wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-04 03:00:51 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5801e7773b23a730e39d7b7b0c57dc7011a33046
wolfssl/examples/client/client.c
T

3247 lines
104 KiB
C
Raw Normal View History

Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
/* client.c
*
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-22 15:58:35 -07:00
* Copyright (C) 2006-2017 wolfSSL Inc.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* This file is part of wolfSSL.
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is free software; you can redistribute it and/or modify
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
name change for client.c
2015-01-05 14:48:43 -07:00
* wolfSSL is distributed in the hope that it will be useful,
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
Add headers to examples and .i files
2011-07-26 13:27:22 -07:00
*/
prepare for release v3.9.0
2016-03-17 16:02:13 -06:00
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#ifdef HAVE_CONFIG_H
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
#include <config.h>
add check around config.h for non autoconf systems
2011-08-24 16:37:16 -07:00
#endif
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
update SimpleClient example
2017-12-28 07:20:03 +09:00
#include <wolfssl/wolfcrypt/settings.h>
no longer user compatibility layer
2015-01-08 10:02:07 -07:00
#include <wolfssl/ssl.h>
debugging linking error
2014-12-19 15:30:07 -07:00
fixed mdk4 macro control in example server/client, echoserver/client
2015-11-27 11:31:12 +09:00
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
Sync MDK5 Software Pack with 2.9.4
2014-04-11 16:20:12 +09:00
#include <stdio.h>
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#include <string.h>
update SimpleClient example
2017-12-28 07:20:03 +09:00
#include "cmsis_os.h"
#include "rl_fs.h"
#include "rl_net.h"
#include "wolfssl_MDK_ARM.h"
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Corrected spelling mistakes, formatting
2011-08-04 16:42:55 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#include <wolfssl/test.h>
1.8.8 init
2011-02-05 11:14:47 -08:00
Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.
2017-09-25 18:47:36 -07:00
#include <examples/client/client.h>
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#include <wolfssl/error-ssl.h>
This adds more compiler hardening flags (and fixes all of the issues
2012-09-19 23:38:41 -07:00
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
include tfm in example client for veiwing FP_MAX_BITS
2018-08-17 11:06:40 -06:00
#ifdef USE_FAST_MATH
/* included to inspect the size of FP_MAX_BITS */
#include <wolfssl/wolfcrypt/tfm.h>
#endif
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
static int devId = INVALID_DEVID;
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#define DEFAULT_TIMEOUT_SEC 2
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
#ifndef MAX_NON_BLOCK_SEC
#define MAX_NON_BLOCK_SEC 10
#endif
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
OCSP
2018-08-02 16:25:38 -07:00
#define OCSP_STAPLING 1
#define OCSP_STAPLINGV2 2
#define OCSP_STAPLINGV2_MULTI 3
#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI
revise the comments about port 0 use in the example client and server
2015-12-24 15:42:52 -08:00
/* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct
* port numbers when the internal thread using the server code using port 0. */
1.8.8 init
2011-02-05 11:14:47 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static int lng_index = 0;
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_CALLBACKS
1.8.8 init
2011-02-05 11:14:47 -08:00
Timeval timeout;
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
static int handShakeCB(HandShakeInfo* info)
{
(void)info;
return 0;
}
static int timeoutCB(TimeoutInfo* info)
{
(void)info;
return 0;
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
static int sessionTicketCB(WOLFSSL* ssl,
const unsigned char* ticket, int ticketSz,
void* ctx)
{
(void)ssl;
(void)ticket;
printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
ticketSz, (char*)ctx);
return 0;
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
static int NonBlockingSSL_Connect(WOLFSSL* ssl)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
{
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
int ret;
int error;
SOCKET_T sockfd;
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
int select_ret = 0;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
int elapsedSec = 0;
test client and server use select in non-blocking mode
2012-10-08 15:49:30 -07:00
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
#endif
error = wolfSSL_get_error(ssl, 0);
sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
#ifdef WOLFSSL_NONBLOCK_OCSP
|| error == OCSP_WANT_READ
#endif
)) {
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
int currTimeout = 1;
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (error == WOLFSSL_ERROR_WANT_READ)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would read block\n");
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
else if (error == WOLFSSL_ERROR_WANT_WRITE)
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("... client would write block\n");
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifdef WOLFSSL_ASYNC_CRYPT
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
if (error == WC_PENDING_E) {
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
if (ret < 0) break;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
else
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
{
DTLS Nonblocking Updates
2018-12-14 11:30:03 -08:00
if (error != WOLFSSL_ERROR_WANT_WRITE) {
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
test client and server use select in non-blocking mode
2012-10-08 15:49:30 -07:00
DTLS Nonblocking Updates
2018-12-14 11:30:03 -08:00
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
|| (select_ret == TEST_ERROR_READY)
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
error = wolfSSL_get_error(ssl, 0);
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec = 0; /* reset elapsed */
DTLS Nonblocking Updates
2018-12-14 11:30:03 -08:00
if (error == WOLFSSL_ERROR_WANT_WRITE) {
/* Do a send select here. */
select_ret = tcp_select_tx(sockfd, 1);
if (select_ret == TEST_TIMEOUT) {
error = WOLFSSL_FATAL_ERROR;
}
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
elapsedSec += currTimeout;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (elapsedSec > MAX_NON_BLOCK_SEC) {
printf("Nonblocking connect timeout\n");
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
error = WOLFSSL_FATAL_ERROR;
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
wolfSSL_dtls_got_timeout(ssl) >= 0) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_ERROR_WANT_READ;
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
else {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
error = WOLFSSL_FATAL_ERROR;
1.8.8 init
2011-02-05 11:14:47 -08:00
}
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
return ret;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
static void ShowCiphers(void)
{
Small stack fixes
2018-07-17 09:04:00 +10:00
static char ciphers[4096];
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret == WOLFSSL_SUCCESS)
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
printf("%s\n", ciphers);
}
fix merge conflict
2015-11-02 13:26:46 -08:00
/* Shows which versions are valid */
static void ShowVersions(void)
{
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#ifndef NO_OLD_TLS
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_SSLV3
printf("0:");
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
printf("1:");
#endif
printf("2:");
update example client ShowVersions() to not show disabled old-tls versions
2015-12-23 12:12:41 -08:00
#endif /* NO_OLD_TLS */
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
printf("3:");
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_TLS13
printf("4:");
Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#endif
printf("d(downgrade):");
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
printf("e(either):");
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
printf("\n");
fix merge conflict
2015-11-02 13:26:46 -08:00
}
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
#ifdef WOLFSSL_TLS13
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
{
Fixes for tests
2018-05-01 14:27:38 +10:00
int groups[3];
int count = 0;
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
(void)useX25519;
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
#ifdef HAVE_CURVE25519
if (useX25519) {
Fixes for tests
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_ECC_X25519;
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != WOLFSSL_SUCCESS)
err_sys("unable to use curve x25519");
}
else
#endif
{
#ifdef HAVE_ECC
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
Fixes for tests
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_ECC_SECP256R1;
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
#endif
#endif
}
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
Fixes for tests
2018-05-01 14:27:38 +10:00
groups[count++] = WOLFSSL_FFDHE_2048;
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != WOLFSSL_SUCCESS)
err_sys("unable to use DH 2048-bit parameters");
#endif
}
Fixes for tests
2018-05-01 14:27:38 +10:00
if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
err_sys("unable to set groups");
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
}
#endif
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#ifdef WOLFSSL_EARLY_DATA
static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
int msgSz, char* buffer)
{
int err;
int ret;
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
printf("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("SSL_write_early_data failed");
}
do {
err = 0; /* reset error */
ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
printf("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("SSL_write_early_data failed");
}
}
#endif
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
static const char* client_bench_conmsg[][5] = {
/* English */
{
"wolfSSL_resume avg took:", "milliseconds\n",
"wolfSSL_connect avg took:", "milliseconds\n",
NULL
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
{
"wolfSSL_resume 平均時間:", "ミリ秒\n",
"wolfSSL_connect 平均時間:", "ミリ秒\n",
}
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
Improvements to TLS v1.3 code
2017-06-29 09:00:44 +10:00
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
int helloRetry, int onlyKeyShare, int version, int earlyData)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
/* time passed in number of connects give average */
Changes for interop and performance
2018-04-09 13:53:05 +10:00
int times = benchmark, skip = times * 0.1;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int loops = resumeSession ? 2 : 1;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
int i = 0, err, ret;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WOLFSSL_SESSION* benchSession = NULL;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
byte* reply[80];
Changes for interop and performance
2018-04-09 13:53:05 +10:00
static const char msg[] = "GET /index.html HTTP/1.0\r\n\r\n";
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#ifdef WOLFSSL_EARLY_DATA
static const char earlyMsg[] = "A drop of info";
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
const char** words = client_bench_conmsg[lng_index];
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
(void)resumeSession;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Improvements to TLS v1.3 code
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
(void)version;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
while (loops--) {
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int benchResume = resumeSession && loops == 0;
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
fixed current_time argument
2016-04-14 16:26:51 +09:00
double start = current_time(1), avg;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
for (i = 0; i < times; i++) {
SOCKET_T sockfd;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
WOLFSSL* ssl;
if (i == skip)
start = current_time(1);
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
#ifndef NO_SESSION_CACHE
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
Changes for interop and performance
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
else if (version >= 4) {
if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519);
else
Changes for interop and performance
2018-04-09 13:53:05 +10:00
wolfSSL_NoKeyShares(ssl);
}
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
#if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
defined(WOLFSSL_EARLY_DATA)
if (version >= 4 && benchResume && earlyData) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
EarlyData(ctx, ssl, earlyMsg, sizeof(earlyMsg)-1, buffer);
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("SSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Small stack fixes
2018-07-17 09:04:00 +10:00
#ifndef NO_SESSION_CACHE
if (version >= 4 && resumeSession && !benchResume)
#else
if (version >= 4 && resumeSession)
#endif
{
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (wolfSSL_write(ssl, msg, sizeof(msg)-1) <= 0)
err_sys("SSL_write failed");
if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
err_sys("SSL_read failed");
}
#endif
Changes for interop and performance
2018-04-09 13:53:05 +10:00
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wolfSSL_shutdown(ssl);
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (i == (times-1) && resumeSession) {
benchSession = wolfSSL_get_session(ssl);
}
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
avg = current_time(0) - start;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
avg /= (times - skip);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
avg *= 1000; /* milliseconds */
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#ifndef NO_SESSION_CACHE
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (benchResume)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[0],avg, words[1]);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
else
Remove NO_CERT and NO_CODING. Enable building of the client with leantls.
