode" to handle custom curve OID.
2016-11-14 09:53:31 -08:00
Jacob Barthelmeh
dad628cb0d
remove include of ec.h in ecc.c
2016-11-14 10:03:19 -07:00
Sean Parkinson
2023b65f4c
Make RSA CRT constant time
...
Identifying which part of the CRT failed, through timing, reveals
information useful to an attacker.
2016-11-14 08:57:28 +10:00
David Garske
6d5485b88f
Fix to "mp_init_multi" so failure ensures a later "mp_clear" won't free on un-initialized pointer. Applies to !USE_FAST_MATH only. No measurable benchmark difference.
2016-11-11 20:03:58 -08:00
Sean Parkinson
9b0d53ba50
Fixes from review
...
Remove ForceZero changes (better version in another pull request)
Remove SHA-224 APIs for FIPS (algorithm not avaialable in FIPS.
2016-11-12 09:52:07 +10:00
Jacob Barthelmeh
0b3d9cbccd
revert AESNI padding and handle the case in aes.c
2016-11-11 16:26:29 -07:00
toddouska
cc303a3035
Merge pull request #623 from SparkiDev/ecc
...
ECC improvements/fixes
2016-11-11 12:53:12 -08:00
Sean Parkinson
478f279b3c
Fix logic
2016-11-11 16:38:28 +10:00
Sean Parkinson
abcd6af512
Disable SHA-224 in FIPS
2016-11-11 16:29:34 +10:00
Sean Parkinson
9e81261f1e
Fixes
2016-11-11 16:11:16 +10:00
Sean Parkinson
8a7bb3fad4
Z will be 0 not 1
2016-11-11 12:53:48 +10:00
Sean Parkinson
71259113b2
ECC improvements/fixes
...
When checking for 1 actually check for 1 and not the digit count.
When checking for negative use a macro - for speed.
2016-11-11 12:41:25 +10:00
Sean Parkinson
45983c3b32
Fix SHA224 enum in HMAC code
2016-11-11 12:17:32 +10:00
toddouska
a0ee159fa5
Merge pull request #617 from JacobBarthelmeh/Compatibility-Layer
...
Compatibility layer
2016-11-10 11:47:42 -08:00
David Garske
1aca9a6079
Fix for "wc_ecc_make_key_ex" if call to rng fails. Issue only applies to !USE_FAST_MATH case on failure response from call to "wc_RNG_GenerateBlock".
2016-11-10 11:39:29 -08:00
John Safranek
eb0de32aa2
Merge pull request #621 from JacobBarthelmeh/Testing
...
adjust alignment of arrays used for case with AESNI
2016-11-10 10:00:54 -08:00
Sean Parkinson
fdfc177254
SHA224 implementation added
...
Added SHA24 implementation and tetss.
Added HMAC-SHA224 implementation and tests.
Added RSA-SHA224 and ECDSA-SHA224.
Added MGF1-SHA224
Added OpenSSL APIs for SHA224
Configuration option to enable SHA224 and it is on by default for x86_64
2016-11-10 15:52:26 +10:00
Jacob Barthelmeh
55401fceb8
adjust alignment of arrays used for case with AESNI
2016-11-09 15:03:26 -07:00
Chris Conlon
af44b2527a
Merge pull request #620 from JacobBarthelmeh/PKCS12
...
PKCS12 : visibility of structs and guards
2016-11-09 08:59:31 -07:00
toddouska
e9cda7b93f
Merge pull request #619 from JacobBarthelmeh/ARMv8
...
ARMv8
2016-11-08 16:21:01 -08:00
Jacob Barthelmeh
fa48bca262
PKCS12 : visibility of structs and guards
2016-11-08 16:49:09 -07:00
Jacob Barthelmeh
c122558810
COMPAT. LAYER : fix missing return value and alignment
2016-11-08 14:16:02 -07:00
Jacob Barthelmeh
208f747a47
ARMv8 : add armv8-aes.c to EXTRA_DIST
2016-11-08 10:28:01 -07:00
John Safranek
d4b45c4299
Merge pull request #616 from moisesguimaraes/fixes-wolfcrypt-py
...
Fixes wolfcrypt py
2016-11-08 09:07:21 -08:00
Moisés Guimarães
5f6cf282b1
fixes include.am comments
2016-11-07 21:15:23 -03:00
Moisés Guimarães
88df983251
moves include.am into wolfcrypt-py folder
2016-11-07 21:09:08 -03:00
JacobBarthelmeh
46dee9e792
ARMv8 : clang 32 bit build
2016-11-07 15:48:06 -08:00
JacobBarthelmeh
668af9b32f
POLY1305 : clang 32 bit warning about macros
2016-11-07 15:28:30 -08:00
Jacob Barthelmeh
f7a951709f
COMPAT. LAYER : get SSL client random bytes
2016-11-07 13:21:35 -07:00
Jacob Barthelmeh
f06a392764
COMPAT. LAYER : DES set key and malloc/free
2016-11-07 13:21:05 -07:00
Moisés Guimarães
b50914f2c7
Drops 3DES and adds int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); for RSA blinding
2016-11-07 16:06:35 -03:00
Moisés Guimarães
08f6d23e84
moves wolfcrypt-py implementation to wrapper/python/wolfcrypt
2016-11-07 16:02:41 -03:00
toddouska
68c43e4344
Merge pull request #615 from ejohnstown/dtls-verify-retry-fix
...
Fix dropped DTLS Hello Verify retransmit
2016-11-04 15:52:13 -07:00
toddouska
70b227011d
Merge pull request #604 from JacobBarthelmeh/PKCS12
...
Pkcs12
2016-11-04 15:50:50 -07:00
John Safranek
c271806936
Merge pull request #614 from toddouska/scr-verify
...
add SCR client and server verify data check
2016-11-04 10:11:05 -07:00
John Safranek
ada2573009
Increment the expected handshake number if the call to the handhsake
...
message processing function is successful, but not if the handshake
message is the client_hello. Process client hello clears that counter
and incrementing it breaks the handshake. Fixes issue #612 .
2016-11-03 14:49:21 -07:00
toddouska
87e3f45f52
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
toddouska
356c3a37aa
Merge pull request #613 from JacobBarthelmeh/Testing
...
MODE : change source file mode back to 644
2016-11-03 13:16:59 -07:00
Jacob Barthelmeh
0839925797
PKCS12 : visibility, check on key match, sanity check on malloc
2016-11-03 11:14:29 -06:00
Jacob Barthelmeh
668e9a8e08
MODE : change source file mode back to 644
2016-11-03 10:08:13 -06:00
toddouska
3780f452e8
Merge pull request #609 from JacobBarthelmeh/ARMv8
...
ARMv8 : clang build with ARMv8
2016-11-03 09:02:20 -07:00
toddouska
8e0ab18924
Merge pull request #611 from cconlon/pkcs7
...
allow PKCS#7 to be compiled with AES disabled
2016-11-03 09:00:46 -07:00
Chris Conlon
9a735fc873
allow PKCS#7 to be compiled with AES disabled
2016-11-02 12:18:45 -06:00
toddouska
d4b8320226
Merge pull request #606 from ejohnstown/dtls-pool
...
DTLS Pool Change
2016-11-02 10:54:53 -07:00
John Safranek
a3ea8378ec
Cap the size of the transmit and receive DTLS message lists at 255.
2016-11-02 09:15:05 -07:00
JacobBarthelmeh
6f06b60bc0
ARMv8 : clang build with ARMv8
2016-11-01 13:38:01 -07:00
toddouska
624ec3d492
Merge pull request #607 from cconlon/pkcs7
...
add AES content encryption support to PKCS#7 EnvelopedData
2016-11-01 12:03:24 -07:00
dgarske
22c5e22698
Merge pull request #608 from JacobBarthelmeh/master
...
Option to disable RNG (WC_NO_RNG or --disable-rng). If RNG is disabled and building in crypto that makes calls to RNG functions the build will fail with linker undefined symbol errors.
2016-11-01 11:53:53 -07:00
John Safranek
ffe905afbf
Moved the checks for the new session ticket and certificate verify
...
messages from the change cipher spec handler to the sanity check
handshake message function. It provides support for DTLS missing
and duplicate messages.
2016-11-01 09:53:53 -07:00
John Safranek
3075269326
Replace the DTLS MsgPool for saving transmit handshake messages with
...
the DTLS MsgList.
2016-11-01 09:53:53 -07:00
John Safranek
3065bb2178
Merge pull request #588 from steweg/fix_dtls_retranmission
...
Adjust DTLS retranmission logic
2016-11-01 09:29:30 -07:00
Jacob Barthelmeh
70e7e34c87
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 10:21:29 -06:00
Jacob Barthelmeh
09c32de412
RNG : option to not use RNG
2016-10-31 16:51:02 -06:00
Chris Conlon
50464d4aef
gitignore PKCS#7 test files, delete on make clean
2016-10-31 14:46:03 -06:00
Chris Conlon
fa9a9175d0
add AES-256-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:45:57 -06:00
Chris Conlon
8c23c3cdd0
add AES-192-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:27:21 -06:00
Chris Conlon
17c184e720
add AES-128-CBC to PKCS#7 Encode/DecodeEnvelopedData
2016-10-31 14:27:14 -06:00
Jacob Barthelmeh
b686deecbe
PKCS12 : Add PKCS12 parsing
2016-10-29 13:12:26 -06:00
JacobBarthelmeh
79cba75925
Merge pull request #603 from ejohnstown/aes-ctr
...
expand the AES-CTR test to 4 blocks for 192 and 256 bit cases
2016-10-28 13:52:50 -06:00
John Safranek
849ae72d3a
expand the AES-CTR test to 4 blocks for 192 and 256 bit cases
2016-10-27 15:54:22 -07:00
dgarske
7ef037af0f
Merge pull request #602 from kaleb-himes/forums-support-case-user-sp
...
IAR compiler for ARM 7.70.2.11706 - unitialized warning
2016-10-26 20:04:02 -07:00
kaleb-himes
2122ee2eb5
IAR compiler for ARM 7.70.2.11706 - unitialized warning
2016-10-26 09:33:15 -06:00
Stefan Gula
59fdd98f1d
Adjust DTLS retranmission logic
...
This patch adjust DTLS retranmission logic
in order to avoid message floods between client
and server
2016-10-26 10:37:23 +02:00
dgarske
703d504b58
Merge pull request #600 from kaleb-himes/scan-build-async
...
Check for sigLen size to resolve scan-build warning.
2016-10-25 11:08:14 -07:00
kaleb-himes
bc1fca5620
modified handler to return error on invalid condition post review
...
update
2016-10-25 11:07:35 -06:00
kaleb-himes
33ab901b3f
prevent allocation of size 0
2016-10-24 16:44:43 -06:00
toddouska
b8aa335dd6
Merge pull request #598 from dgarske/ecc_cacheres_w_altsize
...
Fix for ECC with ALT_ECC_SIZE and cache resistance enabled
2016-10-17 15:01:43 -07:00
David Garske
d2a6c6838e
Fix for ECC with !WC_NO_CACHE_RESISTANT and ALT_ECC_SIZE causing invalid mp_int*. An ecc_point with ALT_ECC_SIZE is "mp_int* x" vs. "mp_int x[1]". The resulting pointer for &M[0]->x is not valid in the ALT_ECC_SIZE case. This was found while testing ECC on a Cortex M4 (32-bit) and caused a hard fault.
2016-10-14 16:44:57 -07:00
toddouska
2ecf7090ca
Merge pull request #595 from JacobBarthelmeh/Testing
...
static analysis : Fix warnings with wc_AesCcmSetKey
2016-10-12 11:27:29 -07:00
toddouska
88a82f519e
Merge pull request #594 from JacobBarthelmeh/DTLS-MultiCore
...
session export : Increment DTLS export version with serialization cha…
2016-10-12 11:25:23 -07:00
toddouska
ffb2a8ff12
Merge pull request #593 from JacobBarthelmeh/ARMv8
...
ARMv8 : sanity checks
2016-10-12 11:23:27 -07:00
toddouska
11102b6726
Merge pull request #585 from NickolasLapp/master
...
Rename *Mutex Functions with wc_ prefix. Expose these functions for Stunnel.
2016-10-12 11:19:32 -07:00
toddouska
9cf4d7ca8e
Merge pull request #584 from kaleb-himes/aes-gcm-bo
...
sanity check on memcpy and xorbuf
2016-10-12 11:18:03 -07:00
Jacob Barthelmeh
54c51ec4a0
static analysis : Fix warnings with wc_AesCcmSetKey
2016-10-12 10:02:53 -06:00
Jacob Barthelmeh
3c03aa453b
session export : Increment DTLS export version with serialization changes
2016-10-11 14:01:38 -06:00
Nickolas Lapp
86bf50ea70
Ensure dh->q is nulled on init and free
2016-10-10 16:21:30 -06:00
Jacob Barthelmeh
eb9161d8a7
ARMv8 : sanity checks
2016-10-10 15:08:59 -06:00
dgarske
395972e6a8
Merge pull request #592 from cconlon/eccfix
...
fix ecc_check_privkey_gen() parameters with WOLFSSL_VALIDATE_ECC_IMPORT
2016-10-07 14:30:06 -07:00
Chris Conlon
ab966a72da
fix ecc_check_privkey_gen() parameters with WOLFSSL_VALIDATE_ECC_IMPORT
2016-10-07 14:14:50 -06:00
kaleb-himes
05fcbb001a
move sanity check and remove silent truncation
2016-10-06 15:01:16 -06:00
keton
ef5f55f6e4
Optimize memory usage for ARM Cortex M and similar embedded systems ( #578 )
...
* Changed ge_precomp data to const to reduce RAM usage on embedded systems.
* Add configuration option "WOLFSSL_NRF5x" for Nordic nRF5x platform in settings.h
2016-10-06 12:49:14 -07:00
toddouska
f4c654dd6e
Merge pull request #590 from JacobBarthelmeh/ARMv8
...
ARMv8 additions
2016-10-06 10:04:07 -07:00
Nickolas Lapp
4181b744ab
stunnel 5.36 requires des3. Enable by default
2016-10-05 13:17:26 -06:00
Jacob Barthelmeh
d07746de09
ARMv8 : Remove dependency on load
2016-10-05 11:02:51 -06:00
Nickolas Lapp
69483366fb
Fixes for fips compatibility
2016-10-05 10:20:13 -06:00
Nickolas Lapp
89aec2c565
Add cast for g++ compiler
2016-10-05 09:37:44 -06:00
Jacob Barthelmeh
21dd236ef2
ARMv8 : increase performance
2016-10-05 09:04:18 -06:00
dgarske
1e028c3566
Merge pull request #589 from cconlon/ipproto
...
Wrap IPPROTO_SCTP use with WOLFSSL_SCTP in test.h
2016-10-04 19:48:32 -07:00
Chris Conlon
29cf90a425
protect IPPROTO_SCTP with WOLFSSL_SCTP in test.h
2016-10-04 16:42:53 -06:00
dgarske
81a8ad0a48
Merge pull request #587 from ejohnstown/seq64
...
64-bit Sequence Number
2016-10-04 06:01:26 -07:00
Nickolas Lapp
1792eba1a2
Rename *Mutex Functions with wc_ prefix. Expose these functions for
...
Stunnel. Various other changes to enable stunnel compling
2016-10-03 16:36:05 -06:00
John Safranek
12ac0346f5
change magic numbers to constants, rename verify parameter of WriteSEQ() and subfunctions
2016-10-03 13:51:10 -07:00
John Safranek
a839b61e81
initialize temp sequence number
2016-10-02 13:02:20 -07:00
John Safranek
575785db3e
Fixes for DTLS sequence number checking.
2016-10-02 12:03:44 -07:00
John Safranek
ab371365b9
updated sequence number window
2016-09-30 17:02:05 -07:00
John Safranek
62d58a7084
updated session import/export for seq number
2016-09-29 23:09:42 -07:00
John Safranek
4522fa335e
Fixing DTLS for 64-bit sequence numbering
...
1. Simplify away the DtlsState record.
2. Adding in high order bits for the DTLS sequence number.
3. For DTLS, separated copying the sequence number from incrementing it.
2016-09-29 15:51:33 -07:00
kaleb-himes
a630fda509
Sanity check on memcpy and xorbuf
...
Sanity check on memcpy and xorbuf
2016-09-29 13:26:50 -06:00
Kaleb Himes
1a7f1d3b26
Merge pull request #583 from JacobBarthelmeh/CSharp
...
C# Wrapper : TCP check connection termination
2016-09-28 16:31:29 -06:00
Jacob Barthelmeh
1ed06b53df
C# Wrapper : TCP check connection termination
2016-09-28 15:00:30 -06:00
Jacob Barthelmeh
6f4b704552
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 10:22:27 -06:00
Chris Conlon
be86308a33
Merge pull request #556 from danielinux/frosted-fix
...
Fix compilation on Frosted
2016-09-26 12:53:39 -06:00
Kaleb Himes
124a8c0c1f
Merge pull request #582 from ejohnstown/lean-psk
...
Fixes for building the library for Lean PSK
2016-09-24 10:59:54 -06:00
Kaleb Himes
af5d790aea
Merge pull request #581 from ejohnstown/tlsx
...
Fixes for building the library with a C++ compiler with TLSX enabled
2016-09-24 10:45:33 -06:00
John Safranek
8d1aa2238b
Fixes for building the library for Lean PSK
...
1. Needed to enable static PSK when using Lean PSK
2. Fixed complaints about unused variables.
2016-09-24 00:18:36 -07:00
John Safranek
5e852dc1a1
Fixes for building the library with a C++ compiler with TLSX enabled
...
1. Add many typecasts for malloc() data to proper pointer type.
2. Add many typecasts for constants in tertiary operators.
3. ECC to use local copy of wc_off_on_addr instead of extern copy.
2016-09-23 23:22:58 -07:00
John Safranek
5ec5b9b07d
Merge pull request #580 from JacobBarthelmeh/Testing
...
NTRU : warning of variable size as argument
2016-09-23 15:52:48 -07:00
Jacob Barthelmeh
02b3aa51bd
NTRU : warning of variable size as argument
2016-09-23 15:30:33 -06:00
Kaleb Himes
fb01cf7e1b
Merge pull request #579 from ejohnstown/release-v3.9.10
...
Prepare release v3.9.10
2016-09-23 15:05:21 -06:00
John Safranek
6895803f2b
Prepare release v3.9.10
2016-09-23 12:19:24 -07:00
John Safranek
049956d852
Merge pull request #577 from kaleb-himes/fix-typos
...
Fixing typos
2016-09-23 12:18:23 -07:00
kaleb-himes
4fc0c6c646
fix unused parameter build time error
...
fix unused parameter build time error
2016-09-23 12:23:26 -06:00
kaleb-himes
3bd86d3f87
Fixing typos
2016-09-23 10:45:29 -06:00
Jacob Barthelmeh
91580552bc
ARMv8 : AES-GCM encryption speed ups
2016-09-23 10:20:52 -06:00
JacobBarthelmeh
78246e0fc2
Merge pull request #575 from ejohnstown/fix-option
...
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 16:15:49 -06:00
JacobBarthelmeh
98841e8b47
Merge pull request #576 from toddouska/dsa_zero
...
add dsa sign sanity check on r/s
2016-09-22 15:14:43 -06:00
John Safranek
e4b8e6a447
Merge pull request #574 from JacobBarthelmeh/Testing
...
Static Analysis : fix a warning of unused variable
2016-09-22 14:09:46 -07:00
toddouska
d9163e4554
add dsa sign sanity check on r/s
2016-09-22 12:04:48 -07:00
John Safranek
ba6e2b1037
move an ifndef NO_AES for one more configure disable/enable combination
2016-09-22 11:41:16 -07:00
JacobBarthelmeh
c43fd150e9
Static Analysis : fix a warning of unused variable
2016-09-22 09:31:26 -07:00
JacobBarthelmeh
18944dacbf
Merge pull request #573 from toddouska/dsa_pad
...
fix dsa pre padding
2016-09-22 09:42:23 -06:00
toddouska
9e4e08d7a7
fix dsa pre padding
2016-09-21 18:51:11 -07:00
toddouska
2368d49678
Merge pull request #572 from ejohnstown/pathlen
...
CA Certificate Path Length Checking
2016-09-21 14:36:24 -07:00
John Safranek
b8704d2dfe
Merge pull request #571 from toddouska/new_rng
...
Fix Jenkins build 389 single-threaded issue
2016-09-21 12:59:06 -07:00
John Safranek
74002ce66a
Add the new path length test certs to include.am.
2016-09-21 12:34:01 -07:00
JacobBarthelmeh
ab887b88dc
Merge pull request #570 from ejohnstown/des3-disable-fix
...
Disable DES3 compiler warning fix
2016-09-21 13:25:00 -06:00
John Safranek
de81c81eae
Fixed unused variable complaints when OPENSSL_EXTRA and MD5 are enabled
...
and when AES is disabled.
2016-09-21 10:21:03 -07:00
toddouska
489345f0d4
move CTX new_rng out of with certs block
2016-09-21 09:02:38 -07:00
John Safranek
95acd9c907
Fixed unused variable complaints when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and MD5 are disabled. It was in the same encrypt function as
before and in the paired decrypt function.
2016-09-21 07:32:17 -07:00
John Safranek
a42bd30278
CA Certificate Path Length Checking
...
1. Check the path length between an intermediate CA cert and its
signer's path length.
2. Always decode the path length if present and store it in the decoded
certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
2016-09-20 21:36:37 -07:00
John Safranek
ef7183dcf7
delete redundant #else
2016-09-20 15:59:08 -07:00
toddouska
d9862c1c1a
Merge pull request #569 from kaleb-himes/CUSTOMER_REQUEST
...
addition to previous customer request
2016-09-20 12:09:15 -07:00
John Safranek
65a7978dec
Merge pull request #567 from toddouska/rng
...
RDSEED enhancements
2016-09-20 12:09:01 -07:00
John Safranek
df1d8200ef
Fixed unused variable complaint when KEYGEN and OPENSSL_EXTRA are enabled
...
and when AES and DES3 are disabled.
2016-09-20 12:07:58 -07:00
toddouska
67a112773e
fix secure renegotiation
2016-09-19 17:31:20 -07:00
toddouska
21726d5ae4
64bit sequence tls proof of concept, dlts needs some work
2016-09-19 16:02:27 -07:00
kaleb-himes
4214f52d77
addition to previous customer request
2016-09-19 16:01:24 -06:00
toddouska
0718aba655
fix comment typo
2016-09-19 13:28:14 -07:00
toddouska
485d814aed
Merge pull request #563 from JacobBarthelmeh/ARMv8
...
ARMv8 : AES-GCM constraint fix
2016-09-19 09:30:08 -07:00
toddouska
e0b8e55198
Merge pull request #553 from ejohnstown/disable-des3
...
Disable DES3 by default
2016-09-19 09:27:32 -07:00
toddouska
b4b0b2433e
Merge pull request #555 from ejohnstown/autogen-tweak
...
Autogen tweak for git worktrees
2016-09-19 09:26:06 -07:00
toddouska
4c295cd13d
Merge pull request #564 from kaleb-himes/CUSTOMER_REQUEST
...
Implement requested change from customer
2016-09-19 09:24:43 -07:00
toddouska
1bab8822a9
Merge pull request #565 from ejohnstown/enable-ecccurveext
...
Enable the ECC Supported Curves extension by default
2016-09-19 09:24:05 -07:00
toddouska
afd039d2e1
Merge pull request #566 from JacobBarthelmeh/master
...
Benchmark App : fixed some invalid set key sizes
2016-09-19 09:23:12 -07:00
Jacob Barthelmeh
6d73175b22
Benchmark App : fixed some invalid set key sizes
2016-09-17 15:07:38 -06:00
toddouska
c51444bec5
update rdseed to 64bit get, more retries, fallback to /dev/urandom on failure
2016-09-16 18:54:47 -07:00
Kaleb Himes
3f95bac55f
Merge pull request #562 from ejohnstown/pre-release3.9.9
...
Bump version for pre-release REDUX
2016-09-16 15:07:00 -06:00
kaleb-himes
67c7e7c8de
Implement requested change from customer
...
Implement requested change from customer
2016-09-16 14:38:33 -06:00
toddouska
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
John Safranek
781e800486
1. Enable the extension ECC Supported Curves by default.
...
2. Force the extention disabled if ECC is disabled.
2016-09-16 13:26:56 -07:00
Jacob Barthelmeh
f755591316
ARMv8 : AES-GCM constraint fix
2016-09-16 19:43:47 +00:00
John Safranek
7a7f2fbe78
Bump version for pre-release.
2016-09-16 10:58:31 -07:00
John Safranek
ef0cd908ea
Merge pull request #557 from kaleb-himes/arduino-updates
...
fix distribution issue
2016-09-16 10:55:48 -07:00
toddouska
c85b3b84d9
Merge pull request #554 from JacobBarthelmeh/ARMv8
...
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
2016-09-16 09:34:24 -07:00
John Safranek
03ebb4825e
Merge pull request #552 from toddouska/aesca
...
prevent compiler from optimzing out PreFetch Td4
2016-09-16 09:16:07 -07:00
kaleb-himes
14a7065f6e
fix distribution issue
2016-09-16 10:04:50 -06:00
Daniele Lacamera
b869641de6
Merge branch 'master' into frosted-fix
2016-09-16 11:46:01 +02:00
Daniele Lacamera
890bcde1cd
Don't include <sys/uio.h> when running on Frosted
2016-09-16 11:43:34 +02:00
John Safranek
4087f6904c
Treat project directory as in version control if .git is
...
either directory or file.
