wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 12:54:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
24,747 Commits 13 Branches 184 Tags
16eb8d9ec97aea5340a618c24cb1f0be85b6c9db
Commit Graph

24747 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner 8aa2799aeb wolfssl/wolfcrypt/types.h: don't define HAVE_EMPTY_AGGREGATES when defined(__cplusplus) (fixes #8478). 2025-02-20 16:49:48 -06:00
JacobBarthelmeh 781d85284c Merge pull request #8479 from SparkiDev/intel_vzeroupper 
Intel AVX1/SSE2 ASM: no ymm/zmm regs no vzeroupper
 2025-02-20 15:37:01 -07:00
Chris Conlon 9892ae0cb3 Enable DTLS 1.3 by default in --enable-jni build 2025-02-20 15:05:56 -07:00
Daniel Pouzzner 41b4ac5599 misc.c: undo changes in 82b50f19c6 "when Intel x64 build, assume able to read/write unaligned" -- provokes sanitizer on amd64, and is not portable (e.g. different behavior on Intel vs AMD). all performance-sensitive word64 reads/writes should be on known-aligned data. 2025-02-20 15:00:22 -06:00
JacobBarthelmeh 01808bebca Merge pull request #8474 from philljj/coverity_feb_2025 
coverity: fix test_dtls warnings.
 2025-02-20 10:35:47 -07:00
JacobBarthelmeh 619a41f9da Merge pull request #8476 from philljj/coverity_null_check 
coverity: dereference before null check.
 2025-02-20 10:33:58 -07:00
Sean Parkinson e90e3aa7c6 Intel AVX1/SSE2 ASM: no ymm/zmm regs no vzeroupper 
vzeroupper instruction not needed to be invoked unless ymm or zmm
registers are used.
 2025-02-20 22:35:20 +10:00
jordan 95e26f5b27 coverity: dereference before null check. 2025-02-19 23:23:41 -05:00
David Garske 93000e5f14 Merge pull request #8467 from SparkiDev/kyber_improv_2 
ML-KEM/Kyber: improvements
 2025-02-19 16:42:42 -08:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements 
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
 2025-02-20 08:14:15 +10:00
JacobBarthelmeh 539056e749 Merge pull request #8475 from embhorn/gh8473 
Fix QUIC callback failure
 2025-02-19 14:00:47 -07:00
David Garske 268326d875 Merge pull request #8408 from rizlik/ocsp-resp-refactor 
OpenSSL Compat Layer: OCSP response improvments
 2025-02-19 11:20:12 -08:00
Daniel Pouzzner 597b839217 Merge pull request #8468 from jmalak/fix-test-c89 
correct test source file to follow C89 standard
 2025-02-19 11:23:48 -06:00
Eric Blankenhorn 66ed35c910 Fix QUIC callback failure 2025-02-19 10:56:44 -06:00
JacobBarthelmeh 373a7d462a Merge pull request #8472 from SparkiDev/ed25519_fix_tests 
Ed25519: fix tests to compile with feature defines
 2025-02-19 09:53:10 -07:00
jordan 6f1c31a816 coverity: fix macro warning. 2025-02-19 11:29:45 -05:00
jordan 9a1d60100f coverity: fix test_dtls warnings. 2025-02-19 09:38:15 -05:00
Sean Parkinson 331a713271 Ed25519: fix tests to compile with feature defines 
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
 2025-02-19 17:41:03 +10:00
JacobBarthelmeh 393c92c3eb Merge pull request #8464 from kaleb-himes/SRTP-WIN-PORTING 
Porting to Windows 11 MSVS 2022
 2025-02-18 16:16:14 -07:00
Jiri Malak 3c74be333e correct test source file to follow C89 standard 
for OpenSSL interface
 2025-02-18 22:12:11 +01:00
JacobBarthelmeh 48f1c3b57d Merge pull request #8465 from douzzer/20250217-fix-test-c89 
20250217-fix-test-c89
 2025-02-18 08:44:17 -08:00
David Garske ff70cdf9d8 Merge pull request #8466 from douzzer/20250217-fixes 
20250217-fixes
 2025-02-17 19:39:38 -08:00
Daniel Pouzzner 258afa5493 wolfcrypt/src/pkcs7.c: in PKCS7_EncodeSigned(), check for error from SetSerialNumber(). 2025-02-17 18:05:04 -06:00
Daniel Pouzzner 65f38df74d tests/api.c: refactor several C89-incompatible dynamically constructed arrays using static const. 2025-02-17 17:47:36 -06:00
kaleb-himes e0bc6ef9df Porting to Windows 11 MSVS 2022 2025-02-17 16:18:10 -07:00
David Garske a2c8168c96 Merge pull request #8460 from embhorn/gh8456 
Fix cmake lean_tls build
 2025-02-17 14:57:52 -08:00
Eric Blankenhorn bc79803c1a Add workflow test 2025-02-17 15:16:29 -06:00
JacobBarthelmeh 3e38bdcd2c Merge pull request #8450 from dgarske/stm32_pka_ecc521 
Fix for STM32 PKA ECC 521-bit support
 2025-02-17 08:27:45 -08:00
Marco Oliverio 7db3c34e2b ocsp: enable OPENSSL tlsext status cb for NGINX and HAPROXY 2025-02-17 14:53:49 +00:00
Eric Blankenhorn 1970fec190 Fix cmake lean_tls build 2025-02-17 08:17:05 -06:00
Marco Oliverio a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio 0945101948 ocsp: fix: remove duplicated code 2025-02-17 11:25:24 +00:00
Marco Oliverio 1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 0af092ec79 ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 4351a5dd70 ocsp/test: better test assertions 2025-02-17 08:59:29 +00:00
Marco Oliverio 69116eb05d ocsp/tests: update blobs and add license header 2025-02-17 08:59:29 +00:00
Marco Oliverio c1c9af5cb6 minor: improve indentation of guards 2025-02-17 08:59:29 +00:00
Marco Oliverio 3724094ce2 ocsp: add test for response with unusable internal cert 
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
 2025-02-17 08:59:29 +00:00
Marco Oliverio 2c2eb2a285 ocsp: improve OCSP response signature validation 
- search for the signer in the CertificateManager if the embedded cert
  verification fails in original asn template.
 2025-02-17 08:59:29 +00:00
Marco Oliverio 3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio ae3177c439 ocsp-resp-refactor: fix tests 2025-02-17 08:59:29 +00:00
Marco Oliverio 851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio 3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic 
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
 2025-02-17 08:58:03 +00:00
Marco Oliverio b7f08b81a6 ocsp: adapt ASN original to new OCSP response refactor 2025-02-17 08:58:03 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Marco Oliverio d7711f04ab openssl compat: skip OCSP response verification in statusCb 
This aligns with OpenSSL behavior
 2025-02-17 08:58:02 +00:00