2016-02-22 10:11:41 +01:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %8.3f %s\n", words[2],avg, words[3]);
Changes for interop and performance
2018-04-09 13:53:05 +10:00
WOLFSSL_TIME(times);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
return EXIT_SUCCESS;
}
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
Changes for interop and performance
2018-04-09 13:53:05 +10:00
int dtlsUDP, int dtlsSCTP, int block, int throughput, int useX25519)
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
WOLFSSL* ssl;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
int ret = 0, err = 0;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ssl = wolfSSL_new(ctx);
add wolfSSL_new() pointer return check on all calls in example client
2015-10-16 14:12:38 -07:00
if (ssl == NULL)
err_sys("unable to get SSL object");
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
#ifdef WOLFSSL_TLS13
#ifdef HAVE_CURVE25519
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
!= WOLFSSL_SUCCESS) {
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
err_sys("unable to use curve x25519");
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
}
}
#endif
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret == WOLFSSL_SUCCESS) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform throughput test */
char *tx_buffer, *rx_buffer;
/* Record connection time */
fixed current_time argument
2016-04-14 16:26:51 +09:00
conn_time = current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Allocate TX/RX buffers */
Changes for interop and performance
2018-04-09 13:53:05 +10:00
tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
if (tx_buffer && rx_buffer) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
WC_RNG rng;
/* Startup the RNG */
Fixes and cleanups based on feedback from Sean.
2017-04-10 14:19:20 -07:00
#if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT)
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
ret = wc_InitRng_ex(&rng, NULL, devId);
#else
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
ret = wc_InitRng(&rng);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
#endif
if (ret == 0) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int xfer_bytes;
/* Generate random data to send */
Changes for interop and performance
2018-04-09 13:53:05 +10:00
ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
wc_FreeRng(&rng);
if(ret != 0) {
err_sys("wc_RNG_GenerateBlock failed");
}
/* Perform TX and RX of bytes */
xfer_bytes = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
while (throughput > xfer_bytes) {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
int len, rx_pos, select_ret;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Determine packet size */
Changes for interop and performance
2018-04-09 13:53:05 +10:00
len = min(block, throughput - xfer_bytes);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform TX */
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, tx_buffer, len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != len) {
printf("SSL_write bench error %d!\n", err);
err_sys("SSL_write failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
tx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
/* Perform RX */
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if (select_ret == TEST_RECV_READY) {
fixed current_time argument
2016-04-14 16:26:51 +09:00
start = current_time(1);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
rx_pos = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
while (rx_pos < len) {
ret = wolfSSL_read(ssl, &rx_buffer[rx_pos],
len - rx_pos);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
printf("SSL_read bench error %d\n", err);
err_sys("SSL_read failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
}
else {
rx_pos += ret;
}
}
fixed current_time argument
2016-04-14 16:26:51 +09:00
rx_time += current_time(0) - start;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
/* Compare TX and RX buffers */
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
Fixes for scan-build
2017-03-15 09:38:53 +10:00
free(tx_buffer);
tx_buffer = NULL;
free(rx_buffer);
rx_buffer = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
err_sys("Compare TX and RX buffers failed");
}
/* Update overall position */
xfer_bytes += len;
}
}
else {
err_sys("wc_InitRng failed");
}
Fixes for building with WC_NO_RNG.
2018-09-13 13:23:55 -07:00
(void)rng; /* for WC_NO_RNG case */
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
Fixed compile issues with example server/client. Fixed issue with using XMALLOC/XFREE being used in examples. Fixed issue with "int select_ret" declaration scope. Fixed issue with test.h HAVE_SESSION_TICKET "static rng" name.
2015-10-15 13:42:41 -07:00
err_sys("Client buffer malloc failed");
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
if(tx_buffer) XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(rx_buffer) XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
else {
err_sys("wolfSSL_connect failed");
}
wolfSSL_shutdown(ssl);
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
CloseSocket(sockfd);
printf("wolfSSL Client Benchmark %d bytes\n"
"\tConnect %8.3f ms\n"
"\tTX %8.3f ms (%8.3f MBps)\n"
"\tRX %8.3f ms (%8.3f MBps)\n",
throughput,
conn_time * 1000,
tx_time * 1000, throughput / tx_time / 1024 / 1024,
rx_time * 1000, throughput / rx_time / 1024 / 1024
);
return EXIT_SUCCESS;
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
const char* starttlsCmd[6] = {
"220",
"EHLO mail.example.com\r\n",
"250",
"STARTTLS\r\n",
"220",
"QUIT\r\n",
};
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
/* Initiates the STARTTLS command sequence over TCP */
static int StartTLS_Init(SOCKET_T* sockfd)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
char tmpBuf[256];
if (sockfd == NULL)
return BAD_FUNC_ARG;
/* S: 220 <host> SMTP service ready */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: EHLO mail.example.com */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[1]))
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS EHLO command\n");
/* S: 250 <host> offers a warm hug of welcome */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received");
}
/* C: STARTTLS */
use send/recv instead of write/read with STARTTLS for winsock compatibility
2016-05-02 10:10:25 -06:00
if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) !=
fix type comparison on 32bit for starttls, zero tmp buffer
2016-05-03 13:52:04 -06:00
(int)XSTRLEN(starttlsCmd[3])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send STARTTLS command\n");
}
/* S: 220 Go ahead */
Initial pass at fixes for coverity scan.
2017-04-28 14:59:45 -07:00
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
printf("%s\n", tmpBuf);
} else {
err_sys("incorrect STARTTLS command received, expected 220");
}
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
/* Closes down the SMTP connection */
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
{
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
int ret, err = 0;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
char tmpBuf[256];
if (ssl == NULL)
return BAD_FUNC_ARG;
printf("\nwolfSSL client shutting down SMTP connection\n");
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
/* C: QUIT */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != (int)XSTRLEN(starttlsCmd[5])) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to send SMTP QUIT command\n");
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
/* S: 221 2.0.0 Service closing transmission channel */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf));
if (ret < 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret < 0) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("failed to read SMTP closing down response\n");
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
}
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
printf("%s\n", tmpBuf);
ret = wolfSSL_shutdown(ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
return WOLFSSL_SUCCESS;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
}
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz)
{
int ret, err;
char buffer[WOLFSSL_MAX_ERROR_SZ];
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
} while (err == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
if (ret != msgSz) {
printf("SSL_write msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_write failed");
}
}
static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead)
{
int ret, err;
char buffer[WOLFSSL_MAX_ERROR_SZ];
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
double start = current_time(1), elapsed;
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(ssl, reply, replyLen);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
printf("SSL_read reply error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_read failed");
}
}
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
if (mustRead && err == WOLFSSL_ERROR_WANT_READ) {
elapsed = current_time(0) - start;
if (elapsed > MAX_NON_BLOCK_SEC) {
printf("Nonblocking read timeout\n");
Fix for scan-build "Value stored to 'err' is never read`"
2019-01-11 09:42:41 -08:00
ret = WOLFSSL_FATAL_ERROR;
Fix for non-blocking read timeout.
2019-01-11 08:45:34 -08:00
break;
}
}
Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size.
