Commit Graph

3787 Commits

Author SHA1 Message Date
David Garske 3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix
wolfSSL_shutdown: handle non-blocking I/O
2025-10-14 12:50:57 -07:00
Marco Oliverio 4280b52bff test: increase coverage for multiple wolfSSL_shutdown test 2025-10-14 10:05:11 +02:00
Marco Oliverio 6b0e24eed2 test_memio: support WANT_WRITE simulation 2025-10-13 16:27:55 +02:00
effbiae 6bda10abd0 define WOLFSSL_SMALL_STACK in tests and benchmark for ASYNC 2025-10-11 11:40:30 +11:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
David Garske 8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering
Add message order sanity checks
2025-10-10 10:26:34 -07:00
David Garske f8c2e9c000 Merge pull request #9134 from JacobBarthelmeh/csharp
update mono build README instructions
2025-10-10 09:21:07 -07:00
Juliusz Sosinowicz 42238c57b7 Improve documentation and add comments to test_memio buffer utilities 2025-10-10 11:52:47 +02:00
Juliusz Sosinowicz 8233d0d8a2 test_memio_move_message: add docs 2025-10-08 16:20:39 +02:00
Juliusz Sosinowicz b32c1aa15c fixup! Add message order sanity checks 2025-10-08 13:33:09 +02:00
Juliusz Sosinowicz 10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz 6fbbdf9324 Add message order sanity checks
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
2025-10-08 11:11:03 +02:00
JacobBarthelmeh 33030c2862 fix for macro guard in dtls test case 2025-10-07 16:27:18 -06:00
Kareem 233e574f32 Merge remote-tracking branch 'upstream/master' into zd20595 2025-10-07 14:23:21 -07:00
Kareem 931384a117 Merge branch 'master' into zd20595 2025-10-07 14:21:46 -07:00
David Garske b75af93a05 Merge pull request #9278 from JacobBarthelmeh/pkcs7_stream
coverity warnings on test case, CID 549270 and 549271
2025-10-07 10:19:01 -07:00
David Garske b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
2025-10-07 08:51:26 -07:00
JacobBarthelmeh 1237a5468f coverity warnings on test case, CID 549270 and 549271 2025-10-07 09:35:37 -06:00
David Garske d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout
Reset DTLS 1.3 timeout
2025-10-07 07:57:17 -07:00
David Garske 92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream
Fix to advance past multiple recipients
2025-10-06 11:27:03 -07:00
Juliusz Sosinowicz f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz 32e24e8199 Suppress Coverity deadcode warning in test_ocsp_tls_cert_cb 2025-10-06 16:26:45 +02:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Kareem abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Daniel Pouzzner b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Daniel Pouzzner c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245
DTLS SRTP should also do a cookie exchange since it uses UDP
2025-09-30 20:36:27 -05:00
Daniel Pouzzner b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Daniel Pouzzner 1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3
Fix building and running tests and examples with coding/PEM support disabled.
2025-09-30 20:34:46 -05:00
Daniel Pouzzner 42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello
Add support for certificate_authorities extension in ClientHello
2025-09-30 20:33:16 -05:00
Kareem a3a08e81a9 Fix running tests in FIPS mode with hash DRBG disabled. 2025-09-30 16:15:21 -07:00
Daniel Pouzzner b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
2025-09-30 16:22:41 -05:00
Juliusz Sosinowicz d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Juliusz Sosinowicz f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Mattia Moffa 26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
Mattia Moffa 4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
Reda Chouk e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Mattia Moffa 5efc4a7cd0 Fix tests 2025-09-19 16:45:15 +02:00
Kareem 23f595586d Fix building with --enable-keygen --enable-rsavfy. 2025-09-18 16:21:08 -07:00
Reda Chouk 8f47b4bb08 Prevent DTLS clients from replaying ClientHello
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Mattia Moffa 3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem 989a9da65a Move CERT_FILETYPE definition. 2025-09-12 16:33:29 -07:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske 3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00