Commit Graph

482 Commits

Author SHA1 Message Date
JacobBarthelmeh 81c3d26dde update macro guards for coexist build and use ret when getting SSL error 2026-03-23 22:46:34 -04:00
JacobBarthelmeh 3d62a6fe09 adjustment for openssl coexist build with the examples 2026-03-23 21:51:10 -04:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
night1rider 0442918391 Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample. Replace removed Kconfig options (PTHREAD_IPC, POSIX_CLOCK, NET_SOCKETS_POSIX_NAMES) with version-conditional config fragments and fix min/max macro collision with Zephyr's sys/util.h. 2026-03-10 14:23:47 -06:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Daniel Pouzzner 8e03d0523c wolfssl/test.h: add missing wc_HmacFree()s in myMacEncryptCb(), myDecryptVerifyCb(), myEncryptMacCb(), myVerifyDecryptCb(). 2025-12-17 11:01:10 -06:00
David Garske 658ea305d1 Fix issue with poorly written macros 2025-11-18 14:15:22 -08:00
Juliusz Sosinowicz 5069d977ed testsuite_test: reset ready in between uses
This should fix the constant intermittent failures in GH CI.
2025-10-07 18:30:36 +02:00
Kareem b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
Ruby Martin cf3f7b9911 modify argument for unsigned int
adjust warning for invalidPrintfArgType
2025-08-07 16:48:46 -06:00
gojimmypi 7c9327a36b Please use DEBUG_WOLFSSL not WOLFSSL_DEBUG 2025-08-05 12:19:30 -07:00
JacobBarthelmeh 9aace48189 remove QEMU test host name lookup feature 2025-07-28 17:04:33 -06:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
Josh Holtrop 8bde5e6982 Fix printing empty names in certificates
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
2025-06-13 11:22:52 -04:00
jordan efd5405d0e coverity: fix check_after_deref, assignment_where_comparison_intended, uninit vars, return values, etc. 2025-05-05 13:18:29 -05:00
Jiri Malak 17a0081261 correct line length to be shorter then 80 characters 2025-02-26 08:02:43 +01:00
Jiri Malak ddfbbc68ac various fixes for Open Watcom build
- fix build for OS/2
- fix build for Open Watcom 1.9
2025-02-25 22:52:36 +01:00
Jiri Malak d066e6b9a5 correct comment for _WINSOCKAPI_ macro manipulation
The issue is with MINGW winsock2.h header file which is not compatible
with Miscrosoft version and handle _WINSOCKAPI_ macro differently
2025-02-23 11:15:38 +01:00
Juliusz Sosinowicz 301a9a97cc Don't use buffer as it can shadow global declarations 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
Daniel Pouzzner 1e17d737c8 "#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h. 2025-02-06 18:41:20 -06:00
David Garske 60c5a0ac7f Peer review feedback. Thank you @jmalak 2025-02-04 14:32:24 -08:00
David Garske 345c969164 Fixes for Watcom compiler and new CI test
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
night1rider 6617a8afca Updating Client/Server with myGenExtMaster Callback 2024-12-19 16:27:35 -07:00
David Garske 314f7575fa Fixes for macro names. 2024-12-09 08:30:47 -08:00
JacobBarthelmeh 1bfbdb6c7f Merge pull request #8257 from dgarske/settings_h
Fix issue with wc_lms_impl.c or wc_lms not including settings.h
2024-12-05 11:43:43 -07:00
David Garske 1e9607b65e Fixes for ML-DSA and LMS cast warnings and spelling errors. 2024-12-05 08:34:58 -08:00
Daniel Pouzzner bfeb0ad48e expand opensslcoexist to all low level crypto APIs. 2024-11-22 19:27:56 -06:00
JacobBarthelmeh 6dd00abb74 Merge pull request #7771 from aidangarske/InitSuites_Orderadj
`InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256`
2024-11-22 10:15:32 -07:00
David Garske ef67b1c06a Support for building without wolfssl/openssl header files. ZD 18465
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
aidan garske b79423fae9 Merge remote-tracking branch 'origin/master' into InitSuites_Orderadj 2024-11-18 10:07:10 -08:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
Sean Parkinson ac788ec40d Merge pull request #7995 from julek-wolfssl/dtls12-cid
Implement DTLS 1.2 Connection ID (CID)
2024-10-02 09:00:59 +10:00
JacobBarthelmeh 45b88048c2 make macro unique to wolfSSL 2024-09-25 15:59:57 -06:00
JacobBarthelmeh d72c0b372c Merge pull request #7990 from buchstabenwurst/master
Add support for (DevkitPro)libnds
2024-09-25 15:52:34 -06:00
Juliusz Sosinowicz 99a99e3d6e Implement DTLS 1.2 Connection ID (CID) 2024-09-20 15:31:01 +02:00
Juliusz Sosinowicz d7303664b5 memmem is only being used in testing so move it there 2024-09-19 15:54:20 +02:00
Joshua Okeleke 337456cc1e Add support for (DevkitPro)libnds 2024-09-18 21:27:53 +02:00
Daniel Pouzzner 5b337e69d9 Merge pull request #7961 from philljj/fips_pkcallback
Update HAVE_FIPS define guard in test.h.
2024-09-12 18:18:48 -05:00
Daniel Pouzzner ad7c25b409 Merge pull request #7823 from cconlon/rsaPssSignPkCallbackNoPrehashTls13
PK callbacks: add build option to give full data to TLS 1.3 RSA-PSS sign callback instead of hash
2024-09-12 15:40:59 -05:00
jordan ea57e82395 Update HAVE_FIPS define guard in test.h. 2024-09-11 08:20:15 -05:00
Sean Parkinson ed7beb4e0e Type conversion fixes
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
Chris Conlon a918c0e080 Add TLS13_RSA_PSS_SIGN_CB_NO_PREHASH for TLS 1.3 RSA-PSS PK sign callback without prehash 2024-08-01 15:41:28 -06:00
David Garske 6d39a78dba Fix for using sprintf.
Resolves warning:

```
./configure CC="gcc -fsanitize=address" && make
In file included from ./wolfclu/clu_header_main.h:71:
/usr/local/include/wolfssl/test.h:1103:18: error: 'sprintf' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Werror,-Wdeprecated-declarations]
        strLen = sprintf(serialMsg, " %s", words[3]);
                 ^
```
2024-07-29 11:22:32 -07:00
aidan garske f8814fb68f InitSuites changes to order making BUILD_TLS_AES_256_GCM_SHA384 be prioritized over BUILD_TLS_AES_128_GCM_SHA256 to match TLS 1.2. 2024-07-19 13:14:10 -07:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
JacobBarthelmeh ebdc8b9a32 rename of macros, add descriptions, minor fixes 2024-05-30 14:48:52 -06:00