883 Commits

Author SHA1 Message Date
Daniel Pouzzner d63a180f95 Merge pull request #8513 from SparkiDev/api_c_split_ciphers
Test api.c: split out MACs and ciphers
2025-02-27 14:00:36 -06:00
Marco Oliverio 194db7e844 tests: gate ocsp test on SM2 || SM3
we don't properly support SM2 and SM3 hash algo id properly yet
2025-02-27 19:38:46 +00:00
Marco Oliverio 814f0f8a09 Refactor CERT_ID encoding as per review comments 2025-02-27 12:50:37 +00:00
Sean Parkinson 48300352c6 Test api.c: split out MACs and ciphers 2025-02-27 15:52:39 +10:00
Daniel Pouzzner f7ddc49487 linuxkm/linuxkm_wc_port.h: add #error if the user tries to use the kernel crypto fuzzer with FIPS AES-XTS (kernel bug).
src/internal.c: fix shiftTooManyBitsSigned in DefTicketEncCb().

tests/api/test_sha256.c and wolfssl/wolfcrypt/sha256.h: gate raw transform APIs (wc_Sha256Transform(), wc_Sha256FinalRaw()) and tests on !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH).

move enum wc_HashFlags from wolfssl/wolfcrypt/hash.h to wolfssl/wolfcrypt/types.h to resolve circular dependency detected by cross-armv7m-armasm-thumb-fips-140-3-dev-sp-asm-all-crypto-only.

add FIPS_VERSION_GE(7,0) gates to new null-arg tests in test_wc_Shake{128,256}_*().

optimize ByteReverseWords() for cases where only one operand is unaligned, and add correct handling of unaligned data in ByteReverseWords64() to resolve unaligned access sanitizer report in cross-aarch64_be-all-sp-asm-unittest-sanitizer.
2025-02-26 20:55:56 -06:00
David Garske 512f928650 Fix cast warnings with g++. 2025-02-26 14:45:23 -08:00
Marco Oliverio 5eef98a5ea ocsp: add OCSP CERT ID encode/decode test 2025-02-25 22:22:43 +00:00
David Garske 3557cc764a Merge pull request #8501 from SparkiDev/digest_test_rework
Digest testing: improve
2025-02-25 13:03:48 -08:00
Marco Oliverio 740fb6bafc test: gate ocsp test when SHA-1 is disabled
tests blobs contains sha-1 hashes in certificate status
2025-02-25 15:42:35 +00:00
Marco Oliverio 78ca784826 test: ocsp: fix output file name in script 2025-02-25 15:42:30 +00:00
Marco Oliverio 8b80cb10d6 ocsp: responderID.ByKey is SHA-1 Digest len
Check that responderID.ByKey is exactly WC_SHA_DIGEST_SIZE as per RFC
6960. KEYID_SIZE can change across build configuration.
2025-02-25 15:42:22 +00:00
Sean Parkinson 6016cc0c97 Digest testing: improve
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.

Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.

Add default digest size enums for Blake2b and Blake2s.
2025-02-25 19:07:20 +10:00
JacobBarthelmeh 01808bebca Merge pull request #8474 from philljj/coverity_feb_2025
coverity: fix test_dtls warnings.
2025-02-20 10:35:47 -07:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
2025-02-20 08:14:15 +10:00
jordan 6f1c31a816 coverity: fix macro warning. 2025-02-19 11:29:45 -05:00
jordan 9a1d60100f coverity: fix test_dtls warnings. 2025-02-19 09:38:15 -05:00
Marco Oliverio a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio 1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 0af092ec79 ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 4351a5dd70 ocsp/test: better test assertions 2025-02-17 08:59:29 +00:00
Marco Oliverio 69116eb05d ocsp/tests: update blobs and add license header 2025-02-17 08:59:29 +00:00
Marco Oliverio 3724094ce2 ocsp: add test for response with unusable internal cert
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
2025-02-17 08:59:29 +00:00
Marco Oliverio ae3177c439 ocsp-resp-refactor: fix tests 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Daniel Pouzzner 690bb14203 tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h. 2025-02-14 10:57:29 -06:00
David Garske 3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz 21dce84448 Add negative tests for DTLS CID 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz 68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Sean Parkinson 3ff89f2cc2 API test: move digest functions out
Move all api.c tests of wolfCrypt APIs that are for digests out into
separate files.
2025-02-07 09:29:46 +10:00
Juliusz Sosinowicz db0345c009 ascon: make tests more readable by moving the kat vectors into a header 2025-02-04 12:58:51 +01:00
Juliusz Sosinowicz bcde4bdebb ascon: move tests to api.c and introduce framework to split up api.c 2025-01-29 15:50:00 +01:00