2018-03-16 12:02:36 -07:00
} while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
if (ret > 0) {
reply[ret] = 0;
printf("%s\n", reply);
}
}
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
Fixes to work when compiled with TLS 1.3 only
2018-08-28 15:37:15 +10:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* when adding new option, please follow the steps below: */
/* 1. add new option message in English section */
/* 2. increase the number of the second dimention */
/* 3. add the same message into Japanese section */
/* (will be translated later) */
/* 4. add printf() into suitable position of Usage() */
static const char* client_usage_msg[][59] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
"Max RSA key size in bits for build is set at : ", /* 1 */
#ifdef NO_RSA
"RSA not supported\n", /* 2 */
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
"3072\n", /* 2 */
#elif !defined(WOLFSSL_SP_NO_2048)
"2048\n", /* 2 */
#else
"0\n", /* 2 */
#endif
#elif defined(USE_FAST_MATH)
#else
"INFINITE\n", /* 2 */
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> Help, print this usage\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: English, 1: Japanese\n", /* 3 */
"-h <host> Host to connect to, default", /* 4 */
"-p <num> Port to connect on, not 0, default", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */
"-V Prints valid ssl version numbers"
Rollback stacing
2018-11-29 06:52:43 +09:00
", SSLv3(0) - TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */
"-V Prints valid ssl version numbers,"
" SSLv3(0) - TLS1.3(4)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> Cipher suite list (: delimited)\n", /* 8 */
"-c <file> Certificate file, default", /* 9 */
"-k <file> Key file, default", /* 10 */
"-A <file> Certificate Authority file, default", /* 11 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> Minimum DH key bits, default", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> Benchmark <num> connections and print stats\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> Application-Layer Protocol"
Rollback stacing
2018-11-29 06:52:43 +09:00
" Negotiation ({C,F}:<list>)\n", /* 14 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-B <num> Benchmark throughput"
Rollback stacing
2018-11-29 06:52:43 +09:00
" using <num> bytes and print stats\n", /* 15 */
"-s Use pre Shared keys\n", /* 16 */
"-d Disable peer checks\n", /* 17 */
"-D Override Date Errors example\n", /* 18 */
"-e List Every cipher suite available, \n", /* 19 */
"-g Send server HTTP GET\n", /* 20 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-u Use UDP DTLS,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G Use SCTP DTLS,"
Rollback stacing
2018-11-29 06:52:43 +09:00
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m Match domain name in cert\n", /* 23 */
"-N Use Non-blocking sockets\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r Resume session\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w Wait for bidirectional shutdown\n", /* 26 */
"-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R Allow Secure Renegotiation\n", /* 28 */
"-i Force client Initiated Secure Renegotiation\n", /* 29 */
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f Fewer packets/group messages\n", /* 30 */
"-x Disable client cert/key loading\n", /* 31 */
"-X Driven by eXternal test case\n", /* 32 */
"-j Use verify callback override\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z Print structure sizes\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> Use Host Name Indication\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> Use Maximum Fragment Length [1-6]\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Use Truncated HMAC\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n Disable Extended Master Secret\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o Perform OCSP lookup on peer certificate\n", /* 39 */
"-O <url> Perform OCSP lookup using <url> as responder\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-W <num> Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef ATOMIC_USER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-U Atomic User Record Layer Callbacks\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-P Public Key Callbacks\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Rollback stacing
2018-11-29 06:52:43 +09:00
"-a Anonymous client\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
Rollback stacing
2018-11-29 06:52:43 +09:00
"-C Disable CRL\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-E <file> Path to load trusted peer cert\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
"-q <file> Whitewood config file, defaults\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> Internal tests"
Rollback stacing
2018-11-29 06:52:43 +09:00
" [defCipherList, exitWithRet, verifyFail]\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Rollback stacing
2018-11-29 06:52:43 +09:00
"-J Use HelloRetryRequest to choose group for KE\n", /* 49 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 50 */
"-I Update keys and IVs before sending data\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-y Key Share with FFDHE named groups only\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Y Key Share with ECC named groups only\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
Rollback stacing
2018-11-29 06:52:43 +09:00
"-t Use X25519 for key exchange\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Q Support requesting certificate post-handshake\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
Rollback stacing
2018-11-29 06:52:43 +09:00
"-0 Early data sent to server (0-RTT handshake)\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
Rollback stacing
2018-11-29 06:52:43 +09:00
"-3 <grpid> Multicast, grpid < 256\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> Display a result by specified language.\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: English, 1: Japanese\n", /* 58 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE to NO_MULTIBYTE_PRINT
2018-11-29 07:04:01 +09:00
#ifndef NO_MULTIBYTE_PRINT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
/* Japanese */
Rollback stacing
2018-11-29 06:52:43 +09:00
{
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
" 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。"
Rollback stacing
2018-11-29 06:52:43 +09:00
"\n", /* 0 */
"RSAの最大ビットは次のように設定されています: ", /* 1 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef NO_RSA
Rollback stacing
2018-11-29 06:52:43 +09:00
"RSAはサポートされていません。\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Rollback stacing
2018-11-29 06:52:43 +09:00
"3072\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#elif !defined(WOLFSSL_SP_NO_2048)
Rollback stacing
2018-11-29 06:52:43 +09:00
"2048\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"0\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#elif defined(USE_FAST_MATH)
#else
Rollback stacing
2018-11-29 06:52:43 +09:00
"無限\n", /* 2 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-? <num> ヘルプ, 使い方を表示\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: 英語、 1: 日本語\n", /* 3 */
"-h <host> 接続先ホスト, 既定値", /* 4 */
"-p <num> 接続先ポート, 0は無効, 既定値", /* 5 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef WOLFSSL_TLS13
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-3], SSLv3(0) - TLS1.2(3)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.2(3)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#else
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-v <num> SSL バージョン [0-4], SSLv3(0) - TLS1.3(4)),"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 既定値", /* 6 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-V 有効な ssl バージョン番号を出力, SSLv3(0) -"
Rollback stacing
2018-11-29 06:52:43 +09:00
" TLS1.3(4)\n", /* 7 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
"-c <file> 証明書ファイル, 既定値", /* 9 */
"-k <file> 鍵ファイル, 既定値", /* 10 */
"-A <file> 認証局ファイル, 既定値", /* 11 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-b <num> ベンチマーク <num> 接続及び結果出力する\n", /* 13 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef HAVE_ALPN
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-L <str> アプリケーション層プロトコルネゴシエーションを行う"
Rollback stacing
2018-11-29 06:52:43 +09:00
" ({C,F}:<list>)\n", /* 14 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-B <num> <num> バイトを用いてのベンチマーク・スループット測定"
Rollback stacing
2018-11-29 06:52:43 +09:00
"と結果を出力する\n", /* 15 */
"-s 事前共有鍵を使用する\n", /* 16 */
"-d ピア確認を無効とする\n", /* 17 */
"-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */
"-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */
"-g サーバーへ HTTP GET を送信\n", /* 20 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-u UDP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_SCTP
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-G SCTP DTLSを使用する。-v 2 を追加指定すると"
Rollback stacing
2018-11-29 06:52:43 +09:00
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-m 証明書内のドメイン名一致を確認する\n", /* 23 */
"-N ノンブロッキング・ソケットを使用する\n", /* 24 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_SESSION_CACHE
Rollback stacing
2018-11-29 06:52:43 +09:00
"-r セッションを継続する\n", /* 25 */
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-w 双方向シャットダウンを待つ\n", /* 26 */
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
"-M <prot> STARTTLSを使用する, <prot>プロトコル(smtp)を"
Rollback stacing
2018-11-29 06:52:43 +09:00
"使用する\n", /* 27 */
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#ifdef HAVE_SECURE_RENEGOTIATION
Rollback stacing
2018-11-29 06:52:43 +09:00
"-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
"-i クライアント主導のネゴシエーションを強制する\n", /* 29 */
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
"-X 外部テスト・ケースにより動作する\n", /* 32 */
"-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef SHOW_SIZES
Rollback stacing
2018-11-29 06:52:43 +09:00
"-z 構造体のサイズを表示する\n", /* 34 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_SNI
Rollback stacing
2018-11-29 06:52:43 +09:00
"-S <str> ホスト名表示を使用する\n", /* 35 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_MAX_FRAGMENT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-F <num> 最大フラグメント長[1-6]を設定する\n", /* 36 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-T Truncated HMACを使用する\n", /* 37 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_EXTENDED_MASTER
Rollback stacing
2018-11-29 06:52:43 +09:00
"-n マスターシークレット拡張を無効にする\n", /* 38 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_OCSP
Rollback stacing
2018-11-29 06:52:43 +09:00
"-o OCSPルックアップをピア証明書で実施する\n", /* 39 */
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-O <url> OCSPルックアップを、<url>を使用し"
Rollback stacing
2018-11-29 06:52:43 +09:00
"応答者として実施する\n", /* 40 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-W <num> OCSP Staplingを使用する"
Rollback stacing
2018-11-29 06:52:43 +09:00
" (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef ATOMIC_USER
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-U アトミック・ユーザー記録の"
Rollback stacing
2018-11-29 06:52:43 +09:00
"コールバックを利用する\n", /* 42 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_PK_CALLBACKS
Rollback stacing
2018-11-29 06:52:43 +09:00
"-P 公開鍵コールバック\n", /* 43 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ANON
Rollback stacing
2018-11-29 06:52:43 +09:00
"-a 匿名クライアント\n", /* 44 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_CRL
Rollback stacing
2018-11-29 06:52:43 +09:00
"-C CRLを無効\n", /* 45 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
Rollback stacing
2018-11-29 06:52:43 +09:00
"-E <file> 信頼出来るピアの証明書ロードの為のパス\n", /* 46 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_WNR
Fix to timeout after 10 seconds in non-blocking mode if connect does not complete.
2019-01-10 17:12:37 -08:00
"-q <file> Whitewood コンフィグファイル, 既定値\n", /* 47 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-H <arg> 内部テスト"
Rollback stacing
2018-11-29 06:52:43 +09:00
" [defCipherList, exitWithRet, verifyFail]\n", /* 48 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifdef WOLFSSL_TLS13
Rollback stacing
2018-11-29 06:52:43 +09:00
"-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 49 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 50 */
"-I データ送信前に、鍵とIVを更新する\n", /* 51 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#ifndef NO_DH
Rollback stacing
2018-11-29 06:52:43 +09:00
"-y FFDHE名前付きグループとの鍵共有のみ\n", /* 52 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef HAVE_ECC
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Y ECC名前付きグループとの鍵共有のみ\n", /* 53 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
Rollback stacing
2018-11-29 06:52:43 +09:00
"-t X25519を鍵交換に使用する\n", /* 54 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Rollback stacing
2018-11-29 06:52:43 +09:00
"-Q ポストハンドシェークの証明要求をサポートする\n", /* 55 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_EARLY_DATA
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-0 Early data をサーバーへ送信する"
Rollback stacing
2018-11-29 06:52:43 +09:00
"0-RTTハンドシェイク)\n", /* 56 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
#ifdef WOLFSSL_MULTICAST
Rollback stacing
2018-11-29 06:52:43 +09:00
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 57 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
#endif
Keep the max line length to 80
2018-10-20 17:15:17 +09:00
"-1 <num> 指定された言語で結果を表示します。\n"
Rollback stacing
2018-11-29 06:52:43 +09:00
" 0: 英語、 1: 日本語\n", /* 58 */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
NULL,
},
NO_MULTIBYTE for multibyte non-supported IDEs
2018-11-26 08:11:31 +09:00
#endif
Rollback stacing
2018-11-29 06:52:43 +09:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
};
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
static void Usage(void)
{
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
int msgid = 0;
const char** msg = client_usage_msg[lng_index];
printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING,
msg[msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
/* print out so that scripts can know what the max supported key size is */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#ifdef NO_RSA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#elif !defined(WOLFSSL_SP_NO_2048)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
account for NO_RSA and SP math when printing max RSA key size
2018-08-15 09:50:50 -06:00
#endif
#elif defined(USE_FAST_MATH)
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
printf("%d\n", FP_MAX_BITS/2);
#else
/* normal math has unlimited max size */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]);
check max key size with ocsp stapling test
2018-08-08 15:16:32 -06:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* ? */
printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */
printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */
Changes for Nginx
2017-07-03 18:29:15 +10:00
#ifndef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
Changes for Nginx
2017-07-03 18:29:15 +10:00
#else
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */
printf("%s", msg[++msgid]); /* -V */
Changes for Nginx
2017-07-03 18:29:15 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -l */
printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -b */
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -L <str> */
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -B <num> */
printf("%s", msg[++msgid]); /* -s */
printf("%s", msg[++msgid]); /* -d */
printf("%s", msg[++msgid]); /* -D */
printf("%s", msg[++msgid]); /* -e */
printf("%s", msg[++msgid]); /* -g */
printf("%s", msg[++msgid]); /* -u */
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
#ifdef WOLFSSL_SCTP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -G */
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -m */
printf("%s", msg[++msgid]); /* -N */
Add USE_SLOW_SHA256 and USE_SLOW_SHA512 options for reduced code size of SHA. Existing USE_SLOW_SHA2 applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new ./configure --lowresource option, which defines the memory reduction defines. Fix for make check resume.test scipt with NO_SESSION_CACHE defined.
