wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 08:02:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,993 Commits 12 Branches 184 Tags
e9292e301f620ff60d57caa253e71dbfc12bc6aa
Commit Graph

131 Commits

Author SHA1 Message Date
Koji Takeda
bbcdfe92e0 Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE 2025-07-28 21:46:28 +09:00
Koji Takeda
a82d1a6b12 Support importing seed of ML-DSA key 2025-07-28 21:46:28 +09:00
JacobBarthelmeh
c25efcee92 Merge pull request #9028 from dgarske/md5_sha1 
Fixes for building with MD5 and SHA1 to support Hash `WC_HASH_TYPE_MD5_SHA`
 2025-07-24 10:41:22 -06:00
David Garske
6aabc73845 Merge pull request #9018 from holtrop/decode-skp 
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
 2025-07-23 16:01:58 -07:00
David Garske
551ff3f1b6 Fixes for building with MD5 and SHA1 to support Hash WC_HASH_TYPE_MD5_SHA. ZD 20269. 2025-07-23 15:59:08 -07:00
Josh Holtrop
15c8730ef7 Use wc_ prefix for IndexSequenceOf() 2025-07-22 14:50:42 -04:00
Josh Holtrop
77bace5010 Update style per code review comments 2025-07-22 14:47:22 -04:00
JacobBarthelmeh
98c70fb77e fix mldsa test case for buffer size and expire date 2025-07-21 15:15:31 -06:00
Josh Holtrop
06d86af67c Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects 2025-07-19 18:28:06 -04:00
JacobBarthelmeh
629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson
e649e1047f API test ASN: must not have NO_ASN defined 
Add testing of PSK only to workflows.
 2025-07-07 16:24:10 +10:00
Sean Parkinson
af05fa874f Unit Test: fix test case for memory allocation failure testing 
test_ocsp_basic_verify() not freeing and setting pointer to NULL. Second
free occuring on freed pointer.
 2025-07-02 09:27:25 +10:00
JacobBarthelmeh
77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2 
Memory allocation failure testing fixes
 2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests 
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
 2025-06-30 09:47:38 +02:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
David Garske
27176a5eeb Merge pull request #8870 from kareem-wolfssl/zd20030 
Various minor fixes.
 2025-06-18 08:55:07 -07:00
Kareem
7e4ec84124 Add macros for legacy get_digit functions for FIPS/selftest. 2025-06-17 10:12:06 -07:00
Kareem
9c9465aa23 Also account for selftest for mp_get_digit refactor. 2025-06-17 10:12:06 -07:00
Kareem
05aa4f5f08 Make mp_get_digit refactor FIPS friendly. 2025-06-17 10:12:06 -07:00
Kareem
e8c110d2ac Rename get_digit* to mp_get_digit* to avoid conflicts with other functions named get_digit. 2025-06-17 10:12:06 -07:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
JacobBarthelmeh
94f5948f20 Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Marco Oliverio
59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Marco Oliverio
c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
JacobBarthelmeh
570c1fc390 Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
JacobBarthelmeh
bfc55d9016 Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
Daniel Pouzzner
4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Juliusz Sosinowicz
736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz
0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz
761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37
a160ba1379 Supported_group unit test fix 2025-06-05 22:04:49 +02:00
JeremiahM37
9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
Juliusz Sosinowicz
f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
Sean Parkinson
8ea01056c3 Merge pull request #8788 from julek-wolfssl/gh/8765 
tls13: handle malformed CCS and CCS before CH
 2025-05-28 09:45:09 +10:00
David Garske
6de7bb74ed Merge pull request #8787 from julek-wolfssl/refactor-GetHandshakeHeader 
Refactor GetHandshakeHeader/GetHandShakeHeader into one
 2025-05-27 15:26:24 -07:00
Sean Parkinson
71a9e48701 Merge pull request #8801 from rlm2002/coverity 
coverity: misc changes to api.c
 2025-05-28 07:28:40 +10:00
Daniel Pouzzner
8179367412 Merge pull request #8798 from dgarske/mldsa_nosign 
Fix for ML-DSA with `WOLFSSL_DILITHIUM_NO_SIGN`
 2025-05-27 14:44:44 -05:00
Ruby Martin
2eddc32eed coverity: fix use after free, improper use of negative value, initialize src variable 2025-05-27 09:43:44 -06:00
Juliusz Sosinowicz
2ec6b92b41 tls13: handle malformed CCS and CCS before CH 
- fix incorrect alert type being sent
- error out when we receive a CCS before a CH
- error out when we receive an encrypted CCS
 2025-05-23 15:04:22 +02:00
Sean Parkinson
999641d9b1 Merge pull request #8642 from rizlik/dtls_no_span_records 
DTLS: drop records that span datagrams
 2025-05-23 14:57:24 +10:00
David Garske
607d7489bc Add no malloc support for Dilithium tests. Fixes for WOLFSSL_DILITHIUM_NO_ASN1. 2025-05-22 14:34:34 -07:00
David Garske
d0085834cd Fix for ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. ZD 19948. 2025-05-22 12:36:46 -07:00
Ruby Martin
a170624118 coverity: init dgst variable test_sha3.c 
improper use of neg val api.c

copy-paste error in test_wolfSSL_PEM_read_bio_ECPKParameters
 2025-05-21 08:29:44 -06:00
Juliusz Sosinowicz
5e7ef142e8 Refactor GetHandshakeHeader/GetHandShakeHeader into one 2025-05-20 13:23:14 +02:00
Marco Oliverio
cbe1fb2c62 dtls: drop DTLS messages that span across datagrams 
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
 2025-05-19 10:28:13 +02:00
Marco Oliverio
23b73bb298 test_memio: preserve write boundaries in reads 2025-05-19 10:25:24 +02:00
Daniel Pouzzner
91af9073b0 Merge pull request #8777 from rizlik/dtls_reject_v11 
Drop DTLS packets with bogus minor version number
 2025-05-16 14:45:25 -05:00
Daniel Pouzzner
e67536cb15 Merge pull request #8775 from rlm2002/coverity 
Coverity: address uninitialized scalar variable issues
 2025-05-16 14:44:38 -05:00