From b6766106c85011e9c2e2d35137b62c8bea8743c7 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 17:15:44 -0700 Subject: [PATCH 1/6] Add documentation for Base16_Encode and Base64_Encode's behavior of adding a NULL terminator byte. Fixes #5602 --- doc/dox_comments/header_files/coding.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/dox_comments/header_files/coding.h b/doc/dox_comments/header_files/coding.h index 5cc5e4f18b..60677ab1d7 100644 --- a/doc/dox_comments/header_files/coding.h +++ b/doc/dox_comments/header_files/coding.h @@ -46,6 +46,8 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, traditional ā€˜\n’ line endings, instead of escaped %0A line endings. Upon successfully completing, this function also sets outLen to the number of bytes written to the output buffer. + If there is enough room in out to store an extra byte, a NULL terminator + will be added. This will NOT be included in outLen. \return 0 Returned upon successfully decoding the Base64 encoded input \return BAD_FUNC_ARG Returned if the output buffer is too small to @@ -203,6 +205,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen); \ingroup Base_Encoding \brief Encode input to base16 output. + If there is enough room in out to store an extra byte, a NULL terminator + will be added and included in outLen. \return 0 Success \return BAD_FUNC_ARG Returns if in, out, or outLen is null or if outLen is From 5b473f6b9bbf39274565d377cfb630c8a6b2651b Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 17:16:35 -0700 Subject: [PATCH 2/6] Add SSL_get_rfd and SSL_get_wfd. Fixes https://github.com/wolfSSL/wolfssl-nginx/issues/25. --- wolfssl/openssl/ssl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 6ebb3928ee..5b8175564e 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -346,6 +346,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_new wolfSSL_new #define SSL_set_fd wolfSSL_set_fd #define SSL_get_fd wolfSSL_get_fd +#define SSL_get_rfd wolfSSL_get_fd +#define SSL_get_wfd wolfSSL_get_wfd #define SSL_connect wolfSSL_connect #define SSL_clear wolfSSL_clear #define SSL_state wolfSSL_state From 7c4feb5e878277b3339d0f4ace6618055ebade9a Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 17:17:33 -0700 Subject: [PATCH 3/6] Improve the error message returned by BAD_KEY_SHARE_DATA. Fixes #9084. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 111eb9ffde..73cb6af816 100644 --- a/src/internal.c +++ b/src/internal.c @@ -26975,7 +26975,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return "Certificate context does not match request or not empty"; case BAD_KEY_SHARE_DATA: - return "The Key Share data contains group that wasn't in Client Hello"; + return "The Key Share data contains a group which is invalid"; case MISSING_HANDSHAKE_DATA: return "The handshake message is missing required data"; From ac985052041da76ce8213f9f1ad51da6ff085f7e Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 17:18:45 -0700 Subject: [PATCH 4/6] Document wolfSSL_CTX_set_default_passwd_cb and wolfSSL_CTX_set_default_passwd_cb_userdata. Fixes #6008. --- doc/dox_comments/header_files/ssl.h | 48 +++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 45aa187771..5bcadfde02 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -15936,3 +15936,51 @@ WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, */ int wolfSSL_get_sigalg_info(byte first, byte second, int* hashAlgo, int* sigAlgo); + +/*! + \brief This function will set the password callback in the provided CTX. + This callback is used when loading an encrypted cert or key which requires + a password. + + \param ctx a pointer to a WOLFSSL_CTX structure, created with + wolfSSL_CTX_new(). + \param cb a function pointer to (*wc_pem_password_cb) that is set to the + passwd_cb member of the WOLFSSL_CTX. + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) { + + } + … + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + \endcode + + \sa wolfSSL_CTX_set_default_passwd_cb_userdata +*/ +void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, + wc_pem_password_cb* cb); + +/*! + \brief This function will set the userdata argument to the passwd_userdata + member of the WOLFSSL_CTX structure. + This member is passed into the CTX's password callback when called. + + \param ctx a pointer to a WOLFSSL_CTX structure, created with + wolfSSL_CTX_new(). + \param userdata a pointer to userdata which is passed into the + password callback. + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + int data; + … + wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&data); + \endcode + + \sa wolfSSL_CTX_set_default_passwd_cb +*/ +void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, + void* userdata); \ No newline at end of file From adf38007f4e5caab10b41553564412b1cbab9ad0 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 19 Dec 2025 17:19:45 -0700 Subject: [PATCH 5/6] Document wolfSSL_CTX_New's behavior on failure around WOLFSSL_METHOD. Fixes #9517. --- doc/dox_comments/header_files/ssl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 5bcadfde02..fd615de98d 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -1742,6 +1742,7 @@ int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, \param method pointer to the desired WOLFSSL_METHOD to use for the SSL context. This is created using one of the wolfSSLvXX_XXXX_method() functions to specify SSL/TLS/DTLS protocol level. + This function frees the passed in WOLFSSL_METHOD struct on failure. _Example_ \code From fe45b749210afd581aceec3475b215a1242f11a6 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 22 Dec 2025 11:45:25 -0700 Subject: [PATCH 6/6] Add trailing newline back to ssl.h. --- doc/dox_comments/header_files/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index fd615de98d..1bbf5c8558 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -15984,4 +15984,4 @@ void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, \sa wolfSSL_CTX_set_default_passwd_cb */ void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, - void* userdata); \ No newline at end of file + void* userdata);