feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
Files
c2c97c2b5784aded33ff42b84957c91cc93f52b9
wolfssl/examples/client/client.c

4585 lines
153 KiB
C
Raw Normal View History

Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
/* client.c
*
update copyright to 2023
2022-12-30 17:12:11 -07:00
* Copyright (C) 2006-2023 wolfSSL Inc.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* This file is part of wolfSSL.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is free software; you can redistribute it and/or modify
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is distributed in the hope that it will be useful,
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*/
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
/* For simpler wolfSSL TLS client examples, visit
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-05 18:16:08 -05:00
* https://github.com/wolfSSL/wolfssl-examples/tree/master/tls
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
*/
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#ifdef HAVE_CONFIG_H
Support for Intel QuickAssist ECC KeyGen acceleration.
2022-03-29 16:36:14 -07:00
#include <config.h>
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#endif
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifndef WOLFSSL_USER_SETTINGS
Support for Intel QuickAssist ECC KeyGen acceleration.
2022-03-29 16:36:14 -07:00
#include <wolfssl/options.h>
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#endif
update SimpleClient example
2017-12-28 07:20:03 +09:00
#include <wolfssl/wolfcrypt/settings.h>
no longer user compatibility layer
2015-01-08 10:02:07 -07:00
#include <wolfssl/ssl.h>
debugging linking error
2014-12-19 15:30:07 -07:00
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
2021-06-17 20:02:34 -05:00
#include <wolfsentry/wolfsentry.h>
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
static const char *wolfsentry_config_path = NULL;
#endif
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
Support for Intel QuickAssist ECC KeyGen acceleration.
2022-03-29 16:36:14 -07:00
#include <stdio.h>
#include <string.h>
#include "rl_fs.h"
#include "rl_net.h"
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Corrected spelling mistakes, formatting
2011-08-04 16:42:55 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#include <wolfssl/test.h>
1.8.8 init
2011-02-05 11:14:47 -08:00
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-25 18:47:36 -07:00
#include <examples/client/client.h>
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#include <wolfssl/error-ssl.h>
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-19 23:38:41 -07:00
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
#ifdef NO_RSA
#error currently the example only tries to load in a RSA buffer
#endif
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#include <wolfssl/certs_test.h>
#endif
Add introspection for math build and math cleanups: * Add introspection for math build. * Raise build error if more than one multi-precision math library used. * Fix ESP32 to support using any multi-precision math option. * Refactor math headers to use `wolfmath.h` * Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32). * Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`. * Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings. Applies To: ``` WOLFSSL_ESPWROOM32 WOLFSSL_ESPWROOM32SE MICROCHIP_PIC32 WOLFSSL_PICOTCP_DEMO WOLFSSL_UTASKER WOLFSSL_NRF5x FREERTOS_TCP WOLFSSL_TIRTOS EBSNET FREESCALE_COMMON FREESCALE_KSDK_BM WOLFSSL_DEOS MICRIUM WOLFSSL_SGX ```
2023-02-28 13:15:07 -08:00
#include <wolfssl/wolfcrypt/wolfmath.h> /* for max bits */
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
include tfm in example client for veiwing FP_MAX_BITS
2018-08-17 11:06:40 -06:00
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
static int devId = INVALID_DEVID;
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#define DEFAULT_TIMEOUT_SEC 2
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
#ifndef MAX_NON_BLOCK_SEC
#define MAX_NON_BLOCK_SEC 10
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#define OCSP_STAPLING 1
#define OCSP_STAPLINGV2 2
#define OCSP_STAPLINGV2_MULTI 3
#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
#ifdef WOLFSSL_ALT_TEST_STRINGS
#define TEST_STR_TERM "\n"
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
#else
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
#define TEST_STR_TERM
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
#endif
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
static const char kHelloMsg[] = "hello wolfssl!" TEST_STR_TERM;
#ifndef NO_SESSION_CACHE
static const char kResumeMsg[] = "resuming wolfssl!" TEST_STR_TERM;
#endif
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_EARLY_DATA)
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
static const char kEarlyMsg[] = "A drop of info" TEST_STR_TERM;
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
#endif
static const char kHttpGetMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
/* Write needs to be largest of the above strings (29) */
#define CLI_MSG_SZ 32
/* Read needs to be at least sizeof server.c `webServerMsg` (226) */
#define CLI_REPLY_SZ 256
DTLS Test Speed Fix Redux 1. Fix the check for XSLEEP_US in the client. 2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
2020-07-29 16:51:08 -07:00
#if defined(XSLEEP_US) && defined(NO_MAIN_DRIVER)
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
/* This is to force the server's thread to get a chance to
* execute before continuing the resume in non-blocking
* DTLS test cases. */
#define TEST_DELAY() XSLEEP_US(10000)
#else
#define TEST_DELAY() XSLEEP_MS(1000)
#endif
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
/* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct
* port numbers when the internal thread using the server code using port 0. */
1.8.8 init
2011-02-05 11:14:47 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static int lng_index = 0;
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_CALLBACKS
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
WOLFSSL_TIMEVAL timeoutConnect;
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
static int handShakeCB(HandShakeInfo* info)
{
(void)info;
return 0;
}
static int timeoutCB(TimeoutInfo* info)
{
(void)info;
return 0;
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#ifndef SESSION_TICKET_LEN
#define SESSION_TICKET_LEN 256
#endif
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
static int sessionTicketCB(WOLFSSL* ssl,
const unsigned char* ticket, int ticketSz,
void* ctx)
{
(void)ssl;
(void)ticket;
printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
ticketSz, (char*)ctx);
return 0;
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
static int NonBlockingSSL_Connect(WOLFSSL* ssl)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
{
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
int ret;
int error;
SOCKET_T sockfd;
int select_ret = 0;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
int elapsedSec = 0;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_CALLBACKS
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
ret = wolfSSL_connect(ssl);
1.8.8 init
2011-02-05 11:14:47 -08:00
#else
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeoutConnect);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
error = wolfSSL_get_error(ssl, 0);
sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
#ifdef WOLFSSL_NONBLOCK_OCSP
|| error == OCSP_WANT_READ
#endif
)) {
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
int currTimeout = 1;
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (error == WOLFSSL_ERROR_WANT_READ)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would read block\n");
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
else if (error == WOLFSSL_ERROR_WANT_WRITE)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would write block\n");
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifdef WOLFSSL_ASYNC_CRYPT
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
if (error == WC_PENDING_E) {
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) break;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
else
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
{
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
if (error == WOLFSSL_ERROR_WANT_WRITE) {
select_ret = tcp_select_tx(sockfd, currTimeout);
}
else
{
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
#ifdef WOLFSSL_DTLS
Reset ret in client and server after wolfSSL_dtls_got_timeout() - Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets - Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
2022-05-12 16:48:04 +02:00
if (wolfSSL_dtls(ssl))
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
DTLS Nonblocking Updates 1. Add a second select for tx. 2. Revised tcp_select to work for either rx or tx. 3. Updated client and server to use new tcp_select_tx() for checking the tx socket if the nonblocking connect/accept would block on transmit.
2018-12-14 11:30:03 -08:00
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
|| (select_ret == TEST_ERROR_READY)
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB,
timeoutConnect);
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
error = wolfSSL_get_error(ssl, 0);
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec = 0; /* reset elapsed */
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec += currTimeout;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (elapsedSec > MAX_NON_BLOCK_SEC) {
printf("Nonblocking connect timeout\n");
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
error = WOLFSSL_FATAL_ERROR;
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
DTLS fixes with WANT_WRITE simulations - WANT_WRITE could be returned in unexpected places. This patch takes care of that. - Change state after SendBuffered only if in a sending state to begin with. - Adapt client and server to simulate WANT_WRITE with DTLS
2022-04-26 15:51:50 +02:00
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl)) {
ret = wolfSSL_dtls_got_timeout(ssl);
if (ret != WOLFSSL_SUCCESS)
error = wolfSSL_get_error(ssl, ret);
else
error = WOLFSSL_ERROR_WANT_READ;
Reset ret in client and server after wolfSSL_dtls_got_timeout() - Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets - Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
2022-05-12 16:48:04 +02:00
ret = WOLFSSL_FAILURE; /* Reset error so we loop */
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
else {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_FATAL_ERROR;
1.8.8 init
2011-02-05 11:14:47 -08:00
}
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
return ret;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
static void ShowCiphers(void)
{
Added a WOLFSSL_CIPHER_LIST_MAX_SIZE macro
2019-04-22 16:30:38 -07:00
static char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
if (ret == WOLFSSL_SUCCESS) {
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
printf("%s\n", ciphers);
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
}
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
}
fix merge conflict
2015-11-02 13:26:46 -08:00
/* Shows which versions are valid */
static void ShowVersions(void)
{
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
char verStr[100];
XMEMSET(verStr, 0, sizeof(verStr));
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#ifndef NO_OLD_TLS
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_SSLV3
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "0:", 3);
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "1:", 3);
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "2:", 3);
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#endif /* NO_OLD_TLS */
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "3:", 3);
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_TLS13
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "4:", 3);
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#endif
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "d(downgrade):", 14);
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
XSTRNCAT(verStr, "e(either):", 11);
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
/* print all stings at same time on stdout to avoid any flush issues */
printf("%s\n", verStr);
fix merge conflict
2015-11-02 13:26:46 -08:00
}
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
increase example client key share group array size
2020-07-17 10:26:34 -06:00
#define MAX_GROUP_NUMBER 4
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
int useX448, int usePqc, char* pqcAlg, int setGroups)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
{
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
int ret;
increase example client key share group array size
2020-07-17 10:26:34 -06:00
int groups[MAX_GROUP_NUMBER] = {0};
Fixes for tests Fix the benchmark client to set all groups supported. Fix TLS 1.3 test script to work on PPC - check counter in separate test.
2018-05-01 14:27:38 +10:00
int count = 0;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
(void)useX25519;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
(void)useX448;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
(void)usePqc;
(void)pqcAlg;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
if (useX25519) {
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
#ifdef HAVE_CURVE25519
do {
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519);
if (ret == WOLFSSL_SUCCESS)
groups[count++] = WOLFSSL_ECC_X25519;
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_PENDING_E)
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else
err_sys("unable to use curve x25519");
} while (ret == WC_PENDING_E);
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#endif
}
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
else if (useX448) {
#ifdef HAVE_CURVE448
do {
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448);
if (ret == WOLFSSL_SUCCESS)
groups[count++] = WOLFSSL_ECC_X448;
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_PENDING_E)
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else
err_sys("unable to use curve x448");
} while (ret == WC_PENDING_E);
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#endif
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
}
else {
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#ifdef HAVE_ECC
Adds new `wc_ecc_get_curve_params` API for getting the `ecc_set_type` params for a curve index. Fix for example client and server using wrong macro for detecting ECC 256-bit enabled.
2019-07-24 10:35:33 -07:00
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
do {
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1);
if (ret == WOLFSSL_SUCCESS)
groups[count++] = WOLFSSL_ECC_SECP256R1;
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_PENDING_E)
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else
err_sys("unable to use curve secp256r1");
} while (ret == WC_PENDING_E);
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#endif
#endif
}
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
do {
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048);
if (ret == WOLFSSL_SUCCESS)
groups[count++] = WOLFSSL_FFDHE_2048;
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_PENDING_E)
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else
err_sys("unable to use DH 2048-bit parameters");
} while (ret == WC_PENDING_E);
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#endif
}
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#ifdef HAVE_PQC
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
if (onlyKeyShare == 0 || onlyKeyShare == 3) {
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
if (usePqc) {
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
int group = 0;
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_KYBER_LEVEL1;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_KYBER_LEVEL3;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_KYBER_LEVEL5;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_P256_KYBER_LEVEL1;
Hybridizing the OQS groups with NIST ECC groups.
2021-09-08 16:49:34 -04:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_P384_KYBER_LEVEL3;
Hybridizing the OQS groups with NIST ECC groups.
2021-09-08 16:49:34 -04:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
Convert post-quantum algorithm group names ... from using parameter set names from the papers to NIST levels.
2021-09-17 13:21:39 -04:00
group = WOLFSSL_P521_KYBER_LEVEL5;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
} else {
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
err_sys("invalid post-quantum KEM specified");
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
Allow session tickets to properly resume when using PQ KEMs. Found with: ``` ./configure --with-liboqs --enable-session-ticket ./examples/server/server -v 4 -r --pqc P521_KYBER_LEVEL5 ./examples/client/client -v 4 -r --pqc P521_KYBER_LEVEL5 ```
2022-12-13 11:36:00 -05:00
if (wolfSSL_UseKeyShare(ssl, group) == WOLFSSL_SUCCESS) {
groups[count++] = group;
}
else {
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
err_sys("unable to use post-quantum KEM");
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
}
}
#endif
increase example client key share group array size
2020-07-17 10:26:34 -06:00
if (count >= MAX_GROUP_NUMBER)
err_sys("example group array size error");
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
if (setGroups && count > 0) {
if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
err_sys("unable to set groups");
}
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
}
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#ifdef WOLFSSL_EARLY_DATA
static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
int msgSz, char* buffer)
{
int err;
int ret;
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("SSL_write_early_data failed");
}
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
wolfSSL_ERR_error_string(err, buffer));
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
err_sys("SSL_write_early_data failed");
}
}
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static const char* client_bench_conmsg[][5] = {
/* English */
{
"wolfSSL_resume avg took:", "milliseconds\n",
"wolfSSL_connect avg took:", "milliseconds\n",
NULL
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
{
"wolfSSL_resume 平均時間:", "ミリ秒\n",
"wolfSSL_connect 平均時間:", "ミリ秒\n",
}
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare,
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
int version, int earlyData)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
/* time passed in number of connects give average */
Implement peer review feedback
2022-06-03 11:06:46 -06:00
int times = benchmark, skip = (int)((double)times * 0.1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int loops = resumeSession ? 2 : 1;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int i = 0, err, ret;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WOLFSSL_SESSION* benchSession = NULL;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
byte reply[CLI_REPLY_SZ];
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
const char** words = client_bench_conmsg[lng_index];
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
(void)resumeSession;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
(void)useX448;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
(void)usePqc;
(void)pqcAlg;
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
(void)version;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
while (loops--) {
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int benchResume = resumeSession && loops == 0;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Implement peer review feedback
2022-06-03 11:06:46 -06:00
double start = current_time(1), avg;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
for (i = 0; i < times; i++) {
SOCKET_T sockfd;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
WOLFSSL* ssl;
Implement peer review feedback
2022-06-03 11:06:46 -06:00
if (i == skip)
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
start = current_time(1);
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
#ifndef NO_SESSION_CACHE
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
else if (version >= 4) {
if (!helloRetry)
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
usePqc, pqcAlg, 1);
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
else
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
wolfSSL_NoKeyShares(ssl);
}
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
defined(WOLFSSL_EARLY_DATA)
if (version >= 4 && benchResume && earlyData) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
Fixes for TLS v1.3 early data with async.
2022-03-11 09:46:42 -08:00
/* returns the number of polled items or <0 for error */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Fix for handling `WC_PENDING_E` from decrypt session ticket callback. ZD14420
2022-08-10 09:40:42 -07:00
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("SSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Small stack fixes Changes to DH and SSL/TLS code to dynamically allocate large stack variables when compiled with WOLFSSL_SMALL_STACK.
2018-07-17 09:04:00 +10:00
#ifndef NO_SESSION_CACHE
if (version >= 4 && resumeSession && !benchResume)
#else
if (version >= 4 && resumeSession)
#endif
{
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
/* no null term */
if (wolfSSL_write(ssl, kHttpGetMsg, sizeof(kHttpGetMsg)-1) <= 0)
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
err_sys("SSL_write failed");
if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
err_sys("SSL_read failed");
}
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wolfSSL_shutdown(ssl);
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (i == (times-1) && resumeSession) {
Update `wolfSSL_get_session` docs Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
2022-03-17 12:56:28 +01:00
if (benchSession != NULL)
wolfSSL_SESSION_free(benchSession);
benchSession = wolfSSL_get1_session(ssl);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
avg = current_time(0) - start;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
avg /= (times - skip);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
avg *= 1000; /* milliseconds */
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (benchResume)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[0],avg, words[1]);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
else
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[2],avg, words[3]);
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
WOLFSSL_TIME(times);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
Update `wolfSSL_get_session` docs Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
2022-03-17 12:56:28 +01:00
#ifndef NO_SESSION_CACHE
if (benchSession != NULL)
wolfSSL_SESSION_free(benchSession);
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
return EXIT_SUCCESS;
}
Fix RX/TX throughput reporting in example server. - I observed that client TX throughput < client RX throughput, but server TX throughput > server RX throughput. Turns out this is just a typo in the printing of the stats. The RX stat was being printed as the TX stat and vice- versa. - I added a note to scripts/benchmark.test about a 2 second sleep we do waiting for the server to come up. If you were to time this script with the time command, you'll see that 2 seconds in the result, which might be confusing if you didn't realize the sleep was there.
2020-12-08 16:43:42 -06:00
/* Measures throughput in mbps. Throughput = number of bytes */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version,
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
int onlyKeyShare)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
configure.ac: fix whitespace; client.c: make gcc 5.4.0 -Wmaybe-uninitialized happy.
