WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,515 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

109 Commits (master)

Author SHA1 Message Date
JacobBarthelmeh 94f5948f20
Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Sean Parkinson cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
JacobBarthelmeh 570c1fc390
Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
JacobBarthelmeh bfc55d9016
Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
Daniel Pouzzner 4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Juliusz Sosinowicz 736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz 0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37 a160ba1379 Supported_group unit test fix 2025-06-05 22:04:49 +02:00
JeremiahM37 9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
Juliusz Sosinowicz f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
Sean Parkinson 8ea01056c3
Merge pull request #8788 from julek-wolfssl/gh/8765 
tls13: handle malformed CCS and CCS before CH
 2025-05-28 09:45:09 +10:00
David Garske 6de7bb74ed
Merge pull request #8787 from julek-wolfssl/refactor-GetHandshakeHeader 
Refactor GetHandshakeHeader/GetHandShakeHeader into one
 2025-05-27 15:26:24 -07:00
Sean Parkinson 71a9e48701
Merge pull request #8801 from rlm2002/coverity 
coverity: misc changes to api.c
 2025-05-28 07:28:40 +10:00
Daniel Pouzzner 8179367412
Merge pull request #8798 from dgarske/mldsa_nosign 
Fix for ML-DSA with `WOLFSSL_DILITHIUM_NO_SIGN`
 2025-05-27 14:44:44 -05:00
Ruby Martin 2eddc32eed coverity: fix use after free, improper use of negative value, initialize src variable 2025-05-27 09:43:44 -06:00
Juliusz Sosinowicz 2ec6b92b41 tls13: handle malformed CCS and CCS before CH 
- fix incorrect alert type being sent
- error out when we receive a CCS before a CH
- error out when we receive an encrypted CCS
 2025-05-23 15:04:22 +02:00
Sean Parkinson 999641d9b1
Merge pull request #8642 from rizlik/dtls_no_span_records 
DTLS: drop records that span datagrams
 2025-05-23 14:57:24 +10:00
David Garske 607d7489bc Add no malloc support for Dilithium tests. Fixes for `WOLFSSL_DILITHIUM_NO_ASN1`. 2025-05-22 14:34:34 -07:00
David Garske d0085834cd Fix for ML-DSA with `WOLFSSL_DILITHIUM_NO_SIGN`. ZD 19948. 2025-05-22 12:36:46 -07:00
Ruby Martin a170624118 coverity: init dgst variable test_sha3.c 
improper use of neg val api.c

copy-paste error in test_wolfSSL_PEM_read_bio_ECPKParameters
 2025-05-21 08:29:44 -06:00
Juliusz Sosinowicz 5e7ef142e8 Refactor GetHandshakeHeader/GetHandShakeHeader into one 2025-05-20 13:23:14 +02:00
Marco Oliverio cbe1fb2c62 dtls: drop DTLS messages that span across datagrams 
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
 2025-05-19 10:28:13 +02:00
Marco Oliverio 23b73bb298 test_memio: preserve write boundaries in reads 2025-05-19 10:25:24 +02:00
Daniel Pouzzner 91af9073b0
Merge pull request #8777 from rizlik/dtls_reject_v11 
Drop DTLS packets with bogus minor version number
 2025-05-16 14:45:25 -05:00
Daniel Pouzzner e67536cb15
Merge pull request #8775 from rlm2002/coverity 
Coverity: address uninitialized scalar variable issues
 2025-05-16 14:44:38 -05:00
Daniel Pouzzner 77bebff341 fixes for armasm: 
configure.ac: set DEFAULT_ENABLED_ALL_ASM=no if FIPS <v6 and not on amd64 (i.e. if ARM);

tests/api/test_sha256.c: skip test_wc_Sha256_Flags() and test_wc_Sha224_Flags() if armasm and FIPS <v7;

wolfssl/wolfcrypt/settings.h: define WOLFSSL_SP_INT_DIGIT_ALIGN for ARM (needed on BE, and no effect on LE).
 2025-05-15 21:20:10 -05:00
Ruby Martin 2940a16c10 coverity: initialize variables for api.c, test_digest.h, and test_sha3.c 2025-05-15 16:55:34 -06:00
Marco Oliverio 22f41a8dbb Drop DTLS packets with bogus minor version number 2025-05-15 19:50:36 +02:00
Sean Parkinson 5e5f486a4c
Merge pull request #8732 from dgarske/stm32_hash_status 
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
 2025-05-07 20:56:18 +10:00
David Garske 25db14f50c Fix macro typo. 2025-05-06 10:42:09 -07:00
David Garske 0f4ce03c28 Fixes for `NO_AES_192` and `NO_AES_256`. Added CI test. Fixed bad BUILD_ logic for `ADH-AES256-GCM-SHA384`. 2025-05-05 14:36:36 -07:00
JacobBarthelmeh e233ead7f6 add macro guards for SHA3 test cases 2025-05-05 11:19:21 -06:00
Daniel Pouzzner bbbed009b2 tests/api/test_dtls.c: fix read of uninited data in test_dtls13_ack_order(). 2025-04-19 01:57:51 -05:00
Daniel Pouzzner 9e5c064d5d
Merge pull request #8679 from kojiws/keep_header_on_pkcs12_parse 
Add wc_PKCS12_parse_ex() to keep PKCS8 header
 2025-04-19 01:57:21 -05:00
Juliusz Sosinowicz 43c564d48b dtls13: send acks with correct record number order 2025-04-18 14:56:59 -05:00
Koji Takeda 2e02274be7 Add guard macro 2025-04-18 08:08:25 +09:00
Koji Takeda 039ff1b460 Add wc_PKCS12_parse_ex() 2025-04-18 06:39:16 +09:00
Juliusz Sosinowicz 3cba5c6dc1 fixup! dtls13: additional epoch checks 2025-04-17 18:18:01 +02:00
Juliusz Sosinowicz 3f560036d6 dtls13: additional epoch checks 2025-04-17 18:18:01 +02:00
Daniel Pouzzner 3fcd3cdb99 tests/api/test_mldsa.c: fix clang-analyzer-core.NullDereference in test_mldsa_pkcs8(). 2025-04-17 00:42:11 -05:00
Sean Parkinson 5e8d018ff7
Merge pull request #8659 from kojiws/improve_mldsa_priv_key_import 
Improve ML-DSA private key import and the test
 2025-04-16 18:21:00 +10:00
Koji Takeda c05c827d6b Add a space after if and for 2025-04-16 16:26:52 +09:00
Koji Takeda 1646a4b274 Reflect review 2025-04-16 13:46:39 +09:00
Daniel Pouzzner 6bf93c93d4
Merge pull request #8594 from julek-wolfssl/nss 
Implement AES-CTS in wolfCrypt
 2025-04-15 18:35:52 -05:00
Juliusz Sosinowicz e320b3c90d fixup! Implement AES-CTS in wolfCrypt 2025-04-14 17:45:34 +02:00
Koji Takeda a3862f0e59 Improve ML-DSA private key import 2025-04-11 16:28:54 +09:00
Juliusz Sosinowicz ab64597b62 fixup! Move extended master secret testing to test_tls_ext 2025-04-09 14:36:34 +02:00