mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,957 Commits 5 Branches 162 Tags 807 MiB
b6ac3379f0
Commit Graph

483 Commits

Author SHA1 Message Date
David Garske
05d2032661 Fix for useVerifyCb variable not used warning with NO_CERTS defined. 2017-05-11 12:57:12 -07:00
David Garske
2efa7d5b8b Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo. 2017-05-11 12:23:17 -07:00
David Garske
e8cf4b5ff0 Coverity fixes for TLS 1.3, async, small stack and normal math. 2017-05-09 09:13:21 -07:00
David Garske
efb4b3c183 Fix for unit test with non-blocking set. 2017-05-04 14:51:31 -07:00
David Garske
77f9126edf Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify. 2017-05-04 14:51:31 -07:00
Sean Parkinson
2b1e9973ec Add TLS v1.3 as an option 2017-05-04 14:51:30 -07:00
David Garske
db63fe83d4 Initial pass at fixes for coverity scan. 2017-04-28 14:59:45 -07:00
David Garske
3e6243eb08 Fix for scan-build issues with possible use of null’s in evp.c wolfSSL_EVP_CipherFinal out arg and DoCertificate args->certs. Removed obsolete client example help arg “-t”. 2017-04-27 10:53:47 -07:00
David Garske
85bef98331 Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode. 2017-04-11 14:13:08 -07:00
David Garske
e419a6f899 Fixes and cleanups based on feedback from Sean. 2017-04-10 14:47:07 -07:00
David Garske
c1640e8a3d Intel QuickAssist (QAT) support and async enhancements/fixes: 
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
 2017-04-10 14:45:05 -07:00
David Garske
4ff2903b55 Fix to allow anonymous ciphers to work with the new default suite testing. 2017-04-07 10:20:41 -07:00
David Garske
eb40175cc6 Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”. 2017-04-07 10:20:41 -07:00
David Garske
4dcad96f97 Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite. 2017-04-07 10:20:18 -07:00
David Garske
2c13ea9a67 Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function. 2017-04-06 15:54:59 -07:00
JacobBarthelmeh
4eefa22629 Merge pull request #810 from toddouska/write-dup 
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
 2017-04-05 10:06:20 -06:00
David Garske
34a4f1fae0 Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper. 2017-03-31 13:11:23 -07:00
toddouska
15423428ed add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access 2017-03-20 15:08:34 -07:00
David Garske
628f740363 Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses. 2017-03-15 12:26:18 -07:00
Sean Parkinson
003e18ecbc Fixes for scan-build 2017-03-15 09:38:53 +10:00
Sean Parkinson
e6434f380b Get Nginx working with wolfSSL 2017-03-01 08:38:54 +10:00
David Garske
01f4a7b5bd Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve. 2017-01-18 11:54:43 -08:00
Sean Parkinson
ba1315a499 Fixes from failure testing 2017-01-12 16:22:35 +10:00
Jacob Barthelmeh
091fc10147 adjust read ahead, some sanity checks and rebase 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
aabe456592 sanity checks, remove some magic numbers, TLS read ahead 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ff05c8a7a5 expanding compatibility layer 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
79472e11a1 add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random 2016-12-28 14:44:05 -07:00
Jacob Barthelmeh
f2f52c3ec9 add more compatiblity functions 2016-12-28 14:44:05 -07:00
David Garske
650ddb8d23 Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST" 2016-11-30 16:27:24 -08:00
David Garske
039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
Jacob Barthelmeh
f7a951709f COMPAT. LAYER : get SSL client random bytes 2016-11-07 13:21:35 -07:00
toddouska
87e3f45f52 add SCR client and server verify data check 2016-11-03 14:45:24 -07:00
toddouska
f191cf206e allow single threaded mode to share an RNG at WOLFSSL_CTX level 2016-09-16 13:35:29 -07:00
John Safranek
b994244011 Revising the Extended Master Secret support. Removing the dynamic 
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
 2016-09-11 18:05:44 -07:00
Chris Conlon
0f0e0ca9a5 add extended master to example client 2016-09-01 15:17:46 -06:00
toddouska
092916c253 Merge pull request #536 from ejohnstown/dtls-sctp 
DTLS over SCTP
 2016-08-30 13:09:40 -07:00
David Garske
2ecd80ce23 Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined. 2016-08-29 10:38:06 -07:00
John Safranek
05a35a8332 fix scan-build warning on the simple SCTP example server 2016-08-26 20:33:05 -07:00
John Safranek
aed68e1c69 1. Needed to tell the client to use sctp. 
2. Creating the example sockets needed the IPPROTO type.
 2016-08-26 19:58:36 -07:00
John Safranek
46e92e0211 DTLS-SCTP example client and server 
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
 2016-08-26 19:58:36 -07:00
John Safranek
6d5df3928f SCTP-DTLS examples 
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
 2016-08-26 19:58:36 -07:00
John Safranek
52e2f1a7ab typecasts to clear static analysis warnings on SCTP examples 2016-08-26 19:58:36 -07:00
John Safranek
b7a35eabd2 Add simple SCTP example tools 2016-08-26 19:40:50 -07:00
David Garske
17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
David Garske
32b0303beb Fix build with "WOLFSSL_CALLBACKS" defined. 2016-08-05 14:06:58 -07:00
Jacob Barthelmeh
e8f7d78fc4 add helper functions for choosing static buffer size 2016-07-21 12:11:15 -06:00
David Garske
5b3a72d482 Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h. 2016-06-29 11:11:25 -07:00
toddouska
ac6635593b Revert "Bio" 2016-06-27 10:53:34 -07:00
Jacob Barthelmeh
49934a5c91 Merge https://github.com/wolfSSL/wolfssl into bio 2016-06-24 14:22:14 -06:00
Jacob Barthelmeh
0b91e000bb fix secure renegotiation build 2016-06-23 13:10:39 -06:00
Jacob Barthelmeh
f6bbe845f5 Merge https://github.com/wolfSSL/wolfssl into bio 2016-06-22 09:14:53 -06:00
toddouska
a859cf189d Merge pull request #443 from ejohnstown/new-ccm-suite 
Add cipher suite ECDHE-ECDSA-AES128-CCM
 2016-06-20 15:34:55 -07:00
Jacob Barthelmeh
ea71814518 Merge https://github.com/wolfSSL/wolfssl 2016-06-17 13:58:53 -06:00
Chris Conlon
a7c7407406 fix windows example echoserver 2016-06-16 16:39:18 -06:00
John Safranek
2f9c9b9a22 Add cipher suite ECDHE-ECDSA-AES128-CCM 
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
   against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.

