3d7e86f08d
Added missing API's for disabling OCSP stapling. Added OCSP stapling enable/disable for WOLFSSL.
2017-10-17 13:52:05 -07:00
6021c37ec7
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:10:43 -07:00
6707be2b0e
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-10-11 09:10:42 -07:00
36a539760a
DTLS Bad MAC Checks
...
1. Make the decrypt and verify MAC failure cases behave the same with
respect to DTLS messages. It should pretend the message never happened.
2. Allow the echoclient to survive the echoserver sending a message with
a bad MAC.
3. Allow the server to survive the client sending a message with a bad MAC.
2017-07-31 13:54:53 -07:00
431a0cbea9
Multicast
...
1. Since multicast's only cipher suite uses null cipher
automatically enable it.
2. Add options to example client and server to start
testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
2017-07-19 13:31:39 -07:00
19787e6d4f
don't treat peer closed / zero return as hard error in example servers
2017-07-12 14:15:16 -06:00
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
fbc4123ec0
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
4737b97503
add trackmemory enable option
2017-05-18 16:46:56 -06:00
efb4b3c183
Fix for unit test with non-blocking set.
2017-05-04 14:51:31 -07:00
2b1e9973ec
Add TLS v1.3 as an option
2017-05-04 14:51:30 -07:00
85bef98331
Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode.
2017-04-11 14:13:08 -07:00
c1640e8a3d
Intel QuickAssist (QAT) support and async enhancements/fixes:
...
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
4ff2903b55
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-07 10:20:41 -07:00
eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
4dcad96f97
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-07 10:20:18 -07:00
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
e6434f380b
Get Nginx working with wolfSSL
2017-03-01 08:38:54 +10:00
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
e8f7d78fc4
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
8f3e1165a1
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
b2af02a783
Merge pull request #383 from kojo1/MDK5
...
fixes for MDK5 compiler
2016-04-26 16:11:59 -06:00
77a9343973
use short for RSA min key size and check casts
2016-04-22 12:56:51 -06:00
1dac3841ca
change type to short for comparision and up default min size
2016-04-20 15:44:45 -06:00
3129bb22cd
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
117231c0e3
Merge pull request #387 from JacobBarthelmeh/RSA-min
...
add check for min RSA key size at TLS/SSL level
2016-04-19 13:57:26 -07:00
0dbdc8eab0
Merge pull request #372 from dgarske/mingwfixes
...
MinGW fixes
2016-04-18 12:50:13 -07:00
c9891567e8
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
cab1ebf2d6
move MDK5 current_time to test.h
2016-04-14 18:47:16 +09:00
35c5353698
fixed current_time argument
2016-04-14 16:26:51 +09:00
cfd5af341b
fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler.
2016-04-12 11:05:30 +09:00
1b7cd5cb06
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
c6e9021732
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
993972162e
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-08 11:48:14 -06:00
85a9c55048
fix c89 build on windows
2016-04-06 11:16:40 -06:00
63b1282e67
Merge pull request #335 from dgarske/asynccrypt
...
Asynchronous crypto and wolf event support
2016-03-30 20:12:41 -07:00
4472152b18
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-30 15:15:38 -07:00
696169634e
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
e99a5b0483
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
e1787fe160
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-17 13:31:03 -07:00
aab44eb26b
adjest example server PSK plus flag
2016-03-02 15:43:17 -07:00
d969e2ba11
automated test for trusted peer certs
2016-03-02 11:42:00 -07:00
05d2cec7c1
addition to api tests and refactor location of trusted peer cert check
2016-03-02 11:35:03 -07:00
7df22ee210
Trusted peer certificate use
2016-03-02 11:22:34 -07:00
ff7a9d9f78
option for fail on no peer cert except PSK suites
2016-02-10 13:26:03 -07:00
ec9d23a9c3
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
2d33380abc
Merge pull request #225 from JacobBarthelmeh/master
...
help message to use NTRU key in example server
2015-12-28 11:56:13 -08:00
92cb8eee61
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
4b836f8476
added note to client and server regarding port 0
2015-12-23 12:20:53 -08:00
22385f2b39
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
0721b79282
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
e503b89ca1
allow sniffer build with -v 0 examples to work
2015-12-17 12:10:22 -08:00
4217ef5475
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
32b2d7f9e4
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
806a2748bf
Merge pull request #189 from lchristina26/master
...
