eb40175cc6
Fix to calc BuildSHA_CertVerify if WOLFSSL_ALLOW_TLS_SHA1. Fix to add check for DTLS to not allow stream ciphers. Removed the RC4 tests from the test-dtls.conf. Added support for using default suites on client side. Switched the arg to “-H”. Cleanup of the example server/client args list. Fixes for build with “--disable-sha”.
2017-04-07 10:20:41 -07:00
4dcad96f97
Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.
2017-04-07 10:20:18 -07:00
2c13ea9a67
Cleanup name conflicts with test.h cert files (by adding “File” to end). Fix memory leak in ecc_test_buffers function.
2017-04-06 15:54:59 -07:00
4eefa22629
Merge pull request #810 from toddouska/write-dup
...
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
2017-04-05 10:06:20 -06:00
34a4f1fae0
Move wolfCrypt test/benchmark to move static memory pool to global (not in stack). Fix wolfCrypt test wc_InitRng to use _ex with HEAP_HINT (when not FIPS). Added ability to use HAVE_STACK_SIZE with wolfCrypt test and benchmark. Cleanup of the benchmark_test function main wrapper.
2017-03-31 13:11:23 -07:00
15423428ed
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-20 15:08:34 -07:00
628f740363
Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses.
2017-03-15 12:26:18 -07:00
003e18ecbc
Fixes for scan-build
2017-03-15 09:38:53 +10:00
e6434f380b
Get Nginx working with wolfSSL
2017-03-01 08:38:54 +10:00
01f4a7b5bd
Added code to automatically populate supported ECC curve information, unless already provided by user via wolfSSL_CTX_UseSupportedCurve or wolfSSL_UseSupportedCurve.
2017-01-18 11:54:43 -08:00
ba1315a499
Fixes from failure testing
2017-01-12 16:22:35 +10:00
091fc10147
adjust read ahead, some sanity checks and rebase
2016-12-28 14:45:29 -07:00
aabe456592
sanity checks, remove some magic numbers, TLS read ahead
2016-12-28 14:45:29 -07:00
ff05c8a7a5
expanding compatibility layer
2016-12-28 14:45:29 -07:00
79472e11a1
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
2016-12-28 14:44:05 -07:00
f2f52c3ec9
add more compatiblity functions
2016-12-28 14:44:05 -07:00
650ddb8d23
Fixes so make check works with NO_FILESYSTEM and FORCE_BUFFER_TEST. Example: ./configure CFLAGS="-DNO_FILESYSTEM -DFORCE_BUFFER_TEST"
2016-11-30 16:27:24 -08:00
039aedcfba
Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".
2016-11-30 16:26:02 -08:00
f7a951709f
COMPAT. LAYER : get SSL client random bytes
2016-11-07 13:21:35 -07:00
87e3f45f52
add SCR client and server verify data check
2016-11-03 14:45:24 -07:00
f191cf206e
allow single threaded mode to share an RNG at WOLFSSL_CTX level
2016-09-16 13:35:29 -07:00
b994244011
Revising the Extended Master Secret support. Removing the dynamic
...
TLSX support for the extention and treating it like the Signature
and Hash algorithms extension. It is to be enabled by default and
the user can turn it off at run time or build time.
2016-09-11 18:05:44 -07:00
0f0e0ca9a5
add extended master to example client
2016-09-01 15:17:46 -06:00
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
05a35a8332
fix scan-build warning on the simple SCTP example server
2016-08-26 20:33:05 -07:00
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
6d5df3928f
SCTP-DTLS examples
...
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
2016-08-26 19:58:36 -07:00
52e2f1a7ab
typecasts to clear static analysis warnings on SCTP examples
2016-08-26 19:58:36 -07:00
b7a35eabd2
Add simple SCTP example tools
2016-08-26 19:40:50 -07:00
17a34c5899
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 13:59:41 -06:00
32b0303beb
Fix build with "WOLFSSL_CALLBACKS" defined.
2016-08-05 14:06:58 -07:00
e8f7d78fc4
add helper functions for choosing static buffer size
2016-07-21 12:11:15 -06:00
5b3a72d482
Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h.
2016-06-29 11:11:25 -07:00
ac6635593b
Revert "Bio"
2016-06-27 10:53:34 -07:00
49934a5c91
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-24 14:22:14 -06:00
0b91e000bb
fix secure renegotiation build
2016-06-23 13:10:39 -06:00
f6bbe845f5
Merge https://github.com/wolfSSL/wolfssl into bio
2016-06-22 09:14:53 -06:00
a859cf189d
Merge pull request #443 from ejohnstown/new-ccm-suite
...
Add cipher suite ECDHE-ECDSA-AES128-CCM
2016-06-20 15:34:55 -07:00
ea71814518
Merge https://github.com/wolfSSL/wolfssl
2016-06-17 13:58:53 -06:00
a7c7407406
fix windows example echoserver
2016-06-16 16:39:18 -06:00
2f9c9b9a22
Add cipher suite ECDHE-ECDSA-AES128-CCM
...
1. Added the usual cipher suite changes for the new suite.
2. Added a build option, WOLFSSL_ALT_TEST_STRINGS, for testing
against GnuTLS. It wants to receive strings with newlines.
3. Updated the test configs for the new suite.
Tested against GnuTLS's client and server using the options:
$ gnutls-cli --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509" --x509cafile=./certs/server-ecc.pem --no-ca-verification -p 11111 localhost
$ gnutls-serv --echo --x509keyfile=./certs/ecc-key.pem --x509certfile=./certs/server-ecc.pem --port=11111 -a --priority "NONE:+VERS-TLS-ALL:+AEAD:+ECDHE-ECDSA:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509"
To talk to GnuTLS, wolfSSL also needed the supported curves option
enabled.
2016-06-13 14:39:41 -07:00
3d3591a227
typdef gaurd / error out on bad mutex init / handle no maxHa or maxIO set
2016-06-10 14:13:27 -06:00
ea3d1f8e17
extended method function
2016-06-09 23:41:51 -06:00
8be5409bc5
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 11:36:31 -06:00
e214086dce
tlsx with static memory / account for session certs size
2016-06-08 09:18:43 -06:00
2feee8856e
revise static memory and update heap hint
2016-06-04 19:03:48 -06:00
104ff12e76
add staticmemory feature
2016-06-04 19:01:23 -06:00
ed4f67058a
Merge branch 'master' of https://github.com/wolfssl/wolfssl
2016-05-20 21:51:13 +02:00
David Garske
JacobBarthelmeh
toddouska
Sean Parkinson
John Safranek
Chris Conlon
Ludovic FLAMENT