WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,488 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

3096 Commits (8ee1f8f287710fe15150a06dc9b39296b9da8c9e)

Author SHA1 Message Date
jordan efd5405d0e coverity: fix check_after_deref, assignment_where_comparison_intended, uninit vars, return values, etc. 2025-05-05 13:18:29 -05:00
Sean Parkinson bb9f3c9f9d
Merge pull request #8698 from rlm2002/msys2 
adjust MSYS CI Build
 2025-04-29 09:03:58 +10:00
Ruby Martin a1cb6e5ba5 only test msys system, add buffer typecasts 2025-04-22 12:35:12 -06:00
JacobBarthelmeh 9da9817f89 move test case to the correct location for stub macro guard 2025-04-22 10:09:01 -06:00
JacobBarthelmeh 33da20c3ec revert BN_CTX_init stub for older applications 2025-04-22 09:22:40 -06:00
Daniel Pouzzner 543ba268a4
Merge pull request #8558 from julek-wolfssl/openssh-9.9-fix 
wolfSSL_EVP_PKEY_cmp: only compare the public keys
 2025-04-19 01:51:49 -05:00
Juliusz Sosinowicz 43c564d48b dtls13: send acks with correct record number order 2025-04-18 14:56:59 -05:00
Juliusz Sosinowicz 3f560036d6 dtls13: additional epoch checks 2025-04-17 18:18:01 +02:00
Juliusz Sosinowicz 257fd17ea4 fixup! wolfSSL_EVP_PKEY_cmp: only compare the public keys 2025-04-16 18:21:55 +02:00
Juliusz Sosinowicz 290dbaa18e wolfSSL_EVP_PKEY_cmp: only compare the public keys 2025-04-16 18:14:09 +02:00
Sean Parkinson 3ac05dea09 Regression test fixes 
dtls13.c: LowResTimer() not available when NO_ASN_TIME is defined.
api.c: Add certificate and key to use for when only Ed25519 or Ed448.
asn.c: Casts needed for g++ compile.
mem_track.c: Casts needed for g++ compile.
 2025-04-16 21:46:48 +10:00
Daniel Pouzzner 29dcf42309 src/internal.c, tests/api.c: add missing casts for C++ compatibility (fixes "invalid conversion" errors). 2025-04-11 09:33:20 -05:00
Daniel Pouzzner cfd93b1bd4 tests/api.c: fix error path uninited-data defects in test_wc_PKCS7_EncodeSignedData() (followup to bf95f80c6d, detected by valgrind). 2025-04-11 09:20:14 -05:00
David Garske 77692a814a
Merge pull request #8645 from JacobBarthelmeh/pkcs7_stream 
additional PKCS7 streaming test case
 2025-04-10 16:03:56 -07:00
David Garske 368dcf51af
Merge pull request #8612 from JacobBarthelmeh/pkcs8 
account for existing pkcs8 header
 2025-04-10 16:03:49 -07:00
David Garske e8656d0d22
Merge pull request #8616 from julek-wolfssl/zd/19589 
openssl compat: Push/pop to/from the end of the list object
 2025-04-10 16:02:23 -07:00
JacobBarthelmeh 3787dbde2b fix test case, set data chunk size to use 2025-04-09 09:48:50 -06:00
Juliusz Sosinowicz 56263d9577 fixup! Push/pop to/from the end of the list object 2025-04-09 14:40:00 +02:00
Juliusz Sosinowicz 5f13aebd5f Push/pop to/from the end of the list object 
The last object pushed should be visible in the highest index
 2025-04-09 14:40:00 +02:00
Juliusz Sosinowicz 7cbc71b024 Refactor *_push and *_pop compat API 2025-04-09 14:40:00 +02:00
Juliusz Sosinowicz f15ff6861c TLS EMS: Set haveEMS when we negotiate TLS 1.3 2025-04-09 14:36:34 +02:00
Juliusz Sosinowicz 2c585d73c8 Move extended master secret testing to test_tls_ext 2025-04-09 14:36:34 +02:00
JacobBarthelmeh fb6cbdd5be free PKCS7 struct at the end of test case for loop 2025-04-08 10:15:18 -06:00
JacobBarthelmeh 0171024c4b fix for typo in comments 2025-04-08 10:02:16 -06:00
JacobBarthelmeh bf95f80c6d additional PKCS7 streaming test case 2025-04-08 10:00:42 -06:00
Kareem 29ce716615 Add test case for parsing PKCS8 key with existing header. 2025-04-04 12:19:13 -06:00
Daniel Pouzzner cc223d1904 tests/api.c: in test_wolfSSL_TXT_DB(), fix -Wpointer-to-int-cast detected by building --host=x86_64-w64-mingw32. 2025-04-03 19:29:29 -05:00
Daniel Pouzzner a2eddc889f tests/api.c: fix double-free()s in test_wolfSSL_FPKI(). 2025-04-03 14:30:22 -05:00
Koji Takeda 71ebad1fc7 Add test 2025-04-03 22:20:55 +09:00
Kareem f313edb4cf Add a test certificate for all of the FPKI certificate policy OIDs. 2025-03-27 12:20:36 -07:00
Daniel Pouzzner 1e89002762 fix various -Wdeclaration-after-statements, and add 
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.

rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
  clarity and to fix a -Wdeclaration-after-statement.

also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
  (currently always zero) rather than void, for consistency.

configure.ac: fix Kyber/ML-KEM option setup.
 2025-03-21 15:46:44 -05:00
David Garske 9258fde02f
Merge pull request #8570 from wolfSSL/devin/1742405136-cipherType-to-string 
Add wolfSSL_EVP_CIPHER_type_string function and test
 2025-03-21 10:04:41 -07:00
David Garske 18ac695bb2
Merge pull request #8556 from SparkiDev/ech-config-control 
ECH: generate multiple configs and rotate echConfigs
 2025-03-20 17:05:43 -07:00
David Garske 86b01bddd8
Merge pull request #8428 from miyazakh/qt_jenkins 
Fix Qt Nightly Jenkins failure
 2025-03-20 17:03:03 -07:00
David Garske 7ba179f50f
Merge pull request #8560 from SparkiDev/test_api_c_split_1 
Split out tests: random, wolfmath, public key
 2025-03-20 16:42:41 -07:00
David Garske 01910a60aa
Merge pull request #8542 from anhu/dual_alg_crit_ext 
Allow critical alt and basic constraints extensions
 2025-03-20 16:15:42 -07:00
David Garske 2c36ae268f
Merge pull request #8536 from SparkiDev/kyber_to_mlkem 
Update Kyber APIs to ML-KEM APIs
 2025-03-20 11:07:53 -07:00
Devin AI ec00f780ec Rename parameter in wolfSSL_EVP_CIPHER_type_string and add test 
Co-Authored-By: lealem@wolfssl.com <lealem@wolfssl.com>
 2025-03-19 17:41:51 +00:00
Sean Parkinson 663ca29a5d Split out tests: random, wolfmath, public key 
Improved testing of random APIs.
wolfmath tests moved out.
Public key algorithm testing moved out: RSA, DSA, DH, ECC, SM2,
Curve25519, Ed25519, Curve448, Ed448, ML-DSA.
Signature API tests moved out.

Fix for OCSP testing to ensure RSA is available.

Added group names to API test cases.
Can select groups to run with --group <name>. --groups lists all known
group names.

Added option to stop API testing on first failure: --stopOnFail.
 2025-03-17 09:32:00 +10:00
Daniel Pouzzner bc7fbee539
Merge pull request #8528 from SparkiDev/digest_test_rework_2 
Digest tests: add more tests
 2025-03-14 16:11:42 -05:00
Daniel Pouzzner 87c0ac90b8 configure.ac: 
* sense assert.h and define WOLFSSL_HAVE_ASSERT_H accordingly.
* force off enable_aesgcm_stream if 32 bit armasm or riscv-asm (not yet implemented or buildable).
* add AM_CONDITIONAL([BUILD_CHACHA_NOASM, ...]) when --enable-chacha=noasm.

src/include.am: gate armasm/riscv_asm chacha files on !BUILD_CHACHA_NOASM.

tests/api.c: add missing HAVE_CHACHA&&HAVE_POLY1305 gate around test_TLSX_CA_NAMES_bad_extension().

wolfcrypt/src/chacha.c: tweak WOLFSSL_ARMASM and WOLFSSL_RISCV_ASM codepaths to also depend on !NO_CHACHA_ASM.