Updates for Wind River WORKBENCH/ VxWorks Compatibility
2015-11-12 13:33:27 -08:00
db6920d372
updates for vxworks compatibility
2015-11-12 13:33:47 -07:00
21d70636dc
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
e76f95465d
Merge pull request #170 from dgarske/master
...
Fixes initialization of the Crypto HW protection, which could leak a …
2015-10-29 13:56:18 -07:00
723fc3761b
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
f977caa492
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
b7848481a3
Fixed gcc variable-mayble-uninitialized warning
2015-10-27 16:42:19 -06:00
4141ea8f83
example server to use cstd free for all build options
2015-10-16 14:05:37 -07:00
9ef43910ed
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
d4f3419758
ALPN : add function to get in a server the list of supported protocols sent by the client.
2015-10-15 14:59:35 +02:00
ee8537fb6d
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-14 20:53:30 +02:00
10f5154389
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
bf3b0a228d
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
329e6a6207
update the example server and echoserver to correctly generate the DTLS cookie
2015-09-15 17:23:52 -07:00
09b2da799f
Merge pull request #125 from kojo1/MDK4
...
MDK4 name change
2015-08-14 14:59:25 -07:00
46e7e9acf9
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
30f6bc1e27
MDK4, wolfSSL name change
2015-08-12 16:45:40 +09:00
37ba6aeee7
fix psk no identify hint example logic
2015-08-03 09:32:51 -07:00
303fb2bb62
Option for no PSK Id Hint and test cases
...
update comment file reference
2015-07-31 22:00:28 -06:00
df8b48cd0f
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
14723b7e65
QSH (quantum-safe handshake) extension
2015-07-07 09:55:58 -06:00
64602d1969
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
8ff17b66f3
add session tickets to echoserver example too
2015-05-18 09:13:34 -07:00
74cc2274fa
add tiket key cleanup to help valgrind
2015-05-15 15:30:29 -07:00
2212381925
add session ticket key returns for reject and use but create
2015-05-15 14:58:16 -07:00
f6d12bfc37
initial server side session ticket support
2015-05-15 12:51:44 -07:00
dde4b29462
add handshake done callback with ability to end connection
2015-05-09 11:04:47 -07:00
d927aa4334
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
86f2b9a98f
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
869aeee6cb
allow sniffer play nice in ecc build
2015-04-01 12:14:48 -07:00
c9a0c9a797
fix some psk warnings
2015-03-27 19:20:31 -07:00
495fbe087e
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
b7b655b8bf
fix example server memory tracker
2015-03-07 12:00:27 -08:00
de2115b140
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
5f3b1d90b6
fix shutdown returns
2015-02-16 14:23:33 -08:00
db5a95b370
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
b0e88e32ff
Error printouts name changed
2015-01-20 12:36:20 -07:00
d366599285
adding comment to header and _fips to c files
2015-01-08 10:42:01 -07:00
a389620a29
Copyright (C) updates
2015-01-08 09:39:04 -07:00
369a5f04a9
library wide licence update
2015-01-06 12:14:15 -07:00
edf53a1ed0
new changes
2014-12-29 10:27:03 -07:00
d958a2f3d6
close to build test with --disable-examples option
2014-12-18 15:40:09 -07:00
1742e0ddb6
Merge in the ADH-AES128-SHA changes and add a check for it during the
...
packet order sanity checking.
2014-12-01 11:44:32 -08:00
1f8d84553c
add server_ready file to externally monitor example server for ready to accept, -r option
2014-11-26 12:13:47 -08:00
6175a2a20c
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
2c595139db
fix tirtos merge
2014-09-08 19:40:03 -07:00
61e989ed99
Merge branch 'master' into ti
2014-07-03 11:34:15 -07:00
2d63c559cc
dh now disabled by default but can be enabled w/o opensslextra
2014-07-03 11:32:24 -07:00
a920795665
Merge branch 'master' into ti
2014-05-30 16:57:15 -07:00
b60a61fa94
DHE-PSK cipher suites
...
