David Garske
8601c14f1c
Merge pull request #4297 from anhu/master
...
Fix a race condition in the benchmark example and …
2021-08-12 13:51:43 -07:00
Anthony Hu
7c75b9836e
Changes to make Jenkins happy and reduce verbosity.
...
- added HAVE_PTHREAD guards
- usleep ---> XSLEEP_MS
- only print polling message if verbose output requested.
2021-08-12 11:13:15 -04:00
Anthony Hu
586317f198
Fix a race condition in the benchmark example and all output goes to stderr.
2021-08-11 17:07:01 -04:00
Lealem Amedie
d4d225e33f
Fix broken link in examples/README.md
2021-08-11 10:49:38 -06:00
Lealem Amedie
0722fb56d8
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
Juliusz Sosinowicz
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
JacobBarthelmeh
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade
...
not include smaller versions than minimum downgrade
2021-07-01 21:00:20 +07:00
Hideki Miyazaki
b0688688c1
addressed review comments
2021-06-30 13:52:46 +09:00
Hideki Miyazaki
d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext
2021-06-25 14:51:34 +09:00
Sean Parkinson
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
David Garske
67b87a8883
Merge pull request #4127 from douzzer/wolfsentry-client
...
outbound connection filtering and wolfSentry integration
2021-06-22 07:27:18 -07:00
David Garske
716237c5dd
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
Daniel Pouzzner
8c75553e08
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
2021-06-17 20:05:40 -05:00
Daniel Pouzzner
93dfb4c7f4
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
...
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
David Garske
9181c949ae
Added static ciphers and sniffer. Fixed spelling.
2021-06-17 15:19:45 -07:00
David Garske
ffb9a8b440
Improve the user_settings_template to incude Windows. Added STM32 configuration example.
2021-06-17 15:19:45 -07:00
David Garske
8b14bf2951
Additional user_settings.h examples.
2021-06-17 15:19:45 -07:00
Sean Parkinson
12c358bc30
Merge pull request #3979 from dgarske/tls13_async
...
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
2021-06-15 10:02:19 +10:00
David Garske
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
David Garske
5e6b8e50c8
Fix to set groups for client benchmark test.
2021-06-11 14:12:15 -07:00
David Garske
2e4e65f518
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
...
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
Sean Parkinson
7e0c372e4c
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
...
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH
Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
David Garske
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
Sean Parkinson
9580574382
Merge pull request #3999 from dgarske/user_io
...
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
Elms
5c01613acb
Add GCC extension to bypass select `-pedantic` warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
Sean Parkinson
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
Elms
82981e9305
make: fix timing error when switching between revisions
...
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
2021-05-18 09:43:29 -07:00
David Garske
c88afdef87
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
toddouska
014bd21df0
Merge pull request #3983 from tmael/tls_down
...
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
Hideki Miyazaki
0e40293798
added psk session callback
2021-04-28 10:08:21 +09:00
toddouska
40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral
...
Added API's for getting pointer to loaded static ephemeral key
2021-04-23 15:54:46 -07:00
Tesfa Mael
0c16ef4b29
Check for TLS downgrade
2021-04-23 14:45:35 -07:00
Daniel Pouzzner
9c7ee3fa64
examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static().
2021-04-22 00:20:12 -05:00
Daniel Pouzzner
0cf9bacf1b
WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.
2021-04-21 17:34:47 -05:00
Daniel Pouzzner
660e64cdff
examples/server/server.c: clean up wolfsentry printfs.
2021-04-21 03:19:55 -05:00
Daniel Pouzzner
cb976db02b
server.c: update for wolfSentry API changes.
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
6175e11156
server.c: update wolfsentry_init() usage (hpi pointer).
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz
70a3857ae8
Fragmentation for ServerKeyExchange and CeriticateVerify
...
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
David Garske
e13c93d493
Added API's for getting pointer to load static ephemeral key.
2021-04-05 13:40:48 -07:00
David Garske
a22defec50
Fix for availability of `wolfSSL_SESSION_print`.
