5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
c748d9dae9
Merge pull request #998 from dgarske/fix_no_server_or_client
...
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined
2017-06-28 10:30:08 -07:00
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
7aee92110b
Code review fixes
...
Also put in configuration option for sending HRR Cookie extension with
state.
2017-06-27 08:52:53 +10:00
9ca1903ac5
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
8bd6a1e727
Add TLS v1.3 Cookie extension support
...
Experimental stateless cookie
2017-06-26 16:41:05 +10:00
fbc4123ec0
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 21:19:59 -07:00
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
9ead657723
Merge pull request #989 from dgarske/testing
...
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
2017-06-21 14:10:49 -07:00
2f9f746053
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-21 10:36:49 -07:00
decdf7ae8b
Cleanup
2017-06-21 16:56:51 +10:00
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
ee83710a0a
Fix for building only curve small and ed disabled. Fix for client assuming supported curves is enabled with curve.
2017-06-16 16:17:01 -07:00
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
adf819458c
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
a30e8eb4ad
Fix for benchmarking X25519
2017-06-08 09:26:49 +10:00
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
0b32d0368f
Updates for Draft 20 of TLS v1.3
2017-06-02 15:59:49 +10:00
19edd47018
Merge pull request #917 from SparkiDev/tls_curve25519
...
Enable X25519 for Key Exchange in TLS
2017-05-22 16:00:00 -07:00
8920cd89e4
Fixes from review
2017-05-22 09:09:31 +10:00
5ef977aa3d
Put X25519 behind P256
...
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
4737b97503
add trackmemory enable option
2017-05-18 16:46:56 -06:00
dcd3a6a478
Merge pull request #907 from dgarske/fix_verifycb
...
Fixes for verify callback override
2017-05-12 16:45:55 -07:00
05d2032661
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
2efa7d5b8b
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904 . Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
e8cf4b5ff0
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-09 09:13:21 -07:00
efb4b3c183
Fix for unit test with non-blocking set.
2017-05-04 14:51:31 -07:00
77f9126edf
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-05-04 14:51:31 -07:00
2b1e9973ec
Add TLS v1.3 as an option
2017-05-04 14:51:30 -07:00
db63fe83d4
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
3e6243eb08
Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”.
2017-04-27 10:53:47 -07:00
85bef98331
Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode.
2017-04-11 14:13:08 -07:00
e419a6f899
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:47:07 -07:00
c1640e8a3d
Intel QuickAssist (QAT) support and async enhancements/fixes:
...
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
4ff2903b55
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-07 10:20:41 -07:00
eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
4dcad96f97
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-07 10:20:18 -07:00
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
4eefa22629
Merge pull request #810 from toddouska/write-dup
...
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
2017-04-05 10:06:20 -06:00
34a4f1fae0
Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper.
2017-03-31 13:11:23 -07:00
15423428ed
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-20 15:08:34 -07:00
628f740363
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-15 12:26:18 -07:00
003e18ecbc
Fixes for scan-build
2017-03-15 09:38:53 +10:00
e6434f380b
Get Nginx working with wolfSSL
2017-03-01 08:38:54 +10:00
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
650ddb8d23
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-30 16:27:24 -08:00
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
f7a951709f
COMPAT. LAYER : get SSL client random bytes
2016-11-07 13:21:35 -07:00
87e3f45f52
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
0f0e0ca9a5
add extended master to example client
2016-09-01 15:17:46 -06:00
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
05a35a8332
fix scan-build warning on the simple SCTP example server
2016-08-26 20:33:05 -07:00
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
6d5df3928f
SCTP-DTLS examples
...
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
2016-08-26 19:58:36 -07:00
52e2f1a7ab
typecasts to clear static analysis warnings on SCTP examples
2016-08-26 19:58:36 -07:00
b7a35eabd2
Add simple SCTP example tools
2016-08-26 19:40:50 -07:00
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
32b0303beb
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-05 14:06:58 -07:00
e8f7d78fc4
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
5b3a72d482
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
ac6635593b
Revert "Bio"
2016-06-27 10:53:34 -07:00
49934a5c91
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-24 14:22:14 -06:00
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
f6bbe845f5
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-22 09:14:53 -06:00
a859cf189d
Merge pull request #443 from ejohnstown/new-ccm-suite
...
