mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,356 Commits 5 Branches 162 Tags
Commit Graph

579 Commits

Author SHA1 Message Date
John Safranek
2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM 
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
 2016-06-13 14:39:41 -07:00
Jacob Barthelmeh
3d3591a227 typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set 2016-06-10 14:13:27 -06:00
Jacob Barthelmeh
ea3d1f8e17 extended method function 2016-06-09 23:41:51 -06:00
Jacob Barthelmeh
8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
e214086dce tlsx with static memory / account for session certs size 2016-06-08 09:18:43 -06:00
Jacob Barthelmeh
2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
Jacob Barthelmeh
104ff12e76 add staticmemory feature 2016-06-04 19:01:23 -06:00
Ludovic FLAMENT
ed4f67058a Merge branch 'master' of https://github.com/wolfssl/wolfssl 2016-05-20 21:51:13 +02:00
toddouska
b8c0802e3c Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore 
Dtls multi core
 2016-05-17 17:39:18 -07:00
Jacob Barthelmeh
8c45cb1938 add DTLS session export option 2016-05-10 13:27:45 -06:00
Chris Conlon
8f3e1165a1 add Whitewood netRandom client library support 2016-05-05 15:31:25 -06:00
Chris Conlon
4b16600011 fix type comparison on 32bit for starttls, zero tmp buffer 2016-05-03 13:52:04 -06:00
John Safranek
f9ab61db5d Merge pull request #402 from cconlon/starttls 
use send/recv instead of write/read with STARTTLS
 2016-05-02 17:19:50 -07:00
Chris Conlon
a94383037c use send/recv instead of write/read with STARTTLS for winsock compatibility 2016-05-02 14:36:59 -06:00
toddouska
52d6fb575b Merge pull request #395 from cconlon/starttls 
add STARTTLS support to example client
 2016-04-29 14:24:08 -07:00
Chris Conlon
46addfb130 move example client STARTTLS into separate funcs 2016-04-28 14:21:33 -06:00
Kaleb Himes
b2af02a783 Merge pull request #383 from kojo1/MDK5 
fixes for MDK5 compiler
 2016-04-26 16:11:59 -06:00
Chris Conlon
5abeeff919 add STARTTLS support to example client 2016-04-22 13:46:54 -06:00
Jacob Barthelmeh
77a9343973 use short for RSA min key size and check casts 2016-04-22 12:56:51 -06:00
Jacob Barthelmeh
1dac3841ca change type to short for comparision and up default min size 2016-04-20 15:44:45 -06:00
Jacob Barthelmeh
3129bb22cd minimum ECC key size check at TLS/SSL level 2016-04-19 15:50:25 -06:00
toddouska
117231c0e3 Merge pull request #387 from JacobBarthelmeh/RSA-min 
add check for min RSA key size at TLS/SSL level
 2016-04-19 13:57:26 -07:00
toddouska
0dbdc8eab0 Merge pull request #372 from dgarske/mingwfixes 
MinGW fixes
 2016-04-18 12:50:13 -07:00
Jacob Barthelmeh
c9891567e8 add check for min RSA key size at TLS/SSL level 2016-04-14 13:35:49 -06:00
Takashi Kojo
cab1ebf2d6 move MDK5 current_time to test.h 2016-04-14 18:47:16 +09:00
Takashi Kojo
35c5353698 fixed current_time argument 2016-04-14 16:26:51 +09:00
Takashi Kojo
cfd5af341b fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler. 2016-04-12 11:05:30 +09:00
kaleb-himes
1b7cd5cb06 consolidate handling of dead assignment warnings 2016-04-11 13:39:44 -06:00
kaleb-himes
c6e9021732 scan-build warnings related to enable-psk, disable-asn,rsa,ecc 2016-04-11 11:13:26 -06:00
David Garske
993972162e MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used. 2016-04-08 11:48:14 -06:00
Jacob Barthelmeh
85a9c55048 fix c89 build on windows 2016-04-06 11:16:40 -06:00
toddouska
63b1282e67 Merge pull request #335 from dgarske/asynccrypt 
Asynchronous crypto and wolf event support
 2016-03-30 20:12:41 -07:00
David Garske
4472152b18 Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files. 2016-03-30 15:15:38 -07:00
Jacob Barthelmeh
696169634e check return value of wolfSSL_set_fd 2016-03-25 13:59:04 -06:00
Jacob Barthelmeh
e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
David Garske
e1787fe160 Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo. 2016-03-17 13:31:03 -07:00
Jacob Barthelmeh
060e278559 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs 2016-03-11 23:48:39 -07:00
David Garske
0ed26ad262 Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option. 2016-03-08 08:35:28 -08:00
David Garske
2891939098 Remove NO_CERT and NO_CODING. Enable building of the client with leantls. 2016-03-08 08:35:28 -08:00
Jacob Barthelmeh
112cf1f0c9 fix example client help print out 2016-03-02 16:51:57 -07:00
Jacob Barthelmeh
aab44eb26b adjest example server PSK plus flag 2016-03-02 15:43:17 -07:00
Jacob Barthelmeh
d969e2ba11 automated test for trusted peer certs 2016-03-02 11:42:00 -07:00
Jacob Barthelmeh
05d2cec7c1 addition to api tests and refactor location of trusted peer cert check 2016-03-02 11:35:03 -07:00
Jacob Barthelmeh
7df22ee210 Trusted peer certificate use 2016-03-02 11:22:34 -07:00
David Garske
953a3bd01d Fixes build error with NO_FILESYSTEM and !NO_CERTS where the wolfssl/test.h load_buffer() function is passing non-existent enum value. Was renamed from CYASSL_ to WOLFSSL_. 2016-02-19 13:52:06 -08:00
kaleb-himes
46b34c19d0 wolfssl.com and google.com now differ in pre-reqs for external test 2016-02-15 13:30:11 -07:00
toddouska
d7d2a6f565 Merge pull request #307 from JacobBarthelmeh/PSK 
New fail with no peer cert behavior and allow RSA signed ECC key certs
 2016-02-12 15:27:18 -08:00
kaleb-himes
ffe7b38409 correct logic to allow for static RSA if ECC and no Curves 
use same coding standards as the rest of the libraries
 2016-02-10 13:39:59 -07:00
Jacob Barthelmeh
ff7a9d9f78 option for fail on no peer cert except PSK suites 2016-02-10 13:26:03 -07:00
kaleb-himes
bf4d6454b1 if connection to google.com and using ECC need supported curves 2016-02-09 17:06:06 -07:00