feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
Files
60d3dec246943b96715de18b678ecc72a1ab0db2
wolfssl/examples/client/client.c

3332 lines
107 KiB
C
Raw Normal View History

Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
/* client.c
*
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
* Copyright (C) 2006-2017 wolfSSL Inc.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* This file is part of wolfSSL.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is free software; you can redistribute it and/or modify
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is distributed in the hope that it will be useful,
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*/
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#ifdef HAVE_CONFIG_H
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
#include <config.h>
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#endif
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
update SimpleClient example
2017-12-28 07:20:03 +09:00
#include <wolfssl/wolfcrypt/settings.h>
no longer user compatibility layer
2015-01-08 10:02:07 -07:00
#include <wolfssl/ssl.h>
debugging linking error
2014-12-19 15:30:07 -07:00
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
#include <stdio.h>
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#include <string.h>
update SimpleClient example
2017-12-28 07:20:03 +09:00
#include "rl_fs.h"
#include "rl_net.h"
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Corrected spelling mistakes, formatting
2011-08-04 16:42:55 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#include <wolfssl/test.h>
1.8.8 init
2011-02-05 11:14:47 -08:00
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-25 18:47:36 -07:00
#include <examples/client/client.h>
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#include <wolfssl/error-ssl.h>
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-19 23:38:41 -07:00
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
include tfm in example client for veiwing FP_MAX_BITS
2018-08-17 11:06:40 -06:00
#ifdef USE_FAST_MATH
/* included to inspect the size of FP_MAX_BITS */
#include <wolfssl/wolfcrypt/tfm.h>
#endif
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
include tfm in example client for veiwing FP_MAX_BITS
2018-08-17 11:06:40 -06:00
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
static int devId = INVALID_DEVID;
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#define DEFAULT_TIMEOUT_SEC 2
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
#ifndef MAX_NON_BLOCK_SEC
#define MAX_NON_BLOCK_SEC 10
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#define OCSP_STAPLING 1
#define OCSP_STAPLINGV2 2
#define OCSP_STAPLINGV2_MULTI 3
#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
/* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct
* port numbers when the internal thread using the server code using port 0. */
1.8.8 init
2011-02-05 11:14:47 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static int lng_index = 0;
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_CALLBACKS
1.8.8 init
2011-02-05 11:14:47 -08:00
Timeval timeout;
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
static int handShakeCB(HandShakeInfo* info)
{
(void)info;
return 0;
}
static int timeoutCB(TimeoutInfo* info)
{
(void)info;
return 0;
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
static int sessionTicketCB(WOLFSSL* ssl,
const unsigned char* ticket, int ticketSz,
void* ctx)
{
(void)ssl;
(void)ticket;
printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
ticketSz, (char*)ctx);
return 0;
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
static int NonBlockingSSL_Connect(WOLFSSL* ssl)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
{
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
int ret;
int error;
SOCKET_T sockfd;
int select_ret = 0;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
int elapsedSec = 0;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_CALLBACKS
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ret = wolfSSL_connect(ssl);
1.8.8 init
2011-02-05 11:14:47 -08:00
#else
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
error = wolfSSL_get_error(ssl, 0);
sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
#ifdef WOLFSSL_NONBLOCK_OCSP
|| error == OCSP_WANT_READ
#endif
)) {
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
int currTimeout = 1;
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (error == WOLFSSL_ERROR_WANT_READ)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would read block\n");
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
else if (error == WOLFSSL_ERROR_WANT_WRITE)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would write block\n");
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifdef WOLFSSL_ASYNC_CRYPT
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
if (error == WC_PENDING_E) {
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) break;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
else
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
{
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
if (error != WOLFSSL_ERROR_WANT_WRITE) {
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
|| (select_ret == TEST_ERROR_READY)
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
error = wolfSSL_get_error(ssl, 0);
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec = 0; /* reset elapsed */
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
if (error == WOLFSSL_ERROR_WANT_WRITE) {
/* Do a send select here. */
select_ret = tcp_select_tx(sockfd, 1);
if (select_ret == TEST_TIMEOUT) {
error = WOLFSSL_FATAL_ERROR;
}
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec += currTimeout;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (elapsedSec > MAX_NON_BLOCK_SEC) {
printf("Nonblocking connect timeout\n");
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
error = WOLFSSL_FATAL_ERROR;
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
wolfSSL_dtls_got_timeout(ssl) >= 0) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
else {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_FATAL_ERROR;
1.8.8 init
2011-02-05 11:14:47 -08:00
}
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
return ret;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
static void ShowCiphers(void)
{
Small stack fixes Changes to DH and SSL/TLS code to dynamically allocate large stack variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
static char ciphers[4096];
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret == WOLFSSL_SUCCESS)
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
printf("%s\n", ciphers);
}
fix merge conflict
2015-11-02 13:26:46 -08:00
/* Shows which versions are valid */
static void ShowVersions(void)
{
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#ifndef NO_OLD_TLS
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_SSLV3
printf("0:");
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
printf("1:");
#endif
printf("2:");
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#endif /* NO_OLD_TLS */
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
printf("3:");
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_TLS13
printf("4:");
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#endif
printf("d(downgrade):");
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
printf("e(either):");
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
printf("\n");
fix merge conflict
2015-11-02 13:26:46 -08:00
}
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#ifdef WOLFSSL_TLS13
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
{
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
int groups[3];
int count = 0;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
(void)useX25519;
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
#ifdef HAVE_CURVE25519
if (useX25519) {
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_ECC_X25519;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != WOLFSSL_SUCCESS)
err_sys("unable to use curve x25519");
}
else
#endif
{
#ifdef HAVE_ECC
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_ECC_SECP256R1;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
#endif
#endif
}
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_FFDHE_2048;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != WOLFSSL_SUCCESS)
err_sys("unable to use DH 2048-bit parameters");
#endif
}
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
err_sys("unable to set groups");
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
}
#endif
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#ifdef WOLFSSL_EARLY_DATA
static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
int msgSz, char* buffer)
{
int err;
int ret;
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
printf("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("SSL_write_early_data failed");
}
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
printf("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("SSL_write_early_data failed");
}
}
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static const char* client_bench_conmsg[][5] = {
/* English */
{
"wolfSSL_resume avg took:", "milliseconds\n",
"wolfSSL_connect avg took:", "milliseconds\n",
NULL
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
{
"wolfSSL_resume 平均時間:", "ミリ秒\n",
"wolfSSL_connect 平均時間:", "ミリ秒\n",
}
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
int helloRetry, int onlyKeyShare, int version, int earlyData)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
/* time passed in number of connects give average */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int times = benchmark, skip = times * 0.1;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int loops = resumeSession ? 2 : 1;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int i = 0, err, ret;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WOLFSSL_SESSION* benchSession = NULL;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
byte* reply[80];
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
static const char msg[] = "GET /index.html HTTP/1.0\r\n\r\n";
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#ifdef WOLFSSL_EARLY_DATA
static const char earlyMsg[] = "A drop of info";
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
const char** words = client_bench_conmsg[lng_index];
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
(void)resumeSession;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
(void)version;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
