wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 22:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,908 Commits 12 Branches 184 Tags
cd7256ae63b895335f6a2da2a01cb671dafec371
Commit Graph

3147 Commits

Author SHA1 Message Date
Sean Parkinson
cd7256ae63 Merge pull request #8979 from anhu/abort_on_bad_legacy 
Abort TLS connection if legacy version field  is TLS 1.3 or higher
 2025-07-22 17:12:39 +10:00
Albert Ribes
b2463f167c Avoid bogus warning on uninitialized variables on old versions of GCC 
gcc-4.3.3 erroneously complains that some variables may be used
uninitialized. Silence it assigning NULL on declaration, as is already
done with many other variables.
 2025-07-21 10:57:50 +02:00
JacobBarthelmeh
2c90d1585a Merge pull request #8897 from anhu/compat_additions 
Compatibility layer additions for X.509 extensions and RSA PSS
 2025-07-15 10:52:33 -06:00
Daniel Pouzzner
2c341a5806 Merge pull request #8990 from JacobBarthelmeh/license 
updating license from GPLv2 to GPLv3

(linuxkm tweak to `MODULE_LICENSE("GPL")` to follow.)
 2025-07-14 16:14:39 -05:00
Anthony Hu
1a0a3283a0 Add a test. 2025-07-11 14:32:47 -04:00
Daniel Pouzzner
d90394efa6 wolfcrypt/src/asn.c and wolfssl/wolfcrypt/asn.h: add 
WC_ASN_RUNTIME_DATE_CHECK_CONTROL, with accessors wc_AsnSetSkipDateCheck()
(WOLFSSL_TEST_VIS) and wc_AsnGetSkipDateCheck() (WOLFSSL_LOCAL).  use this to
permafix test_wolfSSL_CRL_duplicate_extensions() in api.c, which has an
expiring-soon handcrafted certificate in it.
 2025-07-11 11:25:25 -05:00
David Garske
a36f9085c1 Fix for compat wolfSSL_RSA_sign and wolfSSL_RSA_verify to support RSA PSS with custom salt and mgf1 hash type. Adds compat API's for i2d_PrivateKey_bio , BN_ucmp and X509v3_get_ext_by_NID. ZD 20059 2025-07-11 08:51:51 -07:00
JacobBarthelmeh
388eea3cf2 Merge pull request #8976 from holtrop/decode-encrypted-key-package 
Add wc_PKCS7_DecodeEncryptedKeyPackage()
 2025-07-10 17:08:06 -06:00
JacobBarthelmeh
629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Kareem
f942990113 Fix building unit tests with --enable-rpk --disable-rsa. 
Exact configure line used:
 ./configure --enable-kyber --enable-mlkem --enable-dilithium --enable-dtls --enable-dtls13 --enable-dtls-frag-ch --enable-debug --enable-debug-trace-errcodes \
CFLAGS="-DHAVE_RPK -DWOLFSSL_DER_LOAD -DWOLFSSL_LOGGINGENABLED_DEFAULT=1" --disable-rsa
 2025-07-10 12:03:18 -07:00
David Garske
b0a5d2fdf0 Merge pull request #8969 from SparkiDev/alpn_gcc_Os_fix 
ALPN: don't use BIO
 2025-07-09 16:30:12 -07:00
Josh Holtrop
c83a452a3c Check for NULL pkiMsg in wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 14:41:58 -04:00
Josh Holtrop
d2ab6edbab Add wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 13:38:11 -04:00
David Garske
0407ea131b Merge pull request #8970 from miyazakh/qt_jenkins_encryptedKey4PBKDF1 
Fix Qt nightly Jenkins failure
 2025-07-09 08:04:48 -07:00
Ruby Martin
de59e9d25e change to BIO_free_all() on EXPECT_FAIL() 2025-07-07 09:17:29 -06:00
Ruby Martin
65f9cdb498 free p2 before reassigning to reEncoded value 2025-07-07 09:17:29 -06:00
Hideki Miyazaki
ee8be22a3f Fix Qt nightly jenkins failure 
PBKDF1 encrpted key
 2025-07-07 15:10:41 +09:00
Sean Parkinson
70e53d1a34 ALPN: don't use BIO 
Fix wolfSSL_set_alpn_protos to not use BIO.
When compiling with -Os and newer gcc, the compiler gets confused with
the void* cast in the wolfSSL_BIO_get_mem_data call.
 2025-07-07 12:59:42 +10:00
Sean Parkinson
c925ba2fe1 Testing disabling various PK algs 
Fix api.c: disable test_EccSigFailure_cm and test_RsaSigFailure_cm when
the PK algorithm they use is disabled.
 2025-07-03 16:38:54 +10:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Daniel Pouzzner
1127dabe98 Merge pull request #8926 from dgarske/various_20250625 
Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT
 2025-06-27 22:29:24 -05:00
Daniel Pouzzner
89148f98b0 Merge pull request #8921 from rlm2002/appleNativeCertTests 
Apple native cert tests code modifications
 2025-06-27 22:26:17 -05:00
Daniel Pouzzner
018ee9754f Merge pull request #8608 from anhu/2akid 
Check for duplicate extensions in a CRL
 2025-06-27 22:25:27 -05:00
David Garske
1db3dbcc28 Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. Workaround to avoid large WOLFSSL structure size with compatibility layer enabled (the struct WOLFSSL_X509 is over 5KB). Note: May investigate way to place into heap instead. Fix issues building compatibility layer without MD5. 2025-06-27 12:42:52 -07:00
Ruby Martin
0302dbcb31 rename .yml file for macos-apple-native-cert-validation 
WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION macro placement and comment adjustment
 2025-06-26 17:07:00 -06:00
Ruby Martin
9b6b41627e move CFErrorRef instantiation 
cleanup
 2025-06-26 09:06:01 -06:00
Ruby Martin
1321e00e45 set p2 to null before next iteration 2025-06-26 08:57:56 -06:00
Ruby Martin
79b6e62668 modify check domain test 
void code for unused variable warning

