66987b4f2a
Merge pull request #2058 from SparkiDev/tls13_earlydata_bench
...
Added EarlyData support to benchmark loop
2019-01-25 14:31:54 -08:00
0fe7591b0f
Added EarlyData support to benchmark loop
2019-01-24 18:10:56 +10:00
8356c3d7e2
DTLS Nonblocking Updates
...
1. Add a second select for tx.
2. Revised tcp_select to work for either rx or tx.
3. Updated client and server to use new tcp_select_tx() for checking the
tx socket if the nonblocking connect/accept would block on transmit.
2019-01-18 09:15:11 -08:00
f6240e5558
Fix Checks
...
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
2019-01-17 09:52:00 -08:00
cca27f6724
examples/celient.c, server.c: removing unused headers
2019-01-12 07:29:19 +09:00
a4a6895900
Fix for scan-build "Value stored to 'err' is never read`"
2019-01-11 09:42:41 -08:00
6eea924a5c
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
3f46250994
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
2351047409
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
00dd222aa5
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
b145aab6b2
Server Side Renegotiation
...
1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation.
2. Add indication to both the server and client examples that the renegotiation was successful.
2018-12-05 13:08:24 -08:00
a55f11cdd8
DHE Speed Up
...
1. Also apply the setting to the client side.
2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:56:14 -08:00
a203cd4901
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
0e94ae529c
Rollback stacing
2018-11-29 06:52:43 +09:00
c529e011a7
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
95bd340de5
Add support for more OpenSSL APIs
...
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
d5dddd2b29
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
0eb115e7a1
Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX
...
Fixes to resolve skipped tests with ECC disabled
2018-10-24 09:30:47 -07:00
7586e1df42
Only do early data in initial handshake when using PSK
2018-10-24 09:47:30 +10:00
6953677a8f
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
a27b4c2efb
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
4a4ae446aa
Fix for unit.test fails with `-H verifyFail`.
2018-10-18 11:58:00 -07:00
d7d102d90a
Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment.
2018-10-16 16:47:24 -07:00
4adaeb8585
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`.
2018-10-15 17:06:21 -07:00
0293686990
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
bbdb17975c
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 15:47:50 -07:00
24f9f12844
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
085daa78cd
Merge pull request #1833 from dgarske/norng_fixes
...
Fixes for building without RNG enabled
2018-09-18 14:52:21 -06:00
77cd361bca
Fixes for building with `WC_NO_RNG`.
2018-09-13 13:23:55 -07:00
b330c6e035
Merge pull request #1801 from kaleb-himes/OCSP-GLOBALSIGN-FIXr2
...
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-09-12 11:36:41 -07:00
3729b12fae
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-08-30 14:44:49 -06:00
3d0d10345a
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-30 11:17:21 -07:00
487c60df78
Fixes to work when compiled with TLS 1.3 only
...
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
506c858ed6
Add memory usage tracking and logging
...
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
0f539616be
Merge pull request #1766 from JacobBarthelmeh/UnitTests
...
cleanup with test cases and access to FP_MAX_BITS
2018-08-20 09:19:14 -07:00
555714afa3
Merge pull request #1764 from SparkiDev/tls13_psk_cb
...
Separate PSK callback for TLS 1.3
2018-08-20 09:17:01 -07:00
ed9aaa93f4
include tfm in example client for veiwing FP_MAX_BITS
2018-08-17 11:06:40 -06:00
f1222c3f9f
Separate PSK callback for TLS 1.3
...
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
2018-08-17 10:18:28 +10:00
373258a0c2
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:52:43 -06:00
f74406d2c9
check max key size with ocsp stapling test
2018-08-15 09:52:43 -06:00
f45dbed8f9
OCSP
...
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder.
2. Modify the client's W option to take:
- 1 for Stapling v1
- 2 for Stapling v2
- 3 for Stapling v2 MULTI
3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
c71f730d67
OSCP
...
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
2018-08-02 11:32:36 -07:00
4eff7b641b
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-30 13:53:54 -07:00
2c3475c1d6
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-30 13:53:35 -07:00
6d3e145571
Changes to build with X25519 and Ed25519 only
...