while (loops--) {
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int benchResume = resumeSession && loops == 0;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
fixed current_time argument
2016-04-14 16:26:51 +09:00
double start = current_time(1), avg;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
for (i = 0; i < times; i++) {
SOCKET_T sockfd;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
WOLFSSL* ssl;
if (i == skip)
start = current_time(1);
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#ifndef NO_SESSION_CACHE
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
else if (version >= 4) {
if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519);
else
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
wolfSSL_NoKeyShares(ssl);
}
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
defined(WOLFSSL_EARLY_DATA)
if (version >= 4 && benchResume && earlyData) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
EarlyData(ctx, ssl, earlyMsg, sizeof(earlyMsg)-1, buffer);
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("SSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Small stack fixes Changes to DH and SSL/TLS code to dynamically allocate large stack variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
#ifndef NO_SESSION_CACHE
if (version >= 4 && resumeSession && !benchResume)
#else
if (version >= 4 && resumeSession)
#endif
{
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (wolfSSL_write(ssl, msg, sizeof(msg)-1) <= 0)
err_sys("SSL_write failed");
if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
err_sys("SSL_read failed");
}
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wolfSSL_shutdown(ssl);
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (i == (times-1) && resumeSession) {
benchSession = wolfSSL_get_session(ssl);
}
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
avg = current_time(0) - start;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
avg /= (times - skip);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
avg *= 1000; /* milliseconds */
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (benchResume)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[0],avg, words[1]);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
else
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[2],avg, words[3]);
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
WOLFSSL_TIME(times);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
return EXIT_SUCCESS;
}
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int dtlsUDP, int dtlsSCTP, int block, int throughput, int useX25519)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
WOLFSSL* ssl;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int ret = 0, err = 0;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
#ifdef WOLFSSL_TLS13
#ifdef HAVE_CURVE25519
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS) {
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
err_sys("unable to use curve x25519");
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
}
}
#endif
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret == WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform throughput test */
char *tx_buffer, *rx_buffer;
/* Record connection time */
fixed current_time argument
2016-04-14 16:26:51 +09:00
conn_time = current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Allocate TX/RX buffers */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (tx_buffer && rx_buffer) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WC_RNG rng;
/* Startup the RNG */
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = wc_InitRng_ex(&rng, NULL, devId);
#else
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ret = wc_InitRng(&rng);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#endif
if (ret == 0) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int xfer_bytes;
/* Generate random data to send */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wc_FreeRng(&rng);
if(ret != 0) {
err_sys("wc_RNG_GenerateBlock failed");
}
/* Perform TX and RX of bytes */
xfer_bytes = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
while (throughput > xfer_bytes) {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
int len, rx_pos, select_ret;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Determine packet size */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
len = min(block, throughput - xfer_bytes);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform TX */
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, tx_buffer, len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != len) {
printf("SSL_write bench error %d!\n", err);
err_sys("SSL_write failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
tx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform RX */
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (select_ret == TEST_RECV_READY) {
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
rx_pos = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
while (rx_pos < len) {
ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
len - rx_pos);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("SSL_read bench error %d\n", err);
err_sys("SSL_read failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
}
else {
rx_pos += ret;
}
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
rx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
/* Compare TX and RX buffers */
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
Fixes for scan-build
2017-03-15 09:38:53 +10:00
free(tx_buffer);
tx_buffer = NULL;
free(rx_buffer);
rx_buffer = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("Compare TX and RX buffers failed");
}
/* Update overall position */
xfer_bytes += len;
}
}
else {
err_sys("wc_InitRng failed");
}
Fixes for building with `WC_NO_RNG`.
2018-09-13 13:23:55 -07:00
(void)rng; /* for WC_NO_RNG case */
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
err_sys("Client buffer malloc failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if(tx_buffer) XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(rx_buffer) XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
err_sys("wolfSSL_connect failed");
}
wolfSSL_shutdown(ssl);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
printf("wolfSSL Client Benchmark %d bytes\n"
"\tConnect %8.3f ms\n"
"\tTX %8.3f ms (%8.3f MBps)\n"
"\tRX %8.3f ms (%8.3f MBps)\n",
throughput,
conn_time * 1000,
tx_time * 1000, throughput / tx_time / 1024 / 1024,
rx_time * 1000, throughput / rx_time / 1024 / 1024
);
return EXIT_SUCCESS;
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
const char* starttlsCmd[6] = {
"220",
"EHLO mail.example.com\r\n",
"250",
"STARTTLS\r\n",
"220",
"QUIT\r\n",
};
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Initiates the STARTTLS command sequence over TCP */
static int StartTLS_Init(SOCKET_T* sockfd)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
char tmpBuf[256];
if (sockfd == NULL)
return BAD_FUNC_ARG;
/* S: 220 <host> SMTP service ready */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: EHLO mail.example.com */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[1]))
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS EHLO command\n");
/* S: 250 <host> offers a warm hug of welcome */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: STARTTLS */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[3])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS command\n");
}
/* S: 220 Go ahead */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received, expected 220");
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Closes down the SMTP connection */
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int ret, err = 0;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
char tmpBuf[256];
if (ssl == NULL)
return BAD_FUNC_ARG;
printf("\nwolfSSL client shutting down SMTP connection\n");
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
/* C: QUIT */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != (int)XSTRLEN(starttlsCmd[5])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send SMTP QUIT command\n");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
/* S: 221 2.0.0 Service closing transmission channel */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf));
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret < 0) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read SMTP closing down response\n");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
ret = wolfSSL_shutdown(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz)
{
int ret, err;
char buffer[WOLFSSL_MAX_ERROR_SZ];
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
} while (err == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret != msgSz) {
printf("SSL_write msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_write failed");
}
}
static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead)
{
int ret, err;
char buffer[WOLFSSL_MAX_ERROR_SZ];
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
double start = current_time(1), elapsed;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(ssl, reply, replyLen);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
printf("SSL_read reply error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_read failed");
}
}
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (mustRead && err == WOLFSSL_ERROR_WANT_READ) {
elapsed = current_time(0) - start;
if (elapsed > MAX_NON_BLOCK_SEC) {
printf("Nonblocking read timeout\n");
Fix for scan-build "Value stored to 'err' is never read`"
2019-01-11 09:42:41 -08:00
ret = WOLFSSL_FATAL_ERROR;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
break;
}
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
} while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret > 0) {
reply[ret] = 0;
printf("%s\n", reply);
}
}
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* when adding new option, please follow the steps below: */
/* 1. add new option message in English section */
/* 2. increase the number of the second dimention */
/* 3. add the same message into Japanese section */
/* (will be translated later) */
/* 4. add printf() into suitable position of Usage() */
static const char* client_usage_msg[][59] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
"Max RSA key size in bits for build is set at : ", /* 1 */
#ifdef NO_RSA
"RSA not supported\n", /* 2 */
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
"3072\n", /* 2 */
#elif !defined(WOLFSSL_SP_NO_2048)
"2048\n", /* 2 */
#else
"0\n", /* 2 */
#endif
#elif defined(USE_FAST_MATH)
#else
"INFINITE\n", /* 2 */