2016-09-15 16:09:27 -07:00
Jacob Barthelmeh
6d82cba29c
ARMv8 : AES-CTR/CBC/GCM speed ups and refactor AES
2016-09-15 22:50:00 +00:00
John Safranek
ef9c4bf5c9
Add client-ca.pem to the automake include for dist.
2016-09-15 15:38:41 -07:00
John Safranek
bad6be5c76
1. Updated sniffer to allow DES3 to be disabled.
...
2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled.
3. Force DES3 enabled when enabling MCAPI.
2016-09-15 14:53:28 -07:00
John Safranek
e92f0e32b0
Undo making the ECC supported curves extension default to enabled.
2016-09-15 13:15:49 -07:00
dgarske
78c0f98ea9
Merge pull request #551 from kaleb-himes/arduino-updates
...
Updates to make building for ARDUINO more intuitive
2016-09-15 13:01:42 -07:00
John Safranek
0ee7d7cc17
1. Add DES3 enable to full commit test.
...
2. Added DES3 to the list of FIPS prereqs.
2016-09-15 12:19:32 -07:00
John Safranek
e3bb4c29e2
Fix openssl.test with the lean-TLS option
...
1. Make new CA cert for test that is both client-cert.pem andr
client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
2016-09-15 11:39:30 -07:00
toddouska
c1ac0c0f8c
Merge pull request #545 from ejohnstown/ems
...
Extended Master Secret
2016-09-15 11:25:41 -07:00
John Safranek
2d4757b446
Disable DES3 by default. Force it enabled when it is a prereq for
...
another option. (SCEP and PKCS7)
2016-09-15 11:23:36 -07:00
John Safranek
19434e285a
Update the resume test to rerun itself with the "-n" option to disable
...
extended master secret if the option is enabled.
2016-09-15 10:13:31 -07:00
toddouska
8cdaa06127
prevent compiler from optimzing out PreFetch Td4
2016-09-15 10:02:30 -07:00
kaleb-himes
9d49fae600
Updates to make building for ARDUINO more intuitive
...
NO_INLINE not necessary, update README
2016-09-14 17:01:35 -06:00
JacobBarthelmeh
01be5cdc07
Merge pull request #550 from toddouska/rsainit
...
make sure rsa rng is null on init
2016-09-14 16:31:07 -06:00
toddouska
dc337946d5
make sure rsa rng is null on init
2016-09-14 14:33:08 -07:00
John Safranek
8b713adcfd
Extended Master Secret Peer Review Changes
...
1. Checked the returns on the hash functions in the sniffer,
return new error if any fail.
2. Removed the SHA-512 hash from the sniffer's collection of
hashes. Never used in a cipher suite.
3. Added some logging messages in the EMS support in wolfSSL.
2016-09-14 13:43:02 -07:00
John Safranek
7410b5784f
Merge pull request #548 from toddouska/nocache
...
add WC_NO_CACHE_RESISTANT option for old code paths
2016-09-14 10:24:29 -07:00
toddouska
e039fcefc0
Merge pull request #549 from JacobBarthelmeh/master
...
aes.c : check ILP32 macro defined
2016-09-14 09:58:19 -07:00
Jacob Barthelmeh
109642fef4
aes.c : check ILP32 macro defined
2016-09-14 09:33:48 -06:00
toddouska
b6937626b4
don't require uneeded temp with WC_NO_CACHE_RESISTANT
2016-09-13 17:01:50 -07:00
toddouska
7b3fc558ec
add WC_NO_CACHE_RESISTANT option for old code path
2016-09-13 16:45:15 -07:00
John Safranek
b77c350153
Merge pull request #547 from toddouska/mathca
...
Remove timing resistant cache key bit monitor leaks
2016-09-13 14:34:23 -07:00
toddouska
05d78dc2ce
Merge pull request #544 from cconlon/rsafix
...
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-13 11:24:03 -07:00
toddouska
46a0ee8e69
switch ecc timising resistant mulmod double to use temp instead of leaking key bit to cache monitor
2016-09-13 11:10:10 -07:00
John Safranek
0477d5379e
Merge pull request #546 from toddouska/aesca
...
AES T table cache preload.
2016-09-13 11:05:28 -07:00
toddouska
6ef9e79ff5
switch timing resistant exptmod to use temp for square instead of leaking key bit to cache monitor
2016-09-13 09:13:39 -07:00
toddouska
6ae1a14c9f
do aes cache line stride by bytes, not word32s
2016-09-12 21:09:08 -07:00
John Safranek
77cf700657
Update to allow resumption with session tickets and extended master secret.
2016-09-12 16:06:51 -07:00
toddouska
c6256211d6
compress aes last round decrypt table, prefetch Td tables before aes decrypt rounds, prefecth compressed table before last round
2016-09-12 13:04:30 -07:00
toddouska
97a64bcc7c
remove unique aes last round Te table, pre fetch Te tables during software aes encrypt
2016-09-12 12:03:37 -07:00
John Safranek
c1136a30e9
1. Enabled the extended master secret in the Windows IDE user_settings.h
...
file by default.
2. Fixed scan-build warning about an assignment to a variable that isn't
used again in the function. Commented out the line.
2016-09-12 09:42:42 -07:00
John Safranek
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
Chris Conlon
a149d83bff
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-09 16:11:56 -06:00
John Safranek
68e48e84fd
Merge pull request #541 from toddouska/comp
...
detect server forcing compression on client w/o support
2016-09-09 13:00:22 -07:00
toddouska
fc54c53f38
Merge pull request #543 from JacobBarthelmeh/ARMv8
...
ARMv8 : increase performance with SHA256
2016-09-09 10:23:44 -07:00
Jacob Barthelmeh
3ec66dd662
ARMv8 : sanity checks and change constraint type
2016-09-09 00:27:40 +00:00
dgarske
bd3e40d2fc
Merge pull request #542 from JacobBarthelmeh/master
...
verify case with unexpected input
2016-09-08 16:07:28 -07:00
Jacob Barthelmeh
f4e604dec3
verify case with unexpected input
2016-09-08 15:32:09 -06:00
toddouska
0c21d76ce3
detect client not sending any compression types
2016-09-08 12:06:22 -07:00
John Safranek
4fb1431727
Added support for the extended master secret extension to the sniffer.
2016-09-08 11:25:02 -07:00
Jacob Barthelmeh
79af4d30e0
ARMv8 : increase performance with SHA256
2016-09-08 18:00:24 +00:00
toddouska
3e80d966d2
Merge pull request #540 from dgarske/fix_noprng_nosha2
...
Fix to allow disabling P-RNG and SHA256 with CUSTOM_RAND_GENERATE_BLOCK
2016-09-07 16:33:32 -07:00
toddouska
3aefc42f04
have TLS server side verify no compression is in list if not using compression
2016-09-07 15:28:30 -07:00
David Garske
f6b786cfb5
Updated the random.h source inline comments to clarify SHA256 and RC4.
2016-09-07 09:23:43 -07:00
toddouska
baebec4ca4
Merge pull request #538 from JacobBarthelmeh/ARMv8
...
initial ARMv8 instructions
2016-09-07 09:20:14 -07:00
toddouska
a5db13cd01
detect server forcing compression on client w/o support
2016-09-07 09:17:14 -07:00
David Garske
8d6ea61a4f
Fix to allow disabling P-RNG and SHA256 when CUSTOM_RAND_GENERATE_BLOCK is used. Added inline documentation to describe RNG source options. Example: ./configure --enable-cryptonly --disable-hashdrbg CFLAGS="-DNO_SHA256 -DCUSTOM_RAND_GENERATE_BLOCK"
2016-09-06 16:42:53 -07:00
Jacob Barthelmeh
09b29cb1d4
ARMv8 AES: remove extra memcpy during encrypt/decrypt
2016-09-02 22:55:17 +00:00
JacobBarthelmeh
33f24ebaa8
Merge pull request #537 from ejohnstown/ocsp-issuerKeyHash
...
OCSP Fixes
2016-09-02 14:57:07 -06:00
Jacob Barthelmeh
8e4ccd355c
refactor ALIGN16 macro to types.h
2016-09-01 21:24:03 +00:00
Chris Conlon
0f0e0ca9a5
add extended master to example client
2016-09-01 15:17:46 -06:00
Chris Conlon
88fab67804
add extended master unit tests
2016-09-01 15:15:17 -06:00
Chris Conlon
e4f527a332
initial extended master secret support
2016-09-01 15:12:54 -06:00
Chris Conlon
5bf8806655
add wc_Sha384/512GetHash() functions
2016-09-01 15:05:27 -06:00
Jacob Barthelmeh
41912b92c6
initial ARMv8 instructions
2016-09-01 18:10:06 +00:00
John Safranek
963b9d4c4d
OCSP Fixes
...
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
2016-09-01 09:58:34 -07:00
Chris Conlon
a0b02236b8
Merge pull request #527 from danielinux/master
...
Support for Frosted OS
2016-08-31 10:07:25 -06:00
toddouska
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
John Safranek
e0a035a063
DTLS-SCTP Tests
...
1. Added a check to configure for SCTP availablility.
2. Added DTLS-SCTP to the cipher suite test.
2016-08-29 15:24:51 -07:00
JacobBarthelmeh
de3f66b946
Merge pull request #515 from dgarske/cryptonly_static_mem
...
Added support for static memory with wolfCrypt
2016-08-29 15:23:28 -06:00
David Garske
ddff90ea26
Fix duplicate declaration of "wolfSSL_init_memory_heap" (errors after rebase).
2016-08-29 11:50:43 -07:00
David Garske
6a70403547
Fix for "not used" devId in benchmark.
2016-08-29 11:01:16 -07:00
David Garske
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
John Safranek
05a35a8332
fix scan-build warning on the simple SCTP example server
2016-08-26 20:33:05 -07:00
John Safranek
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
John Safranek
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
John Safranek
6d5df3928f
SCTP-DTLS examples
...
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
2016-08-26 19:58:36 -07:00
John Safranek
bab071f961
1. Implemented the SCTP MTU size changes for transmit.
...
2. Simplified the MAX_FRAGMENT size when calling SendData().
2016-08-26 19:58:36 -07:00
John Safranek
a6c0d4fed7
1. Added missing -DWOLFSSL_SCTP to configure.ac.
...
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-26 19:58:36 -07:00
John Safranek
52e2f1a7ab
typecasts to clear static analysis warnings on SCTP examples
2016-08-26 19:58:36 -07:00
John Safranek
f3dca48e99
Fix polarity on the DTLS-SCTP check.
2016-08-26 19:58:36 -07:00
John Safranek
7b3255b5bb
1. Simplified the IsDtlsSctpMode() check.
...
2. Checked IsDtlsSctpMode() to skip saving messages to retransmit and
skip retransmissions.
2016-08-26 19:57:09 -07:00
John Safranek
c1970434d1
simplify the SCTP options
2016-08-26 19:43:52 -07:00
John Safranek
b7a35eabd2
Add simple SCTP example tools
2016-08-26 19:40:50 -07:00
John Safranek
ebbf5ec72b
add new options and accessors for SCTP
2016-08-26 19:40:50 -07:00
John Safranek
2d9b6cf27a
added SCTP to configure.ac
2016-08-26 19:40:50 -07:00
dgarske
d7ac7af4b0
Merge pull request #532 from toddouska/sb-aiaddr
...
make sure static analysis realizes err_sys does exit()
2016-08-26 16:29:20 -07:00
dgarske
930c692598
Merge pull request #535 from toddouska/ecc521-no64
...
fix normal math 16bit digit_bit for all ecc sizes
2016-08-26 14:59:01 -07:00
toddouska
bd312cb766
Merge pull request #533 from dgarske/dg_fixes
...
Fixes for HMAC/small stack heap and disable RSA warnings
2016-08-26 14:30:55 -07:00
toddouska
401463a983
Merge pull request #534 from dgarske/ecc_cust_fix
...
Fixed issue with "wc_ecc_set_custom_curve" function and ECC test improvements
2016-08-26 14:25:15 -07:00
toddouska
efabbcf305
fix normal math 16bit digit_bit for all ecc sizes
2016-08-26 13:47:53 -07:00
David Garske
bf23b2f9d1
Fix issue with "wc_ecc_set_custom_curve" function not setting index as "ECC_CUSTOM_IDX". Cleanup of the ECC tests to return actual error code (when available) and make sure keys are free'd. Some trailing whitespace cleanup.
2016-08-26 12:35:47 -07:00
David Garske
925e5e3484
Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled.
2016-08-26 10:33:01 -07:00
toddouska
86e889a7fa
only force exit() in all cases with gcc since we know noreturn attribute there
2016-08-26 10:20:58 -07:00
toddouska
dd7f9b618d
make sure static analysis realizes err_sys does exit()
2016-08-25 12:23:57 -07:00
toddouska
78ca9e7716
Merge pull request #482 from dgarske/async
...
Asynchronous wolfCrypt RSA and TLS client support
2016-08-25 10:06:18 -07:00
toddouska
07345579ec
Merge pull request #531 from cconlon/distro
...
Add "--enable-distro" build option
2016-08-23 14:31:23 -07:00
David Garske
a9278fe492
Added check for GetLength result in asn GetIntRsa function. Fixed return code in random.c for "wolfAsync_DevCtxInit" due to copy/paste error. Added RSA wc_RsaCleanup to make sure allocated tmp buffer is always free'd. Eliminated invalid RSA key type checks and "RSA_CHECK_KEYTYPE".
2016-08-23 11:31:15 -07:00
Chris Conlon
91ccf1bd86
do not enable ARC4 or sniffer in distro build
2016-08-22 15:33:45 -06:00
Chris Conlon
45c8ed1436
remove -X from ocsp stapling tests that are not external
2016-08-22 14:18:35 -06:00
toddouska
ebba0efaa4
Merge pull request #528 from jrblixt/tests_api_develop
...
Added Functions to wolfSSL/test/api.c
2016-08-22 09:38:23 -07:00
Chris Conlon
1a94c0bbdd
add distro build option
2016-08-22 10:00:37 -06:00
Chris Conlon
6f0239441b
Merge pull request #530 from ejohnstown/dtls-ticket
...
DTLS and Session Ticket fix
2016-08-22 09:37:28 -06:00
John Blixt
a9935cbc28
Made changes found by Jenkins.
2016-08-19 10:23:55 -06:00
John Safranek
fa1989b729
fix building the new session ticket message for DTLS, take into account the additional header sizes
2016-08-18 17:51:25 -07:00
John Blixt
813a9b05b5
Clean up and Chris check added the changes.
2016-08-18 15:07:07 -06:00
John Blixt
f61c045e65
Changes to the Assert Macros used and added wolfSSL_CTX_use_certificate_buffer()
2016-08-18 10:03:33 -06:00
Daniele Lacamera
3d3f8c9dd3
Support for Frosted OS
2016-08-18 14:56:14 +02:00
John Blixt
b068eec96d
added wolfSSL_CTX_SetMinVersion
2016-08-17 14:41:37 -06:00
John Blixt
73089200bf
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into tests_api_develop
2016-08-17 14:12:43 -06:00
John Blixt
cddc771829
Added wolfSSL_SetMinVersion
2016-08-17 14:05:37 -06:00
John Blixt
584733b138
Chris looked at functions added for correctness.
2016-08-17 11:27:14 -06:00
John Blixt
65b2b14a0f
added test functions for wolfCrypt_Init and OCSP stapling v1 and v2
2016-08-17 10:32:03 -06:00
David Garske
3e6be9bf2c
Fix in "wc_InitRsaKey_ex" for normal math so mp_init isn't called to defer allocation.
2016-08-15 14:07:16 -06:00
David Garske
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
Chris Conlon
5347e32d63
Merge pull request #526 from toddouska/fm64-types
...
don't setup 64bit typedef with fastmath if not needed
2016-08-15 13:14:59 -06:00
Chris Conlon
d1d6571575
Merge pull request #525 from toddouska/session
...
add resume session string script check, make GetDeepCopySession stati…
2016-08-15 13:11:53 -06:00
toddouska
527c375884
don't setup 64bit typedef with fastmath if not needed
2016-08-15 11:02:06 -07:00
toddouska
d74fa8299a
add resume session string script check, make GetDeepCopySession static local and check reutrn code
2016-08-15 09:32:36 -07:00
dgarske
b38218a0b9
Merge pull request #524 from kaleb-himes/certs-buffs-and-tests
...
cert updates, new buffers, new test with buffers
2016-08-14 08:39:37 -07:00
kaleb-himes
da18e463ed
remove constraints on inclusion of certs_test.h
2016-08-12 17:00:22 -06:00
kaleb-himes
03295ec6d7
update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test
...
changes from first review
move to 256 bit defines
2016-08-12 13:00:52 -06:00
toddouska
7cf13f84b7
Merge pull request #522 from JacobBarthelmeh/master
...
help static analysis tools
2016-08-10 16:37:16 -07:00
Jacob Barthelmeh
b502d9dcf7
help static analysis tools
2016-08-10 14:23:27 -06:00
JacobBarthelmeh
fd9f8125e3
Merge pull request #521 from dgarske/improve_inline_misc
...
Change misc.c error to warning when trying to be compiled and inline enabled
2016-08-09 13:09:20 -06:00
toddouska
a8b2ced588
Merge pull request #519 from dgarske/fix_compat_wo_ecc
...
Fix for openssl compatibility without ECC
2016-08-08 13:46:58 -07:00
David Garske
317a7f2662
Change misc.c error to warning and exclude the misc.c code from being compiled. Most people include all .c files and by default inlining is allowed, which in turn causes an #error in misc.c and it must be excluded. Since we know its already been properly included there is no reason to throw error here. Instead, show warning and exclude code in .c file.
2016-08-08 13:13:59 -07:00
David Garske
b0e4acaac1
Fix for openssl compatibility without ECC. Disable "wolf_OBJ_nid2sn", "wolf_OBJ_sn2nid" and "wolf_OBJ_obj2nid" when "OPENSSL_EXTRA" defined and "HAVE_ECC" is not defined.
2016-08-08 10:29:58 -07:00
toddouska
76e8438059
Merge pull request #518 from dgarske/fix_build_w_callbacks
...
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-06 10:11:53 -07:00
toddouska
49fb0d56b0
Merge pull request #516 from dgarske/fix_asn_wo_hmac
...
Fix build issue with ASN enabled and no HMAC
2016-08-06 10:07:00 -07:00
toddouska
c8cfe1ffa1
Merge pull request #511 from dgarske/openssl_compat_fixes
...
Various improvements to support openssl compatibility
2016-08-06 09:59:31 -07:00
toddouska
dd03af2cf4
Merge pull request #512 from dgarske/fix_crl_pad
...
Fixed issue with CRL check and zero pad
2016-08-06 09:56:59 -07:00
dgarske
cc462e2c50
Merge pull request #513 from kojo1/Der2Pem
...
Adds "wc_DerToPem" CRL_TYPE support
2016-08-05 14:35:15 -07:00
David Garske
d8c63b8e66
Various improvements to support openssl compatibility.
...
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
2016-08-05 14:15:47 -07:00
David Garske
32b0303beb
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-05 14:06:58 -07:00
David Garske
6b1ff8e9d7
Only try and return serial number or check padding if the serial number size is greater than 1.
2016-08-05 12:53:26 -07:00
David Garske
a17bc2a42e
Fix build issue with ASN enabled and no HMAC (missing MAX_DIGEST_SIZE). Switch to using WC_MAX_DIGEST_SIZE from hash.h, which is always available. Added small stack option for digest in MakeSignature. Fixed build error with unused "testVerifyCount" if "NO_ECC_SIGN" or "NO_ECC_VERIFY".
2016-08-05 12:19:30 -07:00
toddouska
eeb506b8c0
Merge pull request #514 from dgarske/fix_arm_cc_warn
...
Fixes for warnings when cross-compiling with GCC ARM.
2016-08-05 10:07:32 -07:00
David Garske
96da2df7ec
Additional max index and serial number size checks in "GetSerialNumber".
2016-08-03 17:04:44 -07:00
David Garske
2c1309ffc7
Fixes for warnings when cross-compiling with GCC ARM.
2016-08-03 16:53:53 -07:00
Takashi Kojo
e01dcb671d
eliminate tail nl
2016-08-03 11:12:10 +09:00
Takashi Kojo
ed4cd2438f
CRL_Type to wc_DerToPem
2016-08-03 10:53:54 +09:00
David Garske
9ddfe93c43
Fixed issue with CRL check and zero pad (the GetRevoked function was not trimming pad). Added new ASN "GetSerialNumber" function and implemented it in three places in asn.c.
2016-08-02 16:47:21 -07:00
toddouska
67d607324a
Merge pull request #509 from JacobBarthelmeh/Release
...
prepare for release 3.9.8
2016-07-28 18:47:39 -07:00
Jacob Barthelmeh
32c0b6d97a
prepare for release 3.9.8
2016-07-28 15:46:45 -06:00
JacobBarthelmeh
dcc0f87ce6
Merge pull request #506 from toddouska/del_point
...
fix remaining non fpecc ecc_del_point w/o heap
2016-07-27 18:54:46 -06:00
dgarske
303561c1a1
Merge pull request #505 from toddouska/timing
...
fix scan-build warning on ecc memory alloc failure
2016-07-27 15:52:01 -07:00
toddouska
a94f34c8e2
fix remaining non fpecc ecc_del_point w/o heap
2016-07-27 14:24:34 -07:00
toddouska
6cd4acbdba
Merge pull request #504 from dgarske/oid_unknown_fix
...
Fix for "OID Check Failed"
2016-07-27 14:16:04 -07:00
toddouska
20c991717f
Merge pull request #503 from JacobBarthelmeh/mysql
...
change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2016-07-27 12:13:47 -07:00
toddouska
7cf0b8fe85
fix scan-build warning on ecc memory alloc failure
2016-07-27 11:20:08 -07:00
David Garske
b0e72dd692
Fix for "OID Check Failed". This restores behavior to what it was prior to commit "7a1acc7". If an OID is not known internally skip the verify and return success and the OID sum.
2016-07-27 10:39:42 -07:00
Jacob Barthelmeh
37b84abe0b
change priority of cipher suite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2016-07-27 09:36:16 -06:00
toddouska
c834216cca
Merge pull request #501 from ejohnstown/key-usage
...
only check server's cert key encipher on client for RSA key exchange
2016-07-26 15:45:38 -07:00
John Safranek
0265b0f4bb
only check server's cert key encipher on client for RSA key exchange
2016-07-26 13:32:54 -07:00
John Safranek
993838153e
Merge pull request #487 from moisesguimaraes/fix-ocspstapling-getca
...
fixes ocsp signer lookup in the cert manager.
2016-07-26 12:42:47 -07:00
John Safranek
edbec4db20
Merge pull request #500 from dgarske/ocsp2_asn_fix
...
Fix for failing OID check with "ocspstapling2" enabled
2016-07-26 12:41:50 -07:00
toddouska
242d26eba2
Merge pull request #488 from cconlon/sig_algo
...
leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined
2016-07-26 11:05:24 -07:00
David Garske
c80f1805f0
Fix for failing OID check with "ocspstapling2" enabled. Found OID type in "ToTraditional" that should be keyType, not sigType. Added optional OID decode function and optional OID info dump in "GetObjectId" (both off by default).
2016-07-26 10:35:40 -07:00
dgarske
5bb250583e
Merge pull request #499 from toddouska/timing
...
add --enable-harden swtich for timing resistance and blinding, on by …
2016-07-26 10:14:20 -07:00
toddouska
fc6a5c0702
fix mcapi w/o harden
2016-07-26 09:06:46 -07:00
toddouska
a274386693
fix user rsa no error codes?
2016-07-25 19:19:46 -07:00
toddouska
51042e166f
fix mcapi with blinding API addition
2016-07-25 15:57:38 -07:00
toddouska
cd5486a4e6
fix user_rsa with blinding API addition
2016-07-25 15:33:28 -07:00
John Safranek
ea683f493a
Merge pull request #498 from kaleb-himes/cert-updates
...
update certs pre-release: NTRU certs expired in mid june
2016-07-25 15:19:34 -07:00
toddouska
16336e37ec
fix blinding with fips
2016-07-25 13:47:53 -07:00
toddouska
88f847de90
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 13:24:36 -07:00
kaleb-himes
4121667586
update certs pre-release: NTRU certs expired in mid june
2016-07-25 13:05:52 -06:00
toddouska
096e3f9b8b
Merge pull request #496 from JacobBarthelmeh/staticmemory
...
add helper functions for choosing static buffer size
2016-07-21 16:17:34 -07:00
Jacob Barthelmeh
e8f7d78fc4
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
toddouska
b81e687bf3
Merge pull request #490 from JacobBarthelmeh/master
...
