Rekeying#22
Merged
toddouska merged 17 commits intowolfSSL:masterfrom Oct 24, 2016
Merged
Conversation
Contributor
ejohnstown
commented
Oct 23, 2016
ejohnstown
commented
- Added rekeying during runtime, with a trigger function and highwater marks for number of bytes received and transmit.
- Added a key generation function for producing a new RSA key for server identity.
- Suggest updates from beta test.
1. Made default window size updatable at configure time. 2. Lowered the default highwater mark by 32k. 3. Removed a parameter name from a couple function protypes.
has processed at least half of its available space. By default, the receive window is 1MB, and the window size is increased every 512kB.
1. Add stub rekey trigger function. 2. Add new default highwater callback that calls the rekey trigger function. 3. Rename the highwater level as "mark" rather than "count". 4. Add a flag to call the highwater callback once, cleared when the txCount is cleared when sending new keys message to peer. 5. Add new state machine for key exchange. 6. Start massaging the accept state machine for new KEX machine. 7. Update some default sizes, and replace magic numbers with named constants. 8. Scale back the accept state machine to add in the KEX state machine. 9. Capture the client version string and the server's KEX init message for rekeying. 10. Add compiler flag to allow "none" as a user auth method.
1. Flushing out the keying state machine, taking it out of the accept state machine. 2. Changed the HandshakeInfo record to be something that can be recreated post-initial connection for rekeying. 3. Fixed the name of a previously unused size variable. 4. Moved some constants around.
1. Add the Trigger Rekeying function. 2. Fixing the keying state machine. 3. Modify echoserver for rekeying.
2. Parse the Channel Close message, and reply with a Channel Close.
wolfSSL not using cryptonly mode. 2. Send server version before expecting client version.
1. Bump version number. 2. Update readme. 3. Move the coding standard to a notes file.
Contributor
Author
|
This is a release candidate for v1.0.0. |
toddouska
reviewed
Oct 24, 2016
|
|
||
| uint32_t idSz; | ||
|
|
||
| wc_ShaUpdate(&ssh->handshake->hash, |
Contributor
Author
There was a problem hiding this comment.
I'll run through and fix the rest of those.
| wc_ShaUpdate(&ssh->handshake->hash, | ||
| ssh->clientId, ssh->clientIdSz); | ||
|
|
||
| idSz = (uint32_t)WSTRLEN(sshIdStr) - SSH_PROTO_EOL_SZ; |
Contributor
There was a problem hiding this comment.
What if strlen() result is less than SSH_PROTO_EOL_SZ?
Contributor
Author
There was a problem hiding this comment.
sshIdStr is a contant string.
client version string. 2. Shrink the receive buffer after reading the client version string. 3. Resize the buffer correctly when needed data is already in the input buffer and grab the remainder as expected.
with ConstantCompare().
toddouska
approved these changes
Oct 24, 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.