Commit Graph

482 Commits

Author SHA1 Message Date
David Garske 533e9b0859 Merge pull request #9995 from julek-wolfssl/zd/21341
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
2026-03-19 12:27:38 -07:00
JacobBarthelmeh 6f386fd6b2 Merge pull request #9981 from julek-wolfssl/fenrir/260316
Fenrir fixes
2026-03-17 08:36:11 -06:00
Juliusz Sosinowicz 0644369456 Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
ZD21341
2026-03-17 14:59:04 +01:00
Tobias Frauenschläger 10b98733f2 Add tests for individual ML-KEM levels (based on #9777)
Also fix minor problems found with these tests
2026-03-17 12:43:15 +01:00
Juliusz Sosinowicz 43a36a17d4 Upgrade deprecated GitHub Actions to v4
F-876
2026-03-16 15:14:26 -07:00
Daniel Pouzzner 416072f298 Merge pull request #9969 from Frauschi/mlkem_wconversion
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
Tobias Frauenschläger 3b4e51c150 ML-KEM Wconversion fixes
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
Tobias Frauenschläger da94ea6265 Move PQC algos out of experimental in CMake
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00
JacobBarthelmeh 156db7dd2d Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
night1rider 352daa085b Add test case for free ecc/dilithum callback for expected behavior to match existing free callback code paths 2026-03-12 14:18:31 -06:00
JacobBarthelmeh a8dfa59bbe Merge pull request #9761 from julek-wolfssl/ocsp-responder
Implement OCSP responder
2026-03-11 17:27:33 -06:00
sebastian-carpenter c3a38dced7 testing + bug fixes for TLS ECH 2026-03-11 08:56:26 -06:00
Juliusz Sosinowicz 931d056688 Add stapling to test scripts/ocsp-stapling-with-wolfssl-responder.test 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
Daniel Pouzzner 3203610249 Merge pull request #9925 from sameehj/fix-compilation
Fix undefined variable tls1 in InitSuites for PSK cipher suite
2026-03-10 19:34:05 -05:00
Daniel Pouzzner f1508c910a Merge pull request #9930 from julek-wolfssl/fenrir/260903
Fenrir fixes
2026-03-10 19:32:56 -05:00
Juliusz Sosinowicz ae3fcb5601 Update setup-msbuild action
F-534
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 186aaadf87 Pin actions/checkout version
F-529
2026-03-10 09:52:06 +01:00
Sameeh Jubran 1825952783 Fix undefined variable tls1 in InitSuites for PSK cipher suite
The WOLFSSL_OLDTLS_SHA2_CIPHERSUITES else-branch for
BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 referenced undeclared variable
`tls1` instead of `tls`, a copy-paste typo from commit a975ba9e97
(2019). This caused a compilation error when both WOLFSSL_STATIC_PSK
and WOLFSSL_OLDTLS_SHA2_CIPHERSUITES were defined.