Tested against GnuTLS's client and server using the options:

    $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
    $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"

To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
 2016-06-13 14:39:41 -07:00
Jacob Barthelmeh
3d3591a227 typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set 2016-06-10 14:13:27 -06:00
Jacob Barthelmeh
ea3d1f8e17 extended method function 2016-06-09 23:41:51 -06:00
Jacob Barthelmeh
8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
e214086dce tlsx with static memory / account for session certs size 2016-06-08 09:18:43 -06:00
Jacob Barthelmeh
2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
Jacob Barthelmeh
104ff12e76 add staticmemory feature 2016-06-04 19:01:23 -06:00
Ludovic FLAMENT
ed4f67058a Merge branch 'master' of https://github.com/wolfssl/wolfssl 2016-05-20 21:51:13 +02:00
toddouska
b8c0802e3c Merge pull request #414 from JacobBarthelmeh/DTLS-MultiCore 
Dtls multi core
 2016-05-17 17:39:18 -07:00
Jacob Barthelmeh
8c45cb1938 add DTLS session export option 2016-05-10 13:27:45 -06:00
Chris Conlon
8f3e1165a1 add Whitewood netRandom client library support 2016-05-05 15:31:25 -06:00
Chris Conlon
4b16600011 fix type comparison on 32bit for starttls, zero tmp buffer 2016-05-03 13:52:04 -06:00
John Safranek
f9ab61db5d Merge pull request #402 from cconlon/starttls 
use send/recv instead of write/read with STARTTLS
 2016-05-02 17:19:50 -07:00
Chris Conlon
a94383037c use send/recv instead of write/read with STARTTLS for winsock compatibility 2016-05-02 14:36:59 -06:00
toddouska
52d6fb575b Merge pull request #395 from cconlon/starttls 
add STARTTLS support to example client
 2016-04-29 14:24:08 -07:00
Chris Conlon
46addfb130 move example client STARTTLS into separate funcs 2016-04-28 14:21:33 -06:00
Kaleb Himes
b2af02a783 Merge pull request #383 from kojo1/MDK5 
fixes for MDK5 compiler
 2016-04-26 16:11:59 -06:00
Chris Conlon
5abeeff919 add STARTTLS support to example client 2016-04-22 13:46:54 -06:00
Jacob Barthelmeh
77a9343973 use short for RSA min key size and check casts 2016-04-22 12:56:51 -06:00
Jacob Barthelmeh
1dac3841ca change type to short for comparision and up default min size 2016-04-20 15:44:45 -06:00
Jacob Barthelmeh
3129bb22cd minimum ECC key size check at TLS/SSL level 2016-04-19 15:50:25 -06:00
toddouska
117231c0e3 Merge pull request #387 from JacobBarthelmeh/RSA-min 
add check for min RSA key size at TLS/SSL level
 2016-04-19 13:57:26 -07:00
toddouska
0dbdc8eab0 Merge pull request #372 from dgarske/mingwfixes 
MinGW fixes
 2016-04-18 12:50:13 -07:00
Jacob Barthelmeh
c9891567e8 add check for min RSA key size at TLS/SSL level 2016-04-14 13:35:49 -06:00
Takashi Kojo
cab1ebf2d6 move MDK5 current_time to test.h 2016-04-14 18:47:16 +09:00
Takashi Kojo
35c5353698 fixed current_time argument 2016-04-14 16:26:51 +09:00
Takashi Kojo
cfd5af341b fixed test.c compile error and server.c/client.c/ssl.c warnings with MDK5 compiler. 2016-04-12 11:05:30 +09:00
kaleb-himes
1b7cd5cb06 consolidate handling of dead assignment warnings 2016-04-11 13:39:44 -06:00
kaleb-himes
c6e9021732 scan-build warnings related to enable-psk, disable-asn,rsa,ecc 2016-04-11 11:13:26 -06:00
David Garske
993972162e MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used. 2016-04-08 11:48:14 -06:00
Jacob Barthelmeh
85a9c55048 fix c89 build on windows 2016-04-06 11:16:40 -06:00
toddouska
63b1282e67 Merge pull request #335 from dgarske/asynccrypt 