2021-12-04 00:57:49 -06:00
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WOLFSSL* ssl;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int ret = 0, err = 0;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
(void)useX448;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
(void)usePqc;
(void)pqcAlg;
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
(void)version;
(void)onlyKeyShare;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (version >= 4) {
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
pqcAlg, 1);
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
}
#endif
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret == WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform throughput test */
char *tx_buffer, *rx_buffer;
/* Record connection time */
fixed current_time argument
2016-04-14 16:26:51 +09:00
conn_time = current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Allocate TX/RX buffers */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (tx_buffer && rx_buffer) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WC_RNG rng;
/* Startup the RNG */
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = wc_InitRng_ex(&rng, NULL, devId);
#else
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ret = wc_InitRng(&rng);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#endif
if (ret == 0) {
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
size_t xfer_bytes;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Generate random data to send */
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wc_FreeRng(&rng);
if(ret != 0) {
err_sys("wc_RNG_GenerateBlock failed");
}
/* Perform TX and RX of bytes */
xfer_bytes = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
while (throughput > xfer_bytes) {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
int len, rx_pos, select_ret;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Determine packet size */
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
len = min(block, (int)(throughput - xfer_bytes));
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform TX */
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, tx_buffer, len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != len) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_write bench error %d!\n", err);
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
if (!exitWithRet)
err_sys("SSL_write failed");
goto doExit;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
tx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform RX */
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (select_ret == TEST_RECV_READY) {
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
rx_pos = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
while (rx_pos < len) {
ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
len - rx_pos);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
client/server: tolerate WANT_WRITE errors
2022-05-20 10:00:37 +02:00
if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_WANT_WRITE) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_read bench error %d\n", err);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err_sys("SSL_read failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
}
else {
rx_pos += ret;
}
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
rx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
/* Compare TX and RX buffers */
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
Fixes for scan-build
2017-03-15 09:38:53 +10:00
free(tx_buffer);
tx_buffer = NULL;
free(rx_buffer);
rx_buffer = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("Compare TX and RX buffers failed");
}
/* Update overall position */
xfer_bytes += len;
}
}
else {
err_sys("wc_InitRng failed");
}
Fixes for building with `WC_NO_RNG`.
2018-09-13 13:23:55 -07:00
(void)rng; /* for WC_NO_RNG case */
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
err_sys("Client buffer malloc failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
doExit:
cppcheck fixes Fix checking of negative with unsigned variables. Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing by zero. Change XMEMCPY to XMEMSET in renesas_sce_util.c. Fix test.c to free prvTmp and pubTmp on read error. Remove unused variables. XFREE checks for NULL so don't check before call. Move variable declarations to reduce scope.
2023-04-03 16:51:07 +10:00
XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
err_sys("wolfSSL_connect failed");
}
wolfSSL_shutdown(ssl);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
if (exitWithRet)
return err;
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
#ifdef __MINGW32__
#define SIZE_FMT "%d"
#define SIZE_TYPE int
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
#else
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
#define SIZE_FMT "%zu"
#define SIZE_TYPE size_t
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
#endif
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
printf(
"wolfSSL Client Benchmark " SIZE_FMT " bytes\n"
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
"\tConnect %8.3f ms\n"
"\tTX %8.3f ms (%8.3f MBps)\n"
"\tRX %8.3f ms (%8.3f MBps)\n",
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
(SIZE_TYPE)throughput,
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
conn_time * 1000,
tx_time * 1000, throughput / tx_time / 1024 / 1024,
rx_time * 1000, throughput / rx_time / 1024 / 1024
);
return EXIT_SUCCESS;
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
const char* starttlsCmd[6] = {
"220",
"EHLO mail.example.com\r\n",
"250",
"STARTTLS\r\n",
"220",
"QUIT\r\n",
};
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Initiates the STARTTLS command sequence over TCP */
static int StartTLS_Init(SOCKET_T* sockfd)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages.
2021-10-12 15:13:38 -07:00
char tmpBuf[512];
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
if (sockfd == NULL)
return BAD_FUNC_ARG;
/* S: 220 <host> SMTP service ready */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
Fix StartTLS_Init (#5907) * Fix StartTLS_Init (contribution by Yota Nagaya)
2023-01-04 02:28:23 +09:00
if ((!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) &&
(tmpBuf[XSTRLEN(starttlsCmd[0])] == ' ')) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: EHLO mail.example.com */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[1]))
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS EHLO command\n");
/* S: 250 <host> offers a warm hug of welcome */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
Fix StartTLS_Init (#5907) * Fix StartTLS_Init (contribution by Yota Nagaya)
2023-01-04 02:28:23 +09:00
if ((!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) &&
(tmpBuf[XSTRLEN(starttlsCmd[2])] == '-')) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: STARTTLS */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[3])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS command\n");
}
/* S: 220 Go ahead */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
Fix Coverity
2020-06-04 21:05:07 -07:00
tmpBuf[sizeof(tmpBuf)-1] = '\0';
Fix StartTLS_Init (#5907) * Fix StartTLS_Init (contribution by Yota Nagaya)
2023-01-04 02:28:23 +09:00
if ((!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) &&
(tmpBuf[XSTRLEN(starttlsCmd[4])] == ' ')) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received, expected 220");
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
/* Closes down the SMTP connection */
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
int ret, err = 0;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
char tmpBuf[256];
if (ssl == NULL)
return BAD_FUNC_ARG;
printf("\nwolfSSL client shutting down SMTP connection\n");
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
/* C: QUIT */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != (int)XSTRLEN(starttlsCmd[5])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send SMTP QUIT command\n");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
/* S: 221 2.0.0 Service closing transmission channel */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret < 0) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read SMTP closing down response\n");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
tmpBuf[ret] = 0; /* null terminate message */
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
ret = wolfSSL_shutdown(ssl);
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
Updates from review
2020-04-01 11:14:25 -05:00
if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
TEST_RECV_READY) {
ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
if (ret == WOLFSSL_SUCCESS)
printf("Bidirectional shutdown complete\n");
}
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
if (ret != WOLFSSL_SUCCESS)
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Bidirectional shutdown failed\n");
Updates from review
2020-04-01 11:14:25 -05:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
Add support for id-pkix-ocsp-nocheck
2020-10-06 17:16:01 -07:00
static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str,
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
int exitWithRet)
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
{
int ret, err;
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
} while (err == WOLFSSL_ERROR_WANT_WRITE ||
err == WOLFSSL_ERROR_WANT_READ
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret != msgSz) {
cppcheck fixes Fix checking of negative with unsigned variables. Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing by zero. Change XMEMCPY to XMEMSET in renesas_sce_util.c. Fix test.c to free prvTmp and pubTmp on read error. Remove unused variables. XFREE checks for NULL so don't check before call. Move variable declarations to reduce scope.
2023-04-03 16:51:07 +10:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_write%s msg error %d, %s\n", str, err,
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
wolfSSL_ERR_error_string(err, buffer));
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
if (!exitWithRet) {
err_sys("SSL_write failed");
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
return err;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
const char* str, int exitWithRet)
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
{
int ret, err;
char buffer[WOLFSSL_MAX_ERROR_SZ];
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
double start = current_time(1), elapsed;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(ssl, reply, replyLen);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
Add testing/docs for blocking write - Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE - CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:08 +02:00
if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "SSL_read reply error %d, %s\n", err,
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
wolfSSL_ERR_error_string(err, buffer));
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
if (!exitWithRet) {
err_sys("SSL_read failed");
}
else {
break;
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
}
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
client/server: tolerate WANT_WRITE errors
2022-05-20 10:00:37 +02:00
if (mustRead &&
(err == WOLFSSL_ERROR_WANT_READ
|| err == WOLFSSL_ERROR_WANT_WRITE)) {
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
elapsed = current_time(0) - start;
if (elapsed > MAX_NON_BLOCK_SEC) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Nonblocking read timeout\n");
Fix for scan-build "Value stored to 'err' is never read`"
2019-01-11 09:42:41 -08:00
ret = WOLFSSL_FATAL_ERROR;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
break;
}
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
} while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
Add testing/docs for blocking write - Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE - CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:08 +02:00
|| err == WOLFSSL_ERROR_WANT_WRITE
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
HaProxy 2.4-dev18 support *This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.* This patch contains the following changes: - Enable more options with `--enable-haproxy` - Compatibility layer additions - `STACK_TYPE_X509_OBJ` - `OCSP_id_cmp` - `X509_STORE_get0_objects` - `X509V3_EXT_nconf_nid` - `X509V3_EXT_nconf` - `X509_chain_up_ref` - `X509_NAME_hash` - `sk_X509_NAME_new_null` - `X509_OBJECT_get0_X509` - `X509_OBJECT_get0_X509_CRL` - `ASN1_OCTET_STRING_free` - `X509_LOOKUP_TYPE` - `OSSL_HANDSHAKE_STATE` - New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL - WOLFSSL_CTX - Enable all compiled in protocols - Allow anonymous ciphers - Set message grouping - Set verify to SSL_VERIFY_NONE - In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO` - `ssl->peerVerifyRet` - Return first that occured - Set correct value on date error - Set revoked error on OCSP or CRL error - Save value in session and restore on resumption - Add to session serialization - With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt - Handle sni callback `SSL_TLSEXT_ERR_NOACK` - Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-04-20 16:15:42 +02:00
|| err == APP_DATA_READY
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
if (ret > 0) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
reply[ret] = 0; /* null terminate */
Client using common read and write func
2020-01-24 10:40:39 -08:00
printf("%s%s\n", str, reply);
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
return err;
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
}
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* when adding new option, please follow the steps below: */
/* 1. add new option message in English section */
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
/* 2. increase the number of the second column */
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-17 22:09:51 -05:00
/* 3. increase the array dimension */
/* 4. add the same message into Japanese section */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* (will be translated later) */
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-17 22:09:51 -05:00
/* 5. add printf() into suitable position of Usage() */
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
static const char* client_usage_msg[][70] = {
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
"Max RSA key size in bits for build is set at : ", /* 1 */
#ifdef NO_RSA
"RSA not supported\n", /* 2 */
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096.
2020-10-26 17:16:02 -05:00
#ifdef WOLFSSL_SP_4096
"4096\n", /* 2 */
#elif !defined(WOLFSSL_SP_NO_3072)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
"3072\n", /* 2 */
#elif !defined(WOLFSSL_SP_NO_2048)
"2048\n", /* 2 */
#else
"0\n", /* 2 */
#endif
#elif defined(USE_FAST_MATH)
#else
"INFINITE\n", /* 2 */
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> Help, print this usage\n"
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
" 0: English, 1: Japanese\n"
"--help Help, in English\n", /* 3 */
Rollback stacing
2018-11-29 06:52:43 +09:00
"-h <host> Host to connect to, default", /* 4 */
"-p <num> Port to connect on, not 0, default", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
"-V Prints valid ssl version numbers"
Rollback stacing
2018-11-29 06:52:43 +09:00
", SSLv3(0) - TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
"-V Prints valid ssl version numbers,"
" SSLv3(0) - TLS1.3(4)\n", /* 7 */
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> Cipher suite list (: delimited)\n", /* 8 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-c <file> Certificate file, default", /* 9 */
"-k <file> Key file, default", /* 10 */
"-A <file> Certificate Authority file, default", /* 11 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> Minimum DH key bits, default", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> Benchmark <num> connections and print stats\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> Application-Layer Protocol"
Rollback stacing
2018-11-29 06:52:43 +09:00
" Negotiation ({C,F}:<list>)\n", /* 14 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
"-B <num> Benchmark throughput"
Rollback stacing
2018-11-29 06:52:43 +09:00
" using <num> bytes and print stats\n", /* 15 */
TLS 1.3 Early Data: fix Will process early data packets now. Added test to check output of server for early data being received.
2020-08-25 11:26:53 +10:00
#ifndef NO_PSK
Rollback stacing
2018-11-29 06:52:43 +09:00
"-s Use pre Shared keys\n", /* 16 */
TLS 1.3 Early Data: fix Will process early data packets now. Added test to check output of server for early data being received.
2020-08-25 11:26:53 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-d Disable peer checks\n", /* 17 */
"-D Override Date Errors example\n", /* 18 */
"-e List Every cipher suite available, \n", /* 19 */
"-g Send server HTTP GET\n", /* 20 */
examples: update usage() with DTLSv1.3 version
2022-06-17 17:07:33 +02:00
#ifndef WOLFSSL_DTLS13
examples/: refactor a couple help strings to avoid hitting clang-tidy bugprone-suspicious-missing-comma.
2022-06-23 15:25:23 -05:00
"-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
" (default)\n", /* 21 */
examples: update usage() with DTLSv1.3 version
2022-06-17 17:07:33 +02:00
#else
examples/: refactor a couple help strings to avoid hitting clang-tidy bugprone-suspicious-missing-comma.
2022-06-23 15:25:23 -05:00
"-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
" (default), -v 4 for DTLSv1.3\n", /* 21 */
examples: update usage() with DTLSv1.3 version
2022-06-17 17:07:33 +02:00
#endif /* !WOLFSSL_DTLS13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G Use SCTP DTLS,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m Match domain name in cert\n", /* 23 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-N Use Non-blocking sockets\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r Resume session\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w Wait for bidirectional shutdown\n", /* 26 */
"-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R Allow Secure Renegotiation\n", /* 28 */
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
"-i <str> Force client Initiated Secure Renegotiation. If the\n"
" string 'scr-app-data' is passed in as the value and\n"
" Non-blocking sockets are enabled ('-N') then wolfSSL\n"
" sends a test message during the secure renegotiation.\n"
" The string parameter is optional.\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f Fewer packets/group messages\n", /* 30 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-x Disable client cert/key loading\n", /* 31 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-X Driven by eXternal test case\n", /* 32 */
"-j Use verify callback override\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z Print structure sizes\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> Use Host Name Indication\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Use Truncated HMAC\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n Disable Extended Master Secret\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o Perform OCSP lookup on peer certificate\n", /* 39 */
"-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
" With 'm' at end indicates MUST staple\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-U Atomic User Record Layer Callbacks\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-P Public Key Callbacks\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-a Anonymous client\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-C Disable CRL\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-E <file> Path to load trusted peer cert\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-q <file> Whitewood config file, defaults\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> Internal tests"
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
" loadSSL, disallowETM]\n", /* 50 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-J Use HelloRetryRequest to choose group for KE\n", /* 51 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */
"-I Update keys and IVs before sending data\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-y Key Share with FFDHE named groups only\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-Y Key Share with ECC named groups only\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-t Use X25519 for key exchange\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-Q Support requesting certificate post-handshake\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-0 Early data sent to server (0-RTT handshake)\n", /* 58 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-3 <grpid> Multicast, grpid < 256\n", /* 59 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> Display a result by specified language.\n"
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
" 0: English, 1: Japanese\n", /* 60 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-2 Disable DH Prime check\n", /* 61 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#endif
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_SECURE_RENEGOTIATION
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-4 Use resumption for renegotiation\n", /* 62 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
#ifdef HAVE_TRUSTED_CA
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-5 Use Trusted CA Key Indication\n", /* 63 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#endif
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
"-6 Simulate WANT_WRITE errors on every other IO send\n",
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-8 Use X448 for key exchange\n", /* 66 */
Add support for id-pkix-ocsp-nocheck
2020-10-06 17:16:01 -07:00
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
/* 67 */
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#endif
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
"--wolfsentry-config <file> Path for JSON wolfSentry config\n",
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
/* 68 */
not send smaller versions than minimum downgradable version as supportedversion ext
2021-05-14 14:37:04 +09:00
#endif
#ifndef WOLFSSL_TLS13
"-7 Set minimum downgrade protocol version [0-3] "
" SSLv3(0) - TLS1.2(3)\n",
#else
"-7 Set minimum downgrade protocol version [0-4] "
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
#endif
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#ifdef HAVE_PQC
examples/{client,server}/{client,server}.c: remove spurious commas in --pqc help strings, and mollify clang-tidy bugprone-suspicious-missing-comma re --force-curve help strings. (#5480)
2022-08-18 12:32:58 -05:00
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
Remove kyber-90s and route all kyber through wolfcrypt.
2022-11-30 17:17:28 -05:00
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
#endif
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#endif
#ifdef HAVE_SUPPORTED_CURVES
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
#endif
#ifndef NO_PSK
Minor fixes configure.ac: Don't use == in test. client.c: Merge string to one line. asn.c/asn_public.h: fix conversion warnings/errors. wc_Asn1_Print no longer public and doesn't need to check for NULL. wc_Asn1_PrintAll check all pointer parameters for NULL.
2023-05-05 08:43:50 +10:00
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
#endif
"\n"
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
"For simpler wolfSSL TLS client examples, visit\n"
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
Rollback stacing
2018-11-29 06:52:43 +09:00
{
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。"
Rollback stacing
2018-11-29 06:52:43 +09:00
"\n", /* 0 */
"RSAの最大ビットは次のように設定されています: ", /* 1 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef NO_RSA
Rollback stacing
2018-11-29 06:52:43 +09:00
"RSAはサポートされていません。\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Rollback stacing
2018-11-29 06:52:43 +09:00
"3072\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif !defined(WOLFSSL_SP_NO_2048)
Rollback stacing
2018-11-29 06:52:43 +09:00
"2048\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"0\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#elif defined(USE_FAST_MATH)
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"無限\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> ヘルプ, 使い方を表示\n"
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
" 0: 英語、 1: 日本語\n"
translated Japanese messages
2022-06-22 16:46:19 +09:00
"--ヘルプ 日本語で使い方を表示\n", /* 3 */
Rollback stacing
2018-11-29 06:52:43 +09:00
"-h <host> 接続先ホスト, 既定値", /* 4 */
"-p <num> 接続先ポート, 0は無効, 既定値", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.3(4)\n", /* 7 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-c <file> 証明書ファイル, 既定値", /* 9 */
"-k <file> 鍵ファイル, 既定値", /* 10 */
"-A <file> 認証局ファイル, 既定値", /* 11 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> ベンチマーク <num> 接続及び結果出力する\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> アプリケーション層プロトコルネゴシエーションを行う"
Rollback stacing
2018-11-29 06:52:43 +09:00
" ({C,F}:<list>)\n", /* 14 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
#endif
"-B <num> <num> バイトを用いてのベンチマーク・スループット測定"
Rollback stacing
2018-11-29 06:52:43 +09:00
"と結果を出力する\n", /* 15 */
TLS 1.3 Early Data: fix Will process early data packets now. Added test to check output of server for early data being received.