Static Memory Fixes
2016-07-20 20:27:03 -07:00
toddouska
8f2af608a7
Merge pull request #492 from JacobBarthelmeh/staticmemory
...
set heap hint for ctx
2016-07-20 20:25:38 -07:00
dgarske
e920e6cee0
Merge pull request #495 from toddouska/rng-redef
...
fix WC_RNG redeclare
2016-07-20 19:22:08 -07:00
toddouska
2c92fee59f
fix WC_RNG redeclare
2016-07-20 17:18:58 -07:00
dgarske
b265666174
Merge pull request #491 from toddouska/rsab-fixes
...
fix rsablind other builds
2016-07-20 15:22:19 -07:00
toddouska
81526f8384
move wolfSSL Get RNG out of ifdef in header
2016-07-20 11:35:57 -07:00
toddouska
1b980867d6
fix rsablind other builds
2016-07-20 11:35:57 -07:00
Jacob Barthelmeh
5d8a78be30
set heap hint for ctx
2016-07-20 11:47:36 -06:00
Jacob Barthelmeh
1f5b6d4e66
sanity check on buffer size
2016-07-20 11:44:22 -06:00
Jacob Barthelmeh
01ecc64052
avoid race condition with IO and handshake counter
2016-07-20 11:44:22 -06:00
Jacob Barthelmeh
17207ff61b
account for when FreeHandshakeResources is not called
2016-07-20 11:44:22 -06:00
toddouska
8423ad0e96
Merge pull request #493 from dgarske/ecc_fixes
...
ECC fixes with Shamir disabled
2016-07-20 10:40:14 -07:00
David Garske
e0f2bbd1b4
Added comment about why 0's test is disabled. ECC without Shamir fails with fast or normal math.
2016-07-19 19:12:45 -07:00
David Garske
5e2502fa95
ECC without Shamir has issues testing all zero's digest, so disable this test if not using Shamir method. Fixed comment about "NO_ECC_SECP".
2016-07-19 14:34:32 -07:00
toddouska
7a419ba6d8
Merge pull request #472 from dgarske/ecc_brainpool_koblitz
...
ECC and TLS support for all SECP, Koblitz and Brainpool curves
2016-07-19 11:44:53 -07:00
toddouska
bdbf972d42
Merge pull request #486 from cconlon/openssl-script
...
openssl.test, switch -Verify to -verify to accomodate ADH cipher suites
2016-07-19 11:38:52 -07:00
dgarske
32a2bd3863
Merge pull request #489 from toddouska/rsablind
...
Adds WC_RSA_BLINDING for RSA Private Operations
2016-07-19 09:03:09 -07:00
toddouska
f88f501923
add unique RNG missing error
2016-07-18 18:10:38 -07:00
Moisés Guimarães
e866b55bb7
removes fallback.
2016-07-18 22:02:41 -03:00
toddouska
1c71fb4ad1
scope tmpa/b with blinding, document RSA options
2016-07-18 17:37:03 -07:00
toddouska
c2b55f69fa
fix 32bit mp_add_d need
2016-07-18 12:49:31 -07:00
toddouska
d235a5f0cc
add WC_RSA_BLINDING, wc_RsaSetRNG() for RSA Private Decrypt which doesn't have an RNG
2016-07-18 11:57:47 -07:00
Chris Conlon
d3f7ddc486
leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS is defined
2016-07-15 14:32:24 -06:00
Moisés Guimarães
dd329ac97b
fixes ocsp signer lookup in the cert manager.
2016-07-15 17:12:04 -03:00
Chris Conlon
e75642f011
openssl.test, switch -Verify to -verify to accomodate ADH cipher suites
2016-07-15 13:39:32 -06:00
Chris Conlon
c47f5f404c
Merge pull request #480 from toddouska/noecho
...
don't echo session id on blank ticket if we're going to create a new …
2016-07-15 13:12:27 -06:00
Chris Conlon
b1de4dcbbb
Merge pull request #481 from wolfSSL/fix_anon_cipher
...
Anonymous cipher fix
2016-07-15 13:05:32 -06:00
dgarske
9a6f66a093
Merge pull request #484 from JacobBarthelmeh/master
...
add ARM 64bit type macro
2016-07-15 09:50:39 -07:00
David Garske
aa9b1e964c
Fix for possible seg fault with anonymous cipher mode enabled. Do not perform signature/verify when using anon_cipher.
2016-07-14 15:58:35 -07:00
Jacob Barthelmeh
515bf5e135
add ARM 64bit type macro
2016-07-14 15:29:32 -06:00
toddouska
c7b969b5b4
don't echo session id on blank ticket if we're going to create a new ticket
2016-07-13 18:45:10 -07:00
Chris Conlon
9a9a98ac82
Merge pull request #479 from toddouska/idlen
...
allow bogus client sessoinID of non 32 bytes with session ticket
2016-07-13 14:57:33 -06:00
toddouska
5f21f93c61
allow bogus sessionID when ticket callback rejects ticket
2016-07-13 12:47:59 -06:00
dgarske
c20551cc56
Merge pull request #478 from toddouska/flatten-fix
...
fix rsa flatten eSz check
2016-07-13 08:50:39 -07:00
toddouska
7b76c3ab36
allow bogus client sessoinID of non 32 bytes with session ticket
2016-07-13 09:47:49 -06:00
toddouska
b6aefad568
Merge pull request #477 from JacobBarthelmeh/master
...
remove hard tabs and replace with spaces
2016-07-12 16:31:13 -06:00
toddouska
7a906e47ed
fix rsa flatten eSz check
2016-07-12 16:28:59 -06:00
toddouska
97f60bc831
Merge pull request #476 from dgarske/fix_lpcxpresso
...
Fixes for LPCXpresso eclipse project
2016-07-12 15:23:09 -06:00
Jacob Barthelmeh
92341292c7
remove hard tabs and replace with spaces
2016-07-12 14:12:44 -06:00
David Garske
8a20f7a909
Fix to exclude misc.c by default to eliminate #error about inline.
2016-07-12 13:07:08 -07:00
David Garske
1c9f013c09
Include the .project and .cproject files in distribution. Fix issue with adding wolfssl to existing project, so the <name> is "wolfssl", not "lib_wolfssl".
2016-07-12 13:03:47 -07:00
Kaleb Himes
1b149d3941
Merge pull request #474 from ejohnstown/dtls-ver
...
One last fix of the DTLS version numbers
2016-07-11 12:35:27 -07:00
John Safranek
3dc09ae0fb
one last fix of the DTLS version numbers
2016-07-08 17:20:56 -07:00
dgarske
24ad3f7f3e
Merge pull request #473 from toddouska/ecc-timing-fix
...
Fix ecc timming missing variable. Fix fpecc thread local storage size with clang. Don't include comba includes if FP_SIZE is too small for index.
2016-07-08 15:08:58 -07:00
David Garske
acc5389f9a
Fixed possible issue with OID pointer returned from "wc_ecc_get_oid" if "HAVE_OID_ENCODING" enabled. Was previously returning static pointer, which was shared for all OID's. Now uses cache for each OID, which also improves performance on subsequent calls to the same OID.
2016-07-08 14:22:21 -07:00
David Garske
19db78fc76
Moved the ECC OID's into separate static const array to reduce ecc_sets size. Added "ecc_oid_t" typedef to determine "oid" size based on HAVE_OID_ENCODING option. Reduced the encoded variable size to word16.
2016-07-08 14:15:54 -07:00
toddouska
8da8c87fa4
don't include comba includes if FP_SIZE is too small for index
2016-07-08 12:29:38 -07:00
toddouska
c7318c8576
fix fpecc thread local storage size with clang
2016-07-08 12:01:52 -07:00
toddouska
68d66d12d6
fix ecc timming missing variable
2016-07-08 11:57:24 -07:00
David Garske
7a1acc7e56
Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance.
2016-07-07 10:59:45 -07:00
toddouska
0f25ee703d
Merge pull request #468 from JacobBarthelmeh/master
...
option to use test.h without gettimeofday
2016-07-06 18:48:18 -07:00
Jacob Barthelmeh
5fbab0e6a7
option to use test.h without gettimeofday
...
revert parameter passed to current_time with TIRTOS
2016-07-01 16:57:49 -06:00
toddouska
00cd0a3146
Merge pull request #471 from dgarske/fixdoubleinit
...
Remove double call to "wolfCrypt_Init()" in test.c
2016-06-30 19:32:52 -07:00
toddouska
df87ee810f
Merge pull request #469 from cconlon/bug-fixes
...
update README with CU bug fix note
2016-06-30 19:31:58 -07:00
toddouska
000f1a19e5
Merge pull request #470 from JacobBarthelmeh/Testing
...
sanity checks
2016-06-30 19:30:28 -07:00
David Garske
dcdc28e014
Remove double call to "wolfCrypt_Init()" in test.c. Appears to have been added in static memory merge on 6/10.
2016-06-30 16:51:13 -07:00
Jacob Barthelmeh
8bba628f3f
sanity check in function GetInputData and when shrinking buffer
2016-06-30 13:42:38 -06:00
toddouska
f194c216c0
Merge pull request #466 from JacobBarthelmeh/mutex
...
free ctx in case of InitMutex fail
2016-06-30 12:05:06 -07:00
Jacob Barthelmeh
cf522314ce
sanity checks
2016-06-30 11:41:22 -06:00
Chris Conlon
a2bd4719ee
update README with CU bug fix note
2016-06-29 16:54:25 -06:00
Jacob Barthelmeh
3f36a914da
remove cast from enum to int
2016-06-29 14:28:36 -06:00
toddouska
c17830e5c7
Merge pull request #467 from dgarske/stdlib_macro_cleanup
...
Cleanup of stdlib function calls
2016-06-29 12:14:09 -07:00
David Garske
5b3a72d482
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
toddouska
eb072e0344
Merge pull request #463 from JacobBarthelmeh/master
...
update mysql port
2016-06-28 14:56:57 -07:00
toddouska
981cf9cbcb
Merge pull request #462 from cconlon/bug-fixes
...
PemToDer Bug Fixes
2016-06-28 09:58:18 -07:00
Jacob Barthelmeh
0589fe0d39
free ctx in case of InitMutex fail
2016-06-28 09:29:28 -06:00
dgarske
7da797dd4c
Merge pull request #464 from wolfSSL/revert-461-bio
...
Revert "Bio"
2016-06-27 14:50:50 -07:00
Jacob Barthelmeh
f18ff8bfa4
update mysql patch
2016-06-27 15:44:52 -06:00
toddouska
ac6635593b
Revert "Bio"
2016-06-27 10:53:34 -07:00
Chris Conlon
9c7bea46d2
fix out of bounds read in PemToDer with 0 size der buffer, CU #4
2016-06-27 10:53:19 -06:00
Chris Conlon
92e501c8e4
fix possible out of bound read in PemToDer header, CU #3
2016-06-27 10:53:19 -06:00
Chris Conlon
2951e167b5
check return code of PemToDer in wolfSSL_CertManagerVerifyBuffer, CU #2
2016-06-27 10:23:22 -06:00
Chris Conlon
8fac3fffea
fix possible out of bounds read in PemToDer, CU #1
2016-06-27 10:23:22 -06:00
toddouska
3a18b057d7
Merge pull request #460 from dgarske/DerBufMemcpyCleanup
...
Cleanup of DerBuffer duplication
2016-06-24 14:51:30 -07:00
toddouska
fbef3c2523
Merge pull request #461 from JacobBarthelmeh/bio
...
Bio
2016-06-24 14:50:52 -07:00
Jacob Barthelmeh
49934a5c91
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-24 14:22:14 -06:00
Ludovic FLAMENT
d0e832bda9
change file name from compat-wolfssl to compat-wolfcrypt
2016-06-24 19:10:39 +02:00
Ludovic FLAMENT
033f308a08
change file name from compat-wolfssl to compat-wolfcrypt
2016-06-24 19:00:39 +02:00
Kaleb Himes
19da114c0c
Merge pull request #454 from ejohnstown/dtls-version
...
DTLS Hello Verify Request Version Number
2016-06-24 08:44:55 -07:00
Ludovic FLAMENT
4215182945
fix macro error
2016-06-24 13:27:49 +02:00
Ludovic FLAMENT
0c43123a01
Fix BIO based on review
2016-06-24 10:54:58 +02:00
JacobBarthelmeh
379af941a8
Merge pull request #459 from ejohnstown/aes-cmac-fixes
...
AES-CMAC Fixes
2016-06-23 22:10:26 -06:00
David Garske
b0f7d819bd
Cleanup of DerBuffer duplication that was using memcpy still after refractor and should be direct pointer copy.
2016-06-23 18:14:22 -07:00
John Safranek
ffb537c33f
removed dependency on AES-NI for the AES-direct test
2016-06-23 15:34:09 -06:00
John Safranek
0d031fcbd7
added parameter checking to Generate and Verify
2016-06-23 15:34:09 -06:00
toddouska
746ae2f4e5
Merge pull request #458 from JacobBarthelmeh/master
...
fix secure renegotiation build
2016-06-23 13:34:39 -07:00
Jacob Barthelmeh
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
toddouska
02ef518a75
Merge pull request #456 from dgarske/FixEccCompKey
...
Fixes for ECC compressed keys
2016-06-22 14:47:42 -07:00
Jacob Barthelmeh
f6bbe845f5
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-22 09:14:53 -06:00
David Garske
47c1f4e68f
Fix possible use of ForceZero with NULL pointer. Improve init of "kb" when small stack disabled, so memset isn't performed twice.
2016-06-22 07:22:30 -07:00
David Garske
69db94d668
Fix build error for un-initialized "kb" variable when built with fixed point cache and small stack enabled.
2016-06-22 07:06:07 -07:00
David Garske
d294dc363e
Fix scan-build warning with "redundant redeclaration of 'fp_isprime'". Changed "fp_isprime" and "fp_isprime_ex" to local static only. Also made "fp_gcd", "fp_lcm", and "fp_randprime" static functions.
2016-06-21 19:35:25 -07:00
David Garske
1db880b6bf
Fixed issue with compressed keys and custom curves. The inLen adjustment for compressed curves was only be done for built-in curves.
2016-06-21 15:55:17 -07:00
David Garske
dd52af0872
ECC cleanup / fixes. Improvements to ECC with fast math enabled to avoid mp_clear on stack variables. Refactor of ECC failure cleanup (fixes possible mem leaks with small stack enabled). Refactor of "fp_is*" response checks to use FP_YES or FP_NO. Pulled libtom enhancement/cleanup of fp_isprime. Fix for compressed keys import with custom curves (still having some issues though).
2016-06-21 15:27:51 -07:00
David Garske
aa1a405dd1
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-21 14:06:02 -07:00
dgarske
5fa80a2667
Merge pull request #455 from toddouska/version
...
bump dev version
2016-06-20 22:07:18 -07:00
toddouska
f4473edfb1
bump dev version
2016-06-20 16:20:18 -07:00
toddouska
335865a5b2
Merge pull request #447 from ejohnstown/dtls-retx
...
DTLS Retransmit Fix
2016-06-20 15:46:55 -07:00
toddouska
79e2af8c15
Merge pull request #445 from ejohnstown/dtls-alert
...
DTLS bad MAC alert
2016-06-20 15:36:18 -07:00
toddouska
a859cf189d
Merge pull request #443 from ejohnstown/new-ccm-suite
...
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
John Safranek
6d520e0da9
hello verify request handshake version number to match server hello version number
2016-06-20 11:08:45 -06:00
toddouska
de4448c59b
Merge pull request #452 from dgarske/fixeccscanbuildwarning
...
Fixes scan-build warning in ecc.c line 2208
2016-06-20 09:09:21 -07:00
David Garske
3789d9913c
Fixes scan-build warning "wolfcrypt/src/ecc.c:2208:6: warning: Use of memory after it is freed". This is due to a rebase issue with static memory changes after the new ECC custom curves changes. The precomp[] is init to NULL at top so cleanup can always be done at end (shouldn't be done in middle).
2016-06-18 22:35:52 -07:00
toddouska
9173ecdc04
Merge pull request #450 from dgarske/NidFix
...
Fix for NID names on NIST prime 192 and 256 curves
2016-06-18 16:14:04 -07:00
David Garske
eb1d8d5df6
Fix for NID names on NIST prime 192 and 256 curves. Cleanup of the memcpy/memset in .i files to use portable names.
2016-06-17 15:59:25 -07:00
Jacob Barthelmeh
ffee1eafd9
add test_bio.txt to .getignore
2016-06-17 16:20:54 -06:00
JacobBarthelmeh
b8e00a3448
Merge pull request #449 from moisesguimaraes/fix-ocsp-stapling-tests
...
fixes ocsp stapling tests ignoring CRL
2016-06-17 15:16:39 -06:00
Jacob Barthelmeh
ea71814518
Merge https://github.com/wolfSSL/wolfssl
2016-06-17 13:58:53 -06:00
toddouska
e8c4950a83
Merge pull request #446 from cconlon/cleanup
...
Remove unimplemented function prototypes
2016-06-17 12:57:55 -07:00
toddouska
4fc07a2e9e
Merge pull request #415 from dgarske/customcurve-mathupdate
...
Support for custom ECC curves and math lib updates
2016-06-17 12:56:52 -07:00
Moisés Guimarães
db7aab5e37
fixes ocsp stapling tests ignoring CRL
2016-06-17 08:19:57 -03:00
JacobBarthelmeh
16b85cee8f
Merge pull request #448 from cconlon/winfix
...
Fix windows example echoserver
2016-06-16 18:18:32 -06:00
Chris Conlon
a7c7407406
fix windows example echoserver
2016-06-16 16:39:18 -06:00
David Garske
6da166d83b
Enhancement / cleanup of the "wc_ecc_make_key_ex" API so it can be used with "keysize" or "dp" and allows compatibility with existing "wc_ecc_make_key". Note: "wc_ecc_make_key_ex" was not previously public, so changing it at this point is okay.
2016-06-16 10:38:15 -07:00
David Garske
d55663eaee
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 10:09:41 -07:00
David Garske
69b6ac504f
Fixes for ecc heap errors after rebase.
2016-06-16 06:46:22 -07:00
John Safranek
8f3c56c03f
Fix where the last flight was getting retransmit on timeout notification.
2016-06-15 18:44:25 -07:00
Chris Conlon
31908b7263
remove unused protos for wc_Sha384Free and wc_Sha512Free, not impmlemented by ti-hash.c
2016-06-15 11:34:29 -06:00
Chris Conlon
3fec69d3f8
remove unused proto for wc_SetCertificatePolicies
2016-06-15 10:50:41 -06:00
David Garske
237193fdee
Fixed scan-build warning about "len" being used un-initialized in ecc_mul2add. Cleanup of the "mu" variable handling.
2016-06-15 08:41:51 -07:00
David Garske
7c5483ba0b
Performance improvements in fp_mulmod, fp_submod and fp_submod to handle ALT_ECC_SIZE better. Revert fp_clear to fp_add_d, since it isn't required and slows it down.
2016-06-15 08:41:51 -07:00
David Garske
5703e5eadb
ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size.
2016-06-15 08:41:51 -07:00
David Garske
bb17bac018
Updated the naming for the ECC curve sets. Additional comments for each curve parameter.
2016-06-14 16:56:22 -07:00
David Garske
87c00eb3f3
Math updates from libtom. Fixes in mp_read_radix for to include char 36 and clear the destination before checks. Fix to clear tmp value on fp_sub_d and fp_add_d. Fixes in assembly for x86-32 INNERMUL, PPC32 INNERMUL and PROPCARRY and x86-64 SQRADD. Added mp_isneg. Refactor of mp_iszero, mp_iseven, mp_isodd and mp_isneg to check using MP_YES or MP_NO. Changed fp_read_unsigned_bin "b" arg to const. Removal of the "register" on stack variables to let compiler determine best optimization.
2016-06-14 16:56:22 -07:00
dgarske
7a3cb23af9
Merge pull request #444 from JacobBarthelmeh/master
...
prepare for version 3.9.6
2016-06-14 15:51:01 -07:00
John Safranek
35f43f9216
In DTLS, if a mac or decrypt error is detected, just drop the datagram and don't send an alert
2016-06-14 14:36:08 -07:00
Jacob Barthelmeh
03de8e3464
prepare for version 3.9.6
2016-06-14 14:35:12 -06:00
John Safranek
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
dgarske
2752f3f9c9
Merge pull request #442 from toddouska/mcapi-aes
...
fix mcapi aes size with heap
2016-06-11 12:52:59 -07:00
toddouska
02985b16ac
fix mcapi aes size with heap
2016-06-11 09:29:20 -07:00
toddouska
a156cedabc
Merge pull request #435 from JacobBarthelmeh/staticmemory
...
Staticmemory
2016-06-10 17:03:49 -07:00
Jacob Barthelmeh
707714dd38
threaded fixes with static memory
2016-06-10 15:35:02 -06:00
Jacob Barthelmeh
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
Chris Conlon
cbefaef6bc
Merge pull request #440 from toddouska/output-size
...
Output size
2016-06-10 11:33:31 -06:00
Jacob Barthelmeh
2bda6c6449
16 byte aligned static memory
2016-06-10 11:15:54 -06:00
Chris Conlon
620ea41191
Merge pull request #439 from kaleb-himes/update-cert-buffers
...
update certificate buffers per github issue #422
2016-06-10 10:08:25 -06:00
toddouska
dede05db9e
Merge pull request #441 from dgarske/time_base64enc
...
Public "wc_GetTime" API and "configure --enable-base64encode"
2016-06-10 08:47:08 -07:00
Jacob Barthelmeh
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
David Garske
b3068ffef5
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-09 16:26:39 -07:00
toddouska
6551c9fcab
add getter for max output size
2016-06-09 14:51:07 -07:00
kaleb-himes
76d960c4c0
update certificate buffers per github issue #422
2016-06-09 13:47:33 -06:00
Jacob Barthelmeh
7943f68f2a
run allocation tool on ocsp and check for mallocs
2016-06-09 12:03:28 -06:00
dgarske
367b519407
Merge pull request #424 from kojo1/MDK5
...
updated MDK5 projects
2016-06-09 10:47:04 -07:00
Jacob Barthelmeh
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
664d2190ba
session ticket extension fix with static memory heap hint
2016-06-08 10:50:20 -06:00
toddouska
a2d7ba0dd9
add output size getter
2016-06-08 09:32:34 -07:00
Jacob Barthelmeh
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
toddouska
c48db891d1
Merge pull request #433 from ejohnstown/aes-cmac
...
Aes cmac
2016-06-07 16:48:46 -07:00
dgarske
c1c1990247
Merge pull request #437 from tisb-vikram/master
...
Enable ECC features for TI devices
2016-06-07 16:00:20 -07:00
Vikram Adiga
57675dc51d
add ALT_ECC_SIZE for TI build to reduce memory usage
2016-06-07 14:05:35 -07:00
Jacob Barthelmeh
738373038b
clean up staticmemory with crl
2016-06-06 17:50:54 -06:00
Jacob Barthelmeh
e1edadafe1
ocsp with static memory, remove unused function
2016-06-06 16:19:33 -06:00
toddouska
9f7e8a6f4b
Merge pull request #436 from JacobBarthelmeh/master
...
fix index to check for sperator value
2016-06-06 14:52:20 -07:00
Vikram Adiga
4ba77a7059
add HAVE_SUPPORTED_CURVES to TI-RTOS wolfSSL configuration
2016-06-06 13:50:14 -07:00
Jacob Barthelmeh
db90594909
adjust pointer cast, ssl rng with fips and unused param
2016-06-06 14:32:49 -06:00
Jacob Barthelmeh
e085be9485
fix index to check for sperator value
2016-06-06 10:34:35 -06:00
dgarske
a25df5b78e
Merge pull request #434 from toddouska/crlbuffer
...
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-06 09:01:25 -07:00
toddouska
38d5480256
Merge pull request #432 from JacobBarthelmeh/DTLS-MultiCore
...
import / export of peer connection information
2016-06-06 08:51:24 -07:00
Jacob Barthelmeh
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
Jacob Barthelmeh
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
toddouska
3f205d19f4
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-03 15:13:16 -07:00
John Safranek
d05754f9db
Merge pull request #404 from moisesguimaraes/wolfcrypt-py
...
wolfcrypt Python wrapper
2016-06-03 08:24:12 -07:00
Moisés Guimarães
7f71c526f6
adds python3 support
2016-06-03 10:37:41 -03:00
Moisés Guimarães
6736ffe10e
adds links to wolfssl.com
2016-06-02 22:08:57 -03:00
Moisés Guimarães
a76291c2e2
adds tox instructions
2016-06-02 21:38:34 -03:00
Jacob Barthelmeh
046b987324
callbacks for setting and getting peer ip/port/family
2016-06-02 09:23:12 -06:00
Kaleb Himes
5be916e336
Merge pull request #403 from ejohnstown/dtls-fix
...
when dropping a DTLS message, drop the whole datagram
2016-05-30 17:26:25 -06:00
Jacob Barthelmeh
73328ac4bc
import / export of peer connection information
2016-05-26 16:26:08 -06:00
toddouska
a4fa4d5253
Merge pull request #431 from JacobBarthelmeh/master
...
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-26 14:46:58 -07:00
dgarske
806a0bbaa7
Merge pull request #430 from toddouska/sesstick_type_typo
...
fix dynamic type session ticket typos
2016-05-26 11:35:46 -07:00
John Safranek
61801e06df
add benchmark for AES-CMAC
2016-05-25 16:12:19 -07:00
John Safranek
1b9b7f52c9
1. Reformat a couple of #ifdefs around if(dtls) checks.
...
2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case.
3. DtlsCheckWindow only allows current epoch and last epoch.
4. ProcessReply only retransmits flight on a CCS out of sequence when
still retaining the handshake data.
