wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 03:44:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,135 Commits 13 Branches 184 Tags
fcbea85dedf60c10575722599c2df564bc79b874
Commit Graph

688 Commits

Author SHA1 Message Date
Daniel Pouzzner 93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. 
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
 2021-06-17 20:05:40 -05:00
David Garske 5e6b8e50c8 Fix to set groups for client benchmark test. 2021-06-11 14:12:15 -07:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement 
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
 2021-06-11 14:12:12 -07:00
Sean Parkinson 7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske c88afdef87 Fixes for building with WOLFSSL_USER_IO (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
toddouska 014bd21df0 Merge pull request #3983 from tmael/tls_down 
TLS minimum downgrade option
 2021-05-05 15:38:45 -07:00
Hideki Miyazaki 0e40293798 added psk session callback 2021-04-28 10:08:21 +09:00
Tesfa Mael 0c16ef4b29 Check for TLS downgrade 2021-04-23 14:45:35 -07:00
Juliusz Sosinowicz 70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske a22defec50 Fix for availability of wolfSSL_SESSION_print. 2021-03-26 15:39:55 -07:00
David Garske 95ff75c43d Fix for wolfSSL_SESSION_print 2021-03-26 13:41:11 -07:00
David Garske f65e1f1f09 Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined. 2021-03-26 13:23:00 -07:00
JacobBarthelmeh 13d81f1fb9 Merge pull request #3902 from dgarske/snicb 
Fix for SNI recv callback
 2021-03-24 15:34:35 +07:00
David Garske 9313d59479 Fix for SNI callback 
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
 2021-03-22 11:28:16 -07:00
Hideki Miyazaki 4650aaf4fb addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki b4a573ca98 Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Eric Blankenhorn 5e953d5968 Typo in client example 2021-03-08 17:31:12 -06:00
Hideki Miyazaki 9bae05525c addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki 141d07e21b addressed pre-review comments 2021-03-05 08:19:16 +09:00
Hideki Miyazaki e39477c531 initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
Eric Blankenhorn a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
Eric Blankenhorn 50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
Daniel Pouzzner 764b3cf09d examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code. 2020-12-28 17:49:58 -06:00
Chris Conlon 16ce8e077a only call wolfSSL_UseKeyShare() in example client with TLS 1.3 2020-12-16 12:06:35 -07:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
toddouska 367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche 5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska 9183c35fb8 Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche 2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
Hayden Roche e035eb8f8a Add an option to the example client to simulate WANT_WRITE errors. 
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
  This callback alternates between letting the TX through and returning a
  WANT_WRITE error.
 2020-11-13 10:30:24 -06:00
Daniel Pouzzner 7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
Glenn Strauss 92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Daniel Pouzzner fda84576b0 name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 94d4ea3a57 examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner b918e1fd4c examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. 2020-10-28 17:28:05 -05:00
John Safranek d2dac8e4b8 Example Client OCSP Option Fix 
1. Before checking to see if the must staple flag is on the 'W' option,
   check the length of myoptarg.
 2020-10-21 13:30:51 -07:00
toddouska 1e43d65d2a Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
toddouska 7c89d10e53 Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
Sean Parkinson 60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
David Garske b68828d3c9 Merge pull request #3361 from tmael/ocsp-nocheck 
Add support for id-pkix-ocsp-nocheck
 2020-10-13 15:46:02 -07:00
David Garske 048a3a8d5b Merge pull request #3374 from JacobBarthelmeh/Testing 
NO_FILESYSTEM build on Windows
 2020-10-13 13:26:46 -07:00
Jacob Barthelmeh 6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
Tesfa Mael a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Daniel Pouzzner 570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner 7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00