9be390250d
Adding support for dual key/signature certificates. ( #7112 )
...
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
2024-01-18 13:20:57 -08:00
7223b5a708
Fix spelling warnings
2023-11-22 12:34:56 -06:00
2b1c61a013
Merge pull request #6949 from bigbrett/zd16925
...
fix WOLFSSL_CALLBACK memory error
2023-11-08 23:35:32 -07:00
ba37dc9933
Fixes bug where example server with WOLFSSL_CALLBACKS hangs when used with
...
-6 option (simulated WANT_WRITE errors) or with DTLS, causing make check
to fail
2023-11-07 11:44:20 -07:00
aed715cb2c
dtls 1.3: allow to skip cookie exchange on resumption
...
tls 1.3: do cookie exchange when asked too even when found a matching cipher
2023-10-31 14:29:04 +01:00
79a6e1eb04
Merge pull request #6808 from SparkiDev/sp_sm2
...
SP updates for SM2
2023-10-13 10:17:17 -06:00
0cc21a42f3
SP updates for SM2
...
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
2023-10-13 08:14:15 +10:00
85a596e54a
DTLS 1.3: allow fragmenting the second ClientHello message
...
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
2023-10-09 12:54:11 +02:00
7262a30074
Fixes for NO_FILESYSTEM config
2023-08-30 13:54:49 -05:00
e51ca7941f
fixes for code warned by clang-tidy:18 and cppcheck-2.11:
...
bugprone-inc-dec-in-conditions: examples/server/server.c:server_test(), src/internal.c:MatchDomainName(), src/x509.c:wolfSSL_X509_set_ext(), wolfcrypt/src/asn.c:MatchBaseName()
missingReturn: wolfcrypt/src/wc_port.c:mystrnstr()
bugprone-unused-return-value: wolfcrypt/src/wc_port.c:wolfSSL_NewThreadNoJoin()
clang-analyzer-deadcode.DeadStores: wolfssl/test.h:udp_accept()
2023-08-05 12:28:41 -05:00
67d6d438c5
Port testing to wolfSSL threading interface
2023-08-04 10:49:39 +02:00
ab953c3141
Update VS project files
2023-07-31 15:37:48 -04:00
136738fd33
Avoid mult-byte code error
2023-07-27 17:04:41 +09:00
3d68bcd6f7
Jenkins fixes
2023-07-03 14:02:51 +02:00
bff2cf5690
Add crl monitor unit testing
2023-07-03 14:02:51 +02:00
6b240fa41a
Refactor HAVE_PTHREAD and _POSIX_THREADS ( #6536 )
...
* HAVE_PTHREAD gate in test.h
* add config.h and settings.h to test.h
* added config.h and settings.h to other test.h in wolfcrypt/test
* settings #ifdef _POSIX_THREADS HAVE_PTHREAD
* cyassl settings _POSIX_THREADS HAVE_PTHREAD
* undo cyassl _POSIX_THREADS HAVE_PTHREAD
* move settings.h #include in both test.h
* add !defined(SINGLE_THREADED) logic
* refactor HAVE_PTHREAD, _POSIX_THREADS
2023-06-26 07:32:20 -07:00
8851065848
cppcheck fixes
...
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
fc6d693dae
Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of `SSL_SUCCESS` and `SSL_FAILURE`. Add `WOLFSSL_DEBUG_NONBLOCK` option to allow printing iterations without debug enabled.
2023-02-21 12:02:15 -08:00
b624fc8377
TLS 1.3 PSK: add option to require only PSK with DHE
...
Can specify only PSK without DHE.
Add only PSK with DHE.
2023-02-16 09:21:29 +10:00
0b0b980784
fix an oversight in wolfSentry integration in examples/{client,server}.
2023-01-05 17:59:10 -06:00
43265669c6
fix warnings around clang-diagnostic-embedded-directive and readability-uppercase-literal-suffix; update wolfSentry integration for upcoming release 0.8.0.
2023-01-05 00:13:17 -06:00
023db01aca
* Fixed some build configuration variations.
...
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:59:59 -08:00
9dcc48c8f7
update copyright to 2023
2022-12-30 17:12:11 -07:00
9a7ff8773b
add --with-libsuffix support, append suffix to library artifact name
2022-12-21 13:31:07 -07:00
fffd3adc30
Warn that renegotiation in TLS 1.3 requires session ticket.
