Commit Graph

3276 Commits

Author SHA1 Message Date
Paul Adelsbach 08c1397cc1 Enable 8 combined OCSP and URLs instead of 1 of each 2026-02-04 11:04:46 -08:00
Paul Adelsbach aa020f39c4 Extend AIA interface 2026-02-02 08:48:40 -08:00
JacobBarthelmeh a6316114bd Merge pull request #9716 from SparkiDev/regression_fixes_22
Regression test fixes
2026-01-27 22:07:50 -07:00
Sean Parkinson eb2fb4a9ce Merge pull request #9699 from anhu/downg
Add cipher suite filtering when downgrade is disabled
2026-01-28 08:59:06 +10:00
Sean Parkinson bc9e37118e Regression test fixes
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
JacobBarthelmeh f7b5f00973 Merge pull request #9710 from rlm2002/xChaCha20_Poly1305_unitTest
Unit test updates for XChacha20-Poly1305
2026-01-27 13:56:16 -07:00
JacobBarthelmeh 4f84be8e66 Merge pull request #9715 from dgarske/rsa_key_parsing
Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support
2026-01-27 13:11:14 -07:00
Anthony Hu 3aa758c615 renegotiation indication changes number of ciphersuites so gate on that 2026-01-27 12:57:31 -05:00
Anthony Hu 9a53125794 Simplify testing gating logic. 2026-01-27 11:19:50 -05:00
David Garske c8fa1e915b Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support. 2026-01-26 16:06:05 -08:00
Ruby Martin 38cb14f2a9 add API unit test for XChacha20-Poly1305
Expand XChacha20-Poly1305 unit test
2026-01-26 15:33:35 -07:00
David Garske eeaa3a7160 Merge pull request #9596 from kareem-wolfssl/zd19378
Add a runtime option to enable or disable the secure renegotiation check.
2026-01-26 08:34:57 -08:00
Anthony Hu d6985a6ee3 AES-GCM guard. 2026-01-23 16:23:44 -05:00
Anthony Hu 2616fe3ff1 Better guards around tests 2026-01-22 22:17:59 -05:00
Sean Parkinson 27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13
Add support for TLS 1.3 Brainpool curves
2026-01-23 10:42:32 +10:00
Kareem d60dd53165 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19378 2026-01-22 15:37:30 -07:00
Tobias Frauenschläger eb8ba6124e Support TLS 1.3 ECC Brainpool authentication
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
2026-01-22 14:14:09 +01:00
Anthony Hu d088fee72c Add cipher suite filtering when downgrade is disabled
When wolfSSL_SetVersion() is called to set a specific TLS version,
the downgrade flag is now set to 0. This causes wolfSSL_parse_cipher_list()
to no longer preserve cipher suites from the other TLS version group.

Previously, when using SSLv23 method and setting cipher suites for only
one TLS version (e.g., TLS 1.2), the library would preserve any existing
cipher suites from the other version (e.g., TLS 1.3) for OpenSSL API
compatibility. With this change, if a specific version is set via
wolfSSL_SetVersion(), only the cipher suites for that version are kept.
2026-01-21 18:01:01 -05:00
Kareem 832bcd7f4b Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20850 2026-01-20 15:59:05 -07:00
Chris Conlon 0f395a5f9d Fix memory management in wolfssl_dns_entry_othername_to_gn() and
wolfSSL_X509_get_ext_d2i() for otherName SAN handling, add ASN_RID_TYPE case to wolfSSL_X509_get_ext_d2i()
2026-01-19 16:39:33 -07:00
Daniel Pouzzner 9aabef04ba Merge pull request #9641 from SparkiDev/api_c_split_evp
API testing: split out more test cases
2026-01-16 14:58:15 -06:00
Sean Parkinson 43d831ff06 API testing: split out more test cases
EVP into test_evp_cipher, test_evp_digest, test_evp_pkey and test_evp.
OBJ into test_ossl_obj.
OpenSSL RAND into test_ossl_rand.
OpenSSL PKCS7 and PKCS12 tests into test_ossl_p7p12.
CertificateManager into test_certman.

Move some BIO tests from api.c into test_evp_bio.c.