2017-11-09 11:05:28 -08:00
#ifndef NO_SESSION_CACHE
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -r */
Add USE_SLOW_SHA256 and USE_SLOW_SHA512 options for reduced code size of SHA. Existing USE_SLOW_SHA2 applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new ./configure --lowresource option, which defines the memory reduction defines. Fix for make check resume.test scipt with NO_SESSION_CACHE defined.
2017-11-09 11:05:28 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -w */
printf("%s", msg[++msgid]); /* -M */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -R */
printf("%s", msg[++msgid]); /* -i */
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -f */
printf("%s", msg[++msgid]); /* -x */
printf("%s", msg[++msgid]); /* -X */
printf("%s", msg[++msgid]); /* -j */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#ifdef SHOW_SIZES
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -z */
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_SNI
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -S */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
fixing HAVE_MAX_FRAGMENT ifdef
2014-02-16 10:19:40 -03:00
#ifdef HAVE_MAX_FRAGMENT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -F */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -T */
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -n */
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
OCSP Updates
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -o */
printf("%s", msg[++msgid]); /* -O */
OCSP Updates
2013-06-20 11:07:54 -07:00
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -W */
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -U */
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -P */
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
#ifdef HAVE_ANON
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -a */
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
#ifdef HAVE_CRL
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -C */
add external site script test to make check
2015-05-07 10:02:43 -07:00
#endif
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -E */
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#endif
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -H */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -J */
printf("%s", msg[++msgid]); /* -K */
printf("%s", msg[++msgid]); /* -I */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifndef NO_DH
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
#ifdef HAVE_ECC
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Y */
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
#endif /* WOLFSSL_TLS13 */
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
#ifdef HAVE_CURVE25519
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -t */
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
#endif
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -Q */
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
#endif
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -0 */
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#endif
DHE Speed Up
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
printf("-2 Disable DH Prime check\n");
#endif
Multicast
2016-12-15 11:43:15 -08:00
#ifdef WOLFSSL_MULTICAST
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -3 */
Multicast
2016-12-15 11:43:15 -08:00
#endif
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
printf("%s", msg[++msgid]); /* -1 */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
1.8.8 init
2011-02-05 11:14:47 -08:00
{
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
1.8.8 init
2011-02-05 11:14:47 -08:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
wolfSSL_method_func method = NULL;
name change for client.c
2015-01-05 14:48:43 -07:00
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
1.8.8 init
2011-02-05 11:14:47 -08:00
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-13 14:39:41 -07:00
#ifndef WOLFSSL_ALT_TEST_STRINGS
name change for client.c
2015-01-05 14:48:43 -07:00
char msg[32] = "hello wolfssl!"; /* GET may make bigger */
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-13 14:39:41 -07:00
char resumeMsg[32] = "resuming wolfssl!";
#else
char msg[32] = "hello wolfssl!\n";
char resumeMsg[32] = "resuming wolfssl!\n";
#endif
lower example client/server stack buffer sizes
2013-03-29 14:06:36 -07:00
char reply[80];
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
int msgSz = (int)XSTRLEN(msg);
int resumeSz = (int)XSTRLEN(resumeMsg);
1.8.8 init
2011-02-05 11:14:47 -08:00
remove more stale cyassl headers
2015-02-25 13:34:29 -08:00
word16 port = wolfSSLPort;
char* host = (char*)wolfSSLIP;
wolfssl.com now uses old chacha-poly, detect for external test
2015-09-24 12:13:01 -07:00
const char* domain = "localhost"; /* can't default to www.wolfssl.com
because can't tell if we're really
going there to detect old chacha-poly
*/
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int ch;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
int version = CLIENT_INVALID_VERSION;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int usePsk = 0;
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
int useAnon = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int sendGET = 0;
int benchmark = 0;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
int block = TEST_BUFFER_SIZE;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
int throughput = 0;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
int doDTLS = 0;
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
int dtlsUDP = 0;
int dtlsSCTP = 0;
Multicast
2016-12-15 11:43:15 -08:00
int doMcast = 0;
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
int matchName = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
int doPeerCheck = 1;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
int nonBlocking = 0;
int resumeSession = 0;
add external site script test to make check
2015-05-07 10:02:43 -07:00
int wc_shutdown = 0;
int disableCRL = 0;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
int externalTest = 0;
fix shutdown returns
2015-02-16 14:23:33 -08:00
int ret;
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
int err = 0;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
Allow Ed25519 private-only keys to work in TLS
2018-04-27 14:43:04 +10:00
#ifndef WOLFSSL_NO_CLIENT_AUTH
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int useClientCert = 1;
Allow Ed25519 private-only keys to work in TLS
2018-04-27 14:43:04 +10:00
#else
int useClientCert = 0;
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
int fewerPackets = 0;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
int atomicUser = 0;
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
int pkCallbacks = 0;
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
PkCbInfo pkCbInfo;
#endif
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
int overrideDateErrors = 0;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
char* alpnList = NULL;
unsigned char alpn_opt = 0;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
char* cipherList = NULL;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
int useDefCipherList = 0;
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
const char* verifyCert = caCertFile;
const char* ourCert = cliCertFile;
const char* ourKey = cliKeyFile;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
int doSTARTTLS = 0;
char* starttlsProt = NULL;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
int useVerifyCb = 0;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
int useSupCurve = 0;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
const char* trustCert = NULL;
#endif
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte truncatedHMAC = 0;
#endif
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
byte statusRequest = 0;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic
2016-09-09 23:16:52 -07:00
byte disableExtMasterSecret = 0;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int helloRetry = 0;
int onlyKeyShare = 0;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
int noPskDheKe = 0;
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
int postHandAuth = 0;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#endif
int updateKeysIVs = 0;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
int earlyData = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#ifdef WOLFSSL_MULTICAST
Multicast
2016-12-15 11:43:15 -08:00
byte mcastID = 0;
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
#endif
DHE Speed Up
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1;
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
OCSP Updates
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
int useX25519 = 0;
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
int exitWithRet = 0;
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
int loadCertKeyIntoSSLObj = 0;
OCSP Updates
2013-06-20 11:07:54 -07:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
char buffer[WOLFSSL_MAX_ERROR_SZ];
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
1.8.8 init
2011-02-05 11:14:47 -08:00
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
Increase the static memory pool in client to better support ECC or session certs.
2017-10-26 08:06:08 -07:00
byte memory[320000];
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
#else
byte memory[80000];
#endif
byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
WOLFSSL_MEM_CONN_STATS ssl_stats;
#ifdef DEBUG_WOLFSSL
WOLFSSL_MEM_STATS mem_stats;
#endif
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = -1; /* error state */
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#ifdef NO_RSA
Changes to build with X25519 and Ed25519 only
2018-07-23 10:20:18 +10:00
#ifdef HAVE_ECC
verifyCert = (char*)caEccCertFile;
ourCert = (char*)cliEccCertFile;
ourKey = (char*)cliEccKeyFile;
#elif defined(HAVE_ED25519)
verifyCert = (char*)caEdCertFile;
ourCert = (char*)cliEdCertFile;
ourKey = (char*)cliEdKeyFile;
#endif
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
#endif
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
(void)resumeSz;
(void)session;
(void)sslResume;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
(void)atomicUser;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
(void)scr;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
(void)forceScr;
fix some psk warnings
2015-03-27 19:20:31 -07:00
(void)ourKey;
(void)ourCert;
(void)verifyCert;
(void)useClientCert;
(void)overrideDateErrors;
add external site script test to make check
2015-05-07 10:02:43 -07:00
(void)disableCRL;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
(void)minDhKeyBits;
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
(void)alpnList;
(void)alpn_opt;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
(void)updateKeysIVs;
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
(void)earlyData;
Fix for benchmarking X25519
2017-05-31 11:44:43 +10:00
(void)useX25519;
Improvements to TLS v1.3 code
2017-06-29 09:00:44 +10:00
(void)helloRetry;
Changes for interop and performance
2018-04-09 13:53:05 +10:00
(void)onlyKeyShare;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
(void)useSupCurve;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
(void)loadCertKeyIntoSSLObj;
fix NO_RSA ecc command line examples default certs
2013-03-07 18:20:29 -08:00
add STACK_TRAP to track stack use on client, will seqfault if exceed limit to see where use is too high, doesn't work with pthread_create()
2013-06-03 14:56:37 -07:00
StackTrap();
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#ifndef WOLFSSL_VXWORKS
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
/* Not used: All used */
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
while ((ch = mygetopt(argc, argv, "?:"
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
DHE Speed Up
2018-12-03 13:53:44 -08:00
"01:23:")) != -1) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (ch) {
case '?' :
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
if(myoptarg!=NULL) {
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
}
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
case 'e' :
ShowCiphers();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
add show every cipher suite to examples/client
2015-10-02 16:25:17 -07:00
add override cert date example for bad clock testing
2014-07-02 12:07:25 -07:00
case 'D' :
overrideDateErrors = 1;
break;
add external site script test to make check
2015-05-07 10:02:43 -07:00
case 'C' :
fix scan-build warnings
2015-06-10 15:24:24 -07:00
#ifdef HAVE_CRL
disableCRL = 1;
#endif
add external site script test to make check
2015-05-07 10:02:43 -07:00
break;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case 'u' :
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 's' :
usePsk = 1;
break;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
#ifdef WOLFSSL_TRUST_PEER_CERT
case 'E' :
trustCert = myoptarg;
break;
#endif
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
case 'm' :
matchName = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'x' :
useClientCert = 0;
break;
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
case 'X' :
externalTest = 1;
break;
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
case 'f' :
fewerPackets = 1;
break;
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
case 'P' :
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef HAVE_PK_CALLBACKS
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
pkCallbacks = 1;
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'h' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
host = myoptarg;
domain = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'p' :
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
port = (word16)atoi(myoptarg);
modified test port number to allow concurrent testing
2013-03-26 22:00:39 -07:00
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'v' :
Fix downgrading from TLS v1.3 to TLS v1.2
2018-02-22 11:05:58 +10:00
if (myoptarg[0] == 'd') {
version = CLIENT_DOWNGRADE_VERSION;
break;
}
Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (myoptarg[0] == 'e') {
version = EITHER_DOWNGRADE_VERSION;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
break;
}
#endif
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
version = atoi(myoptarg);
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (version < 0 || version > 4) {
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
fix merge conflict
2015-11-02 13:26:46 -08:00
case 'V' :
ShowVersions();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
fix merge conflict
2015-11-02 13:26:46 -08:00
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'l' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
cipherList = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
case 'H' :
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
if (XSTRNCMP(myoptarg, "defCipherList", 13) == 0) {
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "exitWithRet", 11) == 0) {
* Added support for expected fail test cases with example client/server and suites unit test.
