Jacob Barthelmeh
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
toddouska
335865a5b2
Merge pull request #447 from ejohnstown/dtls-retx
...
DTLS Retransmit Fix
2016-06-20 15:46:55 -07:00
toddouska
79e2af8c15
Merge pull request #445 from ejohnstown/dtls-alert
...
DTLS bad MAC alert
2016-06-20 15:36:18 -07:00
toddouska
a859cf189d
Merge pull request #443 from ejohnstown/new-ccm-suite
...
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
David Garske
eb1d8d5df6
Fix for NID names on NIST prime 192 and 256 curves. Cleanup of the memcpy/memset in .i files to use portable names.
2016-06-17 15:59:25 -07:00
John Safranek
8f3c56c03f
Fix where the last flight was getting retransmit on timeout notification.
2016-06-15 18:44:25 -07:00
David Garske
5703e5eadb
ECC changes to support custom curves. Added new "WOLFSSL_CUSTOM_CURVES" option to support non-standard ECC curves in ecc_is_point and ecc_projective_dbl_point. Refactor to load and pass curve "a" parameter down through ECC functions. Relocated mp_submod and added mp_addmod. Refactor to pass mp variable directly (not pointer) for montgomery variable. Fix in mp_jacobi to also handle case of a == 0. Cleanup of *_ecc_mulmod and wc_ecc_make_key_ex error handling. Cleanup of ecc_map for handling normal, fast and alt_ecc math for optimization of performance and allowing reduced ecc_size.
2016-06-15 08:41:51 -07:00
David Garske
bb17bac018
Updated the naming for the ECC curve sets. Additional comments for each curve parameter.
2016-06-14 16:56:22 -07:00
John Safranek
35f43f9216
In DTLS, if a mac or decrypt error is detected, just drop the datagram and don't send an alert
2016-06-14 14:36:08 -07:00
John Safranek
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
toddouska
a156cedabc
Merge pull request #435 from JacobBarthelmeh/staticmemory
...
Staticmemory
2016-06-10 17:03:49 -07:00
Jacob Barthelmeh
707714dd38
threaded fixes with static memory
2016-06-10 15:35:02 -06:00
Jacob Barthelmeh
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
Chris Conlon
cbefaef6bc
Merge pull request #440 from toddouska/output-size
...
Output size
2016-06-10 11:33:31 -06:00
Jacob Barthelmeh
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
toddouska
6551c9fcab
add getter for max output size
2016-06-09 14:51:07 -07:00
Jacob Barthelmeh
7943f68f2a
run allocation tool on ocsp and check for mallocs
2016-06-09 12:03:28 -06:00
Jacob Barthelmeh
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
664d2190ba
session ticket extension fix with static memory heap hint
2016-06-08 10:50:20 -06:00
toddouska
a2d7ba0dd9
add output size getter
2016-06-08 09:32:34 -07:00
Jacob Barthelmeh
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
toddouska
c48db891d1
Merge pull request #433 from ejohnstown/aes-cmac
...
Aes cmac
2016-06-07 16:48:46 -07:00
Jacob Barthelmeh
738373038b
clean up staticmemory with crl
2016-06-06 17:50:54 -06:00
Jacob Barthelmeh
e1edadafe1
ocsp with static memory, remove unused function
2016-06-06 16:19:33 -06:00
Jacob Barthelmeh
db90594909
adjust pointer cast, ssl rng with fips and unused param
2016-06-06 14:32:49 -06:00
dgarske
a25df5b78e
Merge pull request #434 from toddouska/crlbuffer
...
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-06 09:01:25 -07:00
toddouska
38d5480256
Merge pull request #432 from JacobBarthelmeh/DTLS-MultiCore
...
import / export of peer connection information
2016-06-06 08:51:24 -07:00
Jacob Barthelmeh
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
toddouska
3f205d19f4
add wolfSSL and wolfSSL_CTX LoadCRLBuffer()
2016-06-03 15:13:16 -07:00
Jacob Barthelmeh
046b987324
callbacks for setting and getting peer ip/port/family
2016-06-02 09:23:12 -06:00
Kaleb Himes
5be916e336
Merge pull request #403 from ejohnstown/dtls-fix
...
when dropping a DTLS message, drop the whole datagram
2016-05-30 17:26:25 -06:00
Jacob Barthelmeh
73328ac4bc
import / export of peer connection information
2016-05-26 16:26:08 -06:00
toddouska
a4fa4d5253
Merge pull request #431 from JacobBarthelmeh/master
...
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-26 14:46:58 -07:00
John Safranek
1b9b7f52c9
1. Reformat a couple of #ifdefs around if(dtls) checks.
...
2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case.
3. DtlsCheckWindow only allows current epoch and last epoch.
4. ProcessReply only retransmits flight on a CCS out of sequence when
still retaining the handshake data.
2016-05-25 15:44:06 -07:00
Jacob Barthelmeh
5e1f06ce52
sanity checks on wolfSSL_dtls_get_peer arguments
2016-05-25 10:57:00 -06:00
toddouska
669cdfc357
fix dynamic type session ticket typos
2016-05-25 09:47:54 -07:00
John Safranek
b3d068dc40
Merge pull request #418 from toddouska/dyntickets
...
Dyntickets
2016-05-24 11:00:14 -07:00
John Safranek
c0cbc97b06
add AES-CMAC
2016-05-23 17:50:36 -07:00
John Safranek
7c93912f1d
reject messages that are too far from the future
2016-05-22 16:10:47 -07:00
Jacob Barthelmeh
1b278edfd0
fix unused functions, make WOLFSSL first parameter, add comments
2016-05-16 23:48:26 -06:00
Jacob Barthelmeh
c8576566cc
add public wolfSSL_dtls_export and api tests
2016-05-14 12:49:09 -06:00
toddouska
185e60ad19
based on pr#316; turns isDynamic ticket off on some failure cases, move an XFREE out of a Lock that isn't required
2016-05-13 14:11:46 -07:00
toddouska
1ea01a7ad8
Merge branch 'master' of https://github.com/NickolasLapp/wolfssl into dyntickets
2016-05-13 09:07:55 -07:00
Jacob Barthelmeh
3897f78073
truncated hmac export and sanity checks
2016-05-13 09:11:38 -06:00
Jacob Barthelmeh
8d66ba2923
refactor export/import of cipher specs struct
2016-05-12 10:06:15 -06:00
Jacob Barthelmeh
fbf39a761a
refactor export/import of key struct
2016-05-12 09:23:38 -06:00
Jacob Barthelmeh
f9ce2f2677
verify cipher suite is valid on import
2016-05-12 09:09:07 -06:00
Jacob Barthelmeh
8c45cb1938
add DTLS session export option
2016-05-10 13:27:45 -06:00
Nickolas Lapp
ecba5161ac
default copyInto static instead of dynamic
2016-05-06 13:15:21 -06:00
Jacob Barthelmeh
197672d4fc
define KEEP_OUR_CERT to set keeping ssl certificate
2016-05-04 09:05:11 -06:00