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> Help, print this usage\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: English, 1: Japanese\n", /* 3 */
"-h <host> Host to connect to, default", /* 4 */
"-p <num> Port to connect on, not 0, default", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
"-V Prints valid ssl version numbers"
Rollback stacing
2018-11-29 06:52:43 +09:00
", SSLv3(0) - TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
"-V Prints valid ssl version numbers,"
" SSLv3(0) - TLS1.3(4)\n", /* 7 */
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> Cipher suite list (: delimited)\n", /* 8 */
"-c <file> Certificate file, default", /* 9 */
"-k <file> Key file, default", /* 10 */
"-A <file> Certificate Authority file, default", /* 11 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> Minimum DH key bits, default", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> Benchmark <num> connections and print stats\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> Application-Layer Protocol"
Rollback stacing
2018-11-29 06:52:43 +09:00
" Negotiation ({C,F}:<list>)\n", /* 14 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
"-B <num> Benchmark throughput"
Rollback stacing
2018-11-29 06:52:43 +09:00
" using <num> bytes and print stats\n", /* 15 */
"-s Use pre Shared keys\n", /* 16 */
"-d Disable peer checks\n", /* 17 */
"-D Override Date Errors example\n", /* 18 */
"-e List Every cipher suite available, \n", /* 19 */
"-g Send server HTTP GET\n", /* 20 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-u Use UDP DTLS,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G Use SCTP DTLS,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m Match domain name in cert\n", /* 23 */
"-N Use Non-blocking sockets\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r Resume session\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w Wait for bidirectional shutdown\n", /* 26 */
"-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R Allow Secure Renegotiation\n", /* 28 */
"-i Force client Initiated Secure Renegotiation\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f Fewer packets/group messages\n", /* 30 */
"-x Disable client cert/key loading\n", /* 31 */
"-X Driven by eXternal test case\n", /* 32 */
"-j Use verify callback override\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z Print structure sizes\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> Use Host Name Indication\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Use Truncated HMAC\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n Disable Extended Master Secret\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o Perform OCSP lookup on peer certificate\n", /* 39 */
"-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef ATOMIC_USER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-U Atomic User Record Layer Callbacks\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-P Public Key Callbacks\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Rollback stacing
2018-11-29 06:52:43 +09:00
"-a Anonymous client\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
Rollback stacing
2018-11-29 06:52:43 +09:00
"-C Disable CRL\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-E <file> Path to load trusted peer cert\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
"-q <file> Whitewood config file, defaults\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> Internal tests"
Rollback stacing
2018-11-29 06:52:43 +09:00
" [defCipherList, exitWithRet, verifyFail]\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Rollback stacing
2018-11-29 06:52:43 +09:00
"-J Use HelloRetryRequest to choose group for KE\n", /* 49 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 50 */
"-I Update keys and IVs before sending data\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-y Key Share with FFDHE named groups only\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Y Key Share with ECC named groups only\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
Rollback stacing
2018-11-29 06:52:43 +09:00
"-t Use X25519 for key exchange\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Q Support requesting certificate post-handshake\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
Rollback stacing
2018-11-29 06:52:43 +09:00
"-0 Early data sent to server (0-RTT handshake)\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
Rollback stacing
2018-11-29 06:52:43 +09:00
"-3 <grpid> Multicast, grpid < 256\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> Display a result by specified language.\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: English, 1: Japanese\n", /* 58 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
"-2 Disable DH Prime check\n", /* 59 */
#endif
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_SECURE_RENEGOTIATION
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
"-4 Use resumption for renegotiation\n", /* 60 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
#ifdef HAVE_TRUSTED_CA
"-5 Use Trusted CA Key Indication\n", /* 61 */
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
Rollback stacing
2018-11-29 06:52:43 +09:00
{
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。"
Rollback stacing
2018-11-29 06:52:43 +09:00
"\n", /* 0 */
"RSAの最大ビットは次のように設定されています: ", /* 1 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef NO_RSA
Rollback stacing
2018-11-29 06:52:43 +09:00
"RSAはサポートされていません。\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Rollback stacing
2018-11-29 06:52:43 +09:00
"3072\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif !defined(WOLFSSL_SP_NO_2048)
Rollback stacing
2018-11-29 06:52:43 +09:00
"2048\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"0\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#elif defined(USE_FAST_MATH)
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"無限\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> ヘルプ, 使い方を表示\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: 英語、 1: 日本語\n", /* 3 */
"-h <host> 接続先ホスト, 既定値", /* 4 */
"-p <num> 接続先ポート, 0は無効, 既定値", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.3(4)\n", /* 7 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
"-c <file> 証明書ファイル, 既定値", /* 9 */
"-k <file> 鍵ファイル, 既定値", /* 10 */
"-A <file> 認証局ファイル, 既定値", /* 11 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> ベンチマーク <num> 接続及び結果出力する\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> アプリケーション層プロトコルネゴシエーションを行う"
Rollback stacing
2018-11-29 06:52:43 +09:00
" ({C,F}:<list>)\n", /* 14 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
"-B <num> <num> バイトを用いてのベンチマーク・スループット測定"
Rollback stacing
2018-11-29 06:52:43 +09:00
"と結果を出力する\n", /* 15 */
"-s 事前共有鍵を使用する\n", /* 16 */
"-d ピア確認を無効とする\n", /* 17 */
"-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */
"-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */
"-g サーバーへ HTTP GET を送信\n", /* 20 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-u UDP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G SCTP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m 証明書内のドメイン名一致を確認する\n", /* 23 */
"-N ノンブロッキング・ソケットを使用する\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r セッションを継続する\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w 双方向シャットダウンを待つ\n", /* 26 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-M <prot> STARTTLSを使用する, <prot>プロトコル(smtp)を"
Rollback stacing
2018-11-29 06:52:43 +09:00
"使用する\n", /* 27 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
"-i クライアント主導のネゴシエーションを強制する\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
"-X 外部テスト・ケースにより動作する\n", /* 32 */
"-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z 構造体のサイズを表示する\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> ホスト名表示を使用する\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> 最大フラグメント長[1-6]を設定する\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Truncated HMACを使用する\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n マスターシークレット拡張を無効にする\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o OCSPルックアップをピア証明書で実施する\n", /* 39 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-O <url> OCSPルックアップを、<url>を使用し"
Rollback stacing
2018-11-29 06:52:43 +09:00
"応答者として実施する\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-W <num> OCSP Staplingを使用する"
Rollback stacing
2018-11-29 06:52:43 +09:00
" (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef ATOMIC_USER
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-U アトミック・ユーザー記録の"
Rollback stacing
2018-11-29 06:52:43 +09:00
"コールバックを利用する\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-P 公開鍵コールバック\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Rollback stacing
2018-11-29 06:52:43 +09:00
"-a 匿名クライアント\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
Rollback stacing
2018-11-29 06:52:43 +09:00
"-C CRLを無効\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-E <file> 信頼出来るピアの証明書ロードの為のパス\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
"-q <file> Whitewood コンフィグファイル, 既定値\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> 内部テスト"
Rollback stacing
2018-11-29 06:52:43 +09:00
" [defCipherList, exitWithRet, verifyFail]\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Rollback stacing
2018-11-29 06:52:43 +09:00
"-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 49 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 50 */
"-I データ送信前に、鍵とIVを更新する\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-y FFDHE名前付きグループとの鍵共有のみ\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Y ECC名前付きグループとの鍵共有のみ\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
Rollback stacing
2018-11-29 06:52:43 +09:00
"-t X25519を鍵交換に使用する\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Q ポストハンドシェークの証明要求をサポートする\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-0 Early data をサーバーへ送信する"
Rollback stacing
2018-11-29 06:52:43 +09:00
"0-RTTハンドシェイク\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
Rollback stacing
2018-11-29 06:52:43 +09:00
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> 指定された言語で結果を表示します。\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: 英語、 1: 日本語\n", /* 58 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
"-2 DHプライム番号チェックを無効にする\n", /* 59 */
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
"-4 再交渉に再開を使用\n", /* 60 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 61 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
static void Usage(void)
{
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
int msgid = 0;
const char** msg = client_usage_msg[lng_index];
printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
