wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 22:49:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,669 Commits 12 Branches 184 Tags
WCv5.2.3-RSA-SWITCH
Commit Graph

840 Commits

Author SHA1 Message Date
David Garske
67b87a8883 Merge pull request #4127 from douzzer/wolfsentry-client 
outbound connection filtering and wolfSentry integration
 2021-06-22 07:27:18 -07:00
David Garske
716237c5dd Fix minor line length and spelling. 2021-06-21 15:09:39 -07:00
Daniel Pouzzner
8c75553e08 wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros. 2021-06-17 20:05:40 -05:00
Daniel Pouzzner
93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. 
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
 2021-06-17 20:05:40 -05:00
David Garske
9181c949ae Added static ciphers and sniffer. Fixed spelling. 2021-06-17 15:19:45 -07:00
David Garske
ffb9a8b440 Improve the user_settings_template to incude Windows. Added STM32 configuration example. 2021-06-17 15:19:45 -07:00
David Garske
8b14bf2951 Additional user_settings.h examples. 2021-06-17 15:19:45 -07:00
Sean Parkinson
12c358bc30 Merge pull request #3979 from dgarske/tls13_async 
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
 2021-06-15 10:02:19 +10:00
David Garske
77df7d8630 Merge pull request #3968 from elms/pedantic_cleanup 
Fixes for some `-pedantic` errors
 2021-06-14 13:46:39 -07:00
David Garske
5e6b8e50c8 Fix to set groups for client benchmark test. 2021-06-11 14:12:15 -07:00
David Garske
2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement 
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
 2021-06-11 14:12:12 -07:00
Sean Parkinson
7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske
c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
Sean Parkinson
9580574382 Merge pull request #3999 from dgarske/user_io 
Fixes for building with `WOLFSSL_USER_IO`
 2021-06-09 08:55:36 +10:00
Elms
5c01613acb Add GCC extension to bypass select -pedantic warnings 
Add wrapper macro for `__extension__` to suppress pedantic warnings
 2021-06-07 15:38:15 -07:00
Sean Parkinson
2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Elms
82981e9305 make: fix timing error when switching between revisions 
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
 2021-05-18 09:43:29 -07:00
David Garske
c88afdef87 Fixes for building with WOLFSSL_USER_IO (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
toddouska
014bd21df0 Merge pull request #3983 from tmael/tls_down 
TLS minimum downgrade option
 2021-05-05 15:38:45 -07:00
Hideki Miyazaki
0e40293798 added psk session callback 2021-04-28 10:08:21 +09:00
toddouska
40fe746710 Merge pull request #3942 from dgarske/get_static_ephemeral 
Added API's for getting pointer to loaded static ephemeral key
 2021-04-23 15:54:46 -07:00
Tesfa Mael
0c16ef4b29 Check for TLS downgrade 2021-04-23 14:45:35 -07:00
Daniel Pouzzner
9c7ee3fa64 examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static(). 2021-04-22 00:20:12 -05:00
Daniel Pouzzner
0cf9bacf1b WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths. 2021-04-21 17:34:47 -05:00
Daniel Pouzzner
660e64cdff examples/server/server.c: clean up wolfsentry printfs. 2021-04-21 03:19:55 -05:00
Daniel Pouzzner
cb976db02b server.c: update for wolfSentry API changes. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
6175e11156 server.c: update wolfsentry_init() usage (hpi pointer). 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a examples/server: fix wolfSentry integration to handle DTLS correctly. 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz
70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske
e13c93d493 Added API's for getting pointer to load static ephemeral key. 2021-04-05 13:40:48 -07:00
David Garske
a22defec50 Fix for availability of wolfSSL_SESSION_print. 2021-03-26 15:39:55 -07:00
David Garske
95ff75c43d Fix for wolfSSL_SESSION_print 2021-03-26 13:41:11 -07:00
David Garske
f65e1f1f09 Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined. 2021-03-26 13:23:00 -07:00
JacobBarthelmeh
13d81f1fb9 Merge pull request #3902 from dgarske/snicb 
Fix for SNI recv callback
 2021-03-24 15:34:35 +07:00
David Garske
9313d59479 Fix for SNI callback 
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
 2021-03-22 11:28:16 -07:00
Hideki Miyazaki
4650aaf4fb addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki
b4a573ca98 Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh
c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Eric Blankenhorn
5e953d5968 Typo in client example 2021-03-08 17:31:12 -06:00
Hideki Miyazaki
9bae05525c addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki
141d07e21b addressed pre-review comments 2021-03-05 08:19:16 +09:00
Hideki Miyazaki
e39477c531 initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
John Safranek
e9cdcf5bac Merge pull request #3764 from embhorn/zd11668 
Fix typo
 2021-02-22 14:12:12 -08:00
Eric Blankenhorn
2c2bdca200 Fix typo 2021-02-11 12:27:43 -06:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00