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
514a949557
Small stack fixes
...
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
a03c15e598
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
b7caab938e
Fix post authentication for TLS 1.3
2018-06-12 09:49:23 +10:00
ba8e441e53
Allow TLS 1.2 to be compiled out.
2018-05-25 11:00:00 +10:00
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key
...
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
0315b378f5
Fix TCP with Timeout
...
Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
58f523beba
Allow Ed25519 private-only keys to work in TLS
...
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
6e5258b56e
Merge pull request #1538 from dgarske/fixmatchdomainnull
...
Fix for handling match on domain name that may have a null terminator inside
2018-05-04 10:25:28 -07:00
3fd47bdff3
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
325402cf5a
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
89a4c98670
* Added support for expected fail test cases with example client/server and suites unit test.
...
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
5845482fc0
Fixes for tests
...
Fix the benchmark client to set all groups supported.
Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
5c61810d4d
Merge pull request #1497 from SparkiDev/tls13_draft28
...
Tls13 draft28
2018-04-25 10:17:37 -07:00
7d425a5ce6
Added support for an anonymous cipher suite ( #1267 )
...
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
94157634e1
TLS 1.3 fixes/improvements
...
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
2018-04-20 09:44:02 +10:00
0b47811c46
Changes for interop and performance
...
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
6de8348918
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
412d4d76ee
Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
dbb34126f6
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
...
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
fa73f7bc55
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:05:07 -07:00
ecb2463bbe
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
da4024b46a
Fix downgrading from TLS v1.3 to TLS v1.2
...
Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when
downgrading.
Added support in client and server examples for using downgrade method:
wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex().
Add tests, using downgrade version, of client or server downgrading from
TLS v1.3 to TLS v1.2.
2018-02-22 12:48:50 +10:00
a3a4f2d59c
Minimal implementation of MP when using SP.
...
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
2efe7f6d96
Merge pull request #1319 from JacobBarthelmeh/Compatibility-Layer-Part5
...
Compatibility layer part4
2018-01-19 14:49:12 -08:00
60b329f7e5
fix example client error print out and ASN1_TIME_print after rebase
2018-01-16 15:39:58 -07:00
990e1f3ddf
implement wolfSSL set msg callback function
2018-01-16 10:39:20 -07:00
8c000c05ee
refactor MDK options in client/server.c
2018-01-11 06:55:50 +09:00
76e1a34fd0
update SimpleClient example
2018-01-11 06:53:32 +09:00
263525d812
enables OCSPStapling CM for ocspstapling2
2017-12-26 22:57:20 -03:00
43c234029b
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:32:21 -03:00
4712376ce1
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
de05c563b6
Fix to handle non-blocking OCSP when `WOLFSSL_NONBLOCK_OCSP` is defined and not using async. OCSP callback should return `OCSP_WANT_READ`. Added ability to simulate non-blocking OCSP using `TEST_NONBLOCK_CERTS`.
2017-12-08 03:12:33 +01:00
8c15c65343
Merge pull request #1216 from abrahamsonn/windows-errors
...
Windows errors
2017-11-21 15:21:14 -08:00
f17470b42b
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
d5cc3ca198
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 14:01:31 -08:00
5a5fea7b46
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 11:05:28 -08:00
0e34f35c08
Increase the static memory pool in client to better support ECC or session certs.
2017-11-02 09:48:43 -07:00
6369794b6f
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-11-02 09:48:43 -07:00
a4f94366a4
Added static memory code to client example.
2017-11-02 09:48:43 -07:00
8a01d725da
Merge pull request #1177 from dgarske/certreq_tests
...
Testing improvements for cert gen and TLS cert validation
2017-10-24 08:21:37 -07:00
911b6f95f8
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
024c8725ad
Testing improvements for cert gen and TLS cert validation:
...
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
c9558ee27b
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
6021c37ec7
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:10:43 -07:00
6707be2b0e
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-10-11 09:10:42 -07:00
f6ad5524eb
remove invalid test-qsh version tests, revert if statement check in internal.c
2017-08-17 11:27:47 -06:00
038d16212f
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
6223f4cd8e
fix a couple rebase merge errors
2017-07-19 13:38:31 -07:00
b40aad3f9e
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-07-19 13:35:59 -07:00
431a0cbea9
Multicast
...
