feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
Files
4458ed37c189bd47bc7437bddccad8051810e05b
wolfssl/examples/server/server.c

3203 lines
110 KiB
C
Raw Normal View History

Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
/* server.c
*
update copyright date
2021-03-11 13:42:46 +07:00
* Copyright (C) 2006-2021 wolfSSL Inc.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* This file is part of wolfSSL.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
library wide licence update
2015-01-06 12:14:15 -07:00
* wolfSSL is free software; you can redistribute it and/or modify
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
library wide licence update
2015-01-06 12:14:15 -07:00
* wolfSSL is distributed in the hope that it will be useful,
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*/
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
Corrected spelling mistakes, formatting
2011-08-04 16:42:55 -06:00
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#include <wolfssl/wolfcrypt/settings.h>
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#include <wolfssl/ssl.h> /* name change portability layer */
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
#ifdef HAVE_ECC
Test Fixes 1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled. 2. Fix a couple function name changes in the example server. 3. Removed the old FIPS wrapping added to dh.h, was redundant. 4. Move include of random.h in the aes.h file. 5. Fix where ecc.c was being left out of old FIPS builds. 6. Exclude the AES-GCM internal IV test case when building without the RNG. 7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-03-06 16:45:44 -08:00
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
#endif
make sure all tests/examples *.c use settings.h correctly
2013-04-10 12:17:23 -07:00
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
# include <wolfsentry/wolfsentry.h>
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#endif
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
#include <stdio.h>
#include <string.h>
refactor MDK options in client/server.c
2018-01-01 11:57:31 +09:00
#include "rl_fs.h"
#include "rl_net.h"
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
#endif
refactor MDK options in client/server.c
2018-01-01 11:57:31 +09:00
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
#ifdef NO_RSA
#error currently the example only tries to load in a RSA buffer
#endif
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#include <wolfssl/certs_test.h>
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/test.h>
Jenkins fixes
2020-08-28 11:35:48 +02:00
#include <wolfssl/error-ssl.h>
1.8.8 init
2011-02-05 11:14:47 -08:00
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-19 23:38:41 -07:00
#include "examples/server/server.h"
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_SERVER
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
Updates from review
2020-04-01 11:14:25 -05:00
#define DEFAULT_TIMEOUT_SEC 2
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
* number and is using the ready file for scripted testing, the code in
* test.h will write the actual port number into the ready file for use
* by the client. */
1.8.8 init
2011-02-05 11:14:47 -08:00
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
#ifndef WOLFSSL_ALT_TEST_STRINGS
static const char kReplyMsg[] = "I hear you fa shizzle!";
#else
static const char kReplyMsg[] = "I hear you fa shizzle!\n";
#endif
static const char kHttpServerMsg[] =
review changes.
2019-03-01 13:52:45 -07:00
"HTTP/1.1 200 OK\r\n"
"Content-Type: text/html\r\n"
"Connection: close\r\n"
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 11:01:24 -07:00
"Content-Length: 141\r\n"
examples server HTTP update.
2019-02-15 15:45:30 -07:00
"\r\n"
review changes.
2019-03-01 13:52:45 -07:00
"<html>\r\n"
"<head>\r\n"
"<title>Welcome to wolfSSL!</title>\r\n"
"</head>\r\n"
"<body>\r\n"
"<p>wolfSSL has successfully performed handshake!</p>\r\n"
"</body>\r\n"
"</html>\r\n";
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
/* Read needs to be largest of the client.c message strings (29) */
#define SRV_READ_SZ 32
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
int catastrophic = 0; /* Use with -x flag to still exit when an error is
* considered catastrophic EG the servers own cert failing
* to load would be catastrophic since there would be no
* cert to send to clients attempting to connect. The
* server should error out completely in that case
*/
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static int lng_index = 0;
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_CALLBACKS
add NO_OLD_TIMEVAL_NAME macro for backwards compatibility
2020-02-07 11:56:30 -07:00
#if !defined(NO_OLD_TIMEVAL_NAME)
Timeval srvTo;
#else
WOLFSSL_TIMEVAL srvTo;
#endif
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
static int srvHandShakeCB(HandShakeInfo* info)
{
(void)info;
return 0;
}
static int srvTimeoutCB(TimeoutInfo* info)
{
(void)info;
return 0;
}
#endif
#ifndef NO_HANDSHAKE_DONE_CB
static int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
{
(void)user_ctx;
(void)ssl;
/* printf("Notified HandShake done\n"); */
/* return negative number to end TLS connection now */
return 0;
}
#endif
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
static void err_sys_ex(int out, const char* msg)
{
if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */
printf("wolfSSL error: %s\n", msg);
printf("Continuing server execution...\n\n");
} else {
err_sys(msg);
}
}
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
#ifdef WOLFSSL_DTLS
/* Translates return codes returned from
* send() and recv() if need be.
*/
static WC_INLINE int TranslateReturnCode(int old, int sd)
{
(void)sd;
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
if (old == 0) {
errno = SOCKET_EWOULDBLOCK;
return -1; /* convert to BSD style wouldblock as error */
}
if (old < 0) {
errno = RTCS_geterror(sd);
if (errno == RTCSERR_TCP_CONN_CLOSING)
return 0; /* convert to BSD style closing */
if (errno == RTCSERR_TCP_CONN_RLSD)
errno = SOCKET_ECONNRESET;
if (errno == RTCSERR_TCP_TIMED_OUT)
errno = SOCKET_EAGAIN;
}
#endif
return old;
}
static WC_INLINE int wolfSSL_LastError(void)
{
#ifdef USE_WINDOWS_API
return WSAGetLastError();
#elif defined(EBSNET)
return xn_getlasterror();
#else
return errno;
#endif
}
/* wolfSSL Sock Addr */
struct WOLFSSL_TEST_SOCKADDR {
unsigned int sz; /* sockaddr size */
SOCKADDR_IN_T sa; /* pointer to the sockaddr_in or sockaddr_in6 */
};
typedef struct WOLFSSL_TEST_DTLS_CTX {
struct WOLFSSL_TEST_SOCKADDR peer;
int rfd;
int wfd;
int failOnce;
word32 blockSeq;
} WOLFSSL_TEST_DTLS_CTX;
static WC_INLINE int PeekSeq(const char* buf, word32* seq)
{
const char* c = buf + 3;
if ((c[0] | c[1] | c[2] | c[3]) == 0) {
*seq = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7];
return 1;
}
return 0;
}
/* The send embedded callback
* return : nb bytes sent, or error
*/
static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
{
WOLFSSL_TEST_DTLS_CTX* dtlsCtx = (WOLFSSL_TEST_DTLS_CTX*)ctx;
int sd = dtlsCtx->wfd;
int sent;
int err;
(void)ssl;
WOLFSSL_ENTER("TestEmbedSendTo()");
if (dtlsCtx->failOnce) {
word32 seq = 0;
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
if (PeekSeq(buf, &seq) && seq == dtlsCtx->blockSeq) {
dtlsCtx->failOnce = 0;
WOLFSSL_MSG("Forcing WANT_WRITE");
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
}
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
sent = (int)sendto(sd, buf, sz, 0, (const SOCKADDR*)&dtlsCtx->peer.sa,
dtlsCtx->peer.sz);
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
sent = TranslateReturnCode(sent, sd);
if (sent < 0) {
err = wolfSSL_LastError();
WOLFSSL_MSG("Embed Send To error");
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
WOLFSSL_MSG("\tWould Block");
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
else if (err == SOCKET_ECONNRESET) {
WOLFSSL_MSG("\tConnection reset");
return WOLFSSL_CBIO_ERR_CONN_RST;
}
else if (err == SOCKET_EINTR) {
WOLFSSL_MSG("\tSocket interrupted");
return WOLFSSL_CBIO_ERR_ISR;
}
else if (err == SOCKET_EPIPE) {
WOLFSSL_MSG("\tSocket EPIPE");
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
WOLFSSL_MSG("\tGeneral error");
return WOLFSSL_CBIO_ERR_GENERAL;
}
}
return sent;
}
#endif /* WOLFSSL_DTLS */
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-03-26 12:55:13 -05:00
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-03-26 12:55:13 -05:00
const void *remote_addr2;
const void *local_addr2;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
int ret;
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
struct {
struct wolfsentry_sockaddr s;
byte buf[16];
} remote, local;
wolfsentry_action_res_t action_results;
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-03-26 12:55:13 -05:00
(void)ssl;
if ((ret = wolfSSL_get_endpoint_addrs(nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
}
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
nc->family,
nc->proto,
nc->remote_port,
nc->local_port,
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
nc->interface);
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
remote.s.sa_family = nc->family;
remote.s.sa_proto = nc->proto;
remote.s.sa_port = nc->remote_port;
remote.s.addr_len = nc->remote_addr_len;
remote.s.interface = nc->interface;
memcpy(remote.s.addr, remote_addr2, nc->remote_addr_len);
local.s.sa_family = nc->family;
local.s.sa_proto = nc->proto;
local.s.sa_port = nc->local_port;
local.s.addr_len = nc->local_addr_len;
local.s.interface = nc->interface;
memcpy(local.s.addr, local_addr2, nc->local_addr_len);
ret = wolfsentry_route_event_dispatch(wolfsentry, &remote.s, &local.s, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
if (ret == 0) {
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
*decision = WOLFSSL_NETFILTER_REJECT;
else if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_ACCEPT))
*decision = WOLFSSL_NETFILTER_ACCEPT;
else
*decision = WOLFSSL_NETFILTER_PASS;
} else
*decision = WOLFSSL_NETFILTER_PASS;
return WOLFSSL_SUCCESS;
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-03-26 12:55:13 -05:00
}
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
static int NonBlockingSSL_Accept(SSL* ssl)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
{
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
int ret = SSL_accept(ssl);
#else
Patches 1. Define Timeval in callbacks.h if the file sys/time.h is missing. 2. When picking the correct strtok() function, take into account MINGW64. 3. In the example server, changed the call to SSL_accept_ex() as it doesn't exist. Using wolfSSL_accept_ex(). Only a problem when setting WOLFSSL_CALLBACKS. 4. PickHashSigAlgo() is missing a ; when WOLFSSL_CALLBACKS is set.
2018-08-24 11:21:10 -07:00
int ret = wolfSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
#endif
int error = SSL_get_error(ssl, 0);
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int select_ret = 0;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
)) {
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
int currTimeout = 1;
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (error == WOLFSSL_ERROR_WANT_READ) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
/* printf("... server would read block\n"); */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
else if (error == WOLFSSL_ERROR_WANT_WRITE) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
/* printf("... server would write block\n"); */
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
if (error == WC_PENDING_E) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
else
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#endif
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
{
Modify example server to be resilient to WANT_WRITE errors.