Add PSK CI config with WOLFSSL_OLDTLS_SHA2_CIPHERSUITES to prevent
regressions.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-09 14:51:59 +02:00
Sean Parkinson 39b34333d6 FIPS 205, SLH-DSA: implementation
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Juliusz Sosinowicz 4a29af3062 Apply copilot suggestions 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 5c7acedcbe Configure wolfSSL to disable old names for softhsm 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz fb82496244 Add Python CI workflow and Blake2 EVP support
- Add a GitHub Actions workflow to automate testing of Python integration
- Implement Blake2b and Blake2s hash functions into the EVP API.
- Improve OpenSSL compatibility by standardizing ASN.1 encoding for
serial numbers and registered IDs, streamlining cipher stack management, and optimizing stack node copying.
- Enforce maximum fragment size during data transmission to ensure proper TLS/DTLS record fragmentation.
2026-03-06 08:27:41 +01:00
Daniel Pouzzner fc677d7d52 Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
David Garske 41137eed10 Add tests for async with crypto callbacks 2026-02-27 14:35:02 -08:00
David Garske 9102df3c83 Merge pull request #9837 from jackctj117/PKCS7-unused-variable
Fix unused variable warning in PKCS7 without WC_RSA_PSS
2026-02-27 11:27:13 -08:00
JacobBarthelmeh ff84de2680 Merge pull request #9807 from julek-wolfssl/msmtp-1.8.28
Add msmtp action
2026-02-26 16:35:25 -07:00
JacobBarthelmeh fd61a2b659 Merge pull request #9816 from julek-wolfssl/socat-1.8.0.3
Changes for socat 1.8.0.3
2026-02-26 16:31:51 -07:00
JacobBarthelmeh 5a26692ee9 Merge pull request #9818 from julek-wolfssl/sssd-2.10.2
sssd 2.10.2 changes
2026-02-26 16:23:00 -07:00
Sean Parkinson b9838aa563 Merge pull request #9711 from julek-wolfssl/nginx-1.28.0
nginx 1.28.1 fixes
2026-02-27 08:39:10 +10:00
jackctj117 1f9dd3c955 Fix unused variable warning in PKCS7 without WC_RSA_PSS 2026-02-26 14:04:49 -07:00
Juliusz Sosinowicz fc0ec06e72 sssd 2.10.2 changes 2026-02-26 15:18:36 +01:00
JacobBarthelmeh 5a72a37b58 Merge pull request #9806 from julek-wolfssl/bind-9.20.11
Add bind 9.20.11 to the test matrix
2026-02-25 16:45:30 -07:00
Josh Holtrop 67c500ec87 Rust wrapper: add mlkem module 2026-02-25 14:16:20 -05:00
JacobBarthelmeh b5b7dc89ac Merge pull request #9819 from holtrop-wolfssl/rust-ml-dsa
Rust wrapper: add dilithium module
2026-02-25 10:18:03 -07:00
Juliusz Sosinowicz 5c38f440fa Add msmtp action
Depends on https://github.com/wolfSSL/osp/pull/317
2026-02-25 17:58:38 +01:00
JacobBarthelmeh b63f878300 Merge pull request #9742 from sameehj/pkcs7-rsa-pss
pkcs7: add RSA-PSS support for SignedData
2026-02-25 09:55:00 -07:00
Juliusz Sosinowicz ef325bbed8 Changes for socat 1.8.0.3 2026-02-25 17:04:11 +01:00
Juliusz Sosinowicz e9a2f27b2c Address peer review 2026-02-25 15:46:20 +01:00
Juliusz Sosinowicz 38b52d8079 nginx 1.28.1
### `wolfssl/internal.h`

- **`InternalTicket` struct gains a flexible array member**: A new `peerCert[]` field (with a preceding `peerCertLen[2]`) is added to `InternalTicket`. This allows the peer's DER-encoded certificate to be stored directly inside the session ticket.
- **`ExternalTicket` struct becomes variable-length**: The `enc_ticket` field is changed from a fixed-size array to a flexible array member (`byte enc_ticket[]`). The `mac` field is removed from the struct — the MAC is now placed dynamically after the encrypted data in `enc_ticket`.

### `src/internal.c`

- The `GetRecordHeader` function now only adds `MAX_COMP_EXTRA` to the maximum allowed record size when `ssl->options.usingCompression` is true, tightening the length validation. The max fragment length extension check is now much stricter.
- **Peer certificate is serialized into the ticket**: During ticket creation, the code attempts to find the peer certificate from `ssl->peerCert` or from `ssl->session->chain` (fallback). If found and within `MAX_TICKET_PEER_CERT_SZ`, it's copied into `it->peerCert`. DTLS is explicitly excluded (peer cert length set to 0) to keep ticket size small for MTU constraints. If `HAVE_MAX_FRAGMENT` is defined and max fragment is not `MAX_RECORD_SIZE` for TLS 1.3, the cert is also skipped since `SendTls13NewSessionTicket` doesn't support fragmentation yet.
- **Peer certificate restoration from ticket**: On successful ticket decryption, if the ticket contains a peer certificate (`peerCertLen > 0`), it is decoded back into `ssl->peerCert` via `ParseCertRelative`/`CopyDecodedToX509`, and also added to `ssl->session->chain` via `AddSessionCertToChain`.
- The `CLEAR_ASN_NO_PEM_HEADER_ERROR` macro was rewritten to loop and remove all consecutive PEM no-start-line errors (not just the last one), wrapped in a `do { ... } while(0)` for safety.
- The `SendTicket` function is simplified to use `SendHandshakeMsg` to support fragmenting the larger ticket.

