Commit Graph

30322 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 044a477378 parallel-make-check.py: only require bwrap for an actual netns run
netns needs bwrap; without it commands silently share the host network
namespace and parallel network tests collide on ports. Skip the check for
--list (it inspects configs, runs nothing), hard-fail on CI so a missing-
bubblewrap misconfig can't silently degrade, and locally just warn and fall
back to the shared namespace.
2026-06-25 13:05:35 +00:00
Juliusz Sosinowicz f2fa741bad socat CI: run the test suite as parallel netns shards
The socat suite is sleep-bound and slow run serially. Drive it through
parallel-make-check.py as ~6 shards per CPU, 2 running per CPU at once: each
shard runs a round-robin slice of the tests in its own bwrap network
namespace (so parallel shards don't collide on ports) and its own build-dir
copy. The work is almost all waiting, so the oversubscription just overlaps
the waits.

Install bubblewrap so the netns isolation actually happens (without it the
runner silently shares one namespace and the shards collide). Each fresh
netns is IPv4-loopback only, so re-create IPv6 loopback (CAP_NET_ADMIN) for
the ::1 / dual-stack tests, and add non-loopback placeholders (fc00::1,
192.0.2.1) so glibc's AI_ADDRCONFIG still returns both families - without
them socat's getaddrinfo fails on numeric non-loopback addresses, e.g. the
multicast tests. Relax the AppArmor unprivileged-userns restriction so the
bwrap netns + CAP_NET_ADMIN work on ubuntu-24.04.
2026-06-25 09:35:13 +00:00
Juliusz Sosinowicz c9d71d52f8 parallel-make-check.py: add generic pool extensions for arbitrary commands
Let any command ride the build/check pool, not just wolfSSL builds:
  build  false skips configure/make/check (config is just prepare+run)
  netns  true runs each command under 'bwrap --unshare-net --cap-add
         CAP_NET_ADMIN' (its own network namespace) so parallel network
         tests can't collide on ports and can configure that namespace
  shards fan a config out into N instances, each with $SHARD (1..N) and
         $SHARDS=N in its env and its own build-<name>-<k> dir, so a
         command can split its work N ways (the pool load-balances them)

Error out, rather than silently degrade, on two misconfigurations that
otherwise surface as confusing test failures: netns requested but bwrap
missing (commands would share the host namespace and collide on ports),
and config-name collisions after shard fan-out (two jobs would share a
build dir and race).
2026-06-25 09:35:13 +00:00
JacobBarthelmeh ac01707f55 Merge pull request #10757 from philljj/release
prepare for release 5.9.2
2026-06-24 13:21:53 -06:00
jordan 0fe21bbcd5 prepare for release 5.9.2 2026-06-24 12:01:51 -05:00
philljj ad1cd4789b Merge pull request #10763 from douzzer/20260623-WC_16BIT_CPU-WC_ATOMIC_INT_ARG
20260623-WC_16BIT_CPU-WC_ATOMIC_INT_ARG
2026-06-23 17:51:11 -05:00
Daniel Pouzzner 18c2329167 wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: for 16 bit portability,
use target native int for WC_ATOMIC_INT_ARG, add user overrideability, and
  adjust WC_INIT_STATE_COUNT_BITS to depend on sizeof(WC_ATOMIC_UINT_ARG).  add
  a wc_static_assert to sanity-check WC_INIT_STATE_STATE_BITS, and use CHAR_BIT
  opportunistically in the other wc_static_assert to sanity check that CHAR_BIT
  is at least 8.
2026-06-23 11:24:51 -05:00
JacobBarthelmeh dd6da70d39 Merge pull request #10732 from douzzer/20260618-FORCE_FAILURE_RDSEED-fixes
20260618-FORCE_FAILURE_RDSEED-fixes
2026-06-18 15:30:54 -06:00
JacobBarthelmeh d379e833cf Merge pull request #10735 from douzzer/20260618-disable-errorstrings-test_wolfSSL_set_cipher_list_exclusions
20260618-disable-errorstrings-test_wolfSSL_set_cipher_list_exclusions
2026-06-18 14:23:17 -06:00
Daniel Pouzzner 0b20777315 tests/api.c: in test_wolfSSL_set_cipher_list_exclusions(), don't test IANA names if NO_ERROR_STRINGS. 2026-06-18 13:41:20 -05:00
Daniel Pouzzner 3876746500 Merge pull request #10726 from JacobBarthelmeh/test
add macro guard around new test case for specific builds
2026-06-18 13:01:27 -05:00
JacobBarthelmeh 8167d16b5f Merge pull request #10727 from SparkiDev/thumb2_x25519_fix
Thumb2 X25519: Fix to do full reduction
2026-06-18 11:43:42 -06:00
Daniel Pouzzner 296bfc8a83 wolfcrypt/src/random.c:
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
2026-06-18 11:53:44 -05:00
David Garske c2a8f77f38 Merge pull request #10731 from julek-wolfssl/ci-cache-save-on-master
CI: only save dependency caches on master, restore on PRs
2026-06-18 08:51:14 -07:00
David Garske 6fcf188aba Merge pull request #10700 from julek-wolfssl/parallel-make-check-annotation-link
.github: link parallel-make-check.py annotations to the workflow file
2026-06-18 08:48:52 -07:00
David Garske e95376c0a6 Merge pull request #10729 from julek-wolfssl/ci-deps-full-timeout
CI: harden ci-deps-image downloads against stalled mirror connections
2026-06-18 08:48:34 -07:00
Juliusz Sosinowicz 84d27741d5 CI: run PIC32MZ simulator test on ready_for_review
The draft guard skips the job on draft PRs, but the pull_request
trigger used the default types (no ready_for_review), so marking a
draft ready did not re-run the job and it stayed skipped. Add the
standard types, matching the other workflows, so it re-runs when the
PR becomes ready.
2026-06-18 14:21:35 +00:00
JacobBarthelmeh 1001428637 adjust test case macro guard for ALLOW_INVALID_CERTSIGN builds 2026-06-18 08:20:33 -06:00
Juliusz Sosinowicz 708837a599 CI: skip PIC32MZ simulator test on draft PRs
Add the same draft-PR guard the other workflows use so the job does
not run while a pull request is still a draft.
2026-06-18 13:04:41 +00:00
Juliusz Sosinowicz 3dd04c818c CI: hand off mbedtls/nss build via artifact on cache miss
With the cache save restricted to master, a cold-cache PR or release
run can no longer restore in the test job what the build job just built
(the per-PR cache scope is gone), so mbedtls/nss were compiled twice.