Asynchronous crypto and wolf event support
 2016-03-30 20:12:41 -07:00
David Garske
4472152b18 Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files. 2016-03-30 15:15:38 -07:00
Jacob Barthelmeh
696169634e check return value of wolfSSL_set_fd 2016-03-25 13:59:04 -06:00
Jacob Barthelmeh
e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
David Garske
e1787fe160 Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo. 2016-03-17 13:31:03 -07:00
Jacob Barthelmeh
060e278559 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Certs 2016-03-11 23:48:39 -07:00
David Garske
0ed26ad262 Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option. 2016-03-08 08:35:28 -08:00
David Garske
2891939098 Remove NO_CERT and NO_CODING. Enable building of the client with leantls. 2016-03-08 08:35:28 -08:00
Jacob Barthelmeh
112cf1f0c9 fix example client help print out 2016-03-02 16:51:57 -07:00
Jacob Barthelmeh
aab44eb26b adjest example server PSK plus flag 2016-03-02 15:43:17 -07:00
Jacob Barthelmeh
d969e2ba11 automated test for trusted peer certs 2016-03-02 11:42:00 -07:00
Jacob Barthelmeh
05d2cec7c1 addition to api tests and refactor location of trusted peer cert check 2016-03-02 11:35:03 -07:00
Jacob Barthelmeh
7df22ee210 Trusted peer certificate use 2016-03-02 11:22:34 -07:00
David Garske
953a3bd01d Fixes build error with NO_FILESYSTEM and !NO_CERTS where the wolfssl/test.h load_buffer() function is passing non-existent enum value. Was renamed from CYASSL_ to WOLFSSL_. 2016-02-19 13:52:06 -08:00
kaleb-himes
46b34c19d0 wolfssl.com and google.com now differ in pre-reqs for external test 2016-02-15 13:30:11 -07:00
toddouska
d7d2a6f565 Merge pull request #307 from JacobBarthelmeh/PSK 
New fail with no peer cert behavior and allow RSA signed ECC key certs
 2016-02-12 15:27:18 -08:00
kaleb-himes
ffe7b38409 correct logic to allow for static RSA if ECC and no Curves 
use same coding standards as the rest of the libraries
 2016-02-10 13:39:59 -07:00
Jacob Barthelmeh
ff7a9d9f78 option for fail on no peer cert except PSK suites 2016-02-10 13:26:03 -07:00
kaleb-himes
bf4d6454b1 if connection to google.com and using ECC need supported curves 2016-02-09 17:06:06 -07:00
Kaleb Joseph Himes
62a2efdacc Merge pull request #298 from kaleb-himes/master 
Avoid unnecessary assignments in client example
 2016-02-09 09:54:55 -08:00
Kaleb Joseph Himes
2e88785358 Merge pull request #282 from dgarske/WinUserSettings 
Refactor of Visual Studio projects to centralize preprocessors into IDE/WIN/user_settings.h
 2016-02-09 09:27:32 -08:00
David Garske
2af9fb91b3 Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing. 2016-02-08 19:54:22 -08:00
kaleb-himes
c920e6dd30 Avoid unnecessary assignments in client example 2016-02-07 08:27:01 -07:00
David Garske
2db6246abc Fixed typo with testsuite preprocessor. Added missing chacha.c, chacha20_poly1305.c, pkcs7.c and poly1305.c. Also added the IDE/WIN/user_settings.h to the project so its easy to find. 2016-02-04 11:19:51 -08:00
David Garske
ebd14a657d Added signature.c to Visual Studio project files. Added new "IDE/WIN/user_settings.h" which contains all the defines for the various Windows Visual Studio projects. Moved the settings into this new file and added the WOLFSSL_USER_SETTINGS and CYASSL_USER_SETTINGS macros and include path to IDE/WIN to all project files. This allows the settings (defines) to be adjusted in a single place for Win VS. 2016-01-29 14:29:31 -08:00
Jacob Barthelmeh
