Mattia Moffa
99d1c80bde
Add regression test
2026-04-13 22:25:15 +02:00
Eric Blankenhorn
4cb016f434
Fix pkcs12 parse issue
2026-04-13 15:11:15 -05:00
Eric Blankenhorn
ff7a32d022
Fix TLSX_EchChangeSNI to check hostname length
2026-04-13 14:53:06 -05:00
David Garske
b17755b63f
Merge pull request #10164 from rizlik/bio
...
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske
a143369522
Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
...
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
night1rider
8cc02d8a8a
Add DH regression test and incremement ref counter tests to api.c
2026-04-13 11:32:51 -06:00
Zackery Backman
0ab5401edf
Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory.
2026-04-13 11:32:51 -06:00
Zackery Backman
b74731d878
Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation
2026-04-13 11:32:51 -06:00
Zackery Backman
3925804da6
Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation
2026-04-13 11:32:50 -06:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
Jeremiah Mackey
0525301b75
test non-block-aligned CBC input rejected
2026-04-13 16:19:30 +00:00
Juliusz Sosinowicz
3e74f841d0
Add tests for BN_bn2binpad with zero output length
2026-04-13 15:50:26 +02:00
Juliusz Sosinowicz
a4632ea508
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-13 15:35:40 +02:00
Sean Parkinson
a50a5403a7
Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
...
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson
0434139967
Merge pull request #10186 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-13 09:18:46 +10:00
David Garske
3d4e929869
Merge pull request #10173 from SparkiDev/init_cert_sha1
...
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
Daniel Pouzzner
1b692b8063
fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331).
2026-04-12 12:07:33 -05:00
David Garske
ae0a3877ca
Merge pull request #10122 from miyazakh/f-1370_SigGetSize
...
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
Anthony Hu
6377ed03ce
better gating.
2026-04-10 14:27:48 -04:00
Paul Adelsbach
6f7e5d030b
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-10 10:48:17 -07:00
Anthony Hu
ce226a8ad7
Fix bad merge in tests
2026-04-10 12:15:04 -04:00
Tobias Frauenschläger
b0763ea4d1
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-10 17:43:35 +02:00
Anthony Hu
573ff92d13
test improvement
2026-04-10 11:17:45 -04:00
Anthony Hu
599d02e1e7
Add bounds checks for MP integer size in SizeASN_Items
2026-04-10 11:17:45 -04:00
Tobias Frauenschläger
062ef3e93b
Remove some duplicate CI tests
2026-04-10 12:50:24 +02:00
Sean Parkinson
b764aac074
API testing additions: cipher tests
...
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.
Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.
Added tests for:
- AES-EAX streaming
- AES-SIV
- Poly1305
- DES-CBC
2026-04-10 15:43:21 +10:00
Sean Parkinson
ecd925f10e
Initialize certificate: default to SHA-1 when necessary
...
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
Sean Parkinson
abfff1ec2f
Merge pull request #10167 from embhorn/zd21571
...
Fix ETM on resumption
2026-04-10 07:45:20 +10:00
Eric Blankenhorn
4d79d1efd9
Improve tests
2026-04-09 16:24:12 -05:00
David Garske
8059fbdbe8
Merge pull request #10129 from rlm2002/coverity_fix
...
03042026 Coverity tests fix
2026-04-09 13:35:36 -07:00
Anthony Hu
7336ed7cee
Fixes ZD 19760
...
Before this fix, the certificates were not getting into the certificate manager.
This makes sure they are going in.
2026-04-09 13:09:17 -04:00
Eric Blankenhorn
31eb54f950
Fix from review
2026-04-09 11:32:47 -05:00
Eric Blankenhorn
191b827579
Fix from review
2026-04-09 10:14:45 -05:00
Eric Blankenhorn
b218b29403
Fix from review
2026-04-08 16:13:23 -05:00
Eric Blankenhorn
1e1e34ce8c
Fix for peer cert verify with IP address
2026-04-08 15:47:57 -05:00
Eric Blankenhorn
af5369636a
Fix ETM on resumption
2026-04-08 15:06:11 -05:00
Marco Oliverio
5107613025
bio: add tests
2026-04-08 18:49:40 +02:00
Marco Oliverio
7802a75acd
bio: various fixes and improvements
...
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read
* restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and
* ctrlCB checking
* return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails,
updated test to reflect this
* check arguments for NULL in wolfSSL_BIO_ADDR_size
* replace non-portable type long usigned int with size_t
* wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead
of WOLFSSL_FAILURE, return 0 when len is 0
* wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against
XBADFILE
* wolfSSL_BIO_ctrl: add NULL check on bio before switch
* wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking
* wolfSSL_BIO_gets: place null terminator after actual bytes read from
BIO_BIO nread
2026-04-08 18:49:40 +02:00
Ruby Martin
5e87b82dfa
initialize key and rng in test_DhAgree_rejects_p_minus_1()
2026-04-08 09:48:06 -06:00
Hideki Miyazaki
e3fd4cc24d
fix f-1370 key_len size check for void* in wc_SignatureGetSize
2026-04-08 17:07:42 +09:00
Daniel Pouzzner
750f3b119e
Merge pull request #10088 from anhu/new_various
...
Various security fixes and tests
2026-04-07 22:13:18 -05:00
Aidan Garske
bf03de6b6d
Add WC_NO_ERR_TRACE
2026-04-07 15:30:14 -07:00
Aidan Garske
921f32f52e
F-2193 - Add negative test for ASCON AEAD128 authentication tag verification
2026-04-07 12:52:04 -07:00
Daniel Pouzzner
60d1e222b2
globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
...
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
JacobBarthelmeh
ad1cc4e87f
adjust test case return value check after rebase
2026-04-07 10:26:16 -06:00
Paul Adelsbach
c335f7dd6f
Remove UTF-8 chars
...
Get rid of weird character
Fix warning found by CI
Style changes
Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu
2e32094545
Add regression tests for fixes
2026-04-07 10:05:56 -06:00
JacobBarthelmeh
7aac9e5766
Merge pull request #10139 from philljj/fix_nightly_mem
...
Fix nightly mem
2026-04-07 09:08:01 -06:00
philljj
b5874a6d9e
Merge pull request #10132 from douzzer/20260404-default_rng_bank
...
20260404-default_rng_bank
2026-04-06 22:54:20 -05:00
Daniel Pouzzner
efe6ad4bd6
Merge pull request #10116 from Frauschi/zd21457
...
Additional fixes
2026-04-06 20:23:25 -05:00