Fix line lengths.
2026-01-13 06:34:49 +10:00
Sean Parkinson ce69f1cec0 Merge pull request #9635 from miyazakh/x509errstr_handling
Fix OpenSSL error code handling in ERR_reason_error_string()
2026-01-12 08:57:17 +10:00
Hideki Miyazaki 0e8af03f1d OpenSSL error code handling in reason_error_string 2026-01-10 13:50:08 +09:00
Hideki Miyazaki d052128830 addressed review comments 2026-01-09 09:01:14 +09:00
Hideki Miyazaki 08876e278a Fix CRL Number hex string buffer overflow in CRL parser 2026-01-08 17:25:19 +09:00
Fabian Keil 21f35137a1 tests: Unbreak the build on FreeBSD-based systems
... by using the same additional includes as on Linux.

Fixes:

      CC       tests/api/unit_test-test_rsa.o
    tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
     19554 |         waitpid(pid, &waitstatus, 0);
	   |         ^

Tested on ElectroBSD amd64 14.3-STABLE.
2025-12-31 14:48:06 +01:00
Kareem ddb2fb628e Add a runtime option to enable or disable the secure renegotation check. 2025-12-30 13:19:04 -07:00
Anthony Hu 48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
Kareem d09b5ee1f1 Add duplicate entry error to distinguish cases where a duplicate CRL is rejected. 2025-12-26 12:02:35 -07:00
David Garske 57ef8a7caf Merge pull request #9574 from anhu/dtls_guard
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
Anthony Hu 40327b7fe3 Binary consts to hexidecimal. C2X feature. 2025-12-23 14:45:36 -05:00
night1rider afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
JacobBarthelmeh d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362
Check KeyShare after HRR
2025-12-19 14:36:31 -07:00
Daniel Pouzzner 33fc601011 tweaks from PRBs results:
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
2025-12-17 11:01:11 -06:00
Daniel Pouzzner 918b6973bd tests/api.c: in test_wolfSSL_dtls_stateless_HashWOLFSSL(), when WOLFSSL_SMALL_STACK_CACHE, omit ssl->hsHashes from the comparison (init-time heap pointers destabilize its bit signature). 2025-12-17 11:01:10 -06:00
Juliusz Sosinowicz f61bfd7805 Check KeyShare after HRR 2025-12-17 10:27:04 +01:00
Ruby Martin 27b5ac9f84 sanitize loop bound in tls_multi_handshakes_one_record() unit test
add additional check for breaking while loop
2025-12-12 14:18:25 -07:00
Daniel Pouzzner 38d5dc6c7a Merge pull request #9510 from embhorn/gh7981
Fix test when ECH and harden are enabled
2025-12-11 13:07:29 -06:00
Daniel Pouzzner 3e8c6811c7 Merge pull request #9518 from SparkiDev/api_c_split_3
api.c: Split out more functions
2025-12-11 13:06:58 -06:00
Daniel Pouzzner f07e379d6d Merge pull request #9456 from anhu/test_inits
Initialize test variables; avoid false warnings.
2025-12-11 12:40:44 -06:00
Sean Parkinson b4b617de49 api.c: Split out more functions
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
2025-12-11 19:00:19 +10:00
Sean Parkinson 0b2fb66af6 api.c: Split out more functions
wolfSSL_PEM, wolfSSL_X509, wolfSSL_X509_NAME, wolfSSL_X509_PUBKEY API
testing moved out to separate files.
2025-12-11 15:32:09 +10:00
Eric Blankenhorn 8053e8f9b3 Fix test when ECH and harden are enabled 2025-12-10 08:14:59 -06:00
Anthony Hu cf8b729bae Initialize test variables; avoid false warnings. 2025-11-21 11:59:07 -05:00
JacobBarthelmeh 3f441ef1a5 update tests after certificate renewal 2025-11-14 14:45:37 -07:00
David Garske 6ff57b8045 Merge pull request #9419 from rlm2002/coverity
Uninitialized variable fix
2025-11-13 08:58:00 -08:00
Ruby Martin b2336c57ce initialize ctype variable 2025-11-12 16:48:52 -07:00
Juliusz Sosinowicz 4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
Josh Holtrop 3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00