mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,260 Commits 5 Branches 162 Tags
Commit Graph

8260 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
f48e2067ae Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
David Garske
8fdb6b79d0
Merge pull request #1824 from SparkiDev/tls_cam_no_aes 
Camellia is a block cipher in TLS - can't turn on AEAD only define
 2018-09-09 17:28:34 -07:00
Sean Parkinson
f8ac5b5f71
Merge pull request #1819 from dgarske/fix_load_loc 
Fix for load location test to handle multiple failure codes
 2018-09-10 08:36:19 +10:00
Sean Parkinson
2d413c5bb8 Camellia is a block cipher in TLS - can't turn on AEAD only define 2018-09-10 08:18:03 +10:00
Eric Blankenhorn
412eecd51a Add wc_SetIssuerRaw and EncodeCert with raw fields (#1798) 
* Make cert with raw issuer
* Add wc_SetIssuerRaw
* Use issuer raw in EncodeCert
 2018-09-07 16:22:23 -07:00
David Garske
7d1ab5e9d2
Merge pull request #1817 from danielinux/fix-old-style-definitions 
Remove old-style function definitions
 2018-09-07 15:52:45 -07:00
David Garske
575382e5a9 Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs. 2018-09-07 15:30:30 -07:00
David Garske
c98f8842a3
Merge pull request #1816 from ejohnstown/ocsp-no-server 
OCSP Stapling/No Server Build
 2018-09-07 11:48:13 -07:00
Daniele Lacamera
27555d6eb7 Fix old-style function definitions 2018-09-07 09:13:20 +02:00
toddouska
a7fb48e157
Merge pull request #1783 from dgarske/load_loc 
Enhanced load verify locations to support flags
 2018-09-06 17:00:09 -07:00
John Safranek
15be0aceed OCSP Stapling/No Server Build 
In the case of OCSP Stapling being enabled and NO_WOLFSSL_SERVER being
set, there was a spot where the ocsp_stapling list was still being
touched even though it is left out of the build. Just needed to add the
right #ifdefs.
 2018-09-06 16:56:09 -07:00
David Garske
ed14b68c38
Merge pull request #1813 from ejohnstown/bitfield 
Bitfield Fixes
 2018-09-06 16:01:59 -07:00
John Safranek
5360faac9d Bitfield Fixes 
A couple flags were being implemented as bitfields from an int type.
GCC-8 is being more strict of type and value checking and is treating
single bit ints as both 1 and -1 and complaining about value changes.
Change the two int bitfields to use word16 bitfields as is the
pattern elsewhere.
 2018-09-06 13:46:00 -07:00
David Garske
d9a6484b75 Fix to improve return code logic in wolfSSL_CTX_load_verify_locations_ex. 2018-09-06 13:01:44 -07:00
David Garske
ae3d8d3779 * Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
David Garske
d998d10f02
Merge pull request #1805 from dgarske/fix_csr 
Fix for CSR generation email value
 2018-09-05 19:44:41 -07:00
David Garske
a7821e0d6d
Merge pull request #1810 from quinnmiller1997/fp_mul_comba_7-typo 
Fixed typo in fp_mul_comba_7
 2018-09-05 19:43:47 -07:00
David Garske
30d968d6b0
Merge pull request #1811 from SparkiDev/tls_sig_ret 
Fix CheckCertSignature return to be remembered past ParseCertRelative
 2018-09-05 19:43:23 -07:00
Sean Parkinson
a3cc2119d7 Fix CheckCertSignature return to be remembered past ParseCertRelative 2018-09-06 10:42:49 +10:00
Quinn Miller
b8605fa544 Fixed typo in fp_mul_comba_7 2018-09-05 14:51:50 -06:00
Chris Conlon
5ee09f77a1
Merge pull request #1796 from ghoso/e2studio 
add project files for Renesas e2studio
 2018-09-05 11:41:01 -06:00
David Garske
d432d346aa
Merge pull request #1809 from cconlon/stm32rngfix 
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
 2018-09-04 17:21:01 -07:00
Eric Blankenhorn
28ad8e591d Adding comment for empty case in GetNameType 2018-09-04 18:08:40 -05:00
toddouska
bac8b78a8c
Merge pull request #1803 from SparkiDev/tfm_stack 
Small stack for fast math code
 2018-09-04 15:57:59 -07:00
toddouska
d149795648
Merge pull request #1759 from dgarske/verifycbfail 
Fix to resolve issue with verify callback not causing an error
 2018-09-04 15:52:58 -07:00
toddouska
8e67ef33b2
Merge pull request #1799 from SparkiDev/cert_vfy_small 
Smaller dynamic memory usage in TLS
 2018-09-04 15:40:11 -07:00
toddouska
8584da60a8
Merge pull request #1802 from SparkiDev/tls13_0rtt_ch 
Group Early Data message with ClientHello for faster delivery
 2018-09-04 15:39:14 -07:00
toddouska
e1c4d3f5e6
Merge pull request #1808 from ejohnstown/vali-date 
Validate Date
 2018-09-04 15:33:41 -07:00
Chris Conlon
d3ea903c55 enable RNG clock when WOLFSSL_STM32F427_RNG is defined 2018-09-04 16:13:09 -06:00
John Safranek
e730cda550 Validate Date 
The ValidateDate() function is wrapped by a macro so it may be replaced
in environments without ASN_TIME built in. In two cases, OCSP and CRL,
ValidateDate() is called directly instead of by the macro. This change
fixes that.
