WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,300 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

3051 Commits (devin/1747238512-add-ssl-remove-session)

Author SHA1 Message Date
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Sean Parkinson e7ef3ab606 Digest tests: add more tests 
Add testing of MD2 and Md4.
Add more tests of functions in hash.c.
Reformat data to match what is output by PRINT_DATA macro.
 2025-03-10 08:13:06 +10:00
Daniel Pouzzner c3f24568ff
Merge pull request #8520 from JacobBarthelmeh/pkcs7_verify_stream 
PKCS7 verify and decode indefinite length support
 2025-03-07 18:47:30 -06:00
Daniel Pouzzner 27ed748867
Merge pull request #8504 from rlm2002/msys2 
Add MSYS2 build CI test
 2025-03-07 17:58:50 -06:00
Anthony Hu 6d6c5f520b unit tests 2025-03-07 18:30:41 -05:00
JacobBarthelmeh 8dd614430a clang-tidy fixes for test case 2025-03-07 16:04:57 -07:00
Anthony Hu f8506c3e04 Allow critical alt and basic constraints extensions 
Also properly track pathlen.
 2025-03-07 13:06:06 -05:00
JacobBarthelmeh 53fa4ffbaf conversion warning fixes 2025-03-07 11:03:12 -07:00
JacobBarthelmeh 624233fb98 update test case to account for NO_DES3 build and resolve clang tidy warnings 2025-03-05 16:28:26 -07:00
Sean Parkinson eaa61c2208 Test daul alg support: set before and after dates 
Must set before and after dates into certificate structure as creation
of certificate does not fill in those fields but uses the current time.
The current time may change by a second between signings.
 2025-03-05 16:15:55 +10:00
JacobBarthelmeh b75976692e spelling fix and code formatting 2025-03-04 14:31:23 -07:00
David Garske 9b16ed5da4
Merge pull request #8518 from lealem47/evp_update_null_cipher 
Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate
 2025-03-03 14:03:57 -08:00
Daniel Pouzzner 9c3816089c tests/api.c: disable test_wolfSSL_OCSP_parse_url() if WOLFSSL_SM2 || WOLFSSL_SM3. 2025-02-28 15:58:54 -06:00
JacobBarthelmeh 6020bf2368 initialize test variables and fix async build 2025-02-28 14:46:42 -07:00
JacobBarthelmeh ea387323c3 remove white space and add macro guard around test case 2025-02-28 14:23:25 -07:00
JacobBarthelmeh 7c6cd1deea passing a unit test 2025-02-28 14:23:24 -07:00
JacobBarthelmeh 1e254c014d application decryption successful 2025-02-28 14:23:24 -07:00
Lealem Amedie 22221e5007 Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate 2025-02-28 11:44:30 -07:00
Sean Parkinson 4f8a39cbcf
Merge pull request #8498 from rizlik/ocsp_fixes 
OCSP openssl compat fixes
 2025-02-28 13:42:50 +10:00
Daniel Pouzzner d63a180f95
Merge pull request #8513 from SparkiDev/api_c_split_ciphers 
Test api.c: split out MACs and ciphers
 2025-02-27 14:00:36 -06:00
Marco Oliverio 194db7e844 tests: gate ocsp test on SM2 || SM3 
we don't properly support SM2 and SM3 hash algo id properly yet
 2025-02-27 19:38:46 +00:00
Sean Parkinson 48300352c6 Test api.c: split out MACs and ciphers 2025-02-27 15:52:39 +10:00
David Garske 557abcf76a Support for STM32H7S (tested on NUCLEO-H7S3L8). It supports hardware crypto for RNG, Hash, AES and PKA. Added future config option for DTLS v1.3. Support DTLS v1.3 only reduce code size (tested with: `./configure --enable-dtls13 --enable-dtls --disable-tlsv12 CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE"`). 2025-02-26 14:00:48 -08:00
Ruby Martin 0c413e75c6 add environment matrix to msys workflow 2025-02-26 09:07:16 -07:00
Ruby Martin 439012dd57 adjust xfopen commands 2025-02-26 09:05:53 -07:00
Ruby Martin 57646a88ff check if clientfd != SOCKET_INVALID not 0, add check if USE_WINDOWS_API 
not defined
 2025-02-26 09:03:55 -07:00
Marco Oliverio 07c7b21b10 tests: api: fix test for d2i_CERT_ID refactor 2025-02-25 22:22:43 +00:00
Marco Oliverio 5eef98a5ea ocsp: add OCSP CERT ID encode/decode test 2025-02-25 22:22:43 +00:00
David Garske 3557cc764a
Merge pull request #8501 from SparkiDev/digest_test_rework 
Digest testing: improve
 2025-02-25 13:03:48 -08:00
David Garske f2c5b4e56a
Merge pull request #8500 from SparkiDev/evp_aes_gcm_test_fix 
test_wolfssl_EVP_aes_gcm: fix for mem fail testing
 2025-02-25 09:56:55 -08:00
David Garske bac6771828
Merge pull request #8499 from SparkiDev/crl_list_fix 
CRL: fix memory allocation failure leaks
 2025-02-25 09:54:55 -08:00
Reda Chouk 9178c53f79 Fix: Address and clean up code conversion in various files. 2025-02-25 11:17:58 +01:00
Sean Parkinson 6016cc0c97 Digest testing: improve 
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.

Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.

Add default digest size enums for Blake2b and Blake2s.
 2025-02-25 19:07:20 +10:00
Sean Parkinson 6f268c4369 CRL: fix memory allocation failure leaks 
On memory allocation failure, some functions were leaking memory.

Also add reference counting to CRL object so that a deep copy of a list
of CRLs doesn't leak memory.
The test was explicitly freeing each CRL in the list.
 2025-02-25 09:05:03 +10:00
Sean Parkinson ac1f25d6f4 test_wolfssl_EVP_aes_gcm: fix for mem fail testing 
Fix test to not leak when memory allocation failure testing.
When not supporting AES-GCM streaming, allocation failures occur.
Always call cleanup.
 2025-02-25 08:15:43 +10:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements 
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
 2025-02-20 08:14:15 +10:00
David Garske 268326d875
Merge pull request #8408 from rizlik/ocsp-resp-refactor 
OpenSSL Compat Layer: OCSP response improvments
 2025-02-19 11:20:12 -08:00
JacobBarthelmeh 373a7d462a
Merge pull request #8472 from SparkiDev/ed25519_fix_tests 
Ed25519: fix tests to compile with feature defines
 2025-02-19 09:53:10 -07:00
Sean Parkinson 331a713271 Ed25519: fix tests to compile with feature defines 
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
 2025-02-19 17:41:03 +10:00
Daniel Pouzzner 65f38df74d tests/api.c: refactor several C89-incompatible dynamically constructed arrays using static const. 2025-02-17 17:47:36 -06:00
Marco Oliverio 3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Juliusz Sosinowicz 68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
David Garske 846ba43a29
Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
Sean Parkinson bcd89b0592
Merge pull request #8388 from julek-wolfssl/BN_CTX_get 
Implement BN_CTX_get
 2025-02-12 08:08:58 +10:00
jordan 922cb73061 test_dual_alg_ecdsa_mldsa: fix decoded cert leak. 2025-02-11 10:58:03 -05:00
David Garske be5f203274
Merge pull request #8425 from philljj/ecdsa_mldsa_test_api 
dual alg: add ML-DSA test, and misc cleanup.
 2025-02-10 15:05:44 -08:00
David Garske ff41eee2e7
Merge pull request #8413 from SparkiDev/tests_api_digests 
API test: move digest functions out
 2025-02-10 14:51:19 -08:00
jordan 937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
David Garske c668a4e5a0
Merge pull request #8426 from SparkiDev/read_der_bio_small_data_fix 
Read DER BIO: fix for when BIO data is less than seq buffer size
 2025-02-06 16:21:42 -08:00
Sean Parkinson 3ff89f2cc2 API test: move digest functions out 
Move all api.c tests of wolfCrypt APIs that are for digests out into
separate files.
 2025-02-07 09:29:46 +10:00
Sean Parkinson ae8b8c4164 Read DER BIO: fix for when BIO data is less than seq buffer size 
wolfssl_read_der_bio did not not handle the length to be read from the
BIO being less than the size of the sequence buffer.
 2025-02-07 08:46:49 +10:00
Daniel Pouzzner 6f044c577f tests/api.c: add a missed "#ifdef WOLFSSL_ATOMIC_INITIALIZER" in test_AEAD_limit_server(). 2025-02-06 16:32:54 -06:00
jordan 3df616ae58 dual alg: small cleanup. 2025-02-06 15:57:13 -05:00
jordan 035d4022fb dual alg: add ML-DSA test, and misc cleanup. 2025-02-06 15:50:37 -05:00
Daniel Pouzzner 40e3f03795 tests/api.c: fix data races in test_wolfSSL_CTX_add_session_ctx_ready() using a mutex, and in test_wolfSSL_dtls_AEAD_limit() using a mutex, an atomic integer, and a volatile attribute. 
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_ATOMIC_LOAD() and WOLFSSL_ATOMIC_STORE() definitions.
 2025-02-06 00:55:44 -06:00
David Garske 345c969164 Fixes for Watcom compiler and new CI test 
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
 2025-02-04 12:38:52 -08:00