1. Since multicast's only cipher suite uses null cipher
automatically enable it.
2. Add options to example client and server to start
testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
2017-07-19 13:31:39 -07:00
5bddb2e4ef
Changes for Nginx
...
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
2017-07-04 09:37:44 +10:00
d2ce95955d
Improvements to TLS v1.3 code
...
Reset list of supported sig algorithms before sending certificate
request on server.
Refactored setting of ticket for both TLS13 and earlier.
Remember the type of key for deciding which sig alg to use with TLS13
CertificateVerify.
RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify.
Remove all remaining DTLS code as spec barely started.
Turn off SHA512 code where decision based on cipher suite hash.
Fix fragment handling to work with encrypted messages.
Test public APIS.
2017-06-29 09:00:44 +10:00
47cc3ffdbc
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
06fa3de31c
Merge pull request #980 from SparkiDev/tls13_0rtt
...
TLS v1.3 0-RTT
2017-06-22 09:44:41 -07:00
08a0b98f52
Updates from code review
2017-06-22 12:40:41 +10:00
9ead657723
Merge pull request #989 from dgarske/testing
...
Fixes for CRL handling and possible false failure in `wolfSSL_CTX_load_verify_locations`
2017-06-21 14:10:49 -07:00
2f9f746053
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-21 10:36:49 -07:00
decdf7ae8b
Cleanup
2017-06-21 16:56:51 +10:00
350ce5fcef
TLS v1.3 0-RTT
2017-06-21 08:35:28 +10:00
ee83710a0a
Fix for building only curve small and ed disabled. Fix for client assuming supported curves is enabled with curve.
2017-06-16 16:17:01 -07:00
89e6ac91bf
Improve PSK timeout checks
...
Post-handshake Authentication
Fix KeyUpdate to derive keys properly
Fix supported curves (not checking ctx extensions)
2017-06-14 11:28:53 -07:00
adf819458c
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
a30e8eb4ad
Fix for benchmarking X25519
2017-06-08 09:26:49 +10:00
5d5ff56336
External PSK working in TLS13
2017-06-07 17:20:22 +10:00
0b32d0368f
Updates for Draft 20 of TLS v1.3
2017-06-02 15:59:49 +10:00
8920cd89e4
Fixes from review
2017-05-22 09:09:31 +10:00
5ef977aa3d
Put X25519 behind P256
...
Option to have X25519 prioritized.
Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
dcd3a6a478
Merge pull request #907 from dgarske/fix_verifycb
...
Fixes for verify callback override
2017-05-12 16:45:55 -07:00
05d2032661
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
2efa7d5b8b
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904 . Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
e8cf4b5ff0
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-09 09:13:21 -07:00
efb4b3c183
Fix for unit test with non-blocking set.
2017-05-04 14:51:31 -07:00
77f9126edf
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-05-04 14:51:31 -07:00
2b1e9973ec
Add TLS v1.3 as an option
2017-05-04 14:51:30 -07:00
db63fe83d4
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
3e6243eb08
Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”.
2017-04-27 10:53:47 -07:00
e419a6f899
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:47:07 -07:00
c1640e8a3d
Intel QuickAssist (QAT) support and async enhancements/fixes:
...
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-10 14:45:05 -07:00
4ff2903b55
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-07 10:20:41 -07:00
eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
34a4f1fae0
Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper.
2017-03-31 13:11:23 -07:00
628f740363
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-15 12:26:18 -07:00
003e18ecbc
Fixes for scan-build
2017-03-15 09:38:53 +10:00
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
650ddb8d23
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-30 16:27:24 -08:00
f7a951709f
COMPAT. LAYER : get SSL client random bytes
2016-11-07 13:21:35 -07:00
87e3f45f52
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
0f0e0ca9a5
add extended master to example client
2016-09-01 15:17:46 -06:00
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
32b0303beb
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-05 14:06:58 -07:00
5b3a72d482
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
ac6635593b
Revert "Bio"
2016-06-27 10:53:34 -07:00
49934a5c91
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-24 14:22:14 -06:00
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
f6bbe845f5
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-22 09:14:53 -06:00
ea71814518
Merge https://github.com/wolfSSL/wolfssl
2016-06-17 13:58:53 -06:00
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
ed4f67058a
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2016-05-20 21:51:13 +02:00
b8c0802e3c
Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore
...
