wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 23:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,172 Commits 12 Branches 184 Tags
ffbcd4f86c728556394e66512c8b9c689ecbfa0f
Commit Graph

144 Commits

Author SHA1 Message Date
Josh Holtrop
98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Sean Parkinson
0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn 
Improve original implementation on SetAsymKeyDer() and the test
 2025-08-18 22:11:25 +10:00
Koji Takeda
0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
David Garske
d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Daniel Pouzzner
e24f76bb1e Merge pull request #9057 from SparkiDev/mldsa_x64_asm 
ML-DSA/Dilithium: Intel x64 ASM
 2025-08-11 23:12:44 -05:00
Juliusz Sosinowicz
0d532cc3f2 Test DTLS replay protection 2025-08-07 19:52:05 +02:00
Sean Parkinson
648a057147 ML-DSA/Dilithium: Intel x64 ASM 
Optimize code knowing it is for Intel x64.
Change signing to calculate one polynomial at a time so that if it isn't
valid then we fail early.
Other minor improvements.
Move the SHA-3 4 blocks at a time assembly into SHA-3 asm file.
Make constants in assembly the same length (front pad with zeros).
 2025-08-07 14:01:50 +10:00
David Garske
1693f72af7 Fixes for issues copilot found. 2025-08-05 07:22:04 -07:00
Sean Parkinson
b40e3d479f api.c: split out more tests into separate files 
wolfCrypt PKCS7
wolfCrypt PKCS12
OpenSSL compat ASN.1
OpenSSL compat BN
OpenSSL comppat BIO
OpenSSL comppat Digest
OpenSSL comppat MAC
OpenSSL comppat Cipher
OpenSSL comppat RSA
OpenSSL comppat DH
OpenSSL comppat EC
OpenSSL comppat ECX
OpenSSL comppat DSA
 2025-08-05 19:32:56 +10:00
Koji Takeda
2891815965 Fix errors on #9000 2025-07-31 16:04:22 +09:00
Koji Takeda
09deacbe8f Revert "Merge pull request #9045 from douzzer/20250730-revert-PR9000" 
This reverts commit 70af2be5ab, reversing
changes made to 46347173b2.
 2025-07-31 14:14:51 +09:00
Daniel Pouzzner
26806cda7b Revert "Support importing seed of ML-DSA key" 
This reverts commit a82d1a6b12.
 2025-07-30 15:39:57 -05:00
Daniel Pouzzner
d0bf9c4b3c Revert "Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE" 
This reverts commit bbcdfe92e0.
 2025-07-30 15:39:53 -05:00
Koji Takeda
bbcdfe92e0 Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE 2025-07-28 21:46:28 +09:00
Koji Takeda
a82d1a6b12 Support importing seed of ML-DSA key 2025-07-28 21:46:28 +09:00
JacobBarthelmeh
c25efcee92 Merge pull request #9028 from dgarske/md5_sha1 
Fixes for building with MD5 and SHA1 to support Hash `WC_HASH_TYPE_MD5_SHA`
 2025-07-24 10:41:22 -06:00
David Garske
6aabc73845 Merge pull request #9018 from holtrop/decode-skp 
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
 2025-07-23 16:01:58 -07:00
David Garske
551ff3f1b6 Fixes for building with MD5 and SHA1 to support Hash WC_HASH_TYPE_MD5_SHA. ZD 20269. 2025-07-23 15:59:08 -07:00
Josh Holtrop
15c8730ef7 Use wc_ prefix for IndexSequenceOf() 2025-07-22 14:50:42 -04:00
Josh Holtrop
77bace5010 Update style per code review comments 2025-07-22 14:47:22 -04:00
JacobBarthelmeh
98c70fb77e fix mldsa test case for buffer size and expire date 2025-07-21 15:15:31 -06:00
Josh Holtrop
06d86af67c Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects 2025-07-19 18:28:06 -04:00
JacobBarthelmeh
629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson
e649e1047f API test ASN: must not have NO_ASN defined 
Add testing of PSK only to workflows.
 2025-07-07 16:24:10 +10:00
Sean Parkinson
af05fa874f Unit Test: fix test case for memory allocation failure testing 
test_ocsp_basic_verify() not freeing and setting pointer to NULL. Second
free occuring on freed pointer.
 2025-07-02 09:27:25 +10:00
JacobBarthelmeh
77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2 
Memory allocation failure testing fixes
 2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests 
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
 2025-06-30 09:47:38 +02:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
David Garske
27176a5eeb Merge pull request #8870 from kareem-wolfssl/zd20030 
Various minor fixes.
 2025-06-18 08:55:07 -07:00
Kareem
7e4ec84124 Add macros for legacy get_digit functions for FIPS/selftest. 2025-06-17 10:12:06 -07:00
Kareem
9c9465aa23 Also account for selftest for mp_get_digit refactor. 2025-06-17 10:12:06 -07:00
Kareem
05aa4f5f08 Make mp_get_digit refactor FIPS friendly. 2025-06-17 10:12:06 -07:00
Kareem
e8c110d2ac Rename get_digit* to mp_get_digit* to avoid conflicts with other functions named get_digit. 2025-06-17 10:12:06 -07:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
JacobBarthelmeh
94f5948f20 Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Marco Oliverio
59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Marco Oliverio
c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
JacobBarthelmeh
570c1fc390 Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
JacobBarthelmeh
bfc55d9016 Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
Daniel Pouzzner
4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Juliusz Sosinowicz
736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz
0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz
761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37
a160ba1379 Supported_group unit test fix 2025-06-05 22:04:49 +02:00
JeremiahM37
9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
Juliusz Sosinowicz
f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
Sean Parkinson
8ea01056c3 Merge pull request #8788 from julek-wolfssl/gh/8765 
tls13: handle malformed CCS and CCS before CH
 2025-05-28 09:45:09 +10:00
David Garske
6de7bb74ed Merge pull request #8787 from julek-wolfssl/refactor-GetHandshakeHeader 
Refactor GetHandshakeHeader/GetHandShakeHeader into one
 2025-05-27 15:26:24 -07:00