2016-05-25 15:44:06 -07:00
Jacob Barthelmeh
5e1f06ce52
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-25 10:57:00 -06:00
toddouska
669cdfc357
fix dynamic type session ticket typos
2016-05-25 09:47:54 -07:00
John Safranek
ae093ded8f
add standalone AES-CMAC generate and verify functions
2016-05-25 09:22:39 -07:00
Ludovic FLAMENT
5d67bb881e
fix memory leaks
2016-05-25 17:44:31 +02:00
Ludovic FLAMENT
bb754bb46a
Fix Win32 warnings
2016-05-25 13:49:06 +02:00
John Safranek
9bf4598772
use constant for Cmac type
2016-05-24 16:46:04 -07:00
John Safranek
dbfd5dffaf
added parameter checks
2016-05-24 11:21:06 -07:00
John Safranek
b3d068dc40
Merge pull request #418 from toddouska/dyntickets
...
Dyntickets
2016-05-24 11:00:14 -07:00
Ludovic FLAMENT
1d675ed1e6
Fix va_copy error for Win32 build and AES-NI segfault
2016-05-24 18:17:26 +02:00
John Safranek
c0cbc97b06
add AES-CMAC
2016-05-23 17:50:36 -07:00
Moisés Guimarães
07ce928bf3
adds installation testing with vagrant
2016-05-23 21:10:44 -03:00
Moisés Guimarães
04d5ca41df
adds --enable-Sha512 to make sure it is always present
2016-05-23 20:33:11 -03:00
toddouska
9ab5ec4a36
Merge pull request #428 from dgarske/eccmathfixes
...
Fixed bug with "ecc_projective_add_point"
2016-05-23 11:46:54 -07:00
toddouska
61f0af5cf3
Merge pull request #429 from dgarske/wolfcryptinit
...
Added missing wolfCrypt_Init() to wolfCrypt test application
2016-05-23 09:23:42 -07:00
Ludovic FLAMENT
ab1d6c91bf
fix errors (win32, met leak)
2016-05-23 13:46:26 +02:00
Ludovic FLAMENT
99b5aa587f
Fix errors (jenkins)
2016-05-23 11:11:57 +02:00
David Garske
5eb7768d00
Added missing wolfCrypt_Init() to wolfCrypt tests.
2016-05-22 18:18:06 -07:00
David Garske
15cd06b7ca
Fixed bug with "ecc_projective_add_point" that was not protecting the case where Q == R and using the R variable directly for the result. Now if Q == R then swap P and Q and using a local x,y,z, is only required when used with ALT_ECC_SIZE.
2016-05-22 17:31:36 -07:00
John Safranek
7c93912f1d
reject messages that are too far from the future
2016-05-22 16:10:47 -07:00
JacobBarthelmeh
eb6153f028
Merge pull request #425 from shihrer/master
...
Fixed scripts/benchmark.test, replaced == with -eq
2016-05-20 14:49:43 -06:00
JacobBarthelmeh
f369f8a434
Merge pull request #426 from jrblixt/master
...
Changes to date
2016-05-20 14:48:04 -06:00
Ludovic FLAMENT
ed4f67058a
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2016-05-20 21:51:13 +02:00
John Blixt
f1860d6263
Changes to date
2016-05-20 09:48:03 -06:00
Michael Shihrer
fa94f5ffe9
Replaced == with -eq to fix benchmark.test scripting error
2016-05-20 09:43:30 -06:00
Moisés Guimarães
fcc0eb7a6a
fixes install instructions
2016-05-20 03:55:57 -03:00
Takashi Kojo
217ccd8b6a
updated MDK5 projects for 3.9.0. Eliminated files for older versions
2016-05-20 13:32:23 +09:00
toddouska
504081e602
Merge pull request #421 from ejohnstown/limit-country-code
...
Limit Country Name size
2016-05-19 16:05:15 -07:00
toddouska
1bb5c48080
Merge pull request #423 from dgarske/bench-ecc-encrypt-decrypt
...
Added a benchmark for ECC encrypt/decrypt
2016-05-19 14:47:03 -07:00
David Garske
c1507957c4
Added a benchmark for ECC encrypt/decrypt when enabled via "HAVE_ECC_ENCRYPT" or "--enable-eccencrypt --enable-hkdf".
2016-05-19 11:42:00 -07:00
John Safranek
bae0fe9b63
MakeCertReq() was not checking return codes correctly for the SetFoo()
...
functions.
2016-05-18 15:14:23 -07:00
John Safranek
5c8daa0ac6
1. SetName() should return error if country code isn't 2 bytes.
...
2. MakeCert() was not checking return codes correctly for the SetFoo()
functions.
3. Added error code for invalid country code length.
2016-05-18 15:04:40 -07:00
John Safranek
03e6f7cca3
RFC 5280 Appendix A.1 states that the Country Name in a certificate
...
shall have a size of 2 octets. Restrict country name length to 2 or 0.
2016-05-18 10:39:18 -07:00
toddouska
b8c0802e3c
Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore
...
Dtls multi core
2016-05-17 17:39:18 -07:00
Moisés Guimarães
47a1dd8cc4
fixes install steps
2016-05-17 14:15:17 -03:00
Ludovic FLAMENT
9fe6ca3130
remove XSNPRINTF
...
add a full BIO client/server test
2016-05-17 17:49:30 +02:00
Jacob Barthelmeh
1b278edfd0
fix unused functions, make WOLFSSL first parameter, add comments
2016-05-16 23:48:26 -06:00
Moisés Guimarães
a000ee4db3
remove empty dirs
2016-05-16 22:17:09 -03:00
Moisés Guimarães
dc080694b4
reorder installation steps
2016-05-16 21:55:31 -03:00
Moisés Guimarães
2851f7d6a1
remove unnecessary dependency
2016-05-16 20:37:42 -03:00
Moisés Guimarães
2a0adc74a0
fixes wrapper path
2016-05-16 20:13:26 -03:00
Moisés Guimarães
347d80e879
removes folders from include.am
2016-05-16 15:49:32 -03:00
Moisés Guimarães
40cf30a13d
adds .gitignore to include.am
2016-05-16 15:31:51 -03:00
Ludovic FLAMENT
4017e0f8dd
fix BIO issues :
...
- remove unrequited tests
- fix compilations for lighty, stunned, openssh
- wc_BioGetAcceptSocket IPv4 / IPv6 support
- remove <stdio.h> from bio.h
- add NO_STDIO_FILESYSTEM for BIO_printf
- memset -> XMEMSET
- strlen -> XSTRLEN
2016-05-15 20:22:19 +02:00
Moisés Guimarães
d76d74d6c5
updates Linux deps on README
2016-05-15 15:08:16 -03:00
Jacob Barthelmeh
c8576566cc
add public wolfSSL_dtls_export and api tests
2016-05-14 12:49:09 -06:00
toddouska
185e60ad19
based on pr#316; turns isDynamic ticket off on some failure cases, move an XFREE out of a Lock that isn't required
2016-05-13 14:11:46 -07:00
toddouska
1ea01a7ad8
Merge branch 'master' of https://github.com/NickolasLapp/wolfssl into dyntickets
2016-05-13 09:07:55 -07:00
Jacob Barthelmeh
3897f78073
truncated hmac export and sanity checks
2016-05-13 09:11:38 -06:00
toddouska
67ab30088b
Merge pull request #416 from dgarske/mathmemleakfix
...
Fix mem leak with fast math disabled due to recent ecc_projective_add_point changes
2016-05-12 15:23:19 -07:00
David Garske
2ad9d41641
Performance improvement for fast math mp_clear to use fp_zero (memset) instead of fp_clear(ForceZero). Added new mp_forcezero function for clearing/free'ing sensitive private key data. Changed ECC and RSA to use mp_forcezero to explicitly handle private key clearing.
2016-05-12 11:50:34 -07:00
Jacob Barthelmeh
8d66ba2923
refactor export/import of cipher specs struct
2016-05-12 10:06:15 -06:00
Jacob Barthelmeh
fbf39a761a
refactor export/import of key struct
2016-05-12 09:23:38 -06:00
Jacob Barthelmeh
f9ce2f2677
verify cipher suite is valid on import
2016-05-12 09:09:07 -06:00
John Safranek
39833768cf
Merge pull request #417 from toddouska/stdio
...
make sure stdio.h can be swtiched off if not available
2016-05-11 14:55:05 -07:00
toddouska
cc16a543dd
make sure stdio.h can be swtiched off if not available
2016-05-11 10:11:25 -07:00
David Garske
440956f8d4
Fixed new issue with ecc_projective_add_point not free'ing the local x, y, z if fast math was disabled. Formatting cleanup in integer.c.
2016-05-11 08:47:30 -07:00
toddouska
3bff6f10e3
Merge pull request #411 from dgarske/mathfixes
...
Math fixes
2016-05-10 14:45:20 -07:00
Jacob Barthelmeh
8c45cb1938
add DTLS session export option
2016-05-10 13:27:45 -06:00
David Garske
2fb4506922
iFixes to FP_MAX_BITS_ECC calculation. Alignment check against digit_bits is based on max ecc bits times two. If alignment check fails we add a digit_bit to make sure we have enough room.
2016-05-10 12:20:39 -07:00
Moisés Guimarães
9659505260
updates python docs
2016-05-09 18:46:01 -03:00
David Garske
d71d0f2cb4
Fix with fast math disabled so ecc_projective_add_point uses temp local variable for x,y,z result.
2016-05-09 13:29:25 -07:00
Moisés Guimarães
412141198e
drops 'import about' requirement
2016-05-09 15:25:18 -03:00
David Garske
8f6352725a
Fixed math for FP_MAX_BITS_ECC calculations. Error in alignment check. Altered non-aligned formula to be (max bits * 2) + digit, then 8-bit aligned. Cleanup of the example user_settings.h.
2016-05-09 10:34:37 -07:00
David Garske
8c9b8a596a
Fixed calculation of max ECC bits with ALT_ECC_SIZE defined so it only allocates what is required. For 8-bit aligned curve sizes its double the max bits. For un-aligned curves sized, like ECC521, its 521 8-bit aligned, doubled, plus digit bit.
2016-05-09 09:51:11 -07:00
David Garske
44b1f98b39
Fixed issue with ALT_ECC_SIZE and default value for FP_MAX_BITS_ECC so its based on max enabled ECC curve bits.
2016-05-09 09:51:11 -07:00
David Garske
880b2e454b
Refactor of the ecc_projective_add_point and ecc_projective_dbl_point functions to eliminate duplicate versions. Modified new single functions to work with normal, fast and alt_ecc_size math options. Careful use of mp_clear to retain original performance.
2016-05-09 09:51:11 -07:00
David Garske
fe58db2a07
Fixed typo with new "eccshamir" configure option.
2016-05-09 09:51:11 -07:00
David Garske
1b602d783c
Fast math correction of "sizeof" to use (). Updates to tfm and ecc comments.
2016-05-09 09:51:11 -07:00
David Garske
5cbc4bdf29
Added new "WOLFSSL_DEBUG_MATH", which enables use of "mp_dump" to display information about an mp_int.
2016-05-09 09:51:11 -07:00
David Garske
a4782fcf01
Fix in fast math version of ecc_projective_dbl_point to use a local for x,y,z since ecc_point fp_int's are reduced size and cause math issues with ALT_ECC_SIZE enabled. Added local stack variable cleanups for ecc_projective_add_point.
2016-05-09 09:51:11 -07:00
David Garske
0ddbe0e60e
Enhancement to RSA math function "_fp_exptmod" (non timing resistant version) to support WOLFSSL_SMALL_STACK, which moves the allocation of the 64 fp_int's from the stack to the heap.
2016-05-09 09:51:11 -07:00
David Garske
fa5dd01001
Fixes/improvements to the wolfCrypt ECC tests. Fixed bug with sharedA/sharedB being too small when BENCH_EMBEDDED is used and curve size over 256 bit. Added error message for ECC test failures, to show the curve size used. Fix to wc_ecc_verify_hash test to use digest that is not all zeros as that doesn't work correctly for non-Shamir ECC math. Changed return code for wc_ecc_check_check so its unique.
2016-05-09 09:51:11 -07:00
David Garske
a5d27853fa
Fixes to fp_mul and fp_div to clear any excess digits on the destination. Added compile-time check to confirm FP_SIZE is compatible with TFM_ acceleration defines enabled. Updated comments in other places where excess digits are cleared.
2016-05-09 09:51:11 -07:00
David Garske
7c3fbd7644
Fix for fp_copy() when used with ALT_ECC_SIZE so any excess digits on the destination that we didn't write to are set to zero.
2016-05-09 09:51:11 -07:00
David Garske
9001036e09
Fixes memory leak in the wc_RsaFunction if failure happens when using normal math (not fast math) and RSA_LOW_MEM is not defined.
2016-05-09 09:51:11 -07:00
David Garske
9f0fa7500f
Added configure "--disable-eccshamir" option.
2016-05-09 09:51:11 -07:00
Ludovic FLAMENT
f438e7ac65
Fix for Fedora 32/64
2016-05-09 08:13:17 +02:00
Ludovic FLAMENT
03b571cde4
fix some bugs, add Windows support
2016-05-07 21:12:08 +02:00
Nickolas Lapp
ecba5161ac
default copyInto static instead of dynamic
2016-05-06 13:15:21 -06:00
toddouska
1c664ae710
Merge pull request #412 from cconlon/netRandom
...
add support for Whitewood netRandom
2016-05-06 07:31:18 -07:00
Chris Conlon
3449990374
add example netRandom config file
2016-05-05 15:34:52 -06:00
Chris Conlon
8f3e1165a1
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
toddouska
ee21d33794
Merge pull request #407 from wolfSSL/embOS-port
...
embOS port
2016-05-05 13:27:27 -07:00
kaleb-himes
4df12e1bd5
Add note for users about embOS directory
2016-05-05 12:29:20 -06:00
toddouska
e5f1ad5702
Merge pull request #410 from kaleb-himes/master
...
update version to 3.9.1
2016-05-05 10:59:05 -07:00
Chris Conlon
6b8c6cebc7
Merge pull request #409 from dgarske/rowleyfixes
...
Rowley Crossworks updates/fixes
2016-05-05 11:49:46 -06:00
David Garske
726703e903
Added details on RTC oscillator startup delay and implemented a delay_us function. Added information about NO_INLINE and USE_SLOW_SHOW to example user_settings.h. Moved the USE_SLOW_SHA2 into the SHA512 area.
2016-05-05 09:43:11 -07:00
Moisés Guimarães
b0c23ceafa
fixes about
2016-05-05 12:48:47 -03:00
Ludovic FLAMENT
5d1de3bb33
One file for all BIO functions in wolfcrypt
...
move required functions from wolfssl to wolfcrypt
add client/server tests for BIO
2016-05-05 12:58:21 +02:00
David Garske
5ee0659e1b
Rowley Crossworks updates/fixes. Fixed issue with the RTC init for scenario where TIF is set. Added support for HW RNG only by providing reference custom_rand_generate_block. Updated kinetis_hw.c comments about serial ports on boards. Updated the stack/heap settings. Updated the user_settings.h with a well documented and configurable reference.
2016-05-04 23:11:08 -07:00
Moisés Guimarães
9e9fd24d68
updates metadata; drops py26 tests
2016-05-04 21:38:27 -03:00
kaleb-himes
ca2f0af2e4
Make suggested changes from first review
...
Add changes to the example user settings noted by david
missed .dep files, exclude these as well
.dep files are necessary
rebase
2016-05-04 17:28:19 -06:00
kaleb-himes
3e19316f8a
update version to 3.9.1
2016-05-04 16:45:51 -06:00
toddouska
f9f9546d0e
Merge pull request #408 from cconlon/header-fix
...
fix aes_asm.asm header format
2016-05-04 14:38:23 -07:00
toddouska
84651e97d3
Merge pull request #405 from dgarske/memtrackdebug
...
Memory tracking cleanup and new debug memory option
2016-05-04 14:01:37 -07:00
kaleb-himes
41d19b49ae
Remove WOLFSSL_TRACK_MEMORY
2016-05-04 14:09:45 -06:00
kaleb-himes
6e26cac686
Reworking directories and simplify README
2016-05-04 13:03:05 -07:00
David Garske
822d71431e
Moved mem_track.h into wolfssl/wolfcrypt. Added new WOLFSSL_DEBUG_MEMORY option. Added documentation for using mem_track and new debug memory option.
2016-05-04 10:04:38 -07:00
toddouska
ab53d732ce
Merge pull request #398 from JacobBarthelmeh/master
...
update to MYSQL compatibility
2016-05-04 09:10:39 -07:00
toddouska
1b5ed7fb09
Merge pull request #406 from cconlon/starttls
...
fix type comparison on 32bit for starttls
2016-05-04 09:06:46 -07:00
kaleb-himes
8176c74b3e
Merge branch 'embOS-port' of https://github.com/wolfssl/wolfssl into embOS-port
2016-05-04 08:57:06 -07:00
Jacob Barthelmeh
197672d4fc
define KEEP_OUR_CERT to set keeping ssl certificate
2016-05-04 09:05:11 -06:00
Chris Conlon
d91ec3ce77
fix aes_asm.asm header format
2016-05-04 09:02:50 -06:00
kaleb-himes
d184f8b1aa
wolfSSL embOS port Initialize
...
self-review complete
Removed autogenerated files
2016-05-03 17:09:55 -06:00
Chris Conlon
4b16600011
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
Jacob Barthelmeh
b2325aad6d
option to keepCert for ssl lifetime, refactor of ourCert process
2016-05-03 09:22:16 -06:00
Jacob Barthelmeh
d1ab51e10f
maintain lighttpd port
2016-05-03 09:22:16 -06:00
Jacob Barthelmeh
05e56b75f6
scan-build, valgrind issues and fix issue with ExtractDate, struct tm
2016-05-03 09:22:16 -06:00
Jacob Barthelmeh
38bbd41f99
add EDH-RSA-AES256-SHA, used in one mysql test
2016-05-03 09:22:16 -06:00
Jacob Barthelmeh
bd4e8ac714
cipher name string format
2016-05-03 09:22:15 -06:00
Jacob Barthelmeh
6613ebb642
persistant X509 struct with ssl session
2016-05-03 09:22:15 -06:00
Jacob Barthelmeh
f88d82375e
add function wolfSSL_ASN1_TIME_to_string
2016-05-03 09:22:15 -06:00
Jacob Barthelmeh
f19541ffe5
update to MYSQL compatibility
2016-05-03 09:22:15 -06:00
Moisés Guimarães
3181731404
adds docs
2016-05-03 00:49:56 -03:00
John Safranek
f9ab61db5d
Merge pull request #402 from cconlon/starttls
...
use send/recv instead of write/read with STARTTLS
2016-05-02 17:19:50 -07:00
John Safranek
ddcf47eadd
when dropping a DTLS message, drop the whole datagram
2016-05-02 15:18:08 -07:00
Chris Conlon
a94383037c
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 14:36:59 -06:00
toddouska
52d6fb575b
Merge pull request #395 from cconlon/starttls
...
add STARTTLS support to example client
2016-04-29 14:24:08 -07:00
Moisés Guimarães
69ac477976
updates docs template
2016-04-29 16:25:53 -03:00
Moisés Guimarães
1efd1343ee
initial docs
2016-04-29 16:13:38 -03:00
dgarske
89f15f9393
Merge pull request #400 from ejohnstown/dtls-sanity-check
...
Fixes DTLS sanity check and bug with DTLS timeout notification deleting the peer's received msg list.
2016-04-29 11:55:40 -07:00
Nickolas Lapp
00737d1e82
Ensure that tmpBuff gets assigned null after free.
2016-04-29 09:45:44 -06:00
Ludovic FLAMENT
1bd65cc8a9
First version for OpenSSL BIO compatibility
2016-04-29 16:34:11 +02:00
John Safranek
0a1212924e
Merge pull request #401 from cconlon/warning-fixes
...
fix visual studio code analysis warnings
2016-04-28 16:45:08 -07:00
Chris Conlon
46addfb130
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
Chris Conlon
78e62eddd7
fix visual studio code analysis warnings
2016-04-28 13:08:50 -06:00
John Safranek
2f05c96004
added braces to else clause for compiler warning differences
2016-04-28 11:33:29 -07:00
John Safranek
e0c7739fd6
fix bug with non-blocking DTLS where the stored peer messages were deleted after a timeout
2016-04-28 10:50:51 -07:00
John Safranek
0511c8cac8
delay check of DTLS handshake message's RH version until the handshake header check
2016-04-28 10:50:51 -07:00
John Safranek
7123b080ed
fix issue with missing client key exchange and duplicate change cipher spec messages.
2016-04-28 10:50:51 -07:00
Moisés Guimarães
66d41eee36
updates python README
2016-04-28 13:36:41 -03:00
Moisés Guimarães
d8309ab624
adds python ignored files
2016-04-28 13:26:59 -03:00
Moisés Guimarães
7e661ab866
importing wolfcrypt-py repo
2016-04-28 13:20:10 -03:00
toddouska
a54b0f9d0c
Merge pull request #397 from lchristina26/master
...
VxWorks updates: add pthreads define
2016-04-26 18:17:56 -07:00
Kaleb Himes
b2af02a783
Merge pull request #383 from kojo1/MDK5
...
fixes for MDK5 compiler
2016-04-26 16:11:59 -06:00
lchristina26
8f8f4129fd
VxWorks updates: add pthreads define
2016-04-26 09:36:01 -06:00
Nickolas Lapp
ccee49978b
Fix scan-build warning
2016-04-25 11:00:56 -06:00
Nickolas Lapp
1c9bf483ec
Reorder check for thread modified in addSession. Make sure tick assigned
...
correctly in non dynamic case
2016-04-25 11:00:56 -06:00
Nickolas Lapp
5f12b4c2ae
Add check to see if thread modified session in AddSession
2016-04-25 11:00:56 -06:00
Nickolas Lapp
5f9c1ffca6
Initial support for deep copying of session
2016-04-25 11:00:42 -06:00
Nickolas Lapp
f27aca0956
Remove redundant dynTicket pointer. Reorder struct for packing/alignment
2016-04-25 11:00:31 -06:00
toddouska
cc56e1da48
Merge pull request #393 from JacobBarthelmeh/RSA-min
...
use short for RSA min key size and check casts
2016-04-22 13:56:59 -07:00
Chris Conlon
5abeeff919
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
Jacob Barthelmeh
77a9343973
use short for RSA min key size and check casts
2016-04-22 12:56:51 -06:00
toddouska
1e821dbd59
Merge pull request #394 from cconlon/sigalgo
...
Omit NULL parameter in AlgorithmIdentifier encoding for ECDSA OIDs
2016-04-22 11:37:17 -07:00
toddouska
70aa4a99a0
Merge pull request #390 from JacobBarthelmeh/ECC-min
...
minimum ECC key size check at TLS/SSL level
2016-04-22 11:33:43 -07:00
Nickolas Lapp
0eb59d5c35
Fix rand num generation on MacOS, Improve organization with tic storage
2016-04-22 10:35:44 -06:00
Nickolas Lapp
c8b20d9090
Add support for dynamic session tickets, add openssl.test to testuiste
2016-04-22 10:35:44 -06:00
Chris Conlon
27814ca1df
omit NULL AlgorithmIdentifier parameter for ECDSA algoOID types in SetAlgoID
2016-04-21 14:32:28 -06:00
Jacob Barthelmeh
1dac3841ca
change type to short for comparision and up default min size
2016-04-20 15:44:45 -06:00
toddouska
86cbabf035
Merge pull request #392 from wolfSSL/aesni-update
...
AES-NI Update
2016-04-20 14:27:52 -07:00
dgarske
ee8ec1fb1d
Merge pull request #391 from JacobBarthelmeh/master
...
update oid value for secp160r1
2016-04-20 09:02:50 -07:00
Jacob Barthelmeh
659d6c0689
update oid value for secp160r1
2016-04-19 17:01:39 -06:00
Jacob Barthelmeh
3129bb22cd
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
dgarske
73c830a576
Merge pull request #388 from JacobBarthelmeh/master
...
fix NID name in openssl compatibility
2016-04-19 13:57:33 -07:00
toddouska
117231c0e3
Merge pull request #387 from JacobBarthelmeh/RSA-min
...
add check for min RSA key size at TLS/SSL level
2016-04-19 13:57:26 -07:00
Jacob Barthelmeh
e0a9b365cc
fix NID name in openssl compatibility
2016-04-19 13:17:32 -06:00
Jacob Barthelmeh
789f346c5f
follow verifyNone variable when checking key size
2016-04-19 10:23:01 -06:00
Jacob Barthelmeh
0eb57ccab0
set return error before jumping to end of function
2016-04-18 14:27:34 -06:00
toddouska
0dbdc8eab0
Merge pull request #372 from dgarske/mingwfixes
...
MinGW fixes
2016-04-18 12:50:13 -07:00
Jacob Barthelmeh
09e4e13958
update comment about MinGW
2016-04-18 12:14:47 -06:00
Jacob Barthelmeh
e15aca4189
static and shared library with MinGW
2016-04-15 16:04:15 -06:00
Kaleb Himes
3ce01192ac
Merge pull request #384 from tisb-vikram/master
...
enable aesgcm and alpn support in TI-RTOS/WolfSSL configuration
2016-04-15 14:56:56 -06:00
toddouska
72bfc2aa09
Merge pull request #382 from JacobBarthelmeh/master
...
build with asn disabled and opensslextra enabled
2016-04-15 10:12:52 -07:00
toddouska
8cf57845ff
Merge pull request #386 from JacobBarthelmeh/RSA-fix
...
fix check on RSA key size
2016-04-14 17:53:26 -07:00
Jacob Barthelmeh
1e766b23cf
check return value of ping.test
2016-04-14 14:42:01 -06:00
Jacob Barthelmeh
c9891567e8
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
John Safranek
4506839c6d
back out last commit. it was a pain to use.
