David Garske
8612d52844
Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the `__int128_t` as const for integers. Also added `./configure --enable-curve25519=no128bit` option to force FE to not use the `int128_t` math.
2017-07-14 10:39:30 -07:00
Chris Conlon
43260f02f4
Merge pull request #1020 from toddouska/null
...
add NULL checks to check_domain_name()
2017-07-12 14:58:07 -07:00
toddouska
b12e3c6579
Merge pull request #1019 from JacobBarthelmeh/Testing
...
update AES CTR API with ARMv8 port
2017-07-12 15:57:25 -06:00
JacobBarthelmeh
b4f9c46069
Merge pull request #1011 from dgarske/fixes_armv8
...
Fixes for building ARMv8 (--enable-armasm)
2017-07-12 15:44:31 -06:00
David Garske
c777097e54
Fix `wc_AesGcmDecrypt` arg check for `authIn`.
2017-07-12 09:49:27 -07:00
toddouska
b02c995fff
add NULL checks to check_domain_name()
2017-07-12 10:16:31 -06:00
David Garske
5bb8de627e
Fixes based on peer review (thanks).
2017-07-12 09:04:10 -07:00
toddouska
43ad30d364
Merge pull request #1016 from dgarske/fix_harden
...
Warn if hardening options are not defined and not disabled using `WC_NO_HARDEN`
2017-07-12 09:27:32 -06:00
toddouska
dc5e6f789d
Merge pull request #1017 from dgarske/bigend
...
Fix for big endian seg fault in `SendCertificateVerify`
2017-07-12 09:25:25 -06:00
Jacob Barthelmeh
9d7e8a83c9
update AES CTR API with ARMv8 port
2017-07-11 17:13:32 -06:00
toddouska
7853440d89
Merge pull request #1015 from dgarske/config_ignore_cleanup
...
Improve the Git ignore formula for `config`
2017-07-11 15:42:08 -07:00
toddouska
3ff088b92f
Merge pull request #1014 from dgarske/atecc508a
...
Fixes for building with ATECC508A
2017-07-11 15:41:05 -07:00
Chris Conlon
f8c0a52170
Merge pull request #996 from jrblixt/unitTest_api_addAes-PR06152017
...
Unit test api add AES.
2017-07-11 08:36:13 -07:00
David Garske
69e9aa29f2
Fix for big endian platform in `SendCertificateVerify` where seg fault occurred due to passing a int pointer to a word16 pointer, which caused wrong bits to get set. Fix to replace `int` with `word16`. Tests pass now. Also searched for other `(word16*)&` scenarios and only other place was in ntru code, which was also fixed.
2017-07-10 20:00:37 -07:00
David Garske
a5cdbb18cb
Reworked the AES Key Wrap to use existing code in aes.c (instead of duplicating code in armv8-aes.c). Cleanup for GE/FE math on 32-bit to remove duplicate #ifdef check. Fixed AES GCM arg check for authIn to allows NULL.
2017-07-10 19:12:41 -07:00
David Garske
792fcefbb7
Fix to not warn about `WC_RSA_BLINDING` in FIPS mode. Add `WC_RSA_BLINDING` to Windows `user_settings.h`.
2017-07-10 18:41:22 -07:00
David Garske
171796e8e2
Fix up for building without `./configure` to warn if hardening options are not enabled. Currently `./configure` defaults to `--enable-harden`, but if building sources directly and using `settings.h` or `user_settings.h` the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining `WC_NO_HARDEN`.
2017-07-10 14:40:07 -07:00
David Garske
cebcee34dd
Improve the Git ignore formula for `config`. Fixes issue #1012 .
2017-07-10 14:21:19 -07:00
dgarske
f9c949e7e5
Merge pull request #871 from danielinux/rm-wolfssl.pc
...
Remove automatically generated file wolfssl.pc
2017-07-10 14:16:48 -07:00
David Garske
58c05123da
Fixes for building with ATECC508A. Allow ECC check key to pass if slot numb is valid.
