WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
24,531 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

662 Commits (7380ec68bb92a93b7a4e1000073dd15b1338ea37)

Author SHA1 Message Date
John Safranek 798d81723b
Merge pull request #5128 from rizlik/dtls_bidrectional_shutdown 
Support DTLS bidirectional shutdown in the examples
 2022-05-11 17:00:44 -07:00
Juliusz Sosinowicz 257c55a311 examples: allow bidirectional shutdown in UDP 
This commit allows the examples to perform a bidirectional shutdown also when
using UDP. It is useful to test DTLS retransmission.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2022-05-11 13:27:24 +02:00
Daniel Pouzzner 26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; 
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
 2022-05-10 12:20:12 -05:00
David Garske 84a33183a6 Various scan-build fixes. 2022-04-22 16:02:54 -07:00
David Garske c905c613e9 Support for Intel QuickAssist ECC KeyGen acceleration. 2022-03-30 13:07:47 -07:00
Juliusz Sosinowicz 1fd090d094 Update `wolfSSL_get_session` docs 
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
 2022-03-17 12:56:28 +01:00
David Garske dd8fb41f66 Fixes for TLS v1.3 early data with async. 2022-03-11 14:03:46 -08:00
Juliusz Sosinowicz 3c64731c4f Don't force a ECC CA when a custom CA is passed with `-A` 
The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to  `OPENSSL_COMPATIBLE_DEFAULTS`.
 2022-03-08 15:02:43 +01:00
David Garske 6dd7a289e7 Fix for "set but not used". 2022-02-24 13:43:56 -08:00
Daniel Pouzzner 6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Marco Oliverio 231a0bbb84 dtls-srtp: no ekm cross check on single threaded/no pthread conf 2022-01-20 16:12:04 +01:00
David Garske 8e0ece920b Test cleanups. Fix possible leak in `TLSX_UseSRTP`. 2022-01-19 09:22:02 -08:00
Marco Oliverio 86ba0ef643 tests: support test for SRTP 
the test will check that the same Exported Keying Material is generated between
client and server
 2022-01-19 13:35:29 +01:00
David Garske eade8ecdf1 DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles. 2022-01-14 13:43:29 -08:00
David Garske 6ccbd8776f DTLS SRTP (RFC5764) support (adds `--enable-srtp`). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
David Garske 569c066fab Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use `wolfSSL_get1_sesson` for reference logic, that requires calling `wolfSSL_SESSION_free`. To disable this feature use `NO_SESSION_CACHE_REF`. 2021-12-23 14:25:45 -08:00
Hayden Roche 52754123d9 Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init. 
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
 2021-12-22 14:21:06 -08:00
Anthony Hu 7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC 
AKA: The Great Rename of December 2021
 2021-12-20 11:48:03 -05:00
Jacob Barthelmeh ad078a7358 adjust macro guard in example client 2021-12-08 13:45:37 -07:00
Jacob Barthelmeh 9a07b3af9b print out PEM of peer cert with example client 2021-12-07 14:07:47 -07:00
Daniel Pouzzner 30b68060fb configure.ac: fix whitespace; client.c: make gcc 5.4.0 -Wmaybe-uninitialized happy. 2021-12-04 00:57:49 -06:00
Jacob Barthelmeh 0340b49ff9 do not load example CA if not verifying peer 2021-11-30 10:44:05 -07:00
David Garske 5dac25f470 Eliminate `EIGHTK_BUF` use in asn. Cleanup uses of `0` in set_verify for callback. 2021-11-09 08:23:19 -08:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Jacob Barthelmeh 1d91ccb41b remove exe bit on example.c and server.c 2021-10-29 13:12:43 -06:00
David Garske 0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing 
DTLS Sizing
 2021-10-28 14:15:36 -07:00
Juliusz Sosinowicz 894303be59 Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent 
- Add testing for sending as much app data as possible in a single DTLS record
 2021-10-28 14:46:15 +02:00
David Garske c16f0db1b5 Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`. 2021-10-27 15:08:39 -07:00
John Safranek 976402e04b RNG Update 
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
 2021-10-26 20:24:25 -05:00
Sean Parkinson 6070981366
Merge pull request #4490 from dgarske/static_mem_unittest 
Add CTX static memory API unit tests
 2021-10-26 09:52:14 +10:00
kaleb-himes 5859779ddf Check-in non-FIPS specific porting changes for OE22 
Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
 2021-10-22 15:01:14 -06:00
David Garske 911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
Sean Parkinson f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00
David Garske dcb2ebba39 Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline. 2021-10-19 13:00:25 -07:00
Daniel Pouzzner 76332069ea examples/client/client.c: remove frivolous `break` to avoid need for PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-break\""). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner f621a93081 more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes). 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
David Garske bc97539756 Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages. 2021-10-12 15:13:38 -07:00
Lealem Amedie 4084928d93 Slight changes to liboqs documentation in INSTALL and example client/server 2021-10-02 13:14:32 -06:00
Anthony Hu 33cb823148
Remove legacy NTRU and OQS (#4418) 
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
 2021-09-24 08:37:53 +10:00
Anthony Hu 13d4722678 Convert post-quantum algorithm group names 
... from using parameter set names from the papers to NIST levels.