2020-11-02 14:57:37 -06:00
if (error == WOLFSSL_ERROR_WANT_WRITE)
{
select_ret = tcp_select_tx(sockfd, currTimeout);
}
else {
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
|| (select_ret == TEST_ERROR_READY)
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
Removed replaced the last two references to "CYASSL" macros with "WOLFSSL" in the example server.
2018-06-06 13:14:06 -07:00
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
ret = SSL_accept(ssl);
#else
Patches 1. Define Timeval in callbacks.h if the file sys/time.h is missing. 2. When picking the correct strtok() function, take into account MINGW64. 3. In the example server, changed the call to SSL_accept_ex() as it doesn't exist. Using wolfSSL_accept_ex(). Only a problem when setting WOLFSSL_CALLBACKS. 4. PickHashSigAlgo() is missing a ; when WOLFSSL_CALLBACKS is set.
2018-08-24 11:21:10 -07:00
ret = wolfSSL_accept_ex(ssl,
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
srvHandShakeCB, srvTimeoutCB, srvTo);
#endif
error = SSL_get_error(ssl, 0);
}
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
wolfSSL_dtls_got_timeout(ssl) >= 0) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
else {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_FATAL_ERROR;
1.8.8 init
2011-02-05 11:14:47 -08:00
}
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
return ret;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
/* Echo number of bytes specified by -B arg */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
size_t throughput)
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
{
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int ret = 0, err;
double start = 0, rx_time = 0, tx_time = 0;
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
int select_ret, len, rx_pos;
size_t xfer_bytes = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
char* buffer;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
buffer = (char*)malloc(block);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (!buffer) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Server buffer malloc failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
while ((echoData && throughput == 0) ||
(!echoData && xfer_bytes < throughput))
{
select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
if (select_ret == TEST_RECV_READY) {
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
if (throughput)
len = min(block, (int)(throughput - xfer_bytes));
else
len = block;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
rx_pos = 0;
if (throughput) {
start = current_time(1);
}
/* Read data */
while (rx_pos < len) {
ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
Fix wc_ecc_alloc_rs memset logic. Fix error handling in hmac.c for SHA224. Cleanup of the wc_DhGenerateKeyPair_Async function. Added comment about the “BuildTlsFinished” allocation for hash buffer. Fixed issue with example server that caused the benchmark script to fail in throughput mode.
2017-04-11 14:13:08 -07:00
if (ret < 0) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
else
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ &&
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
err != WOLFSSL_ERROR_ZERO_RETURN &&
err != APP_DATA_READY) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("SSL_read echo error %d\n", err);
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "SSL_read failed");
Fixed example server to not try and write on failure.
2019-04-11 11:30:41 -07:00
break;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
1. Remove dead assignment from client test. 2. Fix memory leak in example server test. 3. Use verify callback on certificates to allow callback to fail them. 4. Restore the forced failure test cases. 5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
if (err == WOLFSSL_ERROR_ZERO_RETURN) {
free(buffer);
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
return WOLFSSL_ERROR_ZERO_RETURN;
1. Remove dead assignment from client test. 2. Fix memory leak in example server test. 3. Use verify callback on certificates to allow callback to fail them. 4. Restore the forced failure test cases. 5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
else {
rx_pos += ret;
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
if (!throughput)
break;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
if (throughput) {
rx_time += current_time(0) - start;
start = current_time(1);
}
/* Write data */
do {
err = 0; /* reset error */
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
ret = SSL_write(ssl, buffer, min(len, rx_pos));
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret <= 0) {
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
} while (err == WC_PENDING_E);
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
if (ret != (int)min(len, rx_pos)) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("SSL_write echo error %d\n", err);
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "SSL_write failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (throughput) {
tx_time += current_time(0) - start;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
xfer_bytes += len;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
free(buffer);
if (throughput) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
printf(
#if !defined(__MINGW32__)
"wolfSSL Server Benchmark %zu bytes\n"
#else
"wolfSSL Server Benchmark %d bytes\n"
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
"\tRX %8.3f ms (%8.3f MBps)\n"
"\tTX %8.3f ms (%8.3f MBps)\n",
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#if !defined(__MINGW32__)
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
throughput,
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#else
(int)throughput,
#endif
Fix RX/TX throughput reporting in example server. - I observed that client TX throughput < client RX throughput, but server TX throughput > server RX throughput. Turns out this is just a typo in the printing of the stats. The RX stat was being printed as the TX stat and vice- versa. - I added a note to scripts/benchmark.test about a 2 second sleep we do waiting for the server to come up. If you were to time this script with the time command, you'll see that 2 seconds in the result, which might be confusing if you didn't realize the sleep was there.
2020-12-08 16:43:42 -06:00
rx_time * 1000, throughput / rx_time / 1024 / 1024,
tx_time * 1000, throughput / tx_time / 1024 / 1024
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
return 0;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
{
int ret, err;
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
/* Read data */
do {
err = 0; /* reset error */
ret = SSL_read(ssl, input, inputLen);
if (ret < 0) {
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
err = SSL_get_error(ssl, ret);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
TLS and DTLS both need to support APP DATA during SCR Also some misc fixes
2020-08-27 20:57:53 +02:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) {
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
/* If we receive a message during renegotiation
* then just print it. We return the message sent
* after the renegotiation. */
TLS and DTLS both need to support APP DATA during SCR Also some misc fixes
2020-08-27 20:57:53 +02:00
ret = SSL_read(ssl, input, inputLen);
if (ret >= 0) {
/* null terminate message */
input[ret] = '\0';
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
printf("Client message received during "
"secure renegotiation: %s\n", input);
err = WOLFSSL_ERROR_WANT_READ;
}
else {
err = SSL_get_error(ssl, ret);
TLS and DTLS both need to support APP DATA during SCR Also some misc fixes
2020-08-27 20:57:53 +02:00
}
}
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
DTLS Bad MAC Checks 1. Make the decrypt and verify MAC failure cases behave the same with respect to DTLS messages. It should pretend the message never happened. 2. Allow the echoclient to survive the echoserver sending a message with a bad MAC. 3. Allow the server to survive the client sending a message with a bad MAC.
2017-07-31 11:24:42 -07:00
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_DTLS
DTLS Bad MAC Checks 1. Make the decrypt and verify MAC failure cases behave the same with respect to DTLS messages. It should pretend the message never happened. 2. Allow the echoclient to survive the echoserver sending a message with a bad MAC. 3. Allow the server to survive the client sending a message with a bad MAC.
2017-07-31 11:24:42 -07:00
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
printf("Dropped client's message due to a bad MAC\n");
}
else
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
TLS and DTLS both need to support APP DATA during SCR Also some misc fixes
2020-08-27 20:57:53 +02:00
if (err != WOLFSSL_ERROR_WANT_READ
#ifdef HAVE_SECURE_RENEGOTIATION
&& err != APP_DATA_READY
#endif
) {
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
printf("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer));
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "SSL_read failed");
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
}
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
else if (SSL_get_error(ssl, 0) == 0 &&
tcp_select(SSL_get_fd(ssl), 0) == TEST_RECV_READY) {
err = WOLFSSL_ERROR_WANT_READ;
}
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret > 0) {
TLS and DTLS both need to support APP DATA during SCR Also some misc fixes
2020-08-27 20:57:53 +02:00
/* null terminate message */
input[ret] = '\0';
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
printf("Client message: %s\n", input);
}
}
static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
{
int ret, err;
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
int len;
#ifdef OPENSSL_ALL
/* Fuzz testing expects reply split over two msgs when TLSv1.0 or below */
if (wolfSSL_GetVersion(ssl) <= WOLFSSL_TLSV1)
len = outputLen / 2;
else
#endif
len = outputLen;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
do {
err = 0; /* reset error */
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
ret = SSL_write(ssl, output, len);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret <= 0) {
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
Changes to server example for fuzz testing
2019-07-01 13:35:33 +10:00
else if (ret != outputLen) {
output += ret;
len = (outputLen -= ret);
err = WOLFSSL_ERROR_WANT_WRITE;
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret != outputLen) {
printf("SSL_write msg error %d, %s\n", err,
ERR_error_string(err, buffer));
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "SSL_write failed");
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* when adding new option, please follow the steps below: */
/* 1. add new option message in English section */
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
/* 2. increase the number of the second column */
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-17 22:09:51 -05:00
/* 3. increase the array dimension */
/* 4. add the same message into Japanese section */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* (will be translated later) */
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-17 22:09:51 -05:00
/* 5. add printf() into suitable position of Usage() */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
static const char* server_usage_msg[][57] = {
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* English */
{
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
"-? <num> Help, print this usage\n"
" 0: English, 1: Japanese\n", /* 1 */
"-p <num> Port to listen on, not 0, default", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 3 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 3 */
#endif
"-l <str> Cipher suite list (: delimited)\n", /* 4 */
"-c <file> Certificate file, default", /* 5 */
"-k <file> Key file, default", /* 6 */
"-A <file> Certificate Authority file, default", /* 7 */
"-R <file> Create Ready file for external monitor"
" default none\n", /* 8 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-D <file> Diffie-Hellman Params file, default", /* 9 */
"-Z <num> Minimum DH key bits, default", /* 10 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> Application-Layer Protocol Negotiation"
" ({C,F}:<list>)\n", /* 11 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-d Disable client cert check\n", /* 12 */
"-b Bind to any interface instead of localhost only\n",/* 13 */
"-s Use pre Shared keys\n", /* 14 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
"-u Use UDP DTLS,"
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 15 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
"-G Use SCTP DTLS,"
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 16 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-f Fewer packets/group messages\n", /* 17 */
"-r Allow one client Resumption\n", /* 18 */
"-N Use Non-blocking sockets\n", /* 19 */
"-S <str> Use Host Name Indication\n", /* 20 */
"-w Wait for bidirectional shutdown\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_OCSP
"-o Perform OCSP lookup on peer certificate\n", /* 22 */
"-O <url> Perform OCSP lookup using <url> as responder\n", /* 23 */
#endif
#ifdef HAVE_PK_CALLBACKS
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-P Public Key Callbacks\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-a Anonymous server\n", /* 25 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifndef NO_PSK
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-I Do not send PSK identity hint\n", /* 26 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-x Print server errors but do not close connection\n",/* 27 */
"-i Loop indefinitely (allow repeated connections)\n", /* 28 */
"-e Echo data mode (return raw bytes received)\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_NTRU
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-n Use NTRU key (needed for NTRU suites)\n", /* 30 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-B <num> Benchmark throughput"
" using <num> bytes and print stats\n", /* 31 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_CRL
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V Disable CRL\n", /* 32 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-E <file> Path to load trusted peer cert\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-q <file> Whitewood config file, default", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-g Return basic HTML web page\n", /* 35 */
"-C <num> The number of connections to accept, default: 1\n",/* 36 */
"-H <arg> Internal tests"
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */
" loadSSL, disallowETM]\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-U Update keys and IVs before sending\n", /* 39 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-y Pre-generate Key Share using FFDHE_2048 only\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-Y Pre-generate Key Share using P-256 only \n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CURVE25519
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-t Pre-generate Key share using Curve25519 only\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif /* WOLFSSL_TLS13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_SESSION_TICKET
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS)
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-T Do not generate session ticket\n", /* 44 */
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#else
"-T [aon] Do not generate session ticket\n", /* 44 */
" No option affects TLS 1.3 only, 'a' affects all"
" protocol versions,\n", /* 45 */
" 'o' affects TLS 1.2 and below only\n", /* 46 */
" 'n' affects TLS 1.3 only\n", /* 47 */
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#ifdef WOLFSSL_TLS13
"-F Send alert if no mutual authentication\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-Q Request certificate from client post-handshake\n", /* 49 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-J Server sends Cookie Extension containing state\n", /* 50 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
#endif /* WOLFSSL_TLS13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_EARLY_DATA
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-0 Early data read from client (0-RTT handshake)\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-3 <grpid> Multicast, grpid < 256\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> Display a result by specified language."
