WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
7,498 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

231 Commits (0315b378f57c2fcde66eb2feac35168df2cc22cb)

Author SHA1 Message Date
toddouska 092916c253 Merge pull request #536 from ejohnstown/dtls-sctp 
DTLS over SCTP
 2016-08-30 13:09:40 -07:00
David Garske 2ecd80ce23 Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined. 2016-08-29 10:38:06 -07:00
John Safranek 46e92e0211 DTLS-SCTP example client and server 
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
 2016-08-26 19:58:36 -07:00
David Garske 17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
Jacob Barthelmeh e8f7d78fc4 add helper functions for choosing static buffer size 2016-07-21 12:11:15 -06:00
John Safranek 2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM 
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
 2016-06-13 14:39:41 -07:00
Jacob Barthelmeh 3d3591a227 typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set 2016-06-10 14:13:27 -06:00
Jacob Barthelmeh ea3d1f8e17 extended method function 2016-06-09 23:41:51 -06:00
Jacob Barthelmeh 8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh e214086dce tlsx with static memory / account for session certs size 2016-06-08 09:18:43 -06:00
Jacob Barthelmeh 2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
Jacob Barthelmeh 104ff12e76 add staticmemory feature 2016-06-04 19:01:23 -06:00
Chris Conlon 8f3e1165a1 add Whitewood netRandom client library support 2016-05-05 15:31:25 -06:00
Kaleb Himes b2af02a783 Merge pull request #383 from kojo1/MDK5 
fixes for MDK5 compiler
 2016-04-26 16:11:59 -06:00
Jacob Barthelmeh 77a9343973 use short for RSA min key size and check casts 2016-04-22 12:56:51 -06:00
Jacob Barthelmeh 1dac3841ca change type to short for comparision and up default min size 2016-04-20 15:44:45 -06:00
Jacob Barthelmeh 3129bb22cd minimum ECC key size check at TLS/SSL level 2016-04-19 15:50:25 -06:00
toddouska 117231c0e3 Merge pull request #387 from JacobBarthelmeh/RSA-min 
add check for min RSA key size at TLS/SSL level
 2016-04-19 13:57:26 -07:00
toddouska 0dbdc8eab0 Merge pull request #372 from dgarske/mingwfixes 
MinGW fixes
 2016-04-18 12:50:13 -07:00
Jacob Barthelmeh c9891567e8 add check for min RSA key size at TLS/SSL level 2016-04-14 13:35:49 -06:00
Takashi Kojo cab1ebf2d6 move MDK5 current_time to test.h 2016-04-14 18:47:16 +09:00
Takashi Kojo 35c5353698 fixed current_time argument 2016-04-14 16:26:51 +09:00
Takashi Kojo cfd5af341b fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler. 2016-04-12 11:05:30 +09:00
kaleb-himes 1b7cd5cb06 consolidate handling of dead assignment warnings 2016-04-11 13:39:44 -06:00
kaleb-himes c6e9021732 scan-build warnings related to enable-psk, disable-asn,rsa,ecc 2016-04-11 11:13:26 -06:00
David Garske 993972162e MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used. 2016-04-08 11:48:14 -06:00
Jacob Barthelmeh 85a9c55048 fix c89 build on windows 2016-04-06 11:16:40 -06:00
toddouska 63b1282e67 Merge pull request #335 from dgarske/asynccrypt 
Asynchronous crypto and wolf event support
 2016-03-30 20:12:41 -07:00
David Garske 4472152b18 Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files. 2016-03-30 15:15:38 -07:00
Jacob Barthelmeh 696169634e check return value of wolfSSL_set_fd 2016-03-25 13:59:04 -06:00
Jacob Barthelmeh e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
David Garske e1787fe160 Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo. 2016-03-17 13:31:03 -07:00
