mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,133 Commits 5 Branches 160 Tags 771 MiB
Commit Graph

950 Commits

Author SHA1 Message Date
Anthony Hu 22eee3206d Fixups from review by dgarske 2022-06-14 11:13:28 -04:00
Anthony Hu 4d4ee3b2db Support psk ciphersuites in benchmarks. 
Also fixed some small errors during shutdown in benchmarks.

Tested with:

./configure --enable-psk CFLAGS=-DWOLFSSL_STATIC_PSK
make all check
./examples/benchmark/tls_bench
 2022-06-13 13:33:51 -04:00
David Garske d5791d5c74 Fixes for TLS benchmarking app (tls_bench) for shutdown and formatting brace cleanups. 2022-06-10 13:48:46 -07:00
kaleb-himes 96d5814bfe Implement peer review feedback 2022-06-03 11:06:46 -06:00
kaleb-himes 3bcdef1972 Fix various warnings and an uninitialized XFILE 2022-06-03 09:52:53 -06:00
David Garske 9cfcdfc7aa
Merge pull request #5149 from julek-wolfssl/store-frags-v2 
Re-use async to support WANT_WRITE while sending fragments
 2022-06-01 10:52:54 -07:00
Sean Parkinson be743b2204 TLS 1.3: send ticket 
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
 2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz 6245395f34 Simulate WANT_WRITE only with async I/O support 2022-05-27 23:23:18 +02:00
Juliusz Sosinowicz 50c0b3d2a2 Add testing/docs for blocking write 
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
 2022-05-27 21:26:55 +02:00
Daniel Pouzzner c4920021d8 print errors to stderr, not stdout; 
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
 2022-05-12 13:07:32 -05:00
Juliusz Sosinowicz 44be4e1cc8 Reset ret in client and server after wolfSSL_dtls_got_timeout() 
- Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets
- Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
 2022-05-12 16:48:04 +02:00
Juliusz Sosinowicz 9914da3046 Fix resumption failure and use range in connect state logic 2022-05-12 15:46:08 +02:00
Juliusz Sosinowicz a31b76878f DTLS fixes with WANT_WRITE simulations 
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
 2022-05-12 15:46:08 +02:00
John Safranek 798d81723b
Merge pull request #5128 from rizlik/dtls_bidrectional_shutdown 
Support DTLS bidirectional shutdown in the examples
 2022-05-11 17:00:44 -07:00
Juliusz Sosinowicz 257c55a311 examples: allow bidirectional shutdown in UDP 
This commit allows the examples to perform a bidirectional shutdown also when
using UDP. It is useful to test DTLS retransmission.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2022-05-11 13:27:24 +02:00
Daniel Pouzzner 26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; 
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
 2022-05-10 12:20:12 -05:00
Marco Oliverio d133fa6143 server: check that the first packet of udp connection is clientHello 
Used to allow for bi-directional shutdown tests with UDP and DTLS
 2022-05-09 13:45:27 +02:00
David Garske 84a33183a6 Various scan-build fixes. 2022-04-22 16:02:54 -07:00
elms 29392ac6b3 spell fix: OSCP -> OCSP 2022-04-19 15:11:08 -07:00
David Garske c905c613e9 Support for Intel QuickAssist ECC KeyGen acceleration. 2022-03-30 13:07:47 -07:00
Juliusz Sosinowicz 1fd090d094 Update `wolfSSL_get_session` docs 
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
 2022-03-17 12:56:28 +01:00
Daniel Pouzzner d531e21f34
Merge pull request #4946 from dgarske/async_earlydata 
Fixes for TLS v1.3 early data with async
 2022-03-15 12:12:09 -05:00
Sean Parkinson 2c1ecacbfc TLS 1.3 script test: wait for server to write file 
Also fixes for:
./configure --enable-psk --disable-rsa --disable-ecc --disable-dh
C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-shared --enable-curve448 --enable-ed448
--disable-rsa --disable-dh --enable-tls13 --disable-ecc --enable-certgen
--enable-keygen
 2022-03-14 14:42:47 +10:00
David Garske dd8fb41f66 Fixes for TLS v1.3 early data with async. 2022-03-11 14:03:46 -08:00
Juliusz Sosinowicz 3c64731c4f Don't force a ECC CA when a custom CA is passed with `-A` 
The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to  `OPENSSL_COMPATIBLE_DEFAULTS`.
 2022-03-08 15:02:43 +01:00
Hayden Roche a9cc1ca877
Merge pull request #4924 from dgarske/coexist_fixes 2022-03-07 13:00:22 -08:00
Daniel Pouzzner 9be0633ce3
Merge pull request #4824 from dgarske/fips_ready_user 
User settings template for FIPS v5 ready
 2022-03-05 07:52:03 -06:00
David Garske 3839b0e675 Fixes for building wolfSSL along side openssl. 2022-03-04 12:06:24 -08:00
David Garske 6dd7a289e7 Fix for "set but not used". 2022-02-24 13:43:56 -08:00
Sean Parkinson b13826a3a5
Merge pull request #4840 from haydenroche5/visual_studio_cleanup 
Clean up Visual Studio output and intermediate directories.
 2022-02-24 15:07:13 +10:00
Juliusz Sosinowicz ceff401269 Fixes for Jenkins tests 
- Move test to `HAVE_IO_TESTS_DEPENDENCIES`
- Implement `wolfSSL_trust_peer_cert`
- have{cipher} options weren't being set with only RSA enabled
 2022-02-23 09:47:34 +01:00
David Garske 194466c35a Peer review fixes. 2022-02-22 15:22:27 -08:00
David Garske 40b171124f Fixes to resolve a few make check issues. 2022-02-11 15:20:25 -08:00
David Garske 7ec1e69dba Fixes for supporting the openssl compatibility layer. Adds ChaCha/Poly, DH extra and verify callbacks. 2022-02-08 10:18:41 -08:00
Hayden Roche 6930cc0b21 Clean up Visual Studio output and intermediate directories. 
Currently, wolfssl.vcxproj and IDE/WIN10/wolfssl-fips.vcxproj do not use the
same scheme for their output and intermediate directories. Further, across
configuration/platform combinations, wolfssl.vcxproj isn't consistent, either.
For example:

```
Release|x64
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Platform)\$(Configuration)\obj\

Release|Win32
OutDir: $(SolutionDir)$(Configuration)\
IntDir: $(Configuration)\obj\
```