2016-04-14 11:57:42 -07:00
John Safranek
526606e42f
added conditional assembly for the intel-format AES_NI decrypt procedures
2016-04-14 11:30:10 -07:00
John Safranek
5340ea0d79
fixed a missing operand swap in the AES-CBC decrypt by 6
2016-04-14 10:47:14 -07:00
Jacob Barthelmeh
f998851642
fix check on RSA key size
2016-04-14 09:33:25 -06:00
Takashi Kojo
cab1ebf2d6
move MDK5 current_time to test.h
2016-04-14 18:47:16 +09:00
Takashi Kojo
98dffc070a
current_time in test.h
2016-04-14 18:32:33 +09:00
Takashi Kojo
35c5353698
fixed current_time argument
2016-04-14 16:26:51 +09:00
John Safranek
6f51c2a8f8
1. Fix bad opcode mnemonics in the intel-format source listing.
...
2. Update the aes.c file to call both format assembly routines the same
way.
2016-04-13 16:42:58 -07:00
John Safranek
c34944e389
added intel-format translations of new att-format AES-NI decrypt routines
2016-04-13 16:02:18 -07:00
John Safranek
9781fa3dc9
relabel jump points in new code with D (decrypt) mnemonics rather than E (encrypt)
2016-04-13 15:51:19 -07:00
toddouska
d0717c7b76
Merge pull request #385 from cconlon/freertos-fix
...
Fix typo in FREERTOS_TCP settings.h
2016-04-13 13:28:04 -07:00
John Safranek
57fce85531
modify AES-CBC with AESNI test to check all key sizes for each message size checked
2016-04-13 12:18:59 -07:00
John Safranek
13f002f186
only compile in the AES-CBC decrypt-by-size variant selected by define, default by 8 blocks at a time
2016-04-13 12:00:53 -07:00
John Safranek
451fd878f9
touching whitespace in assembly routines being touched right now
2016-04-13 11:48:25 -07:00
Chris Conlon
d5df119c65
fix typo in FREERTOS_TCP settings.h
2016-04-12 15:03:34 -06:00
Vikram Adiga
c7ad33e5d4
enable aesgcm and alpn support in TI-RTOS/WolfSSL configuration
...
These macros enable the AES GCM cipher suites and application layer
protocol negotiation in the TLS layer. Adding these macros would
allow connecting to websites with higher security requirements and
also support newer web technologies like HTTP/2 but the drawback is
that they add ~2K increase in memory footprint. Applications not
requiring these features can comment the macros and rebuild the
library to get smaller footprint.
Signed-off-by: Vikram Adiga <vikram.adiga@ti.com >
2016-04-12 12:25:32 -07:00
John Safranek
8524afc56a
1. Rename routine AES_CBC_decrypt_ex as AES_CBC_decrypt_by8
...
2. Added routine AES_CBC_decrypt_by6 that does six at a time.
3. Setting HAVE_AES_DECRYPT_BY6 or _BY8 (or not setting it) selects
the 6, 8, or 4 way version of the assembly routine.
4. Modified AES-NI decrypt test to loop checking against the test
bolus from 1 AES block to the whole 24 blocks.
2016-04-12 10:10:55 -07:00
Takashi Kojo
cfd5af341b
fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler.
2016-04-12 11:05:30 +09:00
JacobBarthelmeh
4d38813b0c
Merge pull request #381 from kaleb-himes/scan-build-psk
...
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 14:52:38 -06:00
kaleb-himes
1b7cd5cb06
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
Jacob Barthelmeh
23ab4247ea
build with asn disabled and opensslextra enabled
2016-04-11 11:56:30 -06:00
kaleb-himes
c6e9021732
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
toddouska
85505b99b9
Merge pull request #380 from cconlon/utasker
...
uTasker Port
2016-04-08 15:08:39 -07:00
Chris Conlon
7a0f8672e7
Merge pull request #375 from dgarske/stm32hashfixes
...
Fixes when using the STM32 with STM32F2_HASH defined.
2016-04-08 15:04:46 -06:00
John Safranek
698b1cc7dc
update benchmark to show AES-CBC decrypt speed
2016-04-08 13:33:41 -07:00
John Safranek
b75dc127f3
1. Attempting to perform 8 AES-CBC decrypt operations simultaneously.
...
2. Added code to test large AES-CBC decrypts.
2016-04-08 11:53:40 -07:00
toddouska
c6e4fb8cf8
Merge pull request #378 from JacobBarthelmeh/Testing
...
autoconf checks on some builds that break, macro for no server, and u…
2016-04-08 11:01:46 -07:00
David Garske
993972162e
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-08 11:48:14 -06:00
David Garske
2aab090c8b
Fixes when using the STM32 with STM32F2_HASH defined.
2016-04-08 11:39:15 -06:00
Chris Conlon
46f4be357b
uTasker: add note about XTIME to settings.h
2016-04-08 11:20:58 -06:00
Chris Conlon
8d040ad41f
uTasker: add initial port, WOLFSSL_UTASKER
2016-04-08 11:12:17 -06:00
toddouska
255d9ecfb3
Merge pull request #377 from JacobBarthelmeh/master
...
add wc_EccPublicKeyToDer function
2016-04-07 12:20:05 -07:00
Jacob Barthelmeh
5b4f17545b
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 15:36:50 -06:00
Jacob Barthelmeh
665fb3076c
add trailing zero enum and correct call for export key size
2016-04-06 15:15:56 -06:00
Jacob Barthelmeh
4f8fffbc37
add wc_EccPublicKeyToDer function
2016-04-06 15:15:56 -06:00
Kaleb Himes
a0cd888fbf
Merge pull request #379 from JacobBarthelmeh/PSK
...
fix c89 build on windows
2016-04-06 14:02:55 -07:00
Jacob Barthelmeh
85a9c55048
fix c89 build on windows
2016-04-06 11:16:40 -06:00
toddouska
9f86a91dbd
Merge pull request #374 from dgarske/asyncfixes
...
Fix build issues with new async changes
2016-04-01 16:04:08 -07:00
toddouska
29194bd977
Merge pull request #371 from cconlon/sniffer-fix
...
Extra cleanup in sniffer.c with ForceZero
2016-04-01 13:39:29 -07:00
David Garske
2d4aa1bbb5
Better fix for scan-build warning regarding possible use of NULL in AddRecordHeader. Scan-build considers paths where output is set to NULL, but ssl->spec.kea is corrupted/changed, which could result in output == NULL (even though it should never happen). So added proper NULL check in SendServerKeyExchange on AddHeader to make sure output isn't NULL.
2016-04-01 12:57:33 -07:00
David Garske
19f0769ec4
Fix for scan-build warning where async changes make it appear like the output buffer could be NULL (even though its not). Added NULL check on the AddRecordHeader function.
2016-04-01 10:55:01 -07:00
David Garske
dd28d53cfb
Fix build issues with new async changes. Fixed issue with unused args preSigSz and preSigIdx with PSK enabled and ECC + RSA disabled. Fixed issue with missing qsSz variable in DoClientKeyExchange. Fixed missing DhAgree and DhKeyGen with NO_CERTS and PSK enabled. Fixed a couple scan-build warnings with "Value stored to '' is never read".
2016-04-01 09:23:46 -07:00
Chris Conlon
2939c3ace1
add ssl_FreeZeroDecode() to sniffer.c
2016-03-31 13:25:39 -06:00
toddouska
63b1282e67
Merge pull request #335 from dgarske/asynccrypt
...
Asynchronous crypto and wolf event support
2016-03-30 20:12:41 -07:00
David Garske
4472152b18
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-30 15:15:38 -07:00
toddouska
6e5b23e102
Merge pull request #370 from dgarske/stm_aes_gcm_ccm
...
Enhancement to the STM32F2_CRYPTO port to support AES GCM, AES CCM an…
2016-03-30 13:39:35 -07:00
Chris Conlon
ec9f10d74f
extra cleanup in sniffer.c with ForceZero
2016-03-30 10:52:27 -06:00
toddouska
d30f410768
Merge pull request #368 from JacobBarthelmeh/master
...
Check for compile of misc.c and fix disable inline
2016-03-29 17:26:55 -07:00
toddouska
49e117ebb5
Merge pull request #369 from JacobBarthelmeh/Testing
...
if using inline do not compile misc.c in iOS XCode builds
2016-03-29 14:41:20 -07:00
Jacob Barthelmeh
e60adfc9da
better naming of macro and alter misc.c check
2016-03-29 13:42:40 -06:00
Jacob Barthelmeh
2437e97d70
if using inline do not compile misc.c in iOS XCode builds
2016-03-28 17:33:38 -06:00
JacobBarthelmeh
2733f0a7ca
Merge pull request #309 from coletiv/add-tvos-target
...
Add tvos target to the xcode project
2016-03-28 17:29:32 -06:00
Jacob Barthelmeh
7e90e2e540
misc.c compile warning accounts for FIPS
2016-03-28 17:22:39 -06:00
Jacob Barthelmeh
2665db73a4
check for compiling misc.c when not needed
2016-03-28 16:03:15 -06:00
Jacob Barthelmeh
79a212da8d
fix disable inline build
2016-03-28 14:24:12 -06:00
John Safranek
59a84b40c7
Merge pull request #364 from toddouska/ecc-test-free
...
Fixes to cleanup unnecessary ECC make key, check key and free in ECC vector item test.
2016-03-28 13:15:20 -07:00
toddouska
137f477277
Merge pull request #363 from JacobBarthelmeh/master
...
sanity check on ssl pased to wolfSSL_set_fd
2016-03-28 11:47:22 -07:00
David Garske
03765ecca7
Fixes to cleanup unnecessary ECC make key, check key and free in ECC vector item test.
2016-03-25 13:22:31 -07:00
Jacob Barthelmeh
67b4d2e2f4
case where memory is exhausted before ctx copied to ssl
2016-03-25 14:19:51 -06:00
Jacob Barthelmeh
696169634e
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
John Safranek
190d30f336
Merge pull request #362 from dgarske/bench_rng
...
Added benchmark for the RNG.
2016-03-25 12:12:20 -07:00
toddouska
1649af37be
fix ecc curve test in normal math mode, free is needed
2016-03-25 11:33:35 -07:00
Jacob Barthelmeh
57ea1cdcd7
sanity check on ssl pased to wolfSSL_set_fd
2016-03-25 11:32:53 -06:00
David Garske
5569dfe838
Fix with FIPS build and RNG_MAX_BLOCK_LEN define location.
2016-03-25 08:56:11 -07:00
David Garske
f539a60a40
Adjusted the RNG benchmark to split into smaller requests of max allowed RNG size.
2016-03-25 06:59:35 -07:00
David Garske
27e041246f
Added benchmark for the RNG.
2016-03-24 08:42:19 -07:00
toddouska
855e42b66a
Merge pull request #359 from cconlon/ecc-comment
...
Fix wc_ecc_import_raw() comment
2016-03-24 08:21:42 -07:00
David Garske
3796fc1322
Enhancement to the STM32F2_CRYPTO port to support AES GCM, AES CCM and AES-Direct (for encrypt only) using combination of software and AES HW acceleration.
2016-03-24 07:08:42 -07:00
toddouska
3509ff0c73
Merge pull request #358 from JacobBarthelmeh/master
...
fix free of WOLFSSL_METHOD pointer on create ctx fail
2016-03-23 15:35:16 -07:00
Chris Conlon
20285bec01
fix wc_ecc_import_raw comment, public key instead of base point
2016-03-23 15:33:53 -06:00
Jacob Barthelmeh
8f8f7ac152
remove unecessary XFREE
2016-03-23 13:40:45 -06:00
toddouska
2dfc7faa73
Merge pull request #355 from dgarske/EccTestCleanup
...
wolfCrypt ECC test improvements and code cleanup
2016-03-23 12:18:42 -07:00
toddouska
18961e5620
Merge pull request #351 from dgarske/ChaChaRefactor
...
Refactor of the ChaCha hard coded variables
2016-03-23 12:17:23 -07:00
Jacob Barthelmeh
620e4fa5ca
fix free of WOLFSSL_METHOD pointer on create ctx fail
2016-03-23 09:27:27 -06:00
John Safranek
d8fb4b6ee7
Merge pull request #352 from dgarske/DRBGSmallStack
...
Fix to reduce stack usage in the hash-based random number generator h…
2016-03-21 12:20:48 -07:00
David Garske
0fc5575b8b
Fixed typo with WOLFSSL_VALIDATE_ECC_IMPORT defined. Disable ECC-224 bit compressed key test since it isn't working. Cleanup in accel_fp_mul for KB_SIZE.
2016-03-18 15:41:03 -07:00
David Garske
71683e23e9
Resolve 2nd unused "typeH" warning.
2016-03-18 06:27:42 -07:00
toddouska
51a911c727
Merge pull request #354 from JacobBarthelmeh/master
...
prepare for release v3.9.0
2016-03-17 16:10:18 -07:00
David Garske
0e43fca1f3
Resolve unused "typeH" warning.
2016-03-17 15:56:51 -07:00
David Garske
369930238a
Cleanup of the ecc_test functions to break areas into separate functions providing WC_RNG and key size. Added ECC tests by key size for all enabled curves. Added actual key size on wc_ecc_make_key for the NIST test vectors. Added ECC testing of wc_ecc_verify_hash with digests having 0's and sequence (1,2,3,...) and made sure it runs verify twice.
2016-03-17 15:31:45 -07:00
Jacob Barthelmeh
e99a5b0483
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
David Garske
e1787fe160
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-17 13:31:03 -07:00
toddouska
10e74f7200
Merge pull request #353 from dgarske/EccUnsignedSizeCheckFix
...
Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT…
2016-03-17 10:50:01 -07:00
David Garske
19967dd264
Fixed bug where mp_unsigned_bin_size returning 0 could produce a UINT_MAX (based on -1) resulting in invalid index to an array. Added test case for this if FP_ECC is defined.
2016-03-17 09:39:10 -07:00
David Garske
bda69decc1
Fix to reduce stack usage in the hash-based random number generator health tests when WOLFSSL_SMALL_STACK is defined.
2016-03-16 17:04:07 -07:00
toddouska
46a01c29d8
Merge pull request #350 from JacobBarthelmeh/master
...
check for invalid RSA OAEP with SHA512 test case
2016-03-16 16:25:13 -07:00
Jacob Barthelmeh
2dd5efd969
sanity check for RSA key size and hash digest size
2016-03-16 15:25:52 -06:00
Jacob Barthelmeh
4c3ddac23c
catch invalid test case of RSA-OAEP and fix cast
2016-03-16 14:51:25 -06:00
David Garske
473ea567bd
Refactor of the ChaCha hard coded variables.
2016-03-16 13:36:44 -07:00
toddouska
7722c4484a
Merge pull request #349 from dgarske/CobiPort
...
Port for Nordic nRF51 RNG, RTC and AES. Added RNG test for wc_RNG_Gen…
2016-03-16 13:36:27 -07:00
David Garske
0683ecb727
Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround.
2016-03-16 09:41:19 -07:00
David Garske
f0ea9d747f
Fix possible positive return value for random_rng_test. Removed reference to nrf51_aes_decrypt, which is not supported, and added compile error for it. Corrected ecc_test_raw_vector return code checking. Cleanup in InitMemoryTracker.
2016-03-15 18:33:24 -07:00
David Garske
bf058ef1b9
Fixed Jenkins error reports for mem_track msg, incorrect #ifdef in aes_test and ecc_test_raw_vector response code checking. Fixed C89 compliance with wc_AesSetKey. Fixed nrf_drv_rng_init response checks in RNG code. Reverted comment change in AES. Fixed nRF51 AES CBC Encrypt support. Added response code checking for nrf51_aes_set_key.
2016-03-15 17:18:03 -07:00
David Garske
a38183b816
Port for Nordic nRF51 RNG, RTC and AES. Added RNG test for wc_RNG_GenerateBlock 0's check even if HAVE_HASHDRBG is enabled. Added NIST test vectors for ECC P-256, P-384 and P-521. Added helpful debug message in ECC import if issue finding ecc_sets[] for curve. Moved memory tracker into separate file and added support for it to wolfcrypt test and benchmark. Added Ed255519/Curve25519 options for granular control of sign, verify, shared secret, import and export. Added AES options for max key size (AES_MAX_KEY_SIZE), no decrypt (NO_AES_DECRYPT) and no CBC (NO_AES_CBC).
2016-03-15 13:58:51 -07:00
toddouska
47491e6c22
Merge pull request #332 from JacobBarthelmeh/Certs
...
Certs
2016-03-14 13:24:03 -07:00
Jacob Barthelmeh
db758dc98b
update test script, fall back to cert name search, fix der free
2016-03-12 09:37:32 -07:00
Jacob Barthelmeh
060e278559
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs
2016-03-11 23:48:39 -07:00
JacobBarthelmeh
154f027c54
Merge pull request #347 from dgarske/ScanBuildFix214
...
Address scan-build issue on build #214 after DerBuffer refactor part 2
2016-03-11 16:53:41 -07:00
David Garske
81b0ccdb1a
Address scan-build issue on build #214 after DerBuffer refactor part 2 ( ceafb25).
2016-03-11 09:39:13 -08:00
dgarske
98f40fa132
Merge pull request #345 from moisesguimaraes/remove_unnecessary_condition
...
remove unnecessary condition
2016-03-11 09:27:22 -08:00
Moisés Guimarães
2e1c1ca7f8
remove unnecessary condition
2016-03-10 23:07:36 -03:00
dgarske
0171aefc65
Merge pull request #344 from JacobBarthelmeh/master
...
K64F RNGA register
2016-03-10 16:05:19 -08:00
toddouska
1bd7de46bb
Merge pull request #342 from dgarske/JenkinsFixes20160310
...
Fixes multiple Jenkins warnings/failures
2016-03-10 14:19:47 -08:00
Jacob Barthelmeh
3976a3e2f2
K64F RNGA register
2016-03-10 14:35:55 -07:00
David Garske
80aa431689
Fixes multiple Jenkins warnings/failures. First is PickHashSigAlgo is required for client builds or if certs are enabled. Fixed scan-build warning with OCSP not recognized ForceZero as cleaning memory and using possible garbage value. Also cleaned up the OCSP functions to use struct buffer* instead of void* for clarity with a little forward declaration.
2016-03-10 09:38:11 -08:00
toddouska
1435a6ce92
Merge pull request #341 from JacobBarthelmeh/master
...
SEP and CERTEXT, QSH debug
2016-03-10 09:36:25 -08:00
Kaleb Joseph Himes
0a1871e77c
Merge pull request #337 from dgarske/WarnDoubleFree
...
Fixes scan-build warning with "--enable-opensslextra --disable-memory"
2016-03-09 16:28:18 -08:00
Jacob Barthelmeh
6e1c5b3801
disable CERT_EXT policies check when SEP is used instead
2016-03-09 17:22:38 -07:00
Jacob Barthelmeh
49b547db08
make QSH debug compile for C89
2016-03-09 17:15:28 -07:00
toddouska
ceafb25f49
Merge pull request #338 from dgarske/DerBufferRefactor2
...
Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a re…
2016-03-09 12:36:22 -08:00
toddouska
2f060dd860
Merge pull request #312 from dgarske/LeanTls
...
New LeanTLS configure option
2016-03-09 10:13:00 -08:00
David Garske
f17dfa5b03
Moved the x509 XFREE to outside the FreeX509 function. Internally FreeX509 is only used in two places. One is for the ssl->peerCert, which is not dynamic anyways. The second is in the ExternalFreeX509 where it calls FreeX509 if its dynamic and will XFREE there.
2016-03-09 09:15:00 -08:00
David Garske
c863300805
Fixed scan-build error with possibly using a NULL pointer.
2016-03-08 09:34:56 -08:00
David Garske
0f93b86b61
Fixes for PK_CALLBACKS and sniffer after DerBuffer refactor #2 .
2016-03-08 08:56:14 -08:00
David Garske
ce9f14f713
Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a result of additional functionality. Removed InitDer. Changed all DerBuffers to use pointer and pass pointer to DerBuffer* to AllocDer and FreeDer. Result is more efficient code and reduced WOLFSSL object size. AllocDer uses first part of the allocated buffer for the actual DerBuffer.
2016-03-08 08:56:14 -08:00
David Garske
daa1cd634e
Fixes scan-build warning with "--enable-opensslextra --disable-memory". Problem was different #if defines on the InitX509 and FreeX509, which caused the static analyzer to think the "x509->dynamicMemory" was always true.
2016-03-08 08:38:02 -08:00
David Garske
0ed26ad262
Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option.
2016-03-08 08:35:28 -08:00
David Garske
2891939098
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-03-08 08:35:28 -08:00
David Garske
8e8ee45828
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-03-08 08:35:28 -08:00
JacobBarthelmeh
375d85fe9a
Merge pull request #336 from dgarske/ASNCertPolicyExtFix
...
Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing
2016-03-08 08:59:24 -07:00
David Garske
b549c81337
Fix the WOLFSSL_SEP (--enable-sep) build scenario where extCertPoliciesNb is not available.
2016-03-07 14:49:24 -08:00
David Garske
05fb648747
Remove white-space.
2016-03-07 14:33:22 -08:00
David Garske
9b79d8643e
Added checks for total length and the cert policy OID len to make sure they don't exceed buffer.
2016-03-07 14:20:37 -08:00
David Garske
dee3645c4e
Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing. Bug had to do with parsing when OID contains multiple items such as example 2 below. The wolfssl.com server key now contains a URL in the certificate policy " https://secure.comodo.com/CPS0 ", which wasn't being parsed over correctly. Also cleanup to use loop instead of duplicate code.
...
Example 1:
30 12
30 06 06 04 55 1D 20 00
30 08 06 06 67 81 0C 01 02 01
Result:
2.5.29.32.0
2.23.140.1.2.1
Example 2:
30 46
30 3A 06 0B 2B 06 01 04 01 B2 31 01 02 02 07
30 2B 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53
30 08 06 06 67 81 0C 01 02 01
Result:
1.3.6.1.4.1.6449.1.2.2.7
2.23.140.1.2.1
2016-03-07 13:40:25 -08:00
dgarske
98a72a3f9d
Merge pull request #334 from JacobBarthelmeh/master
...
update wolfssl-ntru vs project and fix warnings
2016-03-03 15:53:52 -08:00
dgarske
8ca1c3935d
Merge pull request #322 from ejohnstown/dtls-handshake
...
DTLS Handshake Update
2016-03-03 14:33:31 -08:00
Jacob Barthelmeh
c98c457b9b
update wolfssl-ntru vs project and fix warnings
2016-03-03 14:35:39 -07:00
dgarske
b9ecd9474c
Merge pull request #330 from kaleb-himes/CID-66007-coverity
...
avoid dereference of null pointer if args is null
2016-03-02 18:22:07 -08:00
Jacob Barthelmeh
112cf1f0c9
fix example client help print out
2016-03-02 16:51:57 -07:00
kaleb-himes
7a599c1309
Account for not used case
2016-03-02 16:31:58 -07:00
dgarske
a0f1e1e3ea
Merge pull request #331 from kaleb-himes/CID-66006-coverity
...
Move assignment to after the null check
2016-03-02 15:23:58 -08:00
Jacob Barthelmeh
aab44eb26b
adjest example server PSK plus flag
2016-03-02 15:43:17 -07:00
Jacob Barthelmeh
267dc48d95
fixs after testing : hash table, using NO_SKID, sanity check, and freeing dCert
2016-03-02 15:23:50 -07:00
Jacob Barthelmeh
d969e2ba11
automated test for trusted peer certs
2016-03-02 11:42:00 -07:00
kaleb-himes
85215cc174
clean up braces left over from local declaration of ready
2016-03-02 11:39:34 -07:00
Jacob Barthelmeh
05d2cec7c1
addition to api tests and refactor location of trusted peer cert check
2016-03-02 11:35:03 -07:00
kaleb-himes
01cd43c319
Seperate declaration and assignment per c99 standards
2016-03-02 11:31:08 -07:00
Jacob Barthelmeh
7df22ee210
Trusted peer certificate use
2016-03-02 11:22:34 -07:00
kaleb-himes
1f4ddb20df
Move assignment to after the null check
2016-03-01 17:00:27 -07:00
kaleb-himes
d15dac04b8
remove unnecessary NULL assignment
2016-03-01 16:33:47 -07:00
kaleb-himes
d473452769
avoid dereference of null pointer if args is null
2016-03-01 16:21:03 -07:00
Kaleb Joseph Himes
7c63ac4f6a
Merge pull request #329 from dgarske/BuildErrDerBuf
...
Fixes build error with new DerBuffer with ASN, ECC and RSA disabled.
2016-02-26 08:44:30 -08:00
David Garske
79ef8e232b
Fixes build error with new DerBuffer with ASN, ECC and RSA disabled.
2016-02-26 15:39:30 +01:00
toddouska
0c45a7a028
Merge pull request #317 from dgarske/DerBufferRefactor
...