msg[msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
/* print out so that scripts can know what the max supported key size is */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#ifdef NO_RSA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif !defined(WOLFSSL_SP_NO_2048)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#endif
#elif defined(USE_FAST_MATH)
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
printf("%d\n", FP_MAX_BITS/2);
#else
/* normal math has unlimited max size */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* ? */
printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#ifndef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
#endif
printf("%s", msg[++msgid]); /* -l */
printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -b */
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -L <str> */
#endif
printf("%s", msg[++msgid]); /* -B <num> */
printf("%s", msg[++msgid]); /* -s */
printf("%s", msg[++msgid]); /* -d */
printf("%s", msg[++msgid]); /* -D */
printf("%s", msg[++msgid]); /* -e */
printf("%s", msg[++msgid]); /* -g */
printf("%s", msg[++msgid]); /* -u */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#ifdef WOLFSSL_SCTP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -G */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -m */
printf("%s", msg[++msgid]); /* -N */
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 11:05:28 -08:00
#ifndef NO_SESSION_CACHE
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -r */
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 11:05:28 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -w */
printf("%s", msg[++msgid]); /* -M */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -R */
printf("%s", msg[++msgid]); /* -i */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -f */
printf("%s", msg[++msgid]); /* -x */
printf("%s", msg[++msgid]); /* -X */
printf("%s", msg[++msgid]); /* -j */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#ifdef SHOW_SIZES
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -z */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_SNI
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -S */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
fixing HAVE_MAX_FRAGMENT ifdef
2014-02-16 10:19:40 -03:00
#ifdef HAVE_MAX_FRAGMENT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -F */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -T */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -n */
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -o */
printf("%s", msg[++msgid]); /* -O */
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -W */
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -U */
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -P */
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#ifdef HAVE_ANON
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -a */
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
#ifdef HAVE_CRL
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -C */
add external site script test to make check
2015-05-07 10:02:43 -07:00
#endif
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -E */
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -H */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -J */
printf("%s", msg[++msgid]); /* -K */
printf("%s", msg[++msgid]); /* -I */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
#ifdef HAVE_ECC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
#endif /* WOLFSSL_TLS13 */
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#ifdef HAVE_CURVE25519
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -t */
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Q */
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -0 */
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#ifdef WOLFSSL_MULTICAST
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -3 */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -1 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("%s", msg[++msgid]); /* -2 */
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
printf("%s", msg[++msgid]); /* -4 */
#endif
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgid]); /* -5 */
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
1.8.8 init
2011-02-05 11:14:47 -08:00
{
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
1.8.8 init
2011-02-05 11:14:47 -08:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
wolfSSL_method_func method = NULL;
name change for client.c
2015-01-05 14:48:43 -07:00
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
1.8.8 init
2011-02-05 11:14:47 -08:00
Add cipher suite ECDHE-ECDSA-AES128-CCM 1. Added the usual cipher suite changes for the new suite. 2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing against GnuTLS. It wants to receive strings with newlines. 3. Updated the test configs for the new suite. Tested against GnuTLS's client and server using the options: $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" To talk to GnuTLS, wolfSSL also needed the supported curves option enabled.
2016-06-13 14:39:41 -07:00
#ifndef WOLFSSL_ALT_TEST_STRINGS
name change for client.c
2015-01-05 14:48:43 -07:00
char msg[32] = "hello wolfssl!"; /* GET may make bigger */
Add cipher suite ECDHE-ECDSA-AES128-CCM 1. Added the usual cipher suite changes for the new suite. 2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing against GnuTLS. It wants to receive strings with newlines. 3. Updated the test configs for the new suite. Tested against GnuTLS's client and server using the options: $ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost $ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" To talk to GnuTLS, wolfSSL also needed the supported curves option enabled.
2016-06-13 14:39:41 -07:00
char resumeMsg[32] = "resuming wolfssl!";
#else
char msg[32] = "hello wolfssl!\n";
char resumeMsg[32] = "resuming wolfssl!\n";
#endif
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
char reply[128];
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
int msgSz = (int)XSTRLEN(msg);
int resumeSz = (int)XSTRLEN(resumeMsg);
1.8.8 init
2011-02-05 11:14:47 -08:00
remove more stale cyassl headers
2015-02-25 13:34:29 -08:00
word16 port = wolfSSLPort;
char* host = (char*)wolfSSLIP;
wolfssl.com now uses old chacha-poly, detect for external test
2015-09-24 12:13:01 -07:00
const char* domain = "localhost"; /* can't default to www.wolfssl.com
because can't tell if we're really
going there to detect old chacha-poly
*/
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int ch;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
int version = CLIENT_INVALID_VERSION;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int usePsk = 0;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
int useAnon = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int sendGET = 0;
int benchmark = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int block = TEST_BUFFER_SIZE;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int throughput = 0;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
int doDTLS = 0;
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
int dtlsUDP = 0;
int dtlsSCTP = 0;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
int doMcast = 0;
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
int matchName = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int doPeerCheck = 1;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
int nonBlocking = 0;
int resumeSession = 0;
add external site script test to make check
2015-05-07 10:02:43 -07:00
int wc_shutdown = 0;
int disableCRL = 0;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
int externalTest = 0;
fix shutdown returns
2015-02-16 14:23:33 -08:00
int ret;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
int err = 0;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
int resumeScr = 0; /* use resumption for renegotiation */
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#ifndef WOLFSSL_NO_CLIENT_AUTH
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int useClientCert = 1;
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#else
int useClientCert = 0;
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int fewerPackets = 0;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
int atomicUser = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
int pkCallbacks = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
PkCbInfo pkCbInfo;
#endif
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
int overrideDateErrors = 0;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
char* alpnList = NULL;
unsigned char alpn_opt = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
char* cipherList = NULL;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
int useDefCipherList = 0;
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
const char* verifyCert = caCertFile;
const char* ourCert = cliCertFile;
const char* ourKey = cliKeyFile;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
int doSTARTTLS = 0;
char* starttlsProt = NULL;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
int useVerifyCb = 0;
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
int useSupCurve = 0;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
const char* trustCert = NULL;
#endif
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
int trustedCaKeyId = 0;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte truncatedHMAC = 0;
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte statusRequest = 0;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
byte disableExtMasterSecret = 0;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int helloRetry = 0;
int onlyKeyShare = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int noPskDheKe = 0;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
int postHandAuth = 0;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
int updateKeysIVs = 0;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
int earlyData = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#ifdef WOLFSSL_MULTICAST
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
byte mcastID = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#endif
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
int useX25519 = 0;
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
int exitWithRet = 0;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
int loadCertKeyIntoSSLObj = 0;
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
1.8.8 init
2011-02-05 11:14:47 -08:00
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
Increase the static memory pool in client to better support ECC or session certs.