This commit makes every configuration/platform combo for all Visual Studio
projects follow the same pattern:

```
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Configuration)\$(Platform)\$(ProjectName)_obj\
```

The `$(ProjectName)_obj` piece gets rid of a Visual Studio warning about not
mingling the intermediate objects of disparate builds.
 2022-02-08 09:23:27 -08:00
David Garske 5169a3cf89 Improve header comments and logic. Remove `NO_PWDBASED` and added CRL. 2022-02-07 15:58:10 -08:00
David Garske 50700c3c28 Make sure Rabbit and HC128 are disabled when building FIPS against older wolfSSL. 2022-02-03 14:53:11 -08:00
David Garske db6d924d4b User settings template for FIPS v5. 2022-02-03 13:35:13 -08:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Daniel Pouzzner 2955d7339e remove a debugging printf, fix whitespace/indentation, and add a comment re gethostbyname_r buffer size. 2022-01-21 13:00:22 -06:00
Daniel Pouzzner 6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson 848f5eeb0c
Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
Marco Oliverio 231a0bbb84 dtls-srtp: no ekm cross check on single threaded/no pthread conf 2022-01-20 16:12:04 +01:00
David Garske 7adbf59f22
Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
David Garske 8e0ece920b Test cleanups. Fix possible leak in `TLSX_UseSRTP`. 2022-01-19 09:22:02 -08:00
Marco Oliverio 86ba0ef643 tests: support test for SRTP 
the test will check that the same Exported Keying Material is generated between
client and server
 2022-01-19 13:35:29 +01:00
Chris Conlon 4c05d35452
Merge pull request #4743 from miyazakh/tls_bench_onlymode 2022-01-18 15:41:48 -07:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
John Safranek 2085624a29
Old Compiler Warning Cleanup (GCC 4.0.2) 
1. Removed pragma disabling the warning for non-literal format strings
on `printf()`.
2. Switched the `printf()` into two printf calls.
 2022-01-14 17:11:55 -08:00
David Garske eade8ecdf1 DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles. 2022-01-14 13:43:29 -08:00
David Garske 6ccbd8776f DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
Hideki Miyazaki 723cfb2d0b
make server/client only work 2022-01-12 09:23:23 +09:00
David Garske 569c066fab Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`. 2021-12-23 14:25:45 -08:00
Hayden Roche 52754123d9 Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init. 
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
 2021-12-22 14:21:06 -08:00
Anthony Hu 7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC 
AKA: The Great Rename of December 2021
 2021-12-20 11:48:03 -05:00
Jacob Barthelmeh ad078a7358 adjust macro guard in example client 2021-12-08 13:45:37 -07:00
Jacob Barthelmeh 9a07b3af9b print out PEM of peer cert with example client 2021-12-07 14:07:47 -07:00
Daniel Pouzzner 30b68060fb configure.ac: fix whitespace; client.c: make gcc 5.4.0 -Wmaybe-uninitialized happy. 2021-12-04 00:57:49 -06:00
Jacob Barthelmeh 0340b49ff9 do not load example CA if not verifying peer 2021-11-30 10:44:05 -07:00
David Garske 5dac25f470 Eliminate `EIGHTK_BUF` use in asn. Cleanup uses of `0` in set_verify for callback. 2021-11-09 08:23:19 -08:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Daniel Pouzzner 8f121e7752 file modes: clear inappropriate executable bits. 2021-11-08 17:28:11 -06:00
Juliusz Sosinowicz 6d89de4f11 Check correct var for `server.c` echo return. 2021-11-05 16:10:17 +01:00
Jacob Barthelmeh 1d91ccb41b remove exe bit on example.c and server.c 2021-10-29 13:12:43 -06:00
David Garske 0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing 
DTLS Sizing
 2021-10-28 14:15:36 -07:00
Juliusz Sosinowicz adee6a86d1 Return the close notify error when expecting an error. 2021-10-28 20:53:58 +02:00
Juliusz Sosinowicz 894303be59 Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent 
- Add testing for sending as much app data as possible in a single DTLS record