 2021-09-17 13:28:34 -04:00
Anthony Hu fb733b4662 Hybridizing the OQS groups with NIST ECC groups. 2021-09-10 13:12:12 -04:00
Juliusz Sosinowicz 4a26b53dfc Changes for ED25519 and `HAVE_SECRET_CALLBACK` 
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
 2021-09-02 15:58:30 +02:00
Kareem 9a438ce289 liboqs integration using keyshare/supported_groups extensions in TLS 1.3 2021-08-27 13:56:53 -04:00
David Garske 70535f51d5 Fixes for PK callbacks with TLS v1.3. Tested with `./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB"`. 2021-08-16 13:09:17 -07:00
Lealem Amedie 0722fb56d8 Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c 2021-08-02 20:27:41 -06:00
Juliusz Sosinowicz 1b6b16c2c3 HaProxy 2.4-dev18 support 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
 2021-07-06 15:39:23 +02:00
Hideki Miyazaki b0688688c1
addressed review comments 2021-06-30 13:52:46 +09:00
Hideki Miyazaki d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext 2021-06-25 14:51:34 +09:00
David Garske 716237c5dd Fix minor line length and spelling. 2021-06-21 15:09:39 -07:00
Daniel Pouzzner 8c75553e08 wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros. 2021-06-17 20:05:40 -05:00
Daniel Pouzzner 93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config. 
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
 2021-06-17 20:05:40 -05:00
David Garske 5e6b8e50c8 Fix to set groups for client benchmark test. 2021-06-11 14:12:15 -07:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement 
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
 2021-06-11 14:12:12 -07:00
Sean Parkinson 7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite 
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
 2021-06-10 09:55:27 +10:00
David Garske c88afdef87 Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
toddouska 014bd21df0
Merge pull request #3983 from tmael/tls_down 
TLS minimum downgrade option
 2021-05-05 15:38:45 -07:00
Hideki Miyazaki 0e40293798
added psk session callback 2021-04-28 10:08:21 +09:00
Tesfa Mael 0c16ef4b29 Check for TLS downgrade 2021-04-23 14:45:35 -07:00
Juliusz Sosinowicz 70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify 
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
 2021-04-16 17:30:51 +02:00
David Garske a22defec50 Fix for availability of `wolfSSL_SESSION_print`. 2021-03-26 15:39:55 -07:00
David Garske 95ff75c43d Fix for `wolfSSL_SESSION_print` 2021-03-26 13:41:11 -07:00
David Garske f65e1f1f09 Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined. 2021-03-26 13:23:00 -07:00
JacobBarthelmeh 13d81f1fb9
Merge pull request #3902 from dgarske/snicb 
Fix for SNI recv callback
 2021-03-24 15:34:35 +07:00
David Garske 9313d59479 Fix for SNI callback 
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
 2021-03-22 11:28:16 -07:00
Hideki Miyazaki 4650aaf4fb
addressed review comments part 1 2021-03-19 13:13:00 +09:00
Hideki Miyazaki b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR 2021-03-19 13:12:55 +09:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Eric Blankenhorn 5e953d5968 Typo in client example 2021-03-08 17:31:12 -06:00
Hideki Miyazaki 9bae05525c
addressed review comments 2021-03-05 08:19:22 +09:00
Hideki Miyazaki 141d07e21b
addressed pre-review comments 2021-03-05 08:19:16 +09:00
Hideki Miyazaki e39477c531
initial implement SSL_get_early_data_status 2021-03-05 08:19:15 +09:00
Eric Blankenhorn a3cbcf255f Fix from review 2021-01-20 11:34:02 -06:00
Eric Blankenhorn 50843b22cd Check method for NULL 2021-01-18 16:18:49 -06:00
Daniel Pouzzner 764b3cf09d examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code. 2020-12-28 17:49:58 -06:00
Chris Conlon 16ce8e077a only call wolfSSL_UseKeyShare() in example client with TLS 1.3 2020-12-16 12:06:35 -07:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
toddouska 367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Hayden Roche 5fdc4cf6e1 Fix RX/TX throughput reporting in example server. 