2017-10-26 08:06:08 -07:00
byte memory[320000];
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#else
byte memory[80000];
#endif
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_MEM_CONN_STATS ssl_stats;
#ifdef DEBUG_WOLFSSL
WOLFSSL_MEM_STATS mem_stats;
#endif
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = -1; /* error state */
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#ifdef NO_RSA
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#ifdef HAVE_ECC
verifyCert = (char*)caEccCertFile;
ourCert = (char*)cliEccCertFile;
ourKey = (char*)cliEccKeyFile;
#elif defined(HAVE_ED25519)
verifyCert = (char*)caEdCertFile;
ourCert = (char*)cliEdCertFile;
ourKey = (char*)cliEdKeyFile;
#endif
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#endif
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
(void)resumeSz;
(void)session;
(void)sslResume;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
(void)atomicUser;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
(void)scr;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
(void)forceScr;
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
(void)resumeScr;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)ourKey;
(void)ourCert;
(void)verifyCert;
(void)useClientCert;
(void)overrideDateErrors;
add external site script test to make check
2015-05-07 10:02:43 -07:00
(void)disableCRL;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
(void)minDhKeyBits;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
(void)alpnList;
(void)alpn_opt;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
(void)updateKeysIVs;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
(void)useSupCurve;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
(void)loadCertKeyIntoSSLObj;
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
add STACK_TRAP to track stack use on client, will seqfault if exceed limit to see where use is too high, doesn't work with pthread_create()
2013-06-03 14:56:37 -07:00
StackTrap();
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#ifndef WOLFSSL_VXWORKS
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
/* Not used: All used */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
while ((ch = mygetopt(argc, argv, "?:"
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
Fix for example client arg `-4` not working.
2019-03-13 22:59:50 -07:00
"01:23:45")) != -1) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (ch) {
case '?' :
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
if(myoptarg!=NULL) {
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
case 'e' :
ShowCiphers();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
case 'D' :
overrideDateErrors = 1;
break;
add external site script test to make check
2015-05-07 10:02:43 -07:00
case 'C' :
fix scan-build warnings
2015-06-10 15:24:24 -07:00
#ifdef HAVE_CRL
disableCRL = 1;
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
break;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case 'u' :
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 's' :
usePsk = 1;
break;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
case 'E' :
trustCert = myoptarg;
break;
#endif
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
case 'm' :
matchName = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'x' :
useClientCert = 0;
break;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
case 'X' :
externalTest = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'f' :
fewerPackets = 1;
break;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
case 'P' :
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
pkCallbacks = 1;
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'h' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
host = myoptarg;
domain = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'p' :
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
port = (word16)atoi(myoptarg);
modified test port number to allow concurrent testing
2013-03-26 22:00:39 -07:00
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'v' :
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
if (myoptarg[0] == 'd') {
version = CLIENT_DOWNGRADE_VERSION;
break;
}
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (myoptarg[0] == 'e') {
version = EITHER_DOWNGRADE_VERSION;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
break;
}
#endif
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
version = atoi(myoptarg);
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (version < 0 || version > 4) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
fix merge conflict
2015-11-02 13:26:46 -08:00
case 'V' :
ShowVersions();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
fix merge conflict
2015-11-02 13:26:46 -08:00
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'l' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
cipherList = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
case 'H' :
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "exitWithRet", 11) == 0) {
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
printf("Skip exit() for testing\n");
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
exitWithRet = 1;
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "verifyFail", 10) == 0) {
printf("Verify should fail\n");
myVerifyFail = 1;
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
else if (XSTRNCMP(myoptarg, "useSupCurve", 11) == 0) {
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
printf("Attempting to test use supported curve\n");
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
useSupCurve = 1;
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
#else
printf("Supported curves not compiled in!\n");
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
printf("Load cert/key into wolfSSL object\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
#else
printf("Certs turned off with NO_CERTS!\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'A' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
verifyCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'c' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'k' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourKey = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
}
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'b' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
benchmark = atoi(myoptarg);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark < 0 || benchmark > 1000000) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
case 'B' :
throughput = atoi(myoptarg);
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
if (throughput <= 0 || block <= 0) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
break;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
case 'w' :
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
wc_shutdown = 1;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
break;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif
break;
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
case 'z' :
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
break;
merge in sni
2013-05-21 14:37:50 -07:00
case 'S' :
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-08-30 14:44:49 -06:00
if (XSTRNCMP(myoptarg, "check", 5) == 0) {
#ifdef HAVE_SNI
printf("SNI is: ON\n");
#else
printf("SNI is: OFF\n");
#endif
XEXIT_T(EXIT_SUCCESS);
}
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
switch example client max fragment arg to -F to make -L open on both client and server
2015-10-13 14:13:12 -07:00
case 'F' :
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`.
2018-10-15 17:06:21 -07:00
if (maxFragment < WOLFSSL_MFL_MIN ||
maxFragment > WOLFSSL_MFL_MAX) {
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
add extended master to example client
2016-09-01 15:17:46 -06:00
case 'n' :
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
disableExtMasterSecret = 1;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
break;
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
case 'W' :
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
statusRequest = atoi(myoptarg);
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
if (statusRequest > OCSP_STAPLING_OPT_MAX) {
Usage();
XEXIT_T(MY_EX_USAGE);
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
break;
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
fix merge conflict misses on alpn example letter change
2015-10-15 09:48:07 -07:00
case 'L' :
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
alpnList = myoptarg;
if (alpnList[0] == 'C' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
else if (alpnList[0] == 'F' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
}
alpnList += 2;
#endif
break;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
case 'M' :
doSTARTTLS = 1;
starttlsProt = myoptarg;
if (XSTRNCMP(starttlsProt, "smtp", 4) != 0) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
break;
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
case 'q' :
#ifdef HAVE_WNR
wnrConfigFile = myoptarg;
#endif
break;
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-04-14 16:39:21 -07:00
case 'J' :
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
helloRetry = 1;
#endif
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'I' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-08 12:49:38 -07:00
break;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
case 'j' :
useVerifyCb = 1;
break;
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
useSupCurve = 1;
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef WOLFSSL_TLS13
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
onlyKeyShare = 2;
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
#endif
break;
case 'Q' :
#if defined(WOLFSSL_TLS13) && \
defined(WOLFSSL_POST_HANDSHAKE_AUTH)
postHandAuth = 1;
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#endif
break;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
case '0' :
#ifdef WOLFSSL_EARLY_DATA
earlyData = 1;
#endif
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
case '1' :
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
case '3' :
#ifdef WOLFSSL_MULTICAST
doMcast = 1;
mcastID = (byte)(atoi(myoptarg) & 0xFF);
#endif
break;
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
case '4' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
resumeScr = 1;
#endif
Fix for example client arg `-4` not working.
