Commit Graph

3220 Commits

Author SHA1 Message Date
Sean Parkinson c628562ee7 Fix the Old ClientHello detection with TLS 1.3 with new state
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
2018-12-13 17:06:00 +10:00
John Safranek dc82beea4e Mongoose Update
1. Add a couple more OpenSSL compatibility layer functions to the the HAVE_WEBSERVER option.
2018-12-10 11:28:32 -08:00
John Safranek bc4150af2c Mongoose Update
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
2018-12-10 11:28:32 -08:00
toddouska 6dfc723961 Merge pull request #1959 from SparkiDev/tls13_ems_down
Send EMS extension in ClientHello when downgradable from TLSv1.3
2018-12-06 07:42:55 -08:00
Sean Parkinson 1d5b99eecc Send EMS extension in ClientHello when downgradable from TLSv1.3 2018-12-06 09:41:22 +10:00
Sean Parkinson ab03f9291b Make RsaUnPad constant time when Block Type 2 message 2018-12-06 08:36:49 +10:00
toddouska 74eadf556e Merge pull request #1946 from ejohnstown/dh-speedup
DHE Speed Up
2018-12-05 12:22:21 -08:00
Jacob Barthelmeh d90e66da80 remove restriction on max key size with wolfSSL_DH_generate_key 2018-12-04 16:20:31 -07:00
John Safranek a55f11cdd8 DHE Speed Up
1. Also apply the setting to the client side.
2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:56:14 -08:00
John Safranek ff1a1dc5d5 DHE Speed Up
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
2018-11-29 17:04:04 -08:00
toddouska 8c0a55d43b Merge pull request #1939 from cconlon/selftestfix
exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build
2018-11-28 13:13:25 -08:00
toddouska 70305758d4 Merge pull request #1942 from SparkiDev/asn_trad_fix
Return ToTraditional API to original signature
2018-11-28 08:08:26 -08:00
toddouska 2827ef6a57 Merge pull request #1938 from SparkiDev/tls13_ext
Check for TLS 1.3 version in the method for extenstions.
2018-11-28 08:05:42 -08:00
Sean Parkinson 310ffd0045 Check for TLS 1.3 version in the method for extenstions.
During parsing of ClientHello, ServerHello and HelloRetryRequest, the
SSL object version may not be set to the negotiated version.
2018-11-28 14:59:43 +10:00
Sean Parkinson 918c769284 Return ToTraditional API to original signature 2018-11-28 12:27:57 +10:00
Chris Conlon a5e3b18252 exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build 2018-11-27 09:12:55 -08:00
toddouska 55bbffe3c6 Merge pull request #1932 from dgarske/maxfrag_reconf
Post-handshake max fragment size adjustment
2018-11-26 13:27:26 -08:00
toddouska 3afa9a3886 Merge pull request #1929 from ejohnstown/sniffer
Sniffer Updates
2018-11-26 13:24:31 -08:00
John Safranek 96b4ddad82 Sniffer Update
1. Collect the SSL Info capture into its own function.
2. Add a Trace function for the SSL Info.
3. When copying the IANA name for the cipher suite, use a strncpy
instead of a memcpy and cap the copy at the length of the destination.
Force a null terminator at the end of the destination, just in case.
4. Modify the snifftest to collect the SSL Info.
2018-11-21 11:29:28 -08:00
David Garske 7a24d4e46f Adds new WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST macro around non-standard feature. This allows for adjustment of the maximum fragment size post handshake. 2018-11-21 10:30:24 -08:00
toddouska f87c327fae Merge pull request #1933 from SparkiDev/tls13_ems
No Extended Master Secret in ServerHello if protocol TLSv1.3
2018-11-21 10:25:59 -08:00
toddouska f11809aa62 Merge pull request #1923 from JacobBarthelmeh/Testing
cast to resolve warning, check size of time_t, and check for null tes…
2018-11-21 10:17:23 -08:00
Sean Parkinson 5156641f2b No Extended Master Secret in ServerHello if protocol TLSv1.3 2018-11-20 08:38:14 +10:00
Sean Parkinson 95bd340de5 Add support for more OpenSSL APIs
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
David Garske e81436ffe9 Add support for altering the max-fragment size post-handshake using existing API wolfSSL_UseMaxFragment. 2018-11-19 13:26:48 -08:00
John Safranek 3599798aac Move a variable declaration to the start of a block instead of in the
middle.
2018-11-16 15:54:19 -08:00
John Safranek 6ee60bbb49 Sniffer Update
1. Adds a new function ssl_DecodePacketWithSessionInfo() that returns a
copy of the TLS session info (version and suite ID) for the packet that
is decoded.