Jacob Barthelmeh aab44eb26b adjest example server PSK plus flag 2016-03-02 15:43:17 -07:00
Jacob Barthelmeh d969e2ba11 automated test for trusted peer certs 2016-03-02 11:42:00 -07:00
Jacob Barthelmeh 05d2cec7c1 addition to api tests and refactor location of trusted peer cert check 2016-03-02 11:35:03 -07:00
Jacob Barthelmeh 7df22ee210 Trusted peer certificate use 2016-03-02 11:22:34 -07:00
Jacob Barthelmeh ff7a9d9f78 option for fail on no peer cert except PSK suites 2016-02-10 13:26:03 -07:00
Moisés Guimarães ec9d23a9c3 Merge branch 'csr' 2015-12-28 19:38:04 -03:00
toddouska 2d33380abc Merge pull request #225 from JacobBarthelmeh/master 
help message to use NTRU key in example server
 2015-12-28 11:56:13 -08:00
John Safranek 92cb8eee61 revise the comments about port 0 use in the example client and server 2015-12-24 15:42:52 -08:00
John Safranek 4b836f8476 added note to client and server regarding port 0 2015-12-23 12:20:53 -08:00
toddouska 22385f2b39 add random ports for all make check scripts, unique ready file 2015-12-22 14:35:34 -08:00
Jacob Barthelmeh 0721b79282 help message to use NTRU key in example server 2015-12-22 11:51:26 -07:00
toddouska e503b89ca1 allow sniffer build with -v 0 examples to work 2015-12-17 12:10:22 -08:00
Takashi Kojo 4217ef5475 fixed mdk4 macro control in example server/client, echoserver/client 2015-11-27 11:31:12 +09:00
toddouska 32b2d7f9e4 have calling thread wait for crl monitor thread to setup for simpler cleanup 2015-11-23 14:15:12 -08:00
toddouska 806a2748bf Merge pull request #189 from lchristina26/master 
Updates for Wind River WORKBENCH/ VxWorks Compatibility
 2015-11-12 13:33:27 -08:00
lchristina26 db6920d372 updates for vxworks compatibility 2015-11-12 13:33:47 -07:00
Moisés Guimarães 21d70636dc Merge branch csr into 'master' 2015-11-02 15:51:01 -03:00
toddouska e76f95465d Merge pull request #170 from dgarske/master 
Fixes initialization of the Crypto HW protection, which could leak a …
 2015-10-29 13:56:18 -07:00
lchristina26 723fc3761b Example client/server compatible with VxWorks 2015-10-29 13:39:02 -06:00
David Garske f977caa492 Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it. 2015-10-28 23:54:08 -07:00
Nickolas Lapp b7848481a3 Fixed gcc variable-mayble-uninitialized warning 2015-10-27 16:42:19 -06:00
toddouska 4141ea8f83 example server to use cstd free for all build options 2015-10-16 14:05:37 -07:00
Ludovic FLAMENT 9ef43910ed Merge branch 'master' of https://github.com/wolfssl/wolfssl 2015-10-16 07:46:51 +02:00
Ludovic FLAMENT d4f3419758 ALPN : add function to get in a server the list of supported protocols sent by the client. 2015-10-15 14:59:35 +02:00
Ludovic FLAMENT ee8537fb6d Merge branch 'master' of https://github.com/wolfssl/wolfssl 2015-10-14 20:53:30 +02:00
Ludovic FLAMENT 10f5154389 ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL) 2015-10-13 09:38:40 +02:00
Ludovic FLAMENT bf3b0a228d add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions 2015-10-09 15:18:41 +02:00
John Safranek 329e6a6207 update the example server and echoserver to correctly generate the DTLS cookie 2015-09-15 17:23:52 -07:00
toddouska 09b2da799f Merge pull request #125 from kojo1/MDK4 
MDK4 name change
 2015-08-14 14:59:25 -07:00
toddouska 46e7e9acf9 disable SSLv3 by default 2015-08-12 16:39:13 -07:00
Takashi Kojo 30f6bc1e27 MDK4, wolfSSL name change 2015-08-12 16:45:40 +09:00
toddouska 37ba6aeee7 fix psk no identify hint example logic 2015-08-03 09:32:51 -07:00
