40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral
...
Added API's for getting pointer to loaded static ephemeral key
2021-04-23 15:54:46 -07:00
9c7ee3fa64
examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static().
2021-04-22 00:20:12 -05:00
0cf9bacf1b
WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.
2021-04-21 17:34:47 -05:00
660e64cdff
examples/server/server.c: clean up wolfsentry printfs.
2021-04-21 03:19:55 -05:00
cb976db02b
server.c: update for wolfSentry API changes.
2021-04-20 23:59:58 -05:00
6175e11156
server.c: update wolfsentry_init() usage (hpi pointer).
2021-04-20 23:59:58 -05:00
23d8df720e
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
2021-04-20 23:59:58 -05:00
2a05fcb59a
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-20 23:59:57 -05:00
1cbe696716
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-20 23:59:57 -05:00
734860f535
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-04-20 23:59:57 -05:00
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
70a3857ae8
Fragmentation for ServerKeyExchange and CeriticateVerify
...
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
e13c93d493
Added API's for getting pointer to load static ephemeral key.
2021-04-05 13:40:48 -07:00
f65e1f1f09
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
794cb5c7a9
TLS Session Ticket: default encryption callback
...
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
542e0d79ec
Jenkins Fixes
...
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
2021-02-02 12:06:11 +01:00
6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
...
Added support for AES GCM session ticket encryption
2021-01-25 15:00:03 -08:00
a84f1c813a
TLS Session Ticket: Option to disable for TLS 1.2 and below
...
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
2021-01-22 13:19:29 +10:00
a3cbcf255f
Fix from review
2021-01-20 11:34:02 -06:00
219cbd47eb
Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511.
2021-01-19 07:53:36 -08:00
50843b22cd
Check method for NULL
2021-01-18 16:18:49 -06:00
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr
...
Fixes for TLS sniffer with v1.3 (HRR and Certs)
2020-11-18 16:07:11 -08:00
9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim
...
Add an option to the example client to simulate WANT_WRITE errors.
2020-11-18 15:54:09 -08:00
9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names
...
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
2020-11-18 15:52:52 -08:00
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
2fc594d319
Modify example server to be resilient to WANT_WRITE errors.
2020-11-13 10:33:10 -06:00
e996a7d15b
Scan-Build Fixes
...
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.
To recreate:
$ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
$ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
71d9f1e9bd
Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral.
2020-11-12 08:59:11 -08:00
7850d71ccb
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:47:47 -06:00
fda84576b0
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-28 17:28:05 -05:00
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
b918e1fd4c
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-28 17:28:05 -05:00
7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr
...
(D)TLS non-blocking SCR with example
2020-10-20 13:45:19 -07:00
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
a7fdfbaf40
Passing scr-app-data in to -i to client sends a message during SCR
...
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-10-06 17:28:23 +02:00
10bf7a2086
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-23 18:32:16 -05:00
4ed3438be0
TLS 1.3: Post-handshake Authentication and resumption secret
...
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
2020-09-23 17:09:06 +10:00
a65ffe15bc
Implement non-blocking SCR on server side
2020-09-09 21:41:20 +02:00
605b274442
Jenkins fixes
2020-08-28 12:04:11 +02:00
52df9d6c69
TLS and DTLS both need to support APP DATA during SCR
...
Also some misc fixes
2020-08-27 21:13:19 +02:00
8b934624f5
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP
2020-07-30 09:47:48 -06:00
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
839044d9e1
1. Remove dead assignment from client test.
...
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
4e637ddf10
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
fbe0c8cba7
Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
...
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
...
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
173b9833fc
fixes for edge build cases and static memory
2020-07-14 09:07:23 -06:00
26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK
...
cleanup GET messages
2020-06-25 10:22:09 -06:00
667d9ca896
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
03c5359fcd
Add session resumption testing for DTLS
2020-06-18 14:18:02 +02:00
7b604ad714
WIP
2020-06-12 11:36:43 +02:00
fb5c9e5268
Adjust static memory case with TLS v1.3 enabled.
2020-06-05 11:11:23 -07:00
dffc677561
Fix for TLS v1.3 with `--enable-sniffer`.
2020-06-04 16:42:40 -07:00
1d01b87741
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
3b63e55a68
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-06-04 15:31:18 -07:00
923fc30043
Change to memcpy
2020-06-03 17:36:40 -06:00
8c3f7a77ca
cleanup GET messages
2020-06-03 16:53:36 -06:00
cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
...
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
411aee6e05
Fixes from cppcheck
...
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
65cf5a0d46
Merge pull request #2802 from embhorn/zd9764
...
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
3f7ce61dbd
Updates from review
2020-04-01 11:14:25 -05:00
8cccb9008b
Change to work for other TLS versions
...
Send alert when client doesn't send a certificate on request.
2020-03-02 08:50:57 +10:00
6334dd9cb0
Allow mutual authentication to be required for TLS 1.3
2020-03-02 08:50:57 +10:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
41d3ba0efa
Tests and examples for bidirectional shutdown
2020-02-17 16:47:47 -06:00
b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows
...
change public Timeval to WOLFSSL_TIMEVAL
2020-02-13 09:38:42 -08:00
3c077a3cef
add NO_OLD_TIMEVAL_NAME macro for backwards compatibility
2020-02-07 11:56:30 -07:00
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
a9e9120fa0
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
37cad6e9ba
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
deac82c8ed
Merge pull request #2683 from dgarske/various_items
...
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
22f0b145d3
Various cleanups and fixes:
...
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
5ce88b5086
seperate sanity checks on size and rnd allocation
2019-11-07 13:12:17 -07:00
ad192786b1
Remove double assignment to pt caught by scan-build test
2019-11-07 11:35:36 -07:00
e24059691c
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
9d05e9c0b7
Fixes for minor nightly build tests.
2019-09-25 11:07:32 -07:00
b7c08988dc
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list.
...
Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`.
```
./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem &
./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem
```
2019-09-16 14:47:55 -07:00
24e98dd05e
Add support for Encrypt-Then-MAC to TLS 1.2 and below
...
An extension is used to indicate that ETM is to be used.
Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-29 09:00:30 +10:00
b4673344c0
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-08-02 05:50:00 -07:00
373bbf6660
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
364bf50a94
Fixed example server to not try and write on failure.
2019-04-11 11:30:41 -07:00
fbfd7a4dea
Release Fixes
...
1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test.
2. Fix the content length in the sample HTTP used by the example server.
3. Disable OCSP stapling in the example server if RSA is disabled.
4. Fix a variable in asn.c that was declared in the middle of its scope.
5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 11:01:24 -07:00
246c444b93
Updates for v4.0.0
...
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
27ea9d9bce
Configure Fixes
...
1. The combination enable-all and disable-rsa breaks some of the
testing. Added the NO_RSA guards as appropriate.
2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they
use test certificates with RSA keys.
2019-03-13 17:54:33 -07:00
201c85478e
Move the -5 option text into the localization array and add a Japanese translation.
2019-03-11 12:42:13 -07:00
a1ed8e7a67
Fix a fall-through bug in the server options parsing around a new
...
option.
2019-03-11 12:36:58 -07:00
toddouska
Daniel Pouzzner
Juliusz Sosinowicz
David Garske
Hideki Miyazaki
Jacob Barthelmeh
Sean Parkinson
Eric Blankenhorn
Hayden Roche
John Safranek
Kaleb Himes
Takashi Kojo
Chris Conlon