615 Commits

Author SHA1 Message Date
toddouska
3be4682cda
Merge pull request #2134 from dgarske/fixes_nightly
Fixes for minor nightly build errors
2019-03-08 10:15:46 -08:00
David Garske
0e962aa6e5
Merge pull request #2130 from jrblixt/feature-WICED6_1-serverChange
examples server HTTP update needed for WICED HTTP parser.
2019-03-06 16:46:36 -08:00
Chris Conlon
d699b65a25
Merge pull request #2026 from kojo1/mdk-CMSISv2
MDK CMSIS RTOSv2
2019-03-06 09:36:49 -07:00
jrblixt
222f9f4f47 Adjust count. 2019-03-01 20:04:20 -07:00
David Garske
8569d14cb3 Fixes for minor nightly build errors. Missing wc_ecc_fp_free declaration and "Value stored to 'useSupCurve' is never read". 2019-03-01 16:12:08 -08:00
jrblixt
5f332fa29e review changes. 2019-03-01 14:06:27 -07:00
toddouska
e2e3b835d6
Merge pull request #2100 from SparkiDev/tls13_vers
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
2019-02-27 14:55:29 -08:00
Sean Parkinson
8bb4e23f8d Various improvements for testing
Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE.
Increase size of replyin client.c so all HTTP reply is displayed.
Fix api.c to support only Ed25519 (not RSA and ECC)
Fix suites.c to detect when CA for client won't work (Ed25519 only)
For Static Memory add debugging and small profile.
Also allow realloc to be called with NULL.
Add more Ed25519 certs and keys.
Fix names of Ed25519 filenames for client and server.
Do NOT turn on ECC_SHAMIR by default with lowresource.
Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
John Safranek
39626bb349 1. Add a newline to the client's "non-blocking socket and renegotiation" notice.
2. Add suite test cases for more renegotiation setting combinations.
2019-02-21 10:06:55 -08:00
Hideki Miyazaki
b68eab6450 fixed to take additioanl option for -? 2019-02-21 13:44:08 +09:00
Sean Parkinson
b4996e35fa Set MAX_PRF_HALF bigger for large FFDHE parameters
Stack size measurement is in a thread - free local fp_cache
2019-02-21 08:09:52 +10:00
John Safranek
f78ba4649b Update the help text so the Japanese translations of the new options are printed. 2019-02-20 11:23:00 -08:00
John Safranek
1f6314746c Secure Renegotiation
1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
2019-02-19 15:50:55 -08:00
Sean Parkinson
7aa5cd6f10 Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS
1.3 already. On by default - no checking of prime required.
Add option to require client to see FFDHE parameters from server as per
'may' requirements in RFC 7919.

Change TLS 1.3 ClientHello and ServerHello parsing to find the
SupportedVersions extension first and process it. Then it can handle
other extensions knowing which protocol we are using.
2019-02-18 14:51:59 +10:00
jrblixt
6c3ed46542 examples server HTTP update. 2019-02-15 15:45:30 -07:00
David Garske
e0b46734d6 Enhnacement to the tls_bench tool to support new -S command to indicate total size of data to exchange. Previously was just sending one packet back and forth. Imporved the shutdown handling code. 2019-02-12 16:03:10 -08:00
Takashi Kojo
f8ff68ca7a Merge branch 'master' of https://github.com/wolfssl/wolfssl 2019-02-03 16:19:59 +09:00
toddouska
66987b4f2a
Merge pull request #2058 from SparkiDev/tls13_earlydata_bench
Added EarlyData support to benchmark loop
2019-01-25 14:31:54 -08:00
Sean Parkinson
0fe7591b0f Added EarlyData support to benchmark loop 2019-01-24 18:10:56 +10:00
John Safranek
cc3c2ef683 DTLS Nonblocking Updates
Add command line option to the example server to fake a write block on a
specified DTLS sequence number in epoch 0.
2019-01-18 09:15:11 -08:00
John Safranek
8356c3d7e2 DTLS Nonblocking Updates
1. Add a second select for tx.
2. Revised tcp_select to work for either rx or tx.
3. Updated client and server to use new tcp_select_tx() for checking the
tx socket if the nonblocking connect/accept would block on transmit.
2019-01-18 09:15:11 -08:00
John Safranek
8edd7d0b17 Fix Checks
1. In the tls_bench, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the examples.
2019-01-17 10:32:34 -08:00
John Safranek
f6240e5558 Fix Checks
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
2019-01-17 09:52:00 -08:00
toddouska
d7ecdf110e
Merge pull request #2013 from dgarske/tls_bench
Enhancements to the TLS benchmark tool
2019-01-16 10:30:55 -08:00
Jacob Barthelmeh
6ac384793f memory management with OCSP requests 2019-01-14 09:49:50 -07:00
Takashi Kojo
cca27f6724 examples/celient.c, server.c: removing unused headers 2019-01-12 07:29:19 +09:00
David Garske
a4a6895900 Fix for scan-build "Value stored to 'err' is never read`" 2019-01-11 09:42:41 -08:00
David Garske
6eea924a5c Fix for non-blocking read timeout. 2019-01-11 08:45:34 -08:00
David Garske
3f46250994 Fix to timeout after 10 seconds in non-blocking mode if connect does not complete. 2019-01-10 17:12:37 -08:00
David Garske
003360237f Fixes for building with NO_WOLFSSL_SERVER. Minor test.h cleanups. 2019-01-07 10:08:16 -08:00
David Garske
f3c08ae8b9 Better fixes for ret unused. 2019-01-03 12:42:31 -08:00
David Garske
ff0a4eb69a Fix for float compare warning. Minor cleanups. 2019-01-03 11:40:04 -08:00
David Garske
a7251e4158 Fixes for minor Jenkins build warnings. 2019-01-03 11:22:01 -08:00
David Garske
ef916f2c55 Enhancements to the TLS benchmark tool:
* Added support for running as only Client (`-c`) or Server (`-s`).
* Added support for using sockets (in addition to in memory mode `-m`).
* Fixed support for 16KB test packet (memory version needed TLS header space). Changed to default to 16KB.
* Fixed so transfer is done on each connection and there is not transfer limit (instead "shutdown" message is used).
* Made pthread support optional and based on HAVE_PTHREAD.
* Tested non-blocking support with sockets or shared memory.

