wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 00:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,507 Commits 12 Branches 184 Tags
883da3dd351f6450c3f40b0d487e7d5fb59caeeb
Commit Graph

178 Commits

Author SHA1 Message Date
Kareem
233e574f32 Merge remote-tracking branch 'upstream/master' into zd20595 2025-10-07 14:23:21 -07:00
Kareem
931384a117 Merge branch 'master' into zd20595 2025-10-07 14:21:46 -07:00
David Garske
b75af93a05 Merge pull request #9278 from JacobBarthelmeh/pkcs7_stream 
coverity warnings on test case, CID 549270 and 549271
 2025-10-07 10:19:01 -07:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
JacobBarthelmeh
1237a5468f coverity warnings on test case, CID 549270 and 549271 2025-10-07 09:35:37 -06:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00
David Garske
92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream 
Fix to advance past multiple recipients
 2025-10-06 11:27:03 -07:00
Juliusz Sosinowicz
f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
32e24e8199 Suppress Coverity deadcode warning in test_ocsp_tls_cert_cb 2025-10-06 16:26:45 +02:00
JacobBarthelmeh
12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh
328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
Daniel Pouzzner
408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero(); 
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
 2025-10-02 14:38:05 -05:00
Kareem
abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Kareem
a3a08e81a9 Fix running tests in FIPS mode with hash DRBG disabled. 2025-09-30 16:15:21 -07:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Juliusz Sosinowicz
f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Mattia Moffa
26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
Mattia Moffa
4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
Reda Chouk
e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Mattia Moffa
5efc4a7cd0 Fix tests 2025-09-19 16:45:15 +02:00
Kareem
23f595586d Fix building with --enable-keygen --enable-rsavfy. 2025-09-18 16:21:08 -07:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Mattia Moffa
3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske
3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Josh Holtrop
98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Sean Parkinson
0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn 
Improve original implementation on SetAsymKeyDer() and the test
 2025-08-18 22:11:25 +10:00
Koji Takeda
0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
David Garske
d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Daniel Pouzzner
e24f76bb1e Merge pull request #9057 from SparkiDev/mldsa_x64_asm 
ML-DSA/Dilithium: Intel x64 ASM
 2025-08-11 23:12:44 -05:00
Juliusz Sosinowicz
0d532cc3f2 Test DTLS replay protection 2025-08-07 19:52:05 +02:00
Sean Parkinson
648a057147 ML-DSA/Dilithium: Intel x64 ASM 
Optimize code knowing it is for Intel x64.
Change signing to calculate one polynomial at a time so that if it isn't
valid then we fail early.
Other minor improvements.
Move the SHA-3 4 blocks at a time assembly into SHA-3 asm file.
Make constants in assembly the same length (front pad with zeros).
 2025-08-07 14:01:50 +10:00
David Garske
1693f72af7 Fixes for issues copilot found. 2025-08-05 07:22:04 -07:00
Sean Parkinson
b40e3d479f api.c: split out more tests into separate files 
wolfCrypt PKCS7
wolfCrypt PKCS12
OpenSSL compat ASN.1
OpenSSL compat BN
OpenSSL comppat BIO
OpenSSL comppat Digest
OpenSSL comppat MAC
OpenSSL comppat Cipher
OpenSSL comppat RSA
OpenSSL comppat DH
OpenSSL comppat EC
OpenSSL comppat ECX
OpenSSL comppat DSA
 2025-08-05 19:32:56 +10:00
Koji Takeda
2891815965 Fix errors on #9000 2025-07-31 16:04:22 +09:00
Koji Takeda
09deacbe8f Revert "Merge pull request #9045 from douzzer/20250730-revert-PR9000" 
This reverts commit 70af2be5ab, reversing
changes made to 46347173b2.
 2025-07-31 14:14:51 +09:00
Daniel Pouzzner
26806cda7b Revert "Support importing seed of ML-DSA key" 
This reverts commit a82d1a6b12.
 2025-07-30 15:39:57 -05:00
Daniel Pouzzner
d0bf9c4b3c Revert "Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE" 
This reverts commit bbcdfe92e0.
 2025-07-30 15:39:53 -05:00
Koji Takeda
bbcdfe92e0 Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE 2025-07-28 21:46:28 +09:00
Koji Takeda
a82d1a6b12 Support importing seed of ML-DSA key 2025-07-28 21:46:28 +09:00
JacobBarthelmeh
c25efcee92 Merge pull request #9028 from dgarske/md5_sha1 
Fixes for building with MD5 and SHA1 to support Hash `WC_HASH_TYPE_MD5_SHA`
 2025-07-24 10:41:22 -06:00