2020-08-25 11:26:53 +10:00
#ifndef NO_PSK
Rollback stacing
2018-11-29 06:52:43 +09:00
"-s 事前共有鍵を使用する\n", /* 16 */
TLS 1.3 Early Data: fix Will process early data packets now. Added test to check output of server for early data being received.
2020-08-25 11:26:53 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-d ピア確認を無効とする\n", /* 17 */
"-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */
"-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */
"-g サーバーへ HTTP GET を送信\n", /* 20 */
translated Japanese messages
2022-06-22 16:46:19 +09:00
"-u UDP DTLSを使用する。\n"
#ifndef WOLFSSL_DTLS13
" -v 2 を追加指定するとDTLSv1, "
"-v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */
#else
" -v 2 を追加指定するとDTLSv1, "
"-v 3 を追加指定すると DTLSv1.2 (既定値),\n"
" -v 4 を追加指定すると DTLSv1.3\n", /* 21 */
#endif /* !WOLFSSL_DTLS13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G SCTP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m 証明書内のドメイン名一致を確認する\n", /* 23 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-N ノンブロッキング・ソケットを使用する\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r セッションを継続する\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w 双方向シャットダウンを待つ\n", /* 26 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-M <prot> STARTTLSを使用する, <prot>プロトコル(smtp)を"
Rollback stacing
2018-11-29 06:52:43 +09:00
"使用する\n", /* 27 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
"-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-X 外部テスト・ケースにより動作する\n", /* 32 */
"-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z 構造体のサイズを表示する\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> ホスト名表示を使用する\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> 最大フラグメント長[1-6]を設定する\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Truncated HMACを使用する\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n マスターシークレット拡張を無効にする\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o OCSPルックアップをピア証明書で実施する\n", /* 39 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-O <url> OCSPルックアップを、<url>を使用し"
Rollback stacing
2018-11-29 06:52:43 +09:00
"応答者として実施する\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-W <num> OCSP Staplingを使用する"
Rollback stacing
2018-11-29 06:52:43 +09:00
" (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
translated Japanese messages
2022-06-22 16:46:19 +09:00
" 'm' を最後に指定すると必ず staple を使用する\n" /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-U アトミック・ユーザー記録の"
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"コールバックを利用する\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-P 公開鍵コールバック\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-a 匿名クライアント\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-C CRLを無効\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-E <file> 信頼出来るピアの証明書ロードの為のパス\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-q <file> Whitewood コンフィグファイル, 既定値\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> 内部テスト"
translated Japanese messages
2022-06-22 16:46:19 +09:00
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
" loadSSL, disallowETM]\n", /* 50 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */
"-I データ送信前に、鍵とIVを更新する\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-t X25519を鍵交換に使用する\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-0 Early data をサーバーへ送信する"
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"0-RTTハンドシェイク\n", /* 58 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 59 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> 指定された言語で結果を表示します。\n"
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
" 0: 英語、 1: 日本語\n", /* 60 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-2 DHプライム番号チェックを無効にする\n", /* 61 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-4 再交渉に再開を使用\n", /* 62 */
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#endif
#ifdef HAVE_TRUSTED_CA
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
"-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#endif
Fix typos in Japanese help.
2023-05-23 07:11:53 +09:00
"-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n",
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
translated Japanese messages
2022-06-22 16:46:19 +09:00
"-8 鍵交換に X448 を使用する\n", /* 66 */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 67 */
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#endif
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
"--wolfsentry-config <file> wolfSentry コンフィグファイル\n",
not send smaller versions than minimum downgradable version as supportedversion ext
2021-05-14 14:37:04 +09:00
/* 68 */
#endif
#ifndef WOLFSSL_TLS13
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
" SSLv3(0) - TLS1.2(3)\n",
#else
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
#endif
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#ifdef HAVE_PQC
examples/{client,server}/{client,server}.c: remove spurious commas in --pqc help strings, and mollify clang-tidy bugprone-suspicious-missing-comma re --force-curve help strings. (#5480)
2022-08-18 12:32:58 -05:00
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
Remove kyber-90s and route all kyber through wolfcrypt.
2022-11-30 17:17:28 -05:00
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
#endif
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
translated Japanese messages
2022-06-22 16:46:19 +09:00
"--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#endif
#ifdef WOLFSSL_SYS_CA_CERTS
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
#endif
#ifdef HAVE_SUPPORTED_CURVES
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
#endif
#ifndef NO_PSK
Minor fixes configure.ac: Don't use == in test. client.c: Merge string to one line. asn.c/asn_public.h: fix conversion warnings/errors. wc_Asn1_Print no longer public and doesn't need to check for NULL. wc_Asn1_PrintAll check all pointer parameters for NULL.
2023-05-05 08:43:50 +10:00
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#endif
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
"\n"
Fix typos in Japanese help.
2023-05-23 07:11:53 +09:00
"より簡単なwolfSSL TLS クライアントの例については"
translated Japanese messages
2022-06-22 16:46:19 +09:00
"下記にアクセスしてください\n"
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
static void showPeerPEM(WOLFSSL* ssl)
{
adjust macro guard in example client
2021-12-08 13:45:37 -07:00
#if defined(OPENSSL_ALL) && !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
if (peer) {
WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (bioOut == NULL) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "failed to get bio on stdout\n");
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
}
else {
if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE)
!= WOLFSSL_SUCCESS) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "failed to set stdout to bio output\n");
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
wolfSSL_BIO_free(bioOut);
bioOut = NULL;
}
}
if (bioOut) {
wolfSSL_BIO_write(bioOut, "---\nServer certificate\n",
XSTRLEN("---\nServer certificate\n"));
wolfSSL_PEM_write_bio_X509(bioOut, peer);
}
wolfSSL_BIO_free(bioOut);
}
wolfSSL_FreeX509(peer);
adjust macro guard in example client
2021-12-08 13:45:37 -07:00
#endif /* OPENSSL_ALL && WOLFSSL_CERT_GEN && !NO_BIO */
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
(void)ssl;
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
static void Usage(void)
{
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
int msgid = 0;
const char** msg = client_usage_msg[lng_index];
printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
msg[msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
/* print out so that scripts can know what the max supported key size is */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#ifdef NO_RSA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif !defined(WOLFSSL_SP_NO_2048)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#endif
#elif defined(USE_FAST_MATH)
Implement all relevant mp functions in sp_int
2020-01-06 15:23:45 +10:00
#if !defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_SP_MATH)
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
printf("%d\n", FP_MAX_BITS/2);
Implement all relevant mp functions in sp_int
2020-01-06 15:23:45 +10:00
#else
printf("%d\n", SP_INT_MAX_BITS/2);
#endif
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
#else
/* normal math has unlimited max size */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* ? */
printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#ifndef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
Changes for Nginx Support TLS v1.3 clients connecting to Nginx. Fix for PSS to not advertise hash unless the signature fits the private key size. Allow curves to be chosen by user. Support maximum verification depth (maximum number of untrusted certs in chain.) Add support for SSL_is_server() API. Fix number of certificates in chain when using wolfSSL_CTX_add_extra_chain_cert(). Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when SupportedVersions extension seen. Minor fixes.
2017-07-03 18:29:15 +10:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
#endif
printf("%s", msg[++msgid]); /* -l */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -b */
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -L <str> */
#endif
printf("%s", msg[++msgid]); /* -B <num> */
Fix Client Usage A string in the client's usage text was made optional depending on the NO_PSK option, but there was still an attempt to print it. This lead to a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
#ifndef NO_PSK
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -s */
Fix Client Usage A string in the client's usage text was made optional depending on the NO_PSK option, but there was still an attempt to print it. This lead to a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -d */
printf("%s", msg[++msgid]); /* -D */
printf("%s", msg[++msgid]); /* -e */
printf("%s", msg[++msgid]); /* -g */
printf("%s", msg[++msgid]); /* -u */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#ifdef WOLFSSL_SCTP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -G */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -m */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -N */
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 11:05:28 -08:00
#ifndef NO_SESSION_CACHE
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -r */
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 11:05:28 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -w */
printf("%s", msg[++msgid]); /* -M */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -R */
printf("%s", msg[++msgid]); /* -i */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -f */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#ifndef NO_CERTS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -x */
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -X */
printf("%s", msg[++msgid]); /* -j */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#ifdef SHOW_SIZES
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -z */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_SNI
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -S */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
fixing HAVE_MAX_FRAGMENT ifdef
2014-02-16 10:19:40 -03:00
#ifdef HAVE_MAX_FRAGMENT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -F */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -T */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -n */
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -o */
printf("%s", msg[++msgid]); /* -O */
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -W */
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
printf("%s", msg[++msgid]); /* note for -W */
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -U */
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -P */
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#ifdef HAVE_ANON
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -a */
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
#ifdef HAVE_CRL
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -C */
add external site script test to make check
2015-05-07 10:02:43 -07:00
#endif
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -E */
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -H */
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
printf("%s", msg[++msgid]); /* more -H options */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -J */
printf("%s", msg[++msgid]); /* -K */
printf("%s", msg[++msgid]); /* -I */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
#ifdef HAVE_ECC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
#endif /* WOLFSSL_TLS13 */
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#ifdef HAVE_CURVE25519
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -t */
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Q */
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -0 */
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#ifdef WOLFSSL_MULTICAST
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -3 */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -1 */
Update the help text so the Japanese translations of the new options are printed.
2019-02-20 11:23:00 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("%s", msg[++msgid]); /* -2 */
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
printf("%s", msg[++msgid]); /* -4 */
#endif
Move the -5 option text into the localization array and add a Japanese translation.
2019-02-21 10:28:23 -08:00
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgid]); /* -5 */
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
printf("%s", msg[++msgid]); /* -6 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#ifdef HAVE_CURVE448
printf("%s", msg[++msgid]); /* -8 */
#endif
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgid]); /* -9 */
#endif
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
printf("%s", msg[++msgid]); /* --wolfsentry-config */
#endif
not send smaller versions than minimum downgradable version as supportedversion ext
2021-05-14 14:37:04 +09:00
printf("%s", msg[++msgid]); /* -7 */
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-05 18:16:08 -05:00
printf("%s", msg[++msgid]); /* Examples repo link */
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#ifdef HAVE_PQC
printf("%s", msg[++msgid]); /* --pqc */
printf("%s", msg[++msgid]); /* --pqc options */
printf("%s", msg[++msgid]); /* more --pqc options */
printf("%s", msg[++msgid]); /* more --pqc options */
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
#endif
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
printf("%s", msg[++msgid]); /* --sys-ca-certs */
#endif
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#ifdef HAVE_SUPPORTED_CURVES
printf("%s", msg[++msgid]); /* --onlyPskDheKe */
#endif
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
printf("%s", msg[++msgid]); /* dtls-srtp */
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
#ifdef WOLFSSL_SRTP
/**
* client_srtp_test() - test that the computed ekm matches with the server one
* @ssl: ssl context
* @srtp_helper: srtp_test_helper struct shared with the server
*
* if @srtp_helper is NULL no check is made, but the ekm is printed.
*
* calls srtp_helper_get_ekm() to wait and then get the ekm computed by the
* server, then check if it matches the one computed by itself.
*/
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
static int client_srtp_test(WOLFSSL *ssl, func_args *args)
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
{
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
size_t srtp_secret_length;
byte *srtp_secret, *p;
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
int ret;
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
#if !defined(SINGLE_THREADED) && defined(_POSIX_THREADS)
srtp_test_helper *srtp_helper = args->srtp_helper;
byte *other_secret = NULL;
size_t other_size = 0;
#else
(void)args;
#endif
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
&srtp_secret_length);
if (ret != LENGTH_ONLY_E) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "DTLS SRTP: Error getting keying material length\n");
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
return ret;
}
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
srtp_secret = (byte*)XMALLOC(srtp_secret_length,
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
NULL, DYNAMIC_TYPE_TMP_BUFFER);
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
if (srtp_secret == NULL) {
err_sys("DTLS SRTP: Low memory");
}
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret,
&srtp_secret_length);
if (ret != WOLFSSL_SUCCESS) {
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "DTLS SRTP: Error getting keying material\n");
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
return ret;
}
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
printf("DTLS SRTP: Exported key material: ");
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++)
printf("%02X", *p);
printf("\n");
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
#if !defined(SINGLE_THREADED) && defined(_POSIX_THREADS)
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
if (srtp_helper != NULL) {
srtp_helper_get_ekm(srtp_helper, &other_secret, &other_size);
if (other_size != srtp_secret_length ||
(XMEMCMP(other_secret, srtp_secret, srtp_secret_length) != 0)) {
/* we are delegated from server to free this buffer */
XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
printf("DTLS SRTP: Exported Keying Material mismatch\n");
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
return WOLFSSL_UNKNOWN;
}
/* we are delegated from server to free this buffer */
XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
#endif
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
#endif /* WOLFSSL_SRTP */
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
additional sanity checks on debug callback
2022-10-11 13:14:59 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
1.8.8 init
2011-02-05 11:14:47 -08:00
{
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
1.8.8 init
2011-02-05 11:14:47 -08:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
wolfSSL_method_func method = NULL;
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
wolfsentry_errcode_t wolfsentry_ret;
#endif
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
WOLFSSL* sslResume = NULL;
WOLFSSL_SESSION* session = NULL;
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
byte* flatSession = NULL;
int flatSessionSz = 0;
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
char msg[CLI_MSG_SZ];
int msgSz = 0;
char reply[CLI_REPLY_SZ];
1.8.8 init
2011-02-05 11:14:47 -08:00
remove more stale cyassl headers
2015-02-25 13:34:29 -08:00
word16 port = wolfSSLPort;
char* host = (char*)wolfSSLIP;
wolfssl.com now uses old chacha-poly, detect for external test
2015-09-24 12:13:01 -07:00
const char* domain = "localhost"; /* can't default to www.wolfssl.com
because can't tell if we're really
going there to detect old chacha-poly
*/
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#ifndef WOLFSSL_VXWORKS
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int ch;
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
static const struct mygetopt_long_config long_options[] = {
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
{ "wolfsentry-config", 1, 256 },
#endif
{ "help", 0, 257 },
{ "ヘルプ", 0, 258 },
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#if defined(HAVE_PQC)
{ "pqc", 1, 259 },
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
#endif
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
{ "srtp", 2, 260 }, /* optional argument */
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
#endif
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#ifdef WOLFSSL_DTLS13
/* allow waitTicket option even when HAVE_SESSION_TICKET is 0. Otherwise
* tests that use this option will ignore the options following
* --waitTicket in the command line and fail */
{"waitTicket", 0, 261},
#endif /* WOLFSSL_DTLS13 */
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
#ifdef WOLFSSL_DTLS_CID
{"cid", 2, 262},
#endif /* WOLFSSL_DTLS_CID */
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
{ "sys-ca-certs", 0, 263 },
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#endif
#ifdef HAVE_SUPPORTED_CURVES
{ "onlyPskDheKe", 0, 264 },
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
#endif
#ifndef NO_PSK
{ "openssl-psk", 0, 265 },
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#endif
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
{ 0, 0, 0 }
};
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
int version = CLIENT_INVALID_VERSION;
Check for TLS downgrade
2021-04-22 14:52:57 -07:00
int minVersion = CLIENT_INVALID_VERSION;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int usePsk = 0;
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
int opensslPsk = 0;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
int useAnon = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int sendGET = 0;
int benchmark = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
int block = TEST_BUFFER_SIZE;
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
size_t throughput = 0;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
int doDTLS = 0;
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
int dtlsUDP = 0;
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
int dtlsMTU = 0;
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
int dtlsSCTP = 0;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
int doMcast = 0;
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
int matchName = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int doPeerCheck = 1;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
int nonBlocking = 0;
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
int simulateWantWrite = 0;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
int resumeSession = 0;
add external site script test to make check
2015-05-07 10:02:43 -07:00
int wc_shutdown = 0;
int disableCRL = 0;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
int externalTest = 0;
fix shutdown returns
2015-02-16 14:23:33 -08:00
int ret;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
int err = 0;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
int scr = 0; /* allow secure renegotiation */
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
int forceScr = 0; /* force client initiated scr */
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
int scrAppData = 0;
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
int resumeScr = 0; /* use resumption for renegotiation */
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#ifndef WOLFSSL_NO_CLIENT_AUTH
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int useClientCert = 1;
Allow Ed25519 private-only keys to work in TLS Change Ed25519 in TLS 1.2 to keep a copy of all the messages for certificate verification - interop with OpenSSL.
2018-04-27 14:43:04 +10:00
#else
int useClientCert = 0;
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int fewerPackets = 0;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
int atomicUser = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
int pkCallbacks = 0;
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
PkCbInfo pkCbInfo;
#endif
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
char* alpnList = NULL;
unsigned char alpn_opt = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
char* cipherList = NULL;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
int useDefCipherList = 0;
Don't force a ECC CA when a custom CA is passed with `-A` The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to `OPENSSL_COMPATIBLE_DEFAULTS`.