2021-03-26 15:39:55 -07:00
David Garske
95ff75c43d
Fix for `wolfSSL_SESSION_print`
2021-03-26 13:41:11 -07:00
David Garske
f65e1f1f09
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
JacobBarthelmeh
13d81f1fb9
Merge pull request #3902 from dgarske/snicb
...
Fix for SNI recv callback
2021-03-24 15:34:35 +07:00
David Garske
9313d59479
Fix for SNI callback
...
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
2021-03-22 11:28:16 -07:00
Hideki Miyazaki
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
Hideki Miyazaki
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
Jacob Barthelmeh
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
Eric Blankenhorn
5e953d5968
Typo in client example
2021-03-08 17:31:12 -06:00
Hideki Miyazaki
9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
Hideki Miyazaki
141d07e21b
addressed pre-review comments
2021-03-05 08:19:16 +09:00
Hideki Miyazaki
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
John Safranek
e9cdcf5bac
Merge pull request #3764 from embhorn/zd11668
...
Fix typo
2021-02-22 14:12:12 -08:00
Eric Blankenhorn
2c2bdca200
Fix typo
2021-02-11 12:27:43 -06:00
toddouska
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
Sean Parkinson
794cb5c7a9
TLS Session Ticket: default encryption callback
...
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
Juliusz Sosinowicz
542e0d79ec
Jenkins Fixes
...
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
2021-02-02 12:06:11 +01:00
toddouska
6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
...
Added support for AES GCM session ticket encryption
2021-01-25 15:00:03 -08:00
Sean Parkinson
a84f1c813a
TLS Session Ticket: Option to disable for TLS 1.2 and below
...
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
2021-01-22 13:19:29 +10:00
Eric Blankenhorn
a3cbcf255f
Fix from review
2021-01-20 11:34:02 -06:00
David Garske
219cbd47eb
Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511.
2021-01-19 07:53:36 -08:00
Eric Blankenhorn
50843b22cd
Check method for NULL
2021-01-18 16:18:49 -06:00
Daniel Pouzzner
764b3cf09d
examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code.
2020-12-28 17:49:58 -06:00
Chris Conlon
16ce8e077a
only call wolfSSL_UseKeyShare() in example client with TLS 1.3
2020-12-16 12:06:35 -07:00
Sean Parkinson
75c062a298
cppcheck: fixes
2020-12-16 17:28:20 +10:00
toddouska
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
Hayden Roche
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
Sean Parkinson
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
toddouska
b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr
...
Fixes for TLS sniffer with v1.3 (HRR and Certs)
2020-11-18 16:07:11 -08:00
toddouska
9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim
...
Add an option to the example client to simulate WANT_WRITE errors.
2020-11-18 15:54:09 -08:00
toddouska
9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names
...
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
Hayden Roche
2fc594d319
Modify example server to be resilient to WANT_WRITE errors.
2020-11-13 10:33:10 -06:00
Hayden Roche
e035eb8f8a
Add an option to the example client to simulate WANT_WRITE errors.
...
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
This callback alternates between letting the TX through and returning a
WANT_WRITE error.
2020-11-13 10:30:24 -06:00
John Safranek
e996a7d15b
Scan-Build Fixes
...
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.
To recreate:
$ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
$ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
David Garske
71d9f1e9bd
Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral.
2020-11-12 08:59:11 -08:00
Daniel Pouzzner
7850d71ccb
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:47:47 -06:00
Glenn Strauss
92c3296e13
preprocessor -DNO_BIO to omit OpenSSL BIO API
2020-11-05 20:40:43 -06:00
Daniel Pouzzner
fda84576b0
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
94d4ea3a57
examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
b918e1fd4c
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-28 17:28:05 -05:00
John Safranek
d2dac8e4b8
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 13:30:51 -07:00
toddouska
1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple
...
TLS OCSP Stapling: MUST staple option
2020-10-20 15:07:08 -07:00
toddouska
7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr
...