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"\n 0: English, 1: Japanese\n", /* 53 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_TRUSTED_CA
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-5 Use Trusted CA Key Indication\n", /* 54 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#endif
Modify example server to be resilient to WANT_WRITE errors.
2020-11-02 14:57:37 -06:00
"-6 Simulate WANT_WRITE errors on every other IO send\n",
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
/* 55 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
/* 57 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
{
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" 注意 : 全てのファイルは"
Rollback stacing
2018-11-29 06:52:43 +09:00
" wolfSSL ホーム・ディレクトリからの相対です。\n", /* 0 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> ヘルプ, 使い方を表示\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: 英語、 1: 日本語\n", /* 1 */
"-p <num> 接続先ポート, 0は無効, 既定値", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 3 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 3 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 4 */
"-c <file> 証明書ファイル, 既定値", /* 5 */
"-k <file> 鍵ファイル, 既定値", /* 6 */
"-A <file> 認証局ファイル, 既定値", /* 7 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-R <file> 外部モニタ用の準備完了ファイルを作成する。"
Rollback stacing
2018-11-29 06:52:43 +09:00
"既定値 なし\n", /* 8 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-D <file> ディフィー・ヘルマンのパラメータファイル,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 9 */
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 10 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> アプリケーション層プロトコルネゴシエーションを行う"
Rollback stacing
2018-11-29 06:52:43 +09:00
" ({C,F}:<list>)\n", /* 11 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-d クライアント認証を無効とする\n", /* 12 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-b ローカルホスト以外のインターフェースへも"
Rollback stacing
2018-11-29 06:52:43 +09:00
"バインドする\n", /* 13 */
"-s 事前共有鍵を使用する\n", /* 14 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-u UDP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 15 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G SCTP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 16 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f より少ないパケット/グループメッセージを使用する\n",/* 17 */
"-r クライアントの再開を許可する\n", /* 18 */
"-N ノンブロッキング・ソケットを使用する\n", /* 19 */
"-S <str> ホスト名表示を使用する\n", /* 20 */
"-w 双方向シャットダウンを待つ\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o OCSPルックアップをピア証明書で実施する\n", /* 22 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-O <url> OCSPルックアップを、"
Rollback stacing
2018-11-29 06:52:43 +09:00
"<url>を使用し応答者として実施する\n", /* 23 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-P 公開鍵コールバック\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Rollback stacing
2018-11-29 06:52:43 +09:00
"-a 匿名サーバー\n", /* 25 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifndef NO_PSK
Rollback stacing
2018-11-29 06:52:43 +09:00
"-I PSKアイデンティティのヒントを送信しない\n", /* 26 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-x サーバーエラーを出力するが接続を切断しない\n", /* 27 */
"-i 無期限にループする(繰り返し接続を許可)\n", /* 28 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-e エコー・データモード"
Rollback stacing
2018-11-29 06:52:43 +09:00
"(受け取ったバイトデータを返す)\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_NTRU
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n NTRU鍵を使用する(NTRUスイートに必要)\n", /* 30 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-B <num> <num> バイトを用いてのベンチマーク・スループット"
Rollback stacing
2018-11-29 06:52:43 +09:00
"測定と結果を出力する\n", /* 31 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_CRL
Rollback stacing
2018-11-29 06:52:43 +09:00
"-V CRLを無効とする\n", /* 32 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-E <file> 信頼出来るピアの証明書ロードの為のパス\n\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Rollback stacing
2018-11-29 06:52:43 +09:00
"-q <file> Whitewood コンフィグファイル, 既定値", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-g 基本的な Web ページを返す\n", /* 35 */
"-C <num> アクセプト可能な接続数を指定する。既定値: 1\n", /* 36 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> 内部テスト"
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */
" loadSSL, disallowETM]\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-U データ送信前に、鍵とIVを更新する\n", /* 39 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-y FFDHE_2048のみを使用して鍵共有を事前生成する\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-Y P-256のみを使用したキー共有の事前生成\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CURVE25519
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
"-t Curve25519のみを使用して鍵共有を事前生成する\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS)
"-T セッションチケットを生成しない\n", /* 44 */
#else
"-T [aon] セッションチケットを生成しない\n", /* 44 */
" No option affects TLS 1.3 only, 'a' affects all"
" protocol versions,\n", /* 45 */
" 'o' affects TLS 1.2 and below only\n", /* 46 */
" 'n' affects TLS 1.3 only\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#ifdef WOLFSSL_TLS13
"-F Send alert if no mutual authentication\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-Q クライアントのポストハンドシェイクから"
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"証明書を要求する\n", /* 49 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-J サーバーの状態を含むTLS Cookie 拡張を送信する\n", /* 50 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
#endif /* WOLFSSL_TLS13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_EARLY_DATA
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-0 クライアントからの Early Data 読み取り"
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"0-RTTハンドシェイク\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> 指定された言語で結果を表示します。"
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"\n 0: 英語、 1: 日本語\n", /* 53 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_TRUSTED_CA
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-5 信頼できる認証局の鍵表示を使用する\n", /* 54 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-6 Simulate WANT_WRITE errors on every other IO send\n",
/* 55 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
/* 57 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
1.8.8 init
2011-02-05 11:14:47 -08:00
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
static void Usage(void)
{
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
int msgId = 0;
const char** msg = server_usage_msg[lng_index];
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
printf("%s%s%s", "server ", LIBWOLFSSL_VERSION_STRING,
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
msg[msgId]);
printf("%s", msg[++msgId]); /* ? */
printf("%s %d\n", msg[++msgId], wolfSSLPort); /* -p */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#ifndef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */
#endif
printf("%s", msg[++msgId]); /* -l */
printf("%s %s\n", msg[++msgId], svrCertFile); /* -c */
printf("%s %s\n", msg[++msgId], svrKeyFile); /* -k */
printf("%s %s\n", msg[++msgId], cliCertFile); /* -A */
printf("%s", msg[++msgId]); /* -R */
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgId], dhParamFile); /* -D */
printf("%s %d\n", msg[++msgId], DEFAULT_MIN_DHKEY_BITS);/* -Z */
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-14 20:53:30 +02:00
#endif
#ifdef HAVE_ALPN
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -L */
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -d */
printf("%s", msg[++msgId]); /* -b */
printf("%s", msg[++msgId]); /* -s */
printf("%s", msg[++msgId]); /* -u */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#ifdef WOLFSSL_SCTP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -G */
#endif
printf("%s", msg[++msgId]); /* -f */
printf("%s", msg[++msgId]); /* -r */
printf("%s", msg[++msgId]); /* -N */
printf("%s", msg[++msgId]); /* -S */
printf("%s", msg[++msgId]); /* -w */
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
printf("-M Allow Secure Renegotiation\n");
printf("-m Force Server Initiated Secure Renegotiation\n");
#endif /* HAVE_SECURE_RENEGOTIATION */
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -o */
printf("%s", msg[++msgId]); /* -O */
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#ifdef HAVE_PK_CALLBACKS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -P */
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
#endif
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#ifdef HAVE_ANON
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -a */
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#endif
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
#ifndef NO_PSK
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -I */
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -x */
printf("%s", msg[++msgId]); /* -i */
printf("%s", msg[++msgId]); /* -e */
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
#ifdef HAVE_NTRU
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -n */
help message to use NTRU key in example server
2015-12-22 11:51:26 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -B */
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#ifdef HAVE_CRL
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -V */
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#endif
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -E */
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgId], wnrConfig); /* -q */
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -g */
printf("%s", msg[++msgId]); /* -C */
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
printf("%s", msg[++msgId]); /* -H */
printf("%s", msg[++msgId]); /* more -H options */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -U */
printf("%s", msg[++msgId]); /* -K */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -y */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
#ifdef HAVE_ECC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -Y */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
#ifdef HAVE_CURVE25519
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -t */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif /* WOLFSSL_TLS13 */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef HAVE_SESSION_TICKET
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -T */
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
printf("%s", msg[++msgId]); /* -T */
printf("%s", msg[++msgId]); /* -T */
printf("%s", msg[++msgId]); /* -T */
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#ifdef WOLFSSL_TLS13
Allow mutual authentication to be required for TLS 1.3
2020-02-20 16:15:30 +10:00
printf("%s", msg[++msgId]); /* -F */
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -Q */
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 08:52:53 +10:00
#ifdef WOLFSSL_SEND_HRR_COOKIE
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -J */
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 08:52:53 +10:00
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif /* WOLFSSL_TLS13 */
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -0 */
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#endif
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("-2 Disable DH Prime check\n");
#endif
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
#ifdef WOLFSSL_DTLS
printf("-4 <seq> DTLS fake would-block for message seq\n");
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#ifdef WOLFSSL_MULTICAST
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -3 */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgId]); /* -1 */
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
printf("%s", msg[++msgId]); /* -5 */
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#endif /* HAVE_TRUSTED_CA */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
printf("%s", msg[++msgId]); /* -6 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
printf("%s", msg[++msgId]); /* -8 */
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgId]); /* -9 */
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
}
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
1.8.8 init
2011-02-05 11:14:47 -08:00
{
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
SOCKADDR_IN_T client_addr;
socklen_t client_len;
1.8.8 init
2011-02-05 11:14:47 -08:00
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
wolfSSL_method_func method = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
SSL_CTX* ctx = 0;
SSL* ssl = 0;
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
struct wolfsentry_context *wolfsentry = NULL;
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
int useWebServerMsg = 0;
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
char input[SRV_READ_SZ];
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#ifndef WOLFSSL_VXWORKS
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int ch;
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int version = SERVER_DEFAULT_VERSION;
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#ifndef WOLFSSL_NO_CLIENT_AUTH
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int doCliCertCheck = 1;
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#else
int doCliCertCheck = 0;
#endif
#ifdef HAVE_CRL
int disableCRL = 0;
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int useAnyAddr = 0;
MDK4, wolfSSL name change
2015-08-12 16:45:40 +09:00
word16 port = wolfSSLPort;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int usePsk = 0;
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
int usePskPlus = 0;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
int useAnon = 0;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
int doDTLS = 0;
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
int dtlsUDP = 0;
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
int dtlsMTU = 0;
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
int dtlsSCTP = 0;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
int doMcast = 0;
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
#ifdef WOLFSSL_DTLS
int doBlockSeq = 0;
WOLFSSL_TEST_DTLS_CTX dtlsCtx;
#endif
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
int needDH = 0;
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
int useNtruKey = 0;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int nonBlocking = 0;
Modify example server to be resilient to WANT_WRITE errors.
