Commit Graph

357 Commits

Author SHA1 Message Date
Juliusz Sosinowicz d2f45f614f Make test scripts work in sandboxed/restricted environments
multi-msg-record.py: auto-detect the CA cert format the wolfSSL client
build accepts (PEM or DER) from the default shown in client -? help.
OPENSSL_EXTRA-style builds need PEM; NO_CODING builds need DER.

ocsp-stapling.test: skip the external login.live.com connection unless
WOLFSSL_EXTERNAL_TEST is explicitly enabled (matches external.test /
google.test convention). Local OCSP tests still run.

ocsp-responder-openssl-interop.test: use ${TMPDIR:-/tmp} for mktemp
templates so the test works when /tmp is not writable.
2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 7cc972d5c7 Use DER CA cert in multi-msg-record test for NO_CODING builds
wolfSSL builds configured with --enable-coding=no cannot parse PEM
because base64 decoding is disabled. Switch the example client's -A
argument to ca-cert.der so the test works in both PEM-enabled and
PEM-disabled builds.
2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 6357a0e5cf Skip multi-msg-record ciphers not built into wolfSSL client
Probe ./client -e for the supported cipher list and skip suites that
aren't compiled in instead of reporting them as failures.
2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz dab6461db1 Fix comment dash 2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 0b1b158fe2 Add a test for multi-message TLS records 2026-05-14 13:10:13 +02:00
Sean Parkinson 69a378461a Merge pull request #10406 from Frauschi/lms_xmss_certs
Support RFC 9802 LMS and XMSS in X.509 verification
2026-05-08 11:48:34 +10:00
Tobias Frauenschläger 28468b44f5 Support RFC 9802 LMS and XMSS in X.509 verification
Wire the stateful hash-based signature schemes HSS/LMS (RFC 8554) and
XMSS / XMSS^MT (RFC 8391) into the X.509 cert-verification path per
RFC 9802.

asn:
- Register id-alg-hss-lms-hashsig (1.2.840.113549.1.9.16.3.17),
  id-alg-xmss-hashsig (1.3.6.1.5.5.7.6.34) and id-alg-xmssmt-hashsig
  (1.3.6.1.5.5.7.6.35) in oid_sum.h, asn.c and asn1_oid_sum.pl.
- Plumb the new keyOIDs through GetCertKey, SigOidMatchesKeyOid,
  HashForSignature, FreeSignatureCtx and ConfirmSignature so leaf
  and CA certificates parse, load and verify end-to-end.
- Rename IsSigAlgoECC -> IsSigAlgoNoParams; the function has tested
  "AlgorithmIdentifier omits NULL parameters" since PQC algos were
  added, and HSS/LMS + XMSS only made the original name more
  misleading.

wc_lms / wc_xmss:
- Add wc_XmssKey_ImportPubRaw_ex which derives parameters from the
  4-byte OID prefix at the start of the raw public key, taking an
  is_xmssmt hint to disambiguate the overlapping XMSS / XMSS^MT OID
  spaces.
- Extend wc_LmsKey_ImportPubRaw with the same auto-derive from
  u32str(L) || lmsType || lmOtsType when key->params is NULL; this
  also fixes a latent NULL-deref when the legacy precondition was
  violated.
- Reject WC_*_STATE_OK in both ImportPubRaw paths so re-importing
  on a private-key-loaded handle can't desync priv/pub.
- Tighten wc_XmssKey_Verify's length check to strict equality,
  matching wc_LmsKey_Verify and the documented contract of using
  wc_XmssKey_GetSigLen for the buffer size.

