mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,287 Commits 5 Branches 162 Tags
Commit Graph

34 Commits

Author SHA1 Message Date
David Garske
df119692d1 Fixes for using async with HAVE_MAX_FRAGMENT or --enable-maxfragment which affected TLS 1.2/1.3. Added TLS 1.2 test for using max fragment. 2017-07-03 19:57:37 -07:00
Sean Parkinson
13c4fe6cc4 Add test 2017-06-14 09:44:26 +10:00
Sean Parkinson
613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
David Garske
2efa7d5b8b Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo. 2017-05-11 12:23:17 -07:00
David Garske
b14da2622e Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf. 2017-04-07 10:20:18 -07:00
David Garske
4dcad96f97 Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite. 2017-04-07 10:20:18 -07:00
John Safranek
2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM 
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
 2016-06-13 14:39:41 -07:00
Jacob Barthelmeh
38bbd41f99 add EDH-RSA-AES256-SHA, used in one mysql test 2016-05-03 09:22:16 -06:00
Jacob Barthelmeh
3ce64da44c ChaCha20-Poly1305 PSK cipher suites 2016-02-04 09:50:29 -07:00
Jacob Barthelmeh
5a9175a758 add cipher suite ECDHE-PSK-AES128-SHA256 and adjustments to ECDHE-PSK 2016-02-04 09:39:34 -07:00
Jacob Barthelmeh
d04a7e802a add ECDHE-PSK and cipher suite ECDHE-PSK-NULL-SHA256 2016-02-03 13:44:13 -07:00
Jacob Barthelmeh
93c54c07ea cipher suite ECDHE-ECDSA-NULL-SHA 2016-02-01 14:43:17 -07:00
Jacob Barthelmeh
7d71d756f3 update ChaCha20-Poly1305 to most recent RFCs 2016-01-27 14:03:05 -07:00
Ludovic FLAMENT
f68400da40 add IDEA cipher (ECB and CBC mode) 
add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
 2015-09-23 16:16:39 +02:00
Jacob Barthelmeh
e7dd5c4b8f add setting client cipher list 2015-07-21 16:55:42 -06:00
Jacob Barthelmeh
df8b48cd0f NTRU suites from earlier code 2015-07-11 12:52:22 -06:00
Jacob Barthelmeh
14723b7e65 QSH (quantum-safe handshake) extension 2015-07-07 09:55:58 -06:00
John Safranek
1742e0ddb6 Merge in the ADH-AES128-SHA changes and add a check for it during the 
packet order sanity checking.
 2014-12-01 11:44:32 -08:00
JacobBarthelmeh
b77a1fdbbb refactoring 2014-07-17 15:00:40 -06:00
JacobBarthelmeh
5b08cb35d7 updated sequence number in AD and unit tests 2014-07-14 16:13:24 -06:00
JacobBarthelmeh
4250955003 arg error checking and CHACHA_AEAD_TEST update 2014-07-11 16:06:29 -06:00
John Safranek
b60a61fa94 DHE-PSK cipher suites 
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 * TLS_DHE_PSK_WITH_NULL_SHA256
 * TLS_DHE_PSK_WITH_NULL_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CCM
 * TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
 2014-05-30 11:26:48 -07:00
John Safranek
74712b4e71 1. Added the following cipher suites: 
* TLS_PSK_WITH_AES_128_GCM_SHA256
 * TLS_PSK_WITH_AES_256_GCM_SHA384
 * TLS_PSK_WITH_AES_256_CBC_SHA384
 * TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
 2014-05-19 21:44:04 -07:00
toddouska
4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
John Safranek
f65f86bb88 improvements to CCM, ssn6 2013-03-22 11:30:12 -07:00
toddouska
71f9ee4f2e remove non blocking suite test cases since now automatic 2013-03-11 11:53:40 -07:00
toddouska
b24f7f502c consolidate suite tests into normal and dtls files 2013-03-11 11:46:28 -07:00
toddouska
aef97af361 make rabbit optional with configure option 2012-10-22 17:28:46 -07:00
John Safranek
fe632a3f77 added non-blocking and session resume as example server and client command line options 2012-10-17 13:13:58 -07:00
toddouska
435c1ae76c add all basic build SSLv3 - TLSv1.2 cipher suite test 2012-08-07 15:27:46 -07:00
toddouska
efb6932d8e add client test harness parsing, may use different certs/keys/CAs etc 2012-08-07 15:06:53 -07:00
toddouska
706bd8a910 add cipher suite client/server driver 2012-08-06 17:14:31 -07:00
John Safranek
b83e1765da adding scriptable suite test to the unit test 2012-08-03 23:19:24 -07:00