2017-07-10 11:07:24 -07:00
David Garske
205da48416
Fixes for building ARMv8. Adds missing SHA224 and AES KeyWrap. Fixes for FE/GE warning with Aarch32. Fix possible build error with `ed25519_test` with `ret` not defined.
2017-07-07 15:12:51 -07:00
toddouska
b6854d620f
Merge pull request #1009 from dgarske/fix_tls13_async_aes
...
Fix problem with async TLS 1.3 and raw AES encryption key change
2017-07-06 15:39:22 -07:00
toddouska
626eeaa63d
Merge pull request #1005 from SparkiDev/nginx-1.13.2
...
Changes for Nginx
2017-07-06 14:33:46 -07:00
jrblixt
ced45ced41
Changes requested by Chris.
2017-07-06 13:42:54 -06:00
Sean Parkinson
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
toddouska
4b9069f786
Merge pull request #1008 from dgarske/fix_async_frag
...
Fixes for using async with max fragment
2017-07-05 11:00:26 -07:00
toddouska
e767d40656
Merge pull request #1006 from cconlon/mqx
...
Update MQX Classic, mmCAU Ports
2017-07-05 10:30:20 -07:00
David Garske
df119692d1
Fixes for using async with `HAVE_MAX_FRAGMENT` or `--enable-maxfragment` which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment.
2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
toddouska
2939fbe242
Merge pull request #1004 from dgarske/fix_qat_dh
...
Fixes for QAT with DH and HMAC
2017-07-03 12:31:48 -07:00
David Garske
c9a2c4ef02
Fix problem with async TLS 1.3 with hardware where encryption key is referenced into ssl->keys and changes before it should be used. Solution is to make raw copy of key and IV for async AES.
2017-06-30 16:41:01 -07:00
David Garske
6a695b76cb
Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration).
2017-06-30 11:48:59 -07:00
David Garske
a025417877
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
2017-06-30 11:35:51 -07:00
JacobBarthelmeh
a3375ef961
Merge pull request #997 from NickolasLapp/master
...
Updates to Linux-SGX README, and disable automatic include of
2017-06-30 11:48:12 -06:00
dgarske
d956181911
Merge pull request #1003 from jrblixt/asn_cMemLeak-fix
...
Fix possible memory leak in wc_SetKeyUsage.
2017-06-29 15:28:53 -07:00
jrblixt
baf6bdd6e1
asn.c memory leak fix.
2017-06-29 14:55:19 -06:00
toddouska
31e1d469c0
Merge pull request #1002 from SparkiDev/tls13_imprv
...
Improvements to TLS v1.3 code
2017-06-29 09:21:20 -07:00
Chris Conlon
bba914f92e
protect wolfSSL_BN_print_fp with NO_STDIO_FILESYSTEM
2017-06-29 08:52:45 -06:00
Sean Parkinson
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
Chris Conlon
c099137450
add classic Kinetis mmCAU support, FREESCALE_USE_MMCAU_CLASSIC
2017-06-28 16:32:35 -06:00
Chris Conlon
15a1c9d48e
fixes for MQX classic with Codewarrior
2017-06-28 12:28:40 -06:00
Chris Conlon
a89e50b7b7
include settings.h in wc_port.h to pick up user_settings.h
2017-06-28 12:25:44 -06:00
toddouska
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
toddouska
b29cd414ef
Merge pull request #995 from SparkiDev/tls13_cookie
...
Add TLS v1.3 Cookie extension support
2017-06-28 10:12:49 -07:00
David Garske
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
Sean Parkinson
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
Nickolas Lapp
d4e104231c
Updates to Linux-SGX README, and disable automatic include of
...
benchmark/wolfcrypt tests in static library compile
2017-06-26 14:55:13 -07:00
jrblixt
a3b21f0394
Aes unit test functions.
2017-06-26 15:16:51 -06:00
Sean Parkinson
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00