do not run check_domain_name test if ssl_verify_none has been set
 2025-06-26 08:39:32 -06:00
Ruby Martin
7c44f14e77 add apple test to github actions 2025-06-26 08:38:30 -06:00
Ruby Martin
d3b30f8d51 Check underlying error, want only maximum validity period error 
add apple test macros to tests requiring cert manager
 2025-06-26 08:38:28 -06:00
Brett
877bade216 additional debugging 2025-06-26 08:38:28 -06:00
Daniel Pouzzner
6bfd2632db Merge pull request #8917 from dgarske/various_20250623 
Fix for broken `test_wolfSSL_check_domain_basic`
 2025-06-25 22:15:02 -05:00
Sean Parkinson
f119086d3e Merge pull request #8918 from kojiws/fix_asn_integer_export 
Fix SetShortInt() not to export wrong DER
 2025-06-26 08:16:48 +10:00
Koji Takeda
d76386f38c Add tests 2025-06-25 11:27:12 +09:00
JacobBarthelmeh
6cf3b51333 guard test that uses pipe from running with mingw 2025-06-24 17:21:24 -06:00
David Garske
5d7cb2ec07 Fix for new api.c test test_wolfSSL_check_domain_basic added in PR #8863 that fails with --disable-sys-ca-certs. 2025-06-24 08:25:01 -07:00
Anthony Hu
1dff76782b Check for duplicate extensions in a CRL 2025-06-24 11:10:18 -04:00
David Garske
978a29da0b Merge pull request #8898 from cconlon/getpidOptionsH 
Add HAVE_GETPID to options.h if getpid detected
 2025-06-23 17:11:55 -07:00
JacobBarthelmeh
9ee212cacc fix for free'ing memory with test case 2025-06-23 17:33:52 -06:00
David Garske
9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
David Garske
7d77446964 Merge pull request #8882 from rizlik/dtls13_always_transmit_explicit_ack 
dtls13: always send ACKs on detected retransmission
 2025-06-17 11:35:07 -07:00
Josh Holtrop
3bd9b2e0bc Add generation instructions for empty issuer cert and change expiry to 100 years 2025-06-16 11:39:01 -04:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
Marco Oliverio
509491f554 dtls13: wolfSSL_is_init_finished true after last server ACK 
Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
 2025-06-16 14:19:31 +02:00
Josh Holtrop
8bde5e6982 Fix printing empty names in certificates 
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
 2025-06-13 11:22:52 -04:00
David Garske
2fc1110a13 Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske
701e3ba64e Merge pull request #8808 from rlm2002/coverity 
Coverity: api.c fix
 2025-06-12 12:03:14 -07:00
David Garske
6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh
8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh
47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00