2019-03-13 22:59:50 -07:00
break;
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
case '5' :
#ifdef HAVE_TRUSTED_CA
trustedCaKeyId = 1;
#endif /* HAVE_TRUSTED_CA */
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
myoptind = 0; /* reset for test cases */
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#endif /* !WOLFSSL_VXWORKS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (externalTest) {
/* detect build cases that wouldn't allow test against wolfssl.com */
int done = 0;
#ifdef NO_RSA
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
done += 1; /* require RSA for external tests */
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
if (!XSTRNCMP(domain, "www.globalsign.com", 14)) {
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
/* www.globalsign.com does not respond to ipv6 ocsp requests */
#if defined(TEST_IPV6) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
/* www.globalsign.com has limited supported cipher suites */
#if defined(NO_AES) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
/* www.globalsign.com only supports static RSA or ECDHE with AES */
/* We cannot expect users to have on static RSA so test for ECC only
* as some users will most likely be on 32-bit systems where ECC
* is not enabled by default */
#if defined(HAVE_OCSP) && !defined(HAVE_ECC)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
#endif
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
}
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#ifndef NO_PSK
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
if (usePsk) {
done += 1; /* don't perform exernal tests if PSK is enabled */
}
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#ifdef NO_SHA
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1; /* external cert chain most likely has SHA */
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#endif
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
correct logic to allow for static RSA if ECC and no Curves use same coding standards as the rest of the libraries
2016-02-10 13:28:31 -07:00
|| ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
&& !defined(WOLFSSL_STATIC_RSA) )
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
/* google needs ECDHE+Supported Curves or static RSA */
if (!XSTRNCMP(domain, "www.google.com", 14))
done += 1;
#endif
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
/* wolfssl needs ECDHE or static RSA */
if (!XSTRNCMP(domain, "www.wolfssl.com", 15))
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
fix google external test w/o ecdhe
2015-08-14 12:58:00 -07:00
#endif
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
#if !defined(WOLFSSL_SHA384)
if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
/* wolfssl need sha384 for cert chain verify */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
}
#endif
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#if !defined(HAVE_AESGCM) && defined(NO_AES) && \
!(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
/* need at least one of these for external tests */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#endif
remove invalid test-qsh version tests, revert if statement check in internal.c
2017-08-17 11:27:47 -06:00
#if defined(HAVE_QSH)
/*currently google server rejects client hello with QSH extension.*/
done += 1;
#endif
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
/* For the external test, if we disable AES, GoDaddy will reject the
* connection. They only currently support AES suites, RC4 and 3DES
* suites. With AES disabled we only offer PolyChacha suites. */
#if defined(NO_AES) && !defined(HAVE_AESGCM)
if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
done += 1;
}
#endif
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (done) {
OSCP 1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests.
2018-08-02 11:32:36 -07:00
printf("external test can't be run in this mode\n");
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
((func_args*)args)->return_code = 0;
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
}
}
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (version == EITHER_DOWNGRADE_VERSION)
version = -3;
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
else
version = -1;
}
}
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
err_sys("can't load whitewood net random config file");
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (version) {
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
#ifndef NO_OLD_TLS
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#ifdef WOLFSSL_ALLOW_SSLV3
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 0:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfSSLv3_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#endif
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_TLSV10
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* !NO_TLS */
#endif /* !NO_OLD_TLS */
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 3:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_2_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
case 4:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_3_client_method_ex;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
break;
#endif
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
case CLIENT_DOWNGRADE_VERSION:
method = wolfSSLv23_client_method_ex;
break;
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case EITHER_DOWNGRADE_VERSION:
method = wolfSSLv23_method_ex;
break;
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* NO_TLS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#ifndef NO_OLD_TLS
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case -1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_client_method_ex;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
case -2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_2_client_method_ex;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case -3:
method = wolfDTLSv1_2_method_ex;
break;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
err_sys("Bad SSL version");
merge in sni
2013-05-21 14:37:50 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
if (method == NULL)
err_sys("unable to get method");
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
* printing to stderr incase of debug mode turned on */
fprintf(stderr, "static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),
0, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to load static memory");
}
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to load static memory");
}
#else
ctx = wolfSSL_CTX_new(method(NULL));
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (ctx == NULL)
err_sys("unable to get ctx");
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
#ifdef SINGLE_THREADED
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
err_sys("Single Threaded new rng at CTX failed");
}
#endif
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
if (cipherList && !useDefCipherList) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 1");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_LEANPSK
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#endif
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
if (fewerPackets)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_group_messages(ctx);
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Fix Checks 1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.) 2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
2019-01-17 09:52:00 -08:00
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
!= WOLFSSL_SUCCESS) {
err_sys("Error setting minimum DH key size");
}
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
build test covers leanpsk
2012-10-30 12:51:14 -07:00
if (usePsk) {
1.8.8 init
2011-02-05 11:14:47 -08:00
#ifndef NO_PSK
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
Separate PSK callback for TLS 1.3 It is highly recommended that the PSK be different for each protocol. Example callback already returns a different key for TLS 1.3. New callback includes the ciphersuite, as a string, to use with the key.
2018-08-14 08:55:57 +10:00
#ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
#endif
build test covers leanpsk
2012-10-30 12:51:14 -07:00
if (cipherList == NULL) {
const char *defaultCipherList;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:"
"TLS13-AES128-GCM-SHA256";
#else
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
#elif defined(HAVE_NULL_CIPHER)
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
defaultCipherList = "PSK-NULL-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#else
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
defaultCipherList = "PSK-AES128-CBC-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!=WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 2");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
if (useAnon) {
#ifdef HAVE_ANON
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-05 14:35:33 -07:00
if (cipherList == NULL || (cipherList && useDefCipherList)) {
Added support for an anonymous cipher suite (#1267) * Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
const char* defaultCipherList;
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_allow_anon_cipher(ctx);
Added support for an anonymous cipher suite (#1267) * Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
err_sys("client can't set cipher list 4");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
}
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
}
1. Needed to tell the client to use sctp. 2. Creating the example sockets needed the IPPROTO type.
2016-08-26 10:47:01 -07:00
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-30 15:48:15 -07:00
#ifdef WOLFSSL_ENCRYPTED_KEYS
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
allow sniffer play nice in ecc build
2015-04-01 12:14:48 -07:00
#if defined(WOLFSSL_SNIFFER)
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
if (cipherList == NULL) {
build test covers leanpsk
2012-10-30 12:51:14 -07:00
/* don't use EDH, can't sniff tmp keys */
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 3");
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
}
make sure example clients don't use EDH when sniffer active
2011-04-29 10:41:21 -07:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
if (useOcsp) {
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
if (ocspUrl != NULL) {
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
}
Fix to handle non-blocking OCSP when `WOLFSSL_NONBLOCK_OCSP` is defined and not using async. OCSP callback should return `OCSP_WANT_READ`. Added ability to simulate non-blocking OCSP using `TEST_NONBLOCK_CERTS`.
2017-12-08 03:12:33 +01:00
else {
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
Fix to handle non-blocking OCSP when `WOLFSSL_NONBLOCK_OCSP` is defined and not using async. OCSP callback should return `OCSP_WANT_READ`. Added ability to simulate non-blocking OCSP using `TEST_NONBLOCK_CERTS`.
