177 Commits

Author SHA1 Message Date
Aidan Garske 41fad5f307 Fix and expand tinytls13 footprint profile across CI configs
Make every --enable-tinytls13 spelling build and pass locally, and grow the
CI matrix to cover them. These are fixes found while testing the configs the
CI workflow had not actually exercised.

- internal.h, internal.c, ssl_load.c: include ML-DSA and Falcon in the
  pkCurveOID member and producer guards so the PSK plus ML-DSA build compiles.
- tls13.c: gate the DoTls13CertificateVerify definition on NO_CERTS to match
  its call site.
- settings.h: let the AES-256 adder survive the floor, default the
  user_settings path to the SHA-256 floor, make WOLFSSL_NO_MALLOC opt-in so
  the test suite still runs, and keep ML-DSA ASN.1 for the cert profile.
- configure.ac: drive ENABLED_ASM and emit WOLFSSL_NO_ASM for the small C
  floor, restrict SP math to P-256, strip ML-DSA ASN.1 only on the PSK floor,
  and print a notice for the reduced security cert verify.
- examples: guard the cert loading paths for NO_CERTS and treat NO_CERTS as
  PSK mode in echoserver and echoclient.
- Add examples/configs/tinytls13_smoke.c, an in memory TLS 1.3 handshake test
  that drives PSK, ECDSA, ML-DSA-65 and RSA-PSS chain verify, plus forced
  cipher suites, for builds with no example or unit test harness.
- certs: add ECDSA leaves signed by the ML-DSA-65 and RSA-PSS CAs so the cert
  profiles drive a real PQC and PSS chain verify in CI.
- .github/workflows/tinytls13.yml: cover every profile and adder, run the
  smoke handshake on the build verified configs, and least privilege the
  workflow token.
2026-06-22 12:08:58 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Kareem b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
effbiae 0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Josh Holtrop 0b6c53c8b0 Remove DTLS from echoserver/echoclient examples
This fixes some intermittent CI testsuite failures.
2025-06-17 14:38:01 -04:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
David Garske 14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner 950ee40111 additional fixes and enhancements for -DOPENSSL_EXTRA -DOPENSSL_COEXIST:
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.

examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
2024-10-31 13:42:04 -05:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
res0nance 45d51bfe49 win: add arm64 to echoserver.vcxproj 2024-09-24 18:07:41 +08:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Andras Fekete affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
Juliusz Sosinowicz e96837aa34 cond: Add start and end API for mutex handling 2023-08-10 18:07:51 +02:00
Juliusz Sosinowicz d747df2ae4 Make sure no mutexes are held when cond API are called 2023-08-09 16:25:58 +02:00
David Garske 5b16586483 Fixes for wolfSSL conditional porting. Can cause deadlock in high usage situations. Added better signal support on MacOS. Issue created in PR #6437. 2023-08-08 12:46:42 -07:00
Juliusz Sosinowicz 67d6d438c5 Port testing to wolfSSL threading interface 2023-08-04 10:49:39 +02:00
Andras Fekete 2a6956a954 Missing commit 2023-08-01 17:55:38 -04:00
Andras Fekete 9eb339f9fd Remove cyassl from example code 2023-08-01 10:17:38 -04:00
Andras Fekete ab953c3141 Update VS project files 2023-07-31 15:37:48 -04:00
Andras Fekete 2b2509c56c Drop code support 2023-07-31 15:36:38 -04:00
gojimmypi 6b240fa41a Refactor HAVE_PTHREAD and _POSIX_THREADS (#6536)
* HAVE_PTHREAD gate in test.h
* add config.h and settings.h to test.h
* added config.h and settings.h to other test.h in wolfcrypt/test
* settings #ifdef _POSIX_THREADS HAVE_PTHREAD
* cyassl settings _POSIX_THREADS HAVE_PTHREAD
* undo cyassl _POSIX_THREADS HAVE_PTHREAD
* move settings.h #include in both test.h
* add !defined(SINGLE_THREADED) logic
* refactor  HAVE_PTHREAD, _POSIX_THREADS
2023-06-26 07:32:20 -07:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Juliusz Sosinowicz 17df33cef8 Fix TLS 1.3 testsuite for wolfssl64.sln solution 2022-09-14 11:39:27 +02:00
David Garske 8605195709 Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420. 2022-07-20 16:43:17 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Daniel Pouzzner ccc5952369 global fixup to check or explicitly ignore return values from failable library/system calls that weren't already being checked;
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";

tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;

wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);

unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");

sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
2022-07-11 22:28:09 -05:00
David Garske aa8df1af78 Fixes for building without DTLS v1.2 and TLS v1.2. Fixes for explicit cast warnings. 2022-06-15 10:49:18 -07:00
Daniel Pouzzner c4920021d8 print errors to stderr, not stdout;
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
Hayden Roche 6930cc0b21 Clean up Visual Studio output and intermediate directories.
Currently, wolfssl.vcxproj and IDE/WIN10/wolfssl-fips.vcxproj do not use the
same scheme for their output and intermediate directories. Further, across
configuration/platform combinations, wolfssl.vcxproj isn't consistent, either.
For example:

```
Release|x64
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Platform)\$(Configuration)\obj\

Release|Win32
OutDir: $(SolutionDir)$(Configuration)\
IntDir: $(Configuration)\obj\
```

This commit makes every configuration/platform combo for all Visual Studio
projects follow the same pattern:

```
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Configuration)\$(Platform)\$(ProjectName)_obj\
```

The `$(ProjectName)_obj` piece gets rid of a Visual Studio warning about not
mingling the intermediate objects of disparate builds.
2022-02-08 09:23:27 -08:00
Hayden Roche 52754123d9 Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
Daniel Pouzzner 8f121e7752 file modes: clear inappropriate executable bits. 2021-11-08 17:28:11 -06:00
John Safranek 976402e04b RNG Update
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
2021-10-26 20:24:25 -05:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson 794cb5c7a9 TLS Session Ticket: default encryption callback
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
David Garske 219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
John Safranek 362e328180 NTRU fixes
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
David Garske dffc677561 Fix for TLS v1.3 with --enable-sniffer. 2020-06-04 16:42:40 -07:00
David Garske 3b63e55a68 Fix for TLS v1.3 PSK tests work with additional cipher suites (not just TLS13-AES128-GCM-SHA256) and the echo server/client. 2020-06-04 15:31:18 -07:00
David Garske 8300754ecd Fix for "testsuite" with TLSv1.3 and --enable-sniffer. 2020-06-04 15:31:18 -07:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00