2020-11-02 14:57:37 -06:00
int simulateWantWrite = 0;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int fewerPackets = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
int pkCallbacks = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
PkCbInfo pkCbInfo;
#endif
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
int wc_shutdown = 0;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
int resume = 0;
int resumeCount = 0;
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
int loops = 1;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int cnt = 0;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
int echoData = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int block = TEST_BUFFER_SIZE;
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
size_t throughput = 0;
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
use short for RSA min key size and check casts
2016-04-22 12:56:51 -06:00
short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS;
change type to short for comparision and up default min size
2016-04-20 15:44:45 -06:00
short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
int doListen = 1;
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
int crlFlags = 0;
fix shutdown returns
2015-02-16 14:23:33 -08:00
int ret;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
int err = 0;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
char* serverReadyFile = NULL;
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
char* alpnList = NULL;
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
unsigned char alpn_opt = 0;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
char* cipherList = NULL;
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-04 14:31:47 -07:00
int useDefCipherList = 0;
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
const char* verifyCert;
const char* ourCert;
const char* ourKey;
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
const char* ourDhParam = dhParamFile;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
tcp_ready* readySignal = NULL;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
const char* trustCert = NULL;
#endif
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
#ifndef NO_PSK
fix psk no identify hint example logic
2015-08-03 09:32:51 -07:00
int sendPskIdentityHint = 1;
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
#endif
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
int trustedCaKeyId = 0;
#endif /* HAVE_TRUSTED_CA */
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
int noPskDheKe = 0;
#endif
int updateKeysIVs = 0;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#ifndef NO_CERTS
Change to work for other TLS versions Send alert when client doesn't send a certificate on request.
2020-02-21 09:43:32 +10:00
int mutualAuth = 0;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
int postHandAuth = 0;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
int earlyData = 0;
#endif
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
int scr = 0;
int forceScr = 0;
#endif /* HAVE_SECURE_RENEGOTIATION */
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
#ifdef WOLFSSL_SEND_HRR_COOKIE
Add TLS v1.3 Cookie extension support Experimental stateless cookie
2017-06-23 16:26:54 +10:00
int hrrCookie = 0;
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
byte mcastID = 0;
Make the skip DH test flag build-conditional.
2018-11-30 09:19:11 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1;
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#ifdef WOLFSSL_STATIC_MEMORY
tlsx with static memory / account for session certs size
2016-06-07 15:39:16 -06:00
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
fixes for edge build cases and static memory
2020-07-14 09:07:23 -06:00
byte memory[239936];
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#else
byte memory[80000];
#endif
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
WOLFSSL_MEM_CONN_STATS ssl_stats;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#ifdef DEBUG_WOLFSSL
WOLFSSL_MEM_STATS mem_stats;
#endif
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#endif
Jenkins Fixes - explicit conversions - not all curves available for wolfSSL_CTX_set1_groups_list - group funcs depend on HAVE_ECC - `InitSuites` after `ssl->suites` has been set
2021-02-01 14:59:57 +01:00
#if defined(WOLFSSL_TLS13)
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int onlyKeyShare = 0;
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif
#if defined(HAVE_SESSION_TICKET)
#ifdef WOLFSSL_TLS13
int noTicketTls13 = 0;
#endif
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
int noTicketTls12 = 0;
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
int useX25519 = 0;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
int useX448 = 0;
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
int exitWithRet = 0;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
int loadCertKeyIntoSSLObj = 0;
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#ifdef HAVE_ENCRYPT_THEN_MAC
int disallowETM = 0;
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = -1; /* error state */
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
#ifndef NO_RSA
verifyCert = cliCertFile;
ourCert = svrCertFile;
ourKey = svrKeyFile;
#else
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#ifdef HAVE_ECC
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
verifyCert = cliEccCertFile;
ourCert = eccCertFile;
ourKey = eccKeyFile;
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#elif defined(HAVE_ED25519)
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
verifyCert = cliEdCertFile;
ourCert = edCertFile;
ourKey = edKeyFile;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#elif defined(HAVE_ED448)
verifyCert = cliEd448CertFile;
ourCert = ed448CertFile;
ourKey = ed448KeyFile;
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
#else
verifyCert = NULL;
ourCert = NULL;
ourKey = NULL;
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#endif
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#endif
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
(void)needDH;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)ourKey;
(void)ourCert;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
(void)ourDhParam;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)verifyCert;
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
(void)useNtruKey;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)doCliCertCheck;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
(void)minDhKeyBits;
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
(void)minRsaKeyBits;
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
(void)minEccKeyBits;
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
(void)alpnList;
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
(void)alpn_opt;
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
(void)crlFlags;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
(void)readySignal;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
(void)updateKeysIVs;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#ifndef NO_CERTS
Change to work for other TLS versions Send alert when client doesn't send a certificate on request.
2020-02-21 09:43:32 +10:00
(void)mutualAuth;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#endif
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
(void)postHandAuth;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
(void)mcastID;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
(void)loadCertKeyIntoSSLObj;
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
(void)nonBlocking;
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_TIRTOS
fix tirtos merge
2014-09-08 19:40:03 -07:00
fdOpenSession(Task_self());
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
updates for vxworks compatibility
2015-11-12 13:33:47 -07:00
#ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
/* Reinitialize the global myVerifyAction. */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
/* Not Used: h, z, W, X, 7, 9 */
fixed to take additioanl option for -?
2019-02-21 13:44:08 +09:00
while ((ch = mygetopt(argc, argv, "?:"
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
"abc:defgijk:l:mnop:q:rstu;v:wxy"
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
"A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
"01:23:4:5689"
"@#")) != -1) {
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
switch (ch) {
case '?' :
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
if(myoptarg!=NULL) {
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
}
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
case 'x' :
runWithErrors = 1;
break;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 'd' :
doCliCertCheck = 0;
break;
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
case 'V' :
#ifdef HAVE_CRL
disableCRL = 1;
#endif
break;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
case 'j' :
usePskPlus = 1;
break;
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
case 'n' :
useNtruKey = 1;
break;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case 'u' :
doDTLS = 1;
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
dtlsUDP = 1;
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
dtlsMTU = atoi(myoptarg);
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'f' :
fewerPackets = 1;
break;
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
case 'R' :
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
serverReadyFile = myoptarg;
add server_ready file to externally monitor example server for ready to accept, -r option
2014-11-26 12:13:47 -08:00
break;
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
case 'r' :
#ifndef NO_SESSION_CACHE
resume = 1;
#endif
break;
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
case 'P' :
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#ifdef HAVE_PK_CALLBACKS
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
pkCallbacks = 1;
#endif
break;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 'p' :
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
port = (word16)atoi(myoptarg);
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
case 'w' :
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
wc_shutdown = 1;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
break;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 'v' :
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
if (myoptarg[0] == 'd') {
version = SERVER_DOWNGRADE_VERSION;
break;
}
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (myoptarg[0] == 'e') {
version = EITHER_DOWNGRADE_VERSION;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
break;
}
#endif
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
version = atoi(myoptarg);
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (version < 0 || version > 4) {
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
}
break;
case 'l' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
cipherList = myoptarg;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
case 'H' :
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "exitWithRet", 11) == 0) {
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
printf("Skip exit() for testing\n");
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
exitWithRet = 1;
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "verifyFail", 10) == 0) {
printf("Verify should fail\n");
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
myVerifyAction = VERIFY_FORCE_FAIL;
}
else if (XSTRNCMP(myoptarg, "verifyInfo", 10) == 0) {
printf("Verify should use preverify (just show info)\n");
myVerifyAction = VERIFY_USE_PREVERFIY;
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
memory management with OCSP requests
2019-01-14 09:49:50 -07:00
printf("Also load cert/key into wolfSSL object\n");
#ifndef NO_CERTS
loadCertKeyIntoSSLObj = 2;
#endif
}
else if (XSTRNCMP(myoptarg, "loadSSLOnly", 11) == 0) {
printf("Only load cert/key into wolfSSL object\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
else if (XSTRNCMP(myoptarg, "disallowETM", 11) == 0) {
printf("Disallow Encrypt-Then-MAC\n");
#ifdef HAVE_ENCRYPT_THEN_MAC
disallowETM = 1;
#endif
}
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
else if (XSTRNCMP(myoptarg, "overrideDateErr", 15) == 0) {
Fixes for minor nightly build tests.
2019-09-25 07:17:57 -07:00
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
Fixes for minor nightly build tests.
2019-09-25 07:17:57 -07:00
#endif
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
}
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-04 14:31:47 -07:00
break;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 'A' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
verifyCert = myoptarg;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
case 'c' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourCert = myoptarg;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
case 'k' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourKey = myoptarg;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
case 'D' :
#ifndef NO_DH
ourDhParam = myoptarg;
#endif
break;
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
}
#endif
break;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
case 'N':
nonBlocking = 1;
break;
merge in sni
2013-05-21 14:37:50 -07:00
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
case 'I':
#ifndef NO_PSK
fix psk no identify hint example logic
2015-08-03 09:32:51 -07:00
sendPskIdentityHint = 0;
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
#endif
break;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
case 'L' :
#ifdef HAVE_ALPN
alpnList = myoptarg;
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
if (alpnList[0] == 'C' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
else if (alpnList[0] == 'F' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
ALPN : add option to continue in case of client/server protocol mismatch (like OpenSSL)
2015-10-13 09:38:40 +02:00
}
alpnList += 2;
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
#endif
break;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
case 'i' :
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
loops = -1;
break;
case 'C' :
loops = atoi(myoptarg);
if (loops <= 0) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
break;
case 'e' :
echoData = 1;
break;
case 'B':
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
throughput = atol(myoptarg);
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
if (throughput == 0 || block <= 0) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
break;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
case 'E' :
trustCert = myoptarg;
break;
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
case 'q' :
#ifdef HAVE_WNR
wnrConfigFile = myoptarg;
#endif
break;
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
case 'g' :
useWebServerMsg = 1;
break;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
#endif
break;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
case 'T' :
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#if defined(HAVE_SESSION_TICKET)
if (XSTRLEN(myoptarg) == 0) {
#if defined(WOLFSSL_TLS13)
noTicketTls13 = 1;
#endif
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else if (XSTRNCMP(myoptarg, "a", 2) == 0) {
noTicketTls12 = 1;
#if defined(WOLFSSL_TLS13)
noTicketTls13 = 1;
#endif
}
else if (XSTRNCMP(myoptarg, "o", 2) == 0) {
noTicketTls12 = 1;
}
else if (XSTRNCMP(myoptarg, "n", 2) == 0) {
#if defined(WOLFSSL_TLS13)
noTicketTls13 = 1;
#endif
}
#endif
else {
Usage();
XEXIT_T(MY_EX_USAGE);
}
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
break;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 'U' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
break;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#ifndef NO_CERTS
Allow mutual authentication to be required for TLS 1.3
2020-02-20 16:15:30 +10:00
case 'F' :
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
mutualAuth = 1;
Allow mutual authentication to be required for TLS 1.3
2020-02-20 16:15:30 +10:00
break;
Fix to detect if `NO_CERTS` / `--disable-asn` is used in `scripts/tls13.test`.
