Commit Graph

1798 Commits

Author SHA1 Message Date
Sean Parkinson 76a35f2a77 TLS 1.3: Client with no certificate an error with define
WOLFSSL_NO_CLIENT_CERT_ERROR
2020-07-27 09:54:51 +10:00
toddouska e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
David Garske 38cef2b3c9 Merge pull request #3151 from ejohnstown/dtls-size
DTLS Size Fix
2020-07-24 08:19:50 -07:00
John Safranek 839044d9e1 1. Remove dead assignment from client test.
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
toddouska e198f6e73b Merge pull request #3141 from SparkiDev/tls_cert_alert
Send more detail alerts for bad certificates
2020-07-22 16:46:14 -07:00
toddouska d75e6d4f55 Merge pull request #3131 from JacobBarthelmeh/Testing
add sanity check on padSz
2020-07-22 16:39:27 -07:00
Sean Parkinson c45e192581 Send more detail alerts for bad certificates 2020-07-22 00:07:23 +10:00
John Safranek 5d5aa129ca When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602) 2020-07-20 16:14:53 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support:
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
toddouska 9137794cb4 Merge pull request #3105 from embhorn/zd10457_a
Adding wolfSSL_X509_check_ip_asc
2020-07-16 10:53:27 -07:00
toddouska fbe0c8cba7 Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
toddouska 925e9d9213 Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
Eric Blankenhorn 525a3cb9c3 Move API out of OPENSSL_EXTRA 2020-07-15 10:48:11 -05:00
Eric Blankenhorn d1a82589f9 Adding wolfSSL_X509_check_ip_asc 2020-07-15 10:48:11 -05:00
Jacob Barthelmeh 173b9833fc fixes for edge build cases and static memory 2020-07-14 09:07:23 -06:00
Jacob Barthelmeh 85437e4097 add sanity check on padSz 2020-07-13 17:17:57 -06:00
Jacob Barthelmeh 63c8f7d1b1 x509 small build and memory free 2020-07-13 15:51:27 -06:00
Jacob Barthelmeh d880d59974 fix for init of renegotiation and fix for compiler warnings 2020-07-13 00:31:40 -06:00
Jacob Barthelmeh 2aaeb2a2df fix X509 multiple OU's and refactor 2020-07-10 17:12:20 -06:00
Tesfa Mael 890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
toddouska 2c11f96c9d Merge pull request #3048 from embhorn/zd10216
Override CRL error for NO_VERIFY
2020-06-29 15:35:53 -07:00
Eric Blankenhorn ec755f8dd9 Override CRL error for NO_VERIFY 2020-06-23 18:09:03 -05:00
toddouska 93bd0dbfe1 Merge pull request #2980 from dgarske/psoc6
Fix for `WOLFSSL_ALT_CERT_CHAINS` with long chain
2020-06-22 13:36:35 -07:00
JacobBarthelmeh 22d6774966 Merge pull request #2909 from SKlimaRA/SKlimaRA/crl-and-pkcb
ParseCrl fix, GetPrivateKeySigSize moved from client only section and Coverity fixes.
2020-06-19 10:51:50 -06:00
David Garske 0ef5a3d00e Fix for WOLFSSL_ALT_CERT_CHAINS incorrectly failing on success case. 2020-06-18 08:33:59 -07:00
David Garske 21e0f863b9 Fix for NO_WOLFSSL_SERVER typo. 2020-06-18 08:33:58 -07:00
Juliusz Sosinowicz b590e06f42 DTLS fixes
- `SendFinished` resetting`dtls_expected_peer_handshake_number` should depend on side and if we are resuming a connection
- No need to do a cookie exchange on session resumption
2020-06-18 12:13:52 +02:00
David Garske 3fb432cef8 Fix for building async without DTLS. 2020-06-17 11:20:08 -07:00
Juliusz Sosinowicz 90caeaf925 Alert level must be cleared or ProcessReply will loop indefinitely 2020-06-16 23:21:54 +02:00
Unknown cab8dd3731 Ignore duplicate or out of order CCS message
Init variables since compiler complains they might be used without initialization.
2020-06-12 12:27:48 +02:00
Juliusz Sosinowicz ac028e551d Code Review 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 69802ed1a9 Missing ssl->heap in FreeBuildMsgArgs 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 3980d6117d Fix Jenkins 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 01b446f469 Fix SessionTicket length in unencrypted case 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz f2d2dadc89 ASYNC: Fix issues with TLS and DTLS 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz eb7a49a1d7 ASYNC: Working TLS SCR 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz a7c4d88876 ASYNC: Working AES128-SHA 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 7b604ad714 WIP 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 73105305cf WIP 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz a107688891 Fix asynchronous DTLS issue 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz d88f6f1156 DTLS test cases 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 4e60e4b3b7 DTLS Message Grouping
Flush output buffer when we suspect that the grouped messages may exceed MTU.
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz c2ca9f614e Jenkins tests fixes 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz eb910a64d0 Comments and formatting 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 651a7a97b9 Add secure renegotiation to DTLS 1.2
- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and  `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
2020-06-12 11:36:43 +02:00
toddouska 29bdc7d8b5 Merge pull request #3015 from tmael/cov-fix
Coverity fix in wolfSSL 4.4.0
2020-06-10 17:07:47 -07:00
toddouska e993cb6cc0 Merge pull request #2942 from dgarske/tls13_on
Enable TLS v1.3 by default
2020-06-09 13:30:02 -07:00
David Garske 8791573dfe Fix for building with NO_PUBLIC_GCM_SET_IV when ChaCha20/Poly1305 is enabled. Cleanup use of not used STD_PERI_LIB. 2020-06-08 08:37:54 -07:00
David Garske d4fdd1e590 Fix for TLS v1.3 test PSK callback to support cipher list. Add support for GetCipherSuiteFromName to accept a name ending with colon. 2020-06-04 15:31:18 -07:00
David Garske 8823a581d0 Add PSK user context support (Fixes #2952.). 2020-06-04 15:31:18 -07:00