wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 00:22:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,725 Commits 12 Branches 184 Tags
c5ae76e40df8317a913d8901295d4d84785d95bb
Commit Graph

196 Commits

Author SHA1 Message Date
Sean Parkinson
91a526c218 fixup 2025-10-27 18:02:49 +10:00
Sean Parkinson
093cc04076 Stack API: Pull out implementation into separate file 
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
 2025-10-27 17:08:41 +10:00
Daniel Pouzzner
c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+); 
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
 2025-10-24 15:08:56 -05:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
8533bc803b AES: Improve CFB and OFB and add tests 
Improve performance of CFB and OFB.
Only have one implementation that is used by OFB encrypt and decrypt.

Update AES testing in unit.test.

Update benchmarking of CFB and OFb to include decrypt.
 2025-10-22 12:19:56 +10:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
jordan
525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Daniel Pouzzner
9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Sean Parkinson
c111c5bacc Regression testing 
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
 2025-10-16 12:13:32 +10:00
effbiae
6bda10abd0 define WOLFSSL_SMALL_STACK in tests and benchmark for ASYNC 2025-10-11 11:40:30 +11:00
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
David Garske
f8c2e9c000 Merge pull request #9134 from JacobBarthelmeh/csharp 
update mono build README instructions
 2025-10-10 09:21:07 -07:00
Juliusz Sosinowicz
b32c1aa15c fixup! Add message order sanity checks 2025-10-08 13:33:09 +02:00
Juliusz Sosinowicz
10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
JacobBarthelmeh
33030c2862 fix for macro guard in dtls test case 2025-10-07 16:27:18 -06:00
Kareem
233e574f32 Merge remote-tracking branch 'upstream/master' into zd20595 2025-10-07 14:23:21 -07:00
Kareem
931384a117 Merge branch 'master' into zd20595 2025-10-07 14:21:46 -07:00
David Garske
b75af93a05 Merge pull request #9278 from JacobBarthelmeh/pkcs7_stream 
coverity warnings on test case, CID 549270 and 549271
 2025-10-07 10:19:01 -07:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
JacobBarthelmeh
1237a5468f coverity warnings on test case, CID 549270 and 549271 2025-10-07 09:35:37 -06:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00
David Garske
92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream 
Fix to advance past multiple recipients
 2025-10-06 11:27:03 -07:00
Juliusz Sosinowicz
f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
32e24e8199 Suppress Coverity deadcode warning in test_ocsp_tls_cert_cb 2025-10-06 16:26:45 +02:00
JacobBarthelmeh
12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh
328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
Daniel Pouzzner
408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero(); 
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
 2025-10-02 14:38:05 -05:00
Kareem
abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Kareem
a3a08e81a9 Fix running tests in FIPS mode with hash DRBG disabled. 2025-09-30 16:15:21 -07:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Juliusz Sosinowicz
f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Mattia Moffa
26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
Mattia Moffa
4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
Reda Chouk
e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Mattia Moffa
5efc4a7cd0 Fix tests 2025-09-19 16:45:15 +02:00
Kareem
23f595586d Fix building with --enable-keygen --enable-rsavfy. 2025-09-18 16:21:08 -07:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Mattia Moffa
3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00