Commit Graph

125 Commits

Author SHA1 Message Date
David Garske 57ef8a7caf Merge pull request #9574 from anhu/dtls_guard
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
Anthony Hu c03c2dd541 Add tests 2025-12-23 11:48:57 -05:00
Sean Parkinson b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Juliusz Sosinowicz 432f0e33f6 Fix incorrect use of CFLAGS in os-check 2025-12-17 10:28:43 +01:00
jackctj117 9db4aad468 Added --enable-certgencache to os-check 2025-12-10 10:14:39 -07:00
Juliusz Sosinowicz 32911dc6b8 Add blinding to CI 2025-11-12 17:12:35 +01:00
Josh Holtrop 32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Kareem a216ea170c Add test case for --enable-coding=no. 2025-09-12 16:11:07 -07:00
Juliusz Sosinowicz 74c7115cc1 Revert "Fix building with --coding=no/WOLFSSL_PEM_TO_DER undefined." 2025-09-10 18:07:57 +02:00
Kareem 183aa7a214 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20038_2 2025-09-02 16:17:18 -07:00
Ruby Martin 8b1422a869 add configuration for WOLFSSL_MEM_CHECK_ZERO 2025-08-27 16:12:57 -06:00
Kareem 87f99ea824 Add test case for --enable-coding=no. 2025-08-27 12:02:25 -07:00
gojimmypi d64ef34ef8 Introduce WOLFSSL_DEBUG_CERTS Certificate Debug Messages 2025-08-06 13:57:53 -07:00
David Garske 5d7cb2ec07 Fix for new api.c test test_wolfSSL_check_domain_basic added in PR #8863 that fails with --disable-sys-ca-certs. 2025-06-24 08:25:01 -07:00
David Garske d4c827bc5e Fix for building LMS with verify only. Added tests for LMS/XMSS verify only. New wc_LmsKey_GetKid references key->priv_raw that is not available. 2025-06-23 11:12:53 -07:00
David Garske 9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
David Garske 8181561f0f Fix for syntax error in os-check.yml added in PR #8867. 2025-06-13 07:17:37 -07:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Marco Oliverio cbe1fb2c62 dtls: drop DTLS messages that span across datagrams
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
2025-05-19 10:28:13 +02:00
David Garske e09e3f6098 Fix for Curve25519 and static ephemeral issue with curve25519 blinding. Added new test case (used by wolfKeyMgr). 2025-05-12 10:26:31 -07:00
David Garske 1e3718ea7b Merge pull request #8655 from SparkiDev/asn1_oid_update
ASN.1 OIDs and sum: Change algorithm for sum
2025-05-07 11:43:54 -07:00
Sean Parkinson 5e5f486a4c Merge pull request #8732 from dgarske/stm32_hash_status
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
2025-05-07 20:56:18 +10:00
Sean Parkinson 112351667a ASN.1 OIDs and sum: Change algorithm for sum
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
2025-05-07 08:32:08 +10:00
Daniel Pouzzner 982a7600c2 src/tls13.c: in DoTls13ServerHello() WOLFSSL_ASYNC_CRYPT path, fix -Wdeclaration-after-statement caused by fallthrough definition;
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;

configure.ac: clarify error message for "SP ASM not available for CPU."
2025-05-06 14:49:32 -05:00
David Garske 0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
David Garske dfc6a52db5 Fixes for ECC non-blocking tests. Added example user_settings.h build test. Demonstrate ECC 256, 384 and 521 bit. 2025-03-05 15:58:51 -08:00
Juliusz Sosinowicz c5ad780798 Force experimental flag to enable ascon 2025-01-29 11:02:47 +01:00
Juliusz Sosinowicz e4100d977c ascon: added forced permutation unroll 2025-01-29 11:02:47 +01:00
Juliusz Sosinowicz e3a612300b Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
2025-01-29 11:02:47 +01:00
Juliusz Sosinowicz 1d2acd9de6 Revert to ubuntu-22.04 2024-12-10 16:27:41 +01:00
Andras Fekete a5331d406c Revert "Merge pull request #8072 from rizlik/github-fix"
This reverts commit 0f8b4dbc63, reversing
changes made to 743a78dc85.
2024-10-15 12:39:01 -04:00
Marco Oliverio 5d3f7c2528 ci: github: fix ubuntu version to 22.04 2024-10-14 16:46:45 +00:00
Sean Parkinson ac788ec40d Merge pull request #7995 from julek-wolfssl/dtls12-cid
Implement DTLS 1.2 Connection ID (CID)
2024-10-02 09:00:59 +10:00
András Fekete a1a3a0b04f Merge pull request #7871 from gojimmypi/pr-repo-owner-check
Add conditional repository_owner to workflow
2024-09-26 12:18:58 -04:00
res0nance 62c6a3d892 ci: add Win32 and ARM64 windows CI 2024-09-24 19:35:39 +08:00
gojimmypi 27adc66cca Add conditional repository_owner to workflow, remove socat strategy 2024-09-23 11:30:58 -07:00
Juliusz Sosinowicz 99a99e3d6e Implement DTLS 1.2 Connection ID (CID) 2024-09-20 15:31:01 +02:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Juliusz Sosinowicz b67fd6f29c Fix failing test_dtls_frag_ch
- Add option to disable ECH
- InitSuites: clean up DTLS paths
- wolfSSL_parse_cipher_list: remove WOLFSSL_MAX_SUITE_SZ setting
- wolfSSL_parse_cipher_list: add rationale for keeping ciphersuites
- test_dtls_frag_ch: ECH and ciphersuites were pushing the ClientHello message over the fragmentation limit. Disabling ECH and limiting ciphersuites fixes the test.
2024-08-30 09:56:52 +02:00
Juliusz Sosinowicz b2f59f733a DTLS 1.3: check size including headers 2024-08-28 12:58:50 +02:00
David Garske 8763b127d9 Add CI test for the new user_settings_wolfssh.h. 2024-06-03 14:27:07 -07:00
Juliusz Sosinowicz 7206508329 Don't use main.yml since it has a limit of 20 jobs 2024-05-06 17:18:01 +02:00
Daniel Pouzzner 8665295573 Merge pull request #7198 from dgarske/tls12only
Template for TLS v1.2 only
2024-02-05 16:14:47 -05:00
Juliusz Sosinowicz 31bfac43ea Update github actions
Many of these updates should also speed up some steps
2024-02-02 20:14:28 +01:00
David Garske 9e47703402 Template for TLS v1.2 only. 2024-01-31 10:13:31 -08:00
Juliusz Sosinowicz aed715cb2c dtls 1.3: allow to skip cookie exchange on resumption
tls 1.3: do cookie exchange when asked too even when found a matching cipher
2023-10-31 14:29:04 +01:00
Juliusz Sosinowicz 858c66de3c Add configs that exposed this bug 2023-10-05 16:58:45 +02:00
res0nance a99139574a ci: run windows test 2023-08-31 19:59:05 +08:00