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
ea71814518
Merge https://github.com/wolfSSL/wolfssl
2016-06-17 13:58:53 -06:00
a7c7407406
fix windows example echoserver
2016-06-16 16:39:18 -06:00
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
ed4f67058a
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2016-05-20 21:51:13 +02:00
b8c0802e3c
Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore
...
Dtls multi core
2016-05-17 17:39:18 -07:00
8c45cb1938
add DTLS session export option
2016-05-10 13:27:45 -06:00
8f3e1165a1
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
4b16600011
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
f9ab61db5d
Merge pull request #402 from cconlon/starttls
...
use send/recv instead of write/read with STARTTLS
2016-05-02 17:19:50 -07:00
a94383037c
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 14:36:59 -06:00
52d6fb575b
Merge pull request #395 from cconlon/starttls
...
add STARTTLS support to example client
2016-04-29 14:24:08 -07:00
46addfb130
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
b2af02a783
Merge pull request #383 from kojo1/MDK5
...
fixes for MDK5 compiler
2016-04-26 16:11:59 -06:00
5abeeff919
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
77a9343973
use short for RSA min key size and check casts
2016-04-22 12:56:51 -06:00
1dac3841ca
change type to short for comparision and up default min size
2016-04-20 15:44:45 -06:00
3129bb22cd
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
117231c0e3
Merge pull request #387 from JacobBarthelmeh/RSA-min
...
add check for min RSA key size at TLS/SSL level
2016-04-19 13:57:26 -07:00
0dbdc8eab0
Merge pull request #372 from dgarske/mingwfixes
...
MinGW fixes
2016-04-18 12:50:13 -07:00
c9891567e8
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
cab1ebf2d6
move MDK5 current_time to test.h
2016-04-14 18:47:16 +09:00
35c5353698
fixed current_time argument
2016-04-14 16:26:51 +09:00
cfd5af341b
fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler.
2016-04-12 11:05:30 +09:00
1b7cd5cb06
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
c6e9021732
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
993972162e
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-08 11:48:14 -06:00
85a9c55048
fix c89 build on windows
2016-04-06 11:16:40 -06:00
63b1282e67
Merge pull request #335 from dgarske/asynccrypt
...
Asynchronous crypto and wolf event support
2016-03-30 20:12:41 -07:00
4472152b18
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-30 15:15:38 -07:00
696169634e
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
e99a5b0483
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
e1787fe160
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-17 13:31:03 -07:00
060e278559
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs
2016-03-11 23:48:39 -07:00
0ed26ad262
Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option.
2016-03-08 08:35:28 -08:00
2891939098
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-03-08 08:35:28 -08:00
112cf1f0c9
fix example client help print out
2016-03-02 16:51:57 -07:00
aab44eb26b
adjest example server PSK plus flag
2016-03-02 15:43:17 -07:00
d969e2ba11
automated test for trusted peer certs
2016-03-02 11:42:00 -07:00
05d2cec7c1
addition to api tests and refactor location of trusted peer cert check
2016-03-02 11:35:03 -07:00
7df22ee210
Trusted peer certificate use
2016-03-02 11:22:34 -07:00
953a3bd01d
Fixes build error with NO_FILESYSTEM and !NO_CERTS where the wolfssl/test.h load_buffer() function is passing non-existent enum value. Was renamed from CYASSL_ to WOLFSSL_.
2016-02-19 13:52:06 -08:00
46b34c19d0
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
d7d2a6f565
Merge pull request #307 from JacobBarthelmeh/PSK
...
New fail with no peer cert behavior and allow RSA signed ECC key certs
2016-02-12 15:27:18 -08:00
ffe7b38409
correct logic to allow for static RSA if ECC and no Curves
...
use same coding standards as the rest of the libraries
2016-02-10 13:39:59 -07:00
ff7a9d9f78
option for fail on no peer cert except PSK suites
2016-02-10 13:26:03 -07:00
bf4d6454b1
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
62a2efdacc
Merge pull request #298 from kaleb-himes/master
...
Avoid unnecessary assignments in client example
2016-02-09 09:54:55 -08:00
2e88785358
Merge pull request #282 from dgarske/WinUserSettings
...
Refactor of Visual Studio projects to centralize preprocessors into IDE/WIN/user_settings.h
2016-02-09 09:27:32 -08:00
2af9fb91b3
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
c920e6dd30
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
2db6246abc
Fixed typo with testsuite preprocessor. Added missing chacha.c, chacha20_poly1305.c, pkcs7.c and poly1305.c. Also added the IDE/WIN/user_settings.h to the project so its easy to find.
