wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 23:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,780 Commits 12 Branches 184 Tags
478bfafea38e56a157b2ccc8ffccb399f453038e
Commit Graph

3129 Commits

Author SHA1 Message Date
Sean Parkinson
c925ba2fe1 Testing disabling various PK algs 
Fix api.c: disable test_EccSigFailure_cm and test_RsaSigFailure_cm when
the PK algorithm they use is disabled.
 2025-07-03 16:38:54 +10:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Daniel Pouzzner
1127dabe98 Merge pull request #8926 from dgarske/various_20250625 
Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT
 2025-06-27 22:29:24 -05:00
Daniel Pouzzner
89148f98b0 Merge pull request #8921 from rlm2002/appleNativeCertTests 
Apple native cert tests code modifications
 2025-06-27 22:26:17 -05:00
Daniel Pouzzner
018ee9754f Merge pull request #8608 from anhu/2akid 
Check for duplicate extensions in a CRL
 2025-06-27 22:25:27 -05:00
David Garske
1db3dbcc28 Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. Workaround to avoid large WOLFSSL structure size with compatibility layer enabled (the struct WOLFSSL_X509 is over 5KB). Note: May investigate way to place into heap instead. Fix issues building compatibility layer without MD5. 2025-06-27 12:42:52 -07:00
Ruby Martin
0302dbcb31 rename .yml file for macos-apple-native-cert-validation 
WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION macro placement and comment adjustment
 2025-06-26 17:07:00 -06:00
Ruby Martin
9b6b41627e move CFErrorRef instantiation 
cleanup
 2025-06-26 09:06:01 -06:00
Ruby Martin
1321e00e45 set p2 to null before next iteration 2025-06-26 08:57:56 -06:00
Ruby Martin
79b6e62668 modify check domain test 
void code for unused variable warning

do not run check_domain_name test if ssl_verify_none has been set
 2025-06-26 08:39:32 -06:00
Ruby Martin
7c44f14e77 add apple test to github actions 2025-06-26 08:38:30 -06:00
Ruby Martin
d3b30f8d51 Check underlying error, want only maximum validity period error 
add apple test macros to tests requiring cert manager
 2025-06-26 08:38:28 -06:00
Brett
877bade216 additional debugging 2025-06-26 08:38:28 -06:00
Daniel Pouzzner
6bfd2632db Merge pull request #8917 from dgarske/various_20250623 
Fix for broken `test_wolfSSL_check_domain_basic`
 2025-06-25 22:15:02 -05:00
Sean Parkinson
f119086d3e Merge pull request #8918 from kojiws/fix_asn_integer_export 
Fix SetShortInt() not to export wrong DER
 2025-06-26 08:16:48 +10:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
JacobBarthelmeh
6cf3b51333 guard test that uses pipe from running with mingw 2025-06-24 17:21:24 -06:00
David Garske
5d7cb2ec07 Fix for new api.c test test_wolfSSL_check_domain_basic added in PR #8863 that fails with --disable-sys-ca-certs. 2025-06-24 08:25:01 -07:00
Anthony Hu
1dff76782b Check for duplicate extensions in a CRL 2025-06-24 11:10:18 -04:00
David Garske
978a29da0b Merge pull request #8898 from cconlon/getpidOptionsH 
Add HAVE_GETPID to options.h if getpid detected
 2025-06-23 17:11:55 -07:00
JacobBarthelmeh
9ee212cacc fix for free'ing memory with test case 2025-06-23 17:33:52 -06:00
David Garske
9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
David Garske
7d77446964 Merge pull request #8882 from rizlik/dtls13_always_transmit_explicit_ack 
dtls13: always send ACKs on detected retransmission
 2025-06-17 11:35:07 -07:00
Josh Holtrop
3bd9b2e0bc Add generation instructions for empty issuer cert and change expiry to 100 years 2025-06-16 11:39:01 -04:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
Marco Oliverio
509491f554 dtls13: wolfSSL_is_init_finished true after last server ACK 
Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
 2025-06-16 14:19:31 +02:00
Josh Holtrop
8bde5e6982 Fix printing empty names in certificates 
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
 2025-06-13 11:22:52 -04:00
David Garske
2fc1110a13 Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske
701e3ba64e Merge pull request #8808 from rlm2002/coverity 
Coverity: api.c fix
 2025-06-12 12:03:14 -07:00
David Garske
6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh
8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh
47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh
4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin
d0134f2212 coverity: address reuse after free, add NULL checks 2025-06-10 15:33:47 -06:00
Ruby Martin
a7a5062c7a add api test for checking domain name 
use SNI example.com in client ssl
 2025-06-10 15:22:01 -06:00
JacobBarthelmeh
eb3c324ea4 Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh
94f5948f20 Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
Josh Holtrop
1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
Josh Holtrop
133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
Koji Takeda
0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio
c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Josh Holtrop
10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
JacobBarthelmeh
9ffca6b39c Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
JacobBarthelmeh
45306e9378 Merge pull request #8845 from rlm2002/coverityTests 
Coverity: test adjustments and variable checks
 2025-06-06 11:29:56 -06:00
JacobBarthelmeh
570c1fc390 Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
JacobBarthelmeh
bfc55d9016 Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
JacobBarthelmeh
3ecc58cc0e Merge pull request #8842 from julek-wolfssl/zd/19966 
ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING
 2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz
736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz
0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz
761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00