Commit Graph

186 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 3abcdf059a Chacha-Poly AEAD fix for SCR
Wrong cipher material was being used when using Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
2021-03-23 10:38:48 +01:00
toddouska 3ac03d3d66 Merge pull request #3805 from JacobBarthelmeh/copyright
update copyright date to 2021
2021-03-15 16:16:50 -07:00
Sean Parkinson a55e94cf6f ECCSI and SAKKE: add support
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson eda1b52ee2 TLS 1.3 integrity only: initialize HMAC
Ensure the HMAC object is initialized when allocated.
2021-01-15 11:27:26 +10:00
Tesfa Mael 890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
Juliusz Sosinowicz d2542dcf38 Restore StoreKeys functionality for TLS case 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz eb910a64d0 Comments and formatting 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 651a7a97b9 Add secure renegotiation to DTLS 1.2
- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and  `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
2020-06-12 11:36:43 +02:00
Tesfa Mael d5241bbcc6 Coverity fix 2020-06-02 15:35:27 -07:00
Sean Parkinson eed5943b6f Fix TLS 1.3 integrity only for interop
Make key size the size of the digest.
2020-05-25 16:02:53 +10:00
Sean Parkinson 411aee6e05 Fixes from cppcheck
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
toddouska 5de27443d0 Merge pull request #2596 from dgarske/mqx_fio_cleanup
Support for MQX 5.0 and cleanup of the MQX includes
2019-11-19 11:49:03 -08:00
John Safranek 8347d00bf2 Maintenance BLAKE2
1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
2019-11-18 13:31:15 -08:00
David Garske 1542482cd5 Cleanup of the MQX file headers for STDIO. Cleanup of fio.h and nio.h includes to use wc_port.h. ZD 9453. 2019-11-18 12:14:34 -08:00
Hideki Miyazaki 5c5aa45a5e addressed review comments
tsip_usable() reconstruction
2019-09-19 14:35:23 +09:00
Hideki Miyazaki 5c6f6fdb7d Renesas TSIP Support
merged from private repo

removed unneccessary #include
make line as 80 characters
added simple tls server
Disable TLS-linked API use when being SERVER SIDE, still use certificate verify API
Added utility tools, generate signature arrays etc
added vars to store tsip hmac keys
fix build failure when disabling dc_printf
2019-09-19 11:18:52 +09:00
Sean Parkinson 24e98dd05e Add support for Encrypt-Then-MAC to TLS 1.2 and below
An extension is used to indicate that ETM is to be used.
Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-29 09:00:30 +10:00
Sean Parkinson 51dfc35aac TLS 1.3 and Integrity-only ciphersuites 2019-08-02 11:00:18 +10:00
David Garske 5067d1fc10 Merge pull request #2328 from kaleb-himes/ZD-5373-TIRTOS
Updating for TI hardware offload with latest version of wolfSSL
2019-07-16 11:43:56 -07:00
John Safranek 45b280a53e RSA Null MD5 cipher suite
1. Add the cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer.
2. Added TLS_RSA_WITH_NULL_MD5 to the suite test.
2019-07-10 14:32:14 -05:00
kaleb-himes b8c6bc0d7f Changes following peer review, add defines to disable for any HW port 2019-07-08 16:28:35 -06:00
John Safranek 246c444b93 Updates for v4.0.0
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
toddouska 9c9221432f Merge pull request #2087 from ejohnstown/aesgcm
Update TLS for AES-GCM/CCM changes
2019-02-20 11:43:06 -08:00
David Garske c2fbef2f7f Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c. 2019-02-19 13:01:21 -08:00
John Safranek e2d7b402e7 Update so TLSv1.3 will work. Needed to make the implicit IVs full sized
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
2019-02-14 12:04:32 -08:00
John Safranek cd7f8cc653 Update AES-GCM/CCM use in TLS with a wrapper to select the correct API
depending on using old FIPS, or non-FIPS/FIPSv2.
2019-02-14 12:04:05 -08:00
John Safranek 67e70d6cb6 Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on
encrypt rather than take the IV as an input.
2019-02-14 12:04:05 -08:00
David Garske 7e3082906e Fix for ensuring devId is passed into symmetric init. 2019-02-12 16:03:10 -08:00
Sean Parkinson 1ab17ac827 More changes to minimize dynamic memory usage.
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
Sean Parkinson f487b0d96a Config option to disable AES-CBC
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
Sean Parkinson 6d3e145571 Changes to build with X25519 and Ed25519 only
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
thivyaashok 7d425a5ce6 Added support for an anonymous cipher suite (#1267)
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
David Garske 481f4765eb Cleanup to remove duplicate MAX_DIGEST_SIZE in hmac.h and refactor to use WC_MAX_DIGEST_SIZE. Cleanup for HMAC to include hash.h and refactor HMAC_BLOCK_SIZE to WC_HMAC_BLOCK_SIZE. Fix build warning in benchmark.c with unused variable if features are disabled. 2018-01-11 09:52:49 -08:00
David Garske 911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske 6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
John Safranek 0fee243b75 Multicast DTLS
Restored the multicast key setting code that was lost during rebase.
2017-07-19 14:01:29 -07:00
John Safranek 0457df83d4 Multicast
1. When setting the key data, use same keys for server and client
   sides of the different keys. This feels a little kludgey, and
   won't work when using separate senders and listeners who may
   use unicast messages. But this works for the all peers are
   multicast senders case.
2017-07-19 13:33:57 -07:00
John Safranek 0838a3828b Multicast DTLS
1. Added new cipher suite for use with Multicast DTLS,
   WDM_WITH_NULL_SHA256. (It should be a private suite.)
2. Update the API test to use the new suite.
2017-07-19 13:26:23 -07:00
Sean Parkinson 5bddb2e4ef Changes for Nginx
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
Sean Parkinson 350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
Sean Parkinson 8dbd9a88ee Fix for CCM - TLS v1.3 needs all nonce/IV bytes 2017-06-12 14:21:43 +10:00
jrblixt 6acd5dafa7 Changes from Todd's code review. 2017-05-16 12:58:07 -06:00
jrblixt 606aca9916 Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev 2017-05-12 02:04:58 -06:00
Sean Parkinson 2b1e9973ec Add TLS v1.3 as an option 2017-05-04 14:51:30 -07:00
David Garske be6b12a350 Build fixes to address Jenkins reports. Additionally tested with enable-distro and small-stack identified issue in ssl.c (note: we need to add this combination to Jenkins). 2017-04-25 11:10:36 -07:00