Commit Graph

4464 Commits

Author SHA1 Message Date
Marco Oliverio 609e30a69c test: tls13_early_data: refactor splitEarlyData test option 2025-12-22 09:51:06 +01:00
JacobBarthelmeh d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362
Check KeyShare after HRR
2025-12-19 14:36:31 -07:00
Juliusz Sosinowicz dd35f10b57 ed25519: validate presence of keys in export functions 2025-12-19 10:14:26 +01:00
Chris Conlon 5eef52c6fa Add test for PKCS#7 SignedData with non-OCTET_STRING content 2025-12-18 15:02:02 -07:00
Marco Oliverio 988ba340ba address reviewer's comments 2025-12-18 10:28:54 +01:00
Daniel Pouzzner 33fc601011 tweaks from PRBs results:
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
2025-12-17 11:01:11 -06:00
Daniel Pouzzner 525266c467 wolfssl/wolfcrypt/mem_track.h and wolfcrypt/src/memory.c: add WOLFSSL_API extern memoryStats *wc_MemStats_Ptr, set by InitMemoryTracker() and cleared by CleanupMemoryTracker(), allowing public access to the memory statistics.
tests/unit.c: at end of unit_test(), when WOLFSSL_TRACK_MEMORY, explicitly wolfSSL_Cleanup() then check and error if wc_MemStats_Ptr->currentBytes > 0.
2025-12-17 11:01:10 -06:00
Daniel Pouzzner 918b6973bd tests/api.c: in test_wolfSSL_dtls_stateless_HashWOLFSSL(), when WOLFSSL_SMALL_STACK_CACHE, omit ssl->hsHashes from the comparison (init-time heap pointers destabilize its bit signature). 2025-12-17 11:01:10 -06:00
Juliusz Sosinowicz f61bfd7805 Check KeyShare after HRR 2025-12-17 10:27:04 +01:00
JacobBarthelmeh 9156b50bbc Merge pull request #9538 from SparkiDev/tls13_dup_ext_alert_code_fix
TLS 1.3: duplicate extension alert code fix
2025-12-16 14:43:19 -07:00
Marco Oliverio 0fa0fd2317 (d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations 2025-12-16 10:46:29 +01:00
Marco Oliverio e9f3bd5ddd dtls: test precise header headroom computation 2025-12-16 10:00:30 +01:00
Sean Parkinson 85d40c8e9b Merge pull request #9522 from JacobBarthelmeh/time
tie in use of check_time with x509 store
2025-12-16 08:24:49 +10:00
Sean Parkinson d3863e5fa3 TLS 1.3: duplicate extension alert code fix
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
Daniel Pouzzner 52ee00132d Merge pull request #9528 from SparkiDev/tls13_missing_ext_fix
TLS 1.3 missing extension: return correct alert code
2025-12-15 11:05:02 -06:00
Sean Parkinson 44be44a509 TLS 1.3 missing extension: return correct alert code
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
2025-12-15 09:07:13 +10:00
Ruby Martin 27b5ac9f84 sanitize loop bound in tls_multi_handshakes_one_record() unit test
add additional check for breaking while loop
2025-12-12 14:18:25 -07:00
JacobBarthelmeh 01442a1460 adjust macro guard around test case 2025-12-12 13:36:14 -07:00
JacobBarthelmeh e1bbb71878 tie in use of check_time with x509 store 2025-12-12 09:22:23 -07:00
Daniel Pouzzner 38d5dc6c7a Merge pull request #9510 from embhorn/gh7981
Fix test when ECH and harden are enabled
2025-12-11 13:07:29 -06:00
Daniel Pouzzner 3e8c6811c7 Merge pull request #9518 from SparkiDev/api_c_split_3
api.c: Split out more functions
2025-12-11 13:06:58 -06:00
Daniel Pouzzner ef8bf55528 Merge pull request #9495 from SparkiDev/aarch64_no_hw_crypto_asm_aes
Aarch64 no harware crypto assembly AES
2025-12-11 12:46:07 -06:00
Daniel Pouzzner f07e379d6d Merge pull request #9456 from anhu/test_inits
Initialize test variables; avoid false warnings.
2025-12-11 12:40:44 -06:00
Sean Parkinson b4b617de49 api.c: Split out more functions
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
2025-12-11 19:00:19 +10:00
Sean Parkinson 0b2fb66af6 api.c: Split out more functions
wolfSSL_PEM, wolfSSL_X509, wolfSSL_X509_NAME, wolfSSL_X509_PUBKEY API
testing moved out to separate files.
2025-12-11 15:32:09 +10:00
Eric Blankenhorn 8053e8f9b3 Fix test when ECH and harden are enabled 2025-12-10 08:14:59 -06:00
Sean Parkinson 80b7ea638e Aarch64 no harware crypto assembly AES
Implementations of AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-XTS with base
instructions and NEON but not using crypto instructions.

