mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,998 Commits 5 Branches 160 Tags 767 MiB
Commit Graph

925 Commits

Author SHA1 Message Date
David Garske a03ed32380 Support for Android KeyStore compatibility API's: 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
 2021-10-19 17:04:18 -07:00
Sean Parkinson f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00
David Garske dcb2ebba39 Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline. 2021-10-19 13:00:25 -07:00
Daniel Pouzzner 768496be4a scan-build LLVM-13 fixes: in examples/echoclient/echoclient.c, remove frivolous "break;", avoiding need to pragma-ignore clang -Wunreachable-code-break. 2021-10-18 21:46:10 -05:00
Daniel Pouzzner 76332069ea examples/client/client.c: remove frivolous `break` to avoid need for PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-break\""). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner f621a93081 more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
David Garske 2aa2ef84b2
Merge pull request #4470 from LinuxJedi/md-cleanups 
Cleanup markdown documentation
 2021-10-14 11:04:48 -07:00
Andrew Hutchings 11e3f867b0 Cleanup markdown documentation 
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
 2021-10-13 16:39:46 +01:00
David Garske bc97539756 Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages. 2021-10-12 15:13:38 -07:00
David Garske da15356c2a
Merge pull request #4444 from anhu/pq_bench 
Benchmarking the supported groups.
 2021-10-05 09:52:51 -07:00
Anthony Hu 41b9b14cfb whitespace 2021-10-04 18:35:09 -04:00
Anthony Hu f77a5e26b5 semi-colon --> colon and use wolfTLSv1_3_server_method when NO_WOLFSSL_CLIENT. 2021-10-04 18:31:28 -04:00
Anthony Hu 310ab6692a Drop a function brace and WOLFSSL_TLS13. 2021-10-04 13:56:01 -04:00
Lealem Amedie 4084928d93 Slight changes to liboqs documentation in INSTALL and example client/server 2021-10-02 13:14:32 -06:00
Anthony Hu 2fa0114d54 Benchmarking the supported groups. 2021-10-01 15:38:07 -04:00
Anthony Hu 33cb823148
Remove legacy NTRU and OQS (#4418) 
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
 2021-09-24 08:37:53 +10:00
Anthony Hu 13d4722678 Convert post-quantum algorithm group names 
... from using parameter set names from the papers to NIST levels.
 2021-09-17 13:28:34 -04:00
John Safranek bb70fee1ec
Merge pull request #4390 from anhu/hybridizing 
Hybridizing NIST ECC groups with the OQS groups.
 2021-09-16 22:01:39 -07:00
Eric Blankenhorn 2274d0b773 Fix overflow check in ClientMemSend 2021-09-14 11:17:01 -05:00
Anthony Hu fb733b4662 Hybridizing the OQS groups with NIST ECC groups. 2021-09-10 13:12:12 -04:00
Juliusz Sosinowicz 4a26b53dfc Changes for ED25519 and `HAVE_SECRET_CALLBACK` 
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
 2021-09-02 15:58:30 +02:00
David Garske 9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) 
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
 2021-09-01 09:28:24 +10:00
Kareem 9a438ce289 liboqs integration using keyshare/supported_groups extensions in TLS 1.3 2021-08-27 13:56:53 -04:00
David Garske 70535f51d5 Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`. 2021-08-16 13:09:17 -07:00
David Garske 8601c14f1c
Merge pull request #4297 from anhu/master 
Fix a race condition in the benchmark example and …
 2021-08-12 13:51:43 -07:00
Anthony Hu 7c75b9836e Changes to make Jenkins happy and reduce verbosity. 
- added HAVE_PTHREAD guards
- usleep ---> XSLEEP_MS
- only print polling message if verbose output requested.
 2021-08-12 11:13:15 -04:00
Anthony Hu 586317f198 Fix a race condition in the benchmark example and all output goes to stderr. 2021-08-11 17:07:01 -04:00
Lealem Amedie d4d225e33f Fix broken link in examples/README.md 2021-08-11 10:49:38 -06:00
Lealem Amedie 0722fb56d8 Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c 2021-08-02 20:27:41 -06:00
Juliusz Sosinowicz 1b6b16c2c3 HaProxy 2.4-dev18 support 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
 2021-07-06 15:39:23 +02:00
JacobBarthelmeh 45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade 
not include smaller versions than minimum downgrade
 2021-07-01 21:00:20 +07:00
Hideki Miyazaki b0688688c1
addressed review comments 2021-06-30 13:52:46 +09:00
Hideki Miyazaki d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext 2021-06-25 14:51:34 +09:00
Sean Parkinson 8592053856 Regression test fixes 
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
 2021-06-25 09:18:06 +10:00
David Garske 67b87a8883
Merge pull request #4127 from douzzer/wolfsentry-client 
outbound connection filtering and wolfSentry integration
 2021-06-22 07:27:18 -07:00
David Garske 716237c5dd Fix minor line length and spelling. 2021-06-21 15:09:39 -07:00
Daniel Pouzzner 8c75553e08 wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros. 2021-06-17 20:05:40 -05:00
Daniel Pouzzner 93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. 
