wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 22:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,760 Commits 12 Branches 184 Tags
2ddd98927f29459ab76935faedec048a41b100b7
Commit Graph

3643 Commits

Author SHA1 Message Date
Sean Parkinson
af05fa874f Unit Test: fix test case for memory allocation failure testing 
test_ocsp_basic_verify() not freeing and setting pointer to NULL. Second
free occuring on freed pointer.
 2025-07-02 09:27:25 +10:00
JacobBarthelmeh
77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2 
Memory allocation failure testing fixes
 2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests 
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
 2025-06-30 09:47:38 +02:00
Daniel Pouzzner
1127dabe98 Merge pull request #8926 from dgarske/various_20250625 
Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT
 2025-06-27 22:29:24 -05:00
Daniel Pouzzner
89148f98b0 Merge pull request #8921 from rlm2002/appleNativeCertTests 
Apple native cert tests code modifications
 2025-06-27 22:26:17 -05:00
Daniel Pouzzner
018ee9754f Merge pull request #8608 from anhu/2akid 
Check for duplicate extensions in a CRL
 2025-06-27 22:25:27 -05:00
David Garske
1db3dbcc28 Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. Workaround to avoid large WOLFSSL structure size with compatibility layer enabled (the struct WOLFSSL_X509 is over 5KB). Note: May investigate way to place into heap instead. Fix issues building compatibility layer without MD5. 2025-06-27 12:42:52 -07:00
Ruby Martin
0302dbcb31 rename .yml file for macos-apple-native-cert-validation 
WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION macro placement and comment adjustment
 2025-06-26 17:07:00 -06:00
Ruby Martin
9b6b41627e move CFErrorRef instantiation 
cleanup
 2025-06-26 09:06:01 -06:00
Ruby Martin
1321e00e45 set p2 to null before next iteration 2025-06-26 08:57:56 -06:00
Ruby Martin
79b6e62668 modify check domain test 
void code for unused variable warning

do not run check_domain_name test if ssl_verify_none has been set
 2025-06-26 08:39:32 -06:00
Ruby Martin
7c44f14e77 add apple test to github actions 2025-06-26 08:38:30 -06:00
Ruby Martin
d3b30f8d51 Check underlying error, want only maximum validity period error 
add apple test macros to tests requiring cert manager
 2025-06-26 08:38:28 -06:00
Brett
877bade216 additional debugging 2025-06-26 08:38:28 -06:00
Daniel Pouzzner
6bfd2632db Merge pull request #8917 from dgarske/various_20250623 
Fix for broken `test_wolfSSL_check_domain_basic`
 2025-06-25 22:15:02 -05:00
Sean Parkinson
f119086d3e Merge pull request #8918 from kojiws/fix_asn_integer_export 
Fix SetShortInt() not to export wrong DER
 2025-06-26 08:16:48 +10:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
JacobBarthelmeh
6cf3b51333 guard test that uses pipe from running with mingw 2025-06-24 17:21:24 -06:00
David Garske
5d7cb2ec07 Fix for new api.c test test_wolfSSL_check_domain_basic added in PR #8863 that fails with --disable-sys-ca-certs. 2025-06-24 08:25:01 -07:00
Anthony Hu
1dff76782b Check for duplicate extensions in a CRL 2025-06-24 11:10:18 -04:00
David Garske
978a29da0b Merge pull request #8898 from cconlon/getpidOptionsH 
Add HAVE_GETPID to options.h if getpid detected
 2025-06-23 17:11:55 -07:00
JacobBarthelmeh
9ee212cacc fix for free'ing memory with test case 2025-06-23 17:33:52 -06:00
David Garske
9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
David Garske
27176a5eeb Merge pull request #8870 from kareem-wolfssl/zd20030 
Various minor fixes.
 2025-06-18 08:55:07 -07:00
David Garske
7d77446964 Merge pull request #8882 from rizlik/dtls13_always_transmit_explicit_ack 
dtls13: always send ACKs on detected retransmission
 2025-06-17 11:35:07 -07:00
Kareem
7e4ec84124 Add macros for legacy get_digit functions for FIPS/selftest. 2025-06-17 10:12:06 -07:00
Kareem
9c9465aa23 Also account for selftest for mp_get_digit refactor. 2025-06-17 10:12:06 -07:00
Kareem
05aa4f5f08 Make mp_get_digit refactor FIPS friendly. 2025-06-17 10:12:06 -07:00
Kareem
e8c110d2ac Rename get_digit* to mp_get_digit* to avoid conflicts with other functions named get_digit. 2025-06-17 10:12:06 -07:00
Josh Holtrop
3bd9b2e0bc Add generation instructions for empty issuer cert and change expiry to 100 years 2025-06-16 11:39:01 -04:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
Marco Oliverio
509491f554 dtls13: wolfSSL_is_init_finished true after last server ACK 
Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
 2025-06-16 14:19:31 +02:00
Josh Holtrop
8bde5e6982 Fix printing empty names in certificates 
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
 2025-06-13 11:22:52 -04:00
David Garske
2fc1110a13 Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske
701e3ba64e Merge pull request #8808 from rlm2002/coverity 
Coverity: api.c fix
 2025-06-12 12:03:14 -07:00
David Garske
6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh
8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh
47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh
4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin
d0134f2212 coverity: address reuse after free, add NULL checks 2025-06-10 15:33:47 -06:00
Ruby Martin
a7a5062c7a add api test for checking domain name 
use SNI example.com in client ssl
 2025-06-10 15:22:01 -06:00
JacobBarthelmeh
eb3c324ea4 Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh
94f5948f20 Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Josh Holtrop
1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
JacobBarthelmeh
106bcb22d3 Merge pull request #8860 from LinuxJedi/tls13-trusted-ca 
Allow `trusted_ca_keys` with TLSv1.3
 2025-06-09 17:43:44 -06:00
Josh Holtrop
133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
Marco Oliverio
59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Andrew Hutchings
5e6cb2b0b6 Allow trusted_ca_keys with TLSv1.3 
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
 2025-06-09 08:31:54 +01:00