Commit Graph

2509 Commits

Author SHA1 Message Date
toddouska 88f923a2a1 Merge pull request #2338 from ejohnstown/md5-null-suite
RSA-NULL-MD5 cipher suite
2019-07-11 11:15:48 -07:00
John Safranek 45b280a53e RSA Null MD5 cipher suite
1. Add the cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer.
2. Added TLS_RSA_WITH_NULL_MD5 to the suite test.
2019-07-10 14:32:14 -05:00
Chris Conlon 9cd6a992c5 Merge pull request #2295 from kojo1/RSA4096
Static RSA4096
2019-07-10 09:40:41 -06:00
Sean Parkinson e01f9961ac Fix duplicate definitions in internal.h (new PSS defines) 2019-07-09 08:49:04 +10:00
toddouska 97a6dc9e7e Merge pull request #2316 from SparkiDev/tls13_ext_fixes
TLS 1.3 extension fixes
2019-07-08 14:13:55 -07:00
toddouska 36920b1469 Merge pull request #2314 from SparkiDev/tls13_fixes
TLS 1.3 ClientHello rework and other fixes
2019-07-08 13:14:37 -07:00
toddouska d824b78af0 Merge pull request #2323 from dgarske/various_fixes
Various fixes, improvements to build options for reduced code size and static benchmarks
2019-07-08 13:02:22 -07:00
toddouska baf65f4f43 Merge pull request #2327 from JacobBarthelmeh/Compatibility-Layer
add wolfSSL_PEM_write_DHparams implementation
2019-07-08 12:58:10 -07:00
toddouska 406ff31fc8 Merge pull request #2311 from SparkiDev/tls12_ffdhe_fix
Better support for TLS 1.2 and FFDHE
2019-07-08 12:55:03 -07:00
toddouska 1070aba5e2 Merge pull request #2308 from SparkiDev/resumption_fix
Don't resume if stored session's ciphersuite isn't in client list
2019-07-08 12:52:59 -07:00
toddouska 2610d9ce94 Merge pull request #2307 from SparkiDev/pick_hash_sig
Improve hash and signature algorithm selection
2019-07-08 12:51:36 -07:00
toddouska 2a4b935e07 Merge pull request #2299 from JacobBarthelmeh/DTLS-MultiCore
DTLS export/import state only
2019-07-08 12:47:13 -07:00
toddouska cc453c6c12 Merge pull request #2262 from ejohnstown/sniffer-watch
Sniffer watch
2019-07-08 12:45:35 -07:00
Jacob Barthelmeh 4cf8923838 make wc_DhParamsToDer a static function to avoid DhKey redefenition 2019-07-05 11:58:40 -06:00
Jacob Barthelmeh ab9d89cb31 cast on return and move location of function declaration 2019-07-03 15:20:08 -06:00
Jacob Barthelmeh f2bb5e8944 implementation of wolfSSL_PEM_write_DHparams 2019-07-02 17:42:33 -06:00
David Garske d5f3fa2ff8 Added DES3 Crypto callback support. 2019-07-02 10:15:53 -07:00
David Garske 01c9fa1830 Added NO_TFM_64BIT option to disable 64-bit for TFM only (also enabled with NO_64BIT. This allows other areas like SHA512/ChaCha20 to still have the 64-bit type, but not use it for TFM. 2019-07-02 09:36:08 -07:00
David Garske eba78cd87a Improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt.c. Adds --enable-pkcs12, HAVE_PKCS12/NO_PKCS12, HAVE_PKCS8 / NO_PKCS8 and HAVE_PBKDF1 / NO_PBKDF1. 2019-07-02 09:35:46 -07:00
John Safranek 21afcf17a8 Sniffer Watch Mode
1. Split the function ssl_SetWatchKey() into ssl_SetWatchKey_file()
which loads the key from a named file and ssl_SetWatchKey_buffer()
which loads the key from a provided buffer. file() uses buffer().
2019-07-01 13:50:28 -07:00
John Safranek b61803f165 Sniffer Watch Mode
Added the build option for the Watch mode for the sniffer. Instead of
setting a set of IP addresses and keys, you set a callback function.
When any TLS connection is started, the hook is called and a hash of the
peer certificate is given to the callback function. It has a chance to
load a private key into the sniffer session. Enable this option with the
build flag "WOLFSSL_SNIFFER_WATCH".
2019-07-01 13:50:28 -07:00
toddouska 4500f2d773 Merge pull request #2309 from SparkiDev/fallback_scsv
Fallback SCSV (Signaling Cipher Suite Value) support on Server only
2019-07-01 08:55:02 -07:00
Sean Parkinson 4ff9d951f6 TLS 1.3 ClientHello rework and other fixes
Do version negotiation first. Look for, parse and negotiate with
SupportedVersions extension upfront. Only need to handle TLS 1.3
ClientHello after this.
Any version greater than TLS 1.2 in Legacy Version field is translated
to TLS 1.2.
Fix preMasterSz to when not using PreSharedKey.
Not finsing KeyShare in ClientHello sends a missing_extension alert.
Decoding signature algorithms in new TLS 1.3 range now returns error
when not recognized.
Don't allow RSA PKCS #1.5 signatures to be verified.
Fix accept when downgraded from TLS 1.3 to go to wolfSSL_accept.
Fix server state when sending ChangeCipherSpec for MiddleBox
compatability.
Send a new session ticket even when resuming.