- I observed that client TX throughput < client RX throughput, but server TX
  throughput > server RX throughput. Turns out this is just a typo in the
  printing of the stats. The RX stat was being printed as the TX stat and vice-
  versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
  for the server to come up. If you were to time this script with the time
  command, you'll see that 2 seconds in the result, which might be confusing
  if you didn't realize the sleep was there.
 2020-12-08 16:49:09 -06:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska 9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim 
Add an option to the example client to simulate WANT_WRITE errors.
 2020-11-18 15:54:09 -08:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
Hayden Roche 2fc594d319 Modify example server to be resilient to WANT_WRITE errors. 2020-11-13 10:33:10 -06:00
Hayden Roche e035eb8f8a Add an option to the example client to simulate WANT_WRITE errors. 
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
  This callback alternates between letting the TX through and returning a
  WANT_WRITE error.
 2020-11-13 10:30:24 -06:00
Daniel Pouzzner 7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
Glenn Strauss 92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Daniel Pouzzner fda84576b0 name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 94d4ea3a57 examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner b918e1fd4c examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. 2020-10-28 17:28:05 -05:00
John Safranek d2dac8e4b8
Example Client OCSP Option Fix 
1. Before checking to see if the must staple flag is on the 'W' option,
   check the length of myoptarg.
 2020-10-21 13:30:51 -07:00
toddouska 1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
toddouska 7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
Sean Parkinson 60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
David Garske b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck 
Add support for id-pkix-ocsp-nocheck
 2020-10-13 15:46:02 -07:00
David Garske 048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing 
NO_FILESYSTEM build on Windows
 2020-10-13 13:26:46 -07:00
Jacob Barthelmeh 6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
Tesfa Mael a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Daniel Pouzzner 570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner 7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00
Juliusz Sosinowicz a7fdfbaf40 Passing scr-app-data in to -i to client sends a message during SCR 
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
 2020-10-06 17:28:23 +02:00
Juliusz Sosinowicz 84f0fc56ef check ClientWrite return 2020-09-25 11:35:23 +02:00
Daniel Pouzzner 10bf7a2086 examples/: fix undersized array lengths in client_usage_msg and server_usage_msg. 2020-09-23 18:32:16 -05:00
John Safranek 30443dbf23
Fix Client Usage 
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
 2020-09-16 13:37:01 -07:00
Juliusz Sosinowicz 04b4ef3e3b Don't send null byte 2020-09-16 14:02:51 +02:00
Sean Parkinson db864be6a4 TLS 1.3 Early Data: fix 
Will process early data packets now.
Added test to check output of server for early data being received.
 2020-08-31 09:03:05 +10:00
Juliusz Sosinowicz 52df9d6c69 TLS and DTLS both need to support APP DATA during SCR 
Also some misc fixes
 2020-08-27 21:13:19 +02:00
Juliusz Sosinowicz 8b934624f5 DTLS non-blocking scrwith example 2020-08-25 11:26:20 +02:00
toddouska 1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
Kaleb Himes d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP 2020-07-30 09:47:48 -06:00
John Safranek 397d1ab19c
DTLS Test Speed Fix Redux 
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
 2020-07-29 16:51:08 -07:00
toddouska e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske 38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size 
DTLS Size Fix
 2020-07-24 08:19:50 -07:00
John Safranek fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests. 2020-07-23 14:32:48 -07:00
John Safranek 839044d9e1
1. Remove dead assignment from client test. 
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
 2020-07-23 12:26:49 -07:00
John Safranek 98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test. 2020-07-22 13:20:23 -07:00
David Garske fe08f23a50 Improved test sleep. Cleanup `sleep` calls. 2020-07-22 13:08:57 -07:00
David Garske c5371a2dbd Fix for `kResumeMsg` unused if `NO_SESSION_CACHE` defined. 2020-07-22 12:15:14 -07:00
John Safranek c8e9d058f0
DTLS Test Speedup 
Change the example client to use select instead of sleep.
