Commit Graph

268 Commits

Author SHA1 Message Date
Moisés Guimarães 0dd2ba2d80 adds unsupported_extension behavior to SNI 2017-11-03 15:31:13 -03:00
toddouska f91b2e19d7 Merge pull request #1205 from SparkiDev/tls_ext_fix
Fix TLS extension code
2017-11-01 10:10:10 -07:00
Sean Parkinson f4ae86dc1b Fix TLS extension code
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
Moisés Guimarães 5cf175c49b adds check for server side sig-algo extension 2017-10-30 23:02:36 -03:00
Sean Parkinson 323db1a95d Fix no ECC builds with TLS13 code.
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
toddouska c0105b3008 Merge pull request #1175 from dgarske/cleanup_inlines
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
Moisés Guimarães 96667b47ee ec point format TLS extension (#1034)
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
David Garske 7f30397252 Remove execute bit on all code files. 2017-10-23 11:16:40 -07:00
David Garske 911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske e904a38092 Fix to not send OCSP stapling extensions in client_hello when not enabled. Fix for typo in WOLFSSL_SHUTDOWN_NOT_DONE. 2017-10-19 11:18:34 -07:00
David Garske c9558ee27b Updated a few more old names. Added PR for new configs to Jenkins. 2017-10-18 10:38:27 -07:00
David Garske 7f2e6e1d8a Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h. 2017-10-18 09:06:48 -07:00
toddouska 1377577af5 Merge pull request #1187 from dgarske/build_fixes
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
David Garske 8659140494 Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). 2017-10-17 09:39:32 -07:00
Sean Parkinson 9e4e58fe8c Disallow upgrading to TLS v1.3
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
toddouska 819acd18a7 Merge pull request #1180 from SparkiDev/tls13_nd
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
2017-10-13 09:24:55 -07:00
toddouska 6fd53d31c2 Merge pull request #1157 from dgarske/old-names
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
David Garske 6021c37ec7 Refactor WOLF_SSL_ to WOLFSSL_ (much better). 2017-10-11 09:10:43 -07:00
David Garske 6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
Sean Parkinson 7dca25ea88 Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
2017-10-11 12:17:28 +10:00
David Garske 280de41515 Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next. 2017-10-06 12:18:21 -07:00
Jacob Barthelmeh 3fda99cbc4 seperate build of QSH from build of NTRU 2017-08-16 14:19:38 -06:00
Jacob Barthelmeh 1dc2889388 fix potential memory leaks 2017-08-04 16:49:31 -06:00
Jacob Barthelmeh 01099fd97e cast for when compiling with g++-7 2017-07-31 16:58:53 -06:00
dgarske 05ed5cafc2 Merge pull request #1061 from SparkiDev/tls13_leantls
Fixes for LEANTLS and TLS13 builds
2017-07-25 21:01:00 -07:00
Sean Parkinson 038d16212f Fixes for LEANTLS and TLS13 builds 2017-07-26 10:43:36 +10:00
Sean Parkinson 59450e83fa Fix memory leak when not using fast math. 2017-07-26 09:48:34 +10:00
Sean Parkinson 31ac379c4f Code review fixes
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
Sean Parkinson 5bddb2e4ef Changes for Nginx
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
Sean Parkinson 8bd6a1e727 Add TLS v1.3 Cookie extension support
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
Sean Parkinson 350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
David Garske 68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske 88afc7a92f Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware. 2017-06-14 15:11:43 -07:00
David Garske 40d94724eb Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU. 2017-06-14 15:11:43 -07:00
Sean Parkinson 89e6ac91bf Improve PSK timeout checks
Post-handshake Authentication

Fix KeyUpdate to derive keys properly

Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
David Garske adf819458c Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX. 2017-06-13 09:44:14 -07:00
David Garske ce231e0cbc Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages. 2017-06-12 11:42:48 -07:00
toddouska 1d2b4226a4 Merge pull request #959 from SparkiDev/tls_pss_fix
Fix check for PSS availability in peer
2017-06-12 11:20:29 -07:00
Sean Parkinson 044417ba01 Fix for cache only SNI and TLS v1.3 2017-06-12 09:46:50 +10:00
Sean Parkinson 613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
Sean Parkinson 5d5ff56336 External PSK working in TLS13 2017-06-07 17:20:22 +10:00
Sean Parkinson 0b32d0368f Updates for Draft 20 of TLS v1.3 2017-06-02 15:59:49 +10:00
toddouska 6b09a7c6e1 Merge pull request #922 from SparkiDev/tls_pss
TLS v1.2 and v1.3 RSA PSS
2017-05-23 14:57:10 -07:00
toddouska 9f5f1dd00f Merge pull request #936 from SparkiDev/cplusplus
Compiling with g++ when configured with --enable-distro
2017-05-22 16:02:56 -07:00
Sean Parkinson 47d04ebaff Fix from review. 2017-05-23 08:54:25 +10:00
Sean Parkinson 15a2323c09 Compiling with g++ when configured with --enable-distro 2017-05-22 10:14:02 +10:00
Sean Parkinson 4390f4c711 TLS v1.2 and PSS
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
2017-05-19 11:49:43 +10:00
Sean Parkinson 5ef977aa3d Put X25519 behind P256
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
Sean Parkinson 9fb6373cfb Get PSS going on server side 2017-05-18 15:36:01 +10:00
Sean Parkinson 63a6618feb Enable X25519 for Key Exchange in TLS 2017-05-17 08:58:12 +10:00