wolfssl/wolfcrypt/types.h: in setup for wc_static_assert(), #include <assert.h> if WOLFSSL_HAVE_ASSERT_H, >=C11, or >=C++11.
 2025-03-13 23:17:57 -05:00
Hideki Miyazaki a18ac7c3ec fix PRB test failure 2025-03-13 11:12:26 +09:00
Hideki Miyazaki b39c2206d7 modified client chain at server side 
added unit test
 2025-03-13 09:39:13 +09:00
Sean Parkinson 74454715ec ECH: generate multiple configs and rotate echConfigs 
Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs, add
functions to rotate the server's echConfigs.
 2025-03-13 10:24:53 +10:00
John Bland 8ff08740f8 Merge branch 'master' into ech-hello-retry 2025-03-10 03:37:27 -04:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Sean Parkinson e7ef3ab606 Digest tests: add more tests 
Add testing of MD2 and Md4.
Add more tests of functions in hash.c.
Reformat data to match what is output by PRINT_DATA macro.
 2025-03-10 08:13:06 +10:00
Daniel Pouzzner c3f24568ff
Merge pull request #8520 from JacobBarthelmeh/pkcs7_verify_stream 
PKCS7 verify and decode indefinite length support
 2025-03-07 18:47:30 -06:00
Daniel Pouzzner 27ed748867
Merge pull request #8504 from rlm2002/msys2 
Add MSYS2 build CI test
 2025-03-07 17:58:50 -06:00
Anthony Hu 6d6c5f520b unit tests 2025-03-07 18:30:41 -05:00
JacobBarthelmeh 8dd614430a clang-tidy fixes for test case 2025-03-07 16:04:57 -07:00
Anthony Hu f8506c3e04 Allow critical alt and basic constraints extensions 
Also properly track pathlen.
 2025-03-07 13:06:06 -05:00
JacobBarthelmeh 53fa4ffbaf conversion warning fixes 2025-03-07 11:03:12 -07:00
JacobBarthelmeh 624233fb98 update test case to account for NO_DES3 build and resolve clang tidy warnings 2025-03-05 16:28:26 -07:00
Sean Parkinson eaa61c2208 Test daul alg support: set before and after dates 
Must set before and after dates into certificate structure as creation
of certificate does not fill in those fields but uses the current time.
The current time may change by a second between signings.
 2025-03-05 16:15:55 +10:00
JacobBarthelmeh b75976692e spelling fix and code formatting 2025-03-04 14:31:23 -07:00
David Garske 9b16ed5da4
Merge pull request #8518 from lealem47/evp_update_null_cipher 
Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate
 2025-03-03 14:03:57 -08:00
Daniel Pouzzner 9c3816089c tests/api.c: disable test_wolfSSL_OCSP_parse_url() if WOLFSSL_SM2 || WOLFSSL_SM3. 2025-02-28 15:58:54 -06:00
JacobBarthelmeh 6020bf2368 initialize test variables and fix async build 2025-02-28 14:46:42 -07:00
JacobBarthelmeh ea387323c3 remove white space and add macro guard around test case 2025-02-28 14:23:25 -07:00
JacobBarthelmeh 7c6cd1deea passing a unit test 2025-02-28 14:23:24 -07:00
JacobBarthelmeh 1e254c014d application decryption successful 2025-02-28 14:23:24 -07:00
Lealem Amedie 22221e5007 Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate 2025-02-28 11:44:30 -07:00
Sean Parkinson 4f8a39cbcf
Merge pull request #8498 from rizlik/ocsp_fixes 
OCSP openssl compat fixes
 2025-02-28 13:42:50 +10:00
Daniel Pouzzner d63a180f95
Merge pull request #8513 from SparkiDev/api_c_split_ciphers 
Test api.c: split out MACs and ciphers
 2025-02-27 14:00:36 -06:00
Marco Oliverio 194db7e844 tests: gate ocsp test on SM2 || SM3 
we don't properly support SM2 and SM3 hash algo id properly yet
 2025-02-27 19:38:46 +00:00
Sean Parkinson 48300352c6 Test api.c: split out MACs and ciphers 2025-02-27 15:52:39 +10:00
David Garske 557abcf76a Support for STM32H7S (tested on NUCLEO-H7S3L8). It supports hardware crypto for RNG, Hash, AES and PKA. Added future config option for DTLS v1.3. Support DTLS v1.3 only reduce code size (tested with: `./configure --enable-dtls13 --enable-dtls --disable-tlsv12 CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE"`). 2025-02-26 14:00:48 -08:00
Ruby Martin 0c413e75c6 add environment matrix to msys workflow 2025-02-26 09:07:16 -07:00
Ruby Martin 439012dd57 adjust xfopen commands 2025-02-26 09:05:53 -07:00
Ruby Martin 57646a88ff check if clientfd != SOCKET_INVALID not 0, add check if USE_WINDOWS_API 
not defined
 2025-02-26 09:03:55 -07:00
Marco Oliverio 07c7b21b10 tests: api: fix test for d2i_CERT_ID refactor 2025-02-25 22:22:43 +00:00
Marco Oliverio 5eef98a5ea ocsp: add OCSP CERT ID encode/decode test 2025-02-25 22:22:43 +00:00
David Garske 3557cc764a
Merge pull request #8501 from SparkiDev/digest_test_rework 
Digest testing: improve
 2025-02-25 13:03:48 -08:00
David Garske f2c5b4e56a
Merge pull request #8500 from SparkiDev/evp_aes_gcm_test_fix 
test_wolfssl_EVP_aes_gcm: fix for mem fail testing
 2025-02-25 09:56:55 -08:00
David Garske bac6771828
Merge pull request #8499 from SparkiDev/crl_list_fix 
CRL: fix memory allocation failure leaks
 2025-02-25 09:54:55 -08:00
Reda Chouk 9178c53f79 Fix: Address and clean up code conversion in various files. 2025-02-25 11:17:58 +01:00
Sean Parkinson 6016cc0c97 Digest testing: improve 
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.

Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.

Add default digest size enums for Blake2b and Blake2s.
 2025-02-25 19:07:20 +10:00
Sean Parkinson 6f268c4369 CRL: fix memory allocation failure leaks 
On memory allocation failure, some functions were leaking memory.

Also add reference counting to CRL object so that a deep copy of a list
of CRLs doesn't leak memory.
The test was explicitly freeing each CRL in the list.
 2025-02-25 09:05:03 +10:00
Sean Parkinson ac1f25d6f4 test_wolfssl_EVP_aes_gcm: fix for mem fail testing 
Fix test to not leak when memory allocation failure testing.
When not supporting AES-GCM streaming, allocation failures occur.
Always call cleanup.
 2025-02-25 08:15:43 +10:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements 
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
 2025-02-20 08:14:15 +10:00
David Garske 268326d875
Merge pull request #8408 from rizlik/ocsp-resp-refactor 
OpenSSL Compat Layer: OCSP response improvments
 2025-02-19 11:20:12 -08:00
JacobBarthelmeh 373a7d462a
Merge pull request #8472 from SparkiDev/ed25519_fix_tests 
Ed25519: fix tests to compile with feature defines
 2025-02-19 09:53:10 -07:00
Sean Parkinson 331a713271 Ed25519: fix tests to compile with feature defines 
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
 2025-02-19 17:41:03 +10:00
Daniel Pouzzner 65f38df74d tests/api.c: refactor several C89-incompatible dynamically constructed arrays using static const. 2025-02-17 17:47:36 -06:00
Marco Oliverio 3e50c79c3b tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TESTS_DEP 2025-02-17 08:59:29 +00:00
Marco Oliverio eb7904b5e5 tests/api: expose test_ssl_memio functions 2025-02-17 08:59:29 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Juliusz Sosinowicz 68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
David Garske 846ba43a29
Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
Sean Parkinson bcd89b0592
Merge pull request #8388 from julek-wolfssl/BN_CTX_get 
Implement BN_CTX_get
 2025-02-12 08:08:58 +10:00
jordan 922cb73061 test_dual_alg_ecdsa_mldsa: fix decoded cert leak. 2025-02-11 10:58:03 -05:00
David Garske be5f203274
Merge pull request #8425 from philljj/ecdsa_mldsa_test_api 
dual alg: add ML-DSA test, and misc cleanup.
 2025-02-10 15:05:44 -08:00
David Garske ff41eee2e7
Merge pull request #8413 from SparkiDev/tests_api_digests 
API test: move digest functions out
 2025-02-10 14:51:19 -08:00
jordan 937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
David Garske c668a4e5a0
Merge pull request #8426 from SparkiDev/read_der_bio_small_data_fix 
Read DER BIO: fix for when BIO data is less than seq buffer size
 2025-02-06 16:21:42 -08:00
Sean Parkinson 3ff89f2cc2 API test: move digest functions out 
Move all api.c tests of wolfCrypt APIs that are for digests out into
separate files.
 2025-02-07 09:29:46 +10:00