Dtls multi core
2016-05-17 17:39:18 -07:00
8c45cb1938
add DTLS session export option
2016-05-10 13:27:45 -06:00
8f3e1165a1
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
4b16600011
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
f9ab61db5d
Merge pull request #402 from cconlon/starttls
...
use send/recv instead of write/read with STARTTLS
2016-05-02 17:19:50 -07:00
a94383037c
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 14:36:59 -06:00
52d6fb575b
Merge pull request #395 from cconlon/starttls
...
add STARTTLS support to example client
2016-04-29 14:24:08 -07:00
46addfb130
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
5abeeff919
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
cab1ebf2d6
move MDK5 current_time to test.h
2016-04-14 18:47:16 +09:00
35c5353698
fixed current_time argument
2016-04-14 16:26:51 +09:00
cfd5af341b
fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler.
2016-04-12 11:05:30 +09:00
1b7cd5cb06
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
c6e9021732
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
63b1282e67
Merge pull request #335 from dgarske/asynccrypt
...
Asynchronous crypto and wolf event support
2016-03-30 20:12:41 -07:00
4472152b18
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-30 15:15:38 -07:00
696169634e
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
e99a5b0483
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
e1787fe160
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-17 13:31:03 -07:00
060e278559
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs
2016-03-11 23:48:39 -07:00
2891939098
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-03-08 08:35:28 -08:00
112cf1f0c9
fix example client help print out
2016-03-02 16:51:57 -07:00
d969e2ba11
automated test for trusted peer certs
2016-03-02 11:42:00 -07:00
05d2cec7c1
addition to api tests and refactor location of trusted peer cert check
2016-03-02 11:35:03 -07:00
46b34c19d0
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
ffe7b38409
correct logic to allow for static RSA if ECC and no Curves
...
use same coding standards as the rest of the libraries
2016-02-10 13:39:59 -07:00
bf4d6454b1
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
2af9fb91b3
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
c920e6dd30
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
611e37b3e8
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
7d71d756f3
update ChaCha20-Poly1305 to most recent RFCs
2016-01-27 14:03:05 -07:00
1d473ab7b5
resolve issue #255 , no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
84ae9a9ae5
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
a973eca4b8
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
ec9d23a9c3
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
92cb8eee61
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
4b836f8476
added note to client and server regarding port 0
2015-12-23 12:20:53 -08:00
d17549f848
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
e503b89ca1
allow sniffer build with -v 0 examples to work
2015-12-17 12:10:22 -08:00
4217ef5475
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
02411ccced
add F back into the client command line options scanning
2015-11-25 10:36:51 -08:00
dccbc1cdd4
fixes ocsp nonce extension decoding;
...
enables use of ocsp nonce extension in the client example.
2015-11-05 11:45:42 -03:00
fbd4f8a6ed
fix merge conflict
2015-11-02 13:26:46 -08:00
21d70636dc
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
e76f95465d
Merge pull request #170 from dgarske/master
...