kaleb-himes 303fb2bb62 Option for no PSK Id Hint and test cases 
update comment file reference
 2015-07-31 22:00:28 -06:00
Jacob Barthelmeh df8b48cd0f NTRU suites from earlier code 2015-07-11 12:52:22 -06:00
Jacob Barthelmeh 14723b7e65 QSH (quantum-safe handshake) extension 2015-07-07 09:55:58 -06:00
John Safranek 64602d1969 added check for allowed minimum DH key size 2015-05-21 10:11:21 -07:00
toddouska 8ff17b66f3 add session tickets to echoserver example too 2015-05-18 09:13:34 -07:00
toddouska 74cc2274fa add tiket key cleanup to help valgrind 2015-05-15 15:30:29 -07:00
toddouska 2212381925 add session ticket key returns for reject and use but create 2015-05-15 14:58:16 -07:00
toddouska f6d12bfc37 initial server side session ticket support 2015-05-15 12:51:44 -07:00
toddouska dde4b29462 add handshake done callback with ability to end connection 2015-05-09 11:04:47 -07:00
toddouska d927aa4334 add resume test to example server and script test 2015-04-28 12:21:54 -07:00
toddouska 86f2b9a98f turn off DTLSv1 functions for disable old tls 2015-04-08 13:29:25 -07:00
toddouska 869aeee6cb allow sniffer play nice in ecc build 2015-04-01 12:14:48 -07:00
toddouska c9a0c9a797 fix some psk warnings 2015-03-27 19:20:31 -07:00
toddouska 495fbe087e allow dh to be used w/o certs and asn 2015-03-27 14:28:05 -07:00
toddouska b7b655b8bf fix example server memory tracker 2015-03-07 12:00:27 -08:00
kaleb-himes de2115b140 shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown 2015-02-18 08:00:25 -07:00
toddouska 5f3b1d90b6 fix shutdown returns 2015-02-16 14:23:33 -08:00
lchristina26 db5a95b370 add option for bidirectional shutdown 2015-01-30 08:41:34 -07:00
kaleb-himes b0e88e32ff Error printouts name changed 2015-01-20 12:36:20 -07:00
Jacob Barthelmeh d366599285 adding comment to header and _fips to c files 2015-01-08 10:42:01 -07:00
kaleb-himes a389620a29 Copyright (C) updates 2015-01-08 09:39:04 -07:00
kaleb-himes 369a5f04a9 library wide licence update 2015-01-06 12:14:15 -07:00
kaleb-himes edf53a1ed0 new changes 2014-12-29 10:27:03 -07:00
Jacob Barthelmeh d958a2f3d6 close to build test with --disable-examples option 2014-12-18 15:40:09 -07:00
John Safranek 1742e0ddb6 Merge in the ADH-AES128-SHA changes and add a check for it during the 
packet order sanity checking.
 2014-12-01 11:44:32 -08:00
toddouska 1f8d84553c add server_ready file to externally monitor example server for ready to accept, -r option 2014-11-26 12:13:47 -08:00
toddouska 6175a2a20c cleanup fp cache on examples with thread local storage 2014-09-09 10:14:32 -07:00
toddouska 2c595139db fix tirtos merge 2014-09-08 19:40:03 -07:00
toddouska 61e989ed99 Merge branch 'master' into ti 2014-07-03 11:34:15 -07:00
toddouska 2d63c559cc dh now disabled by default but can be enabled w/o opensslextra 2014-07-03 11:32:24 -07:00
toddouska a920795665 Merge branch 'master' into ti 2014-05-30 16:57:15 -07:00
John Safranek b60a61fa94 DHE-PSK cipher suites 
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 * TLS_DHE_PSK_WITH_NULL_SHA256
 * TLS_DHE_PSK_WITH_NULL_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CCM
 * TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
 2014-05-30 11:26:48 -07:00
toddouska 71a5aeeb81 Merge branch 'master' into ti 2014-05-28 17:37:48 -07:00
toddouska e11dd9803a fix icc v14 warnings 2014-05-28 17:36:21 -07:00
toddouska 28b6c5b998 Merge branch 'master' into ti 2014-05-12 14:02:22 -07:00
Vikram Adiga f643ca5f48 Added TI-RTOS support for CyaSSL tests 2014-05-08 15:52:20 -07:00