mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,989 Commits 5 Branches 162 Tags
Commit Graph

12989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
toddouska
0be45e731b
Merge pull request #3529 from SparkiDev/ocsp_single_ext 
OCSP: Handle extensions in singleResponse
 2020-12-02 13:26:46 -08:00
Vysakh P Pillai
3a2675fb63
implement additional review comments 2020-12-02 22:30:02 +05:30
Vysakh P Pillai
9e475b01be
implement review comments 2020-12-02 22:15:02 +05:30
Kaleb Himes
fd158411e8
Merge pull request #3494 from JacobBarthelmeh/CSharp 
pin the C# verify callback
 2020-12-02 06:08:41 -07:00
Vysakh P Pillai
ecc6ec4d97
support TNGTLS certificate loading for Harmony3 
Changes to atmel.c file that lets a user to
1. Use Harmony3 generated configurations to initialize the device in atmel_init().
2. Read the device   certificate chain from ECC608 TNGTLS and initialize the ctx with it to use as device certificate. 
    - This is the true purpose of going with TNGTLS
 2020-12-02 13:53:46 +05:30
Sean Parkinson
3d9b4f10f0 AES: When not X86_64, PreFetch*() not used 
When WC_INLINE is defined then compiler doesn't mind. Otherwise, this is
a warning.
 2020-12-02 09:04:48 +10:00
Juliusz Sosinowicz
0d87dfa493 EVP_Cipher should return length written. 2020-12-01 18:36:36 +01:00
Elms
dbcb42e509 SiLabs: fix unused variable #if 2020-12-01 08:56:01 -08:00
Sean Parkinson
9b5b9fd85d OCSP: Handle extensions in singleResponse 2020-12-01 16:41:20 +10:00
Elms
099ed25da8 SiLabs: fixing compiler warnings and better error checking 2020-11-30 21:01:49 -08:00
Elms
e1e8ca48c3 SiLabs: README and include updates 2020-11-30 21:01:49 -08:00
Elms
9f7ef0b3e6 SiLabs: Add ECC hardware acceleration support 2020-11-30 21:01:49 -08:00
Elms
a9f8b6e5b7 SiLabs: TRNG hardware acceleration 2020-11-30 21:01:49 -08:00
Elms
e501346047 SiLabs: add AES-CCM hardware acceleration support 2020-11-30 21:01:49 -08:00
Elms
79c31a5f2c SiLbs: SHA and AES-{GCM,CBC} hardware acceleration using se_manager 2020-11-30 21:01:49 -08:00
Elms
1899a72d27 Micrium: benchmark fixes 
* Time update for v5.8 to avoid rollover issues
 * define `XSNPRINTF`
 * `printf` based on Micrium version
 2020-11-30 16:32:30 -08:00
Elms
6e21f547ff Micrium: fix compiler warnings 2020-11-30 16:32:30 -08:00
Elms
0cbf8c7f28 Micrium: readme url fix and add additional link to k70 example with TCP 2020-11-30 16:32:30 -08:00
Elms
165cb443e7 Micrium v5.8 support 
* OS error type change from uc OS3 to v5
 * detect if network or TCP is available
 * XMEMCMP change workaround
 2020-11-30 16:32:30 -08:00
John Safranek
6fc64263f2
Merge pull request #3519 from julek-wolfssl/scr-timeout 
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
 2020-11-30 11:40:35 -08:00
JacobBarthelmeh
42a63e8cc8 fix build with ARM64 SP, FP_ECC and WC_NO_CACHE_RESISTANT 2020-11-29 20:26:55 -08:00
Sean Parkinson
6bb38a1066 ECC add and dbl point: always use safe add and dbl 
Can be using basepoint or public key at any time. Can't tell difference.
Always use the safe versions.
For private key operations, only working on the basepoint and will never
do any timinig different operations.
No impact on performance.
 2020-11-30 11:44:50 +10:00
Sean Parkinson
22a8be412b TLS 1.3: always add session when sending finished message 2020-11-27 09:46:02 +10:00
Sean Parkinson
40154d69cf OCSP callback: call embed free 
Leaks memory if not called.

Configuration:
	./configure --disable-shared --enable-ocsp --enable-sni
C_EXTRA_FLAGS="-DWOLFSSL_NONBLOCK_OCSP"
Leaking test:
	valgrind ./examples/client/client -X -C -h www.globalsign.com -p
443 -A certs/external/ca-globalsign-root.pem -g -o -N -v d -S
www.globalsign.com
 2020-11-27 09:16:24 +10:00
Sean Parkinson
35acfa0f42 SP ECC: check the length of public key ordinates and private key 
Do quick bit length check before loading the MP integers into fixed size
arrays.
