Commit Graph

3351 Commits

Author SHA1 Message Date
Juliusz Sosinowicz d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Reda Chouk 8f47b4bb08 Prevent DTLS clients from replaying ClientHello
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Mattia Moffa 3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske 3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
David Garske 71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export
Fix test_wolfSSL_tls_export
2025-08-26 12:11:49 -07:00
Juliusz Sosinowicz d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz 5934c1eece Fix test_wolfSSL_tls_export
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
2025-08-26 11:04:54 +02:00
Sean Parkinson 115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Kareem 623c593210 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_verify 2025-08-25 11:36:12 -07:00
Daniel Pouzzner e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER;
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
2025-08-22 21:58:00 -05:00
Kareem c2eeeafdbe Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-08-22 13:56:44 -07:00
JacobBarthelmeh bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
2025-08-22 14:43:46 -06:00
Kareem 4a067fa1bc Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it
may be skipped, modifying the return code.
2025-08-22 11:29:21 -07:00
Kareem 077beaecd8 Fix memory leak in unit test, fix for loop syntax. 2025-08-21 16:33:57 -07:00
Kareem b53db94f1e x509_verify_cert: Code review feedback. 2025-08-21 15:35:29 -07:00
Kareem cb985dcfa8 ECC required for newly added unit test. 2025-08-18 10:21:54 -07:00
Kareem 1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem 6b01053d98 Add test case for new x509_verify_cert retry functionality.
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Juliusz Sosinowicz ffe3d80f8d Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Kareem c535e281c6 Skip unit test when using Apple native cert validation. 2025-08-14 11:34:15 -07:00
Kareem cb3f7de3f7 Fix issues found by CI/CD tests. 2025-08-14 11:34:15 -07:00
Kareem 3bcbbd2924 Fix issue with loading PEM certs. Address code review feedback.
Add tests.
2025-08-14 11:34:15 -07:00
Daniel Pouzzner bd4e723f9d add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex();
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;

refactor cpuid_set_flags() to be race-free;

wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()

wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;

.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
2025-08-14 08:44:28 -05:00
effbiae 0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
Ruby Martin a02025d0c9 add session ticket length return check to api tests 2025-08-13 08:29:30 -06:00
Albert Ribes e36daf41a4 Store in extensions the full octet string (#8967)
* Store in extensions the full octet string

Store in WOLFSSL_X509_EXTENSION.value always the full contents of the
OCTET STRING of the extension, instead of different type of data
depending on the type of extension. Previously this was only done for
unknown extensions.

* Avoid local variables in 'DecodeExtKeyUsageInternal'

There is a great performance loss on configs using 'WOLFSSL_NO_MALLOC',
'WOLFSSL_STATIC_MEMORY' and 'USE_FAST_MATH' if function
'DecodeExtKeyUsageInternal' uses intermediate variables. This can be
observed running the Zephyr test 'wolfssl_test/prj-no-malloc.conf'.

Avoid using intermediate variables, and use raw pointers to the final
destination instead.

* Add missing calls to 'FreeDecodedCert'

* Return error code from 'wolfSSL_ASN1_STRING_into_old_ext_fmt'

* Fix lines larger than 80

* Allow NULL parameters for 'DecodeAuthKeyId'

* Add comment explaining build option '--enable-old-extdata-fmt'

* Test full OCTET STRING in tests/api.c

* wolfSSL_X509V3_EXT_d2i: Honor 'WOLFSSL_SMALL_STACK'