2018-05-03 09:40:51 -07:00
printf("Skip exit() for testing\n");
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
exitWithRet = 1;
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
}
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
else if (XSTRNCMP(myoptarg, "verifyFail", 10) == 0) {
printf("Verify should fail\n");
myVerifyFail = 1;
}
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
else if (XSTRNCMP(myoptarg, "useSupCurve", 11) == 0) {
printf("Test use supported curve\n");
useSupCurve = 1;
}
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
printf("Load cert/key into wolfSSL object\n");
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
loadCertKeyIntoSSLObj = 1;
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
}
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
else {
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
}
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'A' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
verifyCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'c' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourCert = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
case 'k' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
ourKey = myoptarg;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
case 'Z' :
#ifndef NO_DH
minDhKeyBits = atoi(myoptarg);
if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
}
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 'b' :
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
benchmark = atoi(myoptarg);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark < 0 || benchmark > 1000000) {
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
break;
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
case 'B' :
throughput = atoi(myoptarg);
Changes for interop and performance
2018-04-09 13:53:05 +10:00
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
if (throughput <= 0 || block <= 0) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
break;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
case 'w' :
shutdown shadows global in sys/socket.h line 576 renamed wc_shutdown
2015-02-18 08:00:25 -07:00
wc_shutdown = 1;
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
break;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif
break;
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
case 'z' :
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes
2013-04-08 16:01:52 -07:00
#endif
break;
merge in sni
2013-05-21 14:37:50 -07:00
case 'S' :
Address issues when testing with WOLFSSL_OCSP_TEST set
2018-08-30 14:44:49 -06:00
if (XSTRNCMP(myoptarg, "check", 5) == 0) {
#ifdef HAVE_SNI
printf("SNI is: ON\n");
#else
printf("SNI is: OFF\n");
#endif
XEXIT_T(EXIT_SUCCESS);
}
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
switch example client max fragment arg to -F to make -L open on both client and server
2015-10-13 14:13:12 -07:00
case 'F' :
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
Added new 256-byte max fragment option WOLFSSL_MFL_2_8.
2018-10-15 17:06:21 -07:00
if (maxFragment < WOLFSSL_MFL_MIN ||
maxFragment > WOLFSSL_MFL_MAX) {
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
add extended master to example client
2016-09-01 15:17:46 -06:00
case 'n' :
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic
2016-09-09 23:16:52 -07:00
disableExtMasterSecret = 1;
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
break;
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
case 'W' :
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
statusRequest = atoi(myoptarg);
OCSP
2018-08-02 16:25:38 -07:00
if (statusRequest > OCSP_STAPLING_OPT_MAX) {
Usage();
XEXIT_T(MY_EX_USAGE);
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
#endif
break;
OCSP Updates
2013-06-20 11:07:54 -07:00
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
fix merge conflict misses on alpn example letter change
2015-10-15 09:48:07 -07:00
case 'L' :
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
alpnList = myoptarg;
if (alpnList[0] == 'C' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
else if (alpnList[0] == 'F' && alpnList[1] == ':')
alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
else {
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
}
alpnList += 2;
#endif
break;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
case 'M' :
doSTARTTLS = 1;
starttlsProt = myoptarg;
if (XSTRNCMP(starttlsProt, "smtp", 4) != 0) {
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
break;
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
case 'q' :
#ifdef HAVE_WNR
wnrConfigFile = myoptarg;
#endif
break;
Rebase fixes for TLS 1.3. Getting a decrypt error with the TLS 1.3 test from the SendTls13CertificateVerify.
2017-04-14 16:39:21 -07:00
case 'J' :
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
helloRetry = 1;
#endif
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'I' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
Coverity fixes for TLS 1.3, async, small stack and normal math.
2017-05-08 12:49:38 -07:00
break;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
case 'j' :
useVerifyCb = 1;
break;
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef HAVE_ECC
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
useSupCurve = 1;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#ifdef WOLFSSL_TLS13
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
onlyKeyShare = 2;
Fix for unused useSupCurve in example client with --disable-ecc.
2018-11-08 15:43:18 -08:00
#endif
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
#endif
#endif
break;
case 'Q' :
#if defined(WOLFSSL_TLS13) && \
defined(WOLFSSL_POST_HANDSHAKE_AUTH)
postHandAuth = 1;
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
#endif
break;
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
case '0' :
#ifdef WOLFSSL_EARLY_DATA
earlyData = 1;
#endif
break;
DHE Speed Up
2018-12-03 13:53:44 -08:00
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
case '1' :
lng_index = atoi(myoptarg);
if(lng_index<0||lng_index>1){
lng_index = 0;
}
break;
DHE Speed Up
2018-12-03 13:53:44 -08:00
case '2' :
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
doDhKeyCheck = 0;
#endif
break;
Multicast
2016-12-15 11:43:15 -08:00
case '3' :
#ifdef WOLFSSL_MULTICAST
doMcast = 1;
mcastID = (byte)(atoi(myoptarg) & 0xFF);
#endif
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
Usage();
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(MY_EX_USAGE);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
myoptind = 0; /* reset for test cases */
Example client/server compatible with VxWorks
2015-10-29 13:39:02 -06:00
#endif /* !WOLFSSL_VXWORKS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (externalTest) {
/* detect build cases that wouldn't allow test against wolfssl.com */
int done = 0;
#ifdef NO_RSA
Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
done += 1; /* require RSA for external tests */
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
if (!XSTRNCMP(domain, "www.globalsign.com", 14)) {
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
/* www.globalsign.com does not respond to ipv6 ocsp requests */
#if defined(TEST_IPV6) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
/* www.globalsign.com has limited supported cipher suites */
#if defined(NO_AES) && defined(HAVE_OCSP)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
accounts for assumptions with external ocsp stapling test
2015-12-29 17:05:51 -07:00
#endif
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
/* www.globalsign.com only supports static RSA or ECDHE with AES */
/* We cannot expect users to have on static RSA so test for ECC only
* as some users will most likely be on 32-bit systems where ECC
* is not enabled by default */
#if defined(HAVE_OCSP) && !defined(HAVE_ECC)
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
#endif
Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
}
Also account for 32-bit users
2015-12-31 12:05:45 -07:00
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#ifndef NO_PSK
Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
if (usePsk) {
done += 1; /* don't perform exernal tests if PSK is enabled */
}
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
#endif
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#ifdef NO_SHA
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1; /* external cert chain most likely has SHA */
if NO_SHA don't run external script tests
2015-06-18 11:12:35 -07:00
#endif
if connection to google.com and using ECC need supported curves
2016-02-09 17:06:06 -07:00
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
correct logic to allow for static RSA if ECC and no Curves
2016-02-10 13:28:31 -07:00
|| ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \
&& !defined(WOLFSSL_STATIC_RSA) )
wolfssl.com and google.com now differ in pre-reqs for external test
2016-02-15 13:30:11 -07:00
/* google needs ECDHE+Supported Curves or static RSA */
if (!XSTRNCMP(domain, "www.google.com", 14))
done += 1;
#endif
#if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
/* wolfssl needs ECDHE or static RSA */
if (!XSTRNCMP(domain, "www.wolfssl.com", 15))
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
fix google external test w/o ecdhe
2015-08-14 12:58:00 -07:00
#endif
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
#if !defined(WOLFSSL_SHA384)
if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
Avoid unnecessary assignments in client example
2016-02-07 08:27:01 -07:00
/* wolfssl need sha384 for cert chain verify */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
resolve issue #255, no sha284 with wolfssl cert chain and external test
2016-01-14 20:25:50 -08:00
}
#endif
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#if !defined(HAVE_AESGCM) && defined(NO_AES) && \
!(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
Fix for example client with -X external tests to not disable for PSK build unless usePsk is set. Resolves issue with external tests being skipped if building with PSK enabled.
2018-12-21 08:21:59 -08:00
/* need at least one of these for external tests */
Use += approach to detect "done" in example client for external tests. Cleaner and code is smaller to accomplish same thing.
2016-02-08 19:54:22 -08:00
done += 1;
make sure external tests have a valid cipher
2015-09-28 09:47:59 -07:00
#endif
remove invalid test-qsh version tests, revert if statement check in internal.c
2017-08-17 11:27:47 -06:00
#if defined(HAVE_QSH)
/*currently google server rejects client hello with QSH extension.*/
done += 1;
#endif
modify the client external test list to skip the test case when aes and aes-gcm are disabled
2018-03-01 15:22:38 -08:00
/* For the external test, if we disable AES, GoDaddy will reject the
* connection. They only currently support AES suites, RC4 and 3DES
* suites. With AES disabled we only offer PolyChacha suites. */
#if defined(NO_AES) && !defined(HAVE_AESGCM)
if (!XSTRNCMP(domain, "www.wolfssl.com", 15)) {
done += 1;
}
#endif
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
if (done) {
OSCP
2018-08-02 11:32:36 -07:00
printf("external test can't be run in this mode\n");
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
((func_args*)args)->return_code = 0;
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
detect build cases where external script test case doesn't make sense
2015-05-07 12:50:27 -07:00
}
}
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
else if (version == EITHER_DOWNGRADE_VERSION)
version = -3;
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
else
version = -1;
}
}
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
err_sys("can't load whitewood net random config file");
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
switch (version) {
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
#ifndef NO_OLD_TLS
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#ifdef WOLFSSL_ALLOW_SSLV3
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 0:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfSSLv3_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
#endif
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#ifdef WOLFSSL_ALLOW_TLSV10
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_1_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* !NO_TLS */
#endif /* !NO_OLD_TLS */
disable SSLv3 by default
2015-08-12 16:39:13 -07:00
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#ifndef NO_TLS
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
case 3:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_2_client_method_ex;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
case 4:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfTLSv1_3_client_method_ex;
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
break;
#endif
Fix downgrading from TLS v1.3 to TLS v1.2
2018-02-22 11:05:58 +10:00
case CLIENT_DOWNGRADE_VERSION:
method = wolfSSLv23_client_method_ex;
break;
Adds build option WOLFSSL_EITHER_SIDE for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose wolfSSL_use_certificate_file and wolfSSL_use_PrivateKey_file without OPENSSL_EXTRA. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 14:48:53 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case EITHER_DOWNGRADE_VERSION:
method = wolfSSLv23_method_ex;
break;
#endif
Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-14 13:55:48 -08:00
#endif /* NO_TLS */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_DTLS
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#ifndef NO_OLD_TLS
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
case -1:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_client_method_ex;
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
break;
turn off DTLSv1 functions for disable old tls
2015-04-08 13:29:25 -07:00
#endif
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#ifndef WOLFSSL_NO_TLS12
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
case -2:
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
method = wolfDTLSv1_2_client_method_ex;
added test cases and fixed a bug with AEAD ciphers with DTLSv1.2.
