wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 12:12:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,587 Commits 12 Branches 184 Tags
000f32a5a40db635ff98dad3290d214f2bb375fa
Commit Graph

3398 Commits

Author SHA1 Message Date
Sean Parkinson
82b50f19c6 ML-KEM/Kyber: improvements 
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
 2025-02-20 08:14:15 +10:00
JacobBarthelmeh
539056e749 Merge pull request #8475 from embhorn/gh8473 
Fix QUIC callback failure
 2025-02-19 14:00:47 -07:00
David Garske
268326d875 Merge pull request #8408 from rizlik/ocsp-resp-refactor 
OpenSSL Compat Layer: OCSP response improvments
 2025-02-19 11:20:12 -08:00
Eric Blankenhorn
66ed35c910 Fix QUIC callback failure 2025-02-19 10:56:44 -06:00
JacobBarthelmeh
373a7d462a Merge pull request #8472 from SparkiDev/ed25519_fix_tests 
Ed25519: fix tests to compile with feature defines
 2025-02-19 09:53:10 -07:00
Sean Parkinson
331a713271 Ed25519: fix tests to compile with feature defines 
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
 2025-02-19 17:41:03 +10:00
Daniel Pouzzner
65f38df74d tests/api.c: refactor several C89-incompatible dynamically constructed arrays using static const. 2025-02-17 17:47:36 -06:00
Marco Oliverio
a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio
1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio
0af092ec79 ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio
a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio
4351a5dd70 ocsp/test: better test assertions 2025-02-17 08:59:29 +00:00
Marco Oliverio
69116eb05d ocsp/tests: update blobs and add license header 2025-02-17 08:59:29 +00:00
Marco Oliverio
3724094ce2 ocsp: add test for response with unusable internal cert 
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
 2025-02-17 08:59:29 +00:00
Marco Oliverio
3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio
ae3177c439 ocsp-resp-refactor: fix tests 2025-02-17 08:59:29 +00:00
Marco Oliverio
eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio
f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio
2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio
f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Daniel Pouzzner
690bb14203 tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h. 2025-02-14 10:57:29 -06:00
David Garske
3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
21dce84448 Add negative tests for DTLS CID 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
David Garske
846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson
bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
Sean Parkinson
bcd89b0592 Merge pull request #8388 from julek-wolfssl/BN_CTX_get 
Implement BN_CTX_get
 2025-02-12 08:08:58 +10:00
jordan
922cb73061 test_dual_alg_ecdsa_mldsa: fix decoded cert leak. 2025-02-11 10:58:03 -05:00
David Garske
be5f203274 Merge pull request #8425 from philljj/ecdsa_mldsa_test_api 
dual alg: add ML-DSA test, and misc cleanup.
 2025-02-10 15:05:44 -08:00
David Garske
ff41eee2e7 Merge pull request #8413 from SparkiDev/tests_api_digests 
API test: move digest functions out
 2025-02-10 14:51:19 -08:00
jordan
937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
David Garske
c668a4e5a0 Merge pull request #8426 from SparkiDev/read_der_bio_small_data_fix 
Read DER BIO: fix for when BIO data is less than seq buffer size
 2025-02-06 16:21:42 -08:00
Sean Parkinson
3ff89f2cc2 API test: move digest functions out 
Move all api.c tests of wolfCrypt APIs that are for digests out into
separate files.
 2025-02-07 09:29:46 +10:00
Sean Parkinson
ae8b8c4164 Read DER BIO: fix for when BIO data is less than seq buffer size 
wolfssl_read_der_bio did not not handle the length to be read from the
BIO being less than the size of the sequence buffer.
 2025-02-07 08:46:49 +10:00
Daniel Pouzzner
6f044c577f tests/api.c: add a missed "#ifdef WOLFSSL_ATOMIC_INITIALIZER" in test_AEAD_limit_server(). 2025-02-06 16:32:54 -06:00
jordan
3df616ae58 dual alg: small cleanup. 2025-02-06 15:57:13 -05:00
jordan
035d4022fb dual alg: add ML-DSA test, and misc cleanup. 2025-02-06 15:50:37 -05:00
Daniel Pouzzner
40e3f03795 tests/api.c: fix data races in test_wolfSSL_CTX_add_session_ctx_ready() using a mutex, and in test_wolfSSL_dtls_AEAD_limit() using a mutex, an atomic integer, and a volatile attribute. 
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_ATOMIC_LOAD() and WOLFSSL_ATOMIC_STORE() definitions.
 2025-02-06 00:55:44 -06:00
Sean Parkinson
e6ceb40187 Merge pull request #8391 from dgarske/cmake_watcom 
Fixes for Watcom compiler and new CI test
 2025-02-06 08:51:51 +10:00
David Garske
345c969164 Fixes for Watcom compiler and new CI test 
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
 2025-02-04 12:38:52 -08:00
Juliusz Sosinowicz
8b7b9636aa Remove BN_CTX_init as its no longer in OpenSSL for a long time 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
841d13e81c Implement BN_CTX_get 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
db0345c009 ascon: make tests more readable by moving the kat vectors into a header 2025-02-04 12:58:51 +01:00
Eric Blankenhorn
b488af1d34 Fix compat layer ASN1_TIME_diff to accept NULL output params 2025-01-31 15:55:35 -06:00
JacobBarthelmeh
4891d1c471 Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing 
Add support for parsing trusted PEM certs
 2025-01-31 10:53:51 -07:00
Colton Willey
a0950e97f5 Add tests for trusted certificate banner 2025-01-30 14:42:41 -08:00
Daniel Pouzzner
3a6b33c180 tests/api.c and wolfcrypt/benchmark/benchmark.c: fixes for building with HAVE_FFDHE_3072 and/or HAVE_FFDHE_4096 but without HAVE_FFDHE_2048. 2025-01-30 15:02:02 -06:00
Juliusz Sosinowicz
e4b7a53191 api: make sure len doesn't overrun the input buffer 2025-01-30 18:01:51 +01:00
Juliusz Sosinowicz
2865b0c79b api: check fd values as recv and send can't take in negative fd 2025-01-30 18:01:10 +01:00