2020-06-04 16:08:08 -07:00
#endif
Allow mutual authentication to be required for TLS 1.3
2020-02-20 16:15:30 +10:00
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
case 'Q' :
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
postHandAuth = 1;
doCliCertCheck = 0;
#endif
break;
Add TLS v1.3 Cookie extension support Experimental stateless cookie
2017-06-23 16:26:54 +10:00
case 'J' :
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
#ifdef WOLFSSL_SEND_HRR_COOKIE
Add TLS v1.3 Cookie extension support Experimental stateless cookie
2017-06-23 16:26:54 +10:00
hrrCookie = 1;
#endif
break;
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
case 'M' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif /* HAVE_SECURE_RENEGOTIATION */
break;
case 'm' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif /* HAVE_SECURE_RENEGOTIATION */
break;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
case '0' :
#ifdef WOLFSSL_EARLY_DATA
earlyData = 1;
#endif
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
case '1' :
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
case '3' :
#ifdef WOLFSSL_MULTICAST
doMcast = 1;
mcastID = (byte)(atoi(myoptarg) & 0xFF);
#endif
break;
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
case '4' :
#ifdef WOLFSSL_DTLS
XMEMSET(&dtlsCtx, 0, sizeof(dtlsCtx));
doBlockSeq = 1;
dtlsCtx.blockSeq = atoi(myoptarg);
#endif
Fix a fall-through bug in the server options parsing around a new option.
2019-02-19 10:31:37 -08:00
break;
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
case '5' :
#ifdef HAVE_TRUSTED_CA
trustedCaKeyId = 1;
#endif /* HAVE_TRUSTED_CA */
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
break;
Modify example server to be resilient to WANT_WRITE errors.
2020-11-02 14:57:37 -06:00
case '6' :
nonBlocking = 1;
simulateWantWrite = 1;
break;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
case '8' :
#ifdef HAVE_CURVE448
useX448 = 1;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
#endif
break;
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
break;
#endif
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
case '@' :
{
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifdef HAVE_WC_INTROSPECTION
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-27 18:38:29 -05:00
const char *conf_args = wolfSSL_configure_args();
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
if (conf_args) {
puts(conf_args);
XEXIT_T(EXIT_SUCCESS);
} else {
fputs("configure args not compiled in.\n",stderr);
XEXIT_T(MY_EX_USAGE);
}
#else
fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
XEXIT_T(MY_EX_USAGE);
#endif
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
}
case '#' :
{
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifdef HAVE_WC_INTROSPECTION
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-27 18:38:29 -05:00
const char *cflags = wolfSSL_global_cflags();
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
if (cflags) {
puts(cflags);
XEXIT_T(EXIT_SUCCESS);
} else {
fputs("CFLAGS not compiled in.\n",stderr);
XEXIT_T(MY_EX_USAGE);
}
#else
fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
XEXIT_T(MY_EX_USAGE);
#endif
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
}
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
default:
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
}
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
myoptind = 0; /* reset for test cases */
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#endif /* !WOLFSSL_VXWORKS */
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Can only use DTLS over UDP or SCTP, can't do both. */
if (dtlsUDP && dtlsSCTP) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Cannot use DTLS with both UDP and SCTP.");
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
}
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (version == EITHER_DOWNGRADE_VERSION)
version = -3;
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
else
version = -1;
}
}
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(runWithErrors, "can't load whitewood net random config "
"file");
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
switch (version) {
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
#ifndef NO_OLD_TLS
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#ifdef WOLFSSL_ALLOW_SSLV3
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 0:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfSSLv3_server_method_ex;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
#ifndef NO_TLS
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_TLSV10
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 1:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfTLSv1_server_method_ex;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 2:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfTLSv1_1_server_method_ex;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* !NO_TLS */
#endif /* !NO_OLD_TLS */
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
#ifndef NO_TLS
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
case 3:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfTLSv1_2_server_method_ex;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
QSH (quantum-safe handshake) extension
2015-07-07 09:55:58 -06:00
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 4:
method = wolfTLSv1_3_server_method_ex;
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
case SERVER_DOWNGRADE_VERSION:
method = wolfSSLv23_server_method_ex;
break;
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case EITHER_DOWNGRADE_VERSION:
method = wolfSSLv23_method_ex;
break;
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* NO_TLS */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_DTLS
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#ifndef NO_OLD_TLS
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case -1:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfDTLSv1_server_method_ex;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
case -2:
extended method function
2016-06-09 23:41:51 -06:00
method = wolfDTLSv1_2_server_method_ex;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case -3:
method = wolfDTLSv1_2_method_ex;
break;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
default:
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Bad SSL version");
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
}
better error checking on server example
2012-07-30 18:15:08 -07:00
if (method == NULL)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "unable to get method");
better error checking on server example
2012-07-30 18:15:08 -07:00
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#ifdef WOLFSSL_STATIC_MEMORY
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
* printing to stderr in case of debug mode turned on */
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
fprintf(stderr, "static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "unable to load static memory and create ctx");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
/* load in a buffer for IO */
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "unable to load static memory and create ctx");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#else
Fix from review
2021-01-20 11:34:02 -06:00
if (method != NULL) {
Check method for NULL
2021-01-18 16:18:49 -06:00
ctx = SSL_CTX_new(method(NULL));
}
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
#endif /* WOLFSSL_STATIC_MEMORY */
better error checking on server example
2012-07-30 18:15:08 -07:00
if (ctx == NULL)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "unable to get ctx");
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
ret = wolfsentry_init(NULL /* allocator */, NULL /* timecbs */, 0 /* route_private_data_size */, 0 /* route_private_data_alignment */, &wolfsentry);
if (ret != 0) {
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
err_sys_ex(catastrophic, "unable to initialize wolfSentry");
}
{
struct wolfsentry_route_table *table;
if ((ret = wolfsentry_route_get_table_static(wolfsentry, &table)) != 0)
fprintf(stderr, "wolfsentry_route_get_table_static() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
if (ret == 0) {
if ((ret = wolfsentry_route_table_default_policy_set(wolfsentry, table, WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP)) != 0)
fprintf(stderr, "wolfsentry_route_table_default_policy_set(WOLFSENTRY_ACTION_RES_REJECT) returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
}
if (ret == 0) {
struct {
struct wolfsentry_sockaddr sa;
byte buf[16];
} remote, local;
wolfsentry_ent_id_t id;
wolfsentry_action_res_t action_results;
memset(&remote, 0, sizeof remote);
memset(&local, 0, sizeof local);
#ifdef TEST_IPV6
remote.sa.sa_family = local.sa.sa_family = AF_INET6;
remote.sa.addr_len = 128;
#else
remote.sa.sa_family = local.sa.sa_family = AF_INET;
remote.sa.addr_len = 32;
memcpy(remote.sa.addr, "\177\000\000\001", 4);
#endif
// remote.sa.sa_proto = local.sa.sa_proto = IPPROTO_TCP;
if ((ret = wolfsentry_route_insert_static
(wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN |
WOLFSENTRY_ROUTE_FLAG_TRIGGER_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
0 /* event_label_len */, 0 /* event_label */, &id, &action_results)) < 0)
fprintf(stderr, "wolfsentry_route_insert_static() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
// else
// fprintf(stderr, "wolfsentry static greenlist rule for localhost has ID %u.\n",id);
}
if (ret != 0)
err_sys_ex(catastrophic, "unable to configure route table");
}
if (wolfSSL_CTX_set_AcceptFilter(ctx, (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback, wolfsentry) < 0)
err_sys_ex(catastrophic, "unable to install wolfSentry_NetworkFilterCallback");
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-03-26 12:55:13 -05:00
#endif
Modify example server to be resilient to WANT_WRITE errors.
2020-11-02 14:57:37 -06:00
if (simulateWantWrite)
{
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
}
TLS Session Ticket: default encryption callback Encrypts with ChaCha20-Poly1305 or AES-GCM. Two keys in rotation. Key used for encryption until ticket lifetime goes beyond expirary (default 1 hour). If key can still be used for decryption, encrypt with other key. Private random used to generate keys.
2021-02-03 13:30:38 +10:00
#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
initial server side session ticket support
2015-05-15 12:51:44 -07:00
if (TicketInit() != 0)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "unable to setup Session Ticket Key context");
initial server side session ticket support
2015-05-15 12:51:44 -07:00
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL)
/* used for testing only to set a static/fixed ephemeral key
for use with the sniffer */
#if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_ECDH,
"./certs/statickeys/ecc-secp256r1.pem", 0, WOLFSSL_FILETYPE_PEM);
if (ret != 0) {
err_sys_ex(runWithErrors, "error loading static ECDH key");
}
Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral.
