927f4c445d
additional sanity checks on debug callback
2022-10-11 13:14:59 -07:00
005f77180b
PSK only TLS: fix ENCRYPT_LEN
...
Allow no PK algorithms and TLS to build and test.
Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00
08b89fbef9
server: add optional argument to -J disable hrr cookie
2022-09-01 09:37:35 +02:00
565d1b33e5
Update examples to allow post quantum KEM within DTLS 1.3
2022-08-30 18:39:57 +12:00
a0448155d5
Fix for type warnings in example for DTLS CID `./configure --enable-dtls --enable-dtlscid --enable-dtls13`.
2022-08-24 16:02:05 -07:00
90fcd95f9b
server/client: add --cid option to use ConnectionID extension
2022-08-23 16:58:24 +02:00
3d8562f07b
Fixes for build and runtime issues
2022-08-19 08:12:04 -05:00
969ad96dee
examples/{client,server}/{client,server}.c: remove spurious commas in --pqc help strings, and mollify clang-tidy bugprone-suspicious-missing-comma re --force-curve help strings. ( #5480 )
2022-08-18 13:32:58 -04:00
aa812c8aa9
Added support for P384 pre-share in server ( #5442 )
...
Added support for new server `--force-curve` option.
2022-08-17 15:30:48 -07:00
995100eed1
Fix for handling `WC_PENDING_E` from decrypt session ticket callback. ZD14420
2022-08-10 22:20:49 -07:00
8605195709
Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420.
2022-07-20 16:43:17 -07:00
8eaa85e412
update copyright year to 2022
2022-07-19 10:44:31 -06:00
fd4836772b
examples: support DTLS version downgrading
2022-07-06 16:18:44 +02:00
80f3db6e1d
fix: examples/server: dtls mode checking
...
This fixes using ssl to check if we are using dtls or not, when ssl is not yet
valid.
Fix: 060dfe1a69
2022-07-04 10:21:11 +02:00
b87b255d52
Merge pull request #5295 from rizlik/dtls13_bugfix
...
server: fix wrong minVersion setting when non in dtls
2022-06-28 09:35:23 -07:00
14c65e0117
Merge pull request #5281 from miyazakh/example_japanese_translate
2022-06-28 10:08:06 -06:00
060dfe1a69
server: fix wrong minVersion setting when non in dtls
2022-06-28 12:10:18 +02:00
c34c32f621
translated Japanese messages
2022-06-24 08:09:28 +09:00
a5250482ce
examples/: refactor a couple help strings to avoid hitting clang-tidy bugprone-suspicious-missing-comma.
2022-06-23 15:25:23 -05:00
fdc4cdf5ec
examples: update usage() with DTLSv1.3 version
2022-06-22 18:50:18 +02:00
12a3efeca8
client/server: tolerate WANT_WRITE errors
2022-06-15 10:46:43 -07:00
4e112419f5
examples: client/server: support DTLSv1.3 (-u -v4)
...
This commits add some new options to examples/[server,client] to support testing
of DTLS v1.3.
client: add waitTicket option
If this option is used, the client will wait until it receives a sessionTicket
from the server. This is useful when testing DTLS retransmission.
client: add waitKeyUpdate option
When this option is set, the client waits until the UpdateKey message is
acknowledged by the server. This is useful to test DTLS retransmission logic
2022-06-15 10:46:43 -07:00
c1dc90d9b0
server: request cert only once if doing post-handshake auth
2022-06-15 10:46:43 -07:00
9cfcdfc7aa
Merge pull request #5149 from julek-wolfssl/store-frags-v2
...
Re-use async to support WANT_WRITE while sending fragments
2022-06-01 10:52:54 -07:00
be743b2204
TLS 1.3: send ticket
...
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
2022-06-01 10:36:01 +10:00
6245395f34
Simulate WANT_WRITE only with async I/O support
2022-05-27 23:23:18 +02:00
50c0b3d2a2
Add testing/docs for blocking write
...
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:55 +02:00
c4920021d8
print errors to stderr, not stdout;
...
fix whitespace in internal.c;
add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
44be4e1cc8
Reset ret in client and server after wolfSSL_dtls_got_timeout()
...
- Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets
- Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
2022-05-12 16:48:04 +02:00
9914da3046
Fix resumption failure and use range in connect state logic
2022-05-12 15:46:08 +02:00
a31b76878f
DTLS fixes with WANT_WRITE simulations
...
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
2022-05-12 15:46:08 +02:00
798d81723b
Merge pull request #5128 from rizlik/dtls_bidrectional_shutdown
...
Support DTLS bidirectional shutdown in the examples
2022-05-11 17:00:44 -07:00
257c55a311
examples: allow bidirectional shutdown in UDP
...
This commit allows the examples to perform a bidirectional shutdown also when
using UDP. It is useful to test DTLS retransmission.
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
2022-05-11 13:27:24 +02:00
26673a0f28
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp;
...
add macro XSTRCASECMP();
update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
d133fa6143
server: check that the first packet of udp connection is clientHello
...
Used to allow for bi-directional shutdown tests with UDP and DTLS
2022-05-09 13:45:27 +02:00
29392ac6b3
spell fix: OSCP -> OCSP
2022-04-19 15:11:08 -07:00
dd8fb41f66
Fixes for TLS v1.3 early data with async.
2022-03-11 14:03:46 -08:00
3839b0e675
Fixes for building wolfSSL along side openssl.
2022-03-04 12:06:24 -08:00
6dd7a289e7
Fix for "set but not used".
2022-02-24 13:43:56 -08:00
ceff401269
Fixes for Jenkins tests
...
- Move test to `HAVE_IO_TESTS_DEPENDENCIES`
- Implement `wolfSSL_trust_peer_cert`
- have{cipher} options weren't being set with only RSA enabled
2022-02-23 09:47:34 +01:00
6a56d3e131
jumbo patch of fixes for clang-tidy gripes (with some bug fixes).
...
defect/gripe statistics:
configured --enable-all --enable-sp-math-all --enable-intelasm
with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result
[note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]
pre-patch warning count per file, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c
clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c
readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c
readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c
readability-redundant-preprocessor 9 wolfssl/src/ssl.c
readability-redundant-preprocessor 2 wolfssl/src/tls13.c
readability-redundant-preprocessor 18 wolfssl/tests/api.c
readability-redundant-preprocessor 3 wolfssl/src/internal.c
readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c
readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c
readability-named-parameter 7 wolfssl/src/internal.c
readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c
readability-named-parameter 1 wolfssl/testsuite/testsuite.c
readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c
misc-no-recursion 3 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c
readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c
bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c
bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c
bugprone-signed-char-misuse 2 wolfssl/src/ssl.c
bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c
bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c
bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c
bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c
bugprone-macro-parentheses 1 wolfssl/src/tls.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c
bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c
bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c
bugprone-macro-parentheses 15 wolfssl/src/ssl.c
bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c
bugprone-macro-parentheses 8 wolfssl/tests/api.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c
bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c
bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c
bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c
bugprone-macro-parentheses 2 wolfssl/tests/suites.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c
pre-patch warning count summaries, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-suspicious-missing-comma 6
readability-redundant-preprocessor 45
readability-named-parameter 21
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-too-small-loop-variable 7
bugprone-signed-char-misuse 8
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
pre-patch warning count summaries, without suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-branch-clone 152
readability-non-const-parameter 118
bugprone-suspicious-missing-comma 6
bugprone-suspicious-include 52
readability-magic-numbers 22423
readability-redundant-preprocessor 45
readability-named-parameter 21
readability-function-cognitive-complexity 845
readability-else-after-return 398
bugprone-implicit-widening-of-multiplication-result 595
readability-function-size 21
readability-isolate-declaration 1090
misc-redundant-expression 2
bugprone-narrowing-conversions 994
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-reserved-identifier 56
readability-suspicious-call-argument 74
bugprone-too-small-loop-variable 7
bugprone-easily-swappable-parameters 437
bugprone-signed-char-misuse 8
readability-misleading-indentation 94
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
bugprone-suspicious-string-compare 495
readability-redundant-control-flow 20
readability-braces-around-statements 11483
clang-analyzer-valist.Uninitialized 1
clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-21 01:25:48 -06:00
231a0bbb84
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:12:04 +01:00
8e0ece920b
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:22:02 -08:00
86ba0ef643
tests: support test for SRTP
...
the test will check that the same Exported Keying Material is generated between
client and server
2022-01-19 13:35:29 +01:00
eade8ecdf1
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
6ccbd8776f
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-14 07:35:45 -08:00
7d4c13b9a4
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
...