 2018-09-04 13:39:26 -07:00
Sean Parkinson
17a70aee1b Added test and minor fixes for CheckCertSignature 2018-09-03 10:50:47 +10:00
Sean Parkinson
4b208f4fe5 Make grouping EarlyData and ClientHello a configuration option 2018-09-03 08:48:28 +10:00
Sean Parkinson
4d0478a287 Fix fp_div_2d to return remainder correctly 
If a == c are then a and c don't equal d:
calculate d before c
If a != c then a doesn't change in calculating c:
calculate d after c
 2018-09-03 08:32:55 +10:00
David Garske
d2b9b230a0 Added additional verify callback override test cases. 2018-08-31 16:26:51 -07:00
David Garske
6171e29fe8 Fix for CSR generation after PR (https://github.com/wolfSSL/wolfssl/pull/1734). This resolves issue with email name in CSR. (Thanks to Forum post https://www.wolfssl.com/forums/post4137.html). 
Failed examples:

```
145:d=5  hl=2 l=  16 prim: EOC
      0000 - 69 6e 66 6f 40 77 6f 6c-66 73 73 6c 2e 63 6f 6d   info@wolfssl.com
```

```
SET {
138  23:         SEQUENCE {
140   3:           OBJECT IDENTIFIER objectClass (2 5 4 0)
       :             Error: Spurious EOC in definite-length item.
```

Success Examples:

```
140:d=5  hl=2 l=   9 prim: OBJECT            :emailAddress
  151:d=5  hl=2 l=  16 prim: IA5STRING         :info@wolfssl.com
```

```
SET {
138  29:         SEQUENCE {
140   9:           OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
151  16:           IA5String 'info@wolfssl.com'
```
 2018-08-31 11:20:04 -07:00
Sean Parkinson
41ab3d91fd Small stack for fast math code 
Any large stack usages have been changed to dynamic memory allocations
when WOLFSSL_SMALL_STACK is defined.
Modified functions to return error codes.
 2018-08-31 17:55:49 +10:00
Go Hosohara
697c61af35 correct typo in IDE/include.am 2018-08-31 14:57:16 +09:00
Go Hosohara
00ff519b23 remove wrong configuration in IDE/include.am 2018-08-31 14:52:12 +09:00
Sean Parkinson
d089a4651a Group Early Data message with ClientHello for faster delivery 2018-08-31 09:28:38 +10:00
Sean Parkinson
d86fc2dbbe Smaller dynamic memory usage in TLS 
Code doesn't require a DecodedCert which saves on dynamic memory usage.
WOLFSSL_SMALL_CERT_VERIFY: Don't have a DecodedCert allocated and verify
certificate signature in ProcessPeerCerts as this is maximum dynamic
memory usage.
WOLFSSL_SMALL_CERT_VERIFY is enabled with 'lowresource' configuration
option.
Fix sp_clear to work with NULL parameter.
Define a new function HashId that maps to the hashing function
available.
Set MAX_CERT_VERIFY_SZ to be the maximum based on what algorithms are
compiled in.
Fix usage of MAX_CERT_VERIFY_SZ in functions sending certificate verify
messages.
 2018-08-31 08:29:28 +10:00
David Garske
ffc0f0fb26 Fix for building with SESSION_CERTS using pointer after free. Documented store->discardSessionCerts. 2018-08-30 13:57:21 -07:00
David Garske
b369e524d4 Fix for the ECDSA verify callback override test case. Switched to AES128-GCM cipher suite (better cipher suite overall). 2018-08-30 11:48:08 -07:00
David Garske
3d0d10345a Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden. 2018-08-30 11:17:21 -07:00
David Garske
944342b386 Fixes for verify callback failure override handling. Fixes the return codes in the failure cases. 2018-08-30 11:17:21 -07:00
David Garske
53c0003cad Fix to resolve issue with verify callback not causing an error (if one not already present) when returning 0. Test case to follow shortly. 2018-08-30 11:17:21 -07:00
Go Hosohara
2551512718 add CS+ and e2studio settings in IDE/include.am 2018-08-30 13:50:50 +09:00
toddouska
31e37ea5df
Merge pull request #1797 from SparkiDev/stack_size 
Small stack usage fixes
 2018-08-29 16:19:46 -07:00
toddouska
fc64788092
Merge pull request #1795 from SparkiDev/tls13_no_tls12 
Fixes to work when compiled with TLS 1.3 only
 2018-08-29 16:16:46 -07:00
toddouska
d084a4bcb8
Merge pull request #1794 from SparkiDev/sp_armasm_modexp 
Fix for SP ASM arm and no DH
 2018-08-29 16:13:34 -07:00
toddouska
03fbad22a6
Merge pull request #1792 from SparkiDev/gcc_8_fixes 
GCC 8 new warnings in -Wall fix
 2018-08-29 16:12:19 -07:00