wolfSSL
diff --git a/‎.github/workflows/python.yml‎
Lines changed: 156 additions & 0 deletions b/‎.github/workflows/python.yml‎
Lines changed: 156 additions & 0 deletions
diff --git a/‎src/internal.c‎
Lines changed: 5 additions & 0 deletions b/‎src/internal.c‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/ocsp.c‎
Lines changed: 5 additions & 12 deletions b/‎src/ocsp.c‎
Lines changed: 5 additions & 12 deletions
diff --git a/‎src/ssl.c‎
Lines changed: 29 additions & 40 deletions b/‎src/ssl.c‎
Lines changed: 29 additions & 40 deletions
@@ -0,0 +1,156 @@
+name: Python Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-all --enable-tlsv10
+            'CPPFLAGS=-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON'
+          check: false
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-python
+          path: build-dir.tgz
+          retention-days: 5
+
+  python_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+            - python_ver: 3.12.11
+              tests: >-
+                test_ssl
+                test.test_asyncio.test_ssl
+                test.test_asyncio.test_sslproto
+                test_hashlib
+                test_hmac
+                test_secrets
+                test_ftplib
+                test_imaplib
+                test_poplib
+                test_smtplib
+                test_httplib
+                test_urllib2_localnet
+                test_xmlrpc
+                test_docxmlrpc
+            - python_ver: 3.13.4
+              tests: >-
+                test_ssl
+                test.test_asyncio.test_ssl
+                test.test_asyncio.test_sslproto
+                test_hashlib
+                test_hmac
+                test_secrets
+                test_ftplib
+                test_imaplib
+                test_poplib
+                test_smtplib
+                test_httplib
+                test_urllib2_localnet
+                test_xmlrpc
+                test_docxmlrpc
+            - python_ver: 3.13.7
+              tests: >-
+                test_ssl
+                test.test_asyncio.test_ssl
+                test.test_asyncio.test_sslproto
+                test_hashlib
+                test_hmac
+                test_secrets
+                test_ftplib
+                test_imaplib
+                test_poplib
+                test_smtplib
+                test_httplib
+                test_urllib2_localnet
+                test_xmlrpc
+                test_docxmlrpc
+    name: Python ${{ matrix.python_ver }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    timeout-minutes: 60
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            build-essential autoconf automake autoconf-archive pkgconf \
+            libffi-dev libbz2-dev libreadline-dev libsqlite3-dev \
+            zlib1g-dev libncursesw5-dev libgdbm-dev libnss3-dev \
+            liblzma-dev uuid-dev pkg-config
+
+      - name: Download wolfSSL
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-python
+
+      - name: Untar wolfSSL build
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout CPython
+        uses: actions/checkout@v4
+        with:
+          repository: python/cpython
+          ref: v${{ matrix.python_ver }}
+          path: cpython
+
+      - name: Apply wolfSSL patch
+        working-directory: cpython
+        run: patch -p1 < $GITHUB_WORKSPACE/osp/Python/wolfssl-python-${{ matrix.python_ver }}.patch
+
+      - name: Build CPython and run SSL and crypto tests
+        working-directory: cpython
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          rm aclocal.m4
+          autoreconf -if
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          make -j test TESTOPTS="-v \
+            test_ssl \
+            test.test_asyncio.test_ssl \
+            test.test_asyncio.test_sslproto \
+            test_hashlib \
+            test_hmac \
+            test_secrets \
+            test_ftplib \
+            test_imaplib \
+            test_poplib \
+            test_smtplib \
+            test_httplib \
+            test_urllib2_localnet \
+            test_xmlrpc \
+            test_docxmlrpc"
@@ -26305,6 +26305,11 @@ int SendData(WOLFSSL* ssl, const void* data, size_t sz)
         if (sent == (word32)sz) break;
 
         buffSz = (word32)sz - sent;
+        {
+            int maxFrag = wolfSSL_GetMaxFragSize(ssl);
+            if (maxFrag > 0 && (int)buffSz > maxFrag)
+                buffSz = (word32)maxFrag;
+        }
         outputSz = wolfssl_local_GetRecordSize(ssl, (word32)buffSz, 1);
 #if defined(WOLFSSL_DTLS)
         if (ssl->options.dtls) {
 
@@ -1995,18 +1995,11 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
             ser->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
         }
 
