wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 19:22:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,156 Commits 12 Branches 184 Tags
d6dcd307366ddfac74a33e5417c847e53aa3e5c8
Commit Graph

3241 Commits

Author SHA1 Message Date
Daniel Pouzzner
33fc601011 tweaks from PRBs results: 
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
 2025-12-17 11:01:11 -06:00
Daniel Pouzzner
918b6973bd tests/api.c: in test_wolfSSL_dtls_stateless_HashWOLFSSL(), when WOLFSSL_SMALL_STACK_CACHE, omit ssl->hsHashes from the comparison (init-time heap pointers destabilize its bit signature). 2025-12-17 11:01:10 -06:00
Ruby Martin
27b5ac9f84 sanitize loop bound in tls_multi_handshakes_one_record() unit test 
add additional check for breaking while loop
 2025-12-12 14:18:25 -07:00
Daniel Pouzzner
38d5dc6c7a Merge pull request #9510 from embhorn/gh7981 
Fix test when ECH and harden are enabled
 2025-12-11 13:07:29 -06:00
Daniel Pouzzner
3e8c6811c7 Merge pull request #9518 from SparkiDev/api_c_split_3 
api.c: Split out more functions
 2025-12-11 13:06:58 -06:00
Daniel Pouzzner
f07e379d6d Merge pull request #9456 from anhu/test_inits 
Initialize test variables; avoid false warnings.
 2025-12-11 12:40:44 -06:00
Sean Parkinson
b4b617de49 api.c: Split out more functions 
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
 2025-12-11 19:00:19 +10:00
Sean Parkinson
0b2fb66af6 api.c: Split out more functions 
wolfSSL_PEM, wolfSSL_X509, wolfSSL_X509_NAME, wolfSSL_X509_PUBKEY API
testing moved out to separate files.
 2025-12-11 15:32:09 +10:00
Eric Blankenhorn
8053e8f9b3 Fix test when ECH and harden are enabled 2025-12-10 08:14:59 -06:00
Anthony Hu
cf8b729bae Initialize test variables; avoid false warnings. 2025-11-21 11:59:07 -05:00
JacobBarthelmeh
3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
David Garske
6ff57b8045 Merge pull request #9419 from rlm2002/coverity 
Uninitialized variable fix
 2025-11-13 08:58:00 -08:00
Ruby Martin
b2336c57ce initialize ctype variable 2025-11-12 16:48:52 -07:00
Juliusz Sosinowicz
4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
Josh Holtrop
3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson
f376c8d910 Merge pull request #9388 from lealem47/scan_build 
Various fixes for nightly tests
 2025-11-07 09:30:08 +10:00
Lealem Amedie
08db159c5d Fixes for minor scan-build warnings 2025-11-05 21:27:06 -07:00
Marco Oliverio
6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Juliusz Sosinowicz
c14b1a0504 Validate cipher suite after HelloRetryRequest 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
 2025-10-29 13:14:50 +01:00
Daniel Pouzzner
8c60b7b250 src/internal.c and tests/api.c: fix clang-analyzer-core.NullPointerArithms. 2025-10-28 16:42:14 -05:00
Sean Parkinson
093cc04076 Stack API: Pull out implementation into separate file 
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
 2025-10-27 17:08:41 +10:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
night1rider
f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
night1rider
0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
Daniel Pouzzner
6ee660841b fixes/workarounds for -Wnull-dereferences, some true positive, some false 
positive:
* src/pk.c:wolfSSL_RSA_meth_new()
* tests/api.c:test_wolfSSL_PKCS7_certs()
* tests/api.c:test_wolfSSL_X509V3_EXT_get()
* wolfcrypt/src/asn.c:EncodeName()
* wolfcrypt/src/pkcs12.c:wc_i2d_PKCS12()
* wolfcrypt/src/port/af_alg/afalg_aes.c
 2025-10-16 15:10:16 -05:00
David Garske
3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix 
wolfSSL_shutdown: handle non-blocking I/O
 2025-10-14 12:50:57 -07:00
Marco Oliverio
4280b52bff test: increase coverage for multiple wolfSSL_shutdown test 2025-10-14 10:05:11 +02:00
effbiae
7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem
af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Mattia Moffa
3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske
3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
David Garske
71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export 
Fix test_wolfSSL_tls_export
 2025-08-26 12:11:49 -07:00
Juliusz Sosinowicz
d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz
5934c1eece Fix test_wolfSSL_tls_export 
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
 2025-08-26 11:04:54 +02:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00