Sean Parkinson
5ad6097f15
Merge pull request #10168 from night1rider/zd-21534
...
Address bug fixes sent in by ZD 21534
2026-04-15 09:11:04 +10:00
Sean Parkinson
0b88017e20
Merge pull request #10181 from embhorn/zd21567
...
Fix ReqCertFromX509 to check bounds
2026-04-15 09:01:25 +10:00
Sean Parkinson
409b5fcf38
Merge pull request #10172 from embhorn/zd21568
...
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
Sean Parkinson
14ebd3d649
Merge pull request #10170 from embhorn/zd21566
...
Fix partial chain verification
2026-04-15 08:58:28 +10:00
David Garske
e3e95c0454
Merge pull request #10213 from SparkiDev/api_test_cipher_algs_2
...
Unit testing: Add Monte Carlo testing to ciphers
2026-04-14 13:05:08 -07:00
Eric Blankenhorn
68b3bbb16f
Fix from review
2026-04-14 07:47:29 -05:00
Eric Blankenhorn
2b503dae54
Fix from review
2026-04-14 07:41:30 -05:00
Eric Blankenhorn
a6fd25b94e
Fix partial chain verification
2026-04-14 07:25:11 -05:00
Sean Parkinson
59a17dd598
Unit testing: Add Monte Carlo testing to ciphers
...
Monte Carlo testing is randomized test data.
These new tests have random keys, IVs, nonce, etc and random data to
encrypt.
100 sets of random test data are encrypted and decrypted with a check to
ensure the input to encrypt is the same as the output of decrypt.
Tags are generated and checked in the calls to encrypt and decrypt.
2026-04-14 13:25:15 +10:00
Sean Parkinson
649a32fd6e
Merge pull request #10169 from embhorn/zd21565
...
Fix for peer cert verify with IP address
2026-04-14 08:21:23 +10:00
Eric Blankenhorn
33310010a9
Fix wolfSSL_sk_X509_OBJECT_deep_copy to check bounds
2026-04-13 17:02:51 -05:00
Eric Blankenhorn
863db50318
Fix word32 truncation and add true regression test for PKCS12 OOB read
2026-04-13 16:05:51 -05:00
Eric Blankenhorn
4cb016f434
Fix pkcs12 parse issue
2026-04-13 15:11:15 -05:00
David Garske
b17755b63f
Merge pull request #10164 from rizlik/bio
...
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske
a143369522
Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
...
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
night1rider
8cc02d8a8a
Add DH regression test and incremement ref counter tests to api.c
2026-04-13 11:32:51 -06:00
Zackery Backman
0ab5401edf
Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory.
2026-04-13 11:32:51 -06:00
Zackery Backman
b74731d878
Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation
2026-04-13 11:32:51 -06:00
Zackery Backman
3925804da6
Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation
2026-04-13 11:32:50 -06:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
Sean Parkinson
a50a5403a7
Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
...
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson
0434139967
Merge pull request #10186 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-13 09:18:46 +10:00
David Garske
3d4e929869
Merge pull request #10173 from SparkiDev/init_cert_sha1
...
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
Daniel Pouzzner
1b692b8063
fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331).
2026-04-12 12:07:33 -05:00
David Garske
ae0a3877ca
Merge pull request #10122 from miyazakh/f-1370_SigGetSize
...
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
Paul Adelsbach
6f7e5d030b
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-10 10:48:17 -07:00
Tobias Frauenschläger
b0763ea4d1
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-10 17:43:35 +02:00
Tobias Frauenschläger
062ef3e93b
Remove some duplicate CI tests
2026-04-10 12:50:24 +02:00
Sean Parkinson
b764aac074
API testing additions: cipher tests
...
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.
Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.
Added tests for:
- AES-EAX streaming
- AES-SIV
- Poly1305
- DES-CBC
2026-04-10 15:43:21 +10:00
Sean Parkinson
ecd925f10e
Initialize certificate: default to SHA-1 when necessary
...
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
Sean Parkinson
abfff1ec2f
Merge pull request #10167 from embhorn/zd21571
...
Fix ETM on resumption
2026-04-10 07:45:20 +10:00
Eric Blankenhorn
4d79d1efd9
Improve tests
2026-04-09 16:24:12 -05:00
David Garske
8059fbdbe8
Merge pull request #10129 from rlm2002/coverity_fix
...
03042026 Coverity tests fix
2026-04-09 13:35:36 -07:00
Eric Blankenhorn
31eb54f950
Fix from review
2026-04-09 11:32:47 -05:00
Eric Blankenhorn
191b827579
Fix from review
2026-04-09 10:14:45 -05:00
Eric Blankenhorn
b218b29403
Fix from review
2026-04-08 16:13:23 -05:00
Eric Blankenhorn
1e1e34ce8c
Fix for peer cert verify with IP address
2026-04-08 15:47:57 -05:00
Eric Blankenhorn
af5369636a
Fix ETM on resumption
2026-04-08 15:06:11 -05:00
Marco Oliverio
5107613025
bio: add tests
2026-04-08 18:49:40 +02:00
Marco Oliverio
7802a75acd
bio: various fixes and improvements
...
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read
* restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and
* ctrlCB checking
* return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails,
updated test to reflect this
* check arguments for NULL in wolfSSL_BIO_ADDR_size
* replace non-portable type long usigned int with size_t
* wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead
of WOLFSSL_FAILURE, return 0 when len is 0
* wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against
XBADFILE
* wolfSSL_BIO_ctrl: add NULL check on bio before switch
* wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking
* wolfSSL_BIO_gets: place null terminator after actual bytes read from
BIO_BIO nread
2026-04-08 18:49:40 +02:00
Ruby Martin
5e87b82dfa
initialize key and rng in test_DhAgree_rejects_p_minus_1()
2026-04-08 09:48:06 -06:00
Hideki Miyazaki
e3fd4cc24d
fix f-1370 key_len size check for void* in wc_SignatureGetSize
2026-04-08 17:07:42 +09:00
Daniel Pouzzner
750f3b119e
Merge pull request #10088 from anhu/new_various
...
Various security fixes and tests
2026-04-07 22:13:18 -05:00
Daniel Pouzzner
60d1e222b2
globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
...
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
JacobBarthelmeh
ad1cc4e87f
adjust test case return value check after rebase
2026-04-07 10:26:16 -06:00
Paul Adelsbach
c335f7dd6f
Remove UTF-8 chars
...
Get rid of weird character
Fix warning found by CI
Style changes
Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu
2e32094545
Add regression tests for fixes
2026-04-07 10:05:56 -06:00
JacobBarthelmeh
7aac9e5766
Merge pull request #10139 from philljj/fix_nightly_mem
...
Fix nightly mem
2026-04-07 09:08:01 -06:00
philljj
b5874a6d9e
Merge pull request #10132 from douzzer/20260404-default_rng_bank
...
20260404-default_rng_bank
2026-04-06 22:54:20 -05:00
Daniel Pouzzner
efe6ad4bd6
Merge pull request #10116 from Frauschi/zd21457
...
Additional fixes
2026-04-06 20:23:25 -05:00