wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 17:22:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,556 Commits 12 Branches 184 Tags
2c2eb2a2854daadcc76d0ed7ba261fe1ac2f040c
Commit Graph

24556 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marco Oliverio
2c2eb2a285 ocsp: improve OCSP response signature validation 
- search for the signer in the CertificateManager if the embedded cert
  verification fails in original asn template.
 2025-02-17 08:59:29 +00:00
Marco Oliverio
3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio
ae3177c439 ocsp-resp-refactor: fix tests 2025-02-17 08:59:29 +00:00
Marco Oliverio
851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio
eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio
f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio
2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio
3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic 
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
 2025-02-17 08:58:03 +00:00
Marco Oliverio
b7f08b81a6 ocsp: adapt ASN original to new OCSP response refactor 2025-02-17 08:58:03 +00:00
Marco Oliverio
f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Marco Oliverio
d7711f04ab openssl compat: skip OCSP response verification in statusCb 
This aligns with OpenSSL behavior
 2025-02-17 08:58:02 +00:00
Marco Oliverio
dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
Kaleb Himes
79744a7736 Merge pull request #8455 from douzzer/20250214-fix-wolfEntropy-configure-handling 
20250214-fix-wolfEntropy-configure-handling
 2025-02-14 17:14:29 -07:00
Daniel Pouzzner
39ed0eabff configure.ac: fix handling of --enable-wolfEntropy (don't re-default to no in following --enable-entropy-memuse clause). 2025-02-14 15:39:42 -06:00
David Garske
842b9a3709 Merge pull request #8433 from julek-wolfssl/dtls-cid-negative-tests 
Update DTLS CID Tests and Reorganize Test Utilities
 2025-02-14 11:26:57 -08:00
Daniel Pouzzner
c9de3d63f9 Merge pull request #8453 from kaleb-himes/SRTP-KDF-SCRIPT-UPDATE 
Update tag for v6.0.0 module checkout
 2025-02-14 13:24:25 -06:00
David Garske
e529ad51fc Merge pull request #8451 from douzzer/20240214-workflow-TEST_OPENSSL_COEXIST 
20250214-workflow-TEST_OPENSSL_COEXIST
 2025-02-14 11:12:28 -08:00
kaleb-himes
a6a15e6211 Update tag for v6.0.0 module checkout 2025-02-14 11:38:19 -07:00
Daniel Pouzzner
10d5d59977 add .github/workflows/opensslcoexist.yml. fix TEST_OPENSSL_COEXIST section of wolfssl/ssl.h for compatibility with OpenSSL <3.2. also, remove frivolous entry for WOLFSSL_HMAC_COPY_HASH in .wolfssl_known_macro_extras. 2025-02-14 12:19:12 -06:00
Daniel Pouzzner
690bb14203 tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h. 2025-02-14 10:57:29 -06:00
David Garske
29f2767b88 Merge pull request #8441 from philljj/wolfio_comments 
wolfio: comment ifdef endif blocks.
 2025-02-14 08:55:31 -08:00
Juliusz Sosinowicz
cfa6fbfcef Correct wolfSSL_dtls_cid_parse declaration in docs 2025-02-14 09:51:29 -06:00
David Garske
3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
7380ec68bb cmake.yml: fix error and run tests with ctest 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
825ca22bd8 Fix cmake build 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
ede34f132b fixup! Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
301a9a97cc Don't use buffer as it can shadow global declarations 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
21dce84448 Add negative tests for DTLS CID 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
jordan
f2bb063ca4 wolfio: peer review comment cleanup. 2025-02-14 08:36:26 -05:00
Daniel Pouzzner
60c1558142 Merge pull request #8447 from dgarske/memleak 
Fixed possible memory leaks
 2025-02-14 00:26:09 -06:00
Daniel Pouzzner
e806bd76bb Merge pull request #8445 from SparkiDev/perf_improv_1 
Performance improvements
 2025-02-13 23:25:47 -06:00
David Garske
1432bd415a Merge pull request #8449 from ColtonWilley/x509_store_mem_leak 
Fix memory leak in X509 STORE
 2025-02-13 16:18:11 -08:00
Colton Willey
e197cdfb36 Fix memory leak in X509 STORE 2025-02-13 14:49:18 -08:00
David Garske
746aa9b171 Merge pull request #8443 from ColtonWilley/add_cert_rel_prefix 
Add a cert relative prefix option for tests
 2025-02-13 14:48:06 -08:00
David Garske
14d696952d Merge pull request #8448 from anhu/vuln_to_support 
Point people to support@wolfssl.com for vuln reports.
 2025-02-13 14:47:37 -08:00
Anthony Hu
a5ac5aff17 an -> a 2025-02-13 14:50:32 -05:00
Anthony Hu
cab376c0ce Point people to support@wolfssl.com for vuln reports. 2025-02-13 14:48:32 -05:00
Colton Willey
b119182c9d Add to known macro list 2025-02-13 09:35:39 -08:00
David Garske
f943f6ff5c Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414. 2025-02-13 08:20:37 -08:00
David Garske
db0fa304a8 Merge pull request #8436 from SparkiDev/mlkem_cache_a 
ML-KEM/Kyber: cache A from key generation for decapsulation
 2025-02-12 17:29:38 -08:00
Sean Parkinson
896ec239c3 Merge pull request #8444 from douzzer/20250212-add-pq-and-c-fallback-workflows 
20250212-add-pq-and-c-fallback-workflows
 2025-02-13 10:29:15 +10:00
David Garske
846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson
365aac0306 Merge pull request #8393 from anhu/draft-tls-westerbaan-mldsa 
New codepoint for MLDSA
 2025-02-13 10:20:30 +10:00
Sean Parkinson
9253d1d3ac ML-KEM/Kyber: cache A from key generation for decapsulation 
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
  1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
 2025-02-13 10:12:05 +10:00
Sean Parkinson
bfd52decb6 Performance improvements 
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
 2025-02-13 09:55:55 +10:00
Daniel Pouzzner
5352ce06e5 add .github/workflows/{pq-all.yml,intelasm-c-fallback.yml}. 2025-02-12 17:32:41 -06:00
Sean Parkinson
bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
David Garske
0e474fc673 Merge pull request #8437 from LinuxJedi/SE050-changes 
Minor SE050 improvements
 2025-02-12 14:50:36 -08:00