tests / fixtures:
- Bouncy Castle 1.81 fixtures in certs/lms and certs/xmss covering
  every supported parameter set, plus CA->leaf chains per family
  and one BC-native LMS fixture as a cross-impl interop gate.
- New api tests verify each fixture end-to-end, tamper TBS and
  signature bytes, exercise the wolfCrypt-level negative paths
  (NOT_COMPILED_IN, BUFFER_E, BAD_FUNC_ARG, BAD_STATE_E, OID/family
  mismatch, partial-write invariants, lenient VERIFYONLY re-import,
  strict sigLen check) and confirm the outer signatureAlgorithm
  OID is rejected when it disagrees with the SPKI in both
  XMSS<->XMSS^MT directions.
2026-05-07 17:14:31 +02:00
Daniel Pouzzner d86174cc50 src/ssl.c: in wolfSSL_check_domain_name(), use XSTRCMP(), not strcmp();
wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h, src/ssl.c, wolfssl/ssl.h: move wolfssl_local_IsValidFQDN() from ASN.1 layer (where it has no users and is gated out in lean PSK builds) to TLS layer (where its users are);

scripts/crl-revoked.test: use `cp --symbolic-link` opportunistically but fall back to `cp -p`.
2026-05-06 21:40:33 -05:00
Daniel Pouzzner b6de2d3cbc src/ssl.c: in wolfSSL_check_domain_name(), call wolfssl_local_IsValidFQDN() to validate the argument, with allowance for "localhost".
scripts/crl-revoked.test: improve "Workaround to not pollute the certs folder" (don't copy whole source tree, and don't copy file contents).
2026-05-06 18:29:27 -05:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
JacobBarthelmeh 53e352181e Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
Daniel Pouzzner 956f057e73 scripts/pem.test: correctly compute and use SRC_DIR, and fix whitespace. 2026-04-20 17:42:29 -05:00
Daniel Pouzzner 7e67274ebe scripts/pem.test: add more missing feature sensing and conditions. 2026-04-20 15:24:28 -05:00
Daniel Pouzzner eff2fcd513 scripts/pem.test: refactor to eliminate dependence on bash [[ -v foo ]] construct. 2026-04-20 13:49:53 -05:00
Daniel Pouzzner 8b6739296c examples/pem/pem.c: don't wolfCrypt_Cleanup() unless wolfcrypt_inited;
scripts/pem.test:
* add setup for WOLFSSL_NO_DER_TO_PEM,
* exit early with skip code if executable dependencies are missing or WOLFSSL_NO_PEM or NO_CODING, and
* add clean skip clauses to convert_to_pem(), compare_pem(), and pem_der_exp(), if WOLFSSL_NO_DER_TO_PEM.
2026-04-20 12:47:36 -05:00
Daniel Pouzzner e601e04444 fix examples/pem/ and scripts/pem.test:
examples/pem/pem.c:
* improve error messages,
* add wc_SetSeed_Cb() if WC_RNG_SEED_CB, and
* add wolfCrypt_Init() and wolfCrypt_Cleanup().