 2021-10-28 14:46:15 +02:00
David Garske c16f0db1b5 Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`. 2021-10-27 15:08:39 -07:00
John Safranek 976402e04b RNG Update 
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
 2021-10-26 20:24:25 -05:00
Sean Parkinson 6070981366
Merge pull request #4490 from dgarske/static_mem_unittest 
Add CTX static memory API unit tests
 2021-10-26 09:52:14 +10:00
kaleb-himes 5859779ddf Check-in non-FIPS specific porting changes for OE22 
Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
 2021-10-22 15:01:14 -06:00
David Garske f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
David Garske 911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
David Garske 37a976b4bf Fix example server to support option 7 (which exists). Fix static mem size required with session cert (matches client now). 2021-10-21 11:41:30 -07:00
David Garske a03ed32380 Support for Android KeyStore compatibility API's: 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
 2021-10-19 17:04:18 -07:00
Sean Parkinson f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00
David Garske dcb2ebba39 Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline. 2021-10-19 13:00:25 -07:00
Daniel Pouzzner 768496be4a scan-build LLVM-13 fixes: in examples/echoclient/echoclient.c, remove frivolous "break;", avoiding need to pragma-ignore clang -Wunreachable-code-break. 2021-10-18 21:46:10 -05:00
Daniel Pouzzner 76332069ea examples/client/client.c: remove frivolous `break` to avoid need for PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-break\""). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner f621a93081 more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
David Garske 2aa2ef84b2
Merge pull request #4470 from LinuxJedi/md-cleanups 
Cleanup markdown documentation
 2021-10-14 11:04:48 -07:00
Andrew Hutchings 11e3f867b0 Cleanup markdown documentation 
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
 2021-10-13 16:39:46 +01:00
David Garske bc97539756 Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages. 2021-10-12 15:13:38 -07:00
David Garske da15356c2a
Merge pull request #4444 from anhu/pq_bench 
Benchmarking the supported groups.
 2021-10-05 09:52:51 -07:00
Anthony Hu 41b9b14cfb whitespace 2021-10-04 18:35:09 -04:00
Anthony Hu f77a5e26b5 semi-colon --> colon and use wolfTLSv1_3_server_method when NO_WOLFSSL_CLIENT. 2021-10-04 18:31:28 -04:00
Anthony Hu 310ab6692a Drop a function brace and WOLFSSL_TLS13. 2021-10-04 13:56:01 -04:00
Lealem Amedie 4084928d93 Slight changes to liboqs documentation in INSTALL and example client/server 2021-10-02 13:14:32 -06:00
Anthony Hu 2fa0114d54 Benchmarking the supported groups. 2021-10-01 15:38:07 -04:00
Anthony Hu 33cb823148
Remove legacy NTRU and OQS (#4418) 
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
 2021-09-24 08:37:53 +10:00
Anthony Hu 13d4722678 Convert post-quantum algorithm group names 
... from using parameter set names from the papers to NIST levels.
 2021-09-17 13:28:34 -04:00
John Safranek bb70fee1ec
Merge pull request #4390 from anhu/hybridizing 
Hybridizing NIST ECC groups with the OQS groups.
 2021-09-16 22:01:39 -07:00
Eric Blankenhorn 2274d0b773 Fix overflow check in ClientMemSend 2021-09-14 11:17:01 -05:00
Anthony Hu fb733b4662 Hybridizing the OQS groups with NIST ECC groups. 2021-09-10 13:12:12 -04:00
Juliusz Sosinowicz 4a26b53dfc Changes for ED25519 and `HAVE_SECRET_CALLBACK` 
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
 2021-09-02 15:58:30 +02:00
David Garske 9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) 
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
 2021-09-01 09:28:24 +10:00
Kareem 9a438ce289 liboqs integration using keyshare/supported_groups extensions in TLS 1.3 2021-08-27 13:56:53 -04:00
David Garske 70535f51d5 Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`. 2021-08-16 13:09:17 -07:00