wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:32:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,125 Commits 12 Branches 184 Tags
8c008b81aca355d99e787edb3f588b6bc48cdc73
Commit Graph

772 Commits

Author SHA1 Message Date
toddouska
014bd21df0 Merge pull request #3983 from tmael/tls_down 
TLS minimum downgrade option
 2021-05-05 15:38:45 -07:00
Hideki Miyazaki
0e40293798 added psk session callback 2021-04-28 10:08:21 +09:00
toddouska
40fe746710 Merge pull request #3942 from dgarske/get_static_ephemeral 
Added API's for getting pointer to loaded static ephemeral key
 2021-04-23 15:54:46 -07:00
Tesfa Mael
0c16ef4b29 Check for TLS downgrade 2021-04-23 14:45:35 -07:00
Daniel Pouzzner
9c7ee3fa64 examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static(). 2021-04-22 00:20:12 -05:00
Daniel Pouzzner
0cf9bacf1b WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths. 2021-04-21 17:34:47 -05:00
Daniel Pouzzner
660e64cdff examples/server/server.c: clean up wolfsentry printfs. 2021-04-21 03:19:55 -05:00
Daniel Pouzzner
cb976db02b server.c: update for wolfSentry API changes. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
6175e11156 server.c: update wolfsentry_init() usage (hpi pointer). 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a examples/server: fix wolfSentry integration to handle DTLS correctly. 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz
70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske
e13c93d493 Added API's for getting pointer to load static ephemeral key. 2021-04-05 13:40:48 -07:00
David Garske
a22defec50 Fix for availability of wolfSSL_SESSION_print. 2021-03-26 15:39:55 -07:00
David Garske
95ff75c43d Fix for wolfSSL_SESSION_print 2021-03-26 13:41:11 -07:00
David Garske
f65e1f1f09 Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined. 2021-03-26 13:23:00 -07:00
JacobBarthelmeh
13d81f1fb9 Merge pull request #3902 from dgarske/snicb 
Fix for SNI recv callback
 2021-03-24 15:34:35 +07:00
David Garske
9313d59479 Fix for SNI callback 
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
 2021-03-22 11:28:16 -07:00
Hideki Miyazaki
4650aaf4fb addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki
b4a573ca98 Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh
c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Eric Blankenhorn
5e953d5968 Typo in client example 2021-03-08 17:31:12 -06:00
Hideki Miyazaki
9bae05525c addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki
141d07e21b addressed pre-review comments 2021-03-05 08:19:16 +09:00
Hideki Miyazaki
e39477c531 initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
John Safranek
e9cdcf5bac Merge pull request #3764 from embhorn/zd11668 
Fix typo
 2021-02-22 14:12:12 -08:00
Eric Blankenhorn
2c2bdca200 Fix typo 2021-02-11 12:27:43 -06:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Juliusz Sosinowicz
542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
toddouska
6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
Eric Blankenhorn
a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
David Garske
219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Eric Blankenhorn
50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
Daniel Pouzzner
764b3cf09d examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code. 2020-12-28 17:49:58 -06:00
Chris Conlon
16ce8e077a only call wolfSSL_UseKeyShare() in example client with TLS 1.3 2020-12-16 12:06:35 -07:00
Sean Parkinson
75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche
5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
9183c35fb8 Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche
2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
Hayden Roche
e035eb8f8a Add an option to the example client to simulate WANT_WRITE errors. 
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
  This callback alternates between letting the TX through and returning a
  WANT_WRITE error.
 2020-11-13 10:30:24 -06:00