Commit Graph

4366 Commits

Author SHA1 Message Date
David Garske c0a664a8e5 Merge pull request #3200 from douzzer/20200805
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
2020-08-07 16:32:52 -07:00
toddouska 1724347f7a Merge pull request #3091 from julek-wolfssl/sess-serialization
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
Eric Blankenhorn 064bfa583d Fix CheckAltNames to handle IP type 2020-08-07 10:12:56 -05:00
toddouska 82d927d40f Merge pull request #3199 from dgarske/openssl_sha
Fix for building openssl compat without SHA-1
2020-08-06 15:59:26 -07:00
Daniel Pouzzner 758665e347 Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske) 2020-08-06 17:49:55 -05:00
Sean Parkinson 132adeac14 Merge pull request #3188 from julek-wolfssl/missing-cipherExtraData
Move `cipherExtraData` so that it is available when HAVE_SESSION_TICKET
2020-08-07 08:18:57 +10:00
toddouska e121139178 Merge pull request #3179 from ejohnstown/suitesz
Suite Size Check
2020-08-06 11:05:10 -07:00
toddouska 4e9d49556e Merge pull request #3194 from SparkiDev/unit_fix_1
Fix unit.test to not fail randomly
2020-08-06 10:51:12 -07:00
David Garske 435eabfb4b Fix build error with unused variables. Added compat function for X509_add_ext. 2020-08-06 07:51:04 -07:00
Sean Parkinson 8afd629a30 Fix unit.test to not fail randomly
Get the serial number from the certificate to calculate the encoding size.
Fix making of the certificate to copy serial number out if not already set.
2020-08-06 08:52:21 +10:00
David Garske c421445ba9 Added no SHA-1 hash support for OPENSSL compatibility. Fix for ./configure --enable-opensslextra --disable-sha. This allows using SHA2-256 for the hashing including the derived issuerHash and subjectHash. Adds issuer hash openssl compatibility function X509_issuer_name_hash. 2020-08-05 14:43:24 -07:00
toddouska 8d00b015c1 Merge pull request #3182 from dgarske/configall_noold
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
2020-08-04 12:25:59 -07:00
toddouska 3e84f1c53f Merge pull request #2882 from dgarske/example_configs
Added area for template user_settings files in `examples/config`
2020-08-03 16:32:57 -07:00
Juliusz Sosinowicz 6c92116124 Move cipherExtraData so that it is available when HAVE_SESSION_TICKET 2020-08-03 15:32:49 +02:00
David Garske 4f91d60d22 Fixes for build issues without OPENSSL_EXTRA defined. 2020-07-31 15:25:58 -07:00
David Garske 197c21a508 Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0. 2020-07-31 13:54:08 -07:00
John Safranek fd4f8fe7a0 Suite Size Check
1. Check that the cipher suite size is even when doing the Client
   Hello message.
2. Check that the cipher suite size is a multiple of three when doing
   the Old Client Hello message.
3. Check that the hash/signature algorithm list size is even when
   processing the extensions.
2020-07-31 11:44:24 -07:00
toddouska ff08a01f94 Merge pull request #3171 from SparkiDev/tls13_fin_fix
TLS 1.3: Client requires cert_vfy before finished when not PSK
2020-07-31 11:28:24 -07:00
toddouska 64f6dc08f7 Merge pull request #3164 from SparkiDev/tls13_ocsp2
TLS 1.3 server MUST NOT use OCSP Status V2
2020-07-29 16:23:24 -07:00
Sean Parkinson f59a1fa295 TLS 1.3: Client requires cert_vfy before finished when not PSK 2020-07-29 10:21:34 +10:00
Sean Parkinson 76a35f2a77 TLS 1.3: Client with no certificate an error with define
WOLFSSL_NO_CLIENT_CERT_ERROR
2020-07-27 09:54:51 +10:00
Sean Parkinson b775058f49 TLS 1.3 server MUST NOT use OCSP Status V2
Parses the extension but does not use the information.