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00
0b4f34d62a
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-08 17:35:05 -06:00
6d89de4f11
Check correct var for `server.c` echo return.
2021-11-05 16:10:17 +01:00
1d91ccb41b
remove exe bit on example.c and server.c
2021-10-29 13:12:43 -06:00
0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing
...
DTLS Sizing
2021-10-28 14:15:36 -07:00
adee6a86d1
Return the close notify error when expecting an error.
2021-10-28 20:53:58 +02:00
894303be59
Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent
...
- Add testing for sending as much app data as possible in a single DTLS record
2021-10-28 14:46:15 +02:00
c16f0db1b5
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-27 15:08:39 -07:00
976402e04b
RNG Update
...
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
2021-10-26 20:24:25 -05:00
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
5859779ddf
Check-in non-FIPS specific porting changes for OE22
...
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
2021-10-22 15:01:14 -06:00
f17187aad9
Fixes for static memory testing. Fix clang memory sanitizer warnings.
2021-10-21 16:33:57 -07:00
911d95e5e4
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
37a976b4bf
Fix example server to support option 7 (which exists). Fix static mem size required with session cert (matches client now).
2021-10-21 11:41:30 -07:00
f621a93081
more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes).
2021-10-18 21:46:09 -05:00
4084928d93
Slight changes to liboqs documentation in INSTALL and example client/server
2021-10-02 13:14:32 -06:00
33cb823148
Remove legacy NTRU and OQS ( #4418 )
...
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
13d4722678
Convert post-quantum algorithm group names
...
... from using parameter set names from the papers to NIST levels.
2021-09-17 13:28:34 -04:00
fb733b4662
Hybridizing the OQS groups with NIST ECC groups.
2021-09-10 13:12:12 -04:00
4a26b53dfc
Changes for ED25519 and `HAVE_SECRET_CALLBACK`
...
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:58:30 +02:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
9a438ce289
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-08-27 13:56:53 -04:00
70535f51d5
Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`.
2021-08-16 13:09:17 -07:00
0722fb56d8
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade
...
not include smaller versions than minimum downgrade
2021-07-01 21:00:20 +07:00
b0688688c1
addressed review comments
2021-06-30 13:52:46 +09:00
d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext
2021-06-25 14:51:34 +09:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
716237c5dd
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
8c75553e08
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
2021-06-17 20:05:40 -05:00
93dfb4c7f4
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
...
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
2e4e65f518
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
...
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
7e0c372e4c
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
...
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH
Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
c88afdef87
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral
...
Added API's for getting pointer to loaded static ephemeral key
2021-04-23 15:54:46 -07:00
9c7ee3fa64
examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static().
2021-04-22 00:20:12 -05:00
0cf9bacf1b
WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.
2021-04-21 17:34:47 -05:00
660e64cdff
examples/server/server.c: clean up wolfsentry printfs.
2021-04-21 03:19:55 -05:00
cb976db02b
server.c: update for wolfSentry API changes.
2021-04-20 23:59:58 -05:00
6175e11156
server.c: update wolfsentry_init() usage (hpi pointer).
2021-04-20 23:59:58 -05:00
23d8df720e
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
2021-04-20 23:59:58 -05:00
2a05fcb59a
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-20 23:59:57 -05:00
1cbe696716
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-20 23:59:57 -05:00
734860f535
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-04-20 23:59:57 -05:00
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
70a3857ae8
Fragmentation for ServerKeyExchange and CeriticateVerify
...
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
e13c93d493
Added API's for getting pointer to load static ephemeral key.
2021-04-05 13:40:48 -07:00
f65e1f1f09
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
JacobBarthelmeh
Sean Parkinson
Marco Oliverio
CallumMcLoughlin
David Garske
Eric Blankenhorn
Daniel Pouzzner
Peter Torelli
Chris Conlon
Hideki Miyazaki
Juliusz Sosinowicz
John Safranek
elms
Anthony Hu
kaleb-himes
Lealem Amedie
Anthony Hu
Kareem
toddouska