David Garske
792fcefbb7
Fix to not warn about `WC_RSA_BLINDING` in FIPS mode. Add `WC_RSA_BLINDING` to Windows `user_settings.h`.
2017-07-10 18:41:22 -07:00
David Garske
171796e8e2
Fix up for building without `./configure` to warn if hardening options are not enabled. Currently `./configure` defaults to `--enable-harden`, but if building sources directly and using `settings.h` or `user_settings.h` the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining `WC_NO_HARDEN`.
2017-07-10 14:40:07 -07:00
David Garske
cebcee34dd
Improve the Git ignore formula for `config`. Fixes issue #1012 .
2017-07-10 14:21:19 -07:00
dgarske
f9c949e7e5
Merge pull request #871 from danielinux/rm-wolfssl.pc
...
Remove automatically generated file wolfssl.pc
2017-07-10 14:16:48 -07:00
David Garske
58c05123da
Fixes for building with ATECC508A. Allow ECC check key to pass if slot numb is valid.
2017-07-10 11:07:24 -07:00
David Garske
205da48416
Fixes for building ARMv8. Adds missing SHA224 and AES KeyWrap. Fixes for FE/GE warning with Aarch32. Fix possible build error with `ed25519_test` with `ret` not defined.
2017-07-07 15:12:51 -07:00
toddouska
b6854d620f
Merge pull request #1009 from dgarske/fix_tls13_async_aes
...
Fix problem with async TLS 1.3 and raw AES encryption key change
2017-07-06 15:39:22 -07:00
toddouska
626eeaa63d
Merge pull request #1005 from SparkiDev/nginx-1.13.2
...
Changes for Nginx
2017-07-06 14:33:46 -07:00
jrblixt
ced45ced41
Changes requested by Chris.
2017-07-06 13:42:54 -06:00
Sean Parkinson
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
toddouska
4b9069f786
Merge pull request #1008 from dgarske/fix_async_frag
...
Fixes for using async with max fragment
2017-07-05 11:00:26 -07:00
toddouska
e767d40656
Merge pull request #1006 from cconlon/mqx
...
Update MQX Classic, mmCAU Ports
2017-07-05 10:30:20 -07:00
David Garske
df119692d1
Fixes for using async with `HAVE_MAX_FRAGMENT` or `--enable-maxfragment` which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment.
2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
toddouska
2939fbe242
Merge pull request #1004 from dgarske/fix_qat_dh
...
Fixes for QAT with DH and HMAC
2017-07-03 12:31:48 -07:00
Moisés Guimarães
1729e0205f
reads _CADATA from file
2017-07-03 12:39:42 -03:00
Moisés Guimarães
54177c14b4
imports certs from ./certs
2017-07-03 12:31:47 -03:00
Moisés Guimarães
bba3fcf772
removes certs
2017-07-03 12:22:22 -03:00
David Garske
c9a2c4ef02
Fix problem with async TLS 1.3 with hardware where encryption key is referenced into ssl->keys and changes before it should be used. Solution is to make raw copy of key and IV for async AES.
2017-06-30 16:41:01 -07:00
David Garske
6a695b76cb
Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration).
2017-06-30 11:48:59 -07:00
David Garske
a025417877
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
2017-06-30 11:35:51 -07:00
JacobBarthelmeh
a3375ef961
Merge pull request #997 from NickolasLapp/master
...
Updates to Linux-SGX README, and disable automatic include of
2017-06-30 11:48:12 -06:00
dgarske
d956181911
Merge pull request #1003 from jrblixt/asn_cMemLeak-fix
...
Fix possible memory leak in wc_SetKeyUsage.
2017-06-29 15:28:53 -07:00
jrblixt
baf6bdd6e1
asn.c memory leak fix.
2017-06-29 14:55:19 -06:00
toddouska
31e1d469c0
Merge pull request #1002 from SparkiDev/tls13_imprv
...
Improvements to TLS v1.3 code
2017-06-29 09:21:20 -07:00
Chris Conlon
bba914f92e
protect wolfSSL_BN_print_fp with NO_STDIO_FILESYSTEM
2017-06-29 08:52:45 -06:00
Sean Parkinson
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
Chris Conlon
c099137450
add classic Kinetis mmCAU support, FREESCALE_USE_MMCAU_CLASSIC
2017-06-28 16:32:35 -06:00
Chris Conlon
15a1c9d48e
fixes for MQX classic with Codewarrior
2017-06-28 12:28:40 -06:00
Chris Conlon
a89e50b7b7
include settings.h in wc_port.h to pick up user_settings.h
2017-06-28 12:25:44 -06:00
toddouska
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
toddouska
b29cd414ef
Merge pull request #995 from SparkiDev/tls13_cookie
...
Add TLS v1.3 Cookie extension support
2017-06-28 10:12:49 -07:00
David Garske
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
Sean Parkinson
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
Nickolas Lapp
d4e104231c
Updates to Linux-SGX README, and disable automatic include of
...
benchmark/wolfcrypt tests in static library compile
2017-06-26 14:55:13 -07:00
jrblixt
a3b21f0394
Aes unit test functions.
2017-06-26 15:16:51 -06:00
Sean Parkinson
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
JacobBarthelmeh
3bdf8b3cfd
remove fcntl.h include when custom generate seed macro is defined ( #994 )
2017-06-23 14:03:07 -07:00
Kincade Pavich
fbc4123ec0
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
toddouska
8ef556c2a0
Merge pull request #991 from JacobBarthelmeh/Testing
...
update .am files for make dist
2017-06-22 15:02:12 -07:00
Jacob Barthelmeh
b0f87fdcf7
update .am files for make dist
2017-06-22 14:14:45 -06:00
toddouska
72da8a9a07
Merge pull request #731 from moisesguimaraes/fixes-ocsp-responder
...
adds OCSP Responder extKeyUsage validation
2017-06-22 11:43:51 -07:00
toddouska
d017274bff
Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix
...
Fix potential buffer over-read in PemToDer()
2017-06-22 10:07:11 -07:00
David Garske
3a4edf75bd
Rename the option to disable the new issuer sign check to ‘WOLFSSL_NO_OCSP_ISSUER_CHECK`.
2017-06-22 09:56:43 -07:00
dgarske
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
Chris Conlon
ccb8e8c976
Merge pull request #988 from jrblixt/unitTest_api_addArc4-PR06212017
...
Add Arc4 to unit test.
2017-06-22 09:15:28 -06:00
Sean Parkinson
207b275d24
Fix HelloRetryRequest for Draft 18
2017-06-22 14:40:09 +10:00
Sean Parkinson
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
Levi Rak
a37808b32c
Sanity checkes added
2017-06-21 17:14:20 -06:00