2017-12-08 03:12:33 +01:00
}
#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
}
#endif
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#ifdef USER_CA_CB
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetCACb(ctx, CaCb);
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#endif
Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
#ifdef HAVE_EXT_CACHE
wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
#endif
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (useClientCert && !loadCertKeyIntoSSLObj){
#ifndef TEST_LOAD_BUFFER
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
added build option for leanPSK
2012-10-29 15:39:42 -07:00
err_sys("can't load client cert file, check file and run from"
name change for client.c
2015-01-05 14:48:43 -07:00
" wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#endif
Add support for more OpenSSL APIs Add support for PEM_read and PEM_write Add OpenSSL PKCS#7 signed data support Add OpenSSL PKCS#8 Private key APIs Add X509_REQ OpenSSL APIs
2018-10-19 14:52:18 +10:00
if (useClientCert && !loadCertKeyIntoSSLObj
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
#ifndef TEST_LOAD_BUFFER
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
err_sys("can't load client private key file, check file and run "
name change for client.c
2015-01-05 14:48:43 -07:00
"from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, ourKey, WOLFSSL_KEY);
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Fix for unit.test fails with `-H verifyFail`.
2018-10-18 11:58:00 -07:00
if (!usePsk && !useAnon && !useVerifyCb && !myVerifyFail) {
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef TEST_LOAD_BUFFER
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, verifyCert, WOLFSSL_CA);
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* !NO_FILESYSTEM */
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_ECC
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
/* load ecc verify too, echoserver uses it by default w/ ecc */
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef TEST_LOAD_BUFFER
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif /* !TEST_LOAD_BUFFER */
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
err_sys("can't load trusted peer cert file");
}
addition to api tests and refactor location of trusted peer cert check
2016-02-29 11:02:18 -07:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
added build option for leanPSK
2012-10-29 15:39:42 -07:00
}
Fix for unit.test fails with `-H verifyFail`.
2018-10-18 11:58:00 -07:00
if (useVerifyCb || myVerifyFail)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
else if (!usePsk && !useAnon && doPeerCheck == 0)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
else if (!usePsk && !useAnon && overrideDateErrors == 1)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myDateCb);
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* !NO_CERTS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) {
printf("Async device open failed\nRunning without async\n");
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
if (sniHostName) {
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
merge in sni
2013-05-21 14:37:50 -07:00
err_sys("UseSNI failed");
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
}
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
merge in sni
2013-05-21 14:37:50 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseMaxFragment failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseTruncatedHMAC failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
#ifdef HAVE_SESSION_TICKET
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
err_sys("UseSessionTicket failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
if (disableExtMasterSecret)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
err_sys("DisableExtendedMasterSecret failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#if defined(HAVE_SUPPORTED_CURVES)
#if defined(HAVE_CURVE25519)
Fixes from review
2017-05-22 09:09:31 +10:00
if (useX25519) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
Fixes from review
2017-05-22 09:09:31 +10:00
err_sys("unable to support X25519");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
}
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ECC
if (useSupCurve) {
#if !defined(NO_ECC_SECP) && \
(defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp384r1");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif
#if !defined(NO_ECC_SECP) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp256r1");
}
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif /* HAVE_ECC */
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support. Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS 1.3 already. On by default - no checking of prime required. Add option to require client to see FFDHE parameters from server as per 'may' requirements in RFC 7919. Change TLS 1.3 ClientHello and ServerHello parsing to find the SupportedVersions extension first and process it. Then it can handle other extensions knowing which protocol we are using.
2019-02-18 10:57:12 +10:00
#ifdef HAVE_FFDHE_2048
if (useSupCurve) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support FFDHE 2048");
}
}
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif /* HAVE_SUPPORTED_CURVES */
merge in sni
2013-05-21 14:37:50 -07:00
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_CTX_allow_post_handshake_auth(ctx);
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
((func_args*)args)->return_code =
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
benchmark, resumeSession, useX25519,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
helloRetry, onlyKeyShare, version,
earlyData);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if(throughput) {
((func_args*)args)->return_code =
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
block, throughput, useX25519);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(WOLFSSL_MDK_ARM)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#if defined(OPENSSL_EXTRA)
if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
err_sys("bad read ahead default value");
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
adjust read ahead, some sanity checks and rebase
2016-12-09 13:16:17 -07:00
err_sys("error setting read ahead value");
}
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("Couldn't set multicast cipher list.");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
ssl = wolfSSL_new(ctx);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (ssl == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
err_sys("unable to get SSL object");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef NO_CERTS
if (useClientCert && loadCertKeyIntoSSLObj){
#ifndef TEST_LOAD_BUFFER
if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
#endif
}
if (loadCertKeyIntoSSLObj
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
#ifndef TEST_LOAD_BUFFER
if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
#endif /* !NO_CERTS */
#ifdef OPENSSL_EXTRA
wolfSSL_KeepArrays(ssl);
#endif
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
err_sys("error printing out memory stats");
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (!helloRetry) {
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
Updates for Draft 20 of TLS v1.3
2017-05-23 15:56:52 +10:00
#ifdef HAVE_CURVE25519
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
!= WOLFSSL_SUCCESS) {
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
err_sys("unable to use curve x25519");
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
}
}
Updates for Draft 20 of TLS v1.3
2017-05-23 15:56:52 +10:00
#endif
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
#ifdef HAVE_ECC
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
!= WOLFSSL_SUCCESS) {
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
err_sys("unable to use curve secp256r1");
}
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
#endif
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
#endif
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
}
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
err_sys("unable to use DH 2048-bit parameters");
}
#endif
}
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
}
else {
wolfSSL_NoKeyShares(ssl);
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
byte pms[512]; /* pre master secret */
byte cr[32]; /* client random */
byte sr[32]; /* server random */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
XMEMSET(pms, 0x23, sizeof(pms));
XMEMSET(cr, 0xA5, sizeof(cr));
XMEMSET(sr, 0x5A, sizeof(sr));
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("unable to set mcast secret");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
if (trustedCaKeyId) {
if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
NULL, 0) != WOLFSSL_SUCCESS) {
err_sys("UseTrustedCA failed");
}
}
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
}
#endif
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
if (statusRequest) {
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
if (version == 4 &&
(statusRequest == OCSP_STAPLINGV2 || \
statusRequest == OCSP_STAPLINGV2_MULTI)) {
err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
}
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:30:22 -03:00
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
err_sys("can't enable OCSP Stapling Certificate Manager");
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
switch (statusRequest) {
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
case OCSP_STAPLING:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
case OCSP_STAPLINGV2:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
case OCSP_STAPLINGV2_MULTI:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP_MULTI, 0)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#endif
default:
err_sys("Invalid OCSP Stapling option");
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
fixes ocsp nonce extension decoding; enables use of ocsp nonce extension in the client example.