2013-03-07 22:52:51 -08:00
break;
Allow TLS 1.2 to be compiled out.
2018-05-17 09:08:03 +10:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
case -3:
method = wolfDTLSv1_2_method_ex;
break;
#endif
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
default:
err_sys("Bad SSL version");
merge in sni
2013-05-21 14:37:50 -07:00
break;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
if (method == NULL)
err_sys("unable to get method");
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
* printing to stderr incase of debug mode turned on */
fprintf(stderr, "static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),
0, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to load static memory");
}
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to load static memory");
}
#else
ctx = wolfSSL_CTX_new(method(NULL));
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (ctx == NULL)
err_sys("unable to get ctx");
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
#ifdef SINGLE_THREADED
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
err_sys("Single Threaded new rng at CTX failed");
}
#endif
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-05 11:21:11 -07:00
if (cipherList && !useDefCipherList) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 1");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifdef WOLFSSL_LEANPSK
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Changes to build with X25519 and Ed25519 only
2018-07-23 10:20:18 +10:00
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (!usePsk) {
usePsk = 1;
}
fix normal psk no rsa examples
2013-03-11 13:19:43 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
if (fewerPackets)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_group_messages(ctx);
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#ifndef NO_DH
Fix Checks
2019-01-17 09:52:00 -08:00
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
!= WOLFSSL_SUCCESS) {
err_sys("Error setting minimum DH key size");
}
added check for allowed minimum DH key size
2015-05-21 10:11:21 -07:00
#endif
build test covers leanpsk
2012-10-30 12:51:14 -07:00
if (usePsk) {
#ifndef NO_PSK
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
Separate PSK callback for TLS 1.3
2018-08-14 08:55:57 +10:00
#ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
#endif
build test covers leanpsk
2012-10-30 12:51:14 -07:00
if (cipherList == NULL) {
const char *defaultCipherList;
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:"
"TLS13-AES128-GCM-SHA256";
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#else
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
build test covers leanpsk
2012-10-30 12:51:14 -07:00
#endif
External PSK working in TLS13
2017-06-07 08:29:08 +10:00
#elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
allow dh to be used w/o certs and asn
2015-03-27 14:28:05 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!=WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 2");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
if (useAnon) {
#ifdef HAVE_ANON
Fix to allow anonymous ciphers to work with the new default suite testing.
2017-04-05 14:35:33 -07:00
if (cipherList == NULL || (cipherList && useDefCipherList)) {
Added support for an anonymous cipher suite (#1267)
2018-04-20 10:35:37 -07:00
const char* defaultCipherList;
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_allow_anon_cipher(ctx);
Added support for an anonymous cipher suite (#1267)
2018-04-20 10:35:37 -07:00
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
err_sys("client can't set cipher list 4");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
}
#endif
scan-build warnings related to enable-psk, disable-asn,rsa,ecc
2016-04-11 11:13:26 -06:00
if (useClientCert) {
useClientCert = 0;
}
Merge in the ADH-AES128-SHA changes and add a check for it during the
2014-12-01 11:44:32 -08:00
}
1. Needed to tell the client to use sctp.
2016-08-26 10:47:01 -07:00
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-30 15:48:15 -07:00
#ifdef WOLFSSL_ENCRYPTED_KEYS
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
allow sniffer play nice in ecc build
2015-04-01 12:14:48 -07:00
#if defined(WOLFSSL_SNIFFER)
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
if (cipherList == NULL) {
build test covers leanpsk
2012-10-30 12:51:14 -07:00
/* don't use EDH, can't sniff tmp keys */
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
err_sys("client can't set cipher list 3");
build test covers leanpsk
2012-10-30 12:51:14 -07:00
}
fix sniffer cipher suite tests with user override
2012-08-31 13:28:07 -07:00
}
make sure example clients don't use EDH when sniffer active
2011-04-29 10:41:21 -07:00
#endif
OCSP Updates
2013-06-20 11:07:54 -07:00
#ifdef HAVE_OCSP
if (useOcsp) {
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
if (ocspUrl != NULL) {
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
Using OCSP override URL should enable OCSP url overriding.
2013-12-17 18:26:29 -08:00
}
Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS.
2017-12-08 03:12:33 +01:00
else {
Fix for OCSP non-blocking with check all flag set.
2017-12-19 16:52:47 -08:00
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS.
2017-12-08 03:12:33 +01:00
}
#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL);
#endif
OCSP Updates
2013-06-20 11:07:54 -07:00
}
#endif
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#ifdef USER_CA_CB
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_CTX_SetCACb(ctx, CaCb);
add ca cache callback test to client
2012-01-26 12:52:54 -08:00
#endif
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
#ifdef HAVE_EXT_CACHE
wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
#endif
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#ifndef NO_CERTS
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
if (useClientCert && !loadCertKeyIntoSSLObj){
#ifndef TEST_LOAD_BUFFER
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
added build option for leanPSK
2012-10-29 15:39:42 -07:00
err_sys("can't load client cert file, check file and run from"
name change for client.c
2015-01-05 14:48:43 -07:00
" wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#else
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
}
crl stage 2
2012-05-16 17:04:56 -07:00
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#endif
Add support for more OpenSSL APIs
2018-10-19 14:52:18 +10:00
if (useClientCert && !loadCertKeyIntoSSLObj
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
#ifndef TEST_LOAD_BUFFER
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
err_sys("can't load client private key file, check file and run "
name change for client.c
2015-01-05 14:48:43 -07:00
"from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, ourKey, WOLFSSL_KEY);
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#endif
add fewerPacket/group messages to example client/server and disalbe client cert/key load
2013-04-19 13:10:19 -07:00
}
ecc client certs
2012-05-02 10:30:15 -07:00
Fix for unit.test fails with -H verifyFail.
2018-10-18 11:58:00 -07:00
if (!usePsk && !useAnon && !useVerifyCb && !myVerifyFail) {
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef TEST_LOAD_BUFFER
Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden.
2018-08-29 10:55:12 -07:00
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#else
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-23 17:19:54 -08:00
load_buffer(ctx, verifyCert, WOLFSSL_CA);
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#endif /* !NO_FILESYSTEM */
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_ECC
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
/* load ecc verify too, echoserver uses it by default w/ ecc */
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef TEST_LOAD_BUFFER
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to talk with echoserver in ecc mode w/o switch
2015-04-01 12:03:27 -07:00
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#else
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif /* !TEST_LOAD_BUFFER */
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
automated test for trusted peer certs
2016-03-01 16:35:32 -07:00
err_sys("can't load trusted peer cert file");
}
addition to api tests and refactor location of trusted peer cert check
2016-02-29 11:02:18 -07:00
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
added build option for leanPSK
2012-10-29 15:39:42 -07:00
}
Fix for unit.test fails with -H verifyFail.
2018-10-18 11:58:00 -07:00
if (useVerifyCb || myVerifyFail)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
else if (!usePsk && !useAnon && doPeerCheck == 0)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
Fix for verify callback override, peerVerifyRet code on success and ensuring DOMAIN_NAME_MISMATCH error gets passed down in ECDSAk case. Added unit test case to verify callback override works. Fixes issue #905 and issue #904. Fix for async build goto label typo.
2017-05-11 12:23:17 -07:00
else if (!usePsk && !useAnon && overrideDateErrors == 1)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myDateCb);
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#endif /* !NO_CERTS */
1.8.8 init
2011-02-05 11:14:47 -08:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
if (ret < 0) {
printf("Async device open failed\nRunning without async\n");
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
merge in sni
2013-05-21 14:37:50 -07:00
#ifdef HAVE_SNI
if (sniHostName)
Added more of the requested changes & made an attempt to remove merge conflicts
2017-11-14 15:05:32 -07:00
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
merge in sni
2013-05-21 14:37:50 -07:00
err_sys("UseSNI failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
merge in sni
2013-05-21 14:37:50 -07:00
#endif
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseMaxFragment failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
err_sys("UseTruncatedHMAC failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
#endif
Adds Session Ticket TLS Extension handling.
2014-09-30 09:24:42 -03:00
#ifdef HAVE_SESSION_TICKET
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Adds Session Ticket TLS Extension handling.
2014-09-30 09:24:42 -03:00
err_sys("UseSessionTicket failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Adds Session Ticket TLS Extension handling.
2014-09-30 09:24:42 -03:00
#endif
add extended master to example client
2016-09-01 15:17:46 -06:00
#ifdef HAVE_EXTENDED_MASTER
Revising the Extended Master Secret support. Removing the dynamic
2016-09-09 23:16:52 -07:00
if (disableExtMasterSecret)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Revising the Extended Master Secret support. Removing the dynamic
2016-09-09 23:16:52 -07:00
err_sys("DisableExtendedMasterSecret failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add extended master to example client
2016-09-01 15:17:46 -06:00
#endif
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
#if defined(HAVE_SUPPORTED_CURVES)
#if defined(HAVE_CURVE25519)
Fixes from review
2017-05-22 09:09:31 +10:00
if (useX25519) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
Fixes from review
2017-05-22 09:09:31 +10:00
err_sys("unable to support X25519");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
}
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ECC
if (useSupCurve) {
#if !defined(NO_ECC_SECP) && \
(defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp384r1");
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
#endif
#if !defined(NO_ECC_SECP) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES))
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp256r1");
}
#endif
Fixes from review
2017-05-22 09:09:31 +10:00
}
Fix for the curve logic to pick the hightest strength, not just the default 256-bit. Added test for setting user curve. ./examples -H useSupCurve.