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_AES_128_CCM
* TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
2014-05-30 11:26:48 -07:00
71a5aeeb81
Merge branch 'master' into ti
2014-05-28 17:37:48 -07:00
e11dd9803a
fix icc v14 warnings
2014-05-28 17:36:21 -07:00
28b6c5b998
Merge branch 'master' into ti
2014-05-12 14:02:22 -07:00
f643ca5f48
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
eeb2e28f54
Sync with 3.0.0
2014-05-05 09:45:25 +09:00
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
b712380a60
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
f1597c86b1
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
c39cdbea54
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-03 12:18:26 -08:00
5616450a4b
fixed return codes
...
added protection for missing HAVE_TLS_EXTENSIONS
2014-01-31 16:52:15 -03:00
d46c68ba10
Moved OCSP into the CertManager like the CRL.
2013-12-27 12:11:47 -08:00
0ee34c961e
make sure passwd_cb called before load private key in server example
2013-12-23 11:19:21 -08:00
dff54942a2
xcode5 paths for examples
2013-12-19 15:23:57 -08:00
4ffc92a4d6
Use OCSP override URL enable in both example client and server.
2013-12-18 12:34:40 -08:00
f3f80bd66e
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
5c5cee0789
use external CYASSL_MAX_ERROR_SZ for buffer size
2013-08-06 11:48:00 -07:00
7fd3b8a993
Fixed error string for example server private key file failure.
2013-06-25 13:14:24 -07:00
0c34ecb451
OCSP Updates
...
1. Add option to example server and client to check the OCSP responder.
2. Add option to example server and client to override the URL to use
when checking the OCSP responder.
3. Copy the certificate serial number correctly into OCSP request.
Add leading zero only if MS bit is set.
4. Fix responder address used when Auth Info extension is present.
5. Update EmbedOcspLookup callback to better handle the HTTP
response and obtain the complete OCSP response.
2013-06-24 10:47:24 -07:00
cb2082edee
changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH
2013-06-03 10:04:49 -03:00
5c665fe614
Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch)
...
Exposed SNI Type at ssl.h
2013-05-30 15:26:41 -03:00
d2003bb8b7
merge in sni
2013-05-21 14:37:50 -07:00
cfdfa7b2b3
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
47b468d14f
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
864f0468aa
Cygwin/Mingw64 fixes
2013-05-01 14:17:11 -06:00
702c1b044d
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
f535e5428e
make sure all tests/examples *.c use settings.h correctly
2013-04-10 12:17:23 -07:00
9b0ffa0249
brought CYASSL_CALLBACK code up to current standard
2013-04-08 15:34:54 -07:00
f8848aaa1b
lower example client/server stack buffer sizes
2013-03-29 14:06:36 -07:00
ee0595f543
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
7d287a6ba9
modified test port number to allow concurrent testing
2013-03-26 22:00:39 -07:00
ae63878700
fix unused memory tracker warning is disable-memory
2013-03-15 13:22:35 -07:00
543108bdcc
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
49e62f0858
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
285ca36ca2
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
20e4889092
Merge branch 'dtls'
...