TLSX code change to ensure that the OCSP Status V2 extension is not
written out in EncryptedExtension, CertificateRequest nor Certificate
messages.
2020-07-27 09:32:14 +10:00
toddouska e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
David Garske 38cef2b3c9 Merge pull request #3151 from ejohnstown/dtls-size
DTLS Size Fix
2020-07-24 08:19:50 -07:00
JacobBarthelmeh 81475fac96 Merge pull request #3154 from embhorn/zd10651
Fix build error with X509_SMALL config
2020-07-23 13:34:29 -06:00
John Safranek 839044d9e1 1. Remove dead assignment from client test.
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
JacobBarthelmeh 303d0dfedb Merge pull request #3157 from embhorn/zd10631
Fix build issue with OPENSSL_EXTRA_X509_SMALL
2020-07-23 13:18:28 -06:00
toddouska e198f6e73b Merge pull request #3141 from SparkiDev/tls_cert_alert
Send more detail alerts for bad certificates
2020-07-22 16:46:14 -07:00
toddouska d75e6d4f55 Merge pull request #3131 from JacobBarthelmeh/Testing
add sanity check on padSz
2020-07-22 16:39:27 -07:00
Eric Blankenhorn 9b421ce497 Fix for config failure 2020-07-22 17:22:46 -05:00
Eric Blankenhorn 39271e9234 Fix build issue with OPENSSL_EXTRA_X509_SMALL 2020-07-22 14:08:57 -05:00
Eric Blankenhorn 89913076f1 Fix build error with X509_SMALL config 2020-07-21 16:36:30 -05:00
Sean Parkinson c45e192581 Send more detail alerts for bad certificates 2020-07-22 00:07:23 +10:00
John Safranek 5d5aa129ca When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602) 2020-07-20 16:14:53 -07:00
John Safranek 10c293a76c SCTP Test
1. Removed test cases for DTLSv1.0 that used AEAD ciphers.
2. Cleaned up some typos in the test configs.
3. Fixed typo in a WOLFSSL_SCTP ifdef check.
2020-07-20 15:03:48 -07:00
David Garske 9409d8682f Fix for building without session-ticket. 2020-07-17 15:22:35 -07:00
David Garske e15e0828bf Cleanup of the SHOW_SECRET debugging. Use only latest wolf API's (not older Cyassl names). 2020-07-17 15:22:35 -07:00
David Garske 3be390d50d Added TLS v1.3 session resumption support. TLS v1.3 uses session tickets and a resumption secret is derived after the "finished" message. This uses the internal static wolf session cache to retain the resumption secret between sniffer sessions. 2020-07-17 15:22:35 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support:
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
JacobBarthelmeh 01a01c373f sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object 2020-07-17 11:03:12 -06:00
toddouska 9137794cb4 Merge pull request #3105 from embhorn/zd10457_a
Adding wolfSSL_X509_check_ip_asc
2020-07-16 10:53:27 -07:00
Eric Blankenhorn f2b279e834 Update from review 2020-07-15 20:57:04 -05:00
toddouska fbe0c8cba7 Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
toddouska 925e9d9213 Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
Eric Blankenhorn 525a3cb9c3 Move API out of OPENSSL_EXTRA 2020-07-15 10:48:11 -05:00
Eric Blankenhorn d1a82589f9 Adding wolfSSL_X509_check_ip_asc 2020-07-15 10:48:11 -05:00
David Garske 12478a4534 Merge pull request #3128 from tmael/fips_ossl
Correct string truncation of XSTRNCAT
2020-07-14 17:17:27 -07:00
Jacob Barthelmeh a8736dd89d set heap hint for name malloc 2020-07-14 14:23:49 -06:00
toddouska 1caa6f860b Merge pull request #3088 from kaleb-himes/ZD10539
Change Hash union to wc_Hmac_Hash
2020-07-14 11:23:30 -07:00
Jacob Barthelmeh 173b9833fc fixes for edge build cases and static memory 2020-07-14 09:07:23 -06:00