Commit Graph

1660 Commits

Author SHA1 Message Date
Jacob Barthelmeh 0b91e000bb fix secure renegotiation build 2016-06-23 13:10:39 -06:00
toddouska 335865a5b2 Merge pull request #447 from ejohnstown/dtls-retx
DTLS Retransmit Fix
2016-06-20 15:46:55 -07:00
toddouska 79e2af8c15 Merge pull request #445 from ejohnstown/dtls-alert
DTLS bad MAC alert
2016-06-20 15:36:18 -07:00
toddouska a859cf189d Merge pull request #443 from ejohnstown/new-ccm-suite
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
David Garske eb1d8d5df6 Fix for NID names on NIST prime 192 and 256 curves. Cleanup of the memcpy/memset in .i files to use portable names. 2016-06-17 15:59:25 -07:00
John Safranek 8f3c56c03f Fix where the last flight was getting retransmit on timeout notification. 2016-06-15 18:44:25 -07:00
David Garske 5703e5eadb ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size. 2016-06-15 08:41:51 -07:00
David Garske bb17bac018 Updated the naming for the ECC curve sets. Additional comments for each curve parameter. 2016-06-14 16:56:22 -07:00
John Safranek 35f43f9216 In DTLS, if a mac or decrypt error is detected, just drop the datagram and don't send an alert 2016-06-14 14:36:08 -07:00
John Safranek 2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
toddouska a156cedabc Merge pull request #435 from JacobBarthelmeh/staticmemory
Staticmemory
2016-06-10 17:03:49 -07:00
Jacob Barthelmeh 707714dd38 threaded fixes with static memory 2016-06-10 15:35:02 -06:00
Jacob Barthelmeh 3d3591a227 typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set 2016-06-10 14:13:27 -06:00
Chris Conlon cbefaef6bc Merge pull request #440 from toddouska/output-size
Output size
2016-06-10 11:33:31 -06:00
Jacob Barthelmeh ea3d1f8e17 extended method function 2016-06-09 23:41:51 -06:00
toddouska 6551c9fcab add getter for max output size 2016-06-09 14:51:07 -07:00
Jacob Barthelmeh 7943f68f2a run allocation tool on ocsp and check for mallocs 2016-06-09 12:03:28 -06:00
Jacob Barthelmeh 8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh 664d2190ba session ticket extension fix with static memory heap hint 2016-06-08 10:50:20 -06:00
toddouska a2d7ba0dd9 add output size getter 2016-06-08 09:32:34 -07:00
Jacob Barthelmeh e214086dce tlsx with static memory / account for session certs size 2016-06-08 09:18:43 -06:00
toddouska c48db891d1 Merge pull request #433 from ejohnstown/aes-cmac
Aes cmac
2016-06-07 16:48:46 -07:00
Jacob Barthelmeh 738373038b clean up staticmemory with crl 2016-06-06 17:50:54 -06:00
Jacob Barthelmeh e1edadafe1 ocsp with static memory, remove unused function 2016-06-06 16:19:33 -06:00
Jacob Barthelmeh db90594909 adjust pointer cast, ssl rng with fips and unused param 2016-06-06 14:32:49 -06:00
dgarske a25df5b78e Merge pull request #434 from toddouska/crlbuffer
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-06 09:01:25 -07:00
toddouska 38d5480256 Merge pull request #432 from JacobBarthelmeh/DTLS-MultiCore
import / export of peer connection information
2016-06-06 08:51:24 -07:00
Jacob Barthelmeh 2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
toddouska 3f205d19f4 add wolfSSL and wolfSSL_CTX LoadCRLBuffer() 2016-06-03 15:13:16 -07:00
Jacob Barthelmeh 046b987324 callbacks for setting and getting peer ip/port/family 2016-06-02 09:23:12 -06:00
Kaleb Himes 5be916e336 Merge pull request #403 from ejohnstown/dtls-fix
when dropping a DTLS message, drop the whole datagram
2016-05-30 17:26:25 -06:00
Jacob Barthelmeh 73328ac4bc import / export of peer connection information 2016-05-26 16:26:08 -06:00
toddouska a4fa4d5253 Merge pull request #431 from JacobBarthelmeh/master
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-26 14:46:58 -07:00
John Safranek 1b9b7f52c9 1. Reformat a couple of #ifdefs around if(dtls) checks.
2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case.
3. DtlsCheckWindow only allows current epoch and last epoch.
4. ProcessReply only retransmits flight on a CCS out of sequence when
   still retaining the handshake data.
2016-05-25 15:44:06 -07:00
Jacob Barthelmeh 5e1f06ce52 sanity checks on wolfSSL_dtls_get_peer arguments 2016-05-25 10:57:00 -06:00
toddouska 669cdfc357 fix dynamic type session ticket typos 2016-05-25 09:47:54 -07:00
John Safranek b3d068dc40 Merge pull request #418 from toddouska/dyntickets
Dyntickets
2016-05-24 11:00:14 -07:00
John Safranek c0cbc97b06 add AES-CMAC 2016-05-23 17:50:36 -07:00
John Safranek 7c93912f1d reject messages that are too far from the future 2016-05-22 16:10:47 -07:00
Jacob Barthelmeh 1b278edfd0 fix unused functions, make WOLFSSL first parameter, add comments 2016-05-16 23:48:26 -06:00
Jacob Barthelmeh c8576566cc add public wolfSSL_dtls_export and api tests 2016-05-14 12:49:09 -06:00
toddouska 185e60ad19 based on pr#316; turns isDynamic ticket off on some failure cases, move an XFREE out of a Lock that isn't required 2016-05-13 14:11:46 -07:00
toddouska 1ea01a7ad8 Merge branch 'master' of https://github.com/NickolasLapp/wolfssl into dyntickets 2016-05-13 09:07:55 -07:00
Jacob Barthelmeh 3897f78073 truncated hmac export and sanity checks 2016-05-13 09:11:38 -06:00
Jacob Barthelmeh 8d66ba2923 refactor export/import of cipher specs struct 2016-05-12 10:06:15 -06:00
Jacob Barthelmeh fbf39a761a refactor export/import of key struct 2016-05-12 09:23:38 -06:00
Jacob Barthelmeh f9ce2f2677 verify cipher suite is valid on import 2016-05-12 09:09:07 -06:00
Jacob Barthelmeh 8c45cb1938 add DTLS session export option 2016-05-10 13:27:45 -06:00
Nickolas Lapp ecba5161ac default copyInto static instead of dynamic 2016-05-06 13:15:21 -06:00
Jacob Barthelmeh 197672d4fc define KEEP_OUR_CERT to set keeping ssl certificate 2016-05-04 09:05:11 -06:00