- PR #5486 had test failures in tls13.test and quit unit.test
- the extension was no longer added in SessionTicket messages
- added extra parameter to clarify how the TLSX is used
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
- add wolfSSL_CTX_curve_is_disabled() and wolfSSL_curve_is_disabled()
to have common checks on wether a curve has been disabled by user
- add macros returning 0 for above function when OPENSSL_EXTRA is not
defined, enabling use without #fidef check
- add macros for checking if named groups are in a certain range
WOLFSSL_NAMED_GROUP_IS_FFHDE()
WOLFSSL_NAMED_GROUP_IS_PQC()
Fixed QuicTransportParam_free() use without case when compiling
with c++.
fix TLS version gating in tests/quic.c;
fix gating in src/ssl.c for wolfSSLv2_client_method() and wolfSSLv2_server_method();
reorganize prototypes in wolfssl/ssl.h for wolf*_method*() to group systematically by protocol version and gate correctly on support for that version in the build.
- new internal field for keeping early data enabled status,
as QUIC does not call SSL_write_early_data() itself.
- using read_/write_early_data() methods in QUIC handshake
when early data is enabled. This triggers the internals
that emit the proper early data indication handlings.
Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or
X448 only defined.
Don't recognize X25519 or X448 if corresponding define is not set.
Enable test in api.c.
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
added numerous missing _SMALL_STACK code paths (PK objects on the stack);
in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);
fixes for unsafe strcat()s in tests/quic.c;
fix for unsafe macro WOLFSSL_IS_QUIC();
fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);
fix for signed/unsigned clash in wolfSSL_quic_receive().
- Modify all existing tests to return an int. This moves us in the direction of
being able to return error/success from a test rather than just calling abort
when something fails. Also, all tests now have the same signature, so they can
easily be members of an array of test cases.
- Wrap each test in a TEST_CASE struct, which just stores a pointer to the test
function and the name of the test, for now. In the future, other metadata can
be added (e.g. should this test be run/skipped) to TEST_CASE, if desired.
- Modify all tests to return 0 on success. Right now, this doesn't do us much
good because the failure mechanism isn't returning some value != 0, it's
abort.
- Add TestSetup and TestCleanup functions that run before and after each test,
respectively. The former does nothing right now, and the latter clears the
error queue, if the error queue is compiled in.
wolfSSL_ERR_get_error and wolfSSL_ERR_peek_error_line_data should return the
earliest error in the queue (i.e. the error at the front), but prior to this
commit, they returned the latest/most recent one instead.
In DoAlert, we were adding an error to the queue for all alerts. However, a
close_notify isn't really an error. This commit makes it so DoAlert only adds
errors to the queue for non-close_notify alerts. In ReceiveData, similarly, we
were adding an error to the queue when the peer sent a close_notify, as
determined by ssl->error == ZERO_RETURN. Now, we don't add an error in this
case.
