Merge pull request #10227 from douzzer/20260414-fixes

20260414-fixes
This commit is contained in:
Sean Parkinson
2026-04-15 20:24:23 +10:00
committed by GitHub
15 changed files with 90 additions and 43 deletions
-1
View File
@@ -945,7 +945,6 @@ WOLFSSL_XMSS_LARGE_SECRET_KEY
WOLFSSL_ZEPHYR
WOLF_ALLOW_BUILTIN
WOLF_CRYPTO_CB_CMD
WOLF_CRYPTO_CB_FIND
WOLF_CRYPTO_CB_ONLY_ECC
WOLF_CRYPTO_CB_ONLY_RSA
WOLF_CRYPTO_DEV
+2 -1
View File
@@ -1546,7 +1546,8 @@ then
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
test "$enable_aessiv" = "" && enable_aessiv=yes
test "$enable_aeseax" = "" && enable_aeseax=yes
# AFALG lacks AES-EAX
test "$enable_aeseax" = "" && test "$enable_afalg" != "yes" && enable_aeseax=yes
if test "$KERNEL_MODE_DEFAULTS" != "yes"
then
+3 -1
View File
@@ -60,8 +60,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+3 -1
View File
@@ -63,8 +63,10 @@ remove_ready_file() {
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+4
View File
@@ -39,8 +39,12 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then
fi
kill_server() {
sleepseconds=1
for i in $(jobs -pr); do
if [ "$i" != "$TCPDUMP_PID" ]; then
# sleep to give sanitizers time to dump backtraces.
sleep $sleepseconds
sleepseconds=0
kill -9 $i
fi
done
+9 -2
View File
@@ -141,14 +141,21 @@ do_cleanup() {
echo "in cleanup"
IFS=$OIFS #restore separator
sleepseconds=1
for s in $servers
do
f2=${s%:*}
sname=${f2%:*}
pid=${f2##*:}
port=${s##*:}
echo "killing server: $sname ($port)"
kill -9 "$pid"
if kill -0 "$pid" 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep $sleepseconds
sleepseconds=0
echo "killing server: $sname ($port)"
kill -9 "$pid"
fi
done
}
+6 -2
View File
@@ -54,8 +54,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
@@ -67,8 +69,10 @@ do_cleanup() {
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+3 -1
View File
@@ -63,8 +63,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+3 -1
View File
@@ -44,8 +44,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+3 -1
View File
@@ -74,8 +74,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid 2>/dev/null
server_pid=$no_pid
+3 -1
View File
@@ -87,8 +87,10 @@ remove_ready_file() {
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
if [ $server_pid != $no_pid ] && kill -0 $server_pid 2>&-
then
# sleep to give sanitizers time to dump backtraces.
sleep 1
echo "killing server"
kill -9 $server_pid
fi
+19 -15
View File
@@ -316,10 +316,28 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
WOLFSSL_MSG("Couldn't lock x509 mutex");
if (!doFree)
return;
wolfSSL_RefFree(&crl->ref);
}
#endif
#ifdef HAVE_CRL_MONITOR
if (crl->tid != INVALID_THREAD_VAL) {
WOLFSSL_MSG("stopping monitor thread");
if (StopMonitor(crl->mfd) == 0) {
if (wolfSSL_JoinThread(crl->tid) != 0)
WOLFSSL_MSG("stop monitor failed in wolfSSL_JoinThread");
}
else {
WOLFSSL_MSG("stop monitor failed");
}
}
if (wolfSSL_CondFree(&crl->cond) != 0)
WOLFSSL_MSG("wolfSSL_CondFree failed in FreeCRL");
#endif
#ifdef OPENSSL_ALL
wolfSSL_RefFree(&crl->ref);
#endif
tmp = crl->crlList;
#ifdef HAVE_CRL_MONITOR
if (crl->monitors[0].path)