2018-09-21 09:27:48 -07:00
#endif /* HAVE_ECC */
#endif /* HAVE_SUPPORTED_CURVES */
merge in sni
2013-05-21 14:37:50 -07:00
Changes for interop and performance
2018-04-09 13:53:05 +10:00
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_CTX_allow_post_handshake_auth(ctx);
#endif
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (benchmark) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
((func_args*)args)->return_code =
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
Improvements to TLS v1.3 code
2017-06-29 09:00:44 +10:00
benchmark, resumeSession, useX25519,
Added EarlyData support to benchmark loop
2019-01-24 14:30:06 +10:00
helloRetry, onlyKeyShare, version,
earlyData);
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
}
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
if(throughput) {
((func_args*)args)->return_code =
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
Changes for interop and performance
2018-04-09 13:53:05 +10:00
block, throughput, useX25519);
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295.
2018-07-27 10:16:14 -07:00
XEXIT_T(EXIT_SUCCESS);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
}
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(WOLFSSL_MDK_ARM)
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
Commit 2.6.2
2013-05-19 10:02:13 +09:00
#endif
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#if defined(OPENSSL_EXTRA)
if (wolfSSL_CTX_get_read_ahead(ctx) != 0) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
err_sys("bad read ahead default value");
}
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
adjust read ahead, some sanity checks and rebase
2016-12-09 13:16:17 -07:00
err_sys("error setting read ahead value");
}
sanity checks, remove some magic numbers, TLS read ahead
2016-12-08 19:05:35 -07:00
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
#endif
Multicast
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256")
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast
2016-12-15 11:43:15 -08:00
err_sys("Couldn't set multicast cipher list.");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast
2016-12-15 11:43:15 -08:00
#endif
}
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
ssl = wolfSSL_new(ctx);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
if (ssl == NULL) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
err_sys("unable to get SSL object");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifndef NO_CERTS
if (useClientCert && loadCertKeyIntoSSLObj){
#ifndef TEST_LOAD_BUFFER
if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
}
if (loadCertKeyIntoSSLObj
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
#endif
) {
#ifndef TEST_LOAD_BUFFER
if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
#else
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
#endif
}
#endif /* !NO_CERTS */
#ifdef OPENSSL_EXTRA
wolfSSL_KeepArrays(ssl);
#endif
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
err_sys("error printing out memory stats");
#endif
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#ifdef WOLFSSL_TLS13
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (!helloRetry) {
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
Updates for Draft 20 of TLS v1.3
2017-05-23 15:56:52 +10:00
#ifdef HAVE_CURVE25519
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
!= WOLFSSL_SUCCESS) {
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
err_sys("unable to use curve x25519");
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
}
}
Updates for Draft 20 of TLS v1.3
2017-05-23 15:56:52 +10:00
#endif
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
#ifdef HAVE_ECC
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
!= WOLFSSL_SUCCESS) {
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
err_sys("unable to use curve secp256r1");
}
Fixes for LEANTLS and TLS13 builds
2017-07-26 10:43:36 +10:00
#endif
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 09:44:14 -07:00
#endif
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
}
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
Put X25519 behind P256
2017-05-19 10:58:43 +10:00
err_sys("unable to use DH 2048-bit parameters");
}
#endif
}
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
}
else {
wolfSSL_NoKeyShares(ssl);
}
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
2018-10-09 12:54:41 -07:00
#endif
naming for AEAD macros and TLSX with chacha-poly
2016-01-29 09:38:13 -07:00
Multicast
2016-12-15 11:43:15 -08:00
if (doMcast) {
#ifdef WOLFSSL_MULTICAST
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
byte pms[512]; /* pre master secret */
byte cr[32]; /* client random */
byte sr[32]; /* server random */
Multicast
2016-12-15 11:43:15 -08:00
const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
XMEMSET(pms, 0x23, sizeof(pms));
XMEMSET(cr, 0xA5, sizeof(cr));
XMEMSET(sr, 0x5A, sizeof(sr));
if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Multicast
2016-12-15 11:43:15 -08:00
err_sys("unable to set mcast secret");
Added new “wolfSSL_mcast_get_max_peers” API. Minor cleanup with examples/client failure case. Fix possible unused var in wolfSSL_set_secret with DTLS disabled.
2017-01-25 14:05:22 -08:00
}
Multicast
2016-12-15 11:43:15 -08:00
#endif
}
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
}
#endif
OCSP
2018-08-02 16:25:38 -07:00
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
if (statusRequest) {
OCSP
2018-08-02 16:25:38 -07:00
if (version == 4 &&
(statusRequest == OCSP_STAPLINGV2 || \
statusRequest == OCSP_STAPLINGV2_MULTI)) {
err_sys("Cannot use OCSP Stapling V2 with TLSv1.3");
}
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:30:22 -03:00
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
err_sys("can't enable OCSP Stapling Certificate Manager");
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
switch (statusRequest) {
OCSP
2018-08-02 16:25:38 -07:00
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
case OCSP_STAPLING:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP
2018-08-02 16:25:38 -07:00
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
case OCSP_STAPLINGV2:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP
2018-08-02 16:25:38 -07:00
case OCSP_STAPLINGV2_MULTI:
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
if (wolfSSL_UseOCSPStaplingV2(ssl,
WOLFSSL_CSR2_OCSP_MULTI, 0)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
err_sys("UseCertificateStatusRequest failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
break;
OCSP
2018-08-02 16:25:38 -07:00
#endif
default:
err_sys("Invalid OCSP Stapling option");
Merge branch 'csr'
2015-12-28 19:38:04 -03:00
}
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
fixes ocsp nonce extension decoding;
2015-11-05 11:36:11 -03:00
wolfSSL_CTX_EnableOCSP(ctx, 0);
Merge branch csr into 'master'
2015-11-02 15:51:01 -03:00
}
#endif
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
DHE Speed Up
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(ssl, 0);
#endif
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
/* STARTTLS */
if (doSTARTTLS) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error during STARTTLS protocol");
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
}
}
crl stage 2
2012-05-16 17:04:56 -07:00
#ifdef HAVE_CRL
Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test.
2017-06-16 16:02:36 -07:00
if (disableCRL == 0 && !useVerifyCb) {
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't enable crl check");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
Testing improvements for cert gen and TLS cert validation:
2017-10-19 16:17:51 -07:00
!= WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't load crl, check crlfile and date validity");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add external site script test to make check
2015-05-07 10:02:43 -07:00
err_sys("can't set crl callback");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add external site script test to make check
2015-05-07 10:02:43 -07:00
}
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#endif
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
#endif
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
* Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
2018-03-21 11:27:08 -07:00
SetupPkCallbackContexts(ssl, &pkCbInfo);
crl stage 2
2012-05-16 17:04:56 -07:00
#endif
make domain name cert check an option on client
2012-08-10 10:15:37 -07:00
if (matchName && doPeerCheck)
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
else {
Fixes to work when compiled with TLS 1.3 only
2018-08-28 15:37:15 +10:00
#ifdef WOLFSSL_EARLY_DATA
Only do early data in initial handshake when using PSK
2018-10-24 09:47:30 +10:00
if (usePsk && earlyData)
Fixes to work when compiled with TLS 1.3 only
2018-08-28 15:37:15 +10:00
EarlyData(ctx, ssl, msg, msgSz, buffer);
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
do {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err = 0; /* reset error */
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
ret = wolfSSL_connect(ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
err = wolfSSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 10:05:22 -08:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
} while (err == WC_PENDING_E);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
#else
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
timeout.tv_usec = 0;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
err = wolfSSL_get_error(ssl, 0);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
printf("wolfSSL_connect error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
/* cleanup */
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
* Added support for expected fail test cases with example client/server and suites unit test.
2018-05-03 09:40:51 -07:00
CloseSocket(sockfd);
Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet.
2018-05-03 10:02:59 -07:00
if (!exitWithRet)
* Added support for expected fail test cases with example client/server and suites unit test.
2018-05-03 09:40:51 -07:00
err_sys("wolfSSL_connect failed");
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
/* see note at top of README */
/* if you're getting an error here */
* Added support for expected fail test cases with example client/server and suites unit test.
2018-05-03 09:40:51 -07:00
((func_args*)args)->return_code = err;
Fix for example client/server with -H exitWithRet option to make sure all cleanup is performed. Resolves valgrind report due to TicketCleanup() not being called.
2018-05-03 13:39:37 -07:00
goto exit;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(ssl, lng_index);
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
#ifdef OPENSSL_EXTRA
{
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
byte* rnd;
byte* pt;
size_t size;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
/* get size of buffer then print */
size = wolfSSL_get_client_random(NULL, NULL, 0);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer size");
}
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rnd == NULL) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error creating client random buffer");
}
size = wolfSSL_get_client_random(ssl, rnd, size);
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-11-11 13:39:36 -07:00
if (size == 0) {
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
COMPAT. LAYER : get SSL client random bytes
2016-11-07 10:15:04 -07:00
err_sys("error getting client random buffer");
}
printf("Client Random : ");
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
if (doSTARTTLS) {
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
if (XSTRNCMP(starttlsProt, "smtp", 4) == 0) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
move example client STARTTLS into separate funcs
2016-04-28 14:21:33 -06:00
err_sys("error closing STARTTLS connection");
}
}
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
CloseSocket(sockfd);
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
add STARTTLS support to example client
2016-04-22 13:46:54 -06:00
((func_args*)args)->return_code = 0;
return 0;
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("No ALPN response received (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
separate allow scr and force client scr in example client
2014-09-29 15:32:41 -07:00
if (scr && forceScr) {
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
" nonblocking yet");
scr session resumption example
2014-09-26 10:47:57 -07:00
} else {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
err = wolfSSL_get_error(ssl, 0);
scr session resumption example
2014-09-26 10:47:57 -07:00
printf("err = %d, %s\n", err,
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
name change for client.c
2015-01-05 14:48:43 -07:00
err_sys("wolfSSL_Rehandshake failed");
scr session resumption example
2014-09-26 10:47:57 -07:00
}
Server Side Renegotiation
2018-11-30 14:14:27 -08:00
else {
printf("RENEGOTIATION SUCCESSFUL\n");
}
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
change example client to command line options too, same as server
2012-08-01 12:55:13 -07:00
if (sendGET) {
1.8.8 init
2011-02-05 11:14:47 -08:00
printf("SSL connect ok, sending GET...\n");
send proper http GET for examples/client
2011-03-22 08:18:27 -07:00
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
scan build fixes
2013-02-14 14:09:41 -08:00
msg[msgSz] = '\0';
fix merge conflict
2015-11-02 13:26:46 -08:00
resumeSz = msgSz;
strncpy(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz);
resumeMsg[resumeSz] = '\0';
1.8.8 init
2011-02-05 11:14:47 -08:00
}
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
add DTLS session export option
2016-05-10 13:27:45 -06:00
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
ClientWrite(ssl, msg, msgSz);
1.8.8 init
2011-02-05 11:14:47 -08:00
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
ClientRead(ssl, reply, sizeof(reply)-1, 1);
send proper http GET for examples/client
2011-03-22 08:18:27 -07:00
Fix post authentication for TLS 1.3
2018-06-08 17:34:03 +10:00
#if defined(WOLFSSL_TLS13)
if (updateKeysIVs || postHandAuth)
Cleanup
2017-06-21 16:56:51 +10:00
ClientWrite(ssl, msg, msgSz);
#endif
Improve PSK timeout checks
2017-06-08 10:32:51 +10:00
if (sendGET) { /* get html */
ClientRead(ssl, reply, sizeof(reply)-1, 0);
no DTLS streaming checks
2012-12-28 17:54:19 -08:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
name change for client.c
2015-01-05 14:48:43 -07:00
session = wolfSSL_get_session(ssl);
add -u for DTLS UPD command line client/server examples
2012-08-02 11:54:49 -07:00
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
if (dtlsUDP == 0) { /* don't send alert after "break" command */
fix shutdown returns
2015-02-16 14:23:33 -08:00
ret = wolfSSL_shutdown(ssl);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
fix shutdown returns
2015-02-16 14:23:33 -08:00
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
add option for bidirectional shutdown
2015-01-30 08:41:34 -07:00
}
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
Added static memory code to client example.