Conflicts:
src/ssl.c
2013-03-08 17:45:35 -08:00
43ed4a7424
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
f65dcd1378
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
85b3346bbf
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
8ace08499b
make sure example CyaSSL_read()s that fill buffer don't overrun by 1 byte if trying to output with null terminator
2013-02-08 11:21:48 -08:00
44e0d7543c
change copyright name with name change
2013-02-05 12:44:17 -08:00
f4f13371f9
update copyright date
2013-02-04 14:51:41 -08:00
44b6593fe5
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
a453ccba57
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
44bf986827
no DTLS streaming checks
2012-12-28 17:54:19 -08:00
726d686b07
fix clang scan-build problems
2012-12-12 18:03:32 -08:00
f8f7f69f48
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
85e8f1988a
leanpsk build removes cert code, moved ctaocrypt error strings to own file
2012-11-01 12:36:47 -07:00
9871b13480
build test covers leanpsk
2012-10-30 12:51:14 -07:00
174618ebfb
added build option for leanPSK
2012-10-29 15:39:42 -07:00
a5d7a3ea8f
fix opensslExtra with psk server example, add psk to commit tests
2012-10-19 12:54:15 -07:00
a89ec1ac91
show server read/write block message in server example
2012-10-19 10:14:26 -07:00
32dd1ab006
fix example/client non-blocking usage flag to big N
2012-10-17 14:06:50 -07:00
fe632a3f77
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
400b1f1ae6
test client and server use select in non-blocking mode
2012-10-08 15:49:30 -07:00
0fc6c8a07d
fix nonblocking setters
2012-09-27 13:38:45 -07:00
d5d24df32a
nonblocking warning fixes
2012-09-27 10:31:38 -07:00
5fce4edb68
This adds more compiler hardening flags (and fixes all of the issues
...
found in the process).
2012-09-19 23:38:41 -07:00
56ee2eaba8
added dtls message retry
2012-09-14 09:35:34 -07:00
f8b106601b
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
c4674c0cc3
add ntru cipher suite tests
2012-08-07 17:18:56 -07:00
90446c3c5f
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
90385bb4b3
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
45dde2da89
better error checking on server example
2012-07-30 18:15:08 -07:00
f904c598ed
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
638c095737
better error output for temp keys or compression on sniffer
2012-06-29 10:59:48 -07:00
2b48f248c4
crl dir monitoring for linux and mac
2012-05-22 17:25:15 -07:00
1c2b84d3dd
ecc client certs
2012-05-02 10:30:15 -07:00
84614da13e
increase copyright date 2012
2012-02-13 11:54:10 -08:00
a81d3d02e1
2.0.2 release
2011-12-05 15:42:18 -08:00
8ddd2185c2
warning fixes, 2.0.1 pre
2011-11-01 16:17:45 -07:00
948a901cfc
add DH param setting by file and buffer, by ctx too
2011-11-01 14:05:14 -07:00
08fd73bbec
fixes for xcode4 and cyassl2
2011-09-25 16:35:54 -07:00
d99932962a
change Visual Studio files to use new CyaSSL headers and layout, have examples and testsuite try to change to CyaSSL Home dir if not
2011-09-23 16:13:02 -07:00
9d7c016cdb
move cyassl headers out of openssl dir
2011-08-25 14:28:57 -07:00
000ffa54a4
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
5d49bf7cb0
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-24 15:54:58 -07:00
ebc52e6941
Corrected spelling mistakes, formatting
2011-08-04 16:42:55 -06:00
667162df1b
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
0ef4919b43
change Init Free CyaSSL to CyaSSL_, more consistent
2011-06-08 13:19:39 -07:00
c4e54556c5
make sure example clients don't use EDH when sniffer active
2011-04-29 10:41:21 -07:00
491f0e440b
add compiler visibility detection, default hide, add external API linkage and internal LOCAL linkage
2011-04-26 15:41:16 -07:00
adaffeca6c
fix initsuites with PSK on downgrade, example server with PSK
2011-04-25 16:11:23 -07:00
1326c79bb6
add server EDH
2011-04-20 14:40:07 -07:00
831f4b6be9
add use cert chain handling
2011-04-09 13:08:56 -07:00
6b88eb05b1
1.8.8 init
2011-02-05 11:14:47 -08:00
David Garske
John Safranek
toddouska
Sean Parkinson
Kincade Pavich
Jacob Barthelmeh
Sean Parkinson
Chris Conlon
Kaleb Himes
Takashi Kojo
Moisés Guimarães
Takashi Kojo
lchristina26
Nickolas Lapp
Ludovic FLAMENT
kaleb-himes
Vikram Adiga
Moisés Guimarães
toddouska
John Safranek
John Safranek
Brian Aker
Chris Conlon