611e37b3e8 naming for AEAD macros and TLSX with chacha-poly 2016-01-29 09:38:13 -07:00
Jacob Barthelmeh
7d71d756f3 update ChaCha20-Poly1305 to most recent RFCs 2016-01-27 14:03:05 -07:00
toddouska
1d473ab7b5 resolve issue #255, no sha284 with wolfssl cert chain and external test 2016-01-14 20:25:50 -08:00
kaleb-himes
84ae9a9ae5 Also account for 32-bit users 2015-12-31 12:05:45 -07:00
kaleb-himes
a973eca4b8 accounts for assumptions with external ocsp stapling test 2015-12-29 17:05:51 -07:00
Moisés Guimarães
ec9d23a9c3 Merge branch 'csr' 2015-12-28 19:38:04 -03:00
toddouska
2d33380abc Merge pull request #225 from JacobBarthelmeh/master 
help message to use NTRU key in example server
 2015-12-28 11:56:13 -08:00
John Safranek
92cb8eee61 revise the comments about port 0 use in the example client and server 2015-12-24 15:42:52 -08:00
John Safranek
4b836f8476 added note to client and server regarding port 0 2015-12-23 12:20:53 -08:00
John Safranek
d17549f848 update example client ShowVersions() to not show disabled old-tls versions 2015-12-23 12:12:41 -08:00
toddouska
22385f2b39 add random ports for all make check scripts, unique ready file 2015-12-22 14:35:34 -08:00
Jacob Barthelmeh
41f50b7a73 NTRU suites considered part of static RSA suites group 2015-12-22 15:19:11 -07:00
Jacob Barthelmeh
0721b79282 help message to use NTRU key in example server 2015-12-22 11:51:26 -07:00
John Safranek
917edc5f18 Merge pull request #218 from toddouska/ssl3-aes256 
add aes256 key derivation to ssl3
 2015-12-17 18:30:23 -08:00
Chris Conlon
b89354880f switch pragma once uses, causes warnings on some compilers 2015-12-17 13:19:17 -07:00
toddouska
e503b89ca1 allow sniffer build with -v 0 examples to work 2015-12-17 12:10:22 -08:00
Takashi Kojo
4217ef5475 fixed mdk4 macro control in example server/client, echoserver/client 2015-11-27 11:31:12 +09:00
John Safranek
02411ccced add F back into the client command line options scanning 2015-11-25 10:36:51 -08:00
toddouska
32b2d7f9e4 have calling thread wait for crl monitor thread to setup for simpler cleanup 2015-11-23 14:15:12 -08:00
toddouska
806a2748bf Merge pull request #189 from lchristina26/master 
Updates for Wind River WORKBENCH/ VxWorks Compatibility
 2015-11-12 13:33:27 -08:00
lchristina26
db6920d372 updates for vxworks compatibility 2015-11-12 13:33:47 -07:00
kaleb-himes
e9348635a0 SAFESEH:NO in DLL Debug|Win32 2015-11-09 15:11:58 -07:00
Moisés Guimarães
dccbc1cdd4 fixes ocsp nonce extension decoding; 
enables use of ocsp nonce extension in the client example.
 2015-11-05 11:45:42 -03:00
toddouska
fbd4f8a6ed fix merge conflict 2015-11-02 13:26:46 -08:00
Moisés Guimarães
21d70636dc Merge branch csr into 'master' 2015-11-02 15:51:01 -03:00
toddouska
e76f95465d Merge pull request #170 from dgarske/master 
Fixes initialization of the Crypto HW protection, which could leak a …
 2015-10-29 13:56:18 -07:00
lchristina26
723fc3761b Example client/server compatible with VxWorks 2015-10-29 13:39:02 -06:00
David Garske
f977caa492 Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it. 2015-10-28 23:54:08 -07:00
toddouska
542b59d90a Merge pull request #150 from JacobBarthelmeh/master 
Intel RSA IPP plug in
 2015-10-27 16:57:32 -07:00
Nickolas Lapp
b7848481a3 Fixed gcc variable-mayble-uninitialized warning 2015-10-27 16:42:19 -06:00
Jacob Barthelmeh
c132f9887e Merge branch 'master' of https://github.com/wolfSSL/wolfssl 2015-10-19 13:56:39 -06:00
Jacob Barthelmeh
ee5a11b8d9 Add Intel IPP crypto for RSA 
add user-crypto makefile