* zephyr/wolfssl_test_no_malloc: Increase test timeout

* wolfSSL_X509V3_EXT_d2i: Extract repeated code into common part

* wolfcrypt: Remove 'WOLFSSL_LOCAL' from .c files

* wolfcrypt: Change location of functions to make diff easier
2025-08-11 10:33:15 -07:00
Juliusz Sosinowicz 0d532cc3f2 Test DTLS replay protection 2025-08-07 19:52:05 +02:00
Daniel Pouzzner 76c4ee9ff5 Merge pull request #9056 from SparkiDev/asn_orig_decrypt_content_fix
ASN.1 original: Fix DecryptContent to check sequence len
2025-08-06 11:03:49 -05:00
Daniel Pouzzner b8463dc5c1 Merge pull request #9062 from kareem-wolfssl/gh9059
Fix wolfSSL_i2d_PublicKey not returning SPKI format for ECC keys.
2025-08-06 11:03:28 -05:00
Daniel Pouzzner 8e77ee5c2a Merge pull request #9064 from SparkiDev/test_api_c_split_2
api.c: split out more tests into separate files
2025-08-06 10:51:25 -05:00
Kareem 36e0e3aa53 Fix wolfSSL_i2d_PublicKey not returning SPKI format for ECC keys. 2025-08-05 17:20:47 -07:00
Daniel Pouzzner 034cbb9b97 tests/api.c: fix -Wuninitialized-const-pointer in test_wolfSSL_CertManagerAPI();
wolfcrypt/benchmark/benchmark.c:

* use WC_RELAX_LONG_LOOP() as default definition of TEST_SLEEP(), and remove WC_RELAX_LONG_LOOP() from bench_stats_sym_finish()/bench_stats_asym_finish_ex();
* when WOLFSSL_LINUXKM but !WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS., properly wrap kernel_fpu_begin...end around floating point ops.
2025-08-05 17:05:36 -05:00
Sean Parkinson dbb75c46c9 ASN.1 original: Fix DecryptContent to check sequence len
Original ASN.1 code wasn't checking that data in a sequence didn't
exceed the length of the sequence.
In particular, the contents of the parameters and the PKCS#5 parameters.
2025-08-06 07:42:09 +10:00
Sean Parkinson b40e3d479f api.c: split out more tests into separate files
wolfCrypt PKCS7
wolfCrypt PKCS12
OpenSSL compat ASN.1
OpenSSL compat BN
OpenSSL comppat BIO
OpenSSL comppat Digest
OpenSSL comppat MAC
OpenSSL comppat Cipher
OpenSSL comppat RSA
OpenSSL comppat DH
OpenSSL comppat EC
OpenSSL comppat ECX
OpenSSL comppat DSA
2025-08-05 19:32:56 +10:00
JacobBarthelmeh 0392ee009f Merge pull request #9033 from anhu/mlkem-hybrid-draft-names-wolfssl
Rename ML-KEM hybrids to match IETF Draft.
2025-08-01 10:21:54 -06:00
Anthony Hu 6f66f4fda3 Use correct string in the unit tests. 2025-07-31 10:35:32 -04:00
JacobBarthelmeh 46347173b2 Merge pull request #9034 from holtrop/allow-pkcs7-without-x963-kdf
Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset
2025-07-30 10:05:09 -06:00
Josh Holtrop ccb463dd1d Fix unit test coverity defect in test_wc_PKCS7_SetAESKeyWrapUnwrapCb() 2025-07-30 10:37:28 -04:00
Josh Holtrop df7e105fb7 Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset 2025-07-29 11:46:44 -04:00
Josh Holtrop 26a4ea93eb Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset 2025-07-28 12:40:35 -04:00
Josh Holtrop 804c4f20b5 Explicitly initialize some unit test variables to avoid warnings 2025-07-24 18:51:58 -04:00
Josh Holtrop 1226dedeb8 Check that we don't run out of space for the RID structure 2025-07-24 15:52:34 -04:00
Josh Holtrop 71bd9e2f6e Make unit test more resilient to earlier errors 2025-07-24 15:46:01 -04:00
Josh Holtrop 6309b241cd Fix some clang-tidy warnings in unit test 2025-07-24 15:42:55 -04:00
Josh Holtrop cf843c8b82 Add wc_PKCS7_GetEnvelopedDataKariRid()
Allow access to recipient ID before attempting to decrypt content.
2025-07-24 11:15:30 -04:00
David Garske 6aabc73845 Merge pull request #9018 from holtrop/decode-skp
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
2025-07-23 16:01:58 -07:00
David Garske 44eba446ec Merge pull request #9002 from holtrop/aes-key-wrap-callbacks
Add callback functions for custom AES key wrap/unwrap operations
2025-07-23 16:01:49 -07:00
Josh Holtrop 86d7d42eb6 Comment test ASN DER sequences 2025-07-22 20:29:44 -04:00