Refactor of the DER buffer handling
2016-02-25 09:35:50 -08:00
David Garske
a46fd6612b
Changed CopyDecodedToX509 AllocDer error code handing to return MEMORY_E, since that is an explicitly handled case. Also resolves the issue with "warning: Value stored to 'ret' is never read".
2016-02-25 14:35:54 +01:00
dgarske
f549f71912
Merge pull request #325 from kaleb-himes/CID-66016-coverity
...
Always execute wc_InitRsaKey if we are always going to execute wc_Fre…
2016-02-25 08:45:06 +01:00
dgarske
f0b1d2fd9d
Merge pull request #324 from JacobBarthelmeh/master
...
argument peer can be NULL when macro INADDR_ANY is NULL
2016-02-25 08:40:37 +01:00
John Safranek
aa7eae3294
Merge pull request #320 from moisesguimaraes/fix-ocsp-dependency-check
...
fixes ocsp dependency check on asn during configure.
2016-02-24 16:21:51 -08:00
kaleb-himes
16dac5597f
prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ
2016-02-24 16:08:54 -07:00
Moisés Guimarães
fb9697bda6
adds check for missing rsa and ecc at the same time
2016-02-24 18:57:16 -03:00
kaleb-himes
4858a65984
Always execute wc_InitRsaKey if we are always going to execute wc_FreeRsaKey
2016-02-24 14:42:07 -07:00
Jacob Barthelmeh
6ee3c0ae59
argument peer can be NULL when macro INADDR_ANY is NULL
2016-02-24 13:55:44 -07:00
Moisés Guimarães
1824a494d1
adds missing ENABLED_OCSP test
2016-02-24 16:45:07 -03:00
toddouska
35b48250ad
Merge pull request #321 from dgarske/FixCryptBenchEdCurve25519
...
Fixes issue with building crypt benchmark with only ED/Curve25519 ena…
2016-02-24 11:19:30 -08:00
toddouska
12bb050ec9
Merge pull request #323 from JacobBarthelmeh/master
...
check for RSA and ECC before testing RSA signed ECC cert
2016-02-24 09:34:37 -08:00
David Garske
1227db4e44
Fixed issue with not properly returning memory error in CopyDecodedToX509 after DER refactor.
2016-02-24 07:04:03 +01:00
Jacob Barthelmeh
dcfec3d2fa
check for RSA and ECC before testing RSA signed ECC cert
2016-02-23 17:03:52 -07:00
Moisés Guimarães
143b9fda1b
adds build dependency check for OCSP
2016-02-23 15:19:04 -03:00
Moisés Guimarães
a92d2d582f
Revert "fixes ocsp dependency check on asn during configure."
...
This reverts commit 46ade8f03f
2016-02-23 14:13:52 -03:00
John Safranek
69e00a3f97
allow dtls timeout to be 0 in the recvfrom callback, set to 0 if the handshake is done
2016-02-22 21:13:05 -08:00
John Safranek
f621f81fa2
1. Some DTLS code was missing an ifdef.
...
2. If receiving a handshake message that's already been processed,
retransmit the previous message flight.
2016-02-22 14:08:35 -08:00
toddouska
8dbef9b14b
Merge pull request #318 from dgarske/BuildErrorNoFileSysWCerts
...
Fixes build error with NO_FILESYSTEM and !NO_CERTS
2016-02-22 12:12:24 -08:00
David Garske
731e13ecf2
Fixes issue with building crypt benchmark with only ED/Curve25519 enabled with static rng missing.
2016-02-22 16:46:13 +01:00
John Safranek
f6fafe6738
for DTLS, retain the handshake resources until peer sends application data record
2016-02-21 21:52:38 -08:00
Moisés Guimarães
46ade8f03f
fixes ocsp dependency check on asn during configure.
2016-02-21 20:54:45 -03:00
David Garske
953a3bd01d
Fixes build error with NO_FILESYSTEM and !NO_CERTS where the wolfssl/test.h load_buffer() function is passing non-existent enum value. Was renamed from CYASSL_ to WOLFSSL_.
2016-02-19 13:52:06 -08:00
David Garske
3fe5ee1a7c
Refactor of the DER buffer handling. Added new DerBuffer struct that includes the type and heap ptr. Added new InitDer, AllocDer and FreeDer functions. Cleanup of some missing "heap" args on XMALLOC/XFREE. In FreeDer uses ForceZero if type is private key.
2016-02-18 22:42:15 -08:00
dgarske
b72c83e191
Merge pull request #315 from kaleb-himes/fix-no-sha
...
update for configure option --disable-sha
2016-02-16 13:08:59 -08:00
toddouska
c1ef4d4521
Merge pull request #313 from kaleb-himes/master
...
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-16 11:05:55 -08:00
kaleb-himes
24d93c90cd
update for configure option --disable-sha
2016-02-16 12:03:37 -07:00
kaleb-himes
46b34c19d0
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
toddouska
3d8f91d418
Merge pull request #302 from dgarske/EccOnlyNoSignVerify
...
New ECC and ASN build options for reduce build size options
2016-02-15 12:13:43 -08:00
toddouska
d7d2a6f565
Merge pull request #307 from JacobBarthelmeh/PSK
...
New fail with no peer cert behavior and allow RSA signed ECC key certs
2016-02-12 15:27:18 -08:00
JacobBarthelmeh
7de352a0e9
Merge pull request #311 from dgarske/FixSkipObjectIdWarn
...
Fixes warning with SkipObjectId defined but not used.
2016-02-12 15:04:04 -07:00
toddouska
951fe0a927
Merge pull request #310 from dgarske/CustRngGenBlock
...
Added new CUSTOM_RAND_GENERATE_BLOCK option that allows override and …
2016-02-12 13:51:06 -08:00
David Garske
a969dd8efd
Fixed "error: unused function 'StoreRsaKey'" with NO_ASN_TIME and RSA enabled.
2016-02-12 13:19:58 -08:00
David Garske
aeaac15682
Fixed compile errors in signature.c if ECC on but ECC sign/verify disabled. Added new NO_ASN_TIME option to reduce ASN size for space constrained or missing RTC. Added check to make sure ASN is enabled if ECC sign/verify is enabled.
2016-02-12 13:16:39 -08:00
Jacob Barthelmeh
8073024ee7
fix formatting of .conf file so ephemeral port is used
2016-02-12 13:41:30 -07:00
David Garske
f328c6bdf7
Fixes warning with SkipObjectId defined but not used.
2016-02-12 12:34:22 -08:00
David Garske
08c663a4ac
Added new CUSTOM_RAND_GENERATE_BLOCK option that allows override and disabling of the HASHDRBG for customers who have a HW RNG they would like to use instead.
...
Examples:
"./configure --disable-hashdrbg CFLAGS="-DCUSTOM_RAND_GENERATE_BLOCK= custom_rand_generate_block".
OR
/* RNG */
//#define HAVE_HASHDRBG
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
2016-02-12 11:59:51 -08:00
David Garske
4872f2bc33
Added the following ECC optional config defines: HAVE_ECC_SIGN, HAVE_ECC_VERIFY, HAVE_ECC_DHE, HAVE_ECC_KEY_IMPORT and HAVE_ECC_KEY_EXPORT. Still working through issues with using ECC sign/verify with ASN disabled. Added documentation to top of ecc.c for all the ECC define options.
2016-02-12 11:07:50 -08:00
Tiago Duarte
8f5cd98857
Added tvos target to the xcode project
2016-02-12 10:23:23 +01:00
Jacob Barthelmeh
3e860107f3
remove extra cert and key, plus add new test
2016-02-11 13:49:07 -07:00
Jacob Barthelmeh
1197f88c4f
add psk.test script for testing
2016-02-11 09:15:04 -07:00
toddouska
09f631238e
Merge pull request #306 from kaleb-himes/master
...
correct logic to allow for static RSA if ECC and no Curves
2016-02-10 16:47:17 -08:00
dgarske
49a5ea18e8
Merge pull request #303 from ejohnstown/sniffer-check
...
When loading a named key, check that the save buffer mallocs.
2016-02-10 13:19:59 -08:00
dgarske
b0a51a22a1
Merge pull request #304 from cconlon/testh-fix
...
Check build_addr() arguments for NULL
2016-02-10 13:19:28 -08:00
David Garske
a83ff6aada
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-10 13:03:53 -08:00
Jacob Barthelmeh
9defe9b42b
fix warning of unused variable and adjust debug statements
2016-02-10 13:57:10 -07:00
kaleb-himes
ffe7b38409
correct logic to allow for static RSA if ECC and no Curves
...
use same coding standards as the rest of the libraries
2016-02-10 13:39:59 -07:00
Jacob Barthelmeh
69fc400d28
add new certs to EXTRA_DIST
2016-02-10 13:26:03 -07:00
Jacob Barthelmeh
2f74706367
allow use of RSA signed ECC key certs
2016-02-10 13:26:03 -07:00
Jacob Barthelmeh
ff7a9d9f78
option for fail on no peer cert except PSK suites
2016-02-10 13:26:03 -07:00
Chris Conlon
3293857834
check build_addr() arguments for NULL before memset
2016-02-10 10:35:48 -07:00
David Garske
8d0d5a3f90
Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.
2016-02-10 08:53:09 -08:00
dgarske
9a5938432b
Merge pull request #301 from kaleb-himes/master
...
if connecting to google.com and using ECC need supported curves
2016-02-10 08:42:28 -08:00
kaleb-himes
bf4d6454b1
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
John Safranek
ccffee1617
When loading a named key, check that the save buffer mallocs. It calls a library function that checks the pointer, but an application of the library shouldn't depend on side effects. This fixes #300 .
2016-02-09 15:17:05 -08:00
Kaleb Joseph Himes
62a2efdacc
Merge pull request #298 from kaleb-himes/master
...
Avoid unnecessary assignments in client example
2016-02-09 09:54:55 -08:00
toddouska
f30ef33d8b
Merge pull request #295 from JacobBarthelmeh/master
...
ECDHE-PSK and added cipher suites
2016-02-09 09:40:13 -08:00
toddouska
66aa1da829
Merge pull request #299 from dgarske/MinGWFixes
...
Fixes for warnings found using MinGW
2016-02-09 09:32:18 -08:00
Kaleb Joseph Himes
2e88785358
Merge pull request #282 from dgarske/WinUserSettings
...
Refactor of Visual Studio projects to centralize preprocessors into IDE/WIN/user_settings.h
2016-02-09 09:27:32 -08:00
toddouska
014740eda0
Merge pull request #289 from dgarske/SigHashFixes
...
Fixes/improvements to the signature and hash wrappers:
2016-02-09 09:23:18 -08:00
David Garske
2af9fb91b3
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
David Garske
4ea76b8ac8
Fixes for warnings found using MinGW. Fixes for WOLFSSL_SOCKET_IS_INVALID and WOLFSSL_SOCKET_INVALID to use the SOCKET_T.
2016-02-08 15:44:22 -08:00
Jacob Barthelmeh
53162d5fc4
addjust size according to offset length and add PMS size comment
2016-02-08 15:22:49 -07:00
JacobBarthelmeh
f6bebc1cf4
Merge pull request #297 from dgarske/RemoveExeBitOnCFiles
...
Removed the execute bit on all .c files
2016-02-08 14:22:05 -07:00
David Garske
2e0d05f727
Fixes issues with new IDE/WIN/user_settings.h and FIPS. Fixed issue with using CYASSL_USER_SETTINGS in ctaocrypt/settings.h with FIPS by moving settings_comp.h to after user_settings.h. Fixed issue with non-existent ctaocrypt/signature.c file being included. Added the user_settings.h file to the FIPS project.
2016-02-08 12:22:20 -08:00
David Garske
09615c01cc
Updated the naming for the new encoding DER signature enum and function.
2016-02-08 12:04:38 -08:00
David Garske
97edaf88d4
Added the new IDE/WIN/user_settings.h to the include.am file. Changed the WOLFSSL library to use macro WOLFSSL_LIB for clarity.
2016-02-08 11:28:46 -08:00
David Garske
cb3a9cc348
Removed the execute bit on all .c, .h, and .cs files.
2016-02-08 09:45:31 -08:00
dgarske
a607c5dcc4
Merge pull request #296 from cconlon/freescale-fix
...
Freescale: USER_TIME fixes, enable ECC and AES-GCM by default
2016-02-08 09:36:53 -08:00
kaleb-himes
c920e6dd30
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
David Garske
d5f410523a
Fixed possible memory leak on signature wrapper ASN encode and corrected the maximum header size. Added new MAX_ENCODED_HEADER_SZ which is the maximum encoded ASN header size and update asn.c to use it. Added comment about key size sanity check. Renamed wc_SignatureRsaEncode to wc_SignatureAsnEncode.
2016-02-05 16:01:42 -08:00
David Garske
e031d2fa06
Removed the execute bit on all .c files. These were inadvertently set in PR #293 due to editing files through Windows VMWare shared folder.
2016-02-05 14:25:43 -08:00
Chris Conlon
fa4da43655
Freescale: remove USER_TIME after recent time fixes, enable ECC and AES-GCM by default
2016-02-05 14:09:43 -07:00
JacobBarthelmeh
a4f1138e5b
Merge pull request #293 from dgarske/WinWarnFixes
...
Fixes several warnings that were seeing building with Visual Studio 2…
2016-02-05 13:20:22 -07:00
Kaleb Joseph Himes
244bea18b9
Merge pull request #292 from dgarske/WolfRootFindFix
...
Fixed bug with "ChangeToWolfRoot" that was incorrectly seeking previo…
2016-02-05 11:28:39 -08:00
JacobBarthelmeh
25959bfb62
Merge pull request #279 from dgarske/CustRandGenSeed_OSArg
...
Added new CUSTOM_RAND_GENERATE_SEED_OS macro
2016-02-05 11:18:18 -07:00
Jacob Barthelmeh
3dc2e01180
warning from windows build with ECDHE-PSK and fix potential memory leak
2016-02-05 09:54:39 -07:00
David Garske
be99fcff43
Fixed typo in wc_SignatureGetSize causing error.
2016-02-05 07:32:47 -08:00
dgarske
ee4b8b2f10
Merge pull request #291 from kaleb-himes/master
...
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Added new NO_CRYPT_BENCHMARK define.
2016-02-04 17:06:59 -08:00
toddouska
ae19b7a272
Merge pull request #290 from dgarske/PemPubKey_CertExt_Fixes
...
Public key PEM to DER fixes
2016-02-04 15:19:15 -08:00
JacobBarthelmeh
60668be1c0
Merge pull request #285 from ejohnstown/dtls-hello
...
DTLS server should be able to receive multiple client hellos without …
2016-02-04 14:27:03 -07:00
David Garske
faf590eb22
Fix for "warning: Value stored to 'ret' is never read". Now explicitly set SIG_TYPE_E in each case. Fixed wc_SignatureGetSize so it will return SIG_TYPE_E for unsupported type scenario.
2016-02-04 12:49:39 -08:00
David Garske
bc059e12c2
Cleanup to remove trailing whitespace and convert tabs to spaces.
2016-02-04 12:31:08 -08:00
David Garske
be4c400d16
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 12:06:24 -08:00
David Garske
2257c1dcef
Fixes several warnings that were seeing building with Visual Studio 2015. Also noticed issue with "struct Options" in internal.h for the bit flags that was causing split due to type difference (byte vs. word16).
2016-02-04 11:30:48 -08:00
David Garske
e63989dcfd
Fixed bug with "ChangeToWolfRoot" that was incorrectly seeking previous directories where depth 2 was using ..\..\ and skipping one. This bug applied to both Win and Lin*. For example running ./server from inside examples/server would not find the wolf root.
2016-02-04 11:26:33 -08:00
David Garske
2db6246abc
Fixed typo with testsuite preprocessor. Added missing chacha.c, chacha20_poly1305.c, pkcs7.c and poly1305.c. Also added the IDE/WIN/user_settings.h to the project so its easy to find.
2016-02-04 11:19:51 -08:00
kaleb-himes
bf1af39027
benchmark needs a main if NO_CRYPT_BENCHMARK defined
2016-02-04 12:07:39 -07:00
Kaleb Joseph Himes
7936c7a72e
Merge pull request #286 from dgarske/DisableBench
...
Added optional define "NO_CRYPT_BENCHMARK" to allow disabling benchmark
2016-02-04 10:59:55 -08:00
toddouska
d39c6a6e13
Merge pull request #287 from JacobBarthelmeh/fast-rsa
...
Force Zero of data when done
2016-02-04 10:59:21 -08:00
Jacob Barthelmeh
42219a327a
refactor ForceZero of memory to gain performance
2016-02-04 10:31:05 -07:00
Jacob Barthelmeh
3ce64da44c
ChaCha20-Poly1305 PSK cipher suites
2016-02-04 09:50:29 -07:00
Jacob Barthelmeh
5a9175a758
add cipher suite ECDHE-PSK-AES128-SHA256 and adjustments to ECDHE-PSK
2016-02-04 09:39:34 -07:00
David Garske
f3399b6578
Fixes/improvements to the signature and hash wrappers:
...
Fixed output buffer to wc_RsaSSL_Verify so its min size is the key size (needed for inline operations).
Fixed the signature wrapper return codes when using RSA so 0 indicates success.
Fixed signature wrappers use of wc_HashGetDigestSize to return the error code result.
Changed enum wc_HashType and enum wc_SignatureType so all values always exist.
Added new "wc_HashGetOID" which returns the OID for an enum wc_HashType.
Added new "WC_SIGNATURE_TYPE_RSA_W_ENC", that adds the encoded ASN header to the digest using wc_EncodeSignature for RSA signatures.
Added new SIG_TYPE_E and HASH_TYPE_E error types for explicit reporting of sig/hash type not available.
2016-02-03 15:07:56 -08:00
David Garske
a6b7c00c9c
Fix so WOLFSSL_CERT_EXT can be defined without WOLFSSL_CERT_GEN. Added new WOLFSSL_PUB_PEM_TO_DER to allow the public key PEM to DER functions to be available without CERT_GEN or CERT_EXT. Fix to add NO_FILESYSTEM check around wolfSSL_PemPubKeyToDer in ssl.h. Cleanup in coding.h for the #if check.
2016-02-03 14:58:46 -08:00
Jacob Barthelmeh
d04a7e802a
add ECDHE-PSK and cipher suite ECDHE-PSK-NULL-SHA256
2016-02-03 13:44:13 -07:00
John Safranek
d26ca17efd
Merge pull request #288 from moisesguimaraes/add_python_pbkdf2_tests
...
adds pbkdf_pcscs12 tests
2016-02-03 11:09:28 -08:00
Moisés Guimarães
1ad497177a
adds pbkdf_pcscs12 tests
2016-02-02 15:43:48 -03:00
Moisés Guimarães
dc316d13bf
Merge pull request #250 from ikudriavtsev/master
...
Wrapping PBKDF PKCS#12 algorithm.
2016-02-02 15:40:50 -03:00
toddouska
8edf38632b
Merge pull request #284 from JacobBarthelmeh/DH
...
fixed point DH operations
2016-02-02 08:31:30 -08:00
Jacob Barthelmeh
cad6a08f10
comment for clarifying table of DH sizes
2016-02-01 17:11:01 -07:00
Jacob Barthelmeh
f84c0742ad
fix clang warning about potentially unset value
2016-02-01 15:23:24 -07:00
Jacob Barthelmeh
93c54c07ea
cipher suite ECDHE-ECDSA-NULL-SHA
2016-02-01 14:43:17 -07:00
David Garske
dda0de4baa
Added optional define "NO_CRYPT_BENCHMARK" to allow disabling benchmark code.
2016-02-01 13:04:30 -08:00
John Safranek
7fe73c7cbd
DTLS server should be able to receive multiple client hellos without advancing state
2016-02-01 11:06:24 -08:00
Jacob Barthelmeh
d0f8132cdc
forcing sensitive memory to be all zeros when done with it
2016-02-01 10:45:09 -07:00
John Safranek
b6017c59ba
Merge pull request #275 from dgarske/WolfErrorTypo
...
Fixed spelling errors
2016-02-01 09:00:10 -08:00
John Safranek
6fd5579130
Merge pull request #281 from toddouska/math-rsa-fix
...
fix normal math off by one loop error in fast_s_mp_mul_high_digs
2016-01-29 16:59:36 -08:00
David Garske
f8876854f4
Spelling fixes in comments and error strings (ALGO_ID_E, ASN_TIME_E and WOLFSSL_ERROR function).
2016-01-29 16:13:09 -08:00
David Garske
41f7cb0482
Forgot to change the testsuite and sslSniffer projects. Now these also use the IDE/WIN/user_settings.h.
2016-01-29 15:07:03 -08:00
David Garske
ebd14a657d
Added signature.c to Visual Studio project files. Added new "IDE/WIN/user_settings.h" which contains all the defines for the various Windows Visual Studio projects. Moved the settings into this new file and added the WOLFSSL_USER_SETTINGS and CYASSL_USER_SETTINGS macros and include path to IDE/WIN to all project files. This allows the settings (defines) to be adjusted in a single place for Win VS.
2016-01-29 14:29:31 -08:00
toddouska
3f87d28190
Merge pull request #280 from JacobBarthelmeh/master
...
Update ChaCha20-Poly1305 cipher suites
2016-01-29 14:12:53 -08:00
toddouska
fa25e5d09d
fix normal math off by one loop error in fast_s_mp_mul_high_digs
2016-01-29 13:54:41 -08:00
Jacob Barthelmeh
9a5ad356a6
fixed point DH operations
2016-01-29 10:31:49 -07:00
Jacob Barthelmeh
611e37b3e8
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
toddouska
6856e5bbe6
Merge pull request #261 from dgarske/AsnIoCleanup
...
asm.c time cleanup and io.c include cleanup
2016-01-28 13:25:21 -08:00
David Garske
2bc0ae05b5
Added new CUSTOM_RAND_GENERATE_SEED_OS macro to allow custom random generation, which includes the OS_Seed. Opted to create new macro instead of modifying existing CUSTOM_RAND_GENERATE_SEED.
2016-01-28 09:31:36 -08:00
David Garske
fa64abd83e
Fix for deleted USER_TIME gmtime forward declaration. Fix to make sure XGMTIME maps to gmtime just as previous code did.
2016-01-27 13:20:06 -08:00
Jacob Barthelmeh
7d71d756f3
update ChaCha20-Poly1305 to most recent RFCs
2016-01-27 14:03:05 -07:00
David Garske
fadd97de3a
Moved the forward declarations until after the struct tm and time_t have been defined.
2016-01-27 11:17:54 -08:00
dgarske
3b6f2b0330
Merge pull request #274 from JacobBarthelmeh/master
...
Updated comments for adding new error id strings and added missing UNKNOWN_MAX_FRAG_LEN_E.
2016-01-27 09:28:56 -08:00
Jacob Barthelmeh
18f1faa13d
check error strings and update comment
2016-01-27 09:50:20 -07:00
Jacob Barthelmeh
71fcc1e478
comment for adding new wolfCrypt error id strings
2016-01-26 17:12:31 -07:00
David Garske
5c4a3462ee
Cleanup of the time macros in asn.c to allow expanded use of wolf "struct tm", "time_t" and "gmtime". Cleanup of the io.c socket includes for clarity. Cleanup trailing spaces in io.c and asn.c.
2016-01-26 13:47:01 -08:00
John Safranek
02397623be
Merge pull request #273 from toddouska/bump-version
...
bump dev version
2016-01-26 13:18:11 -08:00
toddouska
ee512cac4a
bump dev version
2016-01-25 13:12:45 -08:00
dgarske
18c25b5d04
Merge pull request #272 from cconlon/ksdk-fixes
...
Update support for Freescale KSDK 1.3.0, fix Freescale+FreeRTOS build
2016-01-25 12:24:01 -08:00
Chris Conlon
0801eeac8d
update support for Freescale KSDK 1.3.0
2016-01-25 10:41:26 -07:00
Nickolas Lapp
993ae48502
Merge pull request #271 from JacobBarthelmeh/mysql
...
function needed for MYSQL compatibility
2016-01-25 09:39:18 -07:00
Jacob Barthelmeh
5df55e053d
function needed for MYSQL compatibility
2016-01-22 16:33:54 -07:00
dgarske
e1abf5f623
Merge pull request #270 from JacobBarthelmeh/OAEP
...
Use type enum wc_HashType rather than int for OAEP functions.
2016-01-21 08:50:00 -08:00
Jacob Barthelmeh
63d1f81fb1
cast XMALLOC to byte pointer
2016-01-21 09:05:19 -07:00
Jacob Barthelmeh
197f25f135
use type enum wc_HashType rather than int
2016-01-20 15:31:08 -07:00
JacobBarthelmeh
3098e09f42
Merge pull request #269 from cconlon/coverity-fix
...
fix recursive include in wc_port.h
2016-01-20 09:01:09 -07:00
Chris Conlon
122a67139d
fix recursive include in wc_port.h
2016-01-19 14:23:47 -07:00
JacobBarthelmeh
f84722bbac
Merge pull request #267 from moisesguimaraes/fix_ocspstapling_dtls_typo
...