2022-03-08 14:52:40 +01:00
int customVerifyCert = 0;
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
const char* verifyCert;
const char* ourCert;
const char* ourKey;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
int doSTARTTLS = 0;
char* starttlsProt = NULL;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
int useVerifyCb = 0;
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
int useSupCurve = 0;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
const char* trustCert = NULL;
#endif
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
int trustedCaKeyId = 0;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte truncatedHMAC = 0;
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte statusRequest = 0;
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
byte mustStaple = 0;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
byte disableExtMasterSecret = 0;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int helloRetry = 0;
int onlyKeyShare = 0;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int noPskDheKe = 0;
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#ifdef HAVE_SUPPORTED_CURVES
int onlyPskDheKe = 0;
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
int postHandAuth = 0;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
int updateKeysIVs = 0;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
int earlyData = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#ifdef WOLFSSL_MULTICAST
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
byte mcastID = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#endif
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
int useX25519 = 0;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
int useX448 = 0;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
int usePqc = 0;
char* pqcAlg = NULL;
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
int exitWithRet = 0;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
int loadCertKeyIntoSSLObj = 0;
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
byte loadSysCaCerts = 0;
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#ifdef HAVE_ENCRYPT_THEN_MAC
int disallowETM = 0;
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#endif
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
const char* dtlsSrtpProfiles = NULL;
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
#endif
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#ifdef HAVE_SESSION_TICKET
int waitTicket = 0;
#endif /* HAVE_SESSION_TICKET */
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
#ifdef WOLFSSL_DTLS_CID
int useDtlsCID = 0;
char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
#endif /* WOLFSSL_DTLS_CID */
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
1.8.8 init
2011-02-05 11:14:47 -08:00
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
Increase the static memory pool in client to better support ECC or session certs.
2017-10-26 08:06:08 -07:00
byte memory[320000];
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#else
byte memory[80000];
#endif
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_MEM_CONN_STATS ssl_stats;
#ifdef DEBUG_WOLFSSL
WOLFSSL_MEM_STATS mem_stats;
#endif
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
WOLFSSL_HEAP_HINT *heap = NULL;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = -1; /* error state */
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
#ifndef NO_RSA
verifyCert = caCertFile;
ourCert = cliCertFile;
ourKey = cliKeyFile;
#else
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#ifdef HAVE_ECC
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
verifyCert = caEccCertFile;
ourCert = cliEccCertFile;
ourKey = cliEccKeyFile;
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#elif defined(HAVE_ED25519)
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
verifyCert = caEdCertFile;
ourCert = cliEdCertFile;
ourKey = cliEdKeyFile;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#elif defined(HAVE_ED448)
verifyCert = caEd448CertFile;
ourCert = cliEd448CertFile;
ourKey = cliEd448KeyFile;
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
#else
verifyCert = NULL;
ourCert = NULL;
ourKey = NULL;
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
#endif
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#endif
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
(void)session;
(void)sslResume;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
(void)atomicUser;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
(void)scr;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
(void)forceScr;
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
(void)scrAppData;
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
(void)resumeScr;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)ourKey;
(void)ourCert;
(void)verifyCert;
(void)useClientCert;
add external site script test to make check
2015-05-07 10:02:43 -07:00
(void)disableCRL;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
(void)minDhKeyBits;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
(void)alpnList;
(void)alpn_opt;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
(void)updateKeysIVs;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
(void)useX448;
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
(void)useSupCurve;
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
(void)loadCertKeyIntoSSLObj;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
(void)usePqc;
(void)pqcAlg;
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
(void)opensslPsk;
add STACK_TRAP to track stack use on client, will seqfault if exceed limit to see where use is too high, doesn't work with pthread_create()
2013-06-03 14:56:37 -07:00
StackTrap();
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
/* Reinitialize the global myVerifyAction. */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#ifndef WOLFSSL_VXWORKS
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
/* Not used: All used */
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
while ((ch = mygetopt_long(argc, argv, "?:"
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
"ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz"
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
Check for TLS downgrade
2021-04-22 14:52:57 -07:00
"01:23:4567:89"
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
"@#", long_options, 0)) != -1) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (ch) {
case '?' :
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
if(myoptarg!=NULL) {
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
case 257 :
lng_index = 0;
Usage();
XEXIT_T(EXIT_SUCCESS);
case 258 :
lng_index = 1;
Usage();
XEXIT_T(EXIT_SUCCESS);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
case 'e' :
ShowCiphers();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
case 'D' :
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
myVerifyAction = VERIFY_OVERRIDE_DATE_ERR;
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
break;
add external site script test to make check
2015-05-07 10:02:43 -07:00
case 'C' :
fix scan-build warnings
2015-06-10 15:24:24 -07:00
#ifdef HAVE_CRL
disableCRL = 1;
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
break;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case 'u' :
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
doDTLS = 1;
dtlsUDP = 1;
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
dtlsMTU = atoi(myoptarg);
#endif
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
break;
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
case 260:
doDTLS = 1;
dtlsUDP = 1;
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
dtlsSrtpProfiles = myoptarg != NULL ? myoptarg :
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
"SRTP_AES128_CM_SHA1_80";
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
printf("Using SRTP Profile(s): %s\n", dtlsSrtpProfiles);
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
break;
#endif
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#ifdef WOLFSSL_DTLS13
case 261:
#ifdef HAVE_SESSION_TICKET
waitTicket = 1;
#endif /* HAVE_SESSION_TICKET */
break;
#endif /* WOLFSSL_DTLS13 */
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
#ifdef WOLFSSL_DTLS_CID
case 262:
useDtlsCID = 1;
if (myoptarg != NULL) {
Fix for type warnings in example for DTLS CID `./configure --enable-dtls --enable-dtlscid --enable-dtls13`.
2022-08-24 16:02:05 -07:00
if (XSTRLEN(myoptarg) >= DTLS_CID_BUFFER_SIZE) {
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
err_sys("provided connection ID is too big");
}
else {
strcpy(dtlsCID, myoptarg);
}
}
break;
#endif /* WOLFSSL_CID */
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
dtlsUDP = 1;
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
dtlsSCTP = 1;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 's' :
usePsk = 1;
break;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
case 'E' :
trustCert = myoptarg;
break;
#endif
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
case 'm' :
matchName = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'x' :
useClientCert = 0;
break;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
case 'X' :
externalTest = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'f' :
fewerPackets = 1;
break;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
case 'U' :
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
atomicUser = 1;
#endif
break;
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
case 'P' :
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
pkCallbacks = 1;
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'h' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
host = myoptarg;
domain = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'p' :
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
port = (word16)atoi(myoptarg);
modified test port number to allow concurrent testing
2013-03-26 22:00:39 -07:00
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'v' :
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
if (myoptarg[0] == 'd') {
version = CLIENT_DOWNGRADE_VERSION;
break;
}
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (myoptarg[0] == 'e') {
version = EITHER_DOWNGRADE_VERSION;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
break;
}
#endif
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
version = atoi(myoptarg);
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (version < 0 || version > 4) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
fix merge conflict
2015-11-02 13:26:46 -08:00
case 'V' :
ShowVersions();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
fix merge conflict
2015-11-02 13:26:46 -08:00
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'l' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
cipherList = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
case 'H' :
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(myoptarg, "defCipherList") == 0) {
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "exitWithRet") == 0) {
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
printf("Skip exit() for testing\n");
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
exitWithRet = 1;
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "verifyFail") == 0) {
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
printf("Verify should fail\n");
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
myVerifyAction = VERIFY_FORCE_FAIL;
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
printf("Verify should not override error\n");
myVerifyAction = VERIFY_USE_PREVERFIY;
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
printf("Attempting to test use supported curve\n");
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
useSupCurve = 1;
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
#else
printf("Supported curves not compiled in!\n");
Fixes for minor nightly build errors. Missing `wc_ecc_fp_free` declaration and "Value stored to 'useSupCurve' is never read".
2019-03-01 16:12:08 -08:00
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
printf("Load cert/key into wolfSSL object\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
#else
printf("Certs turned off with NO_CERTS!\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
else if (XSTRCMP(myoptarg, "disallowETM") == 0) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
printf("Disallow Encrypt-Then-MAC\n");
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#ifdef HAVE_ENCRYPT_THEN_MAC
disallowETM = 1;
#endif
}
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
}
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'A' :
Don't force a ECC CA when a custom CA is passed with `-A` The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to `OPENSSL_COMPATIBLE_DEFAULTS`.
2022-03-08 14:52:40 +01:00
customVerifyCert = 1;
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
verifyCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'c' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'k' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourKey = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
}
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'b' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
benchmark = atoi(myoptarg);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark < 0 || benchmark > 1000000) {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
case 'B' :
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
throughput = atol(myoptarg);
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
Changes to clear issues raised by cppcheck
2020-01-15 22:15:38 +10:00
if (throughput == 0 || block <= 0) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
break;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
case 'w' :
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
wc_shutdown = 1;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
break;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(myoptarg, "scr-app-data") == 0) {
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
scrAppData = 1;
}
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
#endif
break;
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
case 'z' :
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
break;
merge in sni
2013-05-21 14:37:50 -07:00
case 'S' :
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(myoptarg, "check") == 0) {
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-08-30 14:44:49 -06:00
#ifdef HAVE_SNI
printf("SNI is: ON\n");
#else
printf("SNI is: OFF\n");
#endif
XEXIT_T(EXIT_SUCCESS);
}
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
switch example client max fragment arg to -F to make -L open on both client and server
2015-10-13 14:13:12 -07:00
case 'F' :
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`.
2018-10-15 17:06:21 -07:00
if (maxFragment < WOLFSSL_MFL_MIN ||
maxFragment > WOLFSSL_MFL_MAX) {
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
add extended master to example client
2016-09-01 15:17:46 -06:00
case 'n' :
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
disableExtMasterSecret = 1;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
break;
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
case 'W' :
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Example Client OCSP Option Fix 1. Before checking to see if the must staple flag is on the 'W' option, check the length of myoptarg.
2020-10-21 13:30:51 -07:00
{
word32 myoptargSz;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
statusRequest = atoi(myoptarg);
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
if (statusRequest > OCSP_STAPLING_OPT_MAX) {
Usage();
XEXIT_T(MY_EX_USAGE);
}
Example Client OCSP Option Fix 1. Before checking to see if the must staple flag is on the 'W' option, check the length of myoptarg.
2020-10-21 13:30:51 -07:00
myoptargSz = (word32)XSTRLEN(myoptarg);
if (myoptargSz > 0 &&
jumbo patch of fixes for clang-tidy gripes (with some bug fixes). defect/gripe statistics: configured --enable-all --enable-sp-math-all --enable-intelasm with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath] pre-patch warning count per file, with suppressions: clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c readability-redundant-preprocessor 9 wolfssl/src/ssl.c readability-redundant-preprocessor 2 wolfssl/src/tls13.c readability-redundant-preprocessor 18 wolfssl/tests/api.c readability-redundant-preprocessor 3 wolfssl/src/internal.c readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c readability-named-parameter 7 wolfssl/src/internal.c readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c readability-named-parameter 1 wolfssl/testsuite/testsuite.c readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c misc-no-recursion 3 wolfssl/src/ssl.c readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c bugprone-signed-char-misuse 2 wolfssl/src/ssl.c bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c bugprone-macro-parentheses 1 wolfssl/src/tls.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c bugprone-macro-parentheses 15 wolfssl/src/ssl.c bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c bugprone-macro-parentheses 8 wolfssl/tests/api.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c bugprone-macro-parentheses 2 wolfssl/tests/suites.c bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c pre-patch warning count summaries, with suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-suspicious-missing-comma 6 readability-redundant-preprocessor 45 readability-named-parameter 21 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-too-small-loop-variable 7 bugprone-signed-char-misuse 8 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 pre-patch warning count summaries, without suppressions: clang-analyzer-security.insecureAPI.strcpy 8 bugprone-branch-clone 152 readability-non-const-parameter 118 bugprone-suspicious-missing-comma 6 bugprone-suspicious-include 52 readability-magic-numbers 22423 readability-redundant-preprocessor 45 readability-named-parameter 21 readability-function-cognitive-complexity 845 readability-else-after-return 398 bugprone-implicit-widening-of-multiplication-result 595 readability-function-size 21 readability-isolate-declaration 1090 misc-redundant-expression 2 bugprone-narrowing-conversions 994 misc-no-recursion 3 readability-uppercase-literal-suffix 18 bugprone-reserved-identifier 56 readability-suspicious-call-argument 74 bugprone-too-small-loop-variable 7 bugprone-easily-swappable-parameters 437 bugprone-signed-char-misuse 8 readability-misleading-indentation 94 bugprone-macro-parentheses 601 readability-inconsistent-declaration-parameter-name 2 bugprone-suspicious-string-compare 495 readability-redundant-control-flow 20 readability-braces-around-statements 11483 clang-analyzer-valist.Uninitialized 1 clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-19 23:09:50 -06:00
XTOUPPER((unsigned char)myoptarg[myoptargSz-1]) == 'M') {
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
mustStaple = 1;
}
Example Client OCSP Option Fix 1. Before checking to see if the must staple flag is on the 'W' option, check the length of myoptarg.
2020-10-21 13:30:51 -07:00
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
break;
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
fix merge conflict misses on alpn example letter change
2015-10-15 09:48:07 -07:00
case 'L' :
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
alpnList = myoptarg;
if (alpnList[0] == 'C' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
else if (alpnList[0] == 'F' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
else {
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
}
alpnList += 2;
#endif
break;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
case 'M' :
doSTARTTLS = 1;
starttlsProt = myoptarg;
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(starttlsProt, "smtp") != 0) {
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
break;
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
case 'q' :
#ifdef HAVE_WNR
wnrConfigFile = myoptarg;
#endif
break;
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-04-14 16:39:21 -07:00
case 'J' :
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
helloRetry = 1;
#endif
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'I' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-08 12:49:38 -07:00
break;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 'y' :
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
onlyKeyShare = 1;
#endif
break;
case 'Y' :
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
onlyKeyShare = 2;
#endif
break;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
case 'j' :
useVerifyCb = 1;
break;
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
useSupCurve = 1;
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
onlyKeyShare = 2;
Fix for unused `useSupCurve` in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
#endif
#endif
break;
case 'Q' :
#if defined(WOLFSSL_TLS13) && \
defined(WOLFSSL_POST_HANDSHAKE_AUTH)
postHandAuth = 1;
Put X25519 behind P256 Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
2017-05-19 10:58:43 +10:00
#endif
break;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
case '0' :
#ifdef WOLFSSL_EARLY_DATA
earlyData = 1;
#endif
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
case '1' :
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
break;
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
case '3' :
#ifdef WOLFSSL_MULTICAST
doMcast = 1;
mcastID = (byte)(atoi(myoptarg) & 0xFF);
#endif
break;
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
case '4' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
resumeScr = 1;
#endif
Fix for example client arg `-4` not working.
2019-03-13 22:59:50 -07:00
break;
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
case '5' :
#ifdef HAVE_TRUSTED_CA
trustedCaKeyId = 1;
#endif /* HAVE_TRUSTED_CA */
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
break;
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
case '6' :
Simulate WANT_WRITE only with async I/O support
2022-05-27 23:23:18 +02:00
#ifdef WOLFSSL_ASYNC_IO
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
nonBlocking = 1;
simulateWantWrite = 1;
Simulate WANT_WRITE only with async I/O support
2022-05-27 23:23:18 +02:00
#else
fprintf(stderr, "Ignoring -6 since async I/O support not "
"compiled in.\n");
#endif
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
break;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
Check for TLS downgrade
2021-04-22 14:52:57 -07:00
case '7' :
minVersion = atoi(myoptarg);
if (minVersion < 0 || minVersion > 4) {
Usage();
XEXIT_T(MY_EX_USAGE);
}
break;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
case '8' :
#ifdef HAVE_CURVE448
useX448 = 1;
#ifdef HAVE_ECC
useSupCurve = 1;
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
onlyKeyShare = 2;
#endif
#endif
#endif
break;
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
#endif
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
break;
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
case '@' :
{
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifdef HAVE_WC_INTROSPECTION
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-27 18:38:29 -05:00
const char *conf_args = wolfSSL_configure_args();
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
if (conf_args) {
puts(conf_args);
XEXIT_T(EXIT_SUCCESS);
} else {
fputs("configure args not compiled in.\n",stderr);
XEXIT_T(MY_EX_USAGE);
}
#else
fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
XEXIT_T(MY_EX_USAGE);
#endif
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
}
case '#' :
{
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
#ifdef HAVE_WC_INTROSPECTION
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-27 18:38:29 -05:00
const char *cflags = wolfSSL_global_cflags();
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-23 15:27:10 -05:00
if (cflags) {
puts(cflags);
XEXIT_T(EXIT_SUCCESS);
} else {
fputs("CFLAGS not compiled in.\n",stderr);
XEXIT_T(MY_EX_USAGE);
}
#else
fputs("compiled without BUILD_INTROSPECTION.\n",stderr);
XEXIT_T(MY_EX_USAGE);
#endif
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-23 00:31:13 -05:00
}
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
case 256:
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
wolfsentry_config_path = myoptarg;
#endif
break;
#endif
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) && \
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
defined(HAVE_PQC)
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
case 259:
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
usePqc = 1;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
onlyKeyShare = 3;
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
pqcAlg = myoptarg;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
break;
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
#endif
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
case 263:
loadSysCaCerts = 1;
break;
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
#endif
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
case 264:
#ifdef HAVE_SUPPORTED_CURVES
#ifdef WOLFSSL_TLS13
onlyPskDheKe = 1;
#endif
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
#endif
break;
case 265:
#ifndef NO_PSK
opensslPsk = 1;
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
Usage();
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
myoptind = 0; /* reset for test cases */
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#endif /* !WOLFSSL_VXWORKS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (externalTest) {
/* detect build cases that wouldn't allow test against wolfssl.com */
int done = 0;
#ifdef NO_RSA
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
done += 1; /* require RSA for external tests */
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (!XSTRCMP(domain, "www.globalsign.com")) {
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
/* www.globalsign.com does not respond to ipv6 ocsp requests */
#if defined(TEST_IPV6) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
/* www.globalsign.com has limited supported cipher suites */
#if defined(NO_AES) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
/* www.globalsign.com only supports static RSA or ECDHE with AES */
/* We cannot expect users to have on static RSA so test for ECC only
* as some users will most likely be on 32-bit systems where ECC
* is not enabled by default */
#if defined(HAVE_OCSP) && !defined(HAVE_ECC)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
#endif
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
}
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#ifndef NO_PSK
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
if (usePsk) {
Fix for TLS v1.3 test PSK callback to support cipher list. Add support for `GetCipherSuiteFromName` to accept a name ending with colon.