Changed ECC to use SP key check function if SP enabled and not only with
SP Math.
 2020-11-27 08:49:30 +10:00
Sean Parkinson
38740a1caa Fix dynamic type name 2020-11-27 08:37:16 +10:00
Sean Parkinson
5ca8e8f87c PKCS#11: Label fixes and add support for checking private key 
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
 2020-11-27 08:37:16 +10:00
Sean Parkinson
43aeac4cf4 PKCS #11 SSL: detect key size when certificate set 2020-11-27 08:31:45 +10:00
Sean Parkinson
19f10cd382 PKCS #11: implement identifying keys by label 2020-11-27 08:31:45 +10:00
toddouska
84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table 
AES-GCM: GMULT using 4-bit table
 2020-11-25 15:45:28 -08:00
toddouska
86bbaad7fa
Merge pull request #3505 from kojo1/EVP-gcm 
set tag for zero inl case 2
 2020-11-25 15:43:27 -08:00
toddouska
dc76a4d522
Merge pull request #3511 from cconlon/zd11268 
return err from fp_invmod_slow() when fp_add() fails
 2020-11-25 15:41:12 -08:00
toddouska
e882159a02
Merge pull request #3516 from cconlon/zd11287 
wc_ecc_rs_to_sig(): move r and s zero check before StoreECC_DSA_Sig()
 2020-11-25 15:36:30 -08:00
David Garske
9f07f3e96e
Merge pull request #3520 from ejohnstown/vrf-fix 
Verify Callback Fix
 2020-11-25 11:37:06 -08:00
JacobBarthelmeh
1668b7060c
Merge pull request #3500 from cconlon/zd11011v2 
PKCS#7: verify extracted public key in wc_PKCS7_InitWithCert
 2020-11-26 02:26:08 +07:00
JacobBarthelmeh
719403cd0c
Merge pull request #3509 from kojo1/openssl-version 
OPENSSL_VERSION_NUMBER to be defined by the user
 2020-11-26 02:10:24 +07:00
toddouska
a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4 
AESNI compile flags: clang doesn't need -msse4
 2020-11-25 08:55:35 -08:00
Sean Parkinson
ca5ffc0743 AESNI compile flags: clang can't have -msse4 
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
 2020-11-25 10:32:42 +10:00
Sean Parkinson
d0703f8931 AES-GCM: GMULT using 4-bit table 
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
 2020-11-25 08:47:50 +10:00
John Safranek
4baf923218
Verify Callback Fix 
1. Removed a flag set that would force all certificates in a chain
   to be verified. There was a compile time option to make that happen
   already.
2. Replace some options for some test failure test cases that were added
   and immediately removed.
(ZD 11292)
 2020-11-24 11:46:10 -08:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
Sean Parkinson
b1f9aba0ca SP div: stop overflow on divide 2020-11-24 16:14:14 +10:00
Sean Parkinson
b9a2725429 ECC verify: validate r and s before any use 
SP code assumes r and s are valid values.
Code for ATECC508A, ATECC608A and CRYPTOCELL assumes that the r and s
are the size of the key when converting to byte arrays.
 2020-11-24 16:14:14 +10:00
John Safranek
f5c2bef78f
Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations 
Save the HelloRequest message just like other handshake mesasges
 2020-11-20 11:50:51 -08:00
Juliusz Sosinowicz
69bea008dd Save the HelloRequest message just like other handshake mesasges 
Implement a timeout mechanism for non-blocking sockets
 2020-11-20 11:41:19 +01:00
John Safranek
2d79e38436
Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num 
Fix overlapping sequence number error.
 2020-11-19 14:19:13 -08:00
Chris Conlon
64429693ff add MP_ZERO_E unit tests for wc_ecc_rs_to_sig() 2020-11-19 14:41:02 -07:00
Chris Conlon
f8fd3f8bc1 wc_ecc_rs_to_sig: check r,s for zero before StoreECC_DSA_Sig() 2020-11-19 14:35:35 -07:00
Chris Conlon
1d599272e7 add unit test for wc_PKCS7_InitWithCert() with malformed cert 2020-11-19 14:19:55 -07:00