Commit Graph

533 Commits

Author SHA1 Message Date
Sean Parkinson 0cc21a42f3 SP updates for SM2
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
2023-10-13 08:14:15 +10:00
Juliusz Sosinowicz 85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
2023-10-09 12:54:11 +02:00
Eric Blankenhorn 7262a30074 Fixes for NO_FILESYSTEM config 2023-08-30 13:54:49 -05:00
Daniel Pouzzner e51ca7941f fixes for code warned by clang-tidy:18 and cppcheck-2.11:
bugprone-inc-dec-in-conditions: examples/server/server.c:server_test(), src/internal.c:MatchDomainName(), src/x509.c:wolfSSL_X509_set_ext(), wolfcrypt/src/asn.c:MatchBaseName()

missingReturn: wolfcrypt/src/wc_port.c:mystrnstr()

bugprone-unused-return-value: wolfcrypt/src/wc_port.c:wolfSSL_NewThreadNoJoin()

clang-analyzer-deadcode.DeadStores: wolfssl/test.h:udp_accept()
2023-08-05 12:28:41 -05:00
Juliusz Sosinowicz 67d6d438c5 Port testing to wolfSSL threading interface 2023-08-04 10:49:39 +02:00
Takashi Kojo 136738fd33 Avoid mult-byte code error 2023-07-27 17:04:41 +09:00
Juliusz Sosinowicz 3d68bcd6f7 Jenkins fixes 2023-07-03 14:02:51 +02:00
Juliusz Sosinowicz bff2cf5690 Add crl monitor unit testing 2023-07-03 14:02:51 +02:00
gojimmypi 6b240fa41a Refactor HAVE_PTHREAD and _POSIX_THREADS (#6536)
* HAVE_PTHREAD gate in test.h
* add config.h and settings.h to test.h
* added config.h and settings.h to other test.h in wolfcrypt/test
* settings #ifdef _POSIX_THREADS HAVE_PTHREAD
* cyassl settings _POSIX_THREADS HAVE_PTHREAD
* undo cyassl _POSIX_THREADS HAVE_PTHREAD
* move settings.h #include in both test.h
* add !defined(SINGLE_THREADED) logic
* refactor  HAVE_PTHREAD, _POSIX_THREADS
2023-06-26 07:32:20 -07:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
David Garske fc6d693dae Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of SSL_SUCCESS and SSL_FAILURE. Add WOLFSSL_DEBUG_NONBLOCK option to allow printing iterations without debug enabled. 2023-02-21 12:02:15 -08:00
Sean Parkinson b624fc8377 TLS 1.3 PSK: add option to require only PSK with DHE
Can specify only PSK without DHE.
Add only PSK with DHE.
2023-02-16 09:21:29 +10:00
Daniel Pouzzner 0b0b980784 fix an oversight in wolfSentry integration in examples/{client,server}. 2023-01-05 17:59:10 -06:00
Daniel Pouzzner 43265669c6 fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0. 2023-01-05 00:13:17 -06:00
David Garske 023db01aca * Fixed some build configuration variations.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:59:59 -08:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Anthony Hu fffd3adc30 Warn that renegotiation in TLS 1.3 requires session ticket. 2022-12-12 11:30:01 -05:00
Anthony Hu a2fb4c0788 Remove kyber-90s and route all kyber through wolfcrypt. 2022-11-30 17:17:28 -05:00
Anthony Hu 0bfa5c9836 Purge NTRU and SABER. Not going to be standardized. 2022-11-25 14:54:08 -05:00
Daniel Pouzzner 48ba365fd6 fixes for defects:
clang-analyzer-deadcode.DeadStores in examples/server/server.c;

