WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,488 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

3096 Commits (8ee1f8f287710fe15150a06dc9b39296b9da8c9e)

Author SHA1 Message Date
JacobBarthelmeh 8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
JacobBarthelmeh eb3c324ea4
Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh 94f5948f20
Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Josh Holtrop 1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
Josh Holtrop 133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Josh Holtrop 10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
JacobBarthelmeh 9ffca6b39c
Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
JacobBarthelmeh 45306e9378
Merge pull request #8845 from rlm2002/coverityTests 
Coverity: test adjustments and variable checks
 2025-06-06 11:29:56 -06:00
JacobBarthelmeh 570c1fc390
Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
JacobBarthelmeh bfc55d9016
Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
JacobBarthelmeh 3ecc58cc0e
Merge pull request #8842 from julek-wolfssl/zd/19966 
ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING
 2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz 736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz 0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37 9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
Ruby Martin a413be1984 remove null assignment, add null check 2025-06-05 12:25:50 -06:00
Juliusz Sosinowicz f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
Chris Conlon e51702043f
Merge pull request #8837 from BridgerVoss/code_cov 
Unit test for Dh.c code coverage
 2025-06-05 09:37:42 -06:00
Chris Conlon a17b3b4985
Merge pull request #8831 from JeremiahM37/UnitTest 
Unit test for wolfcrypt pkcs12 file to improve code coverage
 2025-06-05 09:30:48 -06:00
Koji Takeda 1f78923590 Add a test for mixture of algorithms 2025-06-05 09:26:44 +09:00
JeremiahM37 a6580d3916 Unit test for wolfcrypt pkcs12 file to improve code coverage 2025-06-04 16:01:35 -06:00
Bridger Voss 80c6ac141a Unit test for Dh.c wc_DhSetNamedKey code coverage 2025-06-04 15:48:52 -06:00
Sebastian Carpenter a29d12fd3f WOLFSSL_ASN_ALLOW_0_SERIAL not handled in make check 
test_MakeCertWith0Ser needed an extra #define check for WOLFSSL_ASN_ALLOW_0_SERIAL. Previously, it was validating that a 0 serial should not work -> now it validates that a 0 serial does work.
 2025-06-04 12:21:41 -06:00
Koji Takeda 7c33096398 Support PBE_AES256_CBC and PBE_AES128_CBC cert encryption on wc_PKCS12_create() 2025-06-04 16:43:30 +09:00
Sean Parkinson 8ea01056c3
Merge pull request #8788 from julek-wolfssl/gh/8765 
tls13: handle malformed CCS and CCS before CH
 2025-05-28 09:45:09 +10:00
Ruby Martin 2eddc32eed coverity: fix use after free, improper use of negative value, initialize src variable 2025-05-27 09:43:44 -06:00
Juliusz Sosinowicz 2ec6b92b41 tls13: handle malformed CCS and CCS before CH 
- fix incorrect alert type being sent
- error out when we receive a CCS before a CH
- error out when we receive an encrypted CCS
 2025-05-23 15:04:22 +02:00
Sean Parkinson 999641d9b1
Merge pull request #8642 from rizlik/dtls_no_span_records 
DTLS: drop records that span datagrams
 2025-05-23 14:57:24 +10:00
Daniel Pouzzner b06a921697 tests/api.c: add missing NO_SHA gates in test_wc_PKCS12_create(). 2025-05-22 14:56:31 -05:00
Sean Parkinson 85a4e34705
Merge pull request #8782 from kojiws/support_aes_cbc_pkcs12_export 
Support PBE_AES(256|128)_CBC key encryptions on wc_PKCS12_create()
 2025-05-22 08:39:11 +10:00
Ruby Martin a170624118 coverity: init dgst variable test_sha3.c 
improper use of neg val api.c

copy-paste error in test_wolfSSL_PEM_read_bio_ECPKParameters
 2025-05-21 08:29:44 -06:00
Koji Takeda 3666851589 Support PBE_AES256_CBC and PBE_AES128_CBC key encryption on wc_PKCS12_create() 2025-05-19 22:26:46 +09:00
Marco Oliverio cbe1fb2c62 dtls: drop DTLS messages that span across datagrams 
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
 2025-05-19 10:28:13 +02:00
Marco Oliverio 23b73bb298 test_memio: preserve write boundaries in reads 2025-05-19 10:25:24 +02:00
Daniel Pouzzner 91af9073b0
Merge pull request #8777 from rizlik/dtls_reject_v11 
Drop DTLS packets with bogus minor version number
 2025-05-16 14:45:25 -05:00
Daniel Pouzzner e67536cb15
Merge pull request #8775 from rlm2002/coverity 
Coverity: address uninitialized scalar variable issues
 2025-05-16 14:44:38 -05:00
Ruby Martin 2940a16c10 coverity: initialize variables for api.c, test_digest.h, and test_sha3.c 2025-05-15 16:55:34 -06:00
Marco Oliverio 22f41a8dbb Drop DTLS packets with bogus minor version number 2025-05-15 19:50:36 +02:00
Anthony Hu a613fc28d6 Allow tests to build with opensslall and no server. 2025-05-15 11:18:15 -04:00
Brett Nicholas 2151a1b8a1 review comments 2025-05-12 11:43:56 -06:00
Brett Nicholas 79f214f73c add new X509 API: wc_Exportx509PubKeyWithSpki 2025-05-09 14:40:20 -06:00
David Garske 1e3718ea7b
Merge pull request #8655 from SparkiDev/asn1_oid_update 
ASN.1 OIDs and sum: Change algorithm for sum
 2025-05-07 11:43:54 -07:00
Sean Parkinson 5e5f486a4c
Merge pull request #8732 from dgarske/stm32_hash_status 
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
 2025-05-07 20:56:18 +10:00
Sean Parkinson 112351667a ASN.1 OIDs and sum: Change algorithm for sum 
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
 2025-05-07 08:32:08 +10:00
David Garske 219902149e Fix issue with api.c `test_wolfSSL_OBJ` and `./certs/test-servercert.p12` that uses DES3 and AES-CBC-256. 2025-05-05 15:55:00 -07:00
David Garske 0f4ce03c28 Fixes for `NO_AES_192` and `NO_AES_256`. Added CI test. Fixed bad BUILD_ logic for `ADH-AES256-GCM-SHA384`. 2025-05-05 14:36:36 -07:00