mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,884 Commits 5 Branches 162 Tags
Commit Graph

14884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hideki Miyazaki
8808e6a3ac
implement set_tlsext_max_fragment_length 2021-08-23 09:08:14 +09:00
David Garske
26cf17e602
Merge pull request #4317 from SparkiDev/math_x86_asm_fix 
Maths x86 asm: change asm snippets to get compiling
 2021-08-20 13:42:15 -07:00
Sean Parkinson
fa8f23284d Maths x86 asm: change asm snippets to get compiling 
TFM:
  Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
  Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
 2021-08-20 10:35:49 +10:00
John Safranek
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template 
ASN1 Template: stricter and simpler DER/BER parsing/construction
 2021-08-19 12:47:04 -07:00
Daniel Pouzzner
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) (#4276) 
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
 2021-08-19 09:15:52 -07:00
John Safranek
16ad5cf3c5
Merge pull request #4315 from SparkiDev/g++_fix_3 
SRP test: use proper SRP hash type for g++
 2021-08-19 08:56:43 -07:00
Sean Parkinson
17a569d4dd SRP test: use proper SRP hash type for g++ 2021-08-19 11:40:43 +10:00
Sean Parkinson
d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction 
Reduce debug output noise
 2021-08-19 11:32:41 +10:00
John Safranek
63fde01e32
Merge pull request #4311 from haydenroche5/rsyslog 
Make improvements for rsyslog port.
 2021-08-18 16:55:32 -07:00
John Safranek
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length 
Implement `DH_set_length`.
 2021-08-18 16:42:38 -07:00
John Safranek
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips 
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
 2021-08-18 16:33:26 -07:00
John Safranek
18314e5a4f
Merge pull request #4309 from dgarske/sniff_cleanups 
Improved sniffer statistics and documentation
 2021-08-18 16:03:38 -07:00
John Safranek
c2b88a1fca
Merge pull request #4306 from dgarske/pk_tls13 
Fixes for PK callbacks with TLS v1.3
 2021-08-18 15:42:19 -07:00
Sean Parkinson
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586 
Fixes for various PKCS7 and SRP build issues
 2021-08-19 08:12:15 +10:00
John Safranek
ef77cd05d4
Merge pull request #4302 from haydenroche5/libssh2 
Add missing ECDSA_SIG getter/settter for libssh2.
 2021-08-18 15:08:06 -07:00
David Garske
c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
Chris Conlon
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t 
Add support for wolfSSL_i2t_ASN1_OBJECT
 2021-08-18 10:37:08 -06:00
Juliusz Sosinowicz
162f14aaf9 Implement DH_set_length. 2021-08-18 13:24:51 +02:00
Sean Parkinson
8f7e09d9b5
Merge pull request #4294 from dgarske/tls13_earlydata 
Fix early data max size handling in TLS v1.3
 2021-08-18 08:48:42 +10:00
David Garske
d1e027b6fa Fix for pedantic warning with pre-processor in macro. 2021-08-17 14:55:42 -07:00
David Garske
f5076cad1b Added new files to include.am. 2021-08-17 13:20:34 -07:00
David Garske
d6f5f815e1 Fix for srp_test_digest return code checking. Added GCC-ARM TLS server example. 2021-08-17 11:12:40 -07:00
David Garske
95178e3bdc Use void* on heap hint test. Also previously fixed in hmac.c. 2021-08-17 10:52:50 -07:00
David Garske
89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
David Garske
a9b8b6d3de Fix for PKCS7 heap hint in API unit test. 2021-08-17 10:46:53 -07:00
David Garske
e1f603301b Fixes for SRP with heap hint. 2021-08-17 10:45:50 -07:00
David Garske
c598688f89 Fix for static memory with bucket size matching. 2021-08-17 10:38:27 -07:00
David Garske
69d01afd3a
Merge pull request #4250 from danielinux/iotsafe 
IoT-Safe with TLS demo
 2021-08-17 08:26:19 -07:00
David Garske
5209e235a7
Merge pull request #4307 from SparkiDev/srp_test_digests 
SRP test: increase size of N to support larger digests
 2021-08-17 08:24:47 -07:00
Hayden Roche
c16127d9ab Make improvements for rsyslog port. 
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
 2021-08-17 08:19:43 -07:00
TakayukiMatsuo
421be50cb8 Add support for wolfSSL_i2t_ASN1_OBJECT 2021-08-17 10:52:20 +09:00
Hayden Roche
95ab6ce4b8 Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined. 
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
 2021-08-16 17:42:00 -07:00
David Garske
5c00951f09 Do not add DH padding on failure. 2021-08-16 16:31:18 -07:00
David Garske
9898b5d82b Various spelling fixes. 2021-08-16 16:31:18 -07:00
David Garske
0ea5046b39 Improved documentation for sniffer statistics (ZD 12731). 2021-08-16 16:31:18 -07:00
Sean Parkinson
9066ab6051 SRP test: increase size of N to support larger digests 
Test all digests supported by SRP.
 2021-08-17 09:15:07 +10:00
David Garske
6ac03d41ef
Merge pull request #4203 from SparkiDev/tls13_peek_fix_off 
TLS 1.3: ability to turn peek change off
 2021-08-16 15:25:58 -07:00
Hayden Roche
63d1bd13d4 Add missing ECDSA_SIG getter/settter for libssh2. 2021-08-16 14:43:13 -07:00
David Garske
c8fd5d552e IoTSafe Improvements. Use new hex to char functions in misc.c. Fix for arm-none-eabi missing nano specs. Cleanups for IoTSafe code, README.md and user_settings.h. Fix linker script to use flash at 0x8000000. Support for TLS v1.3. 2021-08-16 13:13:32 -07:00
Daniele Lacamera
490eeb4003 Support for IoT-Safe with TLS demo 2021-08-16 13:13:30 -07:00
David Garske
70535f51d5 Fixes for PK callbacks with TLS v1.3. Tested with ./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB". 2021-08-16 13:09:17 -07:00
Hayden Roche
c6f0fb11d0
Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55 
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
 2021-08-16 15:05:51 -05:00
David Garske
1ac95b5716
Merge pull request #4303 from haydenroche5/rsyslog 
Add support for rsyslog.
 2021-08-16 11:20:28 -07:00
David Garske
6a37309ece
Merge pull request #4300 from julek-wolfssl/libimobiledevice 
Missing API for libimobiledevice
 2021-08-16 09:40:42 -07:00
Hayden Roche
bbb514fa6d Add support for rsyslog. 
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
  tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
  be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
  accordance with OpenSSL documentation. Without this change, rsyslog was
  failing to do the bidirectional shutdown properly because it was checking the
  shutdown return value against 0. I'm keeping the old value when
  `WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
  wolfssl interface (it's in ssl.h).
 2021-08-13 23:24:28 -07:00
Juliusz Sosinowicz
0f6e564093 Rebase fixes 2021-08-14 00:35:55 +02:00
Juliusz Sosinowicz
6a5f40d698 Code review fixes. 2021-08-14 00:25:00 +02:00
Juliusz Sosinowicz
72f1d0adac Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API 2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
62cab15c64 Reorganize wolfSSL_sk_X509_NAME_* 
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
 2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
d4391bd997 Parse distinguished names in DoCertificateRequest 
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
 2021-08-14 00:24:08 +02:00