wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 11:52:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,930 Commits 12 Branches 184 Tags
wolfEntropy2d
Commit Graph

3231 Commits

Author SHA1 Message Date
JacobBarthelmeh
3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
David Garske
6ff57b8045 Merge pull request #9419 from rlm2002/coverity 
Uninitialized variable fix
 2025-11-13 08:58:00 -08:00
Ruby Martin
b2336c57ce initialize ctype variable 2025-11-12 16:48:52 -07:00
Juliusz Sosinowicz
4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
Josh Holtrop
3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson
f376c8d910 Merge pull request #9388 from lealem47/scan_build 
Various fixes for nightly tests
 2025-11-07 09:30:08 +10:00
Lealem Amedie
08db159c5d Fixes for minor scan-build warnings 2025-11-05 21:27:06 -07:00
Marco Oliverio
6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Juliusz Sosinowicz
c14b1a0504 Validate cipher suite after HelloRetryRequest 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
 2025-10-29 13:14:50 +01:00
Daniel Pouzzner
8c60b7b250 src/internal.c and tests/api.c: fix clang-analyzer-core.NullPointerArithms. 2025-10-28 16:42:14 -05:00
Sean Parkinson
093cc04076 Stack API: Pull out implementation into separate file 
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
 2025-10-27 17:08:41 +10:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
night1rider
f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
night1rider
0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
Daniel Pouzzner
6ee660841b fixes/workarounds for -Wnull-dereferences, some true positive, some false 
positive:
* src/pk.c:wolfSSL_RSA_meth_new()
* tests/api.c:test_wolfSSL_PKCS7_certs()
* tests/api.c:test_wolfSSL_X509V3_EXT_get()
* wolfcrypt/src/asn.c:EncodeName()
* wolfcrypt/src/pkcs12.c:wc_i2d_PKCS12()
* wolfcrypt/src/port/af_alg/afalg_aes.c
 2025-10-16 15:10:16 -05:00
David Garske
3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix 
wolfSSL_shutdown: handle non-blocking I/O
 2025-10-14 12:50:57 -07:00
Marco Oliverio
4280b52bff test: increase coverage for multiple wolfSSL_shutdown test 2025-10-14 10:05:11 +02:00
effbiae
7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Kareem
af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Mattia Moffa
3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
David Garske
3e63bc68d4 Add support for enabling RSA private key to DER without keygen. ( new macro WOLFSSL_KEY_TO_DER) 2025-09-11 10:29:31 -07:00
David Garske
71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export 
Fix test_wolfSSL_tls_export
 2025-08-26 12:11:49 -07:00
Juliusz Sosinowicz
d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz
5934c1eece Fix test_wolfSSL_tls_export 
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
 2025-08-26 11:04:54 +02:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Kareem
623c593210 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_verify 2025-08-25 11:36:12 -07:00
Daniel Pouzzner
e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER; 
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
 2025-08-22 21:58:00 -05:00
Kareem
c2eeeafdbe Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-08-22 13:56:44 -07:00
JacobBarthelmeh
bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038 
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
 2025-08-22 14:43:46 -06:00
Kareem
4a067fa1bc Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it 
may be skipped, modifying the return code.
 2025-08-22 11:29:21 -07:00
Kareem
077beaecd8 Fix memory leak in unit test, fix for loop syntax. 2025-08-21 16:33:57 -07:00
Kareem
b53db94f1e x509_verify_cert: Code review feedback. 2025-08-21 15:35:29 -07:00
Kareem
cb985dcfa8 ECC required for newly added unit test. 2025-08-18 10:21:54 -07:00
Kareem
1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem
6b01053d98 Add test case for new x509_verify_cert retry functionality. 
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
 2025-08-18 10:21:53 -07:00