Commit Graph

4068 Commits

Author SHA1 Message Date
Ruby Martin 439012dd57 adjust xfopen commands 2025-02-26 09:05:53 -07:00
Ruby Martin 57646a88ff check if clientfd != SOCKET_INVALID not 0, add check if USE_WINDOWS_API
not defined
2025-02-26 09:03:55 -07:00
Marco Oliverio 07c7b21b10 tests: api: fix test for d2i_CERT_ID refactor 2025-02-25 22:22:43 +00:00
Marco Oliverio 5eef98a5ea ocsp: add OCSP CERT ID encode/decode test 2025-02-25 22:22:43 +00:00
David Garske 3557cc764a Merge pull request #8501 from SparkiDev/digest_test_rework
Digest testing: improve
2025-02-25 13:03:48 -08:00
David Garske f2c5b4e56a Merge pull request #8500 from SparkiDev/evp_aes_gcm_test_fix
test_wolfssl_EVP_aes_gcm: fix for mem fail testing
2025-02-25 09:56:55 -08:00
David Garske bac6771828 Merge pull request #8499 from SparkiDev/crl_list_fix
CRL: fix memory allocation failure leaks
2025-02-25 09:54:55 -08:00
Marco Oliverio 740fb6bafc test: gate ocsp test when SHA-1 is disabled
tests blobs contains sha-1 hashes in certificate status
2025-02-25 15:42:35 +00:00
Marco Oliverio 78ca784826 test: ocsp: fix output file name in script 2025-02-25 15:42:30 +00:00
Marco Oliverio 8b80cb10d6 ocsp: responderID.ByKey is SHA-1 Digest len
Check that responderID.ByKey is exactly WC_SHA_DIGEST_SIZE as per RFC
6960. KEYID_SIZE can change across build configuration.
2025-02-25 15:42:22 +00:00
Reda Chouk 9178c53f79 Fix: Address and clean up code conversion in various files. 2025-02-25 11:17:58 +01:00
Sean Parkinson 6016cc0c97 Digest testing: improve
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.

Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.

Add default digest size enums for Blake2b and Blake2s.
2025-02-25 19:07:20 +10:00
Sean Parkinson 6f268c4369 CRL: fix memory allocation failure leaks
On memory allocation failure, some functions were leaking memory.

Also add reference counting to CRL object so that a deep copy of a list
of CRLs doesn't leak memory.
The test was explicitly freeing each CRL in the list.
2025-02-25 09:05:03 +10:00
Sean Parkinson ac1f25d6f4 test_wolfssl_EVP_aes_gcm: fix for mem fail testing
Fix test to not leak when memory allocation failure testing.
When not supporting AES-GCM streaming, allocation failures occur.
Always call cleanup.
2025-02-25 08:15:43 +10:00
Tobias Frauenschläger 89491c7e36 Improvements for PQC hybrid key exchange
Add support for X25519 and X448 based hybrid PQC + ECC key exchange
groups. Furthermore, two new combinations with SECP curves are added to
match OQS combinations.

This also incorporates the changed order of X25519 and X448 based
combinations to place the PQC material before the ECDH material. This is
motivated by the necessity to always have material of a FIPS approved
algorithm first.

Also, codepoints are updated to reflect the latest draft standards for
pure ML-KEM and some of the hybrids. With these changes and based on the
recent additions to both enable ML-KEM final and draft versions
simultaneously, a WolfSSL TLS server is now compatible with all recent
browsers that support either the draft version of ML-KEM (Chromium based
browsers and Firefox < version 132; only when the draft version is
enabled in the build) or the final version already (Firefox > version 132).

In the process of extending support, some code and logic cleanup
happened. Furthermore, some memory leaks within the hybrid code path have
been fixed.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-21 18:44:40 +01:00
JacobBarthelmeh 01808bebca Merge pull request #8474 from philljj/coverity_feb_2025
coverity: fix test_dtls warnings.
2025-02-20 10:35:47 -07:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
2025-02-20 08:14:15 +10:00
JacobBarthelmeh 539056e749 Merge pull request #8475 from embhorn/gh8473
Fix QUIC callback failure
2025-02-19 14:00:47 -07:00
David Garske 268326d875 Merge pull request #8408 from rizlik/ocsp-resp-refactor
OpenSSL Compat Layer: OCSP response improvments
2025-02-19 11:20:12 -08:00
Eric Blankenhorn 66ed35c910 Fix QUIC callback failure 2025-02-19 10:56:44 -06:00
JacobBarthelmeh 373a7d462a Merge pull request #8472 from SparkiDev/ed25519_fix_tests
Ed25519: fix tests to compile with feature defines
2025-02-19 09:53:10 -07:00
jordan 6f1c31a816 coverity: fix macro warning. 2025-02-19 11:29:45 -05:00
jordan 9a1d60100f coverity: fix test_dtls warnings. 2025-02-19 09:38:15 -05:00
Sean Parkinson 331a713271 Ed25519: fix tests to compile with feature defines
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
2025-02-19 17:41:03 +10:00
Daniel Pouzzner 65f38df74d tests/api.c: refactor several C89-incompatible dynamically constructed arrays using static const. 2025-02-17 17:47:36 -06:00
Marco Oliverio a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio 1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 0af092ec79 ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 4351a5dd70 ocsp/test: better test assertions 2025-02-17 08:59:29 +00:00
Marco Oliverio 69116eb05d ocsp/tests: update blobs and add license header 2025-02-17 08:59:29 +00:00
Marco Oliverio 3724094ce2 ocsp: add test for response with unusable internal cert
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
2025-02-17 08:59:29 +00:00
Marco Oliverio 3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio ae3177c439 ocsp-resp-refactor: fix tests 2025-02-17 08:59:29 +00:00
Marco Oliverio eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
2025-02-17 08:58:03 +00:00
Daniel Pouzzner 690bb14203 tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h. 2025-02-14 10:57:29 -06:00
David Garske 3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz 21dce84448 Add negative tests for DTLS CID 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz 68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
David Garske 846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding
Curve25519: add blinding when using private key
2025-02-12 16:20:51 -08:00
Sean Parkinson bb84ebfd7a Curve25519: add blinding when using private key
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
2025-02-13 08:52:35 +10:00
Sean Parkinson bcd89b0592 Merge pull request #8388 from julek-wolfssl/BN_CTX_get
Implement BN_CTX_get
2025-02-12 08:08:58 +10:00
jordan 922cb73061 test_dual_alg_ecdsa_mldsa: fix decoded cert leak. 2025-02-11 10:58:03 -05:00
David Garske be5f203274 Merge pull request #8425 from philljj/ecdsa_mldsa_test_api
dual alg: add ML-DSA test, and misc cleanup.
2025-02-10 15:05:44 -08:00
David Garske ff41eee2e7 Merge pull request #8413 from SparkiDev/tests_api_digests
API test: move digest functions out
2025-02-10 14:51:19 -08:00
jordan 937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00