2016-02-04 11:19:51 -08:00
ebd14a657d
Added signature.c to Visual Studio project files. Added new "IDE/WIN/user_settings.h" which contains all the defines for the various Windows Visual Studio projects. Moved the settings into this new file and added the WOLFSSL_USER_SETTINGS and CYASSL_USER_SETTINGS macros and include path to IDE/WIN to all project files. This allows the settings (defines) to be adjusted in a single place for Win VS.
2016-01-29 14:29:31 -08:00
611e37b3e8
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
7d71d756f3
update ChaCha20-Poly1305 to most recent RFCs
2016-01-27 14:03:05 -07:00
1d473ab7b5
resolve issue #255 , no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
84ae9a9ae5
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
a973eca4b8
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
ec9d23a9c3
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
2d33380abc
Merge pull request #225 from JacobBarthelmeh/master
...
help message to use NTRU key in example server
2015-12-28 11:56:13 -08:00
92cb8eee61
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
4b836f8476
added note to client and server regarding port 0
2015-12-23 12:20:53 -08:00
d17549f848
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
22385f2b39
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
41f50b7a73
NTRU suites considered part of static RSA suites group
2015-12-22 15:19:11 -07:00
0721b79282
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
917edc5f18
Merge pull request #218 from toddouska/ssl3-aes256
...
add aes256 key derivation to ssl3
2015-12-17 18:30:23 -08:00
b89354880f
switch pragma once uses, causes warnings on some compilers
2015-12-17 13:19:17 -07:00
e503b89ca1
allow sniffer build with -v 0 examples to work
2015-12-17 12:10:22 -08:00
4217ef5475
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
02411ccced
add F back into the client command line options scanning
2015-11-25 10:36:51 -08:00
32b2d7f9e4
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
806a2748bf
Merge pull request #189 from lchristina26/master
...
Updates for Wind River WORKBENCH/ VxWorks Compatibility
2015-11-12 13:33:27 -08:00
db6920d372
updates for vxworks compatibility
2015-11-12 13:33:47 -07:00
e9348635a0
SAFESEH:NO in DLL Debug|Win32
2015-11-09 15:11:58 -07:00
dccbc1cdd4
fixes ocsp nonce extension decoding;
...
enables use of ocsp nonce extension in the client example.
2015-11-05 11:45:42 -03:00
fbd4f8a6ed
fix merge conflict
2015-11-02 13:26:46 -08:00
21d70636dc
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
e76f95465d
Merge pull request #170 from dgarske/master
...
Fixes initialization of the Crypto HW protection, which could leak a …
2015-10-29 13:56:18 -07:00
723fc3761b
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
f977caa492
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
542b59d90a
Merge pull request #150 from JacobBarthelmeh/master
...
Intel RSA IPP plug in
2015-10-27 16:57:32 -07:00
b7848481a3
Fixed gcc variable-mayble-uninitialized warning
2015-10-27 16:42:19 -06:00
c132f9887e
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-10-19 13:56:39 -06:00
ee5a11b8d9
Add Intel IPP crypto for RSA
...
add user-crypto makefile
update README for IPP crypto
place user crypto in wolfcrypt and use autotools
adjust distributed files
move openssl compatibility consumption
auto use IPP RSA -- IPP directory containing shared libraries local
return value of wolfSSL_BN and formating of debug
openssh testing
make sure IPP not built when fips is
ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default
try to only set library once
only use static IPP if fast rsa is enabled
make print out for user crypto more pretty
2015-10-19 13:51:49 -06:00
c93c6c9bf4
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
4141ea8f83
example server to use cstd free for all build options
2015-10-16 14:05:37 -07:00
9ef43910ed
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
d4f3419758
ALPN : add function to get in a server the list of supported protocols sent by the client.
2015-10-15 14:59:35 +02:00
ee8537fb6d
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-14 20:53:30 +02:00
10f5154389
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
bf3b0a228d
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
b1c5f3b299
add show every cipher suite to examples/client
2015-10-02 16:26:20 -07:00
a8b5c57dd2
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
42d94a0f7f
wolfssl.com now requires ECDHE or static RSA
2015-09-24 12:19:38 -07:00
465622d4e0
wolfssl.com now uses old chacha-poly, detect for external test
2015-09-24 12:13:01 -07:00
329e6a6207
update the example server and echoserver to correctly generate the DTLS cookie
2015-09-15 17:23:52 -07:00
09b2da799f
Merge pull request #125 from kojo1/MDK4
...