2020-11-09 16:07:14 -08:00
#endif
#ifndef NO_DH
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_DH,
"./certs/statickeys/dh-ffdhe2048.pem", 0, WOLFSSL_FILETYPE_PEM);
if (ret != 0) {
err_sys_ex(runWithErrors, "error loading static DH key");
}
#endif
#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-04 14:31:47 -07:00
if (cipherList && !useDefCipherList) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(runWithErrors, "server can't set custom cipher list");
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-04 14:31:47 -07:00
}
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_LEANPSK
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#endif
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
if (fewerPackets)
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_CTX_set_group_messages(ctx);
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
if (dtlsMTU)
wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-30 15:48:15 -07:00
#ifdef WOLFSSL_ENCRYPTED_KEYS
make sure passwd_cb called before load private key in server example
2013-12-23 11:19:21 -08:00
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-23 11:25:01 -08:00
#if !defined(NO_CERTS)
memory management with OCSP requests
2019-01-14 09:49:50 -07:00
if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load server cert buffer");
#elif !defined(TEST_LOAD_BUFFER)
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "can't load server cert file, check file "
"and run from wolfSSL home dir");
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-23 11:25:01 -08:00
#else
/* loads cert chain file using buffer API */
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
added build option for leanPSK
2012-10-29 15:39:42 -07:00
}
#endif
add ntru cipher suite tests
2012-08-07 17:18:56 -07:00
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
!= WOLFSSL_SUCCESS) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Error setting minimum DH key size");
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
}
#endif
#ifndef NO_RSA
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != WOLFSSL_SUCCESS){
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Error setting minimum RSA key size");
add check for min RSA key size at TLS/SSL level
2016-04-14 13:35:49 -06:00
}
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
#ifdef HAVE_ECC
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != WOLFSSL_SUCCESS){
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Error setting minimum ECC key size");
minimum ECC key size check at TLS/SSL level
2016-04-19 15:50:25 -06:00
}
#endif
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
#ifdef HAVE_NTRU
if (useNtruKey) {
Refactor the cert renewal scripts with error handling Portability updates
2018-09-19 14:03:10 -06:00
if (wolfSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "can't load ntru key file, "
NTRU suites from earlier code
2015-07-11 12:52:22 -06:00
"Please run from wolfSSL home dir");
}
#endif
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-23 11:25:01 -08:00
#if !defined(NO_CERTS)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif
memory management with OCSP requests
2019-01-14 09:49:50 -07:00
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon
&& !(loadCertKeyIntoSSLObj == 1)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
err_sys_ex(catastrophic, "can't load server private key buffer");
#elif !defined(TEST_LOAD_BUFFER)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "can't load server private key file, "
"check file and run from wolfSSL home dir");
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-23 11:25:01 -08:00
#else
/* loads private key file using buffer API */
load_buffer(ctx, ourKey, WOLFSSL_KEY);
#endif
add ntru cipher suite tests
2012-08-07 17:18:56 -07:00
}
added build option for leanPSK
2012-10-29 15:39:42 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
if (usePsk || usePskPlus) {
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#ifndef NO_PSK
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
const char *defaultCipherList = cipherList;
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
Separate PSK callback for TLS 1.3 It is highly recommended that the PSK be different for each protocol. Example callback already returns a different key for TLS 1.3. New callback includes the ciphersuite, as a string, to use with the key.
2018-08-14 08:55:57 +10:00
#ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb);
#endif
fix psk no identify hint example logic
2015-08-03 09:32:51 -07:00
if (sendPskIdentityHint == 1)
Option for no PSK Id Hint and test cases update comment file reference
2015-07-31 21:51:04 -06:00
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
if (defaultCipherList == NULL && !usePskPlus) {
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#else
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
needDH = 1;
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#elif defined(HAVE_NULL_CIPHER)
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
defaultCipherList = "PSK-NULL-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#else
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
defaultCipherList = "PSK-AES128-CBC-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
!= WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "server can't set cipher list 2");
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
#endif /* !NO_PSK */
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
Change to work for other TLS versions Send alert when client doesn't send a certificate on request.
2020-02-21 09:43:32 +10:00
#ifndef NO_CERTS
if (mutualAuth)
Allow mutual authentication to be required for TLS 1.3
2020-02-20 16:15:30 +10:00
wolfSSL_CTX_mutual_auth(ctx, 1);
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects `HAVE_PK_CALLBACKS` on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API `wc_RsaPublicKeyDecode_ex` for parsing an RSA public key for the modulus and exponent. Changed `wolfSSL_CTX_SetTmpEC_DHE_Sz` to support a `size == 0` for using the long-term private key's size. Changed `ECDHE_SIZE` so it can be overridden and build-time. Added tests for `wolfSSL_CTX_SetTmpEC_DHE_Sz` and `wolfSSL_SetTmpEC_DHE_Sz`.
2018-10-25 09:15:23 -07:00
#ifdef HAVE_ECC
/* Use ECDHE key size that matches long term key.
* Zero means use ctx->privateKeySz.
* Default ECDHE_SIZE is 32 bytes
*/
if (wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 0) != WOLFSSL_SUCCESS){
err_sys_ex(runWithErrors, "Error setting ECDHE size");
}
#endif
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
if (useAnon) {
#ifdef HAVE_ANON
Test Fixes 1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled. 2. Fix a couple function name changes in the example server. 3. Removed the old FIPS wrapping added to dh.h, was redundant. 4. Move include of random.h in the aes.h file. 5. Fix where ecc.c was being left out of old FIPS builds. 6. Exclude the AES-GCM internal IV test case when building without the RNG. 7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-03-06 16:45:44 -08:00
wolfSSL_CTX_allow_anon_cipher(ctx);
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-05 14:35:33 -07:00
if (cipherList == NULL || (cipherList && useDefCipherList)) {
Added support for an anonymous cipher suite (#1267) * Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
const char* defaultCipherList;
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
!= WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "server can't set cipher list 4");
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
}
#endif
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
/* if not using PSK, verify peer with certs
if using PSK Plus then verify peer certs except PSK suites */
if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) {
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
unsigned int verify_flags = 0;
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
(usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT),
1. Remove dead assignment from client test. 2. Fix memory leak in example server test. 3. Use verify callback on certificates to allow callback to fail them. 4. Restore the forced failure test cases. 5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
(myVerifyAction == VERIFY_OVERRIDE_DATE_ERR ||
myVerifyAction == VERIFY_FORCE_FAIL) ? myVerify : NULL);
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
WOLFSSL_X509_LOOKUP *lookup;
store = wolfSSL_CTX_get_cert_store(ctx);
if (store == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't get WOLFSSL_X509_STORE");
}
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't add lookup");
}
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
}
} else {
#endif
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
verify_flags) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic,
"can't load ca file, Please run from wolfSSL home dir");
}
Trusted peer certificate use
2016-02-24 15:51:29 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
WOLFSSL_FILETYPE_PEM))
!= WOLFSSL_SUCCESS) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
}
Trusted peer certificate use
2016-02-24 15:51:29 -07:00
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
}
added build option for leanPSK
2012-10-29 15:39:42 -07:00
#endif
make server example more generic with short command opts
2012-07-30 11:58:57 -07:00
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
#ifdef WOLFSSL_SNIFFER
Fix for TLS v1.3 with `--enable-sniffer`.
2020-06-04 16:42:40 -07:00
if (cipherList == NULL && version < 4) {
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
/* static RSA or static ECC cipher suites */
const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
if (SSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "server can't set cipher list 3");
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
}
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
}
better error output for temp keys or compression on sniffer
2012-06-29 10:59:48 -07:00
#endif
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH
2013-06-03 10:04:49 -03:00
if (sniHostName)
Test Fixes 1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled. 2. Fix a couple function name changes in the example server. 3. Removed the old FIPS wrapping added to dh.h, was redundant. 4. Move include of random.h in the aes.h file. 5. Fix where ecc.c was being left out of old FIPS builds. 6. Exclude the AES-GCM internal IV test case when building without the RNG. 7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-03-06 16:45:44 -08:00
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "UseSNI failed");
merge in sni
2013-05-21 14:37:50 -07:00
#endif
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-01 15:45:53 -07:00
#ifdef USE_WINDOWS_API
if (port == 0) {
/* Generate random port for testing */
port = GetRandomPort();
}
#endif /* USE_WINDOWS_API */
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) {
printf("Async device open failed\nRunning without async\n");
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif
#ifdef HAVE_SESSION_TICKET
#ifdef WOLFSSL_TLS13
if (noTicketTls13)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
wolfSSL_CTX_no_ticket_TLSv13(ctx);
TLS Session Ticket: Option to disable for TLS 1.2 and below Customer may want session ticket supported with TLS 1.3 but not TLS 1.2 and below.
2021-01-22 11:27:23 +10:00
#endif
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (noTicketTls12)
wolfSSL_CTX_NoTicketTLSv12(ctx);
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
while (1) {
/* allow resume option */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (resumeCount > 1) {
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
if (dtlsUDP == 0) {
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
client_len = sizeof client_addr;
clientfd = accept(sockfd, (struct sockaddr*)&client_addr,
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
(ACCEPT_THIRD_T)&client_len);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
else {
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
clientfd = sockfd;
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "tcp accept failed");
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
}
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "ctx not using static memory");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "error printing out memory stats");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#endif
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
!= WOLFSSL_SUCCESS)
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("Couldn't set multicast cipher list.");
#endif
}
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
if (doDTLS && dtlsUDP) {
#ifdef WOLFSSL_DTLS
if (doBlockSeq) {
wolfSSL_CTX_SetIOSend(ctx, TestEmbedSendTo);
}
#endif
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
ssl = SSL_new(ctx);
if (ssl == NULL)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "unable to create an SSL object");
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
#ifdef OPENSSL_EXTRA
wolfSSL_KeepArrays(ssl);
#endif
better error checking on server example
2012-07-30 18:15:08 -07:00
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
/* Support for loading private key and cert using WOLFSSL object */
#if !defined(NO_CERTS)
if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
if (wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load server cert buffer");
#elif !defined(TEST_LOAD_BUFFER)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (SSL_use_certificate_chain_file(ssl, ourCert)
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "can't load server cert file, check file "
"and run from wolfSSL home dir");
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#else
/* loads cert chain file using buffer API */
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
#endif
}
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon &&
loadCertKeyIntoSSLObj
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#if defined(NO_FILESYSTEM)
if (wolfSSL_use_PrivateKey_buffer(ssl, server_key_der_2048,
sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load server private key buffer");
#elif !defined(TEST_LOAD_BUFFER)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(catastrophic, "can't load server private key file, check"
"file and run from wolfSSL home dir");
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#else
/* loads private key file using buffer API */
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
#endif
}
#endif /* !NO_CERTS */
Change define name for sending HRR Cookie
2017-06-27 08:37:55 +10:00
#ifdef WOLFSSL_SEND_HRR_COOKIE
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0)
!= WOLFSSL_SUCCESS) {
Add TLS v1.3 Cookie extension support Experimental stateless cookie
2017-06-23 16:26:54 +10:00
err_sys("unable to set use of cookie with HRR msg");
}
#endif
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "ctx not using static memory");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "error printing out memory stats");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
/* DTLS multicast secret for testing only */
#define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
#define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
byte pms[PMS_SZ]; /* pre master secret */
byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
XMEMSET(pms, 0x23, sizeof(pms));
XMEMSET(cr, 0xA5, sizeof(cr));
XMEMSET(sr, 0x5A, sizeof(sr));
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
!= WOLFSSL_SUCCESS) {
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("unable to set mcast secret");
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
}
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
}
Server Side Secure Renegotiation 1. Add the server side renegotiation flag to the secure renegotiation option. 2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled. 3. Fix the server's reaction to the client sending the SCR extension.
2018-11-27 17:33:49 -08:00
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't enable secure renegotiation");
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
Server Side Secure Renegotiation 1. Add the server side renegotiation flag to the secure renegotiation option. 2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled. 3. Fix the server's reaction to the client sending the SCR extension.
2018-11-27 17:33:49 -08:00
TLS 1.3: Post-handshake Authentication and resumption secret The master secret in arrays is not available post-handshake. Use the master secret in the session when calculating resumption secret.
