wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 18:12:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,034 Commits 12 Branches 184 Tags
7e87c01a7dac2ece52d1d81f7bc64b04ef8274ca
Commit Graph

410 Commits

Author SHA1 Message Date
toddouska
40fe746710 Merge pull request #3942 from dgarske/get_static_ephemeral 
Added API's for getting pointer to loaded static ephemeral key
 2021-04-23 15:54:46 -07:00
Daniel Pouzzner
9c7ee3fa64 examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static(). 2021-04-22 00:20:12 -05:00
Daniel Pouzzner
0cf9bacf1b WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths. 2021-04-21 17:34:47 -05:00
Daniel Pouzzner
660e64cdff examples/server/server.c: clean up wolfsentry printfs. 2021-04-21 03:19:55 -05:00
Daniel Pouzzner
cb976db02b server.c: update for wolfSentry API changes. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
6175e11156 server.c: update wolfsentry_init() usage (hpi pointer). 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a examples/server: fix wolfSentry integration to handle DTLS correctly. 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz
70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske
e13c93d493 Added API's for getting pointer to load static ephemeral key. 2021-04-05 13:40:48 -07:00
David Garske
f65e1f1f09 Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined. 2021-03-26 13:23:00 -07:00
Hideki Miyazaki
4650aaf4fb addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki
b4a573ca98 Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh
c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Hideki Miyazaki
9bae05525c addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki
e39477c531 initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Juliusz Sosinowicz
542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
toddouska
6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
Eric Blankenhorn
a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
David Garske
219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Eric Blankenhorn
50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche
5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
9183c35fb8 Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche
2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
Daniel Pouzzner
7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
Daniel Pouzzner
fda84576b0 name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
b918e1fd4c examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. 2020-10-28 17:28:05 -05:00
toddouska
7c89d10e53 Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
Jacob Barthelmeh
6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
JacobBarthelmeh
bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Juliusz Sosinowicz
a7fdfbaf40 Passing scr-app-data in to -i to client sends a message during SCR 
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
 2020-10-06 17:28:23 +02:00
Daniel Pouzzner
10bf7a2086 examples/: fix undersized array lengths in client_usage_msg and server_usage_msg. 2020-09-23 18:32:16 -05:00
Sean Parkinson
4ed3438be0 TLS 1.3: Post-handshake Authentication and resumption secret 
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
 2020-09-23 17:09:06 +10:00
Juliusz Sosinowicz
a65ffe15bc Implement non-blocking SCR on server side 2020-09-09 21:41:20 +02:00
Juliusz Sosinowicz
605b274442 Jenkins fixes 2020-08-28 12:04:11 +02:00
Juliusz Sosinowicz
52df9d6c69 TLS and DTLS both need to support APP DATA during SCR 
Also some misc fixes
 2020-08-27 21:13:19 +02:00
Juliusz Sosinowicz
8b934624f5 DTLS non-blocking scrwith example 2020-08-25 11:26:20 +02:00