If building for the standalone client, it will wait 1 second.
If built for no main driver, it'll wait 10ms rather than 1 second.
 2020-07-21 18:40:18 -07:00
David Garske 11b0d963d3 Fix for example client to send HTTP GET on resume with "-g". Fixes issue with `./scripts/openssl.test`. 2020-07-21 15:42:33 -07:00
David Garske 639f73fe1f Fix for client writes to not include the null term. 2020-07-21 13:42:01 -07:00
David Garske 4e637ddf10 Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases. 2020-07-21 13:34:25 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
Jacob Barthelmeh e55ca1a8cf increase example client key share group array size 2020-07-17 10:26:34 -06:00
toddouska 925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie 
DTLS session resumption fixes
 2020-07-15 14:07:34 -07:00
Tesfa Mael 890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
Juliusz Sosinowicz 3efd8a8576 Jenkins fixes 2020-07-02 14:59:07 +02:00
Juliusz Sosinowicz e63a80f1af Use `NO_SESSION_CACHE` as well in preproc checks 2020-06-30 21:21:43 +02:00
JacobBarthelmeh 26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK 
cleanup GET messages
 2020-06-25 10:22:09 -06:00
kaleb-himes fdce5152c5 Address peer feedback 2020-06-24 11:25:12 -06:00
David Garske 352328348a For example client "-H verifyFail", which was not setting the verify callback. 2020-06-18 12:54:47 -07:00
David Garske 667d9ca896 Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found. 2020-06-18 09:26:50 -07:00
Juliusz Sosinowicz 03c5359fcd Add session resumption testing for DTLS 2020-06-18 14:18:02 +02:00
Juliusz Sosinowicz f2d2dadc89 ASYNC: Fix issues with TLS and DTLS 2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz 7b604ad714 WIP 2020-06-12 11:36:43 +02:00
David Garske dffc677561 Fix for TLS v1.3 with `--enable-sniffer`. 2020-06-04 16:42:40 -07:00
David Garske ad93813d75 Fix for expected failure case on client write. Resolves test-fails.con `server TLSv1.3 fail on no client certificate` test. 2020-06-04 15:31:18 -07:00
David Garske d4fdd1e590 Fix for TLS v1.3 test PSK callback to support cipher list. Add support for `GetCipherSuiteFromName` to accept a name ending with colon. 2020-06-04 15:31:18 -07:00
David Garske 3b63e55a68 Fix for TLS v1.3 PSK tests work with additional cipher suites (not just `TLS13-AES128-GCM-SHA256`) and the echo server/client. 2020-06-04 15:31:18 -07:00
kaleb-himes 2285071fbc Use old convention, consolidate assignments 2020-06-04 09:34:49 -06:00
kaleb-himes 923fc30043 Change to memcpy 2020-06-03 17:36:40 -06:00
kaleb-himes 8c3f7a77ca cleanup GET messages 2020-06-03 16:53:36 -06:00
Sean Parkinson c153873337 Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3 2020-04-27 16:17:03 +10:00
toddouska cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4 
Fixes from cppcheck
 2020-04-09 16:01:11 -07:00
Sean Parkinson 411aee6e05 Fixes from cppcheck 
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
 2020-04-08 09:46:22 +10:00
toddouska 65cf5a0d46
Merge pull request #2802 from embhorn/zd9764 
Fix for bidirectional shutdown
 2020-04-07 13:03:54 -07:00
Eric Blankenhorn b1ec15de3e Only try shutdown once in example 2020-04-01 17:48:17 -05:00
Eric Blankenhorn 3f7ce61dbd Updates from review 2020-04-01 11:14:25 -05:00