-        #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
-            /* Serial number starts at 0 index of ser->data */
-            XMEMCPY(&ser->data[i], cid->status->serial,
-                (size_t)cid->status->serialSz);
-            ser->length = cid->status->serialSz;
-        #else
-            ser->data[i++] = ASN_INTEGER;
-            i += SetLength(cid->status->serialSz, ser->data + i);
-            XMEMCPY(&ser->data[i], cid->status->serial,
-                (size_t)cid->status->serialSz);
-            ser->length = i + cid->status->serialSz;
-        #endif
+        ser->data[i++] = ASN_INTEGER;
+        i += SetLength(cid->status->serialSz, ser->data + i);
+        XMEMCPY(&ser->data[i], cid->status->serial,
+            (size_t)cid->status->serialSz);
+        ser->length = i + cid->status->serialSz;
 
         cid->status->serialInt = ser;
         *serial = ser;
 
@@ -10462,8 +10462,7 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
         return NULL;
     }
 
-    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
-        !defined(WOLFSSL_QT)
+    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS)
         return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite);
     #else
         return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0,
@@ -14033,12 +14032,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         }
         if (i == (int)WOLFSSL_OBJECT_INFO_SZ) {
             WOLFSSL_MSG("NID not in table");
-        #ifdef WOLFSSL_QT
-            sName = NULL;
-            type = (word32)id;
-        #else
             return NULL;
-        #endif
         }
 
     #ifdef HAVE_ECC
@@ -16027,9 +16021,8 @@ static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0,
  */
 WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
 {
-    WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
     const Suites* suites;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+#if defined(OPENSSL_ALL)
     const CipherSuiteInfo* cipher_names = GetCipherNames();
     int cipherSz = GetCipherNamesSize();
 #endif
@@ -16045,15 +16038,20 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
     /* check if stack needs populated */
     if (ssl->suitesStack == NULL) {
         int i;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-        int j;
+
+        ((WOLFSSL*)ssl)->suitesStack =
+                wolfssl_sk_new_type_ex(STACK_TYPE_CIPHER, ssl->heap);
+        if (ssl->suitesStack == NULL)
+            return NULL;
 
         /* higher priority of cipher suite will be on top of stack */
-        for (i = suites->suiteSz - 2; i >=0; i-=2) {
+#if defined(OPENSSL_ALL)
+        for (i = suites->suiteSz - 2; i >=0; i-=2)
 #else
-        for (i = 0; i < suites->suiteSz; i+=2) {
+        for (i = 0; i < suites->suiteSz; i+=2)
 #endif
-            WOLFSSL_STACK* add;
+        {
+            struct WOLFSSL_CIPHER cipher;
 
             /* A couple of suites are placeholders for special options,
              * skip those. */
@@ -16063,39 +16061,30 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
                 continue;
             }
 
-            add = wolfSSL_sk_new_node(ssl->heap);
-            if (add != NULL) {
-                add->type = STACK_TYPE_CIPHER;
-                add->data.cipher.cipherSuite0 = suites->suites[i];
-                add->data.cipher.cipherSuite  = suites->suites[i+1];
-                add->data.cipher.ssl          = ssl;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            XMEMSET(&cipher, 0, sizeof(cipher));
+            cipher.cipherSuite0 = suites->suites[i];
+            cipher.cipherSuite  = suites->suites[i+1];
+            cipher.ssl          = ssl;
+#if defined(OPENSSL_ALL)
+            cipher.in_stack     = 1;
+            {
+                int j;
                 for (j = 0; j < cipherSz; j++) {
-                    if (cipher_names[j].cipherSuite0 ==
-                            add->data.cipher.cipherSuite0 &&
-                            cipher_names[j].cipherSuite ==
-                                    add->data.cipher.cipherSuite) {
-                        add->data.cipher.offset = (unsigned long)j;
+                    if (cipher_names[j].cipherSuite0 == cipher.cipherSuite0 &&
+                            cipher_names[j].cipherSuite == cipher.cipherSuite) {
+                        cipher.offset = (unsigned long)j;
                         break;
                     }
                 }
+            }
 #endif
-                #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
-                /* in_stack is checked in wolfSSL_CIPHER_description */
-                add->data.cipher.in_stack     = 1;
-                #endif
-
-                add->next = ret;
-                if (ret != NULL) {
-                    add->num = ret->num + 1;
-                }
-                else {
-                    add->num = 1;
-                }
-                ret = add;
+            if (wolfSSL_sk_insert(ssl->suitesStack, &cipher, 0) <= 0) {
+                WOLFSSL_MSG("Error inserting cipher onto stack");
+                wolfSSL_sk_CIPHER_free(ssl->suitesStack);
+                ((WOLFSSL*)ssl)->suitesStack = NULL;
+                break;
             }
         }
-        ((WOLFSSL*)ssl)->suitesStack = ret;
     }
     return ssl->suitesStack;
 }