David Garske
533e9b0859
Merge pull request #9995 from julek-wolfssl/zd/21341
...
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
2026-03-19 12:27:38 -07:00
Juliusz Sosinowicz
0644369456
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
...
ZD21341
2026-03-17 14:59:04 +01:00
Tobias Frauenschläger
10b98733f2
Add tests for individual ML-KEM levels (based on #9777 )
...
Also fix minor problems found with these tests
2026-03-17 12:43:15 +01:00
JacobBarthelmeh
93fc517dd1
add NO_RSA macro guard to test case
2026-03-16 08:58:15 -06:00
JacobBarthelmeh
bbf3beef35
fix to free CRL reason extension
2026-03-13 16:17:52 -06:00
JacobBarthelmeh
351d2594ac
Merge pull request #9938 from SparkiDev/regression_fixes_23
...
Fixes from regression testing
2026-03-12 14:41:18 -06:00
JacobBarthelmeh
a05a3ed1c2
Merge pull request #9940 from cconlon/pathLenSet
...
Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext
2026-03-12 10:34:58 -06:00
Sean Parkinson
bbd2f6f898
Fixes from regression testing
...
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00
Chris Conlon
354691d24a
Copy pathlen in ASN1_OBJECT_dup() and set pathLengthSet in X509_add_ext() when adding basic constraints with a path length
2026-03-11 09:59:19 -06:00
Juliusz Sosinowicz
6fc83e292b
Address code review
2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz
4578e1390f
Implement OCSP responder
...
OCSP Responder Core API:
- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM
Header Cleanup:
- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h
OCSP Responder Example (examples/ocsp_responder/):
- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client
Test Scripts (scripts/):
- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling
Certificate Infrastructure (certs/ocsp/):
- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions
Known Limitations (documented in src/ocsp.c header comment):
- Single request/response per OCSP exchange only
- Key-hash responder ID only (no name-based responder ID)
- No singleExtensions support
2026-03-11 10:21:16 +01:00
Daniel Pouzzner
ad21c89ba8
Merge pull request #9944 from JacobBarthelmeh/revert-pr9909
...
revert PR 9909
2026-03-10 19:38:57 -05:00
Daniel Pouzzner
e3e5179cf8
Merge pull request #9869 from JacobBarthelmeh/f356
...
fix for sanity checks on serial input
2026-03-10 19:30:46 -05:00
Daniel Pouzzner
df504300db
Merge pull request #9863 from JacobBarthelmeh/f361
...
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-10 19:29:46 -05:00
Daniel Pouzzner
65092ab5eb
Merge pull request #9838 from SparkiDev/slhdsa_1
...
FIPS 205, SLH-DSA: implementation
2026-03-10 19:28:59 -05:00
JacobBarthelmeh
528b22140b
revert PR 9909
2026-03-10 14:47:21 -06:00
JacobBarthelmeh
cbf5264d1c
replace comment character with allowed character
2026-03-10 10:23:10 -06:00
JacobBarthelmeh
6e56635a09
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-09 10:41:01 -06:00
Eric Blankenhorn
4b09fb36d9
Add test test_tls13_derive_keys_no_key
2026-03-09 09:49:37 -06:00
Sean Parkinson
39b34333d6
FIPS 205, SLH-DSA: implementation
...
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner
467f16f47d
Merge pull request #9913 from julek-wolfssl/fenrir/365
...
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner
68e085df45
Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
...
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
JacobBarthelmeh
68a1f6f756
remove special characters, use simple ASCII characters
2026-03-06 17:30:48 -07:00
JacobBarthelmeh
013e2c8fdf
remove special characters, use simple ASCII characters
2026-03-06 17:22:25 -07:00
Daniel Pouzzner
b08f959412
tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA.
2026-03-06 17:01:40 -06:00
Tobias Frauenschläger
a2622746cd
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz
1537f83c24
Enforce null compression in compression_methods list`
...
F-365
2026-03-06 16:56:09 +01:00
Daniel Pouzzner
63bee12c92
Merge pull request #9875 from Frauschi/f-158
...
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner
663187150e
Merge pull request #9878 from embhorn/f377
...
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner
ff493c2979
Merge pull request #9834 from padelsbach/padelsbach/finding-23
...
Fix OCSP->CRL fallback
2026-03-05 15:33:25 -06:00
JacobBarthelmeh
37e3a8f3bd
fix for sanity checks on serial input
2026-03-05 14:23:44 -07:00
Daniel Pouzzner
c65e3e50fd
Merge pull request #9825 from embhorn/zd21240
...
Fix issue in TLS_hmac size calculation
2026-03-05 15:16:47 -06:00
Daniel Pouzzner
178f96c483
Merge pull request #9854 from sameehj/rsa-pss-fix
...
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
2026-03-05 15:03:46 -06:00
Tobias Frauenschläger
11fc781d0d
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 18:21:02 +01:00
Eric Blankenhorn
998967ea41
Fix review feedback
2026-03-05 08:51:52 -06:00
Eric Blankenhorn
7f487b9869
Fix checkPad to test for zero padding
2026-03-05 08:32:18 -06:00
Daniel Pouzzner
f04e6e8718
tests/api.c and tests/api/test_pkcs7.c: fixes for CFLAGS="-Og" --enable-all (PRB-single-flag.txt line 3).
2026-03-04 14:46:20 -06:00
JacobBarthelmeh
be245dc4d7
adjust macro guard on test case
2026-03-04 11:20:08 -07:00
JacobBarthelmeh
6b3dec4898
additional sanity check on number of groups passed to set groups function
2026-03-04 10:20:09 -07:00
Sameeh Jubran
441bcbb680
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
...
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-03-04 12:24:08 +02:00
JacobBarthelmeh
5a26692ee9
Merge pull request #9818 from julek-wolfssl/sssd-2.10.2
...
sssd 2.10.2 changes
2026-02-26 16:23:00 -07:00
Eric Blankenhorn
1cdb2974a9
Fix test cleanup
2026-02-26 14:51:49 -06:00
JacobBarthelmeh
85228f088e
Merge pull request #9824 from embhorn/zd21239
...
Fix issues in TLS Extension size calculations
2026-02-26 13:47:54 -07:00
Paul Adelsbach
ebda79fadb
Fix OCSP->CRL fallback
2026-02-26 11:44:50 -08:00
JacobBarthelmeh
ba859d21fa
Merge pull request #9817 from LinuxJedi/static-fixes4
...
Static code analysis fixes
2026-02-26 12:03:24 -07:00
Eric Blankenhorn
e6a4cb232c
Fix issue in TLS_hmac size calculation
2026-02-26 10:26:20 -06:00
Eric Blankenhorn
be7f934157
Add test case
2026-02-26 10:18:31 -06:00
Juliusz Sosinowicz
fe85ca643a
Add test for EC_POINT_dup
2026-02-26 15:18:36 +01:00
JacobBarthelmeh
ee616b4774
Merge pull request #9828 from rizlik/sigalgofix
...
tls13: don't create a new suite in CertificateRequest, fallback to WOLFSSL_SUITES(sa->ssl)
2026-02-25 14:08:09 -07:00