WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
13,979 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

182 Commits (3aa3fc889fb177fbeb4c420bf78f56a0ff4343c5)

Author SHA1 Message Date
JacobBarthelmeh d44549fd77 only update OPENSSL_ENGINE_ID if already set 2021-04-12 01:47:01 -06:00
JacobBarthelmeh ee22d27cf8 add sanity check that engine can be loaded 2021-04-11 20:48:18 +07:00
JacobBarthelmeh c34025b186 add option to use an engine with openssl test script 2021-04-11 20:06:13 +07:00
Hideki Miyazaki b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Sean Parkinson a55e94cf6f ECCSI and SAKKE: add support 
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
 2021-03-12 09:31:22 +10:00
Hideki Miyazaki 302c6dfe11
addressed jenkins failure part3 2021-03-05 08:19:22 +09:00
Hideki Miyazaki e39477c531
initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
Elms d67934f6b8 scripts: remove use of `realpath` and fix `external.test` 
`external.test` could fail quietly for not finding `ping.test` for
out-of-tree builds. Make it look relative to the script location.
 2021-02-10 14:18:32 -08:00
Elms 9b6f382b2c testing: fix openssl test for `distcheck` 
Previously missed case of cert locations for out-of-tree build. Use
relative path from script location for certificate path
 2021-02-10 07:15:22 -08:00
Elms 12eddee104 scripts: fix tests for out of tree `distcheck` 
Copying or using certs from directory relative to scripts source directory.
 2021-02-08 10:43:31 -08:00
Elms c17597a4fb build: arbitrary path for `make check` 
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
 2021-02-05 12:10:32 -08:00
Elms 93ea355217 build: fix `make distcheck` 
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.

Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
 2021-02-05 07:25:07 -08:00
Sean Parkinson fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options 
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
 2021-01-06 14:19:57 +10:00
Tesfa Mael 9598c03716 Free mutex and fix test script 2020-12-30 17:40:15 -08:00
John Safranek c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug 
Fix bug where OCSP stapling wasn't happening even when requested by client
 2020-12-29 14:23:10 -08:00
Daniel Pouzzner eeefe043ec scripts/: nix `timeout` wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability. 2020-12-16 17:31:53 -06:00
Hayden Roche 801aa18b9e Fix bug where OCSP stapling wasn't happening even when requested by client. 
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
 2020-12-15 16:56:21 -06:00
toddouska 367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche 5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
toddouska b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske d208779974 Added test case for TLS v1.3 with HRR (hello_retry_request) 2020-11-12 08:59:10 -08:00
Daniel Pouzzner 1cbc2e8608 openssl.test: recognize TLS13-AES128-CCM-8-SHA256 and TLS13-AES128-CCM8-SHA256 as equivalent while iterating through $wolf_ciphers. 2020-11-11 23:23:28 -06:00
Daniel Pouzzner 5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner 196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner 3858bda7e9 add "module", "modules_install", and "clean_module" rules to BUILD_LINUXKM section of Makefile.am, and add working install rule to linuxkm/Makefile, so that "make module" and "make modules_install" now work when --enable-linuxkm; fix "make dist" logic in Makefile.am and scripts/include.am to be unaffected by --enable-linuxkm; don't build wolfcrypt/benchmark or testwolfcrypt when --enable-linuxkm and --enable-crypttests. 2020-11-04 14:13:39 -06:00
Daniel Pouzzner 139b0431cb ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain"). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 0568ec304f pass -4 flag to openssl and nc only when IPV6_SUPPORTED. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 94a3f86dcd scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 7a5cbaa9bc fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 81849e64b8 scripts/openssl.test: for "-psk" cases, use "-psk key", not "-psk=key", for OpenSSL 1.0.2 compatibility. 2020-10-21 23:30:14 -05:00
Sean Parkinson 60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
Daniel Pouzzner 9df9fb7936 unit.test: add bwrap wrapper script at scripts/unit.test. 2020-09-17 12:03:44 -05:00
Daniel Pouzzner 5ed2fe8092 scripts/: more race elimination/mitigation. 2020-09-17 12:03:44 -05:00
Daniel Pouzzner 26901d1cd9 scripts/ocsp-stapling2.test: eliminate races. 2020-09-17 12:03:44 -05:00
Daniel Pouzzner b669f8eeb9 scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh. 2020-09-14 16:06:45 -05:00
Daniel Pouzzner d8dc6be5b9 scripts/ocsp-stapling2.test: try using a static prechecked port for the servers on ready_file5 too. 2020-09-12 01:13:35 -05:00
Daniel Pouzzner 51046d45d3 add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00
Daniel Pouzzner 1e9971f64c scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace. 2020-09-11 18:20:27 -05:00
Daniel Pouzzner 8f25456f86 scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO. 2020-09-11 15:30:37 -05:00
toddouska 7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth 
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
 2020-09-03 15:55:38 -07:00
toddouska 9901eb9272
Merge pull request #3249 from SparkiDev/tls13_early_data_fix 
TLS 1.3 Early Data: fix
 2020-09-03 14:49:39 -07:00
Sean Parkinson 89b9a77eca Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing 
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
 2020-09-01 15:27:46 +10:00
Sean Parkinson db864be6a4 TLS 1.3 Early Data: fix 
Will process early data packets now.
Added test to check output of server for early data being received.
 2020-08-31 09:03:05 +10:00
David Garske 6a984da53f Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use `-b` bind to any on server). Fix to use random port number for the `oscp-stapling.test` script. Reduce delay times in scripts. 2020-08-25 10:55:41 -07:00
John Safranek ceed98b952
Modify the openssl test script to run the openssl commands in an eval. 2020-08-12 16:59:10 -07:00
Sean Parkinson 93cdfd7132 Update OpenSSL interopability testing 
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
 2020-08-11 16:44:45 +10:00
Chris Conlon 70aa11f0a9
Merge pull request #3153 from ethanlooney/15th_branch 
Added unit tests for Logging.c
 2020-07-28 16:35:31 -06:00
Ethan Looney 563806c497 Changed the log dump txt file's directory to include /tests and added it to make clean 2020-07-23 10:12:40 -07:00
Ethan Looney b500a54fc5 Added new file to read in and dump error message and added cleanup within cleanup script 2020-07-21 12:30:43 -07:00