wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 08:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,102 Commits 12 Branches 184 Tags
149bf19b4c80aea45f050257ff2f796525eb7207
Commit Graph

237 Commits

Author SHA1 Message Date
Marco Oliverio
540fae80ab test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 13:41:33 +01:00
Marco Oliverio
988ba340ba address reviewer's comments 2025-12-18 10:28:54 +01:00
Marco Oliverio
0fa0fd2317 (d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations 2025-12-16 10:46:29 +01:00
Marco Oliverio
e9f3bd5ddd dtls: test precise header headroom computation 2025-12-16 10:00:30 +01:00
Sean Parkinson
85d40c8e9b Merge pull request #9522 from JacobBarthelmeh/time 
tie in use of check_time with x509 store
 2025-12-16 08:24:49 +10:00
Sean Parkinson
44be44a509 TLS 1.3 missing extension: return correct alert code 
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
 2025-12-15 09:07:13 +10:00
JacobBarthelmeh
01442a1460 adjust macro guard around test case 2025-12-12 13:36:14 -07:00
JacobBarthelmeh
e1bbb71878 tie in use of check_time with x509 store 2025-12-12 09:22:23 -07:00
Daniel Pouzzner
3e8c6811c7 Merge pull request #9518 from SparkiDev/api_c_split_3 
api.c: Split out more functions
 2025-12-11 13:06:58 -06:00
Daniel Pouzzner
ef8bf55528 Merge pull request #9495 from SparkiDev/aarch64_no_hw_crypto_asm_aes 
Aarch64 no harware crypto assembly AES
 2025-12-11 12:46:07 -06:00
Daniel Pouzzner
f07e379d6d Merge pull request #9456 from anhu/test_inits 
Initialize test variables; avoid false warnings.
 2025-12-11 12:40:44 -06:00
Sean Parkinson
b4b617de49 api.c: Split out more functions 
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
 2025-12-11 19:00:19 +10:00
Sean Parkinson
0b2fb66af6 api.c: Split out more functions 
wolfSSL_PEM, wolfSSL_X509, wolfSSL_X509_NAME, wolfSSL_X509_PUBKEY API
testing moved out to separate files.
 2025-12-11 15:32:09 +10:00
Sean Parkinson
80b7ea638e Aarch64 no harware crypto assembly AES 
Implementations of AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-XTS with base
instructions and NEON but not using crypto instructions.

Benchmark of AES-ECB added.
Updated AES tests.
 2025-12-10 08:55:58 +10:00
Juliusz Sosinowicz
24b35badb4 Fix uninit variables 2025-12-09 17:07:40 +01:00
Daniel Pouzzner
12d07c4d43 tests/api/test_rsa.c: in test_wc_RsaPublicEncryptDecrypt(), add FIPS gate around new test coverage from #9454 (23c5678797). 2025-12-06 10:20:45 -06:00
David Garske
f01c4f10fa Merge pull request #9454 from SparkiDev/rsa_dec_too_small_output_fix 
RSA decrypt: don't write past buffer end on error
 2025-12-04 10:06:37 -08:00
Juliusz Sosinowicz
7b82224462 tests: add unit coverage for GetCAByAKID 2025-12-03 10:47:40 +01:00
JacobBarthelmeh
a83fb4fc42 revert 6bda10a forcing small stack with async 2025-11-25 00:43:04 -07:00
Anthony Hu
cf8b729bae Initialize test variables; avoid false warnings. 2025-11-21 11:59:07 -05:00
Sean Parkinson
23c5678797 RSA decrypt: don't write past buffer end on error 
When the decrypted data is bigger than the buffer, the one extra bytes
was being written to.
 2025-11-21 12:12:14 +10:00
JacobBarthelmeh
a68da8d2d5 update pksc7 decode test for new ca-cert.pem size 2025-11-14 14:53:48 -07:00
JacobBarthelmeh
3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
JacobBarthelmeh
6c74098be5 run renewcerts.sh, gencertbuf.pl, and create_ocsp_test_blobs.py 2025-11-14 14:45:37 -07:00
JacobBarthelmeh
d06221c16e with decode enveloped data track total encrypted content size 2025-11-13 12:08:46 -07:00
Sean Parkinson
6c30186168 ECC sign hash: only allow up to max digest size 
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
 2025-11-13 11:53:51 +10:00
David Garske
4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch 
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
 2025-11-11 09:42:38 -08:00
David Garske
2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check 
TLS 1.2 CertificateVerify: validate sig alg matches peer key
 2025-11-11 09:18:11 -08:00
JacobBarthelmeh
4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21 
Regression testing fixes
 2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c Regression testing fixes 
Fix #ifdef protection for AES tests.
 2025-11-11 21:46:04 +10:00
Sean Parkinson
f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR 
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
 2025-11-11 13:20:46 +10:00
Chris Conlon
fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Juliusz Sosinowicz
6e826583a3 DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio 2025-11-06 17:13:45 +01:00
Sean Parkinson
fe69a7cf5a Merge pull request #9390 from kaleb-himes/test-code-bug-fix 
Addressing a bug in the test logic
 2025-11-06 08:49:15 +10:00
kaleb-himes
b379de4119 Addressing a bug in the test logic 2025-11-05 10:28:19 -07:00
Marco Oliverio
33be31aeea test: dtls: add description for WANT_WRITE tests 2025-11-03 13:43:33 +01:00
Marco Oliverio
bb284247b3 test_dtls: change approach in want_write hs testing 2025-11-03 13:43:33 +01:00
Marco Oliverio
412a78261d test_dtls: increase coverage for non-blocking I/O 2025-11-03 13:43:33 +01:00
Marco Oliverio
6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Marco Oliverio
17a08b9e36 test_dtls: return WANT_WRITE in DTLSv1.3 CH parsing 2025-11-03 13:43:33 +01:00
Juliusz Sosinowicz
c14b1a0504 Validate cipher suite after HelloRetryRequest 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
 2025-10-29 13:14:50 +01:00
Sean Parkinson
91a526c218 fixup 2025-10-27 18:02:49 +10:00
Sean Parkinson
093cc04076 Stack API: Pull out implementation into separate file 
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
 2025-10-27 17:08:41 +10:00
Daniel Pouzzner
c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+); 
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
 2025-10-24 15:08:56 -05:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
8533bc803b AES: Improve CFB and OFB and add tests 
Improve performance of CFB and OFB.
Only have one implementation that is used by OFB encrypt and decrypt.

Update AES testing in unit.test.

Update benchmarking of CFB and OFb to include decrypt.
 2025-10-22 12:19:56 +10:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
jordan
525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00