(D)TLS non-blocking SCR with example
2020-10-20 13:45:19 -07:00
Sean Parkinson
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
David Garske
b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck
...
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
David Garske
048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing
...
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
Jacob Barthelmeh
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
Tesfa Mael
a4bfa0dec7
Add support for id-pkix-ocsp-nocheck
2020-10-11 19:47:50 -07:00
JacobBarthelmeh
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
Daniel Pouzzner
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
Daniel Pouzzner
7a77b6d990
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-08 22:47:16 -05:00
Daniel Pouzzner
e162d0f889
add wolfSSL_get_ocsp_producedDate().
2020-10-08 22:47:16 -05:00
Juliusz Sosinowicz
a7fdfbaf40
Passing scr-app-data in to -i to client sends a message during SCR
...
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-10-06 17:28:23 +02:00
Juliusz Sosinowicz
84f0fc56ef
check ClientWrite return
2020-09-25 11:35:23 +02:00
Daniel Pouzzner
10bf7a2086
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-23 18:32:16 -05:00
toddouska
1c07de883c
Merge pull request #3306 from SparkiDev/tls13_pha_psk
...
TLS 1.3: Post-handshake Authentication and resumption secret
2020-09-23 16:06:55 -07:00
Sean Parkinson
4ed3438be0
TLS 1.3: Post-handshake Authentication and resumption secret
...
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
2020-09-23 17:09:06 +10:00
John Safranek
30443dbf23
Fix Client Usage
...
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
Juliusz Sosinowicz
04b4ef3e3b
Don't send null byte
2020-09-16 14:02:51 +02:00
Juliusz Sosinowicz
a65ffe15bc
Implement non-blocking SCR on server side
2020-09-09 21:41:20 +02:00
Sean Parkinson
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
Juliusz Sosinowicz
605b274442
Jenkins fixes
2020-08-28 12:04:11 +02:00
Juliusz Sosinowicz
52df9d6c69
TLS and DTLS both need to support APP DATA during SCR
...
Also some misc fixes
2020-08-27 21:13:19 +02:00
Juliusz Sosinowicz
8b934624f5
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
John Safranek
362e328180
NTRU fixes
...
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
toddouska
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization
...
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
JacobBarthelmeh
1034139214
Merge pull request #3081 from kaleb-himes/GH2998_REWORK_FOLLOWUP
...
Cleanup of example client/server buffer sizes
2020-08-05 09:31:30 -06:00
David Garske
4f91d60d22
Fixes for build issues without `OPENSSL_EXTRA` defined.
2020-07-31 15:25:58 -07:00
David Garske
776b1a2d17
Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools.
2020-07-31 15:17:53 -07:00
David Garske
71cc5381ad
Added new `examples/config` area with template user_settings.h files and instructions for using.
2020-07-31 11:01:58 -07:00
Kaleb Himes
d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP
2020-07-30 09:47:48 -06:00
John Safranek
397d1ab19c
DTLS Test Speed Fix Redux
...
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
2020-07-29 16:51:08 -07:00
toddouska
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
David Garske
38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size
...
DTLS Size Fix
2020-07-24 08:19:50 -07:00
John Safranek
fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
John Safranek
839044d9e1
1. Remove dead assignment from client test.
...
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
John Safranek
98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
David Garske
fe08f23a50
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
David Garske
c5371a2dbd
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
John Safranek
c8e9d058f0
DTLS Test Speedup
...
Change the example client to use select instead of sleep.
If building for the standalone client, it will wait 1 second.
If built for no main driver, it'll wait 10ms rather than 1 second.
2020-07-21 18:40:18 -07:00
David Garske
11b0d963d3
Fix for example client to send HTTP GET on resume with "-g". Fixes issue with `./scripts/openssl.test`.
2020-07-21 15:42:33 -07:00
David Garske
639f73fe1f
Fix for client writes to not include the null term.
