Commit Graph

28172 Commits

Author SHA1 Message Date
jordan d67c034b14 asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build. 2026-03-12 10:50:18 -05:00
JacobBarthelmeh 0de6e8fd50 Merge pull request #9950 from douzzer/20260311-bench_slhdsa-smallstack
20260311-bench_slhdsa-smallstack
2026-03-11 17:30:08 -06:00
JacobBarthelmeh a8dfa59bbe Merge pull request #9761 from julek-wolfssl/ocsp-responder
Implement OCSP responder
2026-03-11 17:27:33 -06:00
JacobBarthelmeh c15715ed54 Merge pull request #9737 from sebastian-carpenter/tls-ech-confirmation-fix
TLS ECH Testing Improvements
2026-03-11 15:11:13 -06:00
sebastian-carpenter bb7c6a13c8 ECH tidying 2026-03-11 12:07:20 -06:00
sebastian-carpenter 8a7d327d24 ECH fixes F-293, F-201, F-358, F-203 2026-03-11 10:06:37 -06:00
sebastian-carpenter 032dbe6878 ECH fixes F-292, F-28 2026-03-11 10:06:36 -06:00
sebastian-carpenter e17ac41070 TLS ECH fixes [SNI, api.c, server.c, comments] 2026-03-11 09:52:13 -06:00
sebastian-carpenter 58625d1f03 corrections for ECH specification 2026-03-11 09:52:11 -06:00
Daniel Pouzzner ecf71e745b .wolfssl_known_macro_extras: fix for disorder and unneeded entries. 2026-03-11 10:22:11 -05:00
Daniel Pouzzner aeb4c042fd wolfcrypt/benchmark/benchmark.c: smallstack (WC_*_VAR*()) refactor for bench_slhdsa(). 2026-03-11 10:21:55 -05:00
sebastian-carpenter c3a38dced7 testing + bug fixes for TLS ECH 2026-03-11 08:56:26 -06:00
sebastian-carpenter cb2d693550 bad rebase + fixing dtls13 support for ECH 2026-03-11 08:54:00 -06:00
sebastian-carpenter a2fe12a38a TLS ECH OuterExtensions support (Server side) 2026-03-11 08:54:00 -06:00
sebastian-carpenter 30cfb385eb fixed seg fault when confirmation not present 2026-03-11 08:54:00 -06:00
sebastian-carpenter 3605c2a417 client and server fix for TLS ECH 2026-03-11 08:54:00 -06:00
Juliusz Sosinowicz c920d2882c Restore body size calculation and add comment 2026-03-11 12:46:22 +01:00
Juliusz Sosinowicz 5a4c63423b Address code review 2026-03-11 12:28:11 +01:00
Juliusz Sosinowicz 6bb122d29f Address copilot review 2026-03-11 11:08:44 +01:00
Juliusz Sosinowicz 6fc83e292b Address code review 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 0a1b4f9185 fix shaCopy errors 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 7ae2ecc686 fixup! Implement OCSP responder 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 3be004f3ef fixup! Implement OCSP responder 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 9015ae9e17 Return unknown information inside of Basic Responde 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 00c6436cce Refactor date parsing 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz cec611987a fixup! Implement OCSP responder 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 10be06d747 Address copilot feedback 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz fcd6c4f203 Enhance OCSP responder error handling for serial validation and HTTP response truncation 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 931d056688 Add stapling to test scripts/ocsp-stapling-with-wolfssl-responder.test 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 9a9eb2bf1d Add ocsp responder test to testsuite.c and tested on windows 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz a795b19db2 Implement copilot suggestions 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
Daniel Pouzzner 3540d89c0d Merge pull request #9945 from holtrop-wolfssl/zd21327
Avoid one-byte read outside of allocated encrypted content buffer in wc_PKCS7_DecodeEnvelopedData()
2026-03-10 22:39:24 -05:00
Daniel Pouzzner a5bc0cd929 Merge pull request #9887 from rlm2002/static_analysis
20260305 Coverity fixes
2026-03-10 22:34:57 -05:00
Daniel Pouzzner fc7c19bb07 Merge pull request #9934 from SparkiDev/tls_length_fixes_1
TLS: Better handling of parsing TLS extensions
2026-03-10 22:34:10 -05:00
Daniel Pouzzner 2db5fbb04e Merge pull request #9933 from rlm2002/coverity
20260309 Coverity changes for Sunday build
2026-03-10 22:32:23 -05:00
Daniel Pouzzner bfe0b21829 Merge pull request #9765 from night1rider/zephyr-4_3_0-posix-fix
Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample.
2026-03-10 22:28:43 -05:00
Daniel Pouzzner ad21c89ba8 Merge pull request #9944 from JacobBarthelmeh/revert-pr9909
revert PR 9909
2026-03-10 19:38:57 -05:00
Daniel Pouzzner be6e088f46 Merge pull request #9942 from padelsbach/padelsbach/crl-gen-script-fix
Generate CRLs from unit test script
2026-03-10 19:38:29 -05:00
Daniel Pouzzner 8246fa2900 Merge pull request #9910 from holtrop-wolfssl/rust-lms
Rust wrapper: add lms module
2026-03-10 19:37:41 -05:00
Daniel Pouzzner e8a53c2e6d Merge pull request #9941 from kaleb-himes/v6-wolfentropy-combofix
Ensure user-space wolfentropy builds of the v6 module compile the cor…
2026-03-10 19:36:52 -05:00
Daniel Pouzzner e4dea8f261 Merge pull request #9885 from Frauschi/missing_force_zero
Add missing ForceZero calls
2026-03-10 19:36:07 -05:00
Daniel Pouzzner f9b15210d9 Merge pull request #9921 from Frauschi/zd21310
Zeroize preMasterSecret in hybrid PQ/T error cases
2026-03-10 19:35:12 -05:00
Daniel Pouzzner 51693156fe Merge pull request #9939 from SparkiDev/mlkem_comments_fixes
ML-KEM: Fixes for comments plus bug fixes
2026-03-10 19:34:39 -05:00
Daniel Pouzzner 3203610249 Merge pull request #9925 from sameehj/fix-compilation
Fix undefined variable tls1 in InitSuites for PSK cipher suite
2026-03-10 19:34:05 -05:00
Daniel Pouzzner 4e84c7e05a Merge pull request #9931 from aidangarske/fix-wolfcrypt-fenrir-1
Fix Fenrir 376
2026-03-10 19:33:32 -05:00
Daniel Pouzzner f1508c910a Merge pull request #9930 from julek-wolfssl/fenrir/260903
Fenrir fixes
2026-03-10 19:32:56 -05:00
Daniel Pouzzner 7af6decbf3 Merge pull request #9856 from anhu/rsa_guard
Macro guard parameter null check.
2026-03-10 19:32:19 -05:00
Daniel Pouzzner f18d5ba359 Merge pull request #9928 from philljj/fix_f_451
ascon: don't skip wc_AsconAEAD128_Clear on auth error.
2026-03-10 19:31:20 -05:00
Daniel Pouzzner e3e5179cf8 Merge pull request #9869 from JacobBarthelmeh/f356
fix for sanity checks on serial input
2026-03-10 19:30:46 -05:00