wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 18:42:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,449 Commits 12 Branches 184 Tags
dcafe9adf235c367039bd74137f6b0b056beea8c
Commit Graph

3759 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Daniel Pouzzner
408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero(); 
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
 2025-10-02 14:38:05 -05:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Daniel Pouzzner
b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify 
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
 2025-09-30 16:22:41 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem
b302e8edd0 Move CERT_FILETYPE definition, use it in echoserver. 2025-09-26 10:58:51 -07:00
Juliusz Sosinowicz
f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem
af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Mattia Moffa
26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
Mattia Moffa
4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
Reda Chouk
e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Mattia Moffa
5efc4a7cd0 Fix tests 2025-09-19 16:45:15 +02:00
Kareem
23f595586d Fix building with --enable-keygen --enable-rsavfy. 2025-09-18 16:21:08 -07:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Mattia Moffa
3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem
989a9da65a Move CERT_FILETYPE definition. 2025-09-12 16:33:29 -07:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske
3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
David Garske
71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export 
Fix test_wolfSSL_tls_export
 2025-08-26 12:11:49 -07:00
Juliusz Sosinowicz
d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz
5934c1eece Fix test_wolfSSL_tls_export 
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
 2025-08-26 11:04:54 +02:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Kareem
623c593210 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_verify 2025-08-25 11:36:12 -07:00
Daniel Pouzzner
e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER; 
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
 2025-08-22 21:58:00 -05:00
Kareem
c2eeeafdbe Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-08-22 13:56:44 -07:00
JacobBarthelmeh
bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038 
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
 2025-08-22 14:43:46 -06:00
Kareem
4a067fa1bc Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it 
may be skipped, modifying the return code.
 2025-08-22 11:29:21 -07:00
Kareem
077beaecd8 Fix memory leak in unit test, fix for loop syntax. 2025-08-21 16:33:57 -07:00
Kareem
b53db94f1e x509_verify_cert: Code review feedback. 2025-08-21 15:35:29 -07:00
Josh Holtrop
98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Kareem
cb985dcfa8 ECC required for newly added unit test. 2025-08-18 10:21:54 -07:00
Kareem
1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem
6b01053d98 Add test case for new x509_verify_cert retry functionality. 
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
 2025-08-18 10:21:53 -07:00
Sean Parkinson
0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn 
Improve original implementation on SetAsymKeyDer() and the test
 2025-08-18 22:11:25 +10:00
Juliusz Sosinowicz
ffe3d80f8d Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg 
20250812-atomic-cmpxchg
 2025-08-15 01:14:45 +02:00
Daniel Pouzzner
c5bbf4c7e0 Merge pull request #9085 from effbiae/while-pending 
`wolfSSL_AsyncPoll` calls refactor
 2025-08-14 14:51:05 -05:00
Kareem
c535e281c6 Skip unit test when using Apple native cert validation. 2025-08-14 11:34:15 -07:00
Kareem
cb3f7de3f7 Fix issues found by CI/CD tests. 2025-08-14 11:34:15 -07:00
Kareem
3bcbbd2924 Fix issue with loading PEM certs. Address code review feedback. 
Add tests.
 2025-08-14 11:34:15 -07:00
Koji Takeda
0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
Daniel Pouzzner
bd4e723f9d add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex(); 
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;

refactor cpuid_set_flags() to be race-free;

wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()

wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;

.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
 2025-08-14 08:44:28 -05:00
Sean Parkinson
102525c9c9 Merge pull request #9100 from dgarske/cryptocb_only 
Improve some of the build cases around crypto callback only
 2025-08-14 21:41:26 +10:00
effbiae
0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
David Garske
d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Ruby Martin
a02025d0c9 add session ticket length return check to api tests 2025-08-13 08:29:30 -06:00
Daniel Pouzzner
e24f76bb1e Merge pull request #9057 from SparkiDev/mldsa_x64_asm 
ML-DSA/Dilithium: Intel x64 ASM
 2025-08-11 23:12:44 -05:00