Commit Graph

117 Commits

Author SHA1 Message Date
David Garske 6b1bf6b81b Merge pull request #10551 from julek-wolfssl/dtls-perf-benchmark
Add DTLS throughput benchmark tool and optimize send path
2026-07-08 10:31:11 -07:00
Hideki Miyazaki 20dadc8d86 Addressed code review 2026-06-11 08:38:00 +09:00
Juliusz Sosinowicz 8f198e4504 Address review: dtls_bench hardening and ATOMIC_USER nonce comment
- Retry wolfSSL_write on the same recoverable send errors the plain-UDP
  baseline already retries on: EAGAIN/EWOULDBLOCK surface as WANT_WRITE
  and ENOBUFS as SOCKET_ERROR_E with errno preserved. The buffered
  record is flushed by the retried call without re-encrypting.
- Treat an explicit -? as a help request: print usage to stdout and
  exit 0, keeping stderr and a failure exit for genuine option errors.
- Enumerate ciphers with wolfSSL_get_cipher_list() instead of an 8 KiB
  stack buffer, and range-check -p and -b like the other numeric
  options.
- Document in BuildMessage that the FIPS<2 path overwrites the
  explicit-nonce placeholder inside BuildMessage itself, and that the
  one path transmitting the bytes as written (ATOMIC_USER MacEncryptCb)
  still emits the sequence number that RFC 5288 et al. prescribe.
2026-06-10 21:24:35 +00:00
Juliusz Sosinowicz 94d0a49497 Address review: harden dtls_bench time source and -z usage
Fail loudly if clock_gettime() ever fails instead of computing
throughput from uninitialized stack, and warn when -z is combined with
-s since the sink-send only applies to the client.
2026-06-10 14:03:52 +02:00
Juliusz Sosinowicz d2c9f53ef6 examples/benchmark/dtls_bench: build a stub on non-POSIX platforms
dtls_bench.c is built whenever DTLS and the example servers are enabled,
including the cross-mingw-all-crypto multi-test scenario, which cross-
compiles for Windows. It directly includes POSIX-only headers
(<sys/socket.h>, <arpa/inet.h>, <netdb.h>, <net/if.h>) that mingw does
not ship, so the build failed there.

Gate the networking includes and the whole benchmark body behind a
DTLS_BENCH_ENABLED check (WOLFSSL_DTLS, not USE_WINDOWS_API, not
WOLFSSL_NO_SOCK). When the platform lacks POSIX BSD sockets, compile a
small stub main() that reports the tool is unsupported, so the source
tree still builds.
2026-06-10 14:03:52 +02:00
Juliusz Sosinowicz c815d98ef4 DTLS throughput: add benchmark tool and optimize the record send path
Add examples/benchmark/dtls_bench, a DTLS throughput benchmark that
completes a handshake and then measures bulk-send throughput. It
supports DTLS 1.2 and 1.3, selectable cipher suites, an end-to-end
mode, and a -z sink mode that discards records on the server after the
handshake to isolate the sender's record-layer cost. The socket is set
up with wolfSSL_set_dtls_fd_connected.

Optimize the send path exercised by the benchmark:

- wolfio (EmbedSendTo): cache the per-descriptor socket-type probe
  (getsockopt SO_TYPE) in WOLFSSL_DTLS_CTX instead of running it on
  every send, removing a syscall from the record send path. The cache
  is invalidated whenever rfd/wfd is reassigned.

- internal (BuildMessage): for AEAD suites whose explicit nonce is the
  8-byte record sequence number, write the sequence number directly as
  nonce_explicit instead of drawing it from the RNG. This covers
  AES-GCM (RFC 5288 sec 3), AES-CCM (RFC 6655 sec 3), SM4-GCM/CCM
  (RFC 8998 sec 3), and Camellia-/ARIA-GCM which inherit the RFC 5288
  construction; ChaCha20 uses an implicit nonce and is excluded. A new
  read-only PeekSEQ() helper reads the sequence number without advancing
  the per-direction counter, leaving the single mandated increment to
  writeAeadAuthData().

Also ignore the built dtls_bench binary in .gitignore.
2026-06-10 14:03:52 +02:00
Hideki Miyazaki c6158c63bb fix undefined doDTLS 2026-06-05 13:47:19 +09:00
Hideki Miyazaki de3eb8dace fix tls_bench DTLS mode failures 2026-06-05 11:51:49 +09:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Tobias Frauenschläger a462398387 Support Brainpool ECC curve TLS 1.3 key exchange
When both TLS 1.3 and Brainpool curves are enabled, three new groups can
be used for the ECDHE key exchange according to RFC 8734:
* WOLFSSL_ECC_BRAINPOOLP256R1TLS13 (31)
* WOLFSSL_ECC_BRAINPOOLP384R1TLS13 (32)
* WOLFSSL_ECC_BRAINPOOLP512R1TLS13 (33)

Also ensure that the existing TLS 1.2 curves are sent properly.

