Moisés Guimarães
0dd2ba2d80
adds unsupported_extension behavior to SNI
2017-11-03 15:31:13 -03:00
toddouska
f91b2e19d7
Merge pull request #1205 from SparkiDev/tls_ext_fix
...
Fix TLS extension code
2017-11-01 10:10:10 -07:00
Sean Parkinson
f4ae86dc1b
Fix TLS extension code
...
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
Moisés Guimarães
5cf175c49b
adds check for server side sig-algo extension
2017-10-30 23:02:36 -03:00
Sean Parkinson
323db1a95d
Fix no ECC builds with TLS13 code.
...
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
toddouska
c0105b3008
Merge pull request #1175 from dgarske/cleanup_inlines
...
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
Moisés Guimarães
96667b47ee
ec point format TLS extension ( #1034 )
...
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
David Garske
7f30397252
Remove execute bit on all code files.
2017-10-23 11:16:40 -07:00
David Garske
911b6f95f8
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
David Garske
e904a38092
Fix to not send OCSP stapling extensions in client_hello when not enabled. Fix for typo in WOLFSSL_SHUTDOWN_NOT_DONE.
2017-10-19 11:18:34 -07:00
David Garske
c9558ee27b
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
David Garske
7f2e6e1d8a
Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h.
2017-10-18 09:06:48 -07:00
toddouska
1377577af5
Merge pull request #1187 from dgarske/build_fixes
...
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
David Garske
8659140494
Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519).
2017-10-17 09:39:32 -07:00
Sean Parkinson
9e4e58fe8c
Disallow upgrading to TLS v1.3
...
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
toddouska
819acd18a7
Merge pull request #1180 from SparkiDev/tls13_nd
...
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
2017-10-13 09:24:55 -07:00
toddouska
6fd53d31c2
Merge pull request #1157 from dgarske/old-names
...
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
David Garske
6021c37ec7
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:10:43 -07:00
David Garske
6707be2b0e
Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.
2017-10-11 09:10:42 -07:00
Sean Parkinson
7dca25ea88
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
...
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
2017-10-11 12:17:28 +10:00
David Garske
280de41515
Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next.
2017-10-06 12:18:21 -07:00
Jacob Barthelmeh
3fda99cbc4
seperate build of QSH from build of NTRU
2017-08-16 14:19:38 -06:00
Jacob Barthelmeh
1dc2889388
fix potential memory leaks
2017-08-04 16:49:31 -06:00
Jacob Barthelmeh
01099fd97e
cast for when compiling with g++-7
2017-07-31 16:58:53 -06:00
dgarske
05ed5cafc2
Merge pull request #1061 from SparkiDev/tls13_leantls
...
Fixes for LEANTLS and TLS13 builds
2017-07-25 21:01:00 -07:00
Sean Parkinson
038d16212f
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
Sean Parkinson
59450e83fa
Fix memory leak when not using fast math.
2017-07-26 09:48:34 +10:00
Sean Parkinson
31ac379c4f
Code review fixes
...
Change verify depth and set curve to be compiled in whe using:
OPENSSL_EXTRA
Fix comparison of curve name strings to use ecc function.
Fix verify depth check when compiling with both OPENSSL_EXTRA and
WOLFSSL_TRUST_PEER_CERT.
2017-07-06 15:32:34 +10:00
Sean Parkinson
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
Sean Parkinson
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
Sean Parkinson
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
David Garske
68439d4317
Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure.
2017-06-14 15:11:43 -07:00
David Garske
88afc7a92f
Progress on dynamic type cleanup for over-use of tmp_buffer. Increases performance on NUMA memory platform having ability to be more selective about the types that are NUMA allocated for use against QuickAssist hardware.
2017-06-14 15:11:43 -07:00
David Garske
40d94724eb
Added async hardware support for p_hash (PRF). Fix BuildTls13HandshakeHmac to use async devId. Rename poor global variable names for rng with QSH/NTRU.
2017-06-14 15:11:43 -07:00
Sean Parkinson
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
David Garske
adf819458c
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
David Garske
ce231e0cbc
Fixes for asynchronous TLS 1.3. Fixes for PK_CALLBACKS with async. New helper API's for wolfSSL_CTX_GetDevId and wolfSSL_CTX_GetHeap. Fix for build to not include tls13.c if not enabled to suppress empty object file warning. Fix typo in fe_low_mem.c. General cleanup. Extra tls13.c debug messages.
2017-06-12 11:42:48 -07:00
toddouska
1d2b4226a4
Merge pull request #959 from SparkiDev/tls_pss_fix
...
Fix check for PSS availability in peer
2017-06-12 11:20:29 -07:00
Sean Parkinson
044417ba01
Fix for cache only SNI and TLS v1.3
2017-06-12 09:46:50 +10:00
Sean Parkinson
613d30bcae
ED25519 TLS support
2017-06-08 09:26:49 +10:00
Sean Parkinson
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
Sean Parkinson
0b32d0368f
Updates for Draft 20 of TLS v1.3
2017-06-02 15:59:49 +10:00
toddouska
6b09a7c6e1
Merge pull request #922 from SparkiDev/tls_pss
...
TLS v1.2 and v1.3 RSA PSS
2017-05-23 14:57:10 -07:00
toddouska
9f5f1dd00f
Merge pull request #936 from SparkiDev/cplusplus
...
Compiling with g++ when configured with --enable-distro
2017-05-22 16:02:56 -07:00
Sean Parkinson
47d04ebaff
Fix from review.
2017-05-23 08:54:25 +10:00
Sean Parkinson
15a2323c09
Compiling with g++ when configured with --enable-distro
2017-05-22 10:14:02 +10:00
Sean Parkinson
4390f4c711
TLS v1.2 and PSS
...
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
2017-05-19 11:49:43 +10:00
Sean Parkinson
5ef977aa3d
Put X25519 behind P256
...
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
Sean Parkinson
9fb6373cfb
Get PSS going on server side
2017-05-18 15:36:01 +10:00
Sean Parkinson
63a6618feb
Enable X25519 for Key Exchange in TLS
2017-05-17 08:58:12 +10:00