mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,840 Commits 5 Branches 162 Tags
Commit Graph

8840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hideki Miyazaki
e8bf2bbb02 removed multiple user_settings.h 2018-12-28 08:39:19 +09:00
Hideki Miyazaki
9d2294b967 Support AES and SHA hw acceleration on esp32-wroom-32 
Removed unnecessary codes
Added README
Some clean up for maintenancebility
Removed unused methods

Removed unused methods
 2018-12-28 08:39:19 +09:00
toddouska
c54e8e31bd
Merge pull request #2003 from dgarske/async_rel_3.15.7 
Async release v3.15.7 prep
 2018-12-27 13:55:12 -08:00
David Garske
cc8c6078b6 Fix to adjust WC_ASYNC_DEV_SIZE. Fix for tests/test-trustpeer.conf typo in include.am. 2018-12-27 11:08:49 -08:00
David Garske
2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske
1eccaae25f Fix for DTLS async shrinking input buffer too soon and causing -308 (INCOMPLETE_DATA). 2018-12-27 11:07:32 -08:00
David Garske
5cb5b510ab Added blocking support for PKCS 7 with async. Fix for RSA async key gen in wolfCryp test. 2018-12-27 11:07:07 -08:00
toddouska
697c99a9ec
Merge pull request #1934 from dgarske/fix_alt_chain 
Fixes and cleanups for processing peer certificates
 2018-12-26 15:09:42 -08:00
toddouska
9c88218b62
Merge pull request #1998 from dgarske/async_fix_smallstack 
Fix double free with async and small stack
 2018-12-26 14:35:57 -08:00
David Garske
a7350b7d2e
Merge pull request #1994 from JacobBarthelmeh/Release 
prepare for release 3.15.7
v3.15.7-stable 		2018-12-26 10:49:35 -08:00
Jacob Barthelmeh
a73bca090b fix for nginx port 2018-12-23 22:19:03 -07:00
Jacob Barthelmeh
b6d61f2987 prepare for release 3.15.7 2018-12-23 22:18:48 -07:00
toddouska
3eff20904a
Merge pull request #1991 from dgarske/rsa_nb_time 
Adds RSA non-blocking time support
 2018-12-21 15:58:54 -08:00
toddouska
75321d72f6
Merge pull request #1996 from JacobBarthelmeh/Testing 
free internal OCSP buffers
 2018-12-21 15:57:58 -08:00
David Garske
61757c83eb Fix double free with ./configure --enable-asynccrypt --enable-smallstack. 2018-12-21 15:45:33 -08:00
David Garske
a358174b4b Fix for DH prime test (extra leading spaces). Fix for new chain tests with CRL enabled. The current way of testing chain only loads root CA as trusted. The intermediate CA CRL isn't trusted or loaded and causes error. 2018-12-21 12:36:47 -08:00
Jacob Barthelmeh
6191cb1927 free internal OCSP buffers 2018-12-21 12:30:49 -07:00
David Garske
59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
 2018-12-21 09:54:55 -08:00
David Garske
00dd222aa5 Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled. 2018-12-21 08:21:59 -08:00
David Garske
9733076fe0 Fixes and cleanups for processing peer certificates: 
* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
 2018-12-21 08:20:04 -08:00
David Garske
3e31115654
Merge pull request #1993 from JacobBarthelmeh/Testing 
Release Testing
 2018-12-20 16:19:17 -08:00
Jacob Barthelmeh
d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh
7d11c3f67c fix for reported nightly Jenkins build tests 2018-12-20 13:35:54 -07:00
David Garske
a4a4cd6a3c
Merge pull request #1992 from SparkiDev/tls13_group_hrr 
Fix HelloRetryRequest to be sent immediately and not grouped
 2018-12-20 11:14:30 -08:00
Jacob Barthelmeh
5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh
164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Sean Parkinson
eba11e097a Fix HelloRetryRequest to be sent immediately and not grouped 2018-12-20 16:41:38 +10:00
Jacob Barthelmeh
48c267dda8 fix warning with secure-renegotiation build and error with ntru build 2018-12-19 15:47:43 -07:00
Jacob Barthelmeh
165a80d02d fix for build with cryptonly + rsapub 2018-12-19 15:30:22 -07:00
Jacob Barthelmeh
92d59c7df4 fix for cryptonly + rsavfy build 2018-12-19 14:36:32 -07:00
David Garske
413506f2b5 Adds new wc_RsaSetNonblockTime API and WC_RSA_NONBLOCK_TIME build option. This new function configures the maximum amount of blocking time in microseconds. It uses a pre-computed table along with the CPU speed in megahertz to determine if the next operation can be completed within the maximum blocking time provided. 2018-12-19 13:15:41 -08:00
Jacob Barthelmeh
fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska
986b5d3951
Merge pull request #1988 from JacobBarthelmeh/ARMv8 
add -mstrict-align flag with armasm
 2018-12-18 15:51:32 -08:00
toddouska
4068975190
Merge pull request #1983 from dgarske/x509small_verifycb 
Include current cert as X509 in verify callback for small build
 2018-12-18 15:40:00 -08:00
toddouska
58a2f518e8
Merge pull request #1981 from dgarske/qat_features 
Added RSA Key Gen and SHA-3 support for Intel QuickAssist
 2018-12-18 15:39:38 -08:00
toddouska
0a6732ee67
Merge pull request #1979 from SparkiDev/tls_sh_tlsx_parse 
Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type
 2018-12-18 15:39:12 -08:00
toddouska
4a170c0399
Merge pull request #1971 from SparkiDev/tls13_old_hello 
Don't expect old ClientHello when version is TLS 1.3
 2018-12-18 15:38:44 -08:00
toddouska
f1c62f191d
Merge pull request #1941 from ejohnstown/rekey 
Server Side Secure Renegotiation
 2018-12-18 15:38:16 -08:00
Jacob Barthelmeh
c41d02e72f fix for Aarch32 aesgcm sanity checks 2018-12-18 10:35:53 -07:00
Jacob Barthelmeh
412966ed80 add -mstrict-align flag with armasm 2018-12-17 17:36:48 -07:00
David Garske
443dbf251b Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small. 2018-12-17 13:02:14 -08:00
David Garske
c478a2791a Fix to disable the raw Hmac_UpdateFinal_CT HMAC calculation for async crypt. Resolves issue using -v 2 -l ECDHE-RSA-AES128-SHA with QAT. 2018-12-17 12:54:33 -08:00
David Garske
cbbe63ec62 Added QAT SHA3 support. Fix for SHA512/SHA384 with QAT and Intel ASM enabled. 2018-12-17 12:54:33 -08:00
David Garske
c23489e6ed Added support for QAT RSA Key Generation. 2018-12-17 12:54:33 -08:00
JacobBarthelmeh
b60918b8cd
Merge pull request #1982 from kaleb-himes/DGE_REPORT_MAINTENANCE 
Address maintenance item: external test w/ static mem
 2018-12-17 13:52:33 -07:00
kaleb-himes
15b6c39929 Updates based on Jacobs Feedback 2018-12-17 09:42:15 -07:00
kaleb-himes
502e3c2b6d Address maintenance item: external test w/ static mem 2018-12-14 09:30:03 -07:00
David Garske
249306f08c
Merge pull request #1978 from ejohnstown/dot-release 
touch version for interstitial release
v3.15.6 		2018-12-13 10:27:41 -08:00
Sean Parkinson
c628562ee7 Fix the Old ClientHello detection with TLS 1.3 with new state 
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
 2018-12-13 17:06:00 +10:00
Sean Parkinson
f90e5601ad Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type 2018-12-13 16:12:53 +10:00