scripts/pem.test:
* fix exit code to unmask script failure,
* add configured feature detection,
* improve error messages and handling,
* add configuration gating around subtests, and
* comment out currently failing subtests.
2026-04-20 10:26:09 -05:00
Daniel Pouzzner e4fab90938 scripts/*.test: in kill -0 PID existence tests, close stderr to silence noise. 2026-04-14 23:23:53 -05:00
Daniel Pouzzner 96199467f9 scripts/*.test: delay reaping servers in cleanup handlers to allow sanitizers to finish rendering backtraces. 2026-04-14 23:09:20 -05:00
Juliusz Sosinowicz fd63d6c20e Add bwrap network namespace isolation to scripts with listening ports
Add NETWORK_UNSHARE_HELPER/bwrap wrapping to benchmark.test,
openssl_srtp.test, and sniffer-gen.sh to isolate network namespaces and
prevent port collisions when tests run concurrently. sniffer-gen.sh uses
--cap-add ALL (like dtls.test) since it runs tcpdump. ocsp-stapling.test
is excluded because it connects to external servers (login.live.com).
2026-04-09 13:56:14 +02:00
Lealem Amedie 49003f8e54 Fix hang in OCSP test 2026-03-27 14:41:24 -06:00
Juliusz Sosinowicz a0e1fcebfb Re-enable hostap tests and remove some flaky tests
ALL should not include NULL ciphersuites. Those need to be enabled explicitly.
2026-03-24 16:31:31 +01:00
Juliusz Sosinowicz 6bb122d29f Address copilot review 2026-03-11 11:08:44 +01:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
Paul Adelsbach 5bcb9d4966 Generate CRLs from unit test script 2026-03-10 13:25:12 -07:00
kaleb-himes 325ee2c274 Implement peer review feedback 2026-03-06 10:38:02 -07:00
kaleb-himes 2603996be7 Implement copilot suggestion 2026-03-04 15:10:16 -07:00
kaleb-himes b807595932 Fix all shellcheck items 2026-03-04 15:06:55 -07:00
kaleb-himes 10874aec82 Nth attempt to resolve port collisions once-and-for-all 2026-03-02 14:05:42 -07:00
David Garske f1e8c1b886 Merge pull request #9787 from holtrop-wolfssl/fix-integrity-only-cipher-nonce-calculation
Fix integrity-only cipher nonce calculation
2026-02-19 09:05:24 -08:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Josh Holtrop b4427dd7fd Do not attempt to run integrity-only OpenSSL interop tests with OpenSSL < 3.4 2026-02-17 14:20:52 -05:00
Josh Holtrop 2be175fa35 Fix integrity-only cipher nonce calculation 2026-02-16 21:30:03 -05:00
Paul Adelsbach aafc876759 Add cert/CRL capabilities: skid, akid, dist point, netscape 2026-02-13 20:35:44 -08:00
Paul Adelsbach 81ae472e50 Add CRL generation code 2026-02-13 10:54:47 -08:00
Juliusz Sosinowicz 5f755f6bd5 Fix compilation checks in test scripts
Correct the logic for checking if the client and server examples are compiled
in the test scripts. The previous logic was inverted, causing the tests to
always skip if the examples *were* compiled.
2026-02-10 13:14:55 +01:00
Sean Parkinson bc9e37118e Regression test fixes
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
Paul Adelsbach 2325c68d4e Address connection issues in ocsp-stapling test 2026-01-20 09:46:35 -08:00
Josh Holtrop 2c4b6f46b7 Add scripts/rsapss.test to test RSA-PSS signature algorithm negotiation 2025-11-19 23:05:31 -05:00
Chris Conlon f208716b80 use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility 2025-11-06 16:54:23 -07:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske b9455bc94b Fixes issue with cert gen, no malloc and crypto callback causing wolfssl/wolfcrypt/asn.h:1375:18: error: use of undeclared identifier 'WC_MAX_DIGEST_SIZE. Fixed netcat issue in openssl.test causing server open check to fail on some platforms. Fixed clang-tidy report in benchmark.c where XFTELL could return negative (error) and wasn't handled. 2025-06-20 16:34:46 -07:00
Daniel Pouzzner 9d722b3a6c purge baltimore-cybertrust-root.pem from certs/external/include.am and scripts/. 2025-05-13 20:52:08 -05:00
Sean Parkinson 112351667a ASN.1 OIDs and sum: Change algorithm for sum
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
2025-05-07 08:32:08 +10:00
Ruby Martin b64f509d1b define NO_WRITE_TEMP_FILES 2025-03-03 10:14:06 -07:00
Ruby Martin 6fed2fe447 include cygwin and msys2 ostypes to oscp-stapling tests 2025-02-26 09:05:53 -07:00
Ruby Martin 57646a88ff check if clientfd != SOCKET_INVALID not 0, add check if USE_WINDOWS_API
not defined
2025-02-26 09:03:55 -07:00
JacobBarthelmeh af4b5c2097 only run RSA-PSS interop test if cipher suites with ephemeral keys are available 2024-12-28 11:34:17 -08:00
JacobBarthelmeh 1ae0f7c66f do not do resume with new test case
add wolfssl_no_resume flag to openssl.test

check for version of openssl testing against

check if RSA is supported for test case

guard on test case for TLS versions supported
2024-12-28 02:09:49 -08:00
JacobBarthelmeh 3aa2881cd4 account for rsa_pss_rsae vs rsa_pss_pss type 2024-12-23 23:45:33 -07:00