MDK4 name change
2015-08-14 14:59:25 -07:00
a4cbc3b943
fix google external test w/o ecdhe
2015-08-14 12:58:00 -07:00
7fa4302a80
disable static PSK cipher suites by default
2015-08-14 12:49:30 -07:00
46e7e9acf9
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
30f6bc1e27
MDK4, wolfSSL name change
2015-08-12 16:45:40 +09:00
37ba6aeee7
fix psk no identify hint example logic
2015-08-03 09:32:51 -07:00
303fb2bb62
Option for no PSK Id Hint and test cases
...
update comment file reference
2015-07-31 22:00:28 -06:00
df8b48cd0f
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
14723b7e65
QSH (quantum-safe handshake) extension
2015-07-07 09:55:58 -06:00
6cad1949b4
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
53bf8ed7cb
fix scan-build warnings
2015-06-10 15:24:24 -07:00
64602d1969
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
8ff17b66f3
add session tickets to echoserver example too
2015-05-18 09:13:34 -07:00
74cc2274fa
add tiket key cleanup to help valgrind
2015-05-15 15:30:29 -07:00
2212381925
add session ticket key returns for reject and use but create
2015-05-15 14:58:16 -07:00
f6d12bfc37
initial server side session ticket support
2015-05-15 12:51:44 -07:00
dde4b29462
add handshake done callback with ability to end connection
2015-05-09 11:04:47 -07:00
4fe04c6bed
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
08b6e66ea8
add external site script test to make check
2015-05-07 10:02:43 -07:00
ada5ff876a
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
c04de5ba82
add resume to example client benchmarking
2015-04-28 18:04:11 -07:00
d927aa4334
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
1f8701540d
change SESSION_STATS to PRINT_SESSION_STATS, will add WOLFSSL_SESSION_STATS
2015-04-14 12:35:24 -07:00
86f2b9a98f
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
4e6f619302
Merge pull request #46 from jay/add-dll-config-to-vcxproj
...
build: Add DLL configurations to wolfssl64.sln and all vcxproj files
2015-04-06 09:05:06 -06:00
869aeee6cb
allow sniffer play nice in ecc build
2015-04-01 12:14:48 -07:00
cc804b110f
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
b8b13ad9e9
build: Revert using MSBuild property files to auto-detect platform toolset
...
Prior to this change I had added a .props file for each .vcxproj to
use MSBuild's $(DefaultPlatformToolset) as the the default for
$(PlatformToolset). Typically that configuration allows for the
appropriate toolset to be used no matter which version of VS2010+
the wolfssl64.sln and project files are opened in. Problem is when an
MSBuild was used from the command line to build the solution it got the
$(DefaultPlatformToolset) from a property file based on the solution
header (currently "Format Version 12.00" which maps to Visual Studio
2012) instead. Another side effect was it set the VisualStudioVersion
to 11.0 (n - 1; n in this case 12.0) which was incorrect.
To remedy the above this change reverts back to the old PlatformToolset
method where the v110 toolset (Visual Studio 2012) is specified in every
configuration in every vcxproj. The user will have to specify explicitly
a different toolset to override it (either via command line or the GUI)
if they are not using VS2012.
VS2010 example:
msbuild -p:Configuration="Debug" wolfssl64.sln -p:PlatformToolset=v100
2015-04-01 02:05:15 -04:00
c9a0c9a797
fix some psk warnings
2015-03-27 19:20:31 -07:00
495fbe087e
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
6e14362940
build: Add DLL configurations to wolfssl64.sln and all vcxproj files
...
- Remove extern from declspec in WOLFSSL_API macro.
- Add a property file to *.vcxproj so that $(DefaultPlatformToolset) is
available.
- Remove the specified platform toolset (VS 2012) in *.vcxproj.
This change allows the projects to use $(DefaultPlatformToolset) so that
they will be built using the default platform toolset for whatever
version of Visual Studio 2010+ that loads them.
- Add DLL Release and DLL Debug configurations to *.vcxproj except for
sslSniffer.vcxproj.