Fix ocspstapling dtls typo
2016-01-19 10:34:15 -07:00
Chris Conlon
04a1bf0086
Merge pull request #265 from toddouska/cov-tfm
...
fix coverity report for fp_mont reduce where m is half max size, not …
2016-01-19 10:30:09 -07:00
toddouska
a7bac3ae9b
Merge pull request #266 from JacobBarthelmeh/master
...
check not CHACHA_BYTE before considering normal suite
2016-01-18 17:55:02 -08:00
Moisés Guimarães
a6a2214306
removes 'end of line' spaces;
2016-01-18 20:51:27 -03:00
Moisés Guimarães
08c67e5cdc
fixes typo;
2016-01-18 20:51:27 -03:00
toddouska
33a71fb456
Merge pull request #264 from JacobBarthelmeh/OAEP
...
help out clang static analyzer
2016-01-18 15:31:18 -08:00
Jacob Barthelmeh
3a65f55bd3
check not CHACHA_BYTE before considering normal suite
2016-01-18 15:33:32 -07:00
toddouska
04b8df09e3
Merge pull request #260 from kaleb-himes/master
...
system read returns ssize_t, cast to int
2016-01-18 13:55:35 -08:00
toddouska
8e97145682
fix coverity report for fp_mont reduce where m is half max size, not currently called that big but let's allow
2016-01-18 13:53:01 -08:00
John Safranek
93e454f09a
Merge pull request #259 from dgarske/UnusedParamError
...
Fixes unused argument build error seen on CrossWorks (Issue #255 ).
2016-01-18 09:40:30 -08:00
Jacob Barthelmeh
268515018d
help out clang static analyzer
2016-01-18 10:22:12 -07:00
toddouska
1ab9f19541
Merge pull request #256 from JacobBarthelmeh/fast-rsa
...
fix for size of buffer when reading fast-rsa BN data
2016-01-15 15:47:57 -08:00
kaleb-himes
71741847d3
system read return size_t, cast to int
...
remove whitespace
2016-01-15 16:03:45 -07:00
John Safranek
014b849af4
Merge pull request #258 from toddouska/no-sha384
...
resolve issue #257 , no sha384 with wolfssl cert chain and external test
2016-01-15 13:29:06 -08:00
toddouska
81d26b83c3
Merge pull request #246 from JacobBarthelmeh/OAEP
...
RSA OAEP padding
2016-01-15 11:34:37 -08:00
Jacob Barthelmeh
476355b5bf
fix potential memory leak on fail
2016-01-14 23:58:30 -07:00
David Garske
07c79f9dc3
Fixes unused argument build error seen on CrossWorks (Issue #255 ).
2016-01-14 21:09:01 -08:00
toddouska
1d473ab7b5
resolve issue #255 , no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
toddouska
d20b8880f0
Merge pull request #254 from lchristina26/master
...
Fix formatting to VxWorks README
2016-01-14 16:49:13 -08:00
John Safranek
dec13db1e7
Merge pull request #252 from moisesguimaraes/fix_srp_build
...
fixes srp build without sha512
2016-01-14 15:48:39 -08:00
Jacob Barthelmeh
3347bea0d5
fix for size of buffer when reading fast-rsa BN data
2016-01-14 15:00:59 -07:00
Jacob Barthelmeh
008612ec70
OAEP w/ smallstack and fixs
2016-01-14 14:26:17 -07:00
dgarske
df0d2e8c3a
Merge pull request #248 from JacobBarthelmeh/CSharp
...
C# wrapper fixes account for null terminator. Added additional read/write overrides for byte[] data.
2016-01-14 08:46:18 -08:00
Leah
c41b5ac3d2
Fix formatting to VxWorks README
2016-01-13 10:42:30 -07:00
Moisés Guimarães
10df002ec5
fixes srp build without sha512
2016-01-12 15:42:58 -03:00
John Safranek
037f4c60ab
Merge pull request #251 from ejohnstown/dtls-handshake
...
fix a sequence number issue with DTLS epoch 0 messages earlier in the…
2016-01-11 11:29:25 -08:00
Iurii Kudriavtsev
03fd89bc45
Wrapping PBKDF PKCS#12 algorithm.
2016-01-10 10:50:02 +01:00
toddouska
db1f321ae3
Merge pull request #249 from lchristina26/master
...
Updates for VxWorks entropy and README, Arduino functionality
2016-01-08 16:08:13 -08:00
Jacob Barthelmeh
5e0fa1de90
utf8 switched to default and added comments
2016-01-08 16:50:49 -07:00
Leah
86ddeeb110
Add steps for including wolfSSL as an Arduino library
2016-01-08 12:07:35 -07:00
lchristina26
ae92a41512
Update fork to upstream: Merge https://github.com/wolfSSL/wolfssl
2016-01-08 11:59:35 -07:00
lchristina26
f7baf9e392
settings for Arduino functionality
2016-01-08 11:54:46 -07:00
lchristina26
efae688120
add entropy steps for VxWorks
2016-01-08 11:43:05 -07:00
Jacob Barthelmeh
ee1a767332
account for null terminator
2016-01-07 17:39:00 -07:00
John Safranek
5360e22ba5
fix a sequence number issue with DTLS epoch 0 messages earlier in the handshake
2016-01-07 13:18:01 -08:00
toddouska
431951a692
Merge pull request #247 from kaleb-himes/null-pointer-excptn
...
safeguards to avoid de-referencing a null pointer
2016-01-06 10:25:14 -08:00
kaleb-himes
38392ce56a
safeguards to avoid de-referencing a null pointer
2016-01-06 10:12:52 -07:00
John Safranek
251550ea62
Merge pull request #242 from kaleb-himes/scan-build-fixes
...
avoid unused variable warnings
2016-01-05 15:31:52 -08:00
kaleb-himes
a6ca2c3bdd
Avoid un-necessary cast
2016-01-05 14:32:45 -07:00
kaleb-himes
29e6f283cf
Implement peer suggestion
2016-01-05 14:19:46 -07:00
John Safranek
ef95000236
Merge pull request #243 from kaleb-himes/scan-build-fixes2
...
Avoid unused variable warnings with dead store in AES_GCM_decrypt
2016-01-05 12:30:32 -08:00
John Safranek
db55f0f8dd
Merge pull request #235 from moisesguimaraes/fix_localhost_ocsp_stapling_tests
...
Fixes --enable-ocspstapling and --enable-ocspstapling2 Jenkins failures
2016-01-05 12:07:43 -08:00
toddouska
1a16001dac
Merge pull request #245 from kaleb-himes/scan-build-fixes4
...
check err after set
2016-01-05 10:52:53 -08:00
Moisés Guimarães
1fd496a5a7
Merge pull request #244 from kaleb-himes/scan-build-fixes3
...
Remove unnecessary assignment prior to return
2016-01-05 15:27:26 -03:00
Jacob Barthelmeh
d815affe83
RSA OAEP padding
2016-01-05 10:56:15 -07:00
kaleb-himes
e4c4c5a73a
white space change removed
2016-01-05 07:37:31 -07:00
kaleb-himes
699597bb21
execute undef before checking and return
2016-01-05 07:35:28 -07:00
toddouska
3725133592
Merge pull request #240 from kaleb-himes/myStack-init-check
...
compiler warning about myStack use in unique environment
2016-01-04 16:45:12 -08:00
kaleb-himes
fcfef59c43
check err after set
2016-01-04 17:04:10 -07:00
kaleb-himes
21c972f805
Remove unnecessary assignment prior to return
2016-01-04 16:08:04 -07:00
kaleb-himes
023052eaf1
Avoid unused variable warnings with dead store in AES_GCM_decrypt
2016-01-04 15:40:10 -07:00
kaleb-himes
dd469bb67d
avoid unused variable warnings
2016-01-04 15:03:39 -07:00
lchristina26
0718f4b9a3
formatting fixes for VxWorks README
2016-01-04 14:44:08 -07:00
lchristina26
9351f0d2e7
updates to VxWorks README
2016-01-04 14:41:31 -07:00
lchristina26
4834e2d5cf
updates for VxWorks simulator entropy
2016-01-04 14:33:30 -07:00
kaleb-himes
15918ebd99
initialize myStack to NULL for the later check against NULL
2016-01-04 13:18:43 -07:00
Moisés Guimarães
858da86c05
restore original certs, without OCSP Authority Information Access;
2016-01-04 17:15:29 -03:00
kaleb-himes
e6398998b1
check for NULL after malloc in posix_memalign
2016-01-04 12:55:35 -07:00
kaleb-himes
723a7fcf90
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into myStack-init-check
2016-01-04 09:17:04 -07:00
Moisés Guimarães
8a47c1d01e
Merge pull request #237 from kaleb-himes/32-bit-ocsp
...
Also account for 32-bit users with ocsp test
2016-01-04 09:33:12 -03:00
Moisés Guimarães
d817f0fbc8
fixes test scripts to avoid bash-isms
2016-01-04 09:27:58 -03:00
toddouska
7bbd93b609
Merge pull request #239 from kaleb-himes/openx-curve-unused
...
Fix cases that were not detected in Jenkins
2015-12-31 18:35:03 -08:00
kaleb-himes
fa3f0660b6
compiler warning about myStack use
2015-12-31 13:59:11 -07:00
John Safranek
51e365541f
Merge pull request #238 from toddouska/aesni-192key
...
fix aesni 192bit key expansion over read of 64bits
2015-12-31 12:55:28 -08:00
kaleb-himes
b78fb311bb
Fix cases that were not detected in Jenkins
2015-12-31 13:18:37 -07:00
toddouska
99539b8875
fix aesni 192bit key expansion over read of 64bits
2015-12-31 11:19:47 -08:00
kaleb-himes
84ae9a9ae5
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
toddouska
71a3555f6f
Merge pull request #236 from kaleb-himes/ed-openx-unused
...
catching up on old jenkins issues that need fixed
2015-12-31 10:29:32 -08:00
kaleb-himes
6a56a53545
catching up on old jenkins issues
2015-12-31 09:33:01 -07:00
Moisés Guimarães
1bef0ba455
cosmetic changes to OCSP Stapling options.
2015-12-30 17:10:25 -03:00
Moisés Guimarães
5fb8ea691a
updates ocsp certs with better OCSP Responder URI.
2015-12-30 16:50:22 -03:00
Jacob Barthelmeh
5040820f98
prepare for 3.8.0 release
2015-12-30 12:09:31 -07:00
toddouska
2145eebd1a
Merge pull request #234 from JacobBarthelmeh/master
...
add ocsp needed certs to dist
2015-12-30 10:51:17 -08:00
Jacob Barthelmeh
0c21b67bb6
add ocsp needed certs to dist
2015-12-30 10:19:20 -07:00
JacobBarthelmeh
87e828bf17
Merge pull request #233 from toddouska/hint-types
...
fix hint types for misuse of in_buffer and out_buffer
2015-12-30 09:34:25 -07:00
toddouska
71218169c1
Merge pull request #232 from kaleb-himes/master
...
accounts for assumptions with external ocsp stapling test
2015-12-29 18:22:11 -08:00
toddouska
157486ce0d
fix hint types for misuse of in_buffer and out_buffer
2015-12-29 16:13:09 -08:00
kaleb-himes
a973eca4b8
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
Moisés Guimarães
6ba14fa241
fixes some errors from Jenkins Expected Configurations Build # 111
2015-12-29 10:19:27 -03:00
toddouska
0a14e6f3c6
Merge pull request #230 from cconlon/mcp_time_fix
...
fix LowResTimer on Microchip ports
2015-12-28 21:56:07 -08:00
Moisés Guimarães
774d335387
Merge branch 'csr'
2015-12-28 19:53:27 -03:00
Moisés Guimarães
ec9d23a9c3
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
Moisés Guimarães
487bb4eb5e
fixes before merge
2015-12-28 19:33:06 -03:00
Chris Conlon
a9894e9033
Merge pull request #229 from ejohnstown/dtls-warnings
...
fix DTLS warnings for Windows
2015-12-28 14:20:03 -07:00
Chris Conlon
47426b1f8d
fix LowResTimer on Microchip ports
2015-12-28 13:58:01 -07:00
Moisés Guimarães
2e00b12b69
updates configure.ac with better option naming.
2015-12-28 17:55:41 -03:00
toddouska
91c06736cb
Merge pull request #228 from kaleb-himes/typo-corrections
...
minor typo corrections
2015-12-28 11:56:48 -08:00
toddouska
2d33380abc
Merge pull request #225 from JacobBarthelmeh/master
...
help message to use NTRU key in example server
2015-12-28 11:56:13 -08:00
toddouska
c3df8af997
Merge pull request #223 from cconlon/vswarnings
...
fix Visual Studio warnings
2015-12-28 11:55:13 -08:00
toddouska
3a1909dab9
Merge pull request #209 from kaleb-himes/master
...
OpenSSH added support for additional NID types. Update our compatibil…
2015-12-28 11:52:38 -08:00
John Safranek
92cb8eee61
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
Kaleb Joseph Himes
99797eb4f6
Merge pull request #227 from ejohnstown/example-comments
...
Example comments
2015-12-23 15:09:54 -07:00
kaleb-himes
cc8633fe7f
minor typo corrections
2015-12-23 13:28:45 -07:00
John Safranek
4b836f8476
added note to client and server regarding port 0
2015-12-23 12:20:53 -08:00
John Safranek
d17549f848
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
Kaleb Joseph Himes
558d2566cc
Merge pull request #226 from toddouska/ranports-scripts
...
add random ports for all make check scripts, unique ready file
2015-12-23 12:49:16 -07:00
Chris Conlon
5cbaa9de20
Merge pull request #224 from ejohnstown/windows-fips-segments
...
add the Windows object ordering tags to wolfCrypt first and last sources
2015-12-22 17:08:57 -07:00
toddouska
22385f2b39
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
Jacob Barthelmeh
41f50b7a73
NTRU suites considered part of static RSA suites group
2015-12-22 15:19:11 -07:00
Jacob Barthelmeh
0721b79282
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
John Safranek
44c4f18d3e
fix DTLS warnings for Windows
2015-12-22 09:45:54 -08:00
kaleb-himes
cbf3213c4f
correct logic on pre-processor macro
2015-12-21 23:33:33 -07:00
kaleb-himes
0cb2374c69
Ensure configured before assuming message digest is supported
2015-12-21 23:03:45 -07:00
Chris Conlon
b153ac002c
fix Visual Studio warnings
2015-12-21 16:11:02 -07:00
John Safranek
d5295edbd1
add the Windows object ordering tags to wolfCrypt first and last sources
2015-12-21 11:01:09 -08:00
Jacob Barthelmeh
37b8e60537
Merge branch 'toddouska-hello-size'
2015-12-18 10:00:00 -07:00
Jacob Barthelmeh
4da1ae3947
Merge branch 'hello-size' of https://github.com/toddouska/wolfssl into toddouska-hello-size
2015-12-18 09:33:13 -07:00
John Safranek
917edc5f18
Merge pull request #218 from toddouska/ssl3-aes256
...
add aes256 key derivation to ssl3
2015-12-17 18:30:23 -08:00
Chris Conlon
b89354880f
switch pragma once uses, causes warnings on some compilers
2015-12-17 13:19:17 -07:00
toddouska
e503b89ca1
allow sniffer build with -v 0 examples to work
2015-12-17 12:10:22 -08:00
toddouska
6c69b7f109
make hello suite size user settable, increase default
2015-12-17 09:57:44 -08:00
kaleb-himes
d395c5aba3
condense to one switch statement for testing of message digests
2015-12-16 11:40:58 -07:00
kaleb-himes
46c4653f60
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-12-16 11:37:07 -07:00
toddouska
ed8a50ce69
Merge pull request #211 from lchristina26/master
...
GenerateSeed() Function for VxWorks compatibility
2015-12-15 15:59:20 -08:00
toddouska
94b1df49ae
Merge pull request #219 from JacobBarthelmeh/master
...
install user_rsa.h and fix leading bit function
2015-12-15 15:57:48 -08:00
lchristina26
3113c8db9b
update VXWORKS GenerateSeed() - no printf, error return
2015-12-15 16:52:21 -07:00
Jacob Barthelmeh
1cdc6d5edb
refactoring dist and install of user/fast-rsa
2015-12-15 16:09:49 -07:00
Jacob Barthelmeh
b87c7fb460
install user_rsa.h and fix leading bit function
2015-12-15 13:50:01 -07:00
toddouska
eed40eb690
add aes256 key derivation to ssl3
2015-12-15 11:54:03 -08:00
toddouska
b9e2ff3055
Merge pull request #217 from NickolasLapp/openssl_version_increase
...
Add in stub functions for opensslv1.0.1 w/ stunnel and lighttpd
2015-12-15 11:17:52 -08:00
Moisés Guimarães
9688a0f0db
fixes API names (marketing wise);
2015-12-14 23:12:08 -03:00
Moisés Guimarães
a15c003211
adds extra certs for ocspstapling tests;
2015-12-14 23:02:49 -03:00
Moisés Guimarães
0ca6a5601e
fixes OCSP_MULTI check;
...
adds root-ca-cert to index0.txt;
adds keyUsage to CA certs;
sets fixed serial to root-ca-cert;
2015-12-14 20:22:48 -03:00
Nickolas Lapp
bf621f1832
Add in stub functions for opensslv1.0.1 w/ stunnel and lighttpd
2015-12-14 15:36:04 -07:00
Moisés Guimarães
196b983b7b
adds ocsp test scripts;
2015-12-13 18:06:08 -03:00
John Safranek
a834c2acf6
improved DTLS handshake sequence numbering when retransmitting finished message
2015-12-11 18:41:09 -08:00
lchristina26
6ab9c87f13
add comment to VXWORKS GenerateSeed()
2015-12-11 13:41:05 -07:00
lchristina26
e2456214f4
update random.c for better entropy with VXWORKS
2015-12-11 13:22:33 -07:00
lchristina26
8b99cea5c8
update README with entropy instructions
2015-12-11 13:19:44 -07:00
dgarske
af4eb590a6
Merge pull request #214 from aburks/IS-213-AESFailsWithFreescaleCAU
...
Issue #213 : AES fails with Freescale (mm)CAU
2015-12-10 17:08:52 -08:00
dgarske
838c5297c3
Merge pull request #216 from aburks/IS-215-SignatureUsesOldRNG
...
Issue #215 : Signature module uses old RNG
2015-12-10 17:08:36 -08:00
Andrew Burks
03a643cc35
Issue #215 : Signature module uses old RNG. Use the new WC_RNG construct instead in order to prevent conflicts with board support packages.
2015-12-10 17:04:48 -08:00
Andrew Burks
bc54b18cad
Issue #213 : AES fails with Freescale (mm)CAU.
2015-12-10 16:55:49 -08:00
toddouska
4f0c2177b2
Merge pull request #212 from dgarske/CleanupAsnLeadingZero
...
Cleanup of the leading zero detection in wc_RsaKeyToDer and wc_DsaKey…
2015-12-10 11:11:58 -08:00
David Garske
89518ad445
Cleanup of the leading zero detection in wc_RsaKeyToDer and wc_DsaKeyToDer to use existing mp_leading_bit function.
2015-12-10 10:48:50 -08:00
Jacob Barthelmeh
1c4b3016e6
set required tls1_2 for when using ChaCha20-Poly1305 suite
2015-12-10 11:45:27 -07:00
toddouska
5c5c7ffaec
Merge pull request #210 from dgarske/CheckEccAltwFastMath
...
Added compile time check for ALT_ECC_SIZE requiring USE_FAST_MATH.
2015-12-10 10:24:20 -08:00
lchristina26
cb73064c10
format changes to VXWORKS GenerateSeed()
2015-12-09 13:22:13 -07:00
lchristina26
38ac17864e
added entropy, wc_GenerateSeed() for VxWorks
2015-12-09 13:18:42 -07:00
David Garske
1153c31bbb
Added compile time check for ALT_ECC_SIZE requiring USE_FAST_MATH.
2015-12-09 09:53:59 -08:00
kaleb-himes
97dcb5e567
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-12-08 13:45:25 -08:00
Chris Conlon
5fd4903fde
bump version to 3.7.3
2015-12-08 09:32:00 -08:00
kaleb-himes
1d1af6410d
OpenSSH added support for additional NID types. Update our compatibility layer
2015-12-08 07:27:43 -08:00
Moisés Guimarães
d30a1be572
adds new certificates for OCSP tests
2015-12-07 19:55:33 -03:00
John Safranek
8756c31a01
Merge branch 'master' of github.com:wolfSSL/wolfssl
2015-12-07 12:43:01 -08:00
John Safranek
c7fdc9ba9e
DTLS Hello Verify and Server Hello should use the sequence number of the Client Hello
2015-12-07 11:24:14 -08:00
toddouska
4a0c4fbf3f
remove fprintf from ecdsa verify fail wrapper
2015-12-07 09:25:19 -08:00
toddouska
beebc87bc8
Merge pull request #208 from JacobBarthelmeh/master
...
example IO callback and keep memory alive when needed
2015-12-07 09:12:07 -08:00
Jacob Barthelmeh
1600ba7f3d
example IO callback and keep memory alive when needed
2015-12-06 14:30:00 -07:00
John Safranek
6c70e3233d
fix bug where unknown OIDs were treated as parsing errors rather than ignored
2015-12-05 13:14:29 -08:00
David Garske
89a65b0aa0
Fixed compile error in signature.c with g++. Corrected comment.
2015-12-04 15:22:06 -08:00
toddouska
179f1cab9b
Merge branch 'keyex'
2015-12-03 12:38:02 -08:00
toddouska
37bc497f21
fix merge conflict
2015-12-03 12:37:49 -08:00
toddouska
532d1da9c0
Merge pull request #206 from dgarske/FixExtraMalloc_wNotTLS12
...
Fixed issue with "WOLFSSL_SMALL_STACK" and pre TLS 1.2 in "SendServer…
2015-12-03 11:26:43 -08:00
toddouska
0c9dca3a5f
Merge pull request #201 from JacobBarthelmeh/fast-rsa
...
modification to fast-rsa sign operation and make key
2015-12-03 11:19:02 -08:00
toddouska
1c2a920b8f
Merge pull request #203 from dgarske/SendServerHelloRNGCombine
...
Combined "wc_RNG_GenerateBlock" calls in "SendServerHello".
2015-12-03 11:16:00 -08:00
David Garske
b1d18d8455
Fixed issue with "WOLFSSL_SMALL_STACK" and pre TLS 1.2 in "SendServerKeyExchange" where "encodedSig" is allocated and not used.
2015-12-02 19:43:05 -08:00
Jacob Barthelmeh
fea769816c
ed25519 verify function return descriptive error value
2015-12-02 15:55:40 -07:00
toddouska
e08fa67a32
fix clang --disable-memory issues
2015-12-02 14:40:32 -08:00
John Safranek
5cf94166b2
silently drop epoch 0 messages when handshake completed
2015-12-01 14:59:32 -08:00
Jacob Barthelmeh
d673a56c83
change line ending of license to match Windows CR LF
2015-12-01 14:49:16 -07:00
John Safranek
5687562e7b
back out change to decryptedCur flag
2015-12-01 13:32:00 -08:00
John Safranek
a5f689168e
fix call to IsEncryptionOn for session tickets
2015-12-01 09:18:21 -08:00
Jacob Barthelmeh
bb5de34e5c
cast type on XMALLOC with ntru
2015-12-01 09:24:44 -07:00
David Garske
654e17379e
Combined "wc_RNG_GenerateBlock" calls in "SendServerHello".
2015-11-30 19:29:20 -08:00
John Safranek
251d0364f8
check DTLS sequence number against window a little earlier
2015-11-30 17:16:47 -08:00
Moisés Guimarães
346dcb0fd9
adds WOLFSSL_CSR2_OCSP_MULTI support;
2015-11-30 21:26:00 -03:00
John Safranek
514aa331f8
wrapped checks for encryptionOn with a function to allow more complicated checks like for epoch 0 being unencrypted
2015-11-30 14:43:03 -08:00
Moisés Guimarães
07356af78e
prepares BuildCertificateStatus() to send more than one certificate status;
2015-11-30 18:34:00 -03:00
Chris Conlon
767da41b16
allow 1024 and 2048 example cert buffers to be enabled at same time, gencertbuf.pl
2015-11-30 14:18:17 -07:00
Chris Conlon
d2a80ba1bc
remove extra NULL check in SetTmpDH_buffer/file_wrapper, fix API tests
2015-11-30 10:25:55 -07:00
Jacob Barthelmeh
6030970026
perfer local IPP libraries, memory usage and casting
2015-11-29 23:34:58 -07:00
Jacob Barthelmeh
db599bb361
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into fast-rsa
2015-11-29 13:39:45 -07:00
Takashi Kojo
4217ef5475
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
John Safranek
7f1b9a1e13
storing DTLS handshake messages takes into account overlapping data
2015-11-25 20:25:57 -08:00
toddouska
83f26abdde
Merge pull request #198 from JacobBarthelmeh/master
...
C Sharp wrapper
2015-11-25 14:11:52 -08:00
John Safranek
e4894bfd0b
add comments to clarify accept and connect state advancement due to sending fragments
2015-11-25 11:10:42 -08:00
John Safranek
02411ccced
add F back into the client command line options scanning
2015-11-25 10:36:51 -08:00
toddouska
1b3254cc47
Merge pull request #202 from NickolasLapp/openssl_test_update
...