2020-07-21 13:42:01 -07:00
David Garske
4e637ddf10
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
David Garske
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
Jacob Barthelmeh
e55ca1a8cf
increase example client key share group array size
2020-07-17 10:26:34 -06:00
toddouska
fbe0c8cba7
Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
...
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
toddouska
925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
...
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
Jacob Barthelmeh
173b9833fc
fixes for edge build cases and static memory
2020-07-14 09:07:23 -06:00
Tesfa Mael
890500c1b1
Fix Coverity
2020-07-08 08:20:43 -07:00
Juliusz Sosinowicz
3efd8a8576
Jenkins fixes
2020-07-02 14:59:07 +02:00
Juliusz Sosinowicz
e63a80f1af
Use `NO_SESSION_CACHE` as well in preproc checks
2020-06-30 21:21:43 +02:00
JacobBarthelmeh
26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK
...
cleanup GET messages
2020-06-25 10:22:09 -06:00
kaleb-himes
fdce5152c5
Address peer feedback
2020-06-24 11:25:12 -06:00
David Garske
352328348a
For example client "-H verifyFail", which was not setting the verify callback.
2020-06-18 12:54:47 -07:00
David Garske
667d9ca896
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
Juliusz Sosinowicz
03c5359fcd
Add session resumption testing for DTLS
2020-06-18 14:18:02 +02:00
Juliusz Sosinowicz
f2d2dadc89
ASYNC: Fix issues with TLS and DTLS
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
7b604ad714
WIP
2020-06-12 11:36:43 +02:00
David Garske
fb5c9e5268
Adjust static memory case with TLS v1.3 enabled.
2020-06-05 11:11:23 -07:00
David Garske
dffc677561
Fix for TLS v1.3 with `--enable-sniffer`.
2020-06-04 16:42:40 -07:00
David Garske
1d01b87741
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
David Garske
ad93813d75
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-06-04 15:31:18 -07:00
David Garske
d4fdd1e590
Fix for TLS v1.3 test PSK callback to support cipher list. Add support for `GetCipherSuiteFromName` to accept a name ending with colon.
2020-06-04 15:31:18 -07:00
David Garske
3b63e55a68
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-06-04 15:31:18 -07:00
David Garske
8300754ecd
Fix for "testsuite" with TLSv1.3 and `--enable-sniffer`.
2020-06-04 15:31:18 -07:00
kaleb-himes
2285071fbc
Use old convention, consolidate assignments
2020-06-04 09:34:49 -06:00
kaleb-himes
923fc30043
Change to memcpy
2020-06-03 17:36:40 -06:00
kaleb-himes
8c3f7a77ca
cleanup GET messages
2020-06-03 16:53:36 -06:00
toddouska
fbfb28d5ee
Merge pull request #2926 from SparkiDev/tls13_failnocert
...
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-05-14 10:53:18 -07:00
kaleb-himes
951cb4aaf4
Fix building with one-side only tls13/dtls
2020-04-28 14:33:00 -06:00
Sean Parkinson
c153873337
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 16:17:03 +10:00
toddouska
cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
...
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
Sean Parkinson
411aee6e05
Fixes from cppcheck
...
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
toddouska
65cf5a0d46
Merge pull request #2802 from embhorn/zd9764
...
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
Eric Blankenhorn
b1ec15de3e
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
Eric Blankenhorn
3f7ce61dbd
Updates from review
2020-04-01 11:14:25 -05:00
Hideki Miyazaki
99b9f46e58
fixed not working on mac
...
fixed case of -s or -c
2020-03-27 12:33:51 +09:00
Hideki Miyazaki
9fac21f463
replace the size at bench_embedded
2020-03-25 08:09:42 +09:00
Hideki Miyazaki
75eca61b3e
address review comments
2020-03-24 20:35:21 +09:00
Hideki Miyazaki
7d4b4e4994
added dtls benchmark
2020-03-22 17:56:28 +09:00
Sean Parkinson
8cccb9008b
Change to work for other TLS versions
...