The TLS client application is updated to support handshakes via
Brainpool curves using the new argument "--bpKs".
2026-01-22 14:14:09 +01:00
David Garske d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Anthony Hu c7e054a7a7 Rename ML-KEM hybrids to match IETF Draft. 2025-07-25 13:27:26 -04:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Tobias Frauenschläger 89491c7e36 Improvements for PQC hybrid key exchange
Add support for X25519 and X448 based hybrid PQC + ECC key exchange
groups. Furthermore, two new combinations with SECP curves are added to
match OQS combinations.

This also incorporates the changed order of X25519 and X448 based
combinations to place the PQC material before the ECDH material. This is
motivated by the necessity to always have material of a FIPS approved
algorithm first.

Also, codepoints are updated to reflect the latest draft standards for
pure ML-KEM and some of the hybrids. With these changes and based on the
recent additions to both enable ML-KEM final and draft versions
simultaneously, a WolfSSL TLS server is now compatible with all recent
browsers that support either the draft version of ML-KEM (Chromium based
browsers and Firefox < version 132; only when the draft version is
enabled in the build) or the final version already (Firefox > version 132).

In the process of extending support, some code and logic cleanup
happened. Furthermore, some memory leaks within the hybrid code path have
been fixed.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-21 18:44:40 +01:00
David Garske 345c969164 Fixes for Watcom compiler and new CI test
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
David Garske 14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner 165b4afbeb Merge pull request #8143 from SparkiDev/kyber_plus_mlkem
Kyber/ML-KEM: make both available
2024-11-09 00:09:51 -06:00
Sean Parkinson 7d42ddae48 Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
2024-11-04 23:51:51 +10:00
Daniel Pouzzner 950ee40111 additional fixes and enhancements for -DOPENSSL_EXTRA -DOPENSSL_COEXIST:
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.

examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
2024-10-31 13:42:04 -05:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
David Garske 7d4e601902 Merge pull request #6623 from bigbrett/FIPS-TLS-benchmark-CAST-fix
Fix benchmark failure on FIPS builds
2024-05-20 14:07:59 -07:00
Brett Nicholas c6db51b8a0 fixed formatting 2024-05-20 12:47:30 -06:00
gasbytes a40dcd3cb3 u_int16_t -> uint16_t 2024-05-17 18:44:15 +02:00
Brett Nicholas e823da99ae declare loop variable at top of function body 2024-05-17 07:08:32 -07:00
Brett Nicholas 9fa838881c fixed bug where tls_bench failed KATs for FIPS builds in a multithreaded environment 2024-05-17 07:08:32 -07:00
Andras Fekete 0bf69e240a Fix build failures 2024-05-14 11:02:28 -04:00
Andras Fekete affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
Lealem Amedie e1ac56f2dd Reworking MINGW mutex/threading 2023-11-29 16:45:06 -07:00
Juliusz Sosinowicz e96837aa34 cond: Add start and end API for mutex handling 2023-08-10 18:07:51 +02:00
Juliusz Sosinowicz d747df2ae4 Make sure no mutexes are held when cond API are called 2023-08-09 16:25:58 +02:00
David Garske 5b16586483 Fixes for wolfSSL conditional porting. Can cause deadlock in high usage situations. Added better signal support on MacOS. Issue created in PR #6437. 2023-08-08 12:46:42 -07:00
Juliusz Sosinowicz 67d6d438c5 Port testing to wolfSSL threading interface 2023-08-04 10:49:39 +02:00
Brett Nicholas 9bed65ad57 split up error message
split #if into multiple lines
2023-07-13 15:14:02 -06:00
Brett Nicholas b02a22b5b3 added error reporting macro for invalid configuration 2023-07-13 15:14:02 -06:00
Brett Nicholas 44faddac6c fix compiler error for targets that don't define HAVE_PTHREAD 2023-07-13 15:14:02 -06:00
gojimmypi 6b240fa41a Refactor HAVE_PTHREAD and _POSIX_THREADS (#6536)
* HAVE_PTHREAD gate in test.h
* add config.h and settings.h to test.h
* added config.h and settings.h to other test.h in wolfcrypt/test
* settings #ifdef _POSIX_THREADS HAVE_PTHREAD
* cyassl settings _POSIX_THREADS HAVE_PTHREAD
* undo cyassl _POSIX_THREADS HAVE_PTHREAD
* move settings.h #include in both test.h
* add !defined(SINGLE_THREADED) logic
* refactor  HAVE_PTHREAD, _POSIX_THREADS
2023-06-26 07:32:20 -07:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
David Garske 9d9549fbd3 Merge pull request #5836 from anhu/kyber_cleanup
Remove kyber-90s and route all kyber through wolfcrypt.
2022-12-05 13:18:44 -08:00
Anthony Hu a2fb4c0788 Remove kyber-90s and route all kyber through wolfcrypt. 2022-11-30 17:17:28 -05:00
Daniel Pouzzner 4bacc25e22 examples/benchmark/tls_bench.c: fix for clang-analyzer-deadcode.DeadStores in bench_tls(). 2022-11-29 17:09:05 -06:00
Anthony Hu 0bfa5c9836 Purge NTRU and SABER. Not going to be standardized. 2022-11-25 14:54:08 -05:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00