9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
141d07e21b
addressed pre-review comments
2021-03-05 08:19:16 +09:00
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
a3cbcf255f
Fix from review
2021-01-20 11:34:02 -06:00
50843b22cd
Check method for NULL
2021-01-18 16:18:49 -06:00
764b3cf09d
examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code.
2020-12-28 17:49:58 -06:00
16ce8e077a
only call wolfSSL_UseKeyShare() in example client with TLS 1.3
2020-12-16 12:06:35 -07:00
75c062a298
cppcheck: fixes
2020-12-16 17:28:20 +10:00
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim
...
Add an option to the example client to simulate WANT_WRITE errors.
2020-11-18 15:54:09 -08:00
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
2fc594d319
Modify example server to be resilient to WANT_WRITE errors.
2020-11-13 10:33:10 -06:00
e035eb8f8a
Add an option to the example client to simulate WANT_WRITE errors.
...
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
This callback alternates between letting the TX through and returning a
WANT_WRITE error.
2020-11-13 10:30:24 -06:00
7850d71ccb
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:47:47 -06:00
92c3296e13
preprocessor -DNO_BIO to omit OpenSSL BIO API
2020-11-05 20:40:43 -06:00
fda84576b0
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-28 17:28:05 -05:00
94d4ea3a57
examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096.
2020-10-28 17:28:05 -05:00
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
b918e1fd4c
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-28 17:28:05 -05:00
d2dac8e4b8
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 13:30:51 -07:00
1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple
...
TLS OCSP Stapling: MUST staple option
2020-10-20 15:07:08 -07:00
7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr
...
(D)TLS non-blocking SCR with example
2020-10-20 13:45:19 -07:00
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck
...
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing
...
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
a4bfa0dec7
Add support for id-pkix-ocsp-nocheck
2020-10-11 19:47:50 -07:00
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
7a77b6d990
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-08 22:47:16 -05:00
e162d0f889
add wolfSSL_get_ocsp_producedDate().
2020-10-08 22:47:16 -05:00
a7fdfbaf40
Passing scr-app-data in to -i to client sends a message during SCR
...
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-10-06 17:28:23 +02:00
84f0fc56ef
check ClientWrite return
2020-09-25 11:35:23 +02:00
10bf7a2086
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-23 18:32:16 -05:00
30443dbf23
Fix Client Usage
...
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
04b4ef3e3b
Don't send null byte
2020-09-16 14:02:51 +02:00
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
52df9d6c69
TLS and DTLS both need to support APP DATA during SCR
...
Also some misc fixes
2020-08-27 21:13:19 +02:00
8b934624f5
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization
...
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP
2020-07-30 09:47:48 -06:00
397d1ab19c
DTLS Test Speed Fix Redux
...
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
2020-07-29 16:51:08 -07:00
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size
...
DTLS Size Fix
2020-07-24 08:19:50 -07:00
fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
839044d9e1
1. Remove dead assignment from client test.
...
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
fe08f23a50
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
c5371a2dbd
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
c8e9d058f0
DTLS Test Speedup
...
Change the example client to use select instead of sleep.
If building for the standalone client, it will wait 1 second.
If built for no main driver, it'll wait 10ms rather than 1 second.
2020-07-21 18:40:18 -07:00
11b0d963d3
Fix for example client to send HTTP GET on resume with "-g". Fixes issue with `./scripts/openssl.test`.
2020-07-21 15:42:33 -07:00
639f73fe1f
Fix for client writes to not include the null term.
2020-07-21 13:42:01 -07:00
4e637ddf10
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
e55ca1a8cf
increase example client key share group array size
2020-07-17 10:26:34 -06:00
925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
...
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
890500c1b1
Fix Coverity
2020-07-08 08:20:43 -07:00
3efd8a8576
Jenkins fixes
2020-07-02 14:59:07 +02:00
e63a80f1af
Use `NO_SESSION_CACHE` as well in preproc checks
2020-06-30 21:21:43 +02:00
26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK
...
cleanup GET messages
2020-06-25 10:22:09 -06:00
fdce5152c5
Address peer feedback
2020-06-24 11:25:12 -06:00
352328348a
For example client "-H verifyFail", which was not setting the verify callback.
2020-06-18 12:54:47 -07:00
667d9ca896
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
03c5359fcd
Add session resumption testing for DTLS
2020-06-18 14:18:02 +02:00
f2d2dadc89
ASYNC: Fix issues with TLS and DTLS
2020-06-12 11:36:43 +02:00
7b604ad714
WIP
2020-06-12 11:36:43 +02:00
dffc677561
Fix for TLS v1.3 with `--enable-sniffer`.
2020-06-04 16:42:40 -07:00
ad93813d75
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-06-04 15:31:18 -07:00
d4fdd1e590
Fix for TLS v1.3 test PSK callback to support cipher list. Add support for `GetCipherSuiteFromName` to accept a name ending with colon.
2020-06-04 15:31:18 -07:00
3b63e55a68
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-06-04 15:31:18 -07:00
2285071fbc
Use old convention, consolidate assignments
2020-06-04 09:34:49 -06:00
923fc30043
Change to memcpy
2020-06-03 17:36:40 -06:00
8c3f7a77ca
cleanup GET messages
2020-06-03 16:53:36 -06:00
c153873337
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 16:17:03 +10:00
cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
...
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
411aee6e05
Fixes from cppcheck
...
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
65cf5a0d46
Merge pull request #2802 from embhorn/zd9764
...
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
b1ec15de3e
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
3f7ce61dbd
Updates from review
2020-04-01 11:14:25 -05:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
41d3ba0efa
Tests and examples for bidirectional shutdown
2020-02-17 16:47:47 -06:00
b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows
...
change public Timeval to WOLFSSL_TIMEVAL
2020-02-13 09:38:42 -08:00
b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
...
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
cc2bf03e73
Client using common read and write func
2020-02-03 09:17:27 +10:00
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
a9e9120fa0
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
37cad6e9ba
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
4f71bcfa7c
Merge pull request #2704 from ejohnstown/renegotiation
...
Maintenance: Renegotiation
2019-12-30 16:45:31 -08:00
deac82c8ed
Merge pull request #2683 from dgarske/various_items
...
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
add7cdd4e2
Maintenance: Renegotiation
...
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
22f0b145d3
Various cleanups and fixes:
...
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
774a758f59
Fixes in test and example code
2019-12-17 15:56:40 -06:00
890eb415b1
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
bb6eeefe26
fix for build with --enable-all and gcc-9 on Linux
2019-10-15 09:56:26 -07:00
901ee627fc
Fixes from using cppcheck tool
...
Various fixes for uninitialized variable use.
sniffer.c: close file when seek fails
tls.c: fix QSH_GET_SIZE macro
wolfio.c: uIPGenerateCookie: use the parameter, _ctx, instead of self
referencing.
wolfssl_adds.c: check for equivalent to XBADFILE to indicate error.
SP: change right shift of signed value to unsigned
sp_int.h: define 128-bit types
types.h: change a XMALLOC define to not use (,,) - cppcheck doesn't like
it and is unnecessary.
2019-10-01 09:22:00 +10:00
b92509144b
Merge pull request #2475 from dgarske/qat_key
...
Fixes and improvements for async
2019-09-20 10:44:33 -07:00
Hideki Miyazaki
Eric Blankenhorn
Daniel Pouzzner
Chris Conlon
Sean Parkinson
toddouska
Hayden Roche
Glenn Strauss
John Safranek
David Garske
Jacob Barthelmeh
Tesfa Mael
Juliusz Sosinowicz
Kaleb Himes
Takashi Kojo