The sniffer uses internal library components that aren't exposed in the
wolfSSL DLL so it can only be built by linking to CyaSSL's static lib.
- Change intermediate output directory of obj files to
<current-dir-setting>\obj\.
The purpose of this change is to separate the output files from the
intermediate files because sometimes they can end up in the same dir.
2015-03-23 02:12:01 -04:00
64d83c39a0
Merge https://github.com/kaleb-himes/wolfssl into kaleb-master
2015-03-18 14:25:31 -07:00
fd772bb434
MSVS warning fixes for all solutions
2015-03-18 10:42:10 -06:00
b7b655b8bf
fix example server memory tracker
2015-03-07 12:00:27 -08:00
473a120ba2
remove more stale cyassl headers
2015-02-25 13:34:29 -08:00
40d51f13ce
ntru neo.lib -> NtruEncrypt_DLL.lib
2015-02-24 13:44:15 -07:00
de2115b140
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
5f3b1d90b6
fix shutdown returns
2015-02-16 14:23:33 -08:00
db5a95b370
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
b0e88e32ff
Error printouts name changed
2015-01-20 12:36:20 -07:00
53d65de105
visual studio project paths updated
2015-01-13 15:30:57 -07:00
492bae7afe
Merge branch 'master' of https://github.com/kaleb-himes/cyassl
2015-01-08 10:44:00 -07:00
d366599285
adding comment to header and _fips to c files
2015-01-08 10:42:01 -07:00
48fd041c40
no longer user compatibility layer
2015-01-08 10:02:07 -07:00
a389620a29
Copyright (C) updates
2015-01-08 09:39:04 -07:00
369a5f04a9
library wide licence update
2015-01-06 12:14:15 -07:00
a4ce557263
Licencing update
2015-01-05 14:54:43 -07:00
3cbed90cb9
name change for client.c
2015-01-05 14:48:43 -07:00
edf53a1ed0
new changes
2014-12-29 10:27:03 -07:00
2ab4f6e2f0
echoclient, server, libwolfssl updates
2014-12-22 09:01:53 -07:00
a37fb63c0c
examples
2014-12-19 16:53:49 -07:00
5107c6c12b
debugging linking error
2014-12-19 15:30:07 -07:00
d958a2f3d6
close to build test with --disable-examples option
2014-12-18 15:40:09 -07:00
1742e0ddb6
Merge in the ADH-AES128-SHA changes and add a check for it during the
...
packet order sanity checking.
2014-12-01 11:44:32 -08:00
1f8d84553c
add server_ready file to externally monitor example server for ready to accept, -r option
2014-11-26 12:13:47 -08:00
322f79f521
allow user to set minimum downgrade version with v23 methods()
2014-11-03 15:12:48 -08:00
35bcc98948
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
a937040087
Adds Session Ticket TLS Extension handling.
...
New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:30:23 -03:00
f81f22799a
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
95585e93df
scr session resumption example
2014-09-26 10:47:57 -07:00
0c20584ed3
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
6175a2a20c
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
2c595139db
fix tirtos merge
2014-09-08 19:40:03 -07:00
a73a160aaf
Merge branch 'master' into ti
2014-07-21 16:26:39 -07:00
3bfd0bbf3b
fixup some chacah-poly suite things including a valgrind error
2014-07-21 16:20:17 -07:00
726cc3e3a4
sanity check and recent cyassl release
2014-07-18 14:42:45 -06:00
b77a1fdbbb
refactoring
2014-07-17 15:00:40 -06:00
c322cb05ad
uses most recent version of cyassl
2014-07-10 11:18:49 -06:00
61e989ed99
Merge branch 'master' into ti
2014-07-03 11:34:15 -07:00
2d63c559cc
dh now disabled by default but can be enabled w/o opensslextra
2014-07-03 11:32:24 -07:00
6817e3cd2e
Merge branch 'master' into ti
2014-07-02 16:31:55 -07:00
Sean Parkinson
toddouska
David Garske
Kincade Pavich
Jacob Barthelmeh
Sean Parkinson
John Safranek
Chris Conlon
Ludovic FLAMENT
Kaleb Himes
Takashi Kojo
Moisés Guimarães
Takashi Kojo
lchristina26
Nickolas Lapp
Jay Satiro
kaleb-himes
lchristina26
Moisés Guimarães