2015-11-05 11:36:11 -03:00
wolfSSL_CTX_EnableOCSP(ctx, 0);
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
}
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(ssl, 0);
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
/* STARTTLS */
if (doSTARTTLS) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error during STARTTLS protocol");
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
}
crl stage 2
2012-05-16 17:04:56 -07:00
#ifdef HAVE_CRL
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-16 16:02:36 -07:00
if (disableCRL == 0 && !useVerifyCb) {
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't enable crl check");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't load crl, check crlfile and date validity");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't set crl callback");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add external site script test to make check
2015-05-07 10:02:43 -07:00
}
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
#endif
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
SetupPkCallbackContexts(ssl, &pkCbInfo);
crl stage 2
2012-05-16 17:04:56 -07:00
#endif
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
if (matchName && doPeerCheck)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
else {
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
#ifdef WOLFSSL_EARLY_DATA
Only do early data in initial handshake when using PSK
2018-10-24 09:47:30 +10:00
if (usePsk && earlyData)
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
EarlyData(ctx, ssl, msg, msgSz, buffer);
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
do {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = 0; /* reset error */
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
err = wolfSSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
} while (err == WC_PENDING_E);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#else
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
timeout.tv_usec = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
err = wolfSSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("wolfSSL_connect error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
/* cleanup */
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
CloseSocket(sockfd);
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
if (!exitWithRet)
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
err_sys("wolfSSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
/* see note at top of README */
/* if you're getting an error here */
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
((func_args*)args)->return_code = err;
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
goto exit;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(ssl, lng_index);
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#ifdef OPENSSL_EXTRA
{
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
byte* rnd;
byte* pt;
size_t size;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
/* get size of buffer then print */
size = wolfSSL_get_client_random(NULL, NULL, 0);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer size");
}
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rnd == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error creating client random buffer");
}
size = wolfSSL_get_client_random(ssl, rnd, size);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer");
}
printf("Client Random : ");
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
if (doSTARTTLS) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
if (XSTRNCMP(starttlsProt, "smtp", 4) == 0) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error closing STARTTLS connection");
}
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
CloseSocket(sockfd);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
((func_args*)args)->return_code = 0;
return 0;
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("No ALPN response received (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
if (scr && forceScr) {
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
1. Add a newline to the client's "non-blocking socket and renegotiation" notice. 2. Add suite test cases for more renegotiation setting combinations.
2019-02-21 10:06:55 -08:00
" nonblocking yet\n");
scr session resumption example
2014-09-26 10:47:57 -07:00
} else {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
if (!resumeScr) {
printf("Beginning secure rengotiation.\n");
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed");
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");
}
scr session resumption example
2014-09-26 10:47:57 -07:00
}
Server Side Renegotiation 1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation. 2. Add indication to both the server and client examples that the renegotiation was successful.
2018-11-30 14:14:27 -08:00
else {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
printf("Beginning secure resumption.\n");
if (wolfSSL_SecureResume(ssl) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_SecureResume failed");
}
else {
printf("SECURE RESUMPTION SUCCESSFUL\n");
}
Server Side Renegotiation 1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation. 2. Add indication to both the server and client examples that the renegotiation was successful.
2018-11-30 14:14:27 -08:00
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (sendGET) {
1.8.8 init
2011-02-05 11:14:47 -08:00
printf("SSL connect ok, sending GET...\n");
send proper http GET for examples/client
2011-03-22 08:18:27 -07:00
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
scan build fixes
2013-02-14 14:09:41 -08:00
msg[msgSz] = '\0';
fix merge conflict
2015-11-02 13:26:46 -08:00
resumeSz = msgSz;
strncpy(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz);
resumeMsg[resumeSz] = '\0';
1.8.8 init
2011-02-05 11:14:47 -08:00
}
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
add DTLS session export option
2016-05-10 13:27:45 -06:00
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ClientWrite(ssl, msg, msgSz);
1.8.8 init
2011-02-05 11:14:47 -08:00
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ClientRead(ssl, reply, sizeof(reply)-1, 1);
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
#if defined(WOLFSSL_TLS13)
if (updateKeysIVs || postHandAuth)
Cleanup
2017-06-21 16:56:51 +10:00
ClientWrite(ssl, msg, msgSz);
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (sendGET) { /* get html */
ClientRead(ssl, reply, sizeof(reply)-1, 0);
no DTLS streaming checks
2012-12-28 17:54:19 -08:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
name change for client.c
2015-01-05 14:48:43 -07:00
session = wolfSSL_get_session(ssl);
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
if (dtlsUDP == 0) { /* don't send alert after "break" command */
fix shutdown returns
2015-02-16 14:23:33 -08:00
ret = wolfSSL_shutdown(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
fix shutdown returns
2015-02-16 14:23:33 -08:00
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
}
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
CloseSocket(sockfd);
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
sslResume = wolfSSL_new(ctx);
if (sslResume == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
err_sys("unable to get SSL object");
}
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(sslResume, 0);
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
if (dtlsUDP) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
alpn_opt);
}
#endif
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
}
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_session(sslResume, session);
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
(void*)"resumed session");
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(sslResume);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
else {
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
#ifndef HAVE_SESSION_TICKET
if (!usePsk) {
}
else
#endif
if (earlyData) {
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
EarlyData(ctx, sslResume, msg, msgSz, buffer);
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
#else
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
timeout.tv_usec = 0;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("wolfSSL_connect resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err_sys("wolfSSL_connect resume failed");
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(sslResume, lng_index);
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
if (wolfSSL_session_reused(sslResume))
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
printf("Sending ALPN accepted list : %s\n", alpnList);
err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
&protocol_nameSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Not received ALPN response (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(sslResume, resumeMsg, resumeSz);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != resumeSz) {
printf("SSL_write resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
err_sys("SSL_write failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
remove fatal sniffer error sessions right away
2012-10-23 16:32:47 -07:00
/* give server a chance to bounce a message back to client */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = 0;
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
printf("Server resume response: %s\n", reply);
fix merge conflict
2015-11-02 13:26:46 -08:00
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
if (sendGET) { /* get html */
while (1) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = 0;
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
printf("%s\n", reply);
}
else
break;
fix merge conflict
2015-11-02 13:26:46 -08:00
}
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
printf("SSL_read resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err_sys("SSL_read failed");
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
}
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
/* try to send session break */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(sslResume, msg, msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
1.8.8 init
2011-02-05 11:14:47 -08:00
fix shutdown returns
2015-02-16 14:23:33 -08:00
ret = wolfSSL_shutdown(sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
fix shutdown returns
2015-02-16 14:23:33 -08:00
wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSLresume memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
scan build fixes
2013-02-14 14:09:41 -08:00
CloseSocket(sockfd);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#endif /* NO_SESSION_CACHE */
1.8.8 init
2011-02-05 11:14:47 -08:00
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = 0;
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
exit:
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
&& defined(HAVE_STACK_SIZE)
wc_ecc_fp_free(); /* free per thread cache */
#endif
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
(void) overrideDateErrors;
(void) useClientCert;
(void) verifyCert;
(void) ourCert;
(void) ourKey;
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
(void) useVerifyCb;
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if !defined(WOLFSSL_TIRTOS)
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
return 0;
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#endif /* !NO_WOLFSSL_CLIENT */
1.8.8 init
2011-02-05 11:14:47 -08:00
/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
1.8.8 init
2011-02-05 11:14:47 -08:00
StartTCP();
args.argc = argc;
args.argv = argv;
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
args.return_code = 0;
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
add staticmemory feature
2016-03-23 10:21:26 -06:00
wolfSSL_Init();
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
ChangeToWolfRoot();
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, client_test);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#else
1.8.8 init
2011-02-05 11:14:47 -08:00
client_test(&args);
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#endif
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
#else
printf("Client not compiled in!\n");
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_Cleanup();
1.8.8 init
2011-02-05 11:14:47 -08:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
#endif /* HAVE_WNR */
1.8.8 init
2011-02-05 11:14:47 -08:00
return args.return_code;
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
int myoptind = 0;
char* myoptarg = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif /* NO_MAIN_DRIVER */
Copy Permalink