wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 10:02:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,780 Commits 12 Branches 184 Tags
478bfafea38e56a157b2ccc8ffccb399f453038e
Commit Graph

3644 Commits

Author SHA1 Message Date
Sean Parkinson
c925ba2fe1 Testing disabling various PK algs 
Fix api.c: disable test_EccSigFailure_cm and test_RsaSigFailure_cm when
the PK algorithm they use is disabled.
 2025-07-03 16:38:54 +10:00
Sean Parkinson
af05fa874f Unit Test: fix test case for memory allocation failure testing 
test_ocsp_basic_verify() not freeing and setting pointer to NULL. Second
free occuring on freed pointer.
 2025-07-02 09:27:25 +10:00
JacobBarthelmeh
77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2 
Memory allocation failure testing fixes
 2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests 
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
 2025-06-30 09:47:38 +02:00
Daniel Pouzzner
1127dabe98 Merge pull request #8926 from dgarske/various_20250625 
Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT
 2025-06-27 22:29:24 -05:00
Daniel Pouzzner
89148f98b0 Merge pull request #8921 from rlm2002/appleNativeCertTests 
Apple native cert tests code modifications
 2025-06-27 22:26:17 -05:00
Daniel Pouzzner
018ee9754f Merge pull request #8608 from anhu/2akid 
Check for duplicate extensions in a CRL
 2025-06-27 22:25:27 -05:00
David Garske
1db3dbcc28 Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. Workaround to avoid large WOLFSSL structure size with compatibility layer enabled (the struct WOLFSSL_X509 is over 5KB). Note: May investigate way to place into heap instead. Fix issues building compatibility layer without MD5. 2025-06-27 12:42:52 -07:00
Ruby Martin
0302dbcb31 rename .yml file for macos-apple-native-cert-validation 
WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION macro placement and comment adjustment
 2025-06-26 17:07:00 -06:00
Ruby Martin
9b6b41627e move CFErrorRef instantiation 
cleanup
 2025-06-26 09:06:01 -06:00
Ruby Martin
1321e00e45 set p2 to null before next iteration 2025-06-26 08:57:56 -06:00
Ruby Martin
79b6e62668 modify check domain test 
void code for unused variable warning

do not run check_domain_name test if ssl_verify_none has been set
 2025-06-26 08:39:32 -06:00
Ruby Martin
7c44f14e77 add apple test to github actions 2025-06-26 08:38:30 -06:00
Ruby Martin
d3b30f8d51 Check underlying error, want only maximum validity period error 
add apple test macros to tests requiring cert manager
 2025-06-26 08:38:28 -06:00
Brett
877bade216 additional debugging 2025-06-26 08:38:28 -06:00
Daniel Pouzzner
6bfd2632db Merge pull request #8917 from dgarske/various_20250623 
Fix for broken `test_wolfSSL_check_domain_basic`
 2025-06-25 22:15:02 -05:00
Sean Parkinson
f119086d3e Merge pull request #8918 from kojiws/fix_asn_integer_export 
Fix SetShortInt() not to export wrong DER
 2025-06-26 08:16:48 +10:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
JacobBarthelmeh
6cf3b51333 guard test that uses pipe from running with mingw 2025-06-24 17:21:24 -06:00
David Garske
5d7cb2ec07 Fix for new api.c test test_wolfSSL_check_domain_basic added in PR #8863 that fails with --disable-sys-ca-certs. 2025-06-24 08:25:01 -07:00
Anthony Hu
1dff76782b Check for duplicate extensions in a CRL 2025-06-24 11:10:18 -04:00
David Garske
978a29da0b Merge pull request #8898 from cconlon/getpidOptionsH 
Add HAVE_GETPID to options.h if getpid detected
 2025-06-23 17:11:55 -07:00
JacobBarthelmeh
9ee212cacc fix for free'ing memory with test case 2025-06-23 17:33:52 -06:00
David Garske
9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
David Garske
27176a5eeb Merge pull request #8870 from kareem-wolfssl/zd20030 
Various minor fixes.
 2025-06-18 08:55:07 -07:00
David Garske
7d77446964 Merge pull request #8882 from rizlik/dtls13_always_transmit_explicit_ack 
dtls13: always send ACKs on detected retransmission
 2025-06-17 11:35:07 -07:00
Kareem
7e4ec84124 Add macros for legacy get_digit functions for FIPS/selftest. 2025-06-17 10:12:06 -07:00
Kareem
9c9465aa23 Also account for selftest for mp_get_digit refactor. 2025-06-17 10:12:06 -07:00
Kareem
05aa4f5f08 Make mp_get_digit refactor FIPS friendly. 2025-06-17 10:12:06 -07:00
Kareem
e8c110d2ac Rename get_digit* to mp_get_digit* to avoid conflicts with other functions named get_digit. 2025-06-17 10:12:06 -07:00
Josh Holtrop
3bd9b2e0bc Add generation instructions for empty issuer cert and change expiry to 100 years 2025-06-16 11:39:01 -04:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
Marco Oliverio
509491f554 dtls13: wolfSSL_is_init_finished true after last server ACK 
Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
 2025-06-16 14:19:31 +02:00
Josh Holtrop
8bde5e6982 Fix printing empty names in certificates 
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
 2025-06-13 11:22:52 -04:00
David Garske
2fc1110a13 Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske
701e3ba64e Merge pull request #8808 from rlm2002/coverity 
Coverity: api.c fix
 2025-06-12 12:03:14 -07:00
David Garske
6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh
8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh
47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh
4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin
d0134f2212 coverity: address reuse after free, add NULL checks 2025-06-10 15:33:47 -06:00
Ruby Martin
a7a5062c7a add api test for checking domain name 
use SNI example.com in client ssl
 2025-06-10 15:22:01 -06:00
JacobBarthelmeh
eb3c324ea4 Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh
94f5948f20 Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Josh Holtrop
1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
JacobBarthelmeh
106bcb22d3 Merge pull request #8860 from LinuxJedi/tls13-trusted-ca 
Allow `trusted_ca_keys` with TLSv1.3
 2025-06-09 17:43:44 -06:00
Josh Holtrop
133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
Marco Oliverio
59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00