2022-12-12 11:30:01 -05:00
a2fb4c0788
Remove kyber-90s and route all kyber through wolfcrypt.
2022-11-30 17:17:28 -05:00
0bfa5c9836
Purge NTRU and SABER. Not going to be standardized.
2022-11-25 14:54:08 -05:00
48ba365fd6
fixes for defects:
...
clang-analyzer-deadcode.DeadStores in examples/server/server.c;
-Werror=use-after-free and LeakSanitizer Direct leak in tests/api.c;
nullPointerRedundantCheck in src/pk.c which identified a semantically consequential flub.
2022-11-08 14:04:16 -06:00
1ee3a78e4a
Fixes for various tests that do not properly handle `WC_PENDING_E`.
2022-11-04 14:56:40 -07:00
895a2e1ac5
WOLFSSL_CALLBACKS codepaths: fixes for bugprone-unused-return-value, bugprone-macro-parentheses, readability-named-parameter, and clang-analyzer-deadcode.DeadStores
2022-10-18 13:34:42 -05:00
927f4c445d
additional sanity checks on debug callback
2022-10-11 13:14:59 -07:00
005f77180b
PSK only TLS: fix ENCRYPT_LEN
...
Allow no PK algorithms and TLS to build and test.
Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00
08b89fbef9
server: add optional argument to -J disable hrr cookie
2022-09-01 09:37:35 +02:00
565d1b33e5
Update examples to allow post quantum KEM within DTLS 1.3
2022-08-30 18:39:57 +12:00
a0448155d5
Fix for type warnings in example for DTLS CID `./configure --enable-dtls --enable-dtlscid --enable-dtls13`.
2022-08-24 16:02:05 -07:00
90fcd95f9b
server/client: add --cid option to use ConnectionID extension
2022-08-23 16:58:24 +02:00
3d8562f07b
Fixes for build and runtime issues
2022-08-19 08:12:04 -05:00
969ad96dee
examples/{client,server}/{client,server}.c: remove spurious commas in --pqc help strings, and mollify clang-tidy bugprone-suspicious-missing-comma re --force-curve help strings. ( #5480 )
2022-08-18 13:32:58 -04:00
aa812c8aa9
Added support for P384 pre-share in server ( #5442 )
...
Added support for new server `--force-curve` option.
2022-08-17 15:30:48 -07:00
995100eed1
Fix for handling `WC_PENDING_E` from decrypt session ticket callback. ZD14420
2022-08-10 22:20:49 -07:00
8605195709
Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420.
2022-07-20 16:43:17 -07:00
8eaa85e412
update copyright year to 2022
2022-07-19 10:44:31 -06:00
fd4836772b
examples: support DTLS version downgrading
2022-07-06 16:18:44 +02:00
80f3db6e1d
fix: examples/server: dtls mode checking
...
This fixes using ssl to check if we are using dtls or not, when ssl is not yet
valid.
Fix: 060dfe1a69
2022-07-04 10:21:11 +02:00
b87b255d52
Merge pull request #5295 from rizlik/dtls13_bugfix
...
server: fix wrong minVersion setting when non in dtls
2022-06-28 09:35:23 -07:00
14c65e0117
Merge pull request #5281 from miyazakh/example_japanese_translate
2022-06-28 10:08:06 -06:00
060dfe1a69
server: fix wrong minVersion setting when non in dtls
2022-06-28 12:10:18 +02:00
c34c32f621
translated Japanese messages
2022-06-24 08:09:28 +09:00
a5250482ce
examples/: refactor a couple help strings to avoid hitting clang-tidy bugprone-suspicious-missing-comma.
2022-06-23 15:25:23 -05:00
fdc4cdf5ec
examples: update usage() with DTLSv1.3 version
2022-06-22 18:50:18 +02:00
Anthony Hu
Eric Blankenhorn
JacobBarthelmeh
Brett Nicholas
Juliusz Sosinowicz
Sean Parkinson
Daniel Pouzzner
Andras Fekete
Takashi Kojo
gojimmypi
David Garske
Chris Conlon
Anthony Hu
Marco Oliverio
CallumMcLoughlin
Peter Torelli
Hideki Miyazaki