2. Adds a new function DecodePacketInternal() that does the same work as
the old DecodePacket() with the additional Session Info behavior.
3. Both DecodePacket public functions call the internal version.
2018-11-16 15:00:06 -08:00
John Safranek d2989d9f43 Sniffer Fix
Drop a handshake message if it is split across TLS records. The likely
messages dropped are certificate and certificate request, which are
ignored by the sniffer.
2018-11-16 15:00:06 -08:00
Jacob Barthelmeh c307fd7af4 additional macro guards for disabling aescbc with opensslextra 2018-11-15 13:40:04 -07:00
Jacob Barthelmeh 0f4a06594e cast to resolve warning, check size of time_t, and check for null test case 2018-11-12 16:02:33 -07:00
toddouska 8689cc6a04 Merge pull request #1922 from SparkiDev/tls_pad_fix
Fix for checking of TLS padding when padding byte value > msg len
2018-11-12 13:20:35 -08:00
toddouska 0452594cf7 Merge pull request #1905 from SparkiDev/sp_thumb
Single Precision: ARM Thumb assembly implementation
2018-11-12 13:16:11 -08:00
Sean Parkinson 61c7be669b Fix for checking of TLS padding when padding byte value > msg len 2018-11-12 17:37:34 +10:00
David Garske b3d5999be9 Fix for unused variables with --disable-rsa --enable-tls13 case in InitSuites. 2018-11-08 15:54:06 -08:00
David Garske fcb40570e2 Fixes for warnings with possible use of uninitialized variable in async with DES3 and AES. 2018-11-08 15:39:52 -08:00
David Garske 6e4ab91ccf Merge pull request #1915 from JacobBarthelmeh/Testing
fix side init for set connect/accept functions
2018-11-07 09:24:44 -08:00
toddouska 24e2a2b228 Merge pull request #1912 from dgarske/fix_BN_bn2hex
Fixes for compatibility function `BN_bn2hex`
2018-11-07 08:35:15 -08:00
toddouska 5d8f4351ff Merge pull request #1903 from dgarske/dhkeycheck
Speed improvements for DH public key prime checking
2018-11-06 16:35:27 -08:00
Jacob Barthelmeh 7a2a66743b fix side init for set connect/accept functions 2018-11-06 16:48:06 -07:00
toddouska 2c7ff56a3e Merge pull request #1907 from JacobBarthelmeh/Testing
infer and g++ build fixes
2018-11-06 08:48:28 -08:00
David Garske efb1efcc0d Fixes and additional tests for compatibility function BN_bn2hex. In the DEBUG_WOLFSSL case it was returning a (char*)"", which was trying to be free'd. We cannot return const char* here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since OPENSSL_free is used to free returned value. Fix to add room for null term. Added missing API unit test for BN_print_fp. Exposed these functions for OPENSSL_EXTRA. 2018-11-06 05:55:25 -08:00
Eric Blankenhorn d61ae3a02a Handle incomplete shutdown 2018-11-05 10:30:48 -06:00
John Safranek c1ca1f1b78 Remove DH prime check on selftest/fips builds. 2018-11-02 12:55:07 -07:00
John Safranek cfafbd9659 Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh(). 2018-11-02 11:01:39 -07:00
Jacob Barthelmeh a953a3141e infer and g++ build fixes 2018-11-01 09:59:35 -06:00
David Garske f6093e1e0d Fixes to remove DH prime checks for server side DH parameters. 2018-10-30 15:51:47 -07:00
Chris Conlon def7a91e70 fix CAVP selftest build errors 2018-10-30 16:35:45 -06:00
David Garske f4b0261ca7 Fix to not do prime test on DH key the server loaded. Now it will only do the prime test on the peer's provided public DH key using 8 miller rabbins. Refactored the fast math miller rabin function to reuse mp_int's, which improved peformance for mp_prime_is_prime_ex from 100ms to 80ms. Normal math mp_prime_is_prime_ex is ~40ms (as-is). Added test for wc_DhSetCheckKey. 2018-10-30 11:20:07 -07:00
toddouska ae07ba93ad Merge pull request #1894 from dgarske/pk_keysize
Fixes for key size detection when using PK callbacks
2018-10-26 09:46:10 -07:00
David Garske d21603334b Added build option USE_ECDSA_KEYSZ_HASH_ALGO to alter the hash algorithm selection for ecc_dsa_sa_algo. With this build option we try and choose a hash algorithm digest size that matches the ephemeral key size, if not found then will match on next highest. We've seen cases with some Windows based TLS client's where they do not properly support hashing a smaller ephemeral key with a larger hash digest size (such as P-256 key and SHA512 hash). 2018-10-25 09:19:35 -07:00