2020-05-18 11:53:31 -07:00
done += 1; /* don't perform external tests if PSK is enabled */
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
}
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#ifdef NO_SHA
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1; /* external cert chain most likely has SHA */
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#endif
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
correct logic to allow for static RSA if ECC and no Curves use same coding standards as the rest of the libraries
2016-02-10 13:28:31 -07:00
|| ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
&& !defined(WOLFSSL_STATIC_RSA) )
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
/* google needs ECDHE+Supported Curves or static RSA */
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (!XSTRCASECMP(domain, "www.google.com"))
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
done += 1;
#endif
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
/* wolfssl needs ECDHE or static RSA */
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (!XSTRCASECMP(domain, "www.wolfssl.com"))
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
fix google external test w/o ecdhe
2015-08-14 12:58:00 -07:00
#endif
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
#if !defined(WOLFSSL_SHA384)
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
/* wolfssl need sha384 for cert chain verify */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
}
#endif
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#if !defined(HAVE_AESGCM) && defined(NO_AES) && \
!(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
Fix for example client with `-X` external tests to not disable for PSK build unless `usePsk` is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
/* need at least one of these for external tests */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#endif
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
/* For the external test, if we disable AES, GoDaddy will reject the
* connection. They only currently support AES suites, RC4 and 3DES
* suites. With AES disabled we only offer PolyChacha suites. */
#if defined(NO_AES) && !defined(HAVE_AESGCM)
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (!XSTRCASECMP(domain, "www.wolfssl.com")) {
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
done += 1;
}
#endif
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (done) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "external test can't be run in this mode\n");
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
((func_args*)args)->return_code = 0;
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
}
}
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
if (version == 3) {
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
version = -2;
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
else if (version == EITHER_DOWNGRADE_VERSION) {
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
version = -3;
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
else if (version == 4) {
#ifdef WOLFSSL_DTLS13
version = -4;
#else
err_sys("Bad DTLS version");
#endif /* WOLFSSL_DTLS13 */
}
examples: support DTLS version downgrading
2022-07-04 17:00:15 +02:00
else if (version == 2)
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
version = -1;
}
}
Warn that renegotiation in TLS 1.3 requires session ticket.
2022-12-12 11:30:01 -05:00
#ifndef HAVE_SESSION_TICKET
if ((version >= 4) && resumeSession) {
fprintf(stderr, "Can't do TLS 1.3 resumption; need session tickets!\n");
}
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
err_sys("can't load whitewood net random config file");
#endif
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
#ifdef HAVE_PQC
if (usePqc) {
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
if (version == CLIENT_DOWNGRADE_VERSION ||
version == EITHER_DOWNGRADE_VERSION)
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr,
"WARNING: If a TLS 1.3 connection is not negotiated, you "
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
"will not be using a post-quantum group.\n");
Update examples to allow post quantum KEM within DTLS 1.3
2022-08-30 18:39:57 +12:00
else if (version != 4 && version != -4)
err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3");
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
}
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (version) {
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
#ifndef NO_OLD_TLS
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#ifdef WOLFSSL_ALLOW_SSLV3
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 0:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfSSLv3_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#endif
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_TLSV10
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* !NO_TLS */
#endif /* !NO_OLD_TLS */
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 3:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_2_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
case 4:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_3_client_method_ex;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
break;
#endif
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
case CLIENT_DOWNGRADE_VERSION:
examples: support DTLS version downgrading
2022-07-04 17:00:15 +02:00
if (!doDTLS) {
method = wolfSSLv23_client_method_ex;
}
else {
#ifdef WOLFSSL_DTLS
method = wolfDTLS_client_method_ex;
#else
err_sys("version not supported");
#endif /* WOLFSSL_DTLS */
}
Fix downgrading from TLS v1.3 to TLS v1.2 Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when downgrading. Added support in client and server examples for using downgrade method: wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex(). Add tests, using downgrade version, of client or server downgrading from TLS v1.3 to TLS v1.2.
2018-02-22 11:05:58 +10:00
break;
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case EITHER_DOWNGRADE_VERSION:
method = wolfSSLv23_method_ex;
break;
#endif
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* NO_TLS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#ifndef NO_OLD_TLS
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case -1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_client_method_ex;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
case -2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_2_client_method_ex;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#ifdef WOLFSSL_DTLS13
case -4:
method = wolfDTLSv1_3_client_method_ex;
break;
#endif /* WOLFSSL_DTLS13 */
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case -3:
method = wolfDTLSv1_2_method_ex;
break;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
* printing to stderr in case of debug mode turned on */
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
fprintf(stderr, "static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1)
!= 0) {
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
err_sys("unable to load static memory");
}
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
ctx = wolfSSL_CTX_new_ex(method(heap), heap);
if (ctx == NULL)
err_sys("unable to get ctx");
additional sanity checks on debug callback
2022-10-11 13:14:59 -07:00
#ifdef WOLFSSL_CALLBACKS
wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb);
#endif
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to load static memory");
}
#else
Fix from review
2021-01-20 11:34:02 -06:00
if (method != NULL) {
Check method for NULL
2021-01-18 16:18:49 -06:00
ctx = wolfSSL_CTX_new(method(NULL));
if (ctx == NULL)
err_sys("unable to get ctx");
}
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
#endif
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#ifdef WOLFSSL_SYS_CA_CERTS
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
if (loadSysCaCerts &&
wolfSSL_CTX_load_system_CA_certs(ctx) != WOLFSSL_SUCCESS) {
err_sys("wolfSSL_CTX_load_system_CA_certs failed");
}
Add ability to toggle system CA certs support.
2022-10-07 11:19:34 -07:00
#endif /* WOLFSSL_SYS_CA_CERTS */
Add --sys-ca-certs option to example client. Using this option will call wolfSSL_CTX_load_system_CA_certs on the client ctx.
2022-09-30 10:02:56 -07:00
addressed review comments
2021-06-30 13:52:46 +09:00
if (minVersion != CLIENT_INVALID_VERSION) {
examples: support DTLS version downgrading
2022-07-04 17:00:15 +02:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
switch (minVersion) {
case 4:
#ifdef WOLFSSL_DTLS13
minVersion = WOLFSSL_DTLSV1_3;
break;
#else
err_sys("invalid minimum downgrade version");
#endif /* WOLFSSL_DTLS13 */
case 3:
minVersion = WOLFSSL_DTLSV1_2;
break;
case 2:
minVersion = WOLFSSL_DTLSV1;
break;
}
}
#endif /* WOLFSSL_DTLS */
if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS)
err_sys("can't set minimum downgrade version");
Check for TLS downgrade
2021-04-22 14:52:57 -07:00
}
if (simulateWantWrite) {
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998.
2021-05-06 11:07:05 -07:00
#ifdef USE_WOLFSSL_IO
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998.
2021-05-06 11:07:05 -07:00
#endif
Add an option to the example client to simulate WANT_WRITE errors. - Add this option as "-6." - Turn on non-blocking mode if WANT_WRITE simulation is enabled. - Create a send IO callback that gets registered when this option is turned on. This callback alternates between letting the TX through and returning a WANT_WRITE error.
2020-11-02 08:23:36 -06:00
}
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
#ifdef SINGLE_THREADED
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
err_sys("Single Threaded new rng at CTX failed");
}
#endif
HaProxy 2.4-dev18 support *This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.* This patch contains the following changes: - Enable more options with `--enable-haproxy` - Compatibility layer additions - `STACK_TYPE_X509_OBJ` - `OCSP_id_cmp` - `X509_STORE_get0_objects` - `X509V3_EXT_nconf_nid` - `X509V3_EXT_nconf` - `X509_chain_up_ref` - `X509_NAME_hash` - `sk_X509_NAME_new_null` - `X509_OBJECT_get0_X509` - `X509_OBJECT_get0_X509_CRL` - `ASN1_OCTET_STRING_free` - `X509_LOOKUP_TYPE` - `OSSL_HANDSHAKE_STATE` - New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL - WOLFSSL_CTX - Enable all compiled in protocols - Allow anonymous ciphers - Set message grouping - Set verify to SSL_VERIFY_NONE - In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO` - `ssl->peerVerifyRet` - Return first that occured - Set correct value on date error - Set revoked error on OCSP or CRL error - Save value in session and restore on resumption - Add to session serialization - With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt - Handle sni callback `SSL_TLSEXT_ERR_NOACK` - Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-04-20 16:15:42 +02:00
#ifdef OPENSSL_COMPATIBLE_DEFAULTS
/* Restore wolfSSL verify defaults */
if (ctx) {
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_DEFAULT, NULL);
}
#endif
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
#ifdef WOLFSSL_SRTP
if (dtlsSrtpProfiles != NULL) {
if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-13 16:09:11 -08:00
!= WOLFSSL_SUCCESS) {
err_sys("unable to set DTLS SRTP profile");
}
}
#endif
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path,
WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0) {
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
err_sys("unable to initialize wolfSentry");
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
}
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
if (wolfSSL_CTX_set_ConnectFilter(
ctx,
(NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
wolfsentry) < 0) {
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
err_sys("unable to install wolfSentry_NetworkFilterCallback");
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
}
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#endif
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
if (cipherList && !useDefCipherList) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 1");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_LEANPSK
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#endif
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
if (fewerPackets)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_group_messages(ctx);
Fragmentation for ServerKeyExchange and CeriticateVerify - The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set. - The `-u` option in the examples takes the value of the MTU size. - MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-12 20:02:18 +02:00
#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
defined(WOLFSSL_DTLS)
if (dtlsMTU)
wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Fix Checks 1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.) 2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
2019-01-17 09:52:00 -08:00
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
!= WOLFSSL_SUCCESS) {
err_sys("Error setting minimum DH key size");
}
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
build test covers leanpsk
2012-10-30 12:51:14 -07:00
if (usePsk) {
1.8.8 init
2011-02-05 11:14:47 -08:00
#ifndef NO_PSK
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
const char *defaultCipherList = cipherList;
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
TLS 1.3 PSK: use the hash algorithm to choose cipher suite See RFC 8446: 4.2.11 With TLS 1.3 PSK callback, If the returned cipher suite isn't available, use the hash from the cipher suite and choose from available list. Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH Alternative callback for client added that is passed a cipher suite string. Called for each cipher suite that is to be negotiated. If cipher suite to be used with PSK then return client identity. Returning an identity based on cipher suite hash will result in only one PSK extension being added per hash.
2021-03-01 16:39:17 +10:00
#ifdef WOLFSSL_TLS13
#if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID)
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
if (!opensslPsk) {
wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb);
}
else
Separate PSK callback for TLS 1.3 It is highly recommended that the PSK be different for each protocol. Example callback already returns a different key for TLS 1.3. New callback includes the ciphersuite, as a string, to use with the key.
2018-08-14 08:55:57 +10:00
#endif
Memory usage improvements ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is defined. WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-04-24 17:03:34 +10:00
{
wolfSSL_CTX_set_psk_client_tls13_callback(ctx,
my_psk_client_tls13_cb);
}
TLS 1.3 PSK: use the hash algorithm to choose cipher suite See RFC 8446: 4.2.11 With TLS 1.3 PSK callback, If the returned cipher suite isn't available, use the hash from the cipher suite and choose from available list. Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH Alternative callback for client added that is passed a cipher suite string. Called for each cipher suite that is to be negotiated. If cipher suite to be used with PSK then return client identity. Returning an identity based on cipher suite hash will result in only one PSK extension being added per hash.
2021-03-01 16:39:17 +10:00
#endif
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
if (defaultCipherList == NULL) {
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#else
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#elif defined(HAVE_NULL_CIPHER)
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
defaultCipherList = "PSK-NULL-SHA256";
PSK only TLS: fix ENCRYPT_LEN Allow no PK algorithms and TLS to build and test. Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00
#elif !defined(NO_AES_CBC)
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
defaultCipherList = "PSK-AES128-CBC-SHA256";
PSK only TLS: fix ENCRYPT_LEN Allow no PK algorithms and TLS to build and test. Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00
#else
defaultCipherList = "PSK-AES128-GCM-SHA256";
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#endif
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!=WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 2");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client.
2020-05-15 15:08:17 -07:00
wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
if (useAnon) {
#ifdef HAVE_ANON
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-05 14:35:33 -07:00
if (cipherList == NULL || (cipherList && useDefCipherList)) {
Added support for an anonymous cipher suite (#1267) * Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
const char* defaultCipherList;
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_allow_anon_cipher(ctx);
Added support for an anonymous cipher suite (#1267) * Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
2018-04-20 10:35:37 -07:00
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
err_sys("client can't set cipher list 4");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
}
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 11:44:32 -08:00
}
1. Needed to tell the client to use sctp. 2. Creating the example sockets needed the IPPROTO type.
2016-08-26 10:47:01 -07:00
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-30 15:48:15 -07:00
#ifdef WOLFSSL_ENCRYPTED_KEYS
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
#ifdef WOLFSSL_SNIFFER
Fix for TLS v1.3 with `--enable-sniffer`.
2020-06-04 16:42:40 -07:00
if (cipherList == NULL && version < 4) {
TLS v1.3 sniffer support: * Added TLS v1.3 sniffer support using static ephemeral key. * Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`. * Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`. * Expanded TLS extension support in sniffer. * Refactor of the handshake hashing code. * Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd). * Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`. * Added sniffer documentation `sslSniffer/README.md`.
2020-07-09 13:52:49 -07:00
/* static RSA or ECC cipher suites */
const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 3");
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
}
make sure example clients don't use EDH when sniffer active
2011-04-29 10:41:21 -07:00
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
if (useOcsp) {
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998.
2021-05-06 11:07:05 -07:00
#if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
if (ocspUrl != NULL) {
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
}
Fix to handle non-blocking OCSP when `WOLFSSL_NONBLOCK_OCSP` is defined and not using async. OCSP callback should return `OCSP_WANT_READ`. Added ability to simulate non-blocking OCSP using `TEST_NONBLOCK_CERTS`.
2017-12-08 03:12:33 +01:00
else {
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
Fix to handle non-blocking OCSP when `WOLFSSL_NONBLOCK_OCSP` is defined and not using async. OCSP callback should return `OCSP_WANT_READ`. Added ability to simulate non-blocking OCSP using `TEST_NONBLOCK_CERTS`.
2017-12-08 03:12:33 +01:00
}
#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
#endif
OCSP Updates 1. Add option to example server and client to check the OCSP responder. 2. Add option to example server and client to override the URL to use when checking the OCSP responder. 3. Copy the certificate serial number correctly into OCSP request. Add leading zero only if MS bit is set. 4. Fix responder address used when Auth Info extension is present. 5. Update EmbedOcspLookup callback to better handle the HTTP response and obtain the complete OCSP response.
2013-06-20 11:07:54 -07:00
}
#endif
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#ifdef USER_CA_CB
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetCACb(ctx, CaCb);
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#endif
Use `NO_SESSION_CACHE` as well in preproc checks
2020-06-30 21:21:43 +02:00
#if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE)
Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
#endif
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (useClientCert && !loadCertKeyIntoSSLObj){
Check-in non-FIPS specific porting changes for OE22 Fix no new line Change comment style in testsuite.c Add include for proper socket header in wolfio.h Add dc_log_printf support to benchmark application Pull in changes for examples Refector NETOS check in test.c Fix format and remove settings used only for validation testing Implement peer review feedback Address last items noted in peer review Add new README to include.am Adjust comment style on TODO Gate changes in client and server properly Add static on customer feedback Fix settings include Update latest peer feedback
2021-08-23 16:29:30 -06:00
#if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
client_cert_der_2048, sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
Typo in client example
2021-03-08 17:31:12 -06:00
err_sys("can't load client cert buffer");
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#elif !defined(TEST_LOAD_BUFFER)
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
added build option for leanPSK
2012-10-29 15:39:42 -07:00
err_sys("can't load client cert file, check file and run from"
name change for client.c
2015-01-05 14:48:43 -07:00
" wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#endif
Add support for more OpenSSL APIs Add support for PEM_read and PEM_write Add OpenSSL PKCS#7 signed data support Add OpenSSL PKCS#8 Private key APIs Add X509_REQ OpenSSL APIs
2018-10-19 14:52:18 +10:00
if (useClientCert && !loadCertKeyIntoSSLObj
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
Typo in client example
2021-03-08 17:31:12 -06:00
err_sys("can't load client private key buffer");
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#elif !defined(TEST_LOAD_BUFFER)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
err_sys("can't load client private key file, check file and run "
name change for client.c
2015-01-05 14:48:43 -07:00
"from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, ourKey, WOLFSSL_KEY);
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
WOLFSSL_X509_LOOKUP *lookup;
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-05 18:16:08 -05:00
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
store = wolfSSL_CTX_get_cert_store(ctx);
if (store == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't get WOLFSSL_X509_STORE");
}
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't add lookup");
}
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
}
} else {
#endif
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load ca buffer, Please run from wolfSSL home dir");
}
#elif !defined(TEST_LOAD_BUFFER)
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list. Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`. ``` ./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem & ./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem ```
2019-09-13 09:23:07 -07:00
unsigned int verify_flags = 0;
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
do not load example CA if not verifying peer
2021-11-30 10:44:05 -07:00
if (doPeerCheck != 0 &&
wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, verifyCert, WOLFSSL_CA);
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* !NO_FILESYSTEM */
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_ECC
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
/* load ecc verify too, echoserver uses it by default w/ ecc */
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
do not load example CA if not verifying peer
2021-11-30 10:44:05 -07:00
if (doPeerCheck != 0 &&
wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load ecc ca buffer");
}
#elif !defined(TEST_LOAD_BUFFER)
Don't force a ECC CA when a custom CA is passed with `-A` The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to `OPENSSL_COMPATIBLE_DEFAULTS`.