update README for IPP crypto

place user crypto in wolfcrypt and use autotools

adjust distributed files

move openssl compatibility consumption

auto use IPP RSA -- IPP directory containing shared libraries local

return value of wolfSSL_BN and formating of debug

openssh testing

make sure IPP not built when fips is

ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default

try to only set library once

only use static IPP if fast rsa is enabled

make print out for user crypto more pretty
 2015-10-19 13:51:49 -06:00
toddouska
c93c6c9bf4 add wolfSSL_new() pointer return check on all calls in example client 2015-10-16 14:12:38 -07:00
toddouska
4141ea8f83 example server to use cstd free for all build options 2015-10-16 14:05:37 -07:00
Ludovic FLAMENT
9ef43910ed Merge branch 'master' of https://github.com/wolfssl/wolfssl 2015-10-16 07:46:51 +02:00
Ludovic FLAMENT
d4f3419758 ALPN : add function to get in a server the list of supported protocols sent by the client. 2015-10-15 14:59:35 +02:00
Ludovic FLAMENT
ee8537fb6d Merge branch 'master' of https://github.com/wolfssl/wolfssl 2015-10-14 20:53:30 +02:00
Ludovic FLAMENT
10f5154389 ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL) 2015-10-13 09:38:40 +02:00
Ludovic FLAMENT
bf3b0a228d add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions 2015-10-09 15:18:41 +02:00
toddouska
b1c5f3b299 add show every cipher suite to examples/client 2015-10-02 16:26:20 -07:00