2019-07-01 13:22:21 +10:00
Sean Parkinson 1d05503d20 TLS 1.3 extension fixes
When major version is TLS Draft then this is now ignored.
If version negotitation occurs but none matched then send an alert and
return an error.
Store the rsa_pss_pss_* signature algorithms in the bit mask.
KeyShare Entry parsing returns INVALID_PARAMETER when length is 0 and
results in a different alert being sent.
Check negotiated protocol version is not TLS 1.3 when determing whether
to parse point formats.
2019-07-01 12:20:37 +10:00
Sean Parkinson e96ede65ce Don't resume if stored session's ciphersuite isn't in client list
Turn this check off with NO_RESUME_SUITE_CHECK.
2019-06-28 16:23:41 +10:00
Sean Parkinson 46a2a437d4 Better support for TLS 1.2 and FFDHE
If not FFDHE parameters in list then use existing.
If FFDHE parameters present but none matching then let the ciphersuite
match process fail when DHE must be used.
2019-06-28 16:12:23 +10:00
Sean Parkinson a3e4a2fd6e Fallback SCSV (Signaling Cipher Suite Value) support on Server only 2019-06-28 15:35:56 +10:00
Sean Parkinson 8312ceb14c Improve hash and signature algorithm selection
Return error when no hash-signature algorithm is possible.
2019-06-28 14:31:40 +10:00
Sean Parkinson 5f9a851adb Add detection of oversized encrypted data and plaintext 2019-06-28 12:01:35 +10:00
Chris Conlon f51a8fffde Merge pull request #2265 from JacobBarthelmeh/Testing
fix check on ret value and add test case
2019-06-27 14:02:01 -06:00
Sean Parkinson 8bea016d69 Merge pull request #2277 from julek-wolfssl/arm-poly1305
ARM Poly1305
2019-06-27 09:21:09 +10:00
toddouska da5357cadd Merge pull request #2301 from SparkiDev/dh_pubval_check
Simple checks of DH public value from peer.
2019-06-26 09:20:49 -07:00
toddouska 53c1a6c264 Merge pull request #2283 from dgarske/extern_c
Fixes for cpp extern c
2019-06-25 11:25:39 -07:00
toddouska eceb460cff Merge pull request #2287 from ejohnstown/sniffer-stats
Sniffer Statistics
2019-06-25 11:22:24 -07:00
David Garske dcdd6d6d6f Cleanup around include of wolfmath.h and shared math macros. Fix for SP math case with WOLFSSL_BIGNUM. 2019-06-25 07:06:33 -07:00
David Garske a9fff57063 Add extern "C" to headers. Some files are missing this, which can cause issues with some compilers when using the C++ mode. 2019-06-25 07:05:46 -07:00
Sean Parkinson ee023c6bf4 Simple checks of DH public value from peer.
Add test for wc_DhCheckPubValue
2019-06-25 11:12:33 +10:00
John Safranek 26384d4936 Sniffer Stats
Upgrade the sniffer stats to unsigned long ints.
2019-06-24 16:16:05 -07:00
toddouska 15552be934 Merge pull request #2280 from cconlon/selftestccm
CAVP self test build fixes for AES-CCM and PKCS7
2019-06-24 15:55:18 -07:00
toddouska 036f6a1177 Merge pull request #2281 from ejohnstown/evp-legacy
Legacy EVP_CipherFinal addition
2019-06-24 15:54:43 -07:00
toddouska 56d7da3130 Merge pull request #2284 from dgarske/api_test
Fixes for track memory and API unit test cleanup
2019-06-24 15:53:32 -07:00
toddouska 2ba89cb7a9 Merge pull request #2289 from SparkiDev/sp_prime_fix
When checking primes call only available SP ModExp functions
2019-06-24 15:39:03 -07:00
John Safranek 8439beb525 Sniffer Statistics
1. Moved sslKeyFails.
2. Added sslEphemeralMisses, sslEncryptedConns, sslDecodeFails.
3. Removed the Rehandshake stats as the sniffer does not support rehandshaking.
4. Removed two of the per second stats as they seemed redundant.
5. Added a function to atomically read and reset the sniffer statistics.
2019-06-24 09:54:42 -07:00
John Safranek 0eaccb7259 Removed some redundant comments from the sniffer header. 2019-06-24 09:54:42 -07:00
John Safranek 9715431921 Sniffer Statistics
1. Wrapped the added code for statistics in a preprocessor guard.
2. Added a check for the current cipher suite and if it is on the list
of allowed suites. Guarded by the statistics option.
3. Added more statistics from the list.
2019-06-24 09:54:42 -07:00
John Safranek c600f7659a Sniffer Statistics
Added more of the statistics.
2019-06-24 09:54:42 -07:00
John Safranek 2ee7d05dcc Sniffer Statistics
1. Added a structure for all the statistics to be kept.
2. Added a global to track the statistics.
3. Added a copy function to get a copy of the statistics.
4. Added a reset function for the statistics.
5. Handle the alert messages in statistics.
2019-06-24 09:54:42 -07:00
Juliusz Sosinowicz 71fe3313d3 Cleanup poly1305 struct 2019-06-24 09:43:55 +02:00
Juliusz Sosinowicz f42c94e3bc Cleanup code and align labels 2019-06-24 09:42:07 +02:00
Juliusz Sosinowicz 0fed159abd Poly1305 ARM64 optimization 2019-06-24 09:42:07 +02:00