Juliusz Sosinowicz
b1f97c6bc0
Merge pull request #5652 from rizlik/send_alert_on_version_mismatch
2022-10-10 11:16:11 +02:00
Hayden Roche
47ccd924c2
Merge pull request #5657 from julek-wolfssl/dtls-1.2-stateless
2022-10-09 09:31:07 -07:00
Hayden Roche
5c85c8e128
Merge pull request #5658 from philljj/fix_wolfSSL_sk_X509_new
2022-10-06 17:18:03 -07:00
Juliusz Sosinowicz
7f42792616
DTLS 1.2: Test stateless server connection
2022-10-06 18:53:13 +02:00
Marco Oliverio
ebb378096a
test: DTLSv1.2: send alert when version negotiation fails
2022-10-05 20:29:23 +02:00
Marco Oliverio
84748757b0
tests: refactor ticket-nonce-test callbacks to re-use code
2022-10-05 20:29:23 +02:00
Hayden Roche
79d9bc376f
Merge pull request #5631 from dgarske/smallstack
2022-10-04 14:39:17 -07:00
jordan
984649eeac
Correct wolfSSL_sk_X509_new in OpenSSL compatible API
2022-10-04 15:20:32 -05:00
David Garske
f9506dc05a
Add small stack to DoClientHello Suites (360 bytes). Add small stack for DRBG health test. Refactor of the small stack into its own header, to allow easier use in other files. Minor build fixes.
2022-09-30 14:06:31 -07:00
jordan
eccba1401f
fix valgrind leak in new unit test
2022-09-30 11:24:54 -05:00
jordan
0f66c90b54
implement sk_X509_shift for zd 14898
2022-09-29 23:04:31 -05:00
Hayden Roche
591d1ada94
Merge pull request #5615 from JacobBarthelmeh/RSAPSS
2022-09-29 14:39:05 -07:00
David Garske
ab44c89ab4
Merge pull request #5626 from haydenroche5/load_system_root_certs
...
Add a function to load system CA certs into a WOLFSSL_CTX.
2022-09-29 11:03:26 -07:00
David Garske
a5a9ab96e6
Merge pull request #5524 from rizlik/protocol_version_alerts
...
Dtls13: improvements
2022-09-29 10:59:06 -07:00
Sean Parkinson
754d274d8c
Merge pull request #5593 from rizlik/ticket_nonce_size
...
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
2022-09-29 08:11:22 +10:00
Marco Oliverio
ae4228f928
tests: add WOLFSSL_TICKE_NONCE_MALLOC tests
2022-09-28 19:54:14 +02:00
Marco Oliverio
3c60926bfa
tests: silently dropping bad records after handshake in DTLS
2022-09-28 18:42:38 +02:00
Marco Oliverio
6e4a3ecdbd
tests: add negative version negotation tests
2022-09-28 18:42:38 +02:00
Marco Oliverio
b3ecdd2ecb
dtls13: support stateless cookie exchange on blocking socket
2022-09-28 18:42:38 +02:00
Marco Oliverio
400671dc7c
dtls: drop non-handshake messages before cookie exchange
2022-09-28 18:42:38 +02:00
Hayden Roche
8cae05348c
Add a function to load system CA certs into a WOLFSSL_CTX.
...
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.
This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.
Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
2022-09-28 08:50:46 -07:00
JacobBarthelmeh
cc4e8df56d
cast to fix warning in test case
2022-09-26 10:13:06 -07:00
David Garske
792eac9484
Fixes for building the API unit test without filesystem NO_FILESYSTEM.
2022-09-23 13:58:17 -07:00
JacobBarthelmeh
2bf583aa57
Merge pull request #5526 from miyazakh/qt_jenkins_fix
...
Fix qt nightly test failure
2022-09-21 09:38:45 -06:00
Jacob Barthelmeh
dc0b2553fc
handle certificates with RSA-PSS signature that have RSAk public keys
2022-09-21 08:24:09 -06:00
David Garske
90c9363af8
Merge pull request #5538 from satoshiyamaguchi/trial5
...
Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
2022-09-20 13:01:52 -07:00
David Garske
73dbc873bd
Merge pull request #5586 from julek-wolfssl/dtls-misc-security
...
Add missing minor security checks
2022-09-19 09:47:00 -07:00
Juliusz Sosinowicz
23e9cf2dc1
Test AEAD limits only without WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
2022-09-19 10:30:29 +02:00
Hideki Miyazaki
001592a8a3
fix qt nightly test
2022-09-18 13:56:55 +09:00
Satoshi Yamaguchi
64f2a0cafe
Extend wolfSSL_EVP_PKEY_free for freing EVP_PKEY of CMAC.
