Commit Graph

178 Commits

Author SHA1 Message Date
Sean Parkinson bcef8f4f6d Add Windows assembly files to the build
Windows ASM files generated along side the ATT assembly files.
Adding them to the build so they can be used.
2026-07-07 08:02:20 +10:00
Aidan Garske 41fad5f307 Fix and expand tinytls13 footprint profile across CI configs
Make every --enable-tinytls13 spelling build and pass locally, and grow the
CI matrix to cover them. These are fixes found while testing the configs the
CI workflow had not actually exercised.

- internal.h, internal.c, ssl_load.c: include ML-DSA and Falcon in the
  pkCurveOID member and producer guards so the PSK plus ML-DSA build compiles.
- tls13.c: gate the DoTls13CertificateVerify definition on NO_CERTS to match
  its call site.
- settings.h: let the AES-256 adder survive the floor, default the
  user_settings path to the SHA-256 floor, make WOLFSSL_NO_MALLOC opt-in so
  the test suite still runs, and keep ML-DSA ASN.1 for the cert profile.
- configure.ac: drive ENABLED_ASM and emit WOLFSSL_NO_ASM for the small C
  floor, restrict SP math to P-256, strip ML-DSA ASN.1 only on the PSK floor,
  and print a notice for the reduced security cert verify.
- examples: guard the cert loading paths for NO_CERTS and treat NO_CERTS as
  PSK mode in echoserver and echoclient.
- Add examples/configs/tinytls13_smoke.c, an in memory TLS 1.3 handshake test
  that drives PSK, ECDSA, ML-DSA-65 and RSA-PSS chain verify, plus forced
  cipher suites, for builds with no example or unit test harness.
- certs: add ECDSA leaves signed by the ML-DSA-65 and RSA-PSS CAs so the cert
  profiles drive a real PQC and PSS chain verify in CI.
- .github/workflows/tinytls13.yml: cover every profile and adder, run the
  smoke handshake on the build verified configs, and least privilege the
  workflow token.
2026-06-22 12:08:58 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Kareem b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
effbiae 0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Josh Holtrop 0b6c53c8b0 Remove DTLS from echoserver/echoclient examples
This fixes some intermittent CI testsuite failures.
2025-06-17 14:38:01 -04:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
David Garske 14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner 950ee40111 additional fixes and enhancements for -DOPENSSL_EXTRA -DOPENSSL_COEXIST:
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.

examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
2024-10-31 13:42:04 -05:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
res0nance 45d51bfe49 win: add arm64 to echoserver.vcxproj 2024-09-24 18:07:41 +08:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Andras Fekete affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
Juliusz Sosinowicz e96837aa34 cond: Add start and end API for mutex handling 2023-08-10 18:07:51 +02:00
Juliusz Sosinowicz d747df2ae4 Make sure no mutexes are held when cond API are called 2023-08-09 16:25:58 +02:00
David Garske 5b16586483 Fixes for wolfSSL conditional porting. Can cause deadlock in high usage situations. Added better signal support on MacOS. Issue created in PR #6437. 2023-08-08 12:46:42 -07:00
Juliusz Sosinowicz 67d6d438c5 Port testing to wolfSSL threading interface 2023-08-04 10:49:39 +02:00
Andras Fekete 2a6956a954 Missing commit 2023-08-01 17:55:38 -04:00
Andras Fekete 9eb339f9fd Remove cyassl from example code 2023-08-01 10:17:38 -04:00
Andras Fekete ab953c3141 Update VS project files 2023-07-31 15:37:48 -04:00
Andras Fekete 2b2509c56c Drop code support 2023-07-31 15:36:38 -04:00
gojimmypi 6b240fa41a Refactor HAVE_PTHREAD and _POSIX_THREADS (#6536)
* HAVE_PTHREAD gate in test.h
* add config.h and settings.h to test.h
* added config.h and settings.h to other test.h in wolfcrypt/test
* settings #ifdef _POSIX_THREADS HAVE_PTHREAD
* cyassl settings _POSIX_THREADS HAVE_PTHREAD
* undo cyassl _POSIX_THREADS HAVE_PTHREAD
* move settings.h #include in both test.h
* add !defined(SINGLE_THREADED) logic
* refactor  HAVE_PTHREAD, _POSIX_THREADS
2023-06-26 07:32:20 -07:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Juliusz Sosinowicz 17df33cef8 Fix TLS 1.3 testsuite for wolfssl64.sln solution 2022-09-14 11:39:27 +02:00
David Garske 8605195709 Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420. 2022-07-20 16:43:17 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Daniel Pouzzner ccc5952369 global fixup to check or explicitly ignore return values from failable library/system calls that weren't already being checked;
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";

tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;

wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);

unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");

sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
2022-07-11 22:28:09 -05:00
David Garske aa8df1af78 Fixes for building without DTLS v1.2 and TLS v1.2. Fixes for explicit cast warnings. 2022-06-15 10:49:18 -07:00
Daniel Pouzzner c4920021d8 print errors to stderr, not stdout;
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
Hayden Roche 6930cc0b21 Clean up Visual Studio output and intermediate directories.
Currently, wolfssl.vcxproj and IDE/WIN10/wolfssl-fips.vcxproj do not use the
same scheme for their output and intermediate directories. Further, across
configuration/platform combinations, wolfssl.vcxproj isn't consistent, either.
For example:

```
Release|x64
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Platform)\$(Configuration)\obj\

Release|Win32
OutDir: $(SolutionDir)$(Configuration)\
IntDir: $(Configuration)\obj\
```

This commit makes every configuration/platform combo for all Visual Studio
projects follow the same pattern:

```
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Configuration)\$(Platform)\$(ProjectName)_obj\
```

The `$(ProjectName)_obj` piece gets rid of a Visual Studio warning about not
mingling the intermediate objects of disparate builds.
2022-02-08 09:23:27 -08:00
Hayden Roche 52754123d9 Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
Daniel Pouzzner 8f121e7752 file modes: clear inappropriate executable bits. 2021-11-08 17:28:11 -06:00
John Safranek 976402e04b RNG Update
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
2021-10-26 20:24:25 -05:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson 794cb5c7a9 TLS Session Ticket: default encryption callback
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
David Garske 219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
John Safranek 362e328180 NTRU fixes
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
David Garske dffc677561 Fix for TLS v1.3 with --enable-sniffer. 2020-06-04 16:42:40 -07:00
David Garske 3b63e55a68 Fix for TLS v1.3 PSK tests work with additional cipher suites (not just TLS13-AES128-GCM-SHA256) and the echo server/client. 2020-06-04 15:31:18 -07:00
David Garske 8300754ecd Fix for "testsuite" with TLSv1.3 and --enable-sniffer. 2020-06-04 15:31:18 -07:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00