Benchmark of AES-ECB added.
Updated AES tests.
2025-12-10 08:55:58 +10:00
Juliusz Sosinowicz 24b35badb4 Fix uninit variables 2025-12-09 17:07:40 +01:00
Daniel Pouzzner 12d07c4d43 tests/api/test_rsa.c: in test_wc_RsaPublicEncryptDecrypt(), add FIPS gate around new test coverage from #9454 (23c5678797). 2025-12-06 10:20:45 -06:00
David Garske f01c4f10fa Merge pull request #9454 from SparkiDev/rsa_dec_too_small_output_fix
RSA decrypt: don't write past buffer end on error
2025-12-04 10:06:37 -08:00
Juliusz Sosinowicz 7b82224462 tests: add unit coverage for GetCAByAKID 2025-12-03 10:47:40 +01:00
JacobBarthelmeh a83fb4fc42 revert 6bda10a forcing small stack with async 2025-11-25 00:43:04 -07:00
Anthony Hu cf8b729bae Initialize test variables; avoid false warnings. 2025-11-21 11:59:07 -05:00
Sean Parkinson 23c5678797 RSA decrypt: don't write past buffer end on error
When the decrypted data is bigger than the buffer, the one extra bytes
was being written to.
2025-11-21 12:12:14 +10:00
JacobBarthelmeh a68da8d2d5 update pksc7 decode test for new ca-cert.pem size 2025-11-14 14:53:48 -07:00
JacobBarthelmeh 3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
JacobBarthelmeh 6c74098be5 run renewcerts.sh, gencertbuf.pl, and create_ocsp_test_blobs.py 2025-11-14 14:45:37 -07:00
JacobBarthelmeh d06221c16e with decode enveloped data track total encrypted content size 2025-11-13 12:08:46 -07:00
David Garske 6ff57b8045 Merge pull request #9419 from rlm2002/coverity
Uninitialized variable fix
2025-11-13 08:58:00 -08:00
Sean Parkinson 6c30186168 ECC sign hash: only allow up to max digest size
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
2025-11-13 11:53:51 +10:00
Ruby Martin b2336c57ce initialize ctype variable 2025-11-12 16:48:52 -07:00
Juliusz Sosinowicz 4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
David Garske 6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
2025-11-11 14:05:14 -08:00
David Garske 4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-11 09:42:38 -08:00
David Garske 2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check
TLS 1.2 CertificateVerify: validate sig alg matches peer key
2025-11-11 09:18:11 -08:00
JacobBarthelmeh 4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21
Regression testing fixes
2025-11-11 09:32:43 -07:00
Sean Parkinson d84564217c Regression testing fixes
Fix #ifdef protection for AES tests.
2025-11-11 21:46:04 +10:00
Sean Parkinson f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
2025-11-11 13:20:46 +10:00
Josh Holtrop 3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Daniel Pouzzner ea4311666e Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data
wolfDTLS_accept_stateless: Fix handling for early data
2025-11-08 11:04:19 -06:00