2020-09-18 08:51:10 +10:00
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth) {
unsigned int verify_flags = 0;
SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
verify_flags)
!= WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't load ca file, Please run from "
"wolfSSL home dir");
}
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't load trusted peer cert "
"file");
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
}
#endif
#endif
add handshake done callback with ability to end connection
2015-05-09 11:04:47 -07:00
#ifndef NO_HANDSHAKE_DONE_CB
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
add handshake done callback with ability to end connection
2015-05-09 11:04:47 -07:00
#endif
crl dir monitoring for linux and mac
2012-05-22 17:25:15 -07:00
#ifdef HAVE_CRL
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
if (!disableCRL) {
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
#ifdef HAVE_CRL_MONITOR
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
have calling thread wait for crl monitor thread to setup for simpler cleanup
2015-11-23 14:15:12 -08:00
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
if (wolfSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "unable to enable CRL");
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
!= WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "unable to load CRL");
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "unable to set CRL callback url");
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
}
crl dir monitoring for linux and mac
2012-05-22 17:25:15 -07:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
if (useOcsp) {
if (ocspUrl != NULL) {
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
else
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
Use OCSP override URL enable in both example client and server.
2013-12-18 12:34:40 -08:00
}
Configure Fixes 1. The combination enable-all and disable-rsa breaks some of the testing. Added the NO_RSA guards as appropriate. 2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they use test certificates with RSA keys.
2019-03-13 17:54:33 -07:00
#ifndef NO_RSA
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 11:01:24 -07:00
/* All the OSCP Stapling test certs are RSA. */
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 11:01:24 -07:00
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
{ /* scope start */
const char* ca1 = "certs/ocsp/intermediate1-ca-cert.pem";
const char* ca2 = "certs/ocsp/intermediate2-ca-cert.pem";
const char* ca3 = "certs/ocsp/intermediate3-ca-cert.pem";
int fails = 0;
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic, "can't enable OCSP Stapling "
"Certificate Manager");
}
if (SSL_CTX_load_verify_locations(ctx, ca1, 0) != WOLFSSL_SUCCESS) {
fails++;
err_sys_ex(runWithErrors, "can't load ca file, Please run from "
"wolfSSL home dir");
}
if (SSL_CTX_load_verify_locations(ctx, ca2, 0) != WOLFSSL_SUCCESS) {
fails++;
err_sys_ex(runWithErrors, "can't load ca file, Please run from "
"wolfSSL home dir");
}
if (SSL_CTX_load_verify_locations(ctx, ca3, 0) != WOLFSSL_SUCCESS) {
fails++;
err_sys_ex(runWithErrors, "can't load ca file, Please run from "
"wolfSSL home dir");
}
if (fails > 2) {
err_sys_ex(catastrophic, "Failed to load any intermediates for "
"OCSP stapling test");
}
} /* scope end */
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 11:01:24 -07:00
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#endif /* NO_RSA */
#endif /* HAVE_OCSP */
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
#ifdef HAVE_PK_CALLBACKS
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
if (pkCallbacks)
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
SetupPkCallbackContexts(ssl, &pkCbInfo);
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
if (version >= 4) {
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
if (onlyKeyShare == 2) {
if (useX25519 == 1) {
#ifdef HAVE_CURVE25519
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
int groups[1] = { WOLFSSL_ECC_X25519 };
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x25519");
}
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: x25519");
}
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
}
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
else if (useX448 == 1) {
#ifdef HAVE_CURVE448
int groups[1] = { WOLFSSL_ECC_X448 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x448");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: x448");
}
#endif
}
else {
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef HAVE_ECC
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
int groups[1] = { WOLFSSL_ECC_SECP256R1 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
!= WOLFSSL_SUCCESS) {
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
err_sys("unable to use curve secp256r1");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: secp256r1");
}
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
#endif
}
}
else if (onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
int groups[1] = { WOLFSSL_FFDHE_2048 };
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use DH 2048-bit parameters");
}
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: DH 2048-bit");
}
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
}
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
}
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#ifdef HAVE_ENCRYPT_THEN_MAC
if (disallowETM)
wolfSSL_AllowEncryptThenMac(ssl, 0);
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
/* do accept */
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
readySignal = ((func_args*)args)->signal;
if (readySignal) {
readySignal->srfName = serverReadyFile;
}
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
client_len = sizeof client_addr;
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen,
&client_addr, &client_len);
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
doListen = 0; /* Don't listen next time */
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
if (port == 0) {
port = readySignal->port;
}
if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic, "error in setting fd");
}
#ifdef HAVE_TRUSTED_CA
if (trustedCaKeyId) {
if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
NULL, 0) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "UseTrustedCA failed");
}
}
#endif /* HAVE_TRUSTED_CA */
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
}
#endif
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
#ifdef WOLFSSL_DTLS
if (doDTLS && dtlsUDP) {
byte b[1500];
int n;
client_len = sizeof client_addr;
/* For DTLS, peek at the next datagram so we can get the client's
* address and set it into the ssl object later to generate the
* cookie. */
n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
(struct sockaddr*)&client_addr, &client_len);
if (n <= 0)
err_sys_ex(runWithErrors, "recvfrom failed");
if (doBlockSeq) {
XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len);
dtlsCtx.peer.sz = client_len;
dtlsCtx.wfd = clientfd;
dtlsCtx.failOnce = 1;
wolfSSL_SetIOWriteCtx(ssl, &dtlsCtx);
}
else {
wolfSSL_dtls_set_peer(ssl, &client_addr, client_len);
}
}
#endif
#ifdef WOLFSSL_NETWORK_INTROSPECTION
{
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
SOCKADDR_IN_T local_addr;
socklen_t local_len = sizeof(local_addr);
getsockname(clientfd, (struct sockaddr *)&local_addr, (socklen_t *)&local_len);
if (((struct sockaddr *)&client_addr)->sa_family != ((struct sockaddr *)&local_addr)->sa_family)
err_sys_ex(catastrophic, "client_addr.sa_family != local_addr.sa_family");
#ifdef TEST_IPV6
if ((ret = wolfSSL_set_endpoints(
ssl,
0 /* interface_id */,
client_addr.sin6_family,
IPPROTO_TCP,
sizeof(client_addr.sin6_addr),
(byte *)&client_addr.sin6_addr,
(byte *)&local_addr.sin6_addr,
client_addr.sin6_port,
local_addr.sin6_port) != WOLFSSL_SUCCESS)) {
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
}
#else /* !TEST_IPV6 */
if ((ret = wolfSSL_set_endpoints(
ssl,
0 /* interface_id */,
client_addr.sin_family,
IPPROTO_TCP,
sizeof(struct in_addr),
(byte *)&client_addr.sin_addr,
(byte *)&local_addr.sin_addr,
client_addr.sin_port,
local_addr.sin_port) != WOLFSSL_SUCCESS)) {
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
}
#endif /* TEST_IPV6 */
{
const struct wolfSSL_network_connection *nc;
const void *remote_addr2;
const void *local_addr2;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
if ((ret = wolfSSL_get_endpoints(ssl, &nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
}
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
printf("stored connection attrs: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-03-17 22:49:07 -05:00
nc->family,
nc->proto,
nc->remote_port,
nc->local_port,
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
nc->interface);
}
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
}
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-02 01:13:25 -05:00
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
DTLS Nonblocking Updates Add command line option to the example server to fake a write block on a specified DTLS sequence number in epoch 0.
2018-12-18 11:40:04 -08:00
option for fail on no peer cert except PSK suites
2016-02-08 14:52:56 -07:00
if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
|| needDH == 1) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#elif !defined(NO_DH)
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
SetDH(ssl); /* repick suites with DHE, higher priority than
* PSK */
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#endif
Make the skip DH test flag build-conditional.
2018-11-30 09:19:11 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
DHE Speed Up When loading DH domain parameters into a CTX, test the prime immediately. When loading them into a session, test the prime right before using it during the handshake. Sessions that get their prime from their context do not need to test their prime. Added a function to disable testing the prime in a session. The goal is to speed up testing as every single test case loads DH parameters whether they are used or not.
2018-11-29 17:01:37 -08:00
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(ssl, 0);
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifndef WOLFSSL_CALLBACKS
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
if (nonBlocking) {
FIPS Revalidation Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
2018-06-06 12:43:15 -07:00
#ifdef WOLFSSL_DTLS
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
FIPS Revalidation Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
2018-06-06 12:43:15 -07:00
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
tcp_set_nonblocking(&clientfd);
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Accept(ssl);
}
else {
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
if (earlyData) {
do {
int len;
err = 0; /* reset error */
ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
&len);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
ret = wolfSSL_AsyncPoll(ssl,
WOLF_POLL_FLAG_CHECK_HW);
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
if (ret < 0) break;
}
#endif
}
if (ret > 0) {
input[ret] = 0; /* null terminate message */
printf("Early Data Client message: %s\n", input);
}
} while (err == WC_PENDING_E || ret > 0);
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
ret = SSL_accept(ssl);
initial implement SSL_get_early_data_status
2021-01-21 15:32:32 +09:00
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#else
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Accept(ssl);
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
fix c89 build on windows
2016-04-06 11:16:40 -06:00
err = SSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("SSL_accept error %d, %s\n", err,
ERR_error_string(err, buffer));
Fix -x option in server to continue in event of error (R)
2018-11-06 14:09:46 -07:00
if (!exitWithRet) {
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
err_sys_ex(runWithErrors, "SSL_accept failed");
Fix -x option in server to continue in event of error (R)
2018-11-06 14:09:46 -07:00
} else {
/* cleanup */
SSL_free(ssl); ssl = NULL;
SSL_CTX_free(ctx); ctx = NULL;
CloseSocket(clientfd);
CloseSocket(sockfd);
((func_args*)args)->return_code = err;
goto exit;
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(ssl, lng_index);
add more compatiblity functions
2016-11-10 19:34:27 -07:00
if (SSL_state(ssl) != 0) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "SSL in error state");
add more compatiblity functions
2016-11-10 19:34:27 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:46:02 -06:00
/* if the caller requested a particular cipher, check here that either
* a canonical name of the established cipher matches the requested
* cipher name, or the requested cipher name is marked as an alias
* that matches the established cipher.