---

### `src/x509.c`

- `loadX509orX509REQFromPemBio` now accepts `TRUSTED_CERT_TYPE` in addition to `CERT_TYPE` and `CERTREQ_TYPE`.
- **Streaming BIO support**: When `wolfSSL_BIO_get_len()` returns ≤ 0 (e.g., pipes/FIFOs), the function no longer returns an error. Instead, it sets an initial buffer of `MAX_X509_SIZE` and dynamically grows (doubling) up to `MAX_BIO_READ_BUFFER` (`MAX_X509_SIZE * 16`) as data is read byte-by-byte.
- **Alternate footer detection**: For `TRUSTED_CERT_TYPE`, the PEM reader also checks for the regular `CERT_TYPE` footer (`-----END CERTIFICATE-----`) in addition to the trusted cert footer (`-----END TRUSTED CERTIFICATE-----`), so it can parse either format.
- Removed two lines that set `cert->srcIdx` to `SIGALGO_SEQ` offset. This makes `cert->srcIdx` reflect the end of parsed certificate data. This is used by `loadX509orX509REQFromBuffer` to detect where auxiliary trust data begins in trusted certificates.

---

### `src/ssl_sk.c`

- Added a `STACK_TYPE_X509_CRL` case to `wolfssl_sk_dup_data` that calls `wolfSSL_X509_CRL_dup` for deep-copying CRL stack elements. Previously, `STACK_TYPE_X509_CRL` fell through to the unsupported default case.

---

### `wolfssl/openssl/ssl.h`

- `sk_X509_dup` now maps to `wolfSSL_shallow_sk_dup` (was `wolfSSL_sk_dup`/deep copy). This matches OpenSSL's behavior where `sk_X509_dup` does a shallow copy.
- `sk_SSL_CIPHER_dup` similarly changed to `wolfSSL_shallow_sk_dup`.

---

### `src/ssl_api_cert.c`

- When `ssl->ourCert` is `NULL` and the SSL owns its cert, the function now checks if `ssl->ctx->ourCert` points to the same certificate (by comparing DER buffers). If so, it returns the ctx's `X509` pointer directly. This maintains pointer compatibility for applications (like nginx OCSP stapling) that use the `X509*` from `SSL_CTX_use_certificate` as a lookup key.

### `src/bio.c`

- When `wolfssl_file_len` returns `WOLFSSL_BAD_FILETYPE` (now returned for pipes/FIFOs), `wolfSSL_BIO_get_len` treats it as length 0 instead of propagating the error.

---

### `tests/test-maxfrag.conf` and `tests/test-maxfrag-dtls.conf`

- Removed `DHE-RSA-AES256-GCM-SHA384` test entries because the ClientKeyExchange doesn't fit in the selected max fragment length.
2026-02-25 15:19:13 +01:00
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
JacobBarthelmeh 3f3bf7501c reduce arduino coverage to avoid tests failing from external changes 2026-02-24 16:35:10 -07:00
Josh Holtrop 7af0fa497a Rust wrapper: update dilithium module after review 2026-02-24 14:23:59 -05:00
Tobias Frauenschläger 96fc896265 Wdeclaration-after-statement fixes 2026-02-24 16:20:10 +01:00
David Garske c3bc68806c Merge pull request #9811 from julek-wolfssl/ntp-4.2.8p18
Add changes for ntp 4.2.8p18
2026-02-23 10:46:11 -08:00
Juliusz Sosinowicz aff0d42686 Add bind 9.20.11 to the test matrix
Depends on https://github.com/wolfSSL/osp/pull/316
2026-02-20 23:18:36 +01:00
David Garske 9641ab4b68 Merge pull request #9805 from julek-wolfssl/openldap-2.6.9-testing
Add openldap 2.6.9 testing
2026-02-20 11:16:44 -08:00
David Garske 1e544b303f Merge pull request #9810 from julek-wolfssl/rng-tools-6.17
Add rng-tools 6.17 testing
2026-02-20 11:16:18 -08:00
Juliusz Sosinowicz a9f23ad140 Add changes for ntp 4.2.8p18
Depends on https://github.com/wolfSSL/osp/pull/319
2026-02-20 19:06:55 +01:00
Juliusz Sosinowicz ec5a901c33 Add rng-tools 6.17 testing
Depends on https://github.com/wolfSSL/osp/pull/318
2026-02-20 16:11:11 +01:00