Fixes initialization of the Crypto HW protection, which could leak a …
2015-10-29 13:56:18 -07:00
723fc3761b
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
f977caa492
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
c93c6c9bf4
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
10eab5047a
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
74e981093d
fix merge conflict misses on alpn example letter change
2015-10-15 09:48:07 -07:00
fdab3943be
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
a0a4386504
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
dfc733a304
switch example client max fragment arg to -F to make -L open on both client and server
2015-10-13 14:13:12 -07:00
b1c5f3b299
add show every cipher suite to examples/client
2015-10-02 16:26:20 -07:00
a8b5c57dd2
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
42d94a0f7f
wolfssl.com now requires ECDHE or static RSA
2015-09-24 12:19:38 -07:00
465622d4e0
wolfssl.com now uses old chacha-poly, detect for external test
2015-09-24 12:13:01 -07:00
a4cbc3b943
fix google external test w/o ecdhe
2015-08-14 12:58:00 -07:00
46e7e9acf9
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
6cad1949b4
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
53bf8ed7cb
fix scan-build warnings
2015-06-10 15:24:24 -07:00
64602d1969
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
4fe04c6bed
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
08b6e66ea8
add external site script test to make check
2015-05-07 10:02:43 -07:00
ada5ff876a
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
c04de5ba82
add resume to example client benchmarking
2015-04-28 18:04:11 -07:00
d927aa4334
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
86f2b9a98f
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
869aeee6cb
allow sniffer play nice in ecc build
2015-04-01 12:14:48 -07:00
cc804b110f
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
c9a0c9a797
fix some psk warnings
2015-03-27 19:20:31 -07:00
495fbe087e
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
473a120ba2
remove more stale cyassl headers
2015-02-25 13:34:29 -08:00
de2115b140
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
5f3b1d90b6
fix shutdown returns
2015-02-16 14:23:33 -08:00
db5a95b370
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
48fd041c40
no longer user compatibility layer
2015-01-08 10:02:07 -07:00
a389620a29
Copyright (C) updates
2015-01-08 09:39:04 -07:00
a4ce557263
Licencing update
2015-01-05 14:54:43 -07:00
3cbed90cb9
name change for client.c
2015-01-05 14:48:43 -07:00
5107c6c12b
debugging linking error
2014-12-19 15:30:07 -07:00
d958a2f3d6
close to build test with --disable-examples option
2014-12-18 15:40:09 -07:00
1742e0ddb6
Merge in the ADH-AES128-SHA changes and add a check for it during the
...
packet order sanity checking.
2014-12-01 11:44:32 -08:00
35bcc98948
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
a937040087
Adds Session Ticket TLS Extension handling.
...
New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:30:23 -03:00
f81f22799a
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
95585e93df
scr session resumption example
2014-09-26 10:47:57 -07:00
0c20584ed3
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
2c595139db
fix tirtos merge
2014-09-08 19:40:03 -07:00
a73a160aaf
Merge branch 'master' into ti
2014-07-21 16:26:39 -07:00
3bfd0bbf3b
fixup some chacah-poly suite things including a valgrind error
2014-07-21 16:20:17 -07:00
726cc3e3a4
sanity check and recent cyassl release
2014-07-18 14:42:45 -06:00
b77a1fdbbb
refactoring
2014-07-17 15:00:40 -06:00
c322cb05ad
uses most recent version of cyassl
2014-07-10 11:18:49 -06:00
6817e3cd2e
Merge branch 'master' into ti
2014-07-02 16:31:55 -07:00
be402277e0
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
71a5aeeb81
Merge branch 'master' into ti
2014-05-28 17:37:48 -07:00
e11dd9803a
fix icc v14 warnings
2014-05-28 17:36:21 -07:00
28b6c5b998
Merge branch 'master' into ti
2014-05-12 14:02:22 -07:00
f643ca5f48
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
eeb2e28f54
Sync with 3.0.0
2014-05-05 09:45:25 +09:00
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
b712380a60
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
f1597c86b1
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
c39cdbea54
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-03 12:18:26 -08:00
c03263ae70
fixing HAVE_MAX_FRAGMENT ifdef
2014-02-24 11:10:54 -03:00
5616450a4b
fixed return codes
...
added protection for missing HAVE_TLS_EXTENSIONS
2014-01-31 16:52:15 -03:00
d46c68ba10
Moved OCSP into the CertManager like the CRL.
2013-12-27 12:11:47 -08:00
dff54942a2
xcode5 paths for examples
2013-12-19 15:23:57 -08:00
4ffc92a4d6
Use OCSP override URL enable in both example client and server.
