wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 20:22:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,004 Commits 12 Branches 184 Tags
5b7480486eb2cc8a00fd2de7797301a4ea492964
Commit Graph

220 Commits

Author SHA1 Message Date
David Garske
f01c4f10fa Merge pull request #9454 from SparkiDev/rsa_dec_too_small_output_fix 
RSA decrypt: don't write past buffer end on error
 2025-12-04 10:06:37 -08:00
Juliusz Sosinowicz
7b82224462 tests: add unit coverage for GetCAByAKID 2025-12-03 10:47:40 +01:00
JacobBarthelmeh
a83fb4fc42 revert 6bda10a forcing small stack with async 2025-11-25 00:43:04 -07:00
Sean Parkinson
23c5678797 RSA decrypt: don't write past buffer end on error 
When the decrypted data is bigger than the buffer, the one extra bytes
was being written to.
 2025-11-21 12:12:14 +10:00
JacobBarthelmeh
a68da8d2d5 update pksc7 decode test for new ca-cert.pem size 2025-11-14 14:53:48 -07:00
JacobBarthelmeh
3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
JacobBarthelmeh
6c74098be5 run renewcerts.sh, gencertbuf.pl, and create_ocsp_test_blobs.py 2025-11-14 14:45:37 -07:00
JacobBarthelmeh
d06221c16e with decode enveloped data track total encrypted content size 2025-11-13 12:08:46 -07:00
Sean Parkinson
6c30186168 ECC sign hash: only allow up to max digest size 
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
 2025-11-13 11:53:51 +10:00
David Garske
4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch 
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
 2025-11-11 09:42:38 -08:00
David Garske
2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check 
TLS 1.2 CertificateVerify: validate sig alg matches peer key
 2025-11-11 09:18:11 -08:00
JacobBarthelmeh
4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21 
Regression testing fixes
 2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c Regression testing fixes 
Fix #ifdef protection for AES tests.
 2025-11-11 21:46:04 +10:00
Sean Parkinson
f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR 
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
 2025-11-11 13:20:46 +10:00
Chris Conlon
fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Juliusz Sosinowicz
6e826583a3 DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio 2025-11-06 17:13:45 +01:00
Sean Parkinson
fe69a7cf5a Merge pull request #9390 from kaleb-himes/test-code-bug-fix 
Addressing a bug in the test logic
 2025-11-06 08:49:15 +10:00
kaleb-himes
b379de4119 Addressing a bug in the test logic 2025-11-05 10:28:19 -07:00
Marco Oliverio
33be31aeea test: dtls: add description for WANT_WRITE tests 2025-11-03 13:43:33 +01:00
Marco Oliverio
bb284247b3 test_dtls: change approach in want_write hs testing 2025-11-03 13:43:33 +01:00
Marco Oliverio
412a78261d test_dtls: increase coverage for non-blocking I/O 2025-11-03 13:43:33 +01:00
Marco Oliverio
6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Marco Oliverio
17a08b9e36 test_dtls: return WANT_WRITE in DTLSv1.3 CH parsing 2025-11-03 13:43:33 +01:00
Juliusz Sosinowicz
c14b1a0504 Validate cipher suite after HelloRetryRequest 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
 2025-10-29 13:14:50 +01:00
Sean Parkinson
91a526c218 fixup 2025-10-27 18:02:49 +10:00
Sean Parkinson
093cc04076 Stack API: Pull out implementation into separate file 
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
 2025-10-27 17:08:41 +10:00
Daniel Pouzzner
c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+); 
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
 2025-10-24 15:08:56 -05:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
8533bc803b AES: Improve CFB and OFB and add tests 
Improve performance of CFB and OFB.
Only have one implementation that is used by OFB encrypt and decrypt.

Update AES testing in unit.test.

Update benchmarking of CFB and OFb to include decrypt.
 2025-10-22 12:19:56 +10:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
jordan
525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Daniel Pouzzner
9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Sean Parkinson
c111c5bacc Regression testing 
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
 2025-10-16 12:13:32 +10:00
effbiae
6bda10abd0 define WOLFSSL_SMALL_STACK in tests and benchmark for ASYNC 2025-10-11 11:40:30 +11:00
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
David Garske
f8c2e9c000 Merge pull request #9134 from JacobBarthelmeh/csharp 
update mono build README instructions
 2025-10-10 09:21:07 -07:00
Juliusz Sosinowicz
b32c1aa15c fixup! Add message order sanity checks 2025-10-08 13:33:09 +02:00
Juliusz Sosinowicz
10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
JacobBarthelmeh
33030c2862 fix for macro guard in dtls test case 2025-10-07 16:27:18 -06:00
Kareem
233e574f32 Merge remote-tracking branch 'upstream/master' into zd20595 2025-10-07 14:23:21 -07:00
Kareem
931384a117 Merge branch 'master' into zd20595 2025-10-07 14:21:46 -07:00
David Garske
b75af93a05 Merge pull request #9278 from JacobBarthelmeh/pkcs7_stream 
coverity warnings on test case, CID 549270 and 549271
 2025-10-07 10:19:01 -07:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
JacobBarthelmeh
1237a5468f coverity warnings on test case, CID 549270 and 549271 2025-10-07 09:35:37 -06:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00
David Garske
92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream 
Fix to advance past multiple recipients
 2025-10-06 11:27:03 -07:00
Juliusz Sosinowicz
f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00