mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,821 Commits 5 Branches 162 Tags
Commit Graph

8821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
00dd222aa5 Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled. 2018-12-21 08:21:59 -08:00
David Garske
9733076fe0 Fixes and cleanups for processing peer certificates: 
* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
 2018-12-21 08:20:04 -08:00
David Garske
3e31115654
Merge pull request #1993 from JacobBarthelmeh/Testing 
Release Testing
 2018-12-20 16:19:17 -08:00
Jacob Barthelmeh
d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh
7d11c3f67c fix for reported nightly Jenkins build tests 2018-12-20 13:35:54 -07:00
David Garske
a4a4cd6a3c
Merge pull request #1992 from SparkiDev/tls13_group_hrr 
Fix HelloRetryRequest to be sent immediately and not grouped
 2018-12-20 11:14:30 -08:00
Jacob Barthelmeh
5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh
164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Sean Parkinson
eba11e097a Fix HelloRetryRequest to be sent immediately and not grouped 2018-12-20 16:41:38 +10:00
Jacob Barthelmeh
48c267dda8 fix warning with secure-renegotiation build and error with ntru build 2018-12-19 15:47:43 -07:00
Jacob Barthelmeh
165a80d02d fix for build with cryptonly + rsapub 2018-12-19 15:30:22 -07:00
Jacob Barthelmeh
92d59c7df4 fix for cryptonly + rsavfy build 2018-12-19 14:36:32 -07:00
Jacob Barthelmeh
fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska
986b5d3951
Merge pull request #1988 from JacobBarthelmeh/ARMv8 
add -mstrict-align flag with armasm
 2018-12-18 15:51:32 -08:00
toddouska
4068975190
Merge pull request #1983 from dgarske/x509small_verifycb 
Include current cert as X509 in verify callback for small build
 2018-12-18 15:40:00 -08:00
toddouska
58a2f518e8
Merge pull request #1981 from dgarske/qat_features 
Added RSA Key Gen and SHA-3 support for Intel QuickAssist
 2018-12-18 15:39:38 -08:00
toddouska
0a6732ee67
Merge pull request #1979 from SparkiDev/tls_sh_tlsx_parse 
Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type
 2018-12-18 15:39:12 -08:00
toddouska
4a170c0399
Merge pull request #1971 from SparkiDev/tls13_old_hello 
Don't expect old ClientHello when version is TLS 1.3
 2018-12-18 15:38:44 -08:00
toddouska
f1c62f191d
Merge pull request #1941 from ejohnstown/rekey 
Server Side Secure Renegotiation
 2018-12-18 15:38:16 -08:00
Jacob Barthelmeh
c41d02e72f fix for Aarch32 aesgcm sanity checks 2018-12-18 10:35:53 -07:00
Jacob Barthelmeh
412966ed80 add -mstrict-align flag with armasm 2018-12-17 17:36:48 -07:00
David Garske
443dbf251b Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small. 2018-12-17 13:02:14 -08:00
David Garske
c478a2791a Fix to disable the raw Hmac_UpdateFinal_CT HMAC calculation for async crypt. Resolves issue using -v 2 -l ECDHE-RSA-AES128-SHA with QAT. 2018-12-17 12:54:33 -08:00
David Garske
cbbe63ec62 Added QAT SHA3 support. Fix for SHA512/SHA384 with QAT and Intel ASM enabled. 2018-12-17 12:54:33 -08:00
David Garske
c23489e6ed Added support for QAT RSA Key Generation. 2018-12-17 12:54:33 -08:00
JacobBarthelmeh
b60918b8cd
Merge pull request #1982 from kaleb-himes/DGE_REPORT_MAINTENANCE 
Address maintenance item: external test w/ static mem
 2018-12-17 13:52:33 -07:00
kaleb-himes
15b6c39929 Updates based on Jacobs Feedback 2018-12-17 09:42:15 -07:00
kaleb-himes
502e3c2b6d Address maintenance item: external test w/ static mem 2018-12-14 09:30:03 -07:00
David Garske
249306f08c
Merge pull request #1978 from ejohnstown/dot-release 
touch version for interstitial release
v3.15.6 		2018-12-13 10:27:41 -08:00
Sean Parkinson
c628562ee7 Fix the Old ClientHello detection with TLS 1.3 with new state 
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
 2018-12-13 17:06:00 +10:00
Sean Parkinson
f90e5601ad Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type 2018-12-13 16:12:53 +10:00
toddouska
3e326aba15
Merge pull request #1973 from SparkiDev/tls13_max_ticket_nonce_sz 
Increase maximum ticket nonce size to 8
 2018-12-12 15:00:57 -08:00
toddouska
70cb4dcdb1
Merge pull request #1972 from SparkiDev/tls13_alpn 
ALPN is returned in ServerHello even in TLS 1.3
 2018-12-12 14:59:59 -08:00
toddouska
fb68b3a450
Merge pull request #1970 from cconlon/yoctoinstall 
Add Yocto Project / OpenEmbedded build instructions to INSTALL file
 2018-12-12 14:53:44 -08:00
toddouska
122114b840
Merge pull request #1969 from dgarske/atecc508a_fixes 
Fixes for ATECC508A/ATECC608A and latest CryptoAuthLib
 2018-12-12 14:53:12 -08:00
toddouska
2ef8be2718
Merge pull request #1968 from dgarske/fixes_stm32cube_aes 
Fixes for STM32 AES GCM crypto hardware acceleration
 2018-12-12 14:52:35 -08:00
toddouska
bdf447cec9
Merge pull request #1966 from cconlon/wctestbench 
add define to use test/benchmark.h without path prefix
 2018-12-12 14:50:32 -08:00
toddouska
3f7ced3ed5
Merge pull request #1960 from SparkiDev/sp_rsavfy 
Allow a very small build based on SHA-256 and RSA verify
 2018-12-12 14:49:42 -08:00
John Safranek
f715d9179c Add check for buffer size versus pad size in DoCertificateStatus() 2018-12-12 12:48:30 -08:00
David Garske
8772b5dc51
Merge pull request #1976 from embhorn/test_fix 
Fix failing nightly tests
 2018-12-12 12:07:01 -08:00
John Safranek
eef48cd8a2 touch version for interstitial release 2018-12-12 11:49:32 -08:00
Eric Blankenhorn
cbc8f4ce38 Fix failing nightly tests 2018-12-12 09:48:34 -06:00
Sean Parkinson
d8adca91b3 Increase maximum ticket nonce size to 8 
There is a TLS 1.3 server implementation that uses 8 bytes.
 2018-12-12 09:56:05 +10:00
David Garske
c7b0aac47a
Merge pull request #1964 from embhorn/codecov 
Code coverage tests and fixes
 2018-12-11 15:08:56 -08:00
Eric Blankenhorn
195b995bc4 Fixes from review 2018-12-11 12:19:45 -06:00
Eric Blankenhorn
dc104985c3 Fixes from review 2018-12-11 11:41:39 -06:00
Eric Blankenhorn
59bfead3c8 Fixes from review 2018-12-11 11:30:13 -06:00
Eric Blankenhorn
1c0fa6fb58 Code coverage tests and fixes - default config 2018-12-11 08:56:21 -06:00
Sean Parkinson
c844b1c253 ALPN is returned in ServerHello when downgrading from TLS 1.3 
TLS 1.3 Specification has extension returned in EncryptedExtensions.
 2018-12-11 19:01:49 +10:00
Chris Conlon
a484749f4c
Merge pull request #1965 from ejohnstown/vx-mg-updates 
VxWorks/Mongoose Updates
 2018-12-10 15:56:33 -08:00