Juliusz Sosinowicz 8b7b9636aa Remove BN_CTX_init as its no longer in OpenSSL for a long time 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz 841d13e81c Implement BN_CTX_get 2025-02-04 16:37:21 +01:00
Eric Blankenhorn b488af1d34 Fix compat layer ASN1_TIME_diff to accept NULL output params 2025-01-31 15:55:35 -06:00
JacobBarthelmeh 4891d1c471
Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing 
Add support for parsing trusted PEM certs
 2025-01-31 10:53:51 -07:00
Colton Willey a0950e97f5 Add tests for trusted certificate banner 2025-01-30 14:42:41 -08:00
Daniel Pouzzner 3a6b33c180 tests/api.c and wolfcrypt/benchmark/benchmark.c: fixes for building with HAVE_FFDHE_3072 and/or HAVE_FFDHE_4096 but without HAVE_FFDHE_2048. 2025-01-30 15:02:02 -06:00
Juliusz Sosinowicz e4b7a53191 api: make sure len doesn't overrun the input buffer 2025-01-30 18:01:51 +01:00
Juliusz Sosinowicz 2865b0c79b api: check fd values as recv and send can't take in negative fd 2025-01-30 18:01:10 +01:00
Juliusz Sosinowicz d91141fe05 api: pass in sizeof(tmp) instead of 1024 to attempt to satisfy Coverity 2025-01-30 18:00:32 +01:00
Juliusz Sosinowicz bcde4bdebb ascon: move tests to api.c and introduce framework to split up api.c 2025-01-29 15:50:00 +01:00
David Garske ed390e472d
Merge pull request #8373 from julek-wolfssl/libimobiledevice-1.3.0 
Changes for libimobiledevice 860ffb
 2025-01-27 07:52:06 -08:00
Juliusz Sosinowicz 89aba661fc Changes for libimobiledevice 860ffb 2025-01-27 12:56:49 +01:00
David Garske ba88a6454c
Merge pull request #8331 from julek-wolfssl/bind-9.18.28 
Bind 9.18.28 fixes
 2025-01-24 11:37:26 -08:00
JacobBarthelmeh 69be9aa211 fix to not stomp on sz with XOF function, restore comment, remove early XFREE call 2025-01-24 11:40:53 -07:00
JacobBarthelmeh 52975150d4 add macro guard for shak128 to test case 2025-01-23 23:14:50 -07:00
JacobBarthelmeh d2d664b4cc adjust test cases for different builds 2025-01-23 23:02:34 -07:00
JacobBarthelmeh 9b04a4f8d1 account for correct return value of cipher stack push and clSuite use case after rebase 2025-01-23 17:47:24 -07:00
JacobBarthelmeh 286b9b672b increase test coverage 2025-01-23 16:30:08 -07:00
JacobBarthelmeh 2812baf5a9 fix for memory leak with new wolfSSL_get_client_ciphers function 2025-01-23 16:30:08 -07:00
JacobBarthelmeh 49c515ac58 add some unit test cases 2025-01-23 16:30:08 -07:00
JacobBarthelmeh 28bed8d634 fix for SN (short name) of digests to match expected values 2025-01-23 16:30:07 -07:00
JacobBarthelmeh c6974a921d fix for return values of write_ex/read_ex, propogate PARAMS, handle CRL with load_verify_locations, fix for get verified/unverified chain 2025-01-23 16:30:07 -07:00
David Garske f61d276f3b
Merge pull request #8362 from JacobBarthelmeh/copyright 
update copyright date to 2025
 2025-01-21 16:23:49 -08:00
JacobBarthelmeh d94c043b09 misc. spelling fixes 2025-01-21 16:18:28 -07:00
David Garske 5df6989eab
Merge pull request #8350 from embhorn/zd19220 
Check r and s len before copying
 2025-01-21 10:36:54 -08:00
JacobBarthelmeh a4c58614b9
Merge pull request #8324 from julek-wolfssl/ntp-4.2.8p17 
ntp 4.2.8p17 additions
 2025-01-21 10:02:23 -08:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Eric Blankenhorn 9c4ef7cd30 Use BUFFER_E instead of ASN_PARSE_E when buffer is too small 2025-01-20 08:40:36 -06:00
Eric Blankenhorn 462aa5bec6 Exclude new test for FIPS 2025-01-10 16:47:13 -06:00
Daniel Pouzzner 7cd2fd3617 numerous fixes for memory errors reported by clang-tidy, most of them true positives, unmasked by CPPFLAGS=-DNO_WOLFSSL_MEMORY: clang-analyzer-unix.Malloc, clang-analyzer-core.NullDereference, clang-analyzer-core.uninitialized.Assign, clang-analyzer-core.UndefinedBinaryOperatorResult, and clang-analyzer-optin.portability.UnixAPI (re malloc(0)). 
several fixes for defects reported by cppcheck:

wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;

wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
 2025-01-10 14:30:42 -06:00
Eric Blankenhorn 53831d0f32 Add test 2025-01-10 10:06:14 -06:00
Daniel Pouzzner 27c37b245f tests/api.c: in test_dtls12_basic_connection_id(), add cast to fix a -Wformat on size_t j when building -m32. 2025-01-07 16:51:30 -06:00
Juliusz Sosinowicz 40500e4f2b fixup! Implement wolfSSL_X509_STORE_set_default_paths 2025-01-07 10:56:34 +01:00
David Garske d6440be4a9 Fix for SSL_set_mtu -> wolfSSL_set_mtu_compat return code. Update comment for `wolfSSL_is_init_finished` indicating it works for TLS and DTLS. 2025-01-03 10:10:37 -08:00
Juliusz Sosinowicz 3cb2bb3759 OBJ_sn2nid: use correct short names 2024-12-31 12:50:04 +01:00
jordan c71392bb7e coverity: correct lock message, check fd value. 2024-12-24 16:31:16 -06:00
JacobBarthelmeh 2409971b14
Merge pull request #8224 from julek-wolfssl/dtls-server-demux 
DTLS: Add server side stateless and CID QoL API
 2024-12-23 10:01:01 -07:00
Daniel Pouzzner 5ef4732745
Merge pull request #8299 from JacobBarthelmeh/cert_regen 
end of year test certificate renewal
 2024-12-20 17:41:33 -06:00
Daniel Pouzzner 9d3e477b63 src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID). 
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
 2024-12-20 17:24:13 -06:00