Commit Graph

4464 Commits

Author SHA1 Message Date
Mattia Moffa 99d1c80bde Add regression test 2026-04-13 22:25:15 +02:00
Eric Blankenhorn 4cb016f434 Fix pkcs12 parse issue 2026-04-13 15:11:15 -05:00
Eric Blankenhorn ff7a32d022 Fix TLSX_EchChangeSNI to check hostname length 2026-04-13 14:53:06 -05:00
David Garske b17755b63f Merge pull request #10164 from rizlik/bio
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske a143369522 Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
night1rider 8cc02d8a8a Add DH regression test and incremement ref counter tests to api.c 2026-04-13 11:32:51 -06:00
Zackery Backman 0ab5401edf Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory. 2026-04-13 11:32:51 -06:00
Zackery Backman b74731d878 Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation 2026-04-13 11:32:51 -06:00
Zackery Backman 3925804da6 Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation 2026-04-13 11:32:50 -06:00
David Garske c36beba9b7 Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
Jeremiah Mackey 0525301b75 test non-block-aligned CBC input rejected 2026-04-13 16:19:30 +00:00
Juliusz Sosinowicz 3e74f841d0 Add tests for BN_bn2binpad with zero output length 2026-04-13 15:50:26 +02:00
Juliusz Sosinowicz a4632ea508 Add BN_bn2binpad API and enable OpenVPN master CI testing 2026-04-13 15:35:40 +02:00
Sean Parkinson a50a5403a7 Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson 0434139967 Merge pull request #10186 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-13 09:18:46 +10:00
David Garske 3d4e929869 Merge pull request #10173 from SparkiDev/init_cert_sha1
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
Daniel Pouzzner 1b692b8063 fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331). 2026-04-12 12:07:33 -05:00
David Garske ae0a3877ca Merge pull request #10122 from miyazakh/f-1370_SigGetSize
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
Anthony Hu 6377ed03ce better gating. 2026-04-10 14:27:48 -04:00
Paul Adelsbach 6f7e5d030b Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit 2026-04-10 10:48:17 -07:00
Anthony Hu ce226a8ad7 Fix bad merge in tests 2026-04-10 12:15:04 -04:00
Tobias Frauenschläger b0763ea4d1 Error out in case of unknown extensions in response message in TLS 1.3 2026-04-10 17:43:35 +02:00
Anthony Hu 573ff92d13 test improvement 2026-04-10 11:17:45 -04:00
Anthony Hu 599d02e1e7 Add bounds checks for MP integer size in SizeASN_Items 2026-04-10 11:17:45 -04:00
Tobias Frauenschläger 062ef3e93b Remove some duplicate CI tests 2026-04-10 12:50:24 +02:00
Sean Parkinson b764aac074 API testing additions: cipher tests
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.

Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.

Added tests for:
 - AES-EAX streaming
 - AES-SIV
 - Poly1305
 - DES-CBC
2026-04-10 15:43:21 +10:00
Sean Parkinson ecd925f10e Initialize certificate: default to SHA-1 when necessary
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
Sean Parkinson abfff1ec2f Merge pull request #10167 from embhorn/zd21571
Fix ETM on resumption
2026-04-10 07:45:20 +10:00
Eric Blankenhorn 4d79d1efd9 Improve tests 2026-04-09 16:24:12 -05:00
David Garske 8059fbdbe8 Merge pull request #10129 from rlm2002/coverity_fix
03042026 Coverity tests fix
2026-04-09 13:35:36 -07:00
Anthony Hu 7336ed7cee Fixes ZD 19760
Before this fix, the certificates were not getting into the certificate manager.
This makes sure they are going in.
2026-04-09 13:09:17 -04:00
Eric Blankenhorn 31eb54f950 Fix from review 2026-04-09 11:32:47 -05:00
Eric Blankenhorn 191b827579 Fix from review 2026-04-09 10:14:45 -05:00
Eric Blankenhorn b218b29403 Fix from review 2026-04-08 16:13:23 -05:00
Eric Blankenhorn 1e1e34ce8c Fix for peer cert verify with IP address 2026-04-08 15:47:57 -05:00
Eric Blankenhorn af5369636a Fix ETM on resumption 2026-04-08 15:06:11 -05:00
Marco Oliverio 5107613025 bio: add tests 2026-04-08 18:49:40 +02:00
Marco Oliverio 7802a75acd bio: various fixes and improvements
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read
* restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and
* ctrlCB checking
* return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails,
  updated test to reflect this
* check arguments for NULL in wolfSSL_BIO_ADDR_size
* replace non-portable type long usigned int with size_t
* wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead
  of WOLFSSL_FAILURE, return 0 when len is 0
* wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against
  XBADFILE
* wolfSSL_BIO_ctrl: add NULL check on bio before switch
* wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking
* wolfSSL_BIO_gets: place null terminator after actual bytes read from
  BIO_BIO nread
2026-04-08 18:49:40 +02:00
Ruby Martin 5e87b82dfa initialize key and rng in test_DhAgree_rejects_p_minus_1() 2026-04-08 09:48:06 -06:00
Hideki Miyazaki e3fd4cc24d fix f-1370 key_len size check for void* in wc_SignatureGetSize 2026-04-08 17:07:42 +09:00
Daniel Pouzzner 750f3b119e Merge pull request #10088 from anhu/new_various
Various security fixes and tests
2026-04-07 22:13:18 -05:00
Aidan Garske bf03de6b6d Add WC_NO_ERR_TRACE 2026-04-07 15:30:14 -07:00
Aidan Garske 921f32f52e F-2193 - Add negative test for ASCON AEAD128 authentication tag verification 2026-04-07 12:52:04 -07:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
JacobBarthelmeh ad1cc4e87f adjust test case return value check after rebase 2026-04-07 10:26:16 -06:00
Paul Adelsbach c335f7dd6f Remove UTF-8 chars
Get rid of weird character

Fix warning found by CI

Style changes

Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu 2e32094545 Add regression tests for fixes 2026-04-07 10:05:56 -06:00
JacobBarthelmeh 7aac9e5766 Merge pull request #10139 from philljj/fix_nightly_mem
Fix nightly mem
2026-04-07 09:08:01 -06:00
philljj b5874a6d9e Merge pull request #10132 from douzzer/20260404-default_rng_bank
20260404-default_rng_bank
2026-04-06 22:54:20 -05:00
Daniel Pouzzner efe6ad4bd6 Merge pull request #10116 from Frauschi/zd21457
Additional fixes
2026-04-06 20:23:25 -05:00