...
Fix EVP_PKEY not freed in unit test (test_wolfSSL_EVP_PKEY_new_CMAC_key).
2022-09-17 14:44:45 +09:00
JacobBarthelmeh
7a728c0c48
Merge pull request #5569 from SparkiDev/kyber
...
Kyber: Add option to build Kyber API
2022-09-16 14:56:02 -06:00
Hideki Miyazaki
a948c78ac7
addressed review comments. remove Qt case guard
2022-09-16 21:25:42 +09:00
Hideki Miyazaki
a98cda3516
fix qsscertificate test failure
2022-09-16 07:48:05 +09:00
Juliusz Sosinowicz
1941fb2b35
Keep a separate drop counter for each epoch
2022-09-15 15:49:05 +02:00
Juliusz Sosinowicz
67473bac28
Code review fixes
...
- Mark old epochs as invalid so we don't attempt to decrypt with them
- Return a non-zero value if possible in unit tests
- Move Dtls13CheckAEADFailLimit to dtls13.c
- Reset state in processreply
2022-09-15 14:39:33 +02:00
Juliusz Sosinowicz
63ba2f7b8f
TLS 1.3: Check maximum records encrypted with one key set
2022-09-15 12:17:46 +02:00
Juliusz Sosinowicz
4e9106c355
Enforce maximum amount of failed decryptions in DTLS 1.3
2022-09-15 12:17:46 +02:00
JacobBarthelmeh
37adf0ff06
Merge pull request #5592 from douzzer/20220914-fix-quic-test-default-build
...
20220914-fix-quic-test-default-build
2022-09-14 14:15:46 -06:00
JacobBarthelmeh
8b641df116
Merge pull request #5588 from SparkiDev/tls13_cs_fixes
...
TLSv1.3 cipher suites: fixes
2022-09-14 09:06:31 -06:00
Daniel Pouzzner
eef67478e9
tests/quic.c: gate QuicConversation_fail() definition to avoid -Wunused-function.
2022-09-14 09:46:07 -05:00
Sean Parkinson
79d85f6c13
TLS cipher suite: improvements
...
wolfSSL_clear: check return from InitSSL_Suites() call.
TLS13: check ClientHello cipher suite length is even.
Silently remove duplicate cipher suites from user input.
Add tests of duplicate cipher suite removal.
2022-09-14 09:26:00 +10:00
JacobBarthelmeh
12ec2272d6
Merge pull request #5585 from icing/groups-key-share
...
wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements.
2022-09-13 10:36:25 -06:00
Anthony Hu
7f2659bb9b
add test-tls13-pq-2.conf to include.am
2022-09-13 10:51:07 -04:00
Sean Parkinson
8c1e2c52e7
Kyber: Add option to build Kyber API
...
wolfSSL Kyber implementation not included.
Added tests and benchmarking.
2022-09-13 10:07:27 -04:00
Sean Parkinson
5e945f94b4
TLSv1.3 cipher suites: fixes
...
Handle multiple instances of the same cipher suite being in the server's
list.
Fix client order negotiation of cipher suite when doing pre-shared keys.
2022-09-13 17:25:11 +10:00
Sean Parkinson
38418b31f1
Merge pull request #5197 from JacobBarthelmeh/OCSP
...
RSA-PSS with OCSP and add simple OCSP response der verify test case
2022-09-13 15:10:00 +10:00
Stefan Eissing
c6c4134542
wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements.
...
- Use wolfSSL API wolfSSL_set_groups() and wolfSSL_CTX_set_groups()
to configure curves list
- This sets ssl->groups and ctx->groups accordingly and makes
TLSX_KEY_SHARE generation respect the selection and precedence.
- Add tests in quic to assert the order of selections.
2022-09-12 14:31:58 +02:00
JacobBarthelmeh
757a18ab7e
Merge pull request #5496 from SKlimaRA/SKlimaRA/SetCipherListBytes
...
Support for setting cipher list with bytes
2022-09-09 13:42:51 -06:00
David Garske
23ba1e7e98
Minor cleanups. Gate these API's on OPENSSL_EXTRA or WOLFSSL_SET_CIPHER_BYTES to keep code size reduced.
2022-09-09 10:49:49 -07:00
JacobBarthelmeh
6526ffc5f8
Merge pull request #5567 from haydenroche5/hmac_sha1_fix
...
Fix HMAC compat layer function for SHA-1.
2022-09-09 09:45:21 -06:00