wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 04:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,466 Commits 12 Branches 184 Tags
4eff3ff3dd02898eabfb2bffe7e674051e3345f3
Commit Graph

2070 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
4eff3ff3dd Add a reason text for APP_DATA_READY 2021-06-23 13:43:56 +02:00
John Safranek
a5852fe440 Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor 
Refactor `dtls_expected_peer_handshake_number` handling
 2021-06-22 16:29:45 -07:00
Sean Parkinson
eccfb4f632 Merge pull request #4125 from dgarske/sniffer_etsi 
TLS: Fixes for sniffer and static ephemeral keys
 2021-06-23 09:17:13 +10:00
Chris Conlon
4b3bd3e384 Merge pull request #4049 from miyazakh/set_verifyDepth_3 
Set verify depth limit
 2021-06-22 10:23:43 -06:00
Chris Conlon
b050463dce Merge pull request #4059 from miyazakh/qt_unit_test 
fix qt unit test
 2021-06-22 10:12:48 -06:00
David Garske
67b87a8883 Merge pull request #4127 from douzzer/wolfsentry-client 
outbound connection filtering and wolfSentry integration
 2021-06-22 07:27:18 -07:00
David Garske
c4ea64b7fc Merge pull request #4140 from SparkiDev/set_sig_algs 2021-06-21 19:18:10 -07:00
Sean Parkinson
7224fcd9bc TLS: add support for user setting signature algorithms 2021-06-18 16:19:01 +10:00
Hideki Miyazaki
23fc810b3c added more context 2021-06-18 11:10:13 +09:00
Hideki Miyazaki
ddf2a0227f additional fix for set verify depth to be compliant with openssl limit 2021-06-18 11:00:51 +09:00
Hideki Miyazaki
2bbf7cc0fb addressed review comments 2021-06-18 10:49:24 +09:00
Daniel Pouzzner
93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. 
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
 2021-06-17 20:05:40 -05:00
Hideki Miyazaki
951de64e2c set PSK at the beginning 2021-06-18 07:59:35 +09:00
Hideki Miyazaki
976b6ae97c not push CA, revert error code when being OpensslExtra mode 2021-06-18 07:59:33 +09:00
Sean Parkinson
98ce4e901a TLS EtM: check all padding bytes are the same value 
Must be constant time so as not to provide an oracle.
That is, don't leak length of data and padding.
 2021-06-18 08:42:48 +10:00
David Garske
4bff3b6c69 Fix issue with WOLFSSL object copying CTX and object free'ing. Track ownership of the static key info. 2021-06-17 15:12:07 -07:00
Sean Parkinson
12c358bc30 Merge pull request #3979 from dgarske/tls13_async 
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
 2021-06-15 10:02:19 +10:00
David Garske
831e1713f1 Merge pull request #4076 from TakayukiMatsuo/st_timeout 
Add session ticket timeout check in DoSessionTicket
 2021-06-14 13:44:32 -07:00
Juliusz Sosinowicz
1ee0c3a7fd Refactor dtls_expected_peer_handshake_number handling 
Moving the `dtls_expected_peer_handshake_number` value along has been moved to one location. It has also been changed to not keep state before a cookie exchange has been completed.
 2021-06-14 15:51:04 +02:00
David Garske
2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement 
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
 2021-06-11 14:12:12 -07:00
TakayukiMatsuo
1a9b59b183 Add macro guard for LowResTimer 2021-06-11 11:58:55 +09:00
John Safranek
4e881a226a Merge pull request #4088 from julek-wolfssl/dtls-mtu-define 
Change magic number 100 bytes to an enum define
 2021-06-10 09:22:08 -07:00
Sean Parkinson
7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske
c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
David Garske
a6edff7bd5 Merge pull request #4017 from SparkiDev/not_ecc_pk_cb 
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
 2021-06-09 12:38:37 -07:00
Sean Parkinson
8ee1dda2f9 Merge pull request #4001 from dgarske/time_long 
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
 2021-06-08 11:17:55 +10:00
Juliusz Sosinowicz
588a424d8d Change magic number 100 bytes to an enum define 2021-06-04 11:27:57 +02:00
David Garske
21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
TakayukiMatsuo
69cf5ef266 Chage to use WOLFSSL_SESSION.bornON instead of WOLFSSL_SESSION.timestamp to hold the ticket creation time. 2021-06-01 15:30:07 +09:00
TakayukiMatsuo
5f7477980c Add session ticket timeout check in DoSessionTicket 2021-06-01 00:09:50 +09:00
Sean Parkinson
6747055d46 TLS: fix build with no TLSv12 but PK callbacks 
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
 2021-05-21 10:59:23 +10:00
Sean Parkinson
2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Chris Conlon
c75830e2e8 Merge pull request #4011 from miyazakh/set_verify_depth2 
fix out of bound access when peer's chain is greater than verifyDepth + 1
 2021-05-11 15:38:39 -06:00
John Safranek
a608b083b4 Take into account a new flag in the DTLS state export and import. 2021-05-10 09:33:38 -07:00
Sean Parkinson
8779c3a884 ECC: Disable ECC but have Curve25519/448 and PK callbacks fix 
Fix ed25519 certificates.
Tidy up testsuite.c
 2021-05-10 10:32:55 +10:00
Hideki Miyazaki
0539b99c86 fix boundary access when peer's chain is less than verifyDepth + 1 2021-05-06 14:54:16 +09:00
David Garske
f8ecd4b441 Fixes for building with NO_ASN_TIME. If used with TLS user must supply LowResTimer and TimeNowInMilliseconds. 2021-04-30 15:04:31 -07:00
Elms
d20f7e7143 fix define gates for AddFragHeaders with DTLS 
fixes build with `./configure --enable-dtls --disable-asn`
 2021-04-24 07:23:50 -07:00
toddouska
bbda833909 Merge pull request #3720 from elms/deos/project_files 
DEOS: Add project files for shared library
 2021-04-23 15:44:33 -07:00
Daniel Pouzzner
0cf9bacf1b WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths. 2021-04-21 17:34:47 -05:00
Daniel Pouzzner
0afcd4227b ssl.c/internal.c: refactor _EX_DATA_CLEANUP_HOOKS cleanup in _free() routines to use a common wolfSSL_CRYPTO_cleanup_ex_data() routine; remove superfluous WOLFSSL_API qualifiers in ssl.c. 2021-04-21 12:20:56 -05:00
Daniel Pouzzner
23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
4458ed37c1 fix a couple stray WOLFSSL_NETWORK_INTROSPECTION gates that needed to be WOLFSSL_WOLFSENTRY_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
John Safranek
38ff193368 Merge pull request #3962 from julek-wolfssl/dtls-allow-future 
Change default DTLS future packet behaviour
 2021-04-20 17:32:42 -07:00
Elms
57f4adf438 DEOS: updated memory and add DTLS 
Tested: DDC-I 9.2.0r94156 and OpenArbor on PPC hardware
 2021-04-16 15:39:19 -07:00
Juliusz Sosinowicz
2bc2a911d7 Change default DTLS future packet behaviour 
This is a better default for most users. Most users who make use of DTLS, allow messages from "too far into the future". It makes sense that DTLS may lose connection for a period of time and will lose all messages from this period. Losing connection effectively stalls the wolfSSL DTLS connection.
 2021-04-16 19:27:39 +02:00
Juliusz Sosinowicz
70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00