2017-10-20 14:56:29 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(ssl); ssl = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
CloseSocket(sockfd);
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#ifndef NO_SESSION_CACHE
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (resumeSession) {
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
sslResume = wolfSSL_new(ctx);
if (sslResume == NULL) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
err_sys("unable to get SSL object");
}
DHE Speed Up
2018-12-03 13:53:44 -08:00
#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (!doDhKeyCheck)
wolfSSL_SetEnableDhKeyTest(sslResume, 0);
#endif
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
if (dtlsUDP) {
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
DTLS-SCTP example client and server
2016-08-25 22:20:35 -07:00
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
check return value of wolfSSL_set_fd
2016-03-25 13:59:04 -06:00
err_sys("error in setting fd");
}
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);
wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList),
alpn_opt);
}
#endif
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
err_sys("can't enable secure renegotiation");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
allow example client to do resume with scr
2015-04-29 17:06:57 -07:00
}
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_session(sslResume, session);
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
#ifdef HAVE_SESSION_TICKET
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
(void*)"resumed session");
#endif
Add TLS v1.3 as an option
2016-11-24 01:31:07 +10:00
name change for client.c
2015-01-05 14:48:43 -07:00
#ifndef WOLFSSL_CALLBACKS
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
Fix TCP with Timeout
2018-05-23 16:07:45 -07:00
#ifdef WOLFSSL_DTLS
if (doDTLS) {
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
tcp_set_nonblocking(&sockfd);
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
ret = NonBlockingSSL_Connect(sslResume);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
else {
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
#ifdef WOLFSSL_EARLY_DATA
#ifndef HAVE_SESSION_TICKET
if (!usePsk) {
}
else
#endif
if (earlyData) {
Fixes to work when compiled with TLS 1.3 only
2018-08-28 15:37:15 +10:00
EarlyData(ctx, sslResume, msg, msgSz, buffer);
TLS v1.3 0-RTT
2017-06-19 11:37:10 +10:00
}
#endif
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_connect(sslResume);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
#else
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
timeout.tv_usec = 0;
TLS 1.3 fixes/improvements
2018-04-13 11:53:42 +10:00
ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
#endif
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (ret != WOLFSSL_SUCCESS) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
printf("wolfSSL_connect resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err_sys("wolfSSL_connect resume failed");
}
Added Japanese message into the examples client and server
2018-10-20 13:40:01 +09:00
showPeerEx(sslResume, lng_index);
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
if (wolfSSL_session_reused(sslResume))
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
#ifdef HAVE_ALPN
if (alpnList != NULL) {
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
printf("Sending ALPN accepted list : %s\n", alpnList);
err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name,
&protocol_nameSz);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (err == WOLFSSL_SUCCESS)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Received ALPN protocol : %s (%d)\n",
protocol_name, protocol_nameSz);
Updated a few more old names. Added PR for new configs to Jenkins.
2017-10-18 10:38:27 -07:00
else if (err == WOLFSSL_ALPN_NOT_FOUND)
fix alpn example client merge command options
2015-10-13 15:00:53 -07:00
printf("Not received ALPN response (no match with server)\n");
else
printf("Getting ALPN protocol name failed\n");
}
#endif
add DTLS session export option
2016-05-10 13:27:45 -06:00
/* allow some time for exporting the session */
#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(sslResume, resumeMsg, resumeSz);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret != resumeSz) {
printf("SSL_write resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
err_sys("SSL_write failed");
Fixes from failure testing
2017-01-10 09:26:47 +10:00
}
1.8.8 init
2011-02-05 11:14:47 -08:00
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
if (nonBlocking) {
remove fatal sniffer error sessions right away
2012-10-23 16:32:47 -07:00
/* give server a chance to bounce a message back to client */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
Task_sleep(1);
#else
sleep(1);
#endif
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
client to use non-blocking sockets in resume test if enabled
2012-08-20 17:02:25 -07:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = 0;
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
printf("Server resume response: %s\n", reply);
fix merge conflict
2015-11-02 13:26:46 -08:00
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
if (sendGET) { /* get html */
while (1) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = 0;
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
printf("%s\n", reply);
}
else
break;
fix merge conflict
2015-11-02 13:26:46 -08:00
}
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
}
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
if (ret < 0) {
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (err != WOLFSSL_ERROR_WANT_READ) {
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
printf("SSL_read resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
err_sys("SSL_read failed");
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-06 09:49:05 -08:00
}
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
}
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
/* try to send session break */
Intel QuickAssist (QAT) support and async enhancements/fixes:
2017-04-07 15:46:32 -07:00
do {
err = 0; /* reset error */
ret = wolfSSL_write(sslResume, msg, msgSz);
if (ret <= 0) {
err = wolfSSL_get_error(sslResume, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(sslResume, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
added non-blocking and session resume as example server and client command line options
2012-10-17 13:13:58 -07:00
fix shutdown returns
2015-02-16 14:23:33 -08:00
ret = wolfSSL_shutdown(sslResume);
Refactor WOLF_SSL_ to WOLFSSL_ (much better).
2017-10-11 09:09:52 -07:00
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
fix shutdown returns
2015-02-16 14:23:33 -08:00
wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory.
2017-10-23 10:50:19 -07:00
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSLresume memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n", ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n", ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_free(sslResume); sslResume = NULL;
scan build fixes
2013-02-14 14:09:41 -08:00
CloseSocket(sockfd);
1.8.8 init
2011-02-05 11:14:47 -08:00
}
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
#endif /* NO_SESSION_CACHE */
1.8.8 init
2011-02-05 11:14:47 -08:00
First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL.
2018-07-27 10:19:04 -07:00
wolfSSL_CTX_free(ctx); ctx = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
((func_args*)args)->return_code = 0;
add memory tracker to example client and server if using default memory cbs
2013-03-15 13:17:05 -07:00
Fix for example client/server with -H exitWithRet option to make sure all cleanup is performed. Resolves valgrind report due to TicketCleanup() not being called.
2018-05-03 13:39:37 -07:00
exit:
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
(void) overrideDateErrors;
(void) useClientCert;
(void) verifyCert;
(void) ourCert;
(void) ourKey;
Fix for useVerifyCb variable not used warning with NO_CERTS defined.
2017-05-11 12:57:12 -07:00
(void) useVerifyCb;
consolidate handling of dead assignment warnings
2016-04-11 13:39:44 -06:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if !defined(WOLFSSL_TIRTOS)
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
return 0;
Added TI-RTOS support for CyaSSL tests
2014-05-08 15:52:20 -07:00
#endif
1.8.8 init
2011-02-05 11:14:47 -08:00
}
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
#endif /* !NO_WOLFSSL_CLIENT */
1.8.8 init
2011-02-05 11:14:47 -08:00
/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
1.8.8 init
2011-02-05 11:14:47 -08:00
StartTCP();
args.argc = argc;
args.argv = argv;
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
args.return_code = 0;
1.8.8 init
2011-02-05 11:14:47 -08:00
name change for client.c
2015-01-05 14:48:43 -07:00
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif
add staticmemory feature
2016-03-23 10:21:26 -06:00
wolfSSL_Init();
Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it.
2015-10-28 23:54:08 -07:00
ChangeToWolfRoot();
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
#ifndef NO_WOLFSSL_CLIENT
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, client_test);
Added throughput benchmarking for client/server examples and added helper script "scripts/benchmark.test". Added example client option: "-B <num>" Benchmarking throughput. Added example server options: "-B <num>" Benchmark throughput, "-e" Echo data, "-i" Loop / Accept multiple connections. Cleanup of the include.am for examples. Cleanup of tcp_connect with DTLS enabled. Cleanup of the valid socket checking. Cleanup trailing whitespace.
2015-10-14 19:13:45 -07:00
#else
1.8.8 init
2011-02-05 11:14:47 -08:00
client_test(&args);
Fix build with either NO_WOLFSSL_SERVER or NO_WOLFSSL_CLIENT defined.
2017-06-26 23:05:32 -07:00
#endif
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
#else
printf("Client not compiled in!\n");
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 11:28:38 -07:00
#endif
name change for client.c
2015-01-05 14:48:43 -07:00
wolfSSL_Cleanup();
1.8.8 init
2011-02-05 11:14:47 -08:00
add Whitewood netRandom client library support
2016-05-05 15:31:25 -06:00
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
#endif /* HAVE_WNR */
1.8.8 init
2011-02-05 11:14:47 -08:00
return args.return_code;
}
fix windows build with command line examples
2012-08-01 17:33:49 -07:00
int myoptind = 0;
char* myoptarg = NULL;
1.8.8 init
2011-02-05 11:14:47 -08:00
#endif /* NO_MAIN_DRIVER */
Reference in New Issue Copy Permalink