-Werror=use-after-free and LeakSanitizer Direct leak in tests/api.c;

nullPointerRedundantCheck in src/pk.c which identified a semantically consequential flub.
2022-11-08 14:04:16 -06:00
David Garske 1ee3a78e4a Fixes for various tests that do not properly handle WC_PENDING_E. 2022-11-04 14:56:40 -07:00
Daniel Pouzzner 895a2e1ac5 WOLFSSL_CALLBACKS codepaths: fixes for bugprone-unused-return-value, bugprone-macro-parentheses, readability-named-parameter, and clang-analyzer-deadcode.DeadStores 2022-10-18 13:34:42 -05:00
JacobBarthelmeh 927f4c445d additional sanity checks on debug callback 2022-10-11 13:14:59 -07:00
Sean Parkinson 005f77180b PSK only TLS: fix ENCRYPT_LEN
Allow no PK algorithms and TLS to build and test.
Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00
Marco Oliverio 08b89fbef9 server: add optional argument to -J disable hrr cookie 2022-09-01 09:37:35 +02:00
CallumMcLoughlin 565d1b33e5 Update examples to allow post quantum KEM within DTLS 1.3 2022-08-30 18:39:57 +12:00
David Garske a0448155d5 Fix for type warnings in example for DTLS CID ./configure --enable-dtls --enable-dtlscid --enable-dtls13. 2022-08-24 16:02:05 -07:00
Marco Oliverio 90fcd95f9b server/client: add --cid option to use ConnectionID extension 2022-08-23 16:58:24 +02:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
Daniel Pouzzner 969ad96dee examples/{client,server}/{client,server}.c: remove spurious commas in --pqc help strings, and mollify clang-tidy bugprone-suspicious-missing-comma re --force-curve help strings. (#5480) 2022-08-18 13:32:58 -04:00
Peter Torelli aa812c8aa9 Added support for P384 pre-share in server (#5442)
Added support for new server `--force-curve` option.
2022-08-17 15:30:48 -07:00
David Garske 995100eed1 Fix for handling WC_PENDING_E from decrypt session ticket callback. ZD14420 2022-08-10 22:20:49 -07:00
David Garske 8605195709 Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420. 2022-07-20 16:43:17 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Marco Oliverio fd4836772b examples: support DTLS version downgrading 2022-07-06 16:18:44 +02:00
Marco Oliverio 80f3db6e1d fix: examples/server: dtls mode checking
This fixes using ssl to check if we are using dtls or not, when ssl is not yet
valid.

Fix: 060dfe1a69
2022-07-04 10:21:11 +02:00
David Garske b87b255d52 Merge pull request #5295 from rizlik/dtls13_bugfix
server: fix wrong minVersion setting when non in dtls
2022-06-28 09:35:23 -07:00
Chris Conlon 14c65e0117 Merge pull request #5281 from miyazakh/example_japanese_translate 2022-06-28 10:08:06 -06:00
Marco Oliverio 060dfe1a69 server: fix wrong minVersion setting when non in dtls 2022-06-28 12:10:18 +02:00
Hideki Miyazaki c34c32f621 translated Japanese messages 2022-06-24 08:09:28 +09:00
Daniel Pouzzner a5250482ce examples/: refactor a couple help strings to avoid hitting clang-tidy bugprone-suspicious-missing-comma. 2022-06-23 15:25:23 -05:00
Marco Oliverio fdc4cdf5ec examples: update usage() with DTLSv1.3 version 2022-06-22 18:50:18 +02:00
Marco Oliverio 12a3efeca8 client/server: tolerate WANT_WRITE errors 2022-06-15 10:46:43 -07:00
Marco Oliverio 4e112419f5 examples: client/server: support DTLSv1.3 (-u -v4)
This commits add some new options to examples/[server,client] to support testing
of DTLS v1.3.

client: add waitTicket option

If this option is used, the client will wait until it receives a sessionTicket
from the server. This is useful when testing DTLS retransmission.

client: add waitKeyUpdate option

When this option is set, the client waits until the UpdateKey message is
acknowledged by the server. This is useful to test DTLS retransmission logic
2022-06-15 10:46:43 -07:00
Marco Oliverio c1dc90d9b0 server: request cert only once if doing post-handshake auth 2022-06-15 10:46:43 -07:00
David Garske 9cfcdfc7aa Merge pull request #5149 from julek-wolfssl/store-frags-v2
Re-use async to support WANT_WRITE while sending fragments
2022-06-01 10:52:54 -07:00
Sean Parkinson be743b2204 TLS 1.3: send ticket
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz 6245395f34 Simulate WANT_WRITE only with async I/O support 2022-05-27 23:23:18 +02:00
Juliusz Sosinowicz 50c0b3d2a2 Add testing/docs for blocking write
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:55 +02:00
Daniel Pouzzner c4920021d8 print errors to stderr, not stdout;
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00