wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 21:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,397 Commits 12 Branches 184 Tags
100d765b0c333ec00a111ce7c19be6f1bf4070a5
Commit Graph

525 Commits

Author SHA1 Message Date
Daniel Pouzzner
6175e11156 server.c: update wolfsentry_init() usage (hpi pointer). 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a examples/server: fix wolfSentry integration to handle DTLS correctly. 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz
70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske
e13c93d493 Added API's for getting pointer to load static ephemeral key. 2021-04-05 13:40:48 -07:00
David Garske
f65e1f1f09 Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined. 2021-03-26 13:23:00 -07:00
Hideki Miyazaki
4650aaf4fb addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki
b4a573ca98 Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh
c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Hideki Miyazaki
9bae05525c addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki
e39477c531 initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Juliusz Sosinowicz
542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
toddouska
6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
Eric Blankenhorn
a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
David Garske
219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Eric Blankenhorn
50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche
5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
9183c35fb8 Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche
2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
Daniel Pouzzner
7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
Daniel Pouzzner
fda84576b0 name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
b918e1fd4c examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. 2020-10-28 17:28:05 -05:00
toddouska
7c89d10e53 Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
Jacob Barthelmeh
6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
JacobBarthelmeh
bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Juliusz Sosinowicz
a7fdfbaf40 Passing scr-app-data in to -i to client sends a message during SCR 
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
 2020-10-06 17:28:23 +02:00
Daniel Pouzzner
10bf7a2086 examples/: fix undersized array lengths in client_usage_msg and server_usage_msg. 2020-09-23 18:32:16 -05:00
Sean Parkinson
4ed3438be0 TLS 1.3: Post-handshake Authentication and resumption secret 
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
 2020-09-23 17:09:06 +10:00
Juliusz Sosinowicz
a65ffe15bc Implement non-blocking SCR on server side 2020-09-09 21:41:20 +02:00
Juliusz Sosinowicz
605b274442 Jenkins fixes 2020-08-28 12:04:11 +02:00
Juliusz Sosinowicz
52df9d6c69 TLS and DTLS both need to support APP DATA during SCR 
Also some misc fixes
 2020-08-27 21:13:19 +02:00
Juliusz Sosinowicz
8b934624f5 DTLS non-blocking scrwith example 2020-08-25 11:26:20 +02:00
Kaleb Himes
d96f86fcd9 Merge branch 'master' into GH2998_REWORK_FOLLOWUP 2020-07-30 09:47:48 -06:00
toddouska
e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
John Safranek
839044d9e1 1. Remove dead assignment from client test. 
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
 2020-07-23 12:26:49 -07:00
John Safranek
98ae3a2352 Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test. 2020-07-22 13:20:23 -07:00
David Garske
4e637ddf10 Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases. 2020-07-21 13:34:25 -07:00