2022-03-08 14:52:40 +01:00
if (doPeerCheck != 0 && !customVerifyCert &&
do not load example CA if not verifying peer
2021-11-30 10:44:05 -07:00
wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#else
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif /* !TEST_LOAD_BUFFER */
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
if (trustCert) {
Fix for "set but not used".
2022-02-24 13:38:23 -08:00
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
err_sys("can't load trusted peer cert file");
}
addition to api tests and refactor location of trusted peer cert check
2016-02-29 11:02:18 -07:00
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
addressed review comments part 1
2021-03-11 15:43:54 +09:00
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-02-15 15:47:03 +09:00
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif
added build option for leanPSK
2012-10-29 15:39:42 -07:00
}
Add support for id-pkix-ocsp-nocheck
2020-10-06 17:16:01 -07:00
if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
myVerifyAction == VERIFY_USE_PREVERFIY) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
}
else if (!usePsk && !useAnon && doPeerCheck == 0) {
Eliminate `EIGHTK_BUF` use in asn. Cleanup uses of `0` in set_verify for callback.
2021-11-05 09:56:40 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
}
else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) {
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#endif /* !NO_CERTS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
if (ret < 0) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Async device open failed\nRunning without async\n");
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
wolfSSL_CTX_SetDevId(ctx, devId);
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#endif /* WOLFSSL_ASYNC_CRYPT */
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
if (sniHostName) {
Fix for SNI callback * Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback. * Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
2021-03-22 10:45:31 -07:00
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
merge in sni
2013-05-21 14:37:50 -07:00
err_sys("UseSNI failed");
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
}
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
merge in sni
2013-05-21 14:37:50 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseMaxFragment failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseTruncatedHMAC failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
#ifdef HAVE_SESSION_TICKET
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
err_sys("UseSessionTicket failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Adds Session Ticket TLS Extension handling. New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:24:42 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
if (disableExtMasterSecret)
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
err_sys("DisableExtendedMasterSecret failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#if defined(HAVE_SUPPORTED_CURVES)
#if defined(HAVE_CURVE25519)
Fixes from review
2017-05-22 09:09:31 +10:00
if (useX25519) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
Fixes from review
2017-05-22 09:09:31 +10:00
err_sys("unable to support X25519");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
}
#endif /* HAVE_CURVE25519 */
Add Curve448, X448, Ed448 implementations
2020-02-19 18:07:45 +10:00
#if defined(HAVE_CURVE448)
if (useX448) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support X448");
}
}
#endif /* HAVE_CURVE448 */
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#ifdef HAVE_ECC
if (useSupCurve) {
#if !defined(NO_ECC_SECP) && \
(defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp384r1");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif
#if !defined(NO_ECC_SECP) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp256r1");
}
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif /* HAVE_ECC */
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support. Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS 1.3 already. On by default - no checking of prime required. Add option to require client to see FFDHE parameters from server as per 'may' requirements in RFC 7919. Change TLS 1.3 ClientHello and ServerHello parsing to find the SupportedVersions extension first and process it. Then it can handle other extensions knowing which protocol we are using.
2019-02-18 10:57:12 +10:00
#ifdef HAVE_FFDHE_2048
if (useSupCurve) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support FFDHE 2048");
}
}
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. `./examples -H useSupCurve`.
2018-09-21 09:27:48 -07:00
#endif /* HAVE_SUPPORTED_CURVES */
merge in sni
2013-05-21 14:37:50 -07:00
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
TLS 1.3 PSK: add option to require only PSK with DHE Can specify only PSK without DHE. Add only PSK with DHE.
2023-01-24 12:00:37 +10:00
#ifdef HAVE_SUPPORTED_CURVES
if (onlyPskDheKe)
wolfSSL_CTX_only_dhe_psk(ctx);
#endif
Changes for interop and performance Changes made to test.h to allow interop of PSK with OpenSSL. Changes to allow server to pre-generate key share and perform other operations at later time. Fix ChaCha20 code header to have bigger state to support assembly code for AVX1. Fix Curve25519 code to use define instead. Change Curve25519 to memset all object data on init. Change Poly1305 to put both sizes into one buffer to avoid a second call to wc_Poly1305Update(). Added WOLFSSL_START and WOLFSSL_END API and calls to show time of protocol message function enter and leave to analyse performance differences. Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-09 13:53:05 +10:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_CTX_allow_post_handshake_auth(ctx);
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
((func_args*)args)->return_code =
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
Improvements to TLS v1.3 code Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
benchmark, resumeSession, useX25519,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
useX448, usePqc, pqcAlg, helloRetry,
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
onlyKeyShare, version, earlyData);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Various cleanups and fixes: * Fix for key gen macro name in benchmark.c * Fix for possible RSA fall-through warning. * Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`. * Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`. * Added options.h includes for test.c and benchmark.c. * Added printf warning on the math size mismatch in test.c. * Added support for benchmarking larger sizes. * TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
if (throughput) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
((func_args*)args)->return_code =
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
block, throughput, useX25519, useX448,
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
usePqc, pqcAlg, exitWithRet, version,
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-04-28 10:28:35 -07:00
onlyKeyShare);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent - Add testing for sending as much app data as possible in a single DTLS record
2021-10-28 14:46:15 +02:00
if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
XEXIT_T(EXIT_SUCCESS);
else
goto exit;
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(WOLFSSL_MDK_ARM)
Eliminate `EIGHTK_BUF` use in asn. Cleanup uses of `0` in set_verify for callback.
2021-11-05 09:56:40 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#if defined(OPENSSL_EXTRA)
if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
err_sys("bad read ahead default value");
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
adjust read ahead, some sanity checks and rebase
2016-12-09 13:16:17 -07:00
err_sys("error setting read ahead value");
}
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
#endif
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("Couldn't set multicast cipher list.");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
}
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. * Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`). * Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key. * Added new test.h function for loading PEM key file and converting to DER (`load_key_file`). * Added way to get private key signature size (`GetPrivateKeySigSize`). * Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. * Added inline comments to help track down handshake message types. * Cleanup of RSS PSS terminating byte (0xbc) to use enum value. * Fixed bug with PK callback for `myEccVerify` public key format. * Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
ssl = wolfSSL_new(ctx);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (ssl == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
err_sys("unable to get SSL object");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
added psk session callback
2021-04-15 15:24:13 +09:00
#ifndef NO_PSK
if (usePsk) {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
#endif
}
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef NO_CERTS
if (useClientCert && loadCertKeyIntoSSLObj){
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048,
sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client cert buffer");
}
#elif !defined(TEST_LOAD_BUFFER)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
#endif
}
if (loadCertKeyIntoSSLObj
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
#ifdef NO_FILESYSTEM
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
err_sys("can't load client private key buffer");
#elif !defined(TEST_LOAD_BUFFER)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
}
#endif /* !NO_CERTS */
Changes for ED25519 and `HAVE_SECRET_CALLBACK` - `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available - Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK` - Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user - Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:52:35 +02:00
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
wolfSSL_KeepArrays(ssl);
#endif
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`.
2021-08-16 13:09:17 -07:00
#ifdef HAVE_PK_CALLBACKS
/* This must be before SetKeyShare */
if (pkCallbacks) {
SetupPkCallbackContexts(ssl, &pkCbInfo);
}
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
err_sys("error printing out memory stats");
#endif
TLS 1.3: PSK only Support building with only TLS 1.3 and PSK without code for (EC)DHE and certificates. Minimise build size for this configuration.
2020-10-28 11:47:31 +10:00
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
if (!helloRetry && (version >= 4 || version <= -4)) {
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC AKA: The Great Rename of December 2021
2021-12-20 11:26:25 -05:00
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
pqcAlg, 0);
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
}
else {
wolfSSL_NoKeyShares(ssl);
}
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
/* DTLS multicast secret for testing only */
#define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */
#define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */
byte pms[PMS_SZ]; /* pre master secret */
byte cr[CLI_SRV_RANDOM_SZ]; /* client random */
byte sr[CLI_SRV_RANDOM_SZ]; /* server random */
const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
XMEMSET(pms, 0x23, sizeof(pms));
XMEMSET(cr, 0xA5, sizeof(cr));
XMEMSET(sr, 0x5A, sizeof(sr));
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
err_sys("unable to set mcast secret");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 11:43:15 -08:00
#endif
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 09:05:59 -07:00
#ifdef HAVE_TRUSTED_CA
if (trustedCaKeyId) {
if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
NULL, 0) != WOLFSSL_SUCCESS) {
err_sys("UseTrustedCA failed");
}
}
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
}
#endif
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
if (statusRequest) {
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
if (version == 4 &&
(statusRequest == OCSP_STAPLINGV2 || \
statusRequest == OCSP_STAPLINGV2_MULTI)) {
err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
}
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:30:22 -03:00
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
err_sys("can't enable OCSP Stapling Certificate Manager");
TLS OCSP Stapling: MUST staple option Can enable OCSP Must Staple option to mean that if the client sends a request for an OCSP Staple then it must receive a response.
2020-10-15 17:27:58 +10:00
if (mustStaple) {
if (wolfSSL_CTX_EnableOCSPMustStaple(ctx) != WOLFSSL_SUCCESS)
err_sys("can't enable OCSP Must Staple");
}
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:30:22 -03:00
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
switch (statusRequest) {
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
case OCSP_STAPLING:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
case OCSP_STAPLINGV2:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
case OCSP_STAPLINGV2_MULTI:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP_MULTI, 0)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP 1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00
#endif
default:
err_sys("Invalid OCSP Stapling option");
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
fixes ocsp nonce extension decoding; enables use of ocsp nonce extension in the client example.
2015-11-05 11:36:11 -03:00
wolfSSL_CTX_EnableOCSP(ctx, 0);
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
}
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(ssl, 0);
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#ifdef HAVE_ENCRYPT_THEN_MAC
if (disallowETM)
wolfSSL_AllowEncryptThenMac(ssl, 0);
#endif
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
DTLS fixes with WANT_WRITE simulations - WANT_WRITE could be returned in unexpected places. This patch takes care of that. - Change state after SendBuffered only if in a sending state to begin with. - Adapt client and server to simulate WANT_WRITE with DTLS
2022-04-26 15:51:50 +02:00
if (simulateWantWrite) {
Reset ret in client and server after wolfSSL_dtls_got_timeout() - Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets - Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
2022-05-12 16:48:04 +02:00
if (dtlsUDP) {
wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
udp_connect(&sockfd, host, port);
}
DTLS fixes with WANT_WRITE simulations - WANT_WRITE could be returned in unexpected places. This patch takes care of that. - Change state after SendBuffered only if in a sending state to begin with. - Adapt client and server to simulate WANT_WRITE with DTLS
2022-04-26 15:51:50 +02:00
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
/* STARTTLS */
if (doSTARTTLS) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error during STARTTLS protocol");
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
}
* Fixed some build configuration variations. * Fixed `PEM_BUFSIZE` macro redefined when building with coexist. * Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options. * Improved API unit test error case checking where `TEST_RES_CHECK` is not used. * Changed `TEST_SKIPPED` to unique value. * Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:48:00 -08:00
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-16 16:02:36 -07:00
if (disableCRL == 0 && !useVerifyCb) {
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998.
2021-05-06 11:07:05 -07:00
#if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't enable crl check");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't load crl, check crlfile and date validity");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't set crl callback");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add external site script test to make check
2015-05-07 10:02:43 -07:00
}
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
#endif
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
if (atomicUser)
SetupAtomicUser(ctx, ssl);
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`.
2021-08-16 13:09:17 -07:00
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID) {
ret = wolfSSL_dtls_cid_use(ssl);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't enable DTLS ConnectionID");
Fix for type warnings in example for DTLS CID `./configure --enable-dtls --enable-dtlscid --enable-dtls13`.
2022-08-24 16:02:05 -07:00
ret = wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID,
(word32)XSTRLEN(dtlsCID));
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't set DTLS ConnectionID");
}
#endif /* WOLFSSL_DTLS_CID */
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
if (matchName && doPeerCheck)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
else {
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
#ifdef WOLFSSL_EARLY_DATA
Only do early data in initial handshake when using PSK
2018-10-24 09:47:30 +10:00
if (usePsk && earlyData)
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
do {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = 0; /* reset error */
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
ret = wolfSSL_connect(ssl);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
err = wolfSSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
} while (err == WC_PENDING_E);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#else
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
timeoutConnect.tv_usec = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
err = wolfSSL_get_error(ssl, 0);
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "wolfSSL_connect error %d, %s\n", err,
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
wolfSSL_ERR_error_string(err, buffer));
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
/* cleanup */
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
CloseSocket(sockfd);
Minor fix for the expected failure case use of `ssl` after free. Renamed `skipExit` to `exitWithRet`.
2018-05-03 10:02:59 -07:00
if (!exitWithRet)
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
err_sys("wolfSSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
/* see note at top of README */
/* if you're getting an error here */
* Added support for expected fail test cases with example client/server and suites unit test. * Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
((func_args*)args)->return_code = err;
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
goto exit;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(ssl, lng_index);
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
showPeerPEM(ssl);
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:46:02 -06:00
/* if the caller requested a particular cipher, check here that either
* a canonical name of the established cipher matches the requested
* cipher name, or the requested cipher name is marked as an alias
* that matches the established cipher.
*/
TLS 1.3 PSK: use the hash algorithm to choose cipher suite See RFC 8446: 4.2.11 With TLS 1.3 PSK callback, If the returned cipher suite isn't available, use the hash from the cipher suite and choose from available list. Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH Alternative callback for client added that is passed a cipher suite string. Called for each cipher suite that is to be negotiated. If cipher suite to be used with PSK then return client identity. Returning an identity based on cipher suite hash will result in only one PSK extension being added per hash.
2021-03-01 16:39:17 +10:00
if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) {
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:46:02 -06:00
WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
byte requested_cipherSuite0, requested_cipherSuite;
int requested_cipherFlags;
if (established_cipher &&
/* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
(wolfSSL_get_cipher_suite_from_name(cipherList,
&requested_cipherSuite0,
&requested_cipherSuite,
&requested_cipherFlags) == 0)) {
word32 established_cipher_id =
wolfSSL_CIPHER_get_id(established_cipher);
byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
byte established_cipherSuite = established_cipher_id & 0xff;
const char *established_cipher_name =
wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
established_cipherSuite);
const char *established_cipher_name_iana =
wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
established_cipherSuite);
if (established_cipher_name == NULL)
err_sys("error looking up name of established cipher");
if (strcmp(cipherList, established_cipher_name) &&
((established_cipher_name_iana == NULL) ||
strcmp(cipherList, established_cipher_name_iana))) {
if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
err_sys("Unexpected mismatch between names of requested and established ciphers.");
else if ((requested_cipherSuite0 != established_cipherSuite0) ||
(requested_cipherSuite != established_cipherSuite))
err_sys("Mismatch between IDs of requested and established ciphers.");
}
}
}
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
#ifdef HAVE_STRFTIME
add wolfSSL_get_ocsp_producedDate().
2020-10-06 16:16:03 -05:00
{
struct tm tm;
char date[32];
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-06 23:51:06 -05:00
ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm);
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z", &tm) > 0))
printf("OCSP response timestamp: %s\n", date);
add wolfSSL_get_ocsp_producedDate().
2020-10-06 16:16:03 -05:00
}
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
#else
{
byte date[MAX_DATE_SIZE];
int asn_date_format;
ret = wolfSSL_get_ocsp_producedDate(ssl, date, sizeof date, &asn_date_format);
if (ret == 0)
printf("OCSP response timestamp: %s (ASN.1 type %d)\n", (char *)date, asn_date_format);
}
#endif
add wolfSSL_get_ocsp_producedDate().