2013-12-18 12:34:40 -08:00
003446a5cd
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
e98f5f95c2
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
65f0e9f6b9
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
5c5cee0789
use external CYASSL_MAX_ERROR_SZ for buffer size
2013-08-06 11:48:00 -07:00
55401c13dd
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
0c34ecb451
OCSP Updates
...
1. Add option to example server and client to check the OCSP responder.
2. Add option to example server and client to override the URL to use
when checking the OCSP responder.
3. Copy the certificate serial number correctly into OCSP request.
Add leading zero only if MS bit is set.
4. Fix responder address used when Auth Info extension is present.
5. Update EmbedOcspLookup callback to better handle the HTTP
response and obtain the complete OCSP response.
2013-06-24 10:47:24 -07:00
ae84982777
add STACK_TRAP to track stack use on client, will seqfault if exceed limit to see where use is too high, doesn't work with pthread_create()
2013-06-03 14:56:37 -07:00
4b9c3d3512
Merge remote-tracking branch 'cyassl/master' into STM.LPC
...
Conflicts:
IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c
IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h
IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c
IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c
IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c
IDE/MDK-ARM/MDK-ARM/config/File_Config.c
IDE/MDK-ARM/MDK-ARM/config/RTX_Conf_CM.c
IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
ctaocrypt/src/random.c
src/internal.c
2013-05-26 09:27:06 +09:00
8df0e43384
fix merge differences from this week
2013-05-22 15:50:13 -07:00
d2003bb8b7
merge in sni
2013-05-21 14:37:50 -07:00
fd5937b599
MDK-ARM updates
2013-05-20 17:56:27 -07:00
b430a14032
make up for MDK-ARM release
2013-05-19 10:33:32 +09:00
55763ef318
Commit 2.6.2
2013-05-19 10:02:13 +09:00
cfdfa7b2b3
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
47b468d14f
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
702c1b044d
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
12f00a7acc
change ipv6 tests to use getaddrinfo for better scope id % handling, inet_pton doesn't always work depending on system
2013-04-11 12:30:09 -07:00
f535e5428e
make sure all tests/examples *.c use settings.h correctly
2013-04-10 12:17:23 -07:00
b0dca8ea69
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
9b0ffa0249
brought CYASSL_CALLBACK code up to current standard
2013-04-08 15:34:54 -07:00
f8848aaa1b
lower example client/server stack buffer sizes
2013-03-29 14:06:36 -07:00
ee0595f543
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
7d287a6ba9
modified test port number to allow concurrent testing
2013-03-26 22:00:39 -07:00
ae63878700
fix unused memory tracker warning is disable-memory
2013-03-15 13:22:35 -07:00
543108bdcc
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
dd4be2496a
client example shouldn't use set_verify w/ no certs
2013-03-14 17:13:11 -07:00
49e62f0858
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
285ca36ca2
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
20e4889092
Merge branch 'dtls'
...
Conflicts:
src/ssl.c
2013-03-08 17:45:35 -08:00
43ed4a7424
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
f65dcd1378
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
85b3346bbf
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
62ef5de25c
scan build fixes
2013-02-14 14:09:41 -08:00
8ace08499b
make sure example CyaSSL_read()s that fill buffer don't overrun by 1 byte if trying to output with null terminator
2013-02-08 11:21:48 -08:00
44e0d7543c
change copyright name with name change
2013-02-05 12:44:17 -08:00
f4f13371f9
update copyright date
2013-02-04 14:51:41 -08:00
44b6593fe5
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
a453ccba57
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
44bf986827
no DTLS streaming checks
2012-12-28 17:54:19 -08:00
726d686b07
fix clang scan-build problems
2012-12-12 18:03:32 -08:00
f8f7f69f48
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
7459b5b892
removed the use psk identity hint from the test client code
2012-11-22 21:11:34 -08:00
9871b13480
build test covers leanpsk
2012-10-30 12:51:14 -07:00
174618ebfb
added build option for leanPSK
2012-10-29 15:39:42 -07:00
2885d66b17
remove fatal sniffer error sessions right away
2012-10-23 16:32:47 -07:00
c974d77213
add shorten 64 to 32 warnings back on with fixes
2012-10-19 12:44:23 -07:00
218ae522c6
Merge https://github.com/BrianAker/cyassl
2012-10-19 11:17:42 -07:00
afe043ee6c
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 00:30:21 -04:00
32dd1ab006
fix example/client non-blocking usage flag to big N
2012-10-17 14:06:50 -07:00
fe632a3f77
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
400b1f1ae6
test client and server use select in non-blocking mode
2012-10-08 15:49:30 -07:00
9bbca6acfb
Merge branch 'master' of github.com:cyassl/cyassl
2012-10-02 14:42:06 -07:00
829126f04d
fix the client resume test case for DTLS
2012-10-02 14:41:28 -07:00
6d1e485ef4
DTLS to use recvfrom and sendto in embed recv and send callbacks. Added support for storing dtls peer address.