*/
if (cipherList && (! XSTRSTR(cipherList, ":"))) {
WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
byte requested_cipherSuite0, requested_cipherSuite;
int requested_cipherFlags;
if (established_cipher &&
/* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
(wolfSSL_get_cipher_suite_from_name(cipherList,
&requested_cipherSuite0,
&requested_cipherSuite,
&requested_cipherFlags) == 0)) {
word32 established_cipher_id = wolfSSL_CIPHER_get_id(established_cipher);
byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
byte established_cipherSuite = established_cipher_id & 0xff;
const char *established_cipher_name =
wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
established_cipherSuite);
const char *established_cipher_name_iana =
wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
established_cipherSuite);
if (established_cipher_name == NULL)
err_sys_ex(catastrophic, "error looking up name of established cipher");
if (strcmp(cipherList, established_cipher_name) &&
((established_cipher_name_iana == NULL) ||
strcmp(cipherList, established_cipher_name_iana))) {
if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
err_sys_ex(
catastrophic,
"Unexpected mismatch between names of requested and established ciphers.");
else if ((requested_cipherSuite0 != established_cipherSuite0) ||
(requested_cipherSuite != established_cipherSuite))
err_sys_ex(
catastrophic,
"Mismatch between IDs of requested and established ciphers.");
}
}
}
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
{
Scan-Build Fixes 1. Fixed a couple possible 0 byte allocations. 2. Fixed a couple missed frees due to error conditions. 3. Fixed a possible double free. To recreate: $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-11 14:12:22 -08:00
byte* rnd = NULL;
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
byte* pt;
size_t size;
/* get size of buffer then print */
size = wolfSSL_get_server_random(NULL, NULL, 0);
if (size == 0) {
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err_sys_ex(runWithErrors, "error getting server random buffer "
"size");
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
}
Scan-Build Fixes 1. Fixed a couple possible 0 byte allocations. 2. Fixed a couple missed frees due to error conditions. 3. Fixed a possible double free. To recreate: $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-11 14:12:22 -08:00
else {
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (rnd == NULL) {
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "error creating server random buffer");
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
}
expanding compatibility layer
2016-11-18 14:58:51 -07:00
size = wolfSSL_get_server_random(ssl, rnd, size);
seperate sanity checks on size and rnd allocation
2019-11-07 13:12:17 -07:00
if (size == 0) {
if (rnd) {
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rnd = NULL;
}
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "error getting server random buffer");
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
}
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
if (rnd) {
printf("Server Random : ");
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rnd = NULL;
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
}
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
}
#endif
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
#ifdef HAVE_ALPN
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
if (alpnList != NULL) {
char *protocol_name = NULL, *list = NULL;
word16 protocol_nameSz = 0, listSz = 0;
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name,
&protocol_nameSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
printf("Sent ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
printf("No ALPN response sent (no match)\n");
else
printf("Getting ALPN protocol name failed\n");
ALPN : add function to get in a server the list of supported protocols sent by the client.
2015-10-15 14:59:35 +02:00
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
printf("List of protocol names sent by Client: %s (%d)\n",
list, listSz);
else
printf("Get list of client's protocol name failed\n");
ALPN : add function to get in a server the list of supported protocols sent by the client.
2015-10-15 14:59:35 +02:00
example server to use cstd free for all build options
2015-10-16 14:05:37 -07:00
free(list);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (echoData == 0 && throughput == 0) {
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0);
}
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
#if defined(HAVE_SECURE_RENEGOTIATION) && \
defined(HAVE_SERVER_RENEGOTIATION_INFO)
if (scr && forceScr) {
if (nonBlocking) {
Implement non-blocking SCR on server side
2020-09-09 21:41:20 +02:00
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
do {
if (err == APP_DATA_READY) {
if ((ret = wolfSSL_read(ssl, input, sizeof(input)-1)) < 0) {
err_sys("APP DATA should be present but error returned");
}
printf("Received message: %s\n", input);
}
err = 0;
if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, ret);
}
} while (ret != WOLFSSL_SUCCESS &&
(err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE ||
err == APP_DATA_READY));
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
}
else {
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
}
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
} else {
WIP
2020-05-28 23:26:37 +02:00
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT
err = wolfSSL_get_error(ssl, 0);
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
if (ret != WOLFSSL_SUCCESS)
#endif
printf("not doing secure renegotiation\n");
Server Side Renegotiation 1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation. 2. Add indication to both the server and client examples that the renegotiation was successful.
2018-11-30 14:14:27 -08:00
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");
Server Side Secure Renegotiation 1. Add enables to the example server for turning on secure renegotiation. 2. Add encryption assists to the handhshake message handler functions. 3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-10-02 15:38:45 -07:00
}
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
Fixed example server to not try and write on failure.
2019-04-11 11:30:41 -07:00
if (err == 0 && echoData == 0 && throughput == 0) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
const char* write_msg;
int write_msg_sz;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_request_certificate(ssl);
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
/* Write data */
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
if (!useWebServerMsg) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
write_msg = kReplyMsg;
write_msg_sz = (int)XSTRLEN(kReplyMsg);
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
}
else {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
write_msg = kHttpServerMsg;
write_msg_sz = (int)XSTRLEN(kHttpServerMsg);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ServerWrite(ssl, write_msg, write_msg_sz);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifdef WOLFSSL_TLS13
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
if (updateKeysIVs || postHandAuth)
ServerRead(ssl, input, sizeof(input)-1);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Fixed example server to not try and write on failure.
2019-04-11 11:30:41 -07:00
else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
if (err != 0) {
SSL_free(ssl); ssl = NULL;
SSL_CTX_free(ctx); ctx = NULL;
CloseSocket(clientfd);
CloseSocket(sockfd);
((func_args*)args)->return_code = err;
goto exit;
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
add support for Application-Layer Protocol Name (RFC 7301) in the TLS extensions
2015-10-09 15:18:41 +02:00
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
os_dly_wait(500) ;
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#elif defined (WOLFSSL_TIRTOS)
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
Task_yield();
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
if (dtlsUDP == 0) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
ret = SSL_shutdown(ssl);
Updates from review
2020-04-01 11:14:25 -05:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
Tests and examples for bidirectional shutdown
2020-02-17 16:39:34 -06:00
ret = SSL_shutdown(ssl); /* bidirectional shutdown */
if (ret == WOLFSSL_SUCCESS)
printf("Bidirectional shutdown complete\n");
}
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
}
Tests and examples for bidirectional shutdown
2020-02-17 16:39:34 -06:00
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "static memory was not used with ssl");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
fprintf(stderr, "\nprint off SSL memory stats\n");
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
fprintf(stderr, "*** This is memory state before wolfSSL_free is "
"called\n");
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc);
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
fprintf(stderr, "total connection allocs = %d\n",
ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n",
ssl_stats.totalFr);
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
SSL_free(ssl); ssl = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
CloseSocket(clientfd);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
if (resume == 1 && resumeCount == 0) {
resumeCount++; /* only do one resume for testing */
continue;
}
resumeCount = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
cnt++;
Get Nginx working with wolfSSL
2016-12-22 12:53:29 +10:00
if (loops > 0 && --loops == 0) {
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
break; /* out of while loop, done with normal and resume option */
}
} /* while(1) */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
WOLFSSL_TIME(cnt);
WOLFSSL_FUNC_TIME changes Warning in code about using this define. Remove usage of WOLFSSL_FUNC_TIME from server.c.
2018-04-13 12:13:31 +10:00
(void)cnt;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
Added missing API's for disabling OCSP stapling. Added OCSP stapling enable/disable for WOLFSSL.
2017-10-17 13:52:05 -07:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL_CTX_DisableOCSPStapling(ctx);
#endif
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
add resume test to example server and script test
2015-04-28 12:21:54 -07:00
CloseSocket(sockfd);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
SSL_CTX_free(ctx); ctx = NULL;
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = 0;
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
exit:
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-01 13:08:41 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
ret = wolfsentry_shutdown(&wolfsentry);
if (ret != 0) {
fprintf(stderr, "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT, WOLFSENTRY_ERROR_FMT_ARGS(ret));
}
#endif
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
&& (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
Test Fixes 1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled. 2. Fix a couple function name changes in the example server. 3. Removed the old FIPS wrapping added to dh.h, was redundant. 4. Move include of random.h in the aes.h file. 5. Fix where ecc.c was being left out of old FIPS builds. 6. Exclude the AES-GCM internal IV test case when building without the RNG. 7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-03-06 16:45:44 -08:00
wc_ecc_fp_free(); /* free per thread cache */
cleanup fp cache on examples with thread local storage
2014-09-09 10:14:32 -07:00
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifdef WOLFSSL_TIRTOS
fix tirtos merge
2014-09-08 19:40:03 -07:00
fdCloseSession(Task_self());
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
TLS Session Ticket: default encryption callback Encrypts with ChaCha20-Poly1305 or AES-GCM. Two keys in rotation. Key used for encryption until ticket lifetime goes beyond expirary (default 1 hour). If key can still be used for decryption, encrypt with other key. Private random used to generate keys.
2021-02-03 13:30:38 +10:00
#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
add tiket key cleanup to help valgrind
2015-05-15 15:30:29 -07:00
TicketCleanup();
#endif
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
(void) ourKey;
(void) verifyCert;
(void) doCliCertCheck;
(void) useNtruKey;
(void) ourDhParam;
(void) ourCert;
static analysis fix on non default build and g++ warning
2018-11-07 14:50:07 -07:00
(void) useX25519;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
(void) useX448;
fix warning with secure-renegotiation build and error with ntru build
2018-12-19 15:47:43 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
(void) forceScr;
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
#ifndef WOLFSSL_TIRTOS
1.8.8 init
2011-02-05 11:14:47 -08:00
return 0;
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#endif /* !NO_WOLFSSL_SERVER */
1.8.8 init
2011-02-05 11:14:47 -08:00
/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
tcp_ready ready;
1.8.8 init
2011-02-05 11:14:47 -08:00
StartTCP();
args.argc = argc;
args.argv = argv;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
args.signal = &ready;
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
args.return_code = 0;
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
InitTcpReady(&ready);
1.8.8 init
2011-02-05 11:14:47 -08:00
Removed replaced the last two references to "CYASSL" macros with "WOLFSSL" in the example server.
2018-06-06 13:14:06 -07:00
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL)
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_Debugging_ON();
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_Init();
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
ChangeToWolfRoot();
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_SERVER
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, server_test);
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2015-10-16 07:46:51 +02:00
#else
1.8.8 init
2011-02-05 11:14:47 -08:00
server_test(&args);
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#endif
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#else
printf("Server not compiled in!\n");
#endif
FIPS Update 1. Moved the rest of the FIPS algorithms to FIPSv2. 2. Updated the fips-check and autogen scripts. 3. Updated the automake include for the crypto files. 4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer. 5. Added error code for the SHA-3 KAT. 6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-02-01 11:02:35 -08:00
wolfSSL_Cleanup();
add random ports for all make check scripts, unique ready file
2015-12-22 14:35:34 -08:00
FreeTcpReady(&ready);
1.8.8 init
2011-02-05 11:14:47 -08:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
Added `-x` option to allow example server to continue running when errors occur.
2017-06-22 22:19:59 -06:00
err_sys_ex(runWithErrors, "Failed to free netRandom context");
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#endif /* HAVE_WNR */
1.8.8 init
2011-02-05 11:14:47 -08:00
return args.return_code;
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
int myoptind = 0;
char* myoptarg = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif /* NO_MAIN_DRIVER */
Copy Permalink