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
 2021-06-17 20:05:40 -05:00
David Garske 9181c949ae Added static ciphers and sniffer. Fixed spelling. 2021-06-17 15:19:45 -07:00
David Garske ffb9a8b440 Improve the user_settings_template to incude Windows. Added STM32 configuration example. 2021-06-17 15:19:45 -07:00
David Garske 8b14bf2951 Additional user_settings.h examples. 2021-06-17 15:19:45 -07:00
Sean Parkinson 12c358bc30
Merge pull request #3979 from dgarske/tls13_async 
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
 2021-06-15 10:02:19 +10:00
David Garske 77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup 
Fixes for some `-pedantic` errors
 2021-06-14 13:46:39 -07:00
David Garske 5e6b8e50c8 Fix to set groups for client benchmark test. 2021-06-11 14:12:15 -07:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement 
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
 2021-06-11 14:12:12 -07:00
Sean Parkinson 7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
Sean Parkinson 9580574382
Merge pull request #3999 from dgarske/user_io 
Fixes for building with `WOLFSSL_USER_IO`
 2021-06-09 08:55:36 +10:00
Elms 5c01613acb Add GCC extension to bypass select `-pedantic` warnings 
Add wrapper macro for `__extension__` to suppress pedantic warnings
 2021-06-07 15:38:15 -07:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Elms 82981e9305 make: fix timing error when switching between revisions 
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
 2021-05-18 09:43:29 -07:00
David Garske c88afdef87 Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
toddouska 014bd21df0
Merge pull request #3983 from tmael/tls_down 
TLS minimum downgrade option
 2021-05-05 15:38:45 -07:00
Hideki Miyazaki 0e40293798
added psk session callback 2021-04-28 10:08:21 +09:00
toddouska 40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral 
Added API's for getting pointer to loaded static ephemeral key
 2021-04-23 15:54:46 -07:00
Tesfa Mael 0c16ef4b29 Check for TLS downgrade 2021-04-23 14:45:35 -07:00
Daniel Pouzzner 9c7ee3fa64 examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static(). 2021-04-22 00:20:12 -05:00
Daniel Pouzzner 0cf9bacf1b WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths. 2021-04-21 17:34:47 -05:00
Daniel Pouzzner 660e64cdff examples/server/server.c: clean up wolfsentry printfs. 2021-04-21 03:19:55 -05:00
Daniel Pouzzner cb976db02b server.c: update for wolfSentry API changes. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner 6175e11156 server.c: update wolfsentry_init() usage (hpi pointer). 2021-04-20 23:59:58 -05:00
Daniel Pouzzner 23d8df720e remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS. 2021-04-20 23:59:58 -05:00
Daniel Pouzzner 2a05fcb59a examples/server: fix wolfSentry integration to handle DTLS correctly. 2021-04-20 23:59:57 -05:00
Daniel Pouzzner 1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Daniel Pouzzner 734860f535 WOLFSSL_NETWORK_INTROSPECTION WIP 2021-04-20 23:59:57 -05:00
Daniel Pouzzner ba2cc00e5d initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter(). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz 70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske e13c93d493 Added API's for getting pointer to load static ephemeral key. 2021-04-05 13:40:48 -07:00
David Garske a22defec50 Fix for availability of `wolfSSL_SESSION_print`. 2021-03-26 15:39:55 -07:00
David Garske 95ff75c43d Fix for `wolfSSL_SESSION_print` 2021-03-26 13:41:11 -07:00
David Garske f65e1f1f09 Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined. 2021-03-26 13:23:00 -07:00
JacobBarthelmeh 13d81f1fb9
Merge pull request #3902 from dgarske/snicb 
Fix for SNI recv callback
 2021-03-24 15:34:35 +07:00
David Garske 9313d59479 Fix for SNI callback 
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
 2021-03-22 11:28:16 -07:00
Hideki Miyazaki 4650aaf4fb
addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Eric Blankenhorn 5e953d5968 Typo in client example 2021-03-08 17:31:12 -06:00
Hideki Miyazaki 9bae05525c
addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki 141d07e21b
addressed pre-review comments 2021-03-05 08:19:16 +09:00
Hideki Miyazaki e39477c531
initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
John Safranek e9cdcf5bac
Merge pull request #3764 from embhorn/zd11668 
Fix typo
 2021-02-22 14:12:12 -08:00
Eric Blankenhorn 2c2bdca200 Fix typo 2021-02-11 12:27:43 -06:00
toddouska 39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Sean Parkinson 794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Juliusz Sosinowicz 542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
toddouska 6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
Sean Parkinson a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
Eric Blankenhorn a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
David Garske 219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
Eric Blankenhorn 50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
Daniel Pouzzner 764b3cf09d examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code. 2020-12-28 17:49:58 -06:00
Chris Conlon 16ce8e077a only call wolfSSL_UseKeyShare() in example client with TLS 1.3 2020-12-16 12:06:35 -07:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
toddouska 367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche 5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska 9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
toddouska 9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche 2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
Hayden Roche e035eb8f8a Add an option to the example client to simulate WANT_WRITE errors. 
