jrblixt
fdb371e82e
Changes per Chris.
2017-07-17 10:43:36 -06:00
jrblixt
00724c95a9
Add RSA to unit test.
2017-07-11 09:57:33 -06:00
Chris Conlon
f8c0a52170
Merge pull request #996 from jrblixt/unitTest_api_addAes-PR06152017
...
Unit test api add AES.
2017-07-11 08:36:13 -07:00
dgarske
f9c949e7e5
Merge pull request #871 from danielinux/rm-wolfssl.pc
...
Remove automatically generated file wolfssl.pc
2017-07-10 14:16:48 -07:00
toddouska
b6854d620f
Merge pull request #1009 from dgarske/fix_tls13_async_aes
...
Fix problem with async TLS 1.3 and raw AES encryption key change
2017-07-06 15:39:22 -07:00
toddouska
626eeaa63d
Merge pull request #1005 from SparkiDev/nginx-1.13.2
...
Changes for Nginx
2017-07-06 14:33:46 -07:00
jrblixt
ced45ced41
Changes requested by Chris.
2017-07-06 13:42:54 -06:00
Sean Parkinson
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
toddouska
4b9069f786
Merge pull request #1008 from dgarske/fix_async_frag
...
Fixes for using async with max fragment
2017-07-05 11:00:26 -07:00
toddouska
e767d40656
Merge pull request #1006 from cconlon/mqx
...
Update MQX Classic, mmCAU Ports
2017-07-05 10:30:20 -07:00
David Garske
df119692d1
Fixes for using async with `HAVE_MAX_FRAGMENT` or `--enable-maxfragment` which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment.
2017-07-03 19:57:37 -07:00
Sean Parkinson
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
toddouska
2939fbe242
Merge pull request #1004 from dgarske/fix_qat_dh
...
Fixes for QAT with DH and HMAC
2017-07-03 12:31:48 -07:00
David Garske
c9a2c4ef02
Fix problem with async TLS 1.3 with hardware where encryption key is referenced into ssl->keys and changes before it should be used. Solution is to make raw copy of key and IV for async AES.
2017-06-30 16:41:01 -07:00
David Garske
6a695b76cb
Fixed server side case for DH agree issue with QAT hardware where agreeSz is not set. Fix to allow QAT start failure to continue (this is useful since only one process can use hardware with default QAT configuration).
2017-06-30 11:48:59 -07:00
David Garske
a025417877
Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests.
2017-06-30 11:35:51 -07:00
JacobBarthelmeh
a3375ef961
Merge pull request #997 from NickolasLapp/master
...
Updates to Linux-SGX README, and disable automatic include of
2017-06-30 11:48:12 -06:00
dgarske
d956181911
Merge pull request #1003 from jrblixt/asn_cMemLeak-fix
...
Fix possible memory leak in wc_SetKeyUsage.
2017-06-29 15:28:53 -07:00
jrblixt
baf6bdd6e1
asn.c memory leak fix.
2017-06-29 14:55:19 -06:00
toddouska
31e1d469c0
Merge pull request #1002 from SparkiDev/tls13_imprv
...
Improvements to TLS v1.3 code
2017-06-29 09:21:20 -07:00
Chris Conlon
bba914f92e
protect wolfSSL_BN_print_fp with NO_STDIO_FILESYSTEM
2017-06-29 08:52:45 -06:00
Sean Parkinson
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
Chris Conlon
c099137450
add classic Kinetis mmCAU support, FREESCALE_USE_MMCAU_CLASSIC
2017-06-28 16:32:35 -06:00
Chris Conlon
15a1c9d48e
fixes for MQX classic with Codewarrior
2017-06-28 12:28:40 -06:00
Chris Conlon
a89e50b7b7
include settings.h in wc_port.h to pick up user_settings.h
2017-06-28 12:25:44 -06:00
toddouska
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
toddouska
b29cd414ef
Merge pull request #995 from SparkiDev/tls13_cookie
...
Add TLS v1.3 Cookie extension support
2017-06-28 10:12:49 -07:00
David Garske
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
Sean Parkinson
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
Sean Parkinson
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
Nickolas Lapp
d4e104231c
Updates to Linux-SGX README, and disable automatic include of
...
benchmark/wolfcrypt tests in static library compile
2017-06-26 14:55:13 -07:00
jrblixt
a3b21f0394
Aes unit test functions.
2017-06-26 15:16:51 -06:00
Sean Parkinson
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
JacobBarthelmeh
3bdf8b3cfd
remove fcntl.h include when custom generate seed macro is defined ( #994 )
2017-06-23 14:03:07 -07:00
Kincade Pavich
fbc4123ec0
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
toddouska
8ef556c2a0
Merge pull request #991 from JacobBarthelmeh/Testing
...
update .am files for make dist
2017-06-22 15:02:12 -07:00
Jacob Barthelmeh
b0f87fdcf7
update .am files for make dist
2017-06-22 14:14:45 -06:00
toddouska
72da8a9a07
Merge pull request #731 from moisesguimaraes/fixes-ocsp-responder
...
adds OCSP Responder extKeyUsage validation
2017-06-22 11:43:51 -07:00
toddouska
d017274bff
Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix
...
Fix potential buffer over-read in PemToDer()
2017-06-22 10:07:11 -07:00
David Garske
3a4edf75bd
Rename the option to disable the new issuer sign check to ‘WOLFSSL_NO_OCSP_ISSUER_CHECK`.
2017-06-22 09:56:43 -07:00
dgarske
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
Chris Conlon
ccb8e8c976
Merge pull request #988 from jrblixt/unitTest_api_addArc4-PR06212017
...
Add Arc4 to unit test.
2017-06-22 09:15:28 -06:00
Sean Parkinson
207b275d24
Fix HelloRetryRequest for Draft 18
2017-06-22 14:40:09 +10:00
Sean Parkinson
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
Levi Rak
a37808b32c
Sanity checkes added
2017-06-21 17:14:20 -06:00
jrblixt
1aee054902
Add Arc4 to unit test.
2017-06-21 17:03:27 -06:00
David Garske
a3578c6643
Adds `WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN` option to provide backwards compatibility option for OCSP checking.
2017-06-21 14:12:12 -07:00
David Garske
7a3769f435
Fix wolfCrypt errors test to allow -178.
2017-06-21 14:12:12 -07:00
Moisés Guimarães
4bb17205fe
adds new ocsp test
2017-06-21 14:12:12 -07:00
Moisés Guimarães
a9d5dcae58
updates ocsp tests; adds check for OCSP response signed by issuer.
2017-06-21 14:12:12 -07:00