Commit Graph

4068 Commits

Author SHA1 Message Date
David Garske 92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream
Fix to advance past multiple recipients
2025-10-06 11:27:03 -07:00
Juliusz Sosinowicz f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz 32e24e8199 Suppress Coverity deadcode warning in test_ocsp_tls_cert_cb 2025-10-06 16:26:45 +02:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Kareem abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Daniel Pouzzner b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Daniel Pouzzner c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245
DTLS SRTP should also do a cookie exchange since it uses UDP
2025-09-30 20:36:27 -05:00
Daniel Pouzzner b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Daniel Pouzzner 1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3
Fix building and running tests and examples with coding/PEM support disabled.
2025-09-30 20:34:46 -05:00
Daniel Pouzzner 42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello
Add support for certificate_authorities extension in ClientHello
2025-09-30 20:33:16 -05:00
Kareem a3a08e81a9 Fix running tests in FIPS mode with hash DRBG disabled. 2025-09-30 16:15:21 -07:00
Daniel Pouzzner b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
2025-09-30 16:22:41 -05:00
Juliusz Sosinowicz d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Juliusz Sosinowicz f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Mattia Moffa 26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
Mattia Moffa 4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
Reda Chouk e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Mattia Moffa 5efc4a7cd0 Fix tests 2025-09-19 16:45:15 +02:00
Kareem 23f595586d Fix building with --enable-keygen --enable-rsavfy. 2025-09-18 16:21:08 -07:00
Reda Chouk 8f47b4bb08 Prevent DTLS clients from replaying ClientHello
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Mattia Moffa 3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem 989a9da65a Move CERT_FILETYPE definition. 2025-09-12 16:33:29 -07:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske 3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
David Garske 71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export
Fix test_wolfSSL_tls_export
2025-08-26 12:11:49 -07:00
Juliusz Sosinowicz d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz 5934c1eece Fix test_wolfSSL_tls_export
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
2025-08-26 11:04:54 +02:00
Sean Parkinson 115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Kareem 623c593210 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_verify 2025-08-25 11:36:12 -07:00
Daniel Pouzzner e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER;
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
2025-08-22 21:58:00 -05:00
Kareem c2eeeafdbe Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-08-22 13:56:44 -07:00
JacobBarthelmeh bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
2025-08-22 14:43:46 -06:00
Kareem 4a067fa1bc Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it
may be skipped, modifying the return code.
2025-08-22 11:29:21 -07:00
Kareem 077beaecd8 Fix memory leak in unit test, fix for loop syntax. 2025-08-21 16:33:57 -07:00
Kareem b53db94f1e x509_verify_cert: Code review feedback. 2025-08-21 15:35:29 -07:00
Josh Holtrop 98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Kareem cb985dcfa8 ECC required for newly added unit test. 2025-08-18 10:21:54 -07:00
Kareem 1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem 6b01053d98 Add test case for new x509_verify_cert retry functionality.
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Sean Parkinson 0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Juliusz Sosinowicz ffe3d80f8d Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Daniel Pouzzner c5bbf4c7e0 Merge pull request #9085 from effbiae/while-pending
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00
Kareem c535e281c6 Skip unit test when using Apple native cert validation. 2025-08-14 11:34:15 -07:00