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
  This callback alternates between letting the TX through and returning a
  WANT_WRITE error.
 2020-11-13 10:30:24 -06:00
John Safranek e996a7d15b
Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske 71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
Daniel Pouzzner 7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
Glenn Strauss 92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Daniel Pouzzner fda84576b0 name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 94d4ea3a57 examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner b918e1fd4c examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. 2020-10-28 17:28:05 -05:00
John Safranek d2dac8e4b8
Example Client OCSP Option Fix 
1. Before checking to see if the must staple flag is on the 'W' option,
   check the length of myoptarg.
 2020-10-21 13:30:51 -07:00
toddouska 1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
toddouska 7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
Sean Parkinson 60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
David Garske b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck 
Add support for id-pkix-ocsp-nocheck
 2020-10-13 15:46:02 -07:00
David Garske 048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing 
NO_FILESYSTEM build on Windows
 2020-10-13 13:26:46 -07:00
Jacob Barthelmeh 6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
Tesfa Mael a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Daniel Pouzzner 570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner 7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00
Juliusz Sosinowicz a7fdfbaf40 Passing scr-app-data in to -i to client sends a message during SCR 
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
 2020-10-06 17:28:23 +02:00
Juliusz Sosinowicz 84f0fc56ef check ClientWrite return 2020-09-25 11:35:23 +02:00
Daniel Pouzzner 10bf7a2086 examples/: fix undersized array lengths in client_usage_msg and server_usage_msg. 2020-09-23 18:32:16 -05:00
toddouska 1c07de883c
Merge pull request #3306 from SparkiDev/tls13_pha_psk 
TLS 1.3: Post-handshake Authentication and resumption secret
 2020-09-23 16:06:55 -07:00
Sean Parkinson 4ed3438be0 TLS 1.3: Post-handshake Authentication and resumption secret 
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
 2020-09-23 17:09:06 +10:00
John Safranek 30443dbf23
Fix Client Usage 
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
 2020-09-16 13:37:01 -07:00
Juliusz Sosinowicz 04b4ef3e3b Don't send null byte 2020-09-16 14:02:51 +02:00
Juliusz Sosinowicz a65ffe15bc Implement non-blocking SCR on server side 2020-09-09 21:41:20 +02:00
Sean Parkinson db864be6a4 TLS 1.3 Early Data: fix 
Will process early data packets now.
Added test to check output of server for early data being received.
 2020-08-31 09:03:05 +10:00
Juliusz Sosinowicz 605b274442 Jenkins fixes 2020-08-28 12:04:11 +02:00
Juliusz Sosinowicz 52df9d6c69 TLS and DTLS both need to support APP DATA during SCR 
Also some misc fixes
 2020-08-27 21:13:19 +02:00
Juliusz Sosinowicz 8b934624f5 DTLS non-blocking scrwith example 2020-08-25 11:26:20 +02:00
John Safranek 362e328180
NTRU fixes 
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
 2020-08-19 10:46:03 -07:00
toddouska 1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
JacobBarthelmeh 1034139214
Merge pull request #3081 from kaleb-himes/GH2998_REWORK_FOLLOWUP 
Cleanup of example client/server buffer sizes
 2020-08-05 09:31:30 -06:00
David Garske 4f91d60d22 Fixes for build issues without `OPENSSL_EXTRA` defined. 2020-07-31 15:25:58 -07:00
David Garske 776b1a2d17 Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. 2020-07-31 15:17:53 -07:00
David Garske 71cc5381ad Added new `examples/config` area with template user_settings.h files and instructions for using. 2020-07-31 11:01:58 -07:00
Kaleb Himes d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP 2020-07-30 09:47:48 -06:00
John Safranek 397d1ab19c
DTLS Test Speed Fix Redux 
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
 2020-07-29 16:51:08 -07:00
toddouska e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske 38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size 
DTLS Size Fix
 2020-07-24 08:19:50 -07:00
John Safranek fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests. 2020-07-23 14:32:48 -07:00
John Safranek 839044d9e1
1. Remove dead assignment from client test. 
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
 2020-07-23 12:26:49 -07:00
John Safranek 98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test. 2020-07-22 13:20:23 -07:00
David Garske fe08f23a50 Improved test sleep. Cleanup `sleep` calls. 2020-07-22 13:08:57 -07:00
David Garske c5371a2dbd Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined. 2020-07-22 12:15:14 -07:00