2012-10-02 09:15:50 -07:00
e5c04e70a7
make sure existing nonblocking users still work
2012-09-28 15:10:35 -07:00
0fc6c8a07d
fix nonblocking setters
2012-09-27 13:38:45 -07:00
d5d24df32a
nonblocking warning fixes
2012-09-27 10:31:38 -07:00
ce2c76fd42
Merge branch 'master' of github.com:cyassl/cyassl
2012-09-21 09:36:34 -07:00
c3aedc940f
improved dtls retry on connect
2012-09-21 09:36:01 -07:00
7716da0881
warn fix
2012-09-20 15:39:15 -07:00
5fce4edb68
This adds more compiler hardening flags (and fixes all of the issues
...
found in the process).
2012-09-19 23:38:41 -07:00
97ca8439a4
Merge branch 'master' of github.com:cyassl/cyassl
2012-09-07 08:30:03 -07:00
407397e8be
adding DTLS retry timeout, added CYASSL pointer to recv/send callbacks
2012-09-06 22:41:55 -07:00
f8b106601b
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
501c6a67e7
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
4b8fdb4371
fix examples client DTLS resume
2012-08-17 12:43:36 -07:00
15fe7f4d94
update CRLs switch to 120 days, add gen script
2012-08-10 11:02:46 -07:00
8343317e1b
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
706bd8a910
add cipher suite client/server driver
2012-08-06 17:14:31 -07:00
ba0d887369
fix non-blocking example client compile
2012-08-06 09:52:43 -07:00
901730e86e
make sure client GET reads as much as possible
2012-08-02 12:15:42 -07:00
90446c3c5f
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
90385bb4b3
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
68e5124644
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
73ddd32539
add crl checkall processing
2012-05-24 12:45:10 -07:00
26153ffad6
add crl monitor flag, handle no revoked case
2012-05-18 10:52:32 -07:00
08d9e57bf6
add crl missing url callback
2012-05-16 17:35:51 -07:00
3ec2b9dbbc
crl stage 2
2012-05-16 17:04:56 -07:00
1c2b84d3dd
ecc client certs
2012-05-02 10:30:15 -07:00
84614da13e
increase copyright date 2012
2012-02-13 11:54:10 -08:00
a475803eea
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
771912bf4f
move client example and echoserver example to CyaSSL API only, echoclient and server are still OpenSSL compatibility
2011-11-03 10:56:15 -07:00
08fd73bbec
fixes for xcode4 and cyassl2
2011-09-25 16:35:54 -07:00
d99932962a
change Visual Studio files to use new CyaSSL headers and layout, have examples and testsuite try to change to CyaSSL Home dir if not
2011-09-23 16:13:02 -07:00
9d7c016cdb
move cyassl headers out of openssl dir
2011-08-25 14:28:57 -07:00
toddouska
Sean Parkinson
John Safranek
Takashi Kojo
David Garske
Takashi Kojo
Hideki Miyazaki
Hideki Miyazaki
Chris Conlon
kaleb-himes
Jacob Barthelmeh
thivyaashok
Moisés Guimarães
abrahamsonn
Sean Parkinson
Ludovic FLAMENT
lchristina26
kaleb-himes
lchristina26
Moisés Guimarães
Vikram Adiga
kojo
takashikojo
toddouska
John Safranek
John Safranek
Brian Aker