Send alert when client doesn't send a certificate on request.
2020-03-02 08:50:57 +10:00
Sean Parkinson
6334dd9cb0
Allow mutual authentication to be required for TLS 1.3
2020-03-02 08:50:57 +10:00
Sean Parkinson
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
toddouska
b7d0b81443
Merge pull request #2818 from dgarske/rsa_sha3only
...
RSA with SHA-3 only and RSA 4096-bit tests
2020-02-27 12:44:29 -08:00
David Garske
ef2c1ae738
Fix for `examples/benchmark/tls_bench.c:114:20: error: unused variable 'kShutdown'` with `WOLFCRYPT_ONLY`.
2020-02-23 19:01:46 -08:00
David Garske
418c508eba
Fixes for SCTP example to check build options.
2020-02-19 12:28:49 -08:00
Eric Blankenhorn
41d3ba0efa
Tests and examples for bidirectional shutdown
2020-02-17 16:47:47 -06:00
toddouska
b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows
...
change public Timeval to WOLFSSL_TIMEVAL
2020-02-13 09:38:42 -08:00
Jacob Barthelmeh
3c077a3cef
add NO_OLD_TIMEVAL_NAME macro for backwards compatibility
2020-02-07 11:56:30 -07:00
Chris Conlon
b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
...
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
toddouska
0551b1f2de
Merge pull request #2765 from SparkiDev/client_read_write
...
Client using common read and write func
2020-02-03 11:00:15 -08:00
Sean Parkinson
cc2bf03e73
Client using common read and write func
2020-02-03 09:17:27 +10:00
Sean Parkinson
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
Jacob Barthelmeh
a9e9120fa0
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
John Safranek
3bdb7d8188
Merge pull request #2761 from JacobBarthelmeh/Testing
...
add close on pre to echoserver example
2020-01-28 09:29:29 -08:00
Jacob Barthelmeh
d9253afc04
add close on pre to echoserver example
2020-01-22 16:23:46 -08:00
Takashi Kojo
37cad6e9ba
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
John Safranek
aabdec214e
MinGW uses the Win32 setsockopt() function which uses a char for
...
SO_REUSEADDR's option. Everything else uses an int.
2020-01-21 10:53:19 -08:00
John Safranek
23427085af
1. Add an indent to a new line in user settings.
...
2. Remove the execute bit from the changed files.
2020-01-20 12:30:32 -08:00
Takashi Kojo
a08ab1fc7a
fix mnGW error
2020-01-20 12:19:18 -08:00
Chris Conlon
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
toddouska
4f71bcfa7c
Merge pull request #2704 from ejohnstown/renegotiation
...
Maintenance: Renegotiation
2019-12-30 16:45:31 -08:00
toddouska
deac82c8ed
Merge pull request #2683 from dgarske/various_items
...
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
John Safranek
add7cdd4e2
Maintenance: Renegotiation
...
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
Eric Blankenhorn
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
David Garske
22f0b145d3
Various cleanups and fixes:
...
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
Eric Blankenhorn
774a758f59
Fixes in test and example code
2019-12-17 15:56:40 -06:00
David Garske
cb9f16d3cb
Fix for proper sizing of in-memory buffer for TLS benchmarking (32 is not always the max digest size).
2019-11-18 10:34:15 -08:00
David Garske
0c2c4fd91b
Improvements to tls_bench tool in wolfSSL lib for embedded use.
2019-11-15 12:09:19 -08:00
kaleb-himes
5ce88b5086
seperate sanity checks on size and rnd allocation
2019-11-07 13:12:17 -07:00
kaleb-himes
ad192786b1
Remove double assignment to pt caught by scan-build test
2019-11-07 11:35:36 -07:00
kaleb-himes
e24059691c
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
Jacob Barthelmeh
890eb415b1
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
JacobBarthelmeh
bb6eeefe26
fix for build with --enable-all and gcc-9 on Linux
2019-10-15 09:56:26 -07:00