@@ -343,20 +361,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
tmp = next;
}
#ifdef HAVE_CRL_MONITOR
if (crl->tid != INVALID_THREAD_VAL) {
WOLFSSL_MSG("stopping monitor thread");
if (StopMonitor(crl->mfd) == 0) {
if (wolfSSL_JoinThread(crl->tid) != 0)
WOLFSSL_MSG("stop monitor failed in wolfSSL_JoinThread");
}
else {
WOLFSSL_MSG("stop monitor failed");
}
}
if (wolfSSL_CondFree(&crl->cond) != 0)
WOLFSSL_MSG("wolfSSL_CondFree failed in FreeCRL");
#endif
wc_FreeRwLock(&crl->crlLock);
if (dynamic) /* free self */
XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL);
+2
View File
@@ -18362,6 +18362,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* Regression test: wc_AesGcmDecryptFinal must reject authTagSz below
* WOLFSSL_MIN_AUTH_TAG_SZ, consistent with wc_AesGcmDecrypt and
* wc_AesGcmEncryptFinal. */
@@ -18376,6 +18377,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT && WOLFSSL_MIN_AUTH_TAG_SZ > 1 */
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
/* alen is the size to pass in with each update. */
for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
+24 -15
View File
@@ -821,22 +821,11 @@ WOLFSSL_LOCAL int wc_local_CmacUpdateAes(struct Cmac *cmac, const byte* in,
#ifdef WOLFSSL_AES_EAX
/* Because of the circular dependency between AES and CMAC, we need to prevent
* inclusion of AES EAX from CMAC to avoid a recursive inclusion */
#ifndef WOLF_CRYPT_CMAC_H
#include <wolfssl/wolfcrypt/cmac.h>
struct AesEax {
Aes aes;
Cmac nonceCmac;
Cmac aadCmac;
Cmac ciphertextCmac;
byte nonceCmacFinal[WC_AES_BLOCK_SIZE];
byte aadCmacFinal[WC_AES_BLOCK_SIZE];
byte ciphertextCmacFinal[WC_AES_BLOCK_SIZE];
byte prefixBuf[WC_AES_BLOCK_SIZE];
};
#endif /* !defined(WOLF_CRYPT_CMAC_H) */
/* Note that struct AesEax is defined at the end of this file, to work around
* circular dependency between AES and CMAC.
*/
struct AesEax;
typedef struct AesEax AesEax;
/* One-shot API */
@@ -1120,3 +1109,23 @@ WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH32(const byte* in, byte* out,
#endif /* NO_AES */
#endif /* WOLF_CRYPT_AES_H */
/* Because of the circular dependency between AES and CMAC, we need to define
* struct AesEax here, with careful gating.
*/
#if defined(WOLFSSL_AES_EAX) && !defined(WC_AES_INCLUDE_FOR_CMAC_H) && \
!defined(WC_AESEAX_STRUCT_DEFINED)
#include <wolfssl/wolfcrypt/cmac.h>
struct AesEax {
Aes aes;
Cmac nonceCmac;
Cmac aadCmac;
Cmac ciphertextCmac;
byte nonceCmacFinal[WC_AES_BLOCK_SIZE];
byte aadCmacFinal[WC_AES_BLOCK_SIZE];
byte ciphertextCmacFinal[WC_AES_BLOCK_SIZE];
byte prefixBuf[WC_AES_BLOCK_SIZE];
};
#define WC_AESEAX_STRUCT_DEFINED
#endif /* WOLFSSL_AES_EAX && !WC_AES_INCLUDE_FOR_CMAC_H && */
/* !WC_AESEAX_STRUCT_DEFINED */
+6 -1
View File
@@ -28,7 +28,12 @@
#ifdef WOLFSSL_CMAC
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
/* Inhibit definition of struct AesEax, with its circular dependency on the
* below definition of struct Cmac.
*/
#define WC_AES_INCLUDE_FOR_CMAC_H
#include <wolfssl/wolfcrypt/aes.h>
#undef WC_AES_INCLUDE_FOR_CMAC_H
#endif
#if defined(HAVE_FIPS) && \