To use with localhost sockets and threading use `./examples/benchmark/tls_bench`
To use with threading and in-memory use `./examples/benchmark/tls_bench -m`
To use as separate server client applications with localhost sockets use: `./examples/benchmark/tls_bench -s` and `./examples/benchmark/tls_bench -c` in separate terminals.

```
./examples/benchmark/tls_bench -?
tls_bench 3.15.7 NOTE: All files relative to wolfSSL home dir
-?          Help, print this usage
-c          Run as client only, no threading and uses sockets
-s          Run as server only, no threading and uses sockets
-h          Host (default localhost)
-P          Port (default 11112)
-e          List Every cipher suite available
-i          Show peer info
-l <str>    Cipher suite list (: delimited)
-t <num>    Time <num> (seconds) to run each test (default 1)
-p <num>    The packet size <num> in bytes [1-16kB] (default 16384)
-v          Show verbose output
-d          Enable debug messages
-T <num>    Number of threaded server/client pairs (default 1)
-m          Use local memory, not socket
```
2019-01-03 10:57:39 -08:00
David Garske
2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske
00dd222aa5 Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled. 2018-12-21 08:21:59 -08:00
Jacob Barthelmeh
48c267dda8 fix warning with secure-renegotiation build and error with ntru build 2018-12-19 15:47:43 -07:00
John Safranek
b145aab6b2 Server Side Renegotiation
1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation.
2. Add indication to both the server and client examples that the renegotiation was successful.
2018-12-05 13:08:24 -08:00
John Safranek
0abf7c4997 Server Side Secure Renegotiation
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
2018-12-05 13:08:24 -08:00
John Safranek
d168d60ade Server Side Secure Renegotiation
1. Add enables to the example server for turning on secure renegotiation.
2. Add encryption assists to the handhshake message handler functions.
3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-12-05 13:08:24 -08:00
John Safranek
a55f11cdd8 DHE Speed Up
1. Also apply the setting to the client side.
2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:56:14 -08:00
John Safranek
564a1ee499 Make the skip DH test flag build-conditional. 2018-11-30 09:19:11 -08:00
John Safranek
ff1a1dc5d5 DHE Speed Up
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
2018-11-29 17:04:04 -08:00
Takashi Kojo
a203cd4901 NO_MULTIBYTE to NO_MULTIBYTE_PRINT 2018-11-29 07:04:01 +09:00
Takashi Kojo
0e94ae529c Rollback stacing 2018-11-29 06:52:43 +09:00
Takashi Kojo
c529e011a7 NO_MULTIBYTE for multibyte non-supported IDEs 2018-11-26 08:11:31 +09:00
Sean Parkinson
95bd340de5 Add support for more OpenSSL APIs
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
David Garske
d5dddd2b29 Fix for unused useSupCurve in example client with --disable-ecc. 2018-11-08 15:43:18 -08:00
Jacob Barthelmeh
2468a19c82 static analysis fix on non default build and g++ warning 2018-11-07 14:50:07 -07:00
kaleb-himes
bc2bb78010 Fix -x option in server to continue in event of error (R) 2018-11-06 14:09:46 -07:00