WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
9,068 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

362 Commits (8bb4e23f8d1a6a23ce97f101ba95f15aa6a19246)

Author SHA1 Message Date
Sean Parkinson 8bb4e23f8d Various improvements for testing 
Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE.
Increase size of replyin client.c so all HTTP reply is displayed.
Fix api.c to support only Ed25519 (not RSA and ECC)
Fix suites.c to detect when CA for client won't work (Ed25519 only)
For Static Memory add debugging and small profile.
Also allow realloc to be called with NULL.
Add more Ed25519 certs and keys.
Fix names of Ed25519 filenames for client and server.
Do NOT turn on ECC_SHAMIR by default with lowresource.
Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
 2019-02-22 17:14:19 +10:00
toddouska 66987b4f2a
Merge pull request #2058 from SparkiDev/tls13_earlydata_bench 
Added EarlyData support to benchmark loop
 2019-01-25 14:31:54 -08:00
Sean Parkinson 0fe7591b0f Added EarlyData support to benchmark loop 2019-01-24 18:10:56 +10:00
John Safranek 8356c3d7e2 DTLS Nonblocking Updates 
1. Add a second select for tx.
2. Revised tcp_select to work for either rx or tx.
3. Updated client and server to use new tcp_select_tx() for checking the
tx socket if the nonblocking connect/accept would block on transmit.
 2019-01-18 09:15:11 -08:00
John Safranek f6240e5558 Fix Checks 
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
 2019-01-17 09:52:00 -08:00
David Garske a4a6895900 Fix for scan-build "Value stored to 'err' is never read`" 2019-01-11 09:42:41 -08:00
David Garske 6eea924a5c Fix for non-blocking read timeout. 2019-01-11 08:45:34 -08:00
David Garske 3f46250994 Fix to timeout after 10 seconds in non-blocking mode if connect does not complete. 2019-01-10 17:12:37 -08:00
David Garske 2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske 00dd222aa5 Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled. 2018-12-21 08:21:59 -08:00
John Safranek b145aab6b2 Server Side Renegotiation 
1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation.
2. Add indication to both the server and client examples that the renegotiation was successful.
 2018-12-05 13:08:24 -08:00
John Safranek a55f11cdd8 DHE Speed Up 
1. Also apply the setting to the client side.
2. Updated the server and client command line options to use "-2" for disabling the DHE check.
 2018-12-03 13:56:14 -08:00
Takashi Kojo a203cd4901 NO_MULTIBYTE to NO_MULTIBYTE_PRINT 2018-11-29 07:04:01 +09:00
Takashi Kojo 0e94ae529c Rollback stacing 2018-11-29 06:52:43 +09:00
Takashi Kojo c529e011a7 NO_MULTIBYTE for multibyte non-supported IDEs 2018-11-26 08:11:31 +09:00
Sean Parkinson 95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
David Garske d5dddd2b29 Fix for unused `useSupCurve` in example client with --disable-ecc. 2018-11-08 15:43:18 -08:00
toddouska 0eb115e7a1
Merge pull request #1884 from kaleb-himes/ECC_DISABLED_TEST_FIX 
Fixes to resolve skipped tests with ECC disabled
 2018-10-24 09:30:47 -07:00
Sean Parkinson 7586e1df42 Only do early data in initial handshake when using PSK 2018-10-24 09:47:30 +10:00
Hideki Miyazaki 6953677a8f Keep the max line length to 80 2018-10-20 17:15:17 +09:00
Hideki Miyazaki a27b4c2efb Added Japanese message into the examples client and server 2018-10-20 13:40:01 +09:00
David Garske 4a4ae446aa Fix for unit.test fails with `-H verifyFail`. 2018-10-18 11:58:00 -07:00
David Garske d7d102d90a Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment. 2018-10-16 16:47:24 -07:00
David Garske 4adaeb8585 Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`. 2018-10-15 17:06:21 -07:00
David Garske 0293686990 Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server. 2018-10-09 12:54:41 -07:00
David Garske bbdb17975c Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes. 2018-10-04 15:47:50 -07:00
David Garske 24f9f12844 Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`. 2018-09-21 09:27:48 -07:00
Chris Conlon 085daa78cd
Merge pull request #1833 from dgarske/norng_fixes 
Fixes for building without RNG enabled
 2018-09-18 14:52:21 -06:00
David Garske 77cd361bca Fixes for building with `WC_NO_RNG`. 2018-09-13 13:23:55 -07:00
John Safranek b330c6e035
Merge pull request #1801 from kaleb-himes/OCSP-GLOBALSIGN-FIXr2 
Address issues when testing with WOLFSSL_OCSP_TEST set
 2018-09-12 11:36:41 -07:00
kaleb-himes 3729b12fae Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00
David Garske 3d0d10345a Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden. 2018-08-30 11:17:21 -07:00
Sean Parkinson 487c60df78 Fixes to work when compiled with TLS 1.3 only 
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
 2018-08-28 15:37:15 +10:00
Sean Parkinson 506c858ed6 Add memory usage tracking and logging 
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
 2018-08-21 08:54:57 +10:00
toddouska 0f539616be
Merge pull request #1766 from JacobBarthelmeh/UnitTests 
cleanup with test cases and access to FP_MAX_BITS
 2018-08-20 09:19:14 -07:00
toddouska 555714afa3
Merge pull request #1764 from SparkiDev/tls13_psk_cb 
Separate PSK callback for TLS 1.3
 2018-08-20 09:17:01 -07:00
Jacob Barthelmeh ed9aaa93f4 include tfm in example client for veiwing FP_MAX_BITS 2018-08-17 11:06:40 -06:00
Sean Parkinson f1222c3f9f Separate PSK callback for TLS 1.3 
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
 2018-08-17 10:18:28 +10:00
Jacob Barthelmeh 373258a0c2 account for NO_RSA and SP math when printing max RSA key size 2018-08-15 09:52:43 -06:00
Jacob Barthelmeh f74406d2c9 check max key size with ocsp stapling test 2018-08-15 09:52:43 -06:00
John Safranek f45dbed8f9 OCSP 
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder.
2. Modify the client's W option to take:
 - 1 for Stapling v1
 - 2 for Stapling v2
 - 3 for Stapling v2 MULTI
3. Modify the client to disallow stapling v2 with TLSv1.3.
 2018-08-02 16:25:38 -07:00
John Safranek c71f730d67 OSCP 
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
 2018-08-02 11:32:36 -07:00
David Garske 4eff7b641b First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`. 2018-07-30 13:53:54 -07:00
David Garske 2c3475c1d6 Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`. 2018-07-30 13:53:35 -07:00
Sean Parkinson 6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
Sean Parkinson 514a949557 Small stack fixes 
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
 2018-07-17 09:04:00 +10:00
Sean Parkinson a03c15e598 Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00
Sean Parkinson b7caab938e Fix post authentication for TLS 1.3 2018-06-12 09:49:23 +10:00
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
toddouska 453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00