Clarify Openssl.test results messaging
2015-11-25 09:12:52 -08:00
Jacob Barthelmeh
f7fac88e8b
Don't error out when calling ippInit to find optimized IPP library, just fall back to use standard
2015-11-24 17:28:43 -07:00
Nickolas Lapp
33eb4b98d3
Clarify Openssl.test results messaging
2015-11-24 15:16:26 -07:00
toddouska
1626ae6287
Merge pull request #200 from lchristina26/master
...
Update VxWorks README to assume a filesystem, fix typos
2015-11-24 13:31:16 -08:00
Jacob Barthelmeh
c5c9991d11
modification to fast-rsa sign operation and make key
2015-11-24 13:41:04 -07:00
Jacob Barthelmeh
da127dfb17
warrning for unused function in user-crypto / fast-rsa mode
2015-11-24 13:18:39 -07:00
lchristina26
76952d9ea9
updated README to leave out NO_FILESYSTEM
2015-11-24 12:21:01 -07:00
Moisés Guimarães
1fbaf089ae
adds support to WOLFSSL_CSR2_OCSP in both DoCertificateStatus() and SendCertificateStatus();
...
adds contingence plan for status_request_v2;
2015-11-24 00:47:27 -03:00
Moisés Guimarães
f9d6464793
adds basic extension code for CERTIFICATE_STATUS_REQUEST_V2;
...
fixes EncodeOcspRequestExtensions() length check;
2015-11-23 23:42:05 -03:00
Takashi Kojo
e4bed957b3
#1591 : fixed macro control for MDK4
2015-11-24 11:26:08 +09:00
toddouska
91b7cddb7c
better error checking on condition variable operations, cleanup
2015-11-23 15:13:36 -08:00
toddouska
b9f0243528
Merge pull request #195 from dgarske/LPCXpresso
...
Adds LPCXpresso IDE support
2015-11-23 14:47:20 -08:00
toddouska
6c1fd13184
Merge pull request #199 from dgarske/ChangeToWolfRootWarnFix
...
Fixes "warning: Size argument is greater than the free space in the d…
2015-11-23 14:43:45 -08:00
David Garske
c3b3ba4a2a
Fixes "warning: Size argument is greater than the free space in the destination buffer" with XSTRNCAT().
2015-11-23 14:41:24 -08:00
toddouska
feef035c06
Merge branch 'crl-monitor'
2015-11-23 14:17:27 -08:00
toddouska
32b2d7f9e4
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
Moisés Guimarães
96e18a8c68
adds next update verification when decoding the OcspResponse;
...
fixes memleak in GetOcspStatus(); If the status was outdated, the responseBuffer was allocated twice;
consider error in OcspResponseDecode() also a BAD_CERTIFICATE_STATUS_ERROR;
2015-11-23 15:11:51 -03:00
Moisés Guimarães
f3131fb5d6
adds next update time to ocspd.sh
2015-11-23 13:34:27 -03:00
Moisés Guimarães
b820619e6c
updates certs;
...
adds ocsp certs;
2015-11-23 09:56:45 -03:00
Moisés Guimarães
51f5ded392
adds config to generate ocsp certs
2015-11-23 09:44:39 -03:00
Moisés Guimarães
aaad9787db
updates box version to trusty64;
...
fixes provisioning errors;
2015-11-23 09:19:33 -03:00
John Safranek
d248a7660c
ASN: when getting OID from stream, check the summed value; added utility to skip OID; setting OID uses same strings as getting, separated NULL tag from the OID
2015-11-21 12:00:34 -08:00
Chris Conlon
9c6b52876a
add SetTmpDH file/buffer functions to API tests
2015-11-20 13:32:44 -07:00
Chris Conlon
85373f7b6e
move SetTmpDH buffer functions out of NO_FILESYSTEM
2015-11-20 13:30:22 -07:00
Jacob Barthelmeh
7d13fe9017
license heading
2015-11-20 10:19:55 -07:00
Jacob Barthelmeh
39d6992759
logging levels added
2015-11-20 09:59:08 -07:00
Jacob Barthelmeh
b9dae51658
C Sharp wrapper
2015-11-19 20:51:32 -07:00
David Garske
6abfaf6df4
Implemented Wolf version of LPC18XX startup code to eliminate NXP code from our repo. Cleanup of trailing spaces and convert tabs to spaces.
2015-11-19 19:06:40 -08:00
toddouska
14cb082a37
Merge pull request #197 from dgarske/RowleyIDECleanup
...
Rowley IDE fix to exclude .asm and .s files. Cleanup to remove Rowley…
2015-11-19 18:16:57 -08:00
David Garske
c898c582f9
Corrected filename in include.am and top of file.
2015-11-19 17:56:49 -08:00
David Garske
1894358bec
Rowley IDE fix to exclude .asm and .s files. Cleanup to remove Rowley example code, leaving just stubs and Wolf code.
2015-11-19 14:32:45 -08:00
toddouska
6d67ee11b6
Merge pull request #196 from NickolasLapp/SNI_ConditionalCompile
...
Define SNI func condtionally. Declare var at top of func
2015-11-19 13:18:23 -08:00
Nickolas Lapp
c3cdbf31bb
Define SNI func condtionally. Declare var at top of func
2015-11-19 13:49:57 -07:00
toddouska
2698736aaf
fix missing XMALLOC/FREE types
2015-11-19 10:20:28 -08:00
David Garske
e51f99a5c3
Adds LPCXpresso IDE support. Tested with the OM13076 (LPCXpresso18S37) board.
2015-11-18 17:16:33 -08:00
toddouska
4da70f9fe9
Merge pull request #193 from dgarske/SigHashFixes
...
Fixes for build errors with new signature and hash wrapping functions…
2015-11-17 12:19:21 -08:00
toddouska
a2915fbc57
Merge pull request #194 from dgarske/BenchmarkAddHeader
...
Added benchmark.h to expose the benchmark_test function. Updated a co…
2015-11-17 12:13:08 -08:00
David Garske
cdc830c1cc
Fixes for build errors with new signature and hash wrapping functions. Disabled MD2/4 hash wrapping.
2015-11-17 10:15:36 -08:00
David Garske
09793e3206
Added benchmark.h to expose the benchmark_test function. Updated a couple of projects to use the new benchmark header.
2015-11-17 08:52:12 -08:00
toddouska
5e80bf46bf
Merge branch 'master' of github.com:wolfssl/wolfssl
2015-11-16 13:20:26 -08:00
toddouska
ca7956b50d
update cavium nitrox port to wolfssl
2015-11-16 13:20:19 -08:00
toddouska
4e7935f5f5
Merge pull request #188 from dgarske/HashSignVerifyWrappers
...
New hash and signature wrapper functions:
2015-11-16 12:16:55 -08:00
David Garske
103f984421
Cleanup of the signature wrapper error cases to be more explicit.
2015-11-16 11:54:23 -08:00
Moisés Guimarães
60b1a0c8be
fixes scan-build warnings
2015-11-16 16:16:48 -03:00
Moisés Guimarães
5e4955f689
reuse OcspRequest data in ocsp stapling;
2015-11-16 16:03:48 -03:00
Moisés Guimarães
6d6ca56e4e
fixes SendCertificateStatus() loading the CA in the server side to build the OCSP request properly.
2015-11-16 15:31:50 -03:00
Moisés Guimarães
24907fc818
adds buffer logging;
2015-11-15 18:43:29 -03:00
Moisés Guimarães
12802f40c5
finishes SendCertificateStatus(); sending the stored status;
2015-11-15 16:40:47 -03:00
Moisés Guimarães
8ae6bf1641
adds server side Certificate Status Request extension;
...
missing: Finish SendCertificateStatus();
2015-11-15 00:26:11 -03:00
Moisés Guimarães
cc684f8593
fixes OCSP nonce extension size estimation at client hello message;
2015-11-14 22:28:52 -03:00
Chris Conlon
a38f7bb937
fix jni build enabling ecc on non 64 bit platforms
2015-11-13 16:58:05 -07:00
David Garske
b870bad63e
Added new "SIG_VERIFY_E" type for "wc_SignatureVerify" failure. Added argument checking on new signature wrapper functions. Added new "NO_SIG_WRAPPER" to optionally disable wrappers to reduce code size.
2015-11-13 12:22:32 -08:00
Leah
4a853b7318
Update README.md
2015-11-13 10:45:11 -07:00
Leah
bcff81fd64
Update README.md
2015-11-13 10:38:58 -07:00
Leah
9007d4b655
Update README.md
2015-11-13 10:37:46 -07:00
Leah
0994491916
Update README.md
2015-11-13 10:36:36 -07:00
Leah
e5707f0d49
Update README.md
2015-11-13 10:35:13 -07:00
toddouska
0c1a4dfd12
Merge pull request #190 from NickolasLapp/stunnel_session_changes
...
Implement missing openssl API
2015-11-12 16:11:01 -08:00
Nickolas Lapp
66965759d5
Implement missing openssl API
2015-11-12 16:52:56 -07:00
toddouska
5c96be4d19
fix idea conversion warnings
2015-11-12 15:14:00 -08:00
toddouska
806a2748bf
Merge pull request #189 from lchristina26/master
...
Updates for Wind River WORKBENCH/ VxWorks Compatibility
2015-11-12 13:33:27 -08:00
Leah
307413f11b
Update README.md
2015-11-12 13:34:36 -07:00
lchristina26
db6920d372
updates for vxworks compatibility
2015-11-12 13:33:47 -07:00
toddouska
261fedd906
idea_mult() now works on 16,32, AND 64bit systems
2015-11-12 10:32:35 -08:00
toddouska
d9cb1cfbe1
fix idea_mult() for 16 and 32bit systems
2015-11-12 10:22:31 -08:00
Leah
ba92b2db7b
Update README.md
2015-11-12 10:47:38 -07:00
David Garske
f692c8cefb
New hash and signature wrapper functions:
...
1. Added new hash wrapper function "wc_Hash". Hash functions support Md# and SHA# using "enum wc_HashType". Added new "wc_HashGetDigestSize" function to get hash size (returns 0 if not supported).
2. Added new signature wrapper functions "wc_SignatureGenerate" and "wc_SignatureVerify" to perform hash then sign/verify of bytes. Signature functions support ECC and RSA using "enum wc_SignatureType". Added new "wc_SignatureGetSize" function to get the signature size using the key (returns 0 if not supported).
2015-11-12 09:36:14 -08:00
Takashi Kojo
302fd05edd
Change "//" to "/* */" comment. Removed unreferred functions.
2015-11-12 15:31:58 +09:00
toddouska
866b1517d3
Merge pull request #187 from NickolasLapp/fix_getShutdown
...
Make get_shutdown return correct results with stunnel
2015-11-11 11:15:22 -08:00
Nickolas Lapp
e49b12c7cc
Make get_shutdown return correct results with stunnel
2015-11-11 11:43:38 -07:00
Leah
01e649210d
Update README.md
2015-11-11 10:16:48 -07:00
Leah
6cdeebc4da
Update README.md
2015-11-11 10:03:49 -07:00
Leah
27e523a85a
Update README.md
2015-11-11 10:00:53 -07:00
Leah
d34f2ebc35
Update README.md
2015-11-11 09:30:03 -07:00
Leah
cdea03fdf3
Update README.md
2015-11-11 09:28:59 -07:00
Leah
f9cd90872d
Update README.md
2015-11-11 09:21:27 -07:00
Leah
4063fbc2b5
Update README.md
2015-11-11 09:18:00 -07:00
Leah
7d9356ae04
Update README.md
2015-11-11 09:13:04 -07:00
Leah
19ebc5b600
Update README.md
2015-11-11 09:12:10 -07:00
Leah
c3540b2f6e
Update README.md
2015-11-11 09:11:14 -07:00
toddouska
28cbe7e7a5
Merge pull request #186 from tisb-vikram/master
...
add HAVE_ECC to WolfSSL/TI-RTOS settings
2015-11-10 19:58:46 -08:00
Vikram Adiga
196b965be5
add HAVE_ECC to WolfSSL/TI-RTOS settings
2015-11-10 18:06:55 -08:00
toddouska
d076fdf0cd
Merge pull request #185 from tisb-vikram/master
...
fix TI-RTOS makefiles to build wolfSSL from local dir
2015-11-10 17:41:57 -08:00
Vikram Adiga
3211817f59
fix TI-RTOS makefiles to build wolfSSL from local dir
...
Signed-off-by: Vikram Adiga <vikram.adiga@ti.com >
2015-11-10 17:21:10 -08:00
toddouska
a69d99981f
Merge pull request #184 from kaleb-himes/master
...
allow openssl extra tests if configuration supports
2015-11-10 15:15:30 -08:00
kaleb-himes
c3a249009f
allow openssl extra tests if configuration supports
2015-11-10 15:29:05 -07:00
Moisés Guimarães
9b8f26329d
improves srp unit test to use random salt;
2015-11-10 17:43:02 -03:00
toddouska
5823485f61
Merge pull request #182 from lchristina26/master
...
Update the README for VxWORKS
2015-11-10 12:36:59 -08:00
Leah
56e94cb3a9
Update README.md
2015-11-09 22:37:21 -07:00
Leah
9c43e94746
Update README.md
2015-11-09 22:36:00 -07:00
Leah
ebd1e2b35d
Update README.md
2015-11-09 22:35:16 -07:00
Leah
a0f3fa1f1a
Update README.md
2015-11-09 22:34:53 -07:00
lchristina26
54c5a3a10c
update VxWorks readme
2015-11-09 17:23:25 -07:00
toddouska
6efd8e2db0
fix unused PemToDer() vars depending on build options
2015-11-09 14:58:20 -08:00
toddouska
906be9fb20
add printf to logger w/o callbacks w/ WOLFSSL_LOG_PRINTF
2015-11-09 14:55:09 -08:00
toddouska
417f85da86
use gmtime_r if there
2015-11-09 14:48:39 -08:00
toddouska
756feb37f5
Merge pull request #179 from kaleb-himes/master
...
SAFESEH:NO in DLL Debug|Win32
2015-11-09 14:25:23 -08:00
kaleb-himes
e9348635a0
SAFESEH:NO in DLL Debug|Win32
2015-11-09 15:11:58 -07:00
toddouska
d869279ad5
Merge branch 'custom-seed'
2015-11-06 15:37:26 -08:00
David Garske
099b6bc3df
Updated the Rowley Crossworks example so it builds due to new user-crypto. Tested and verified new "CUSTOM_RAND_TYPE" using 8, 16 and 32 bit values.
2015-11-06 09:41:16 -08:00
David Garske
05f4c83b98
Optimizations to improve random number generation performance and provide additional ways to implement custom versions of custom random handlers. Added new "CUSTOM_RAND_TYPE" to define the datatype for the "CUSTOM_RAND_GENERATE" function. Added new "CUSTOM_RAND_GENERATE_SEED" option for anyone who wants to implement their own equivalent "wc_GenerateSeed()" function. Added generic FREESCALE_RNGA and FREESCALE_RNGB options.
2015-11-05 22:20:11 -08:00
Moisés Guimarães
dccbc1cdd4
fixes ocsp nonce extension decoding;
...
enables use of ocsp nonce extension in the client example.
2015-11-05 11:45:42 -03:00
Moisés Guimarães
62210186c7
fix code logic to single if
2015-11-05 11:45:41 -03:00
toddouska
17c9494a2d
fix gfmul intel calling convention
2015-11-04 13:26:38 -08:00
toddouska
124f1f8ce7
switch gfmul to intel syntax in aes_asm.asm
2015-11-04 11:55:04 -08:00
John Safranek
3b102862b1
exclude new AES-GCM test when in FIPS mode
2015-11-03 16:57:38 -08:00
John Safranek
23ba31cbdd
1. Fixed bug where AES-GCM IVs had to only be 12 bytes. Now
...
accepts any length.
2. Added test case for AES-GCM using an 60 byte IV.
3. AesGcmSetKey doesn't calculate H value in AES-NI mode.
2015-11-03 16:47:42 -08:00
toddouska
427405fff9
Merge branch 'timediff'
2015-11-03 14:21:55 -08:00
toddouska
44165371bc
timediff fixup
2015-11-03 14:15:15 -08:00
toddouska
69d5f2e43c
Merge branch 'DateFormat' of https://github.com/kojo1/wolfssl into timediff
2015-11-03 14:04:14 -08:00
toddouska
5c9089651a
fix github issue #174 , disable des3 with (else if) logic broken
2015-11-03 12:03:35 -08:00
toddouska
8d4d9ebe12
fix jenkins ec 56
2015-11-03 11:30:56 -08:00
toddouska
37f4fbc000
Merge branch 'openssl-script'
2015-11-02 13:27:20 -08:00
toddouska
fbd4f8a6ed
fix merge conflict
2015-11-02 13:26:46 -08:00
toddouska
54a0a3370a
fix wolfSSL_Init to only call new wolfCrypt_Init() once
2015-11-02 12:35:43 -08:00
toddouska
a1d1155b0c
add missing error strings
2015-11-02 12:18:12 -08:00
toddouska
b13ae543ec
bump dev version
2015-11-02 11:15:21 -08:00
Moisés Guimarães
3db5a5f2c2
Merge branch csr into 'master'
2015-11-02 15:54:41 -03:00
Moisés Guimarães
21d70636dc
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
toddouska
1d32ff2c59
Merge branch 'aes-ni-gcm'
2015-11-02 09:42:10 -08:00
toddouska
28dcef2d71
gcm benchmark results format alignment
2015-11-02 09:39:34 -08:00
John Safranek
f8aeac608c
1. Add C NI-intrinsic AES-GCM encrypt and decrypt.
...
2. Fix error string for wolfcrypt test of GMAC.
3. Add AES-GCM Decrypt to benchmark.
2015-10-30 16:03:26 -07:00
toddouska
5d2d249673
turn on OpenSSL public key type decodes unless explicitly turned off
2015-10-30 13:40:05 -07:00
Takashi Kojo
d741d4cddc
Adding UTC Time Differential in ValidateDate
2015-10-30 11:26:54 +09:00
toddouska
e76f95465d
Merge pull request #170 from dgarske/master
...
Fixes initialization of the Crypto HW protection, which could leak a …
2015-10-29 13:56:18 -07:00
Leah
8dfa1af9e9
Merge pull request #169 from lchristina26/master
...
updates for VxWorks
Update example client/server to be compatible with VxWorks builds
2015-10-29 13:50:13 -06:00
lchristina26
5bcb7e98cb
readme updates
2015-10-29 13:47:40 -06:00
lchristina26
1a96ff6766
readme updates
2015-10-29 13:45:58 -06:00
lchristina26
4061346f77
more readme updates
2015-10-29 13:44:22 -06:00
lchristina26
dd99948bcd
Workbench readme update
2015-10-29 13:41:17 -06:00
lchristina26
723fc3761b
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
David Garske
dacfd84bea
Enhanced "ChangeToWolfRoot" to report error if the root was not found. Also fixed the depth limit.
2015-10-29 10:45:37 -07:00
David Garske
f977caa492
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
David Garske
d31cec0df0
Fixes initialization of the Crypto HW protection, which could leak a mutex if two calls to "wolfSSL_CryptHwMutexLock()" occurred at the same time prior to calling "wolfSSL_CryptHwMutexInit()". Fixes #164 .
2015-10-28 23:07:52 -07:00
Jacob Barthelmeh
2c41a5b961
adjust wolfssl lib value in rpm spec.in
2015-10-28 17:33:31 -06:00
Jacob Barthelmeh
55a56cac05
Release 3.7.0
2015-10-28 15:07:22 -06:00
Moisés Guimarães
3e9fd1c542
Merge branch 'master' into csr
...
Conflicts:
configure.ac
wolfssl/wolfcrypt/types.h
2015-10-28 14:34:15 -03:00
Moisés Guimarães
071a452bec
fix indentation and enum conflict
2015-10-28 12:20:20 -03:00
lchristina26
a914ca74f2
updates for VxWorks
2015-10-27 21:24:21 -06:00
toddouska
542b59d90a
Merge pull request #150 from JacobBarthelmeh/master
...
Intel RSA IPP plug in
2015-10-27 16:57:32 -07:00
Jacob Barthelmeh
8bd228a391
remove libusercrypto.dylib and adjust gitignore
2015-10-27 17:11:31 -06:00
toddouska
5b2fbd9747
Merge pull request #168 from NickolasLapp/uninitWarn
...
Fixed gcc variable-mayble-uninitialized warning
2015-10-27 16:07:12 -07:00
Nickolas Lapp
b7848481a3
Fixed gcc variable-mayble-uninitialized warning
2015-10-27 16:42:19 -06:00
Moisés Guimarães
cddebfa941
changes --enable-statusrequest to --enable-ocspstapling
2015-10-27 19:27:56 -03:00
toddouska
f477168cf7
make it easier for user to define custom bigint types
2015-10-27 14:52:07 -07:00
Jacob Barthelmeh
fa1a356888
add DYNAMIC_TYPE_USER_CRYPTO tag for malloced memory
2015-10-27 13:26:32 -06:00
Moisés Guimarães
8dc154ff71
adds support for TLS downgrading against buggy TLS servers.
...
reference: RFC 5246 - TLS 1.2 - Appendix E.1:
Note: some server implementations are known to implement version
negotiation incorrectly. For example, there are buggy TLS 1.0
servers that simply close the connection when the client offers a
version newer than TLS 1.0. Also, it is known that some servers will
refuse the connection if any TLS extensions are included in
ClientHello. Interoperability with such buggy servers is a complex
topic beyond the scope of this document, and may require multiple
connection attempts by the client.
Earlier versions of the TLS specification were not fully clear on
what the record layer version number (TLSPlaintext.version) should
contain when sending ClientHello (i.e., before it is known which
version of the protocol will be employed). Thus, TLS servers
compliant with this specification MUST accept any value {03,XX} as
the record layer version number for ClientHello.
TLS clients that wish to negotiate with older servers MAY send any
value {03,XX} as the record layer version number. Typical values
would be {03,00}, the lowest version number supported by the client,
and the value of ClientHello.client_version. No single value will
guarantee interoperability with all old servers, but this is a
complex topic beyond the scope of this document.
2015-10-27 16:10:23 -03:00
Moisés Guimarães
f37ea955ec
improves OCSP response signature verification;
...
reference: RFC 2560 - Section 4.2.2.2 Authorized Responders:
The key that signs a certificate’s status information need not be the
same key that signed the certificate. It is necessary however to
ensure that the entity signing this information is authorized to do
so. Therefore, a certificate’s issuer MUST either sign the OCSP
responses itself or it MUST explicitly designate this authority to
another entity.
2015-10-26 19:33:35 -03:00
Moisés Guimarães
a47f98ee19
adds support to nonce extension in OCSP stapling (status request tls extension);
...
fix nonce encoding, there was a missing ASN.1 OctetString header;
2015-10-26 18:11:38 -03:00
Moisés Guimarães
14fa980dad
adds contingence plan (force OCSP check when the server answer the status_request extension but doesn't sends a CertificateStatus message);
...
adds back status_request to context level;
2015-10-26 18:11:38 -03:00
Moisés Guimarães
42380793c9
adds comparison of OcspRequest and OcspResponse;
...
removes TLS Extension Status Request at context level as specific data is always needed for each session;
2015-10-26 18:11:38 -03:00
Moisés Guimarães
daf3155d3c
adds partial client support to TLS Extension Status Request, a.k.a. OCSP stapling;
...
missing:
- compare OcspRequest and OcspResponse;
- execute contingence plan;
- add nonce extension;
2015-10-26 18:11:38 -03:00
Moisés Guimarães
82f86adb8e
renames TLS Extension types to follow the TLSX_ + "extension name" pattern; using names listed by IANA:
...
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
fixes ocsp response extensions parsing in asn.c;
fixes dir slashes in .gitignore: replaces '\' with '/';
removes trailing white spaces;
2015-10-26 18:11:38 -03:00
Jacob Barthelmeh
975452f585
configure error out when not finding libraries with fast-rsa
2015-10-26 13:11:11 -06:00
John Safranek
a42308e28a
Add function ssl_FreeDecodeBuffer() to release the sniffer allocated data buffer and reset the pointer.
2015-10-26 12:01:21 -07:00
John Safranek
b05332c417
Merge branch 'master' of github.com:wolfSSL/wolfssl
2015-10-26 10:17:46 -07:00
Jacob Barthelmeh
dc31b9238f
wolfcrypt init
2015-10-23 11:55:17 -06:00
John Safranek
2569cd2ca4
simplify the size check for storing a DTLS handshake message fragment
2015-10-21 15:04:55 -07:00
John Safranek
54e06cd04e
added deallocator for DtlsPools
2015-10-21 15:04:55 -07:00
Jacob Barthelmeh
6b3c8e8b79
Merge https://github.com/wolfssl/wolfssl
2015-10-21 10:57:39 -06:00
Jacob Barthelmeh
374e31b211
user crypto memory management
2015-10-20 09:22:43 -06:00
Jacob Barthelmeh
c132f9887e
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-10-19 13:56:39 -06:00
Jacob Barthelmeh
ee5a11b8d9
Add Intel IPP crypto for RSA
...
add user-crypto makefile
update README for IPP crypto
place user crypto in wolfcrypt and use autotools
adjust distributed files
move openssl compatibility consumption
auto use IPP RSA -- IPP directory containing shared libraries local
return value of wolfSSL_BN and formating of debug
openssh testing
make sure IPP not built when fips is
ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default
try to only set library once
only use static IPP if fast rsa is enabled
make print out for user crypto more pretty
2015-10-19 13:51:49 -06:00