2020-10-06 16:16:03 -05:00
#endif
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
add test cases
2019-04-18 10:41:51 -06:00
printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
{
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
byte* rnd;
byte* pt;
size_t size;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
/* get size of buffer then print */
size = wolfSSL_get_client_random(NULL, NULL, 0);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer size");
}
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rnd == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error creating client random buffer");
}
size = wolfSSL_get_client_random(ssl, rnd, size);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer");
}
printf("Client Random : ");
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466) * Added Apache httpd support `--enable-apachehttpd`. * Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's. * Fix to expose `ASN1_UTCTIME_print` stub. * Pulled in `wolfSSL_X509_get_ext_count` from QT. * Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`. * Added `wolfSSL_ERR_print_errors`. * Added `BIO_set_nbio` template. * Fixes for building with Apache httpd. * Added DH prime functions required for Apache httpd. * Fix and move the BN DH prime macros. * Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code. * Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0. * Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes. * Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro. * Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`. * Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg * add BIO_set_nbio, ERR_print_errors and tests * add X509 INFO stack push function * Add ASN1_UTCTIME_print and unit test * Add X509_get_ext_count unit test * initial commit of wolfSSL_PEM_X509_INFO_read_bio * Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions. * Cleanup sk X509 NAME/INFO pop free template. * Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free. * Added `TLS_client_method` support. * Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`. * Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change. * add test cases for PEM_X509_INFO_read_bio * Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`. * Apache httpd compatibility functions. BIO setter/getters. * implement ASN1_TIME_check and add test case * add SSL_get_client_CA_list * add initial implementation of wolfSSL_DH_set0_pqg * Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create * add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup * Add sk_SSL_COMP_num and SSL_COMP struct * implement and test of SSL_SESSION_print * add SSL_CTX_set_client_cert_cb * expand BIO_printf and add test case * Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`. * add implementation for wolfSSL_get_server_tmp_key * add wolfSSL_BIO_puts and test case * Add X509_EXTENSION_get_object and X509_EXTENSION_get_data * add helper for bio flag set and null x509 stack * add test adn implementation for wolfSSL_i2d_PrivateKey * Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs. * add wolfSSL_PEM_read_bio_ECPKParameters * add BIO_vfree * add X509_up_ref * add X509_STORE_CTX_set_ex_data * add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string * add wolfSSL_EVP_PKEY_ref_up function * X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs * add X509_set_issuer_name * add wolfSSL_sk_SSL_CIPHER_* functions and tests * add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION * fix casting to avoid clang warning * adjust test_wolfSSL_X509_STORE_CTX test case * Added `OpenSSL_version` * renegotiate functions and additional stack functions * add aditional stub functions * Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`. * add ocsp stub functions * Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`. * x509 extension stack additions * Fixed template for `OCSP_id_get0_info`. * add X509 stub functions * add X509_STORE_CTX_get0_store() and unit test * Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`. * x509v3 stubs and req add extensions * Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions * wolfSSL_set_alpn_protos implementation * Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`. * Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing. * add X509_STORE_CTX_get0_current_issuer and unit test * add OBJ_cmp and unit test * add RSA_get0_key and unit test * add OCSP_check_nonce * Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx. * Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each. * Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests * add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h * inital implementation of wolfSSL_X509_sign * add debugging messages and set data for BIO's * Add i2d_OCSP_REQUEST_bio. * implementation of some WOLFSSL_BIO_METHOD custom functions * fix for ASN time structure and remove log node * initial eNULL support and sanity checks * fixes after rebasing code * adjust test cases and ASN1_TIME print * Various fixes for memory leaks * Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function * Add initial X509_STORE_load_locations stub for Apache * Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions * Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates * Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation * Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation * Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0 * Add OBJ_nid2ln implementation * Fix compile errors in tests/api.c for some build options * Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile * Add X509_STORE_load_locations unit test and minor error handling fixes * Add unit test for X509_sign * Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages * Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg * Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Stack fixes after rebase * Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak * Move enc-then-mac enable option in configure.ac for apache httpd compatibility * Simplify wolfSSL_SSL_in_connect_init logic * Remove unneeded wolfSSL_CertManagerLoadCRL_ex * Fixes for jenkins test failures * SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
}
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
#endif
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466) * Added Apache httpd support `--enable-apachehttpd`. * Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's. * Fix to expose `ASN1_UTCTIME_print` stub. * Pulled in `wolfSSL_X509_get_ext_count` from QT. * Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`. * Added `wolfSSL_ERR_print_errors`. * Added `BIO_set_nbio` template. * Fixes for building with Apache httpd. * Added DH prime functions required for Apache httpd. * Fix and move the BN DH prime macros. * Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code. * Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0. * Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes. * Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro. * Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`. * Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg * add BIO_set_nbio, ERR_print_errors and tests * add X509 INFO stack push function * Add ASN1_UTCTIME_print and unit test * Add X509_get_ext_count unit test * initial commit of wolfSSL_PEM_X509_INFO_read_bio * Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions. * Cleanup sk X509 NAME/INFO pop free template. * Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free. * Added `TLS_client_method` support. * Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`. * Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change. * add test cases for PEM_X509_INFO_read_bio * Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`. * Apache httpd compatibility functions. BIO setter/getters. * implement ASN1_TIME_check and add test case * add SSL_get_client_CA_list * add initial implementation of wolfSSL_DH_set0_pqg * Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create * add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup * Add sk_SSL_COMP_num and SSL_COMP struct * implement and test of SSL_SESSION_print * add SSL_CTX_set_client_cert_cb * expand BIO_printf and add test case * Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`. * add implementation for wolfSSL_get_server_tmp_key * add wolfSSL_BIO_puts and test case * Add X509_EXTENSION_get_object and X509_EXTENSION_get_data * add helper for bio flag set and null x509 stack * add test adn implementation for wolfSSL_i2d_PrivateKey * Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs. * add wolfSSL_PEM_read_bio_ECPKParameters * add BIO_vfree * add X509_up_ref * add X509_STORE_CTX_set_ex_data * add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string * add wolfSSL_EVP_PKEY_ref_up function * X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs * add X509_set_issuer_name * add wolfSSL_sk_SSL_CIPHER_* functions and tests * add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION * fix casting to avoid clang warning * adjust test_wolfSSL_X509_STORE_CTX test case * Added `OpenSSL_version` * renegotiate functions and additional stack functions * add aditional stub functions * Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`. * add ocsp stub functions * Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`. * x509 extension stack additions * Fixed template for `OCSP_id_get0_info`. * add X509 stub functions * add X509_STORE_CTX_get0_store() and unit test * Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`. * x509v3 stubs and req add extensions * Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions * wolfSSL_set_alpn_protos implementation * Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`. * Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing. * add X509_STORE_CTX_get0_current_issuer and unit test * add OBJ_cmp and unit test * add RSA_get0_key and unit test * add OCSP_check_nonce * Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx. * Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each. * Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests * add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h * inital implementation of wolfSSL_X509_sign * add debugging messages and set data for BIO's * Add i2d_OCSP_REQUEST_bio. * implementation of some WOLFSSL_BIO_METHOD custom functions * fix for ASN time structure and remove log node * initial eNULL support and sanity checks * fixes after rebasing code * adjust test cases and ASN1_TIME print * Various fixes for memory leaks * Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function * Add initial X509_STORE_load_locations stub for Apache * Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions * Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates * Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation * Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation * Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0 * Add OBJ_nid2ln implementation * Fix compile errors in tests/api.c for some build options * Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile * Add X509_STORE_load_locations unit test and minor error handling fixes * Add unit test for X509_sign * Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages * Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg * Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Stack fixes after rebase * Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak * Move enc-then-mac enable option in configure.ac for apache httpd compatibility * Simplify wolfSSL_SSL_in_connect_init logic * Remove unneeded wolfSSL_CertManagerLoadCRL_ex * Fixes for jenkins test failures * SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
Fix for `wolfSSL_SESSION_print`
2021-03-26 13:41:11 -07:00
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
Fix for availability of `wolfSSL_SESSION_print`.
2021-03-26 15:39:55 -07:00
#if !defined(NO_SESSION_CACHE) && \
(defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
!defined(NO_FILESYSTEM)
preprocessor -DNO_BIO to omit OpenSSL BIO API
2020-11-03 15:26:50 -08:00
#ifndef NO_BIO
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466) * Added Apache httpd support `--enable-apachehttpd`. * Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's. * Fix to expose `ASN1_UTCTIME_print` stub. * Pulled in `wolfSSL_X509_get_ext_count` from QT. * Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`. * Added `wolfSSL_ERR_print_errors`. * Added `BIO_set_nbio` template. * Fixes for building with Apache httpd. * Added DH prime functions required for Apache httpd. * Fix and move the BN DH prime macros. * Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code. * Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0. * Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes. * Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro. * Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`. * Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg * add BIO_set_nbio, ERR_print_errors and tests * add X509 INFO stack push function * Add ASN1_UTCTIME_print and unit test * Add X509_get_ext_count unit test * initial commit of wolfSSL_PEM_X509_INFO_read_bio * Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions. * Cleanup sk X509 NAME/INFO pop free template. * Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free. * Added `TLS_client_method` support. * Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`. * Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change. * add test cases for PEM_X509_INFO_read_bio * Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`. * Apache httpd compatibility functions. BIO setter/getters. * implement ASN1_TIME_check and add test case * add SSL_get_client_CA_list * add initial implementation of wolfSSL_DH_set0_pqg * Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create * add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup * Add sk_SSL_COMP_num and SSL_COMP struct * implement and test of SSL_SESSION_print * add SSL_CTX_set_client_cert_cb * expand BIO_printf and add test case * Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`. * add implementation for wolfSSL_get_server_tmp_key * add wolfSSL_BIO_puts and test case * Add X509_EXTENSION_get_object and X509_EXTENSION_get_data * add helper for bio flag set and null x509 stack * add test adn implementation for wolfSSL_i2d_PrivateKey * Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs. * add wolfSSL_PEM_read_bio_ECPKParameters * add BIO_vfree * add X509_up_ref * add X509_STORE_CTX_set_ex_data * add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string * add wolfSSL_EVP_PKEY_ref_up function * X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs * add X509_set_issuer_name * add wolfSSL_sk_SSL_CIPHER_* functions and tests * add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION * fix casting to avoid clang warning * adjust test_wolfSSL_X509_STORE_CTX test case * Added `OpenSSL_version` * renegotiate functions and additional stack functions * add aditional stub functions * Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`. * add ocsp stub functions * Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`. * x509 extension stack additions * Fixed template for `OCSP_id_get0_info`. * add X509 stub functions * add X509_STORE_CTX_get0_store() and unit test * Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`. * x509v3 stubs and req add extensions * Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions * wolfSSL_set_alpn_protos implementation * Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`. * Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing. * add X509_STORE_CTX_get0_current_issuer and unit test * add OBJ_cmp and unit test * add RSA_get0_key and unit test * add OCSP_check_nonce * Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx. * Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each. * Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests * add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h * inital implementation of wolfSSL_X509_sign * add debugging messages and set data for BIO's * Add i2d_OCSP_REQUEST_bio. * implementation of some WOLFSSL_BIO_METHOD custom functions * fix for ASN time structure and remove log node * initial eNULL support and sanity checks * fixes after rebasing code * adjust test cases and ASN1_TIME print * Various fixes for memory leaks * Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function * Add initial X509_STORE_load_locations stub for Apache * Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions * Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates * Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation * Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation * Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0 * Add OBJ_nid2ln implementation * Fix compile errors in tests/api.c for some build options * Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile * Add X509_STORE_load_locations unit test and minor error handling fixes * Add unit test for X509_sign * Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages * Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg * Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Stack fixes after rebase * Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak * Move enc-then-mac enable option in configure.ac for apache httpd compatibility * Simplify wolfSSL_SSL_in_connect_init logic * Remove unneeded wolfSSL_CertManagerLoadCRL_ex * Fixes for jenkins test failures * SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
/* print out session to stdout */
{
WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE);
if (bio != NULL) {
if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) !=
WOLFSSL_SUCCESS) {
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`. * Cleanup of the example client/server use key share code. * Fix some scan-build warnings. ZD 12065
2021-06-08 12:15:42 -07:00
wolfSSL_BIO_printf(bio, "BIO error printing session\n");
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466) * Added Apache httpd support `--enable-apachehttpd`. * Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's. * Fix to expose `ASN1_UTCTIME_print` stub. * Pulled in `wolfSSL_X509_get_ext_count` from QT. * Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`. * Added `wolfSSL_ERR_print_errors`. * Added `BIO_set_nbio` template. * Fixes for building with Apache httpd. * Added DH prime functions required for Apache httpd. * Fix and move the BN DH prime macros. * Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code. * Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0. * Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes. * Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro. * Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`. * Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg * add BIO_set_nbio, ERR_print_errors and tests * add X509 INFO stack push function * Add ASN1_UTCTIME_print and unit test * Add X509_get_ext_count unit test * initial commit of wolfSSL_PEM_X509_INFO_read_bio * Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions. * Cleanup sk X509 NAME/INFO pop free template. * Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free. * Added `TLS_client_method` support. * Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`. * Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change. * add test cases for PEM_X509_INFO_read_bio * Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`. * Apache httpd compatibility functions. BIO setter/getters. * implement ASN1_TIME_check and add test case * add SSL_get_client_CA_list * add initial implementation of wolfSSL_DH_set0_pqg * Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create * add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup * Add sk_SSL_COMP_num and SSL_COMP struct * implement and test of SSL_SESSION_print * add SSL_CTX_set_client_cert_cb * expand BIO_printf and add test case * Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`. * add implementation for wolfSSL_get_server_tmp_key * add wolfSSL_BIO_puts and test case * Add X509_EXTENSION_get_object and X509_EXTENSION_get_data * add helper for bio flag set and null x509 stack * add test adn implementation for wolfSSL_i2d_PrivateKey * Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs. * add wolfSSL_PEM_read_bio_ECPKParameters * add BIO_vfree * add X509_up_ref * add X509_STORE_CTX_set_ex_data * add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string * add wolfSSL_EVP_PKEY_ref_up function * X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs * add X509_set_issuer_name * add wolfSSL_sk_SSL_CIPHER_* functions and tests * add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION * fix casting to avoid clang warning * adjust test_wolfSSL_X509_STORE_CTX test case * Added `OpenSSL_version` * renegotiate functions and additional stack functions * add aditional stub functions * Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`. * add ocsp stub functions * Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`. * x509 extension stack additions * Fixed template for `OCSP_id_get0_info`. * add X509 stub functions * add X509_STORE_CTX_get0_store() and unit test * Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`. * x509v3 stubs and req add extensions * Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions * wolfSSL_set_alpn_protos implementation * Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`. * Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing. * add X509_STORE_CTX_get0_current_issuer and unit test * add OBJ_cmp and unit test * add RSA_get0_key and unit test * add OCSP_check_nonce * Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx. * Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each. * Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests * add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h * inital implementation of wolfSSL_X509_sign * add debugging messages and set data for BIO's * Add i2d_OCSP_REQUEST_bio. * implementation of some WOLFSSL_BIO_METHOD custom functions * fix for ASN time structure and remove log node * initial eNULL support and sanity checks * fixes after rebasing code * adjust test cases and ASN1_TIME print * Various fixes for memory leaks * Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function * Add initial X509_STORE_load_locations stub for Apache * Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions * Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates * Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation * Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation * Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0 * Add OBJ_nid2ln implementation * Fix compile errors in tests/api.c for some build options * Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile * Add X509_STORE_load_locations unit test and minor error handling fixes * Add unit test for X509_sign * Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages * Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg * Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param * Stack fixes after rebase * Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak * Move enc-then-mac enable option in configure.ac for apache httpd compatibility * Simplify wolfSSL_SSL_in_connect_init logic * Remove unneeded wolfSSL_CertManagerLoadCRL_ex * Fixes for jenkins test failures * SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
}
}
wolfSSL_BIO_free(bio);
}
Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined.
2021-03-26 13:23:00 -07:00
#endif /* !NO_BIO */
Fix for `wolfSSL_SESSION_print`
2021-03-26 13:41:11 -07:00
#endif
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#endif
Fixes from using cppcheck tool Various fixes for uninitialized variable use. sniffer.c: close file when seek fails tls.c: fix QSH_GET_SIZE macro wolfio.c: uIPGenerateCookie: use the parameter, _ctx, instead of self referencing. wolfssl_adds.c: check for equivalent to XBADFILE to indicate error. SP: change right shift of signed value to unsigned sp_int.h: define 128-bit types types.h: change a XMALLOC define to not use (,,) - cppcheck doesn't like it and is unnecessary.
2019-09-26 08:48:19 +10:00
if (doSTARTTLS && starttlsProt != NULL) {
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; add macro XSTRCASECMP(); update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
if (XSTRCMP(starttlsProt, "smtp") == 0) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error closing STARTTLS connection");
}
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
CloseSocket(sockfd);
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
((func_args*)args)->return_code = 0;
return 0;
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("No ALPN response received (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
server/client: add --cid option to use ConnectionID extension
2022-08-10 16:41:42 +02:00
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) {
unsigned char receivedCID[DTLS_CID_BUFFER_SIZE];
unsigned int receivedCIDSz;
printf("CID extension was negotiated\n");
ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID size\n");
if (receivedCIDSz > 0) {
ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
DTLS_CID_BUFFER_SIZE - 1);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID\n");
printf("Sending CID is ");
printBuffer(receivedCID, receivedCIDSz);
printf("\n");
}
else {
printf("other peer provided empty CID\n");
}
}
#endif /* WOLFSSL_DTLS_CID */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
if (scr && forceScr) {
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
if (nonBlocking) {
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
if (!resumeScr) {
more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes).
2021-10-15 00:04:25 -05:00
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
if (scrAppData) {
ret = ClientWrite(ssl,
"msg sent during renegotiation",
sizeof("msg sent during renegotiation") - 1,
"", 1);
}
else {
ret = 0;
}
check ClientWrite return
2020-09-25 11:35:23 +02:00
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
else {
do {
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-26 14:45:22 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
check ClientWrite return
2020-09-25 11:35:23 +02:00
if (err == APP_DATA_READY) {
more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes).
2021-10-15 00:04:25 -05:00
if (wolfSSL_read(ssl, reply,
sizeof(reply)-1) < 0) {
check ClientWrite return
2020-09-25 11:35:23 +02:00
err_sys("APP DATA should be present "
"but error returned");
}
Passing scr-app-data in to -i to client sends a message during SCR Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-09-30 13:46:23 +02:00
printf("Received message during "
"renegotiation: %s\n", reply);
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
}
check ClientWrite return
2020-09-25 11:35:23 +02:00
err = 0;
if ((ret = wolfSSL_connect(ssl))
!= WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, ret);
}
} while (ret != WOLFSSL_SUCCESS &&
(err == WOLFSSL_ERROR_WANT_READ ||
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
err == WOLFSSL_ERROR_WANT_WRITE ||
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-26 14:45:22 -07:00
err == APP_DATA_READY ||
err == WC_PENDING_E));
check ClientWrite return
2020-09-25 11:35:23 +02:00
}
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-26 14:45:22 -07:00
if (ret == WOLFSSL_SUCCESS) {
printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
}
}
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-26 14:45:22 -07:00
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "wolfSSL_Rehandshake error %d, %s\n", err,
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
}
}
else {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "not doing secure resumption with non-blocking");
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
}
scr session resumption example
2014-09-26 10:47:57 -07:00
} else {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
if (!resumeScr) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
printf("Beginning secure renegotiation.\n");
WIP
2020-05-28 23:26:37 +02:00
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
err = wolfSSL_get_error(ssl, 0);
WIP
2020-05-28 23:26:37 +02:00
#ifdef WOLFSSL_ASYNC_CRYPT
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
#endif
if (ret != WOLFSSL_SUCCESS) {
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed");
}
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");
}
scr session resumption example
2014-09-26 10:47:57 -07:00
}
Server Side Renegotiation 1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation. 2. Add indication to both the server and client examples that the renegotiation was successful.
2018-11-30 14:14:27 -08:00
else {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
printf("Beginning secure resumption.\n");
ASYNC: Fix issues with TLS and DTLS
2020-06-03 13:32:24 +02:00
if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
err = wolfSSL_get_error(ssl, 0);
ASYNC: Fix issues with TLS and DTLS
2020-06-03 13:32:24 +02:00
#ifdef WOLFSSL_ASYNC_CRYPT
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
#endif
if (ret != WOLFSSL_SUCCESS) {
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_SecureResume failed");
}
Secure Renegotiation 1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake() which performs a full handshake on secure renegotiation and wolfSSL_SecureResume() which performs a session resumption on a secure renegotiation. 2. Add option to example client to perform a secure resumption instead of a full secure handshake.
2019-02-19 15:04:22 -08:00
}
else {
printf("SECURE RESUMPTION SUCCESSFUL\n");
}
Server Side Renegotiation 1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation. 2. Add indication to both the server and client examples that the renegotiation was successful.
2018-11-30 14:14:27 -08:00
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
XMEMSET(msg, 0, sizeof(msg));
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (sendGET) {
1.8.8 init
2011-02-05 11:14:47 -08:00
printf("SSL connect ok, sending GET...\n");
fix merge conflict
2015-11-02 13:26:46 -08:00
Fix for client writes to not include the null term.
2020-07-21 13:40:56 -07:00
msgSz = (int)XSTRLEN(kHttpGetMsg);
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
XMEMCPY(msg, kHttpGetMsg, msgSz);
}
else {
Fix for client writes to not include the null term.
2020-07-21 13:40:56 -07:00
msgSz = (int)XSTRLEN(kHelloMsg);
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
XMEMCPY(msg, kHelloMsg, msgSz);
1.8.8 init
2011-02-05 11:14:47 -08:00
}
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
TEST_DELAY();
add DTLS session export option
2016-05-10 13:27:45 -06:00
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
#ifdef WOLFSSL_SRTP
if (dtlsSrtpProfiles != NULL) {
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
err = client_srtp_test(ssl, (func_args*)args);
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
if (err != 0) {
if (exitWithRet) {
((func_args*)args)->return_code = err;
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
goto exit;
}
/* else */
err_sys("SRTP check failed");
}
}
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
#endif /* WOLFSSL_SRTP */
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
err = ClientWrite(ssl, msg, msgSz, "", exitWithRet);
if (exitWithRet && (err != 0)) {
((func_args*)args)->return_code = err;
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
goto exit;
}
1.8.8 init
2011-02-05 11:14:47 -08:00
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
err = ClientRead(ssl, reply, sizeof(reply)-1, 1, "", exitWithRet);
if (exitWithRet && (err != 0)) {
((func_args*)args)->return_code = err;
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
goto exit;
}
Improve PSK timeout checks Post-handshake Authentication Fix KeyUpdate to derive keys properly Fix supported curves (not checking ctx extensions)
2017-06-08 10:32:51 +10:00
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
#if defined(WOLFSSL_TLS13)
if (updateKeysIVs || postHandAuth)
Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test.
2020-05-22 11:43:41 -07:00
(void)ClientWrite(ssl, msg, msgSz, "", 0);
Cleanup
2017-06-21 16:56:51 +10:00
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
examples: client/server: support DTLSv1.3 (-u -v4) This commits add some new options to examples/[server,client] to support testing of DTLS v1.3. client: add waitTicket option If this option is used, the client will wait until it receives a sessionTicket from the server. This is useful when testing DTLS retransmission. client: add waitKeyUpdate option When this option is set, the client waits until the UpdateKey message is acknowledged by the server. This is useful to test DTLS retransmission logic
2022-05-20 10:00:24 +02:00
#if defined(HAVE_SESSION_TICKET)
while (waitTicket == 1) {
unsigned char ticketBuf[SESSION_TICKET_LEN];
int zeroReturn = 0;
word32 size;
(void)zeroReturn;
size = sizeof(ticketBuf);
err = wolfSSL_get_SessionTicket(ssl, ticketBuf, &size);
if (err < 0)
err_sys("wolfSSL_get_SessionTicket failed");
if (size == 0) {
err = process_handshake_messages(ssl, !nonBlocking, &zeroReturn);
if (err < 0)
err_sys("error waiting for session ticket ");
}
else {
waitTicket = 0;
}
}
#endif
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
session = wolfSSL_get1_session(ssl);
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
Jenkins fixes
2020-07-02 14:59:07 +02:00
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
if (session != NULL && resumeSession) {
flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL);
if (flatSessionSz != 0) {
int checkSz = wolfSSL_i2d_SSL_SESSION(session, &flatSession);
if (flatSession == NULL)
err_sys("error creating flattened session buffer");
1. Use the session deallocator on the deserialized session in the client. 2. Free the flatten session if the size check fails.
2019-09-12 16:02:36 -07:00
if (checkSz != flatSessionSz) {
XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
err_sys("flat session size check failure");
1. Use the session deallocator on the deserialized session in the client. 2. Free the flatten session if the size check fails.
2019-09-12 16:02:36 -07:00
}
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
/* using heap based flat session, free original session */
wolfSSL_SESSION_free(session);
session = NULL;
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
}
}
#endif
examples: allow bidirectional shutdown in UDP This commit allows the examples to perform a bidirectional shutdown also when using UDP. It is useful to test DTLS retransmission. Signed-off-by: Marco Oliverio <marco@wolfssl.com>
2022-04-06 22:14:42 +02:00
ret = wolfSSL_shutdown(ssl);
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
TEST_RECV_READY) {
ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
if (ret == WOLFSSL_SUCCESS) {
printf("Bidirectional shutdown complete\n");
break;
Updates from review
2020-04-01 11:14:25 -05:00
}
examples: allow bidirectional shutdown in UDP This commit allows the examples to perform a bidirectional shutdown also when using UDP. It is useful to test DTLS retransmission. Signed-off-by: Marco Oliverio <marco@wolfssl.com>
2022-04-06 22:14:42 +02:00
else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Bidirectional shutdown failed\n");
examples: allow bidirectional shutdown in UDP This commit allows the examples to perform a bidirectional shutdown also when using UDP. It is useful to test DTLS retransmission. Signed-off-by: Marco Oliverio <marco@wolfssl.com>
2022-04-06 22:14:42 +02:00
break;
}
Tests and examples for bidirectional shutdown
2020-02-17 16:39:34 -06:00
}
examples: allow bidirectional shutdown in UDP This commit allows the examples to perform a bidirectional shutdown also when using UDP. It is useful to test DTLS retransmission. Signed-off-by: Marco Oliverio <marco@wolfssl.com>
2022-04-06 22:14:42 +02:00
if (ret != WOLFSSL_SUCCESS)
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Bidirectional shutdown failed\n");
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
}
Add support for Encrypt-Then-MAC to TLS 1.2 and below An extension is used to indicate that ETM is to be used. Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-22 09:33:38 +10:00
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
if (atomicUser)
FreeAtomicUser(ssl);
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
wolfSSL_PrintStatsConn(&ssl_stats);
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
CloseSocket(sockfd);
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
sslResume = wolfSSL_new(ctx);
if (sslResume == NULL) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
err_sys("unable to get SSL object");
}
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(sslResume, 0);
#endif
Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`.
2021-08-16 13:09:17 -07:00
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks) {
SetupPkCallbackContexts(sslResume, &pkCbInfo);
}
#endif
DHE Speed Up 1. Also apply the setting to the client side. 2. Updated the server and client command line options to use "-2" for disabling the DHE check.
2018-12-03 13:53:44 -08:00
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
if (dtlsUDP) {
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
TEST_DELAY();
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
DTLS-SCTP example client and server 1. Update the example client and server to test DTLS-SCTP. 2. Modify the test.h functions for setting up connections to allow for a SCTP option. 3. Update other examples to use the new test.h functions. 4. Removed some prototypes in the client header file were some functions that should have been static to the client.c file and made them static.
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Fix resumption failure and use range in connect state logic
2022-04-27 16:55:27 +02:00
if (simulateWantWrite) {
Reset ret in client and server after wolfSSL_dtls_got_timeout() - Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets - Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
2022-05-12 16:48:04 +02:00
if (dtlsUDP) {
wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd);
udp_connect(&sockfd, host, port);
}
Fix resumption failure and use range in connect state logic
2022-04-27 16:55:27 +02:00
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
alpn_opt);
}
#endif
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
}
#endif
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
* Fixed some build configuration variations. * Fixed `PEM_BUFSIZE` macro redefined when building with coexist. * Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options. * Improved API unit test error case checking where `TEST_RES_CHECK` is not used. * Changed `TEST_SKIPPED` to unique value. * Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:48:00 -08:00
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
if (flatSession) {
const byte* constFlatSession = flatSession;
session = wolfSSL_d2i_SSL_SESSION(NULL,
&constFlatSession, flatSessionSz);
}
#endif
Remove changes around wolfSSL_set_session() as it breaks tests.
2022-12-12 11:44:27 -05:00
wolfSSL_set_session(sslResume, session);
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
* Fixed some build configuration variations. * Fixed `PEM_BUFSIZE` macro redefined when building with coexist. * Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options. * Improved API unit test error case checking where `TEST_RES_CHECK` is not used. * Changed `TEST_SKIPPED` to unique value. * Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:48:00 -08:00
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
cppcheck fixes Fix checking of negative with unsigned variables. Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing by zero. Change XMEMCPY to XMEMSET in renesas_sce_util.c. Fix test.c to free prvTmp and pubTmp on read error. Remove unused variables. XFREE checks for NULL so don't check before call. Move variable declarations to reduce scope.
2023-04-03 16:51:07 +10:00
XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
DTLS Maintenance To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION, modify the example client to use a serialized session record for resumption instead of the direct reference into the session cache. This change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:28:30 -07:00
#endif
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`.
2021-12-22 12:51:01 -08:00
wolfSSL_SESSION_free(session);
session = NULL;
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
(void*)"resumed session");
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
wolfSSL_dtls_set_using_nonblock(sslResume, 1);
Fix TCP with Timeout Updated example client and server to use the new wolfSSL_dtls_set_using_nonblock() function.
2018-05-23 16:07:45 -07:00
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(sslResume);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
else {
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
#ifndef HAVE_SESSION_TICKET
if (!usePsk) {
}
else
#endif
if (earlyData) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
EarlyData(ctx, sslResume, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
#else
Fixes from cppcheck Added PRIVATE_D version of rsa private key operation for SP implementation for specific platforms. WC_NO_RNG results in warnings when RNG calls don't do anything. Added ifdef checks for variables not used otherwise. Remove superfluous if statements like when checking ret == 0. Change names of globals that are generic and are used locally before global definition. Remove definition of variable len that isn't used except as a replacement for sz which is parameter. Don't subtract two variables when one has just been assigned the value of the other. Fix shifting of signed value. Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC;
timeoutConnect.tv_usec = 0;
TLS 1.3 fixes/improvements Support Draft 28: able to compile code to return BAD_BINDER if no PSKs match and certificates not to be used. Change key share implementation to use server preference - server now checks each client key share's group is in supported_groups extension. Client and server examples modified to support server preference. Application can set client's and server's supported groups by rank. Server's supported groups is sent back in encrypted_extensions if preferred group is not in client's list - able to be turned off at compile time. Application can query server's preferred group from client. Able to compile using 0x0304 as version instead of draft version. Fix state machine in TLS 1.3 to support unexpected hello_retry_request. Also fixes non-blocking. Fix resumption to use the named group from session. Fix named group in session structure to be a 2-byte field. Better detection of errors in message flow. Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things. Not downgrading on client fixed. Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite. Get downgrading from TLS 1.3 and resumption working. Change earlyData value to an enum. Support no extensions data (as opposed to zero length extension data) in TLS 1.3 ClientHello. Check PSK cipher suite is available to both client and server before using. Check first PSK identity chosen when server says it is using early data at client. Check PSK extension is last in client_hello on server. Check the PSK cipher suite to use is supported on client. Check the returned cipher suite for pre-shared keys is the same as client expects. Send alert decrypt_error when verification fails in certificate_verify or finished message doesn't match calculated value. Fail when certificate messages recieved in handshake when using PSK. Validate on the server that EndOfEarlyData message has been recieved before finished message when server sent EarlyData extension.
2018-04-13 11:53:42 +10:00
ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
#endif
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "wolfSSL_connect resume error %d, %s\n", err,
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
err_sys("wolfSSL_connect resume failed");
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(sslResume, lng_index);
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
showPeerPEM(sslResume);
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
if (wolfSSL_session_reused(sslResume))
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("reused session id\n");
else
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "didn't reuse session id!!!\n");
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
printf("Sending ALPN accepted list : %s\n", alpnList);
err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
&protocol_nameSz);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Not received ALPN response (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
Improved test sleep. Cleanup `sleep` calls.
2020-07-22 13:08:57 -07:00
TEST_DELAY();
add DTLS session export option
2016-05-10 13:27:45 -06:00
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Maintenance: Renegotiation 1. Found a corner case where secure renegotiation would fail trying to inappropriately use a session ticket. 2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) {
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
" nonblocking yet\n");
} else {
if (!resumeScr) {
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
printf("Beginning secure renegotiation.\n");
Maintenance: Renegotiation 1. Found a corner case where secure renegotiation would fail trying to inappropriately use a session ticket. 2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(sslResume, 0);
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "err = %d, %s\n", err,
Maintenance: Renegotiation 1. Found a corner case where secure renegotiation would fail trying to inappropriately use a session ticket. 2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed");
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");
}
}
else {
printf("Beginning secure resumption.\n");
if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(sslResume, 0);
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "err = %d, %s\n", err,
Maintenance: Renegotiation 1. Found a corner case where secure renegotiation would fail trying to inappropriately use a session ticket. 2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_SecureResume failed");
}
else {
printf("SECURE RESUMPTION SUCCESSFUL\n");
}
}
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
Fix for example client to send HTTP GET on resume with "-g". Fixes issue with `./scripts/openssl.test`.
2020-07-21 15:42:33 -07:00
XMEMSET(msg, 0, sizeof(msg));
if (sendGET) {
msgSz = (int)XSTRLEN(kHttpGetMsg);
XMEMCPY(msg, kHttpGetMsg, msgSz);
}
else {
msgSz = (int)XSTRLEN(kResumeMsg);
XMEMCPY(msg, kResumeMsg, msgSz);
}
(void)ClientWrite(sslResume, msg, msgSz, " resume", 0);
1.8.8 init
2011-02-05 11:14:47 -08:00
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 14:03:15 +10:00
(void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET,
"Server resume: ", 0);
1.8.8 init
2011-02-05 11:14:47 -08:00
fix shutdown returns
2015-02-16 14:23:33 -08:00
ret = wolfSSL_shutdown(sslResume);
Refactor `WOLF_SSL_` to `WOLFSSL_` (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
fix shutdown returns
2015-02-16 14:23:33 -08:00
wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSLresume memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
wolfSSL_PrintStatsConn(&ssl_stats);
Fixes for static memory with `-r` session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#endif
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
scan build fixes
2013-02-14 14:09:41 -08:00
CloseSocket(sockfd);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined.
2020-07-22 12:15:14 -07:00
#endif /* !NO_SESSION_CACHE */
1.8.8 init
2011-02-05 11:14:47 -08:00
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = 0;
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
Fix for example client/server with `-H exitWithRet` option to make sure all cleanup is performed. Resolves valgrind report due to `TicketCleanup()` not being called.
2018-05-03 13:39:37 -07:00
exit:
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
wolfsentry_ret =
fix an oversight in wolfSentry integration in examples/{client,server}.
2023-01-05 17:59:10 -06:00
wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL));
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-16 00:26:48 -05:00
if (wolfsentry_ret < 0) {
fprintf(stderr,
"wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}
#endif
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
&& defined(HAVE_STACK_SIZE)
wc_ecc_fp_free(); /* free per thread cache */
#endif
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
(void) useClientCert;
(void) verifyCert;
(void) ourCert;
(void) ourKey;
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
(void) useVerifyCb;
Various scan-build fixes.
2022-04-21 14:44:23 -07:00
(void) customVerifyCert;
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if !defined(WOLFSSL_TIRTOS)
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
return 0;
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#endif /* !NO_WOLFSSL_CLIENT */
1.8.8 init
2011-02-05 11:14:47 -08:00
/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
1.8.8 init
2011-02-05 11:14:47 -08:00
StartTCP();
dtls-srtp: no ekm cross check on single threaded/no pthread conf
2022-01-20 16:07:16 +01:00
#if defined(WOLFSSL_SRTP) && !defined(SINGLE_THREADED) && defined(_POSIX_THREADS)
Test cleanups. Fix possible leak in `TLSX_UseSRTP`.
2022-01-19 09:20:45 -08:00
args.srtp_helper = NULL;
tests: support test for SRTP the test will check that the same Exported Keying Material is generated between client and server
2022-01-19 13:03:29 +01:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
args.argc = argc;
args.argv = argv;
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
args.return_code = 0;
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
add staticmemory feature
2016-03-23 10:21:26 -06:00
wolfSSL_Init();
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
ChangeToWolfRoot();
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, client_test);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#else
1.8.8 init
2011-02-05 11:14:47 -08:00
client_test(&args);
Fix build with either `NO_WOLFSSL_SERVER` or `NO_WOLFSSL_CLIENT` defined.
2017-06-26 23:05:32 -07:00
#endif
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
#else
print errors to stderr, not stdout; fix whitespace in internal.c; add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
fprintf(stderr, "Client not compiled in!\n");
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_Cleanup();
1.8.8 init
2011-02-05 11:14:47 -08:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
#endif /* HAVE_WNR */
1.8.8 init
2011-02-05 11:14:47 -08:00
return args.return_code;
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
int myoptind = 0;
char* myoptarg = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif /* NO_MAIN_DRIVER */
Copy Permalink