Upload the build as an artifact on a cache miss and download it in the
test job instead of recompiling, matching the handoff hostap-vm already
uses. master still restores from the shared cache, so it never uses the
artifact.
2026-06-18 12:53:57 +00:00
Juliusz Sosinowicz 058f506407 CI: factor threadx NetXDuo version into NETXDUO_REF env var
The v6.4.3_rel version was repeated in the cache path, cache key,
download URL and extract command. Define it once as a workflow-level
env var and reference it everywhere.
2026-06-18 12:30:24 +00:00
Juliusz Sosinowicz 6c211be5b9 CI: only save dependency caches on master, restore on PRs
GitHub Actions caches are branch-scoped: an entry written by a
pull_request run lives under refs/pull/<N>/merge and is invisible to
other PRs. The haproxy, mbedtls, nss, ntp, threadx and hostap-vm
workflows used combined actions/cache with fixed keys, so every PR
re-saved its own copy of the same dependency, yielding one duplicate
cache entry per PR.

Split each into actions/cache/restore (always) plus actions/cache/save
gated to refs/heads/master, and add a daily schedule so a master run
reseeds the single shared entry that all PRs restore. mbedtls/nss save
in their build job only; the test jobs restore-only.

Disable the setup-msys2 package cache: the action only toggles caching
on/off and cannot save on master while restoring on PRs.
2026-06-18 11:37:29 +00:00
Juliusz Sosinowicz 611bf688f8 CI: harden ci-deps-image downloads against stalled mirror connections
A single stalled apt mirror connection hung the ubuntu-24.04-full /
ubuntu-22.04-full download for ~20 min (they normally finish in a few),
tripping the 20-min job timeout and leaving those tags stale. The per-package
retry() only re-runs on a non-zero exit, so a hang never tripped it.

- apt drops a stalled connection after 30s and retries it
  (Acquire::http/https::Timeout, Acquire::Retries).
- each apt-get is wrapped in `timeout` so a wedged process is hard-killed and
  retry() re-runs it from scratch.
- raise the build job timeout 20 -> 60 min as a final backstop.
2026-06-18 10:52:52 +00:00
Sean Parkinson ad85f49926 Thumb2 X25519: Fix to do full reduction
This fix when into ARM32 assembly it is now being added to Thumb2 assembly.
Full reduction to ensure the number is in range at end of work.
2026-06-18 20:34:11 +10:00
JacobBarthelmeh 506a8649e9 add macro guard around new test case for specific builds 2026-06-18 00:48:26 -06:00
JacobBarthelmeh 633784e91b Merge pull request #10714 from Frauschi/zd21992_2
Some more fixes
2026-06-17 17:34:15 -06:00
JacobBarthelmeh 3f9ae22010 Merge pull request #10709 from douzzer/20260616-aes-fixes
20260616-aes-fixes
2026-06-17 15:58:23 -06:00
David Garske 877208c2fb Merge pull request #10701 from julek-wolfssl/ci-drop-apt-deps-cache
CI: install all apt deps from ghcr bundles, drop actions/cache apt-deps layer
2026-06-17 13:29:00 -07:00
JacobBarthelmeh 59295869dc Merge pull request #10715 from lealem47/amdseed_force_fail
configure: avoid entropy fallback for AMD RDSEED in FIPS builds
2026-06-17 13:26:13 -06:00
JacobBarthelmeh aec9b202c9 Merge pull request #10702 from Frauschi/zd21992
Various fixes
2026-06-17 13:22:05 -06:00
Daniel Pouzzner 881fe769a3 wolfcrypt/src/aes.c, wolfcrypt/test/test.c: use WOLFSSL_MAX_32BIT rather than magic 0xffffffff;
wolfcrypt/test/test.c: in aesgcm_stream_test(), implement tests for sSz overflow, and in aesccm_128_badarg_test(), fix line length.
2026-06-17 13:55:10 -05:00
Daniel Pouzzner 9d15bc707c wolfcrypt/src/aes.c, wolfcrypt/src/port/caam/caam_aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c, wolfcrypt/src/port/silabs/silabs_aes.c, wolfcrypt/src/port/ti/ti-aes.c: implement AES-CCM counter overflow checks for ports;
wolfcrypt/test/test.c: add missing !HAVE_SELFTEST gate around AES-CCM counter overflow test in aesccm_128_badarg_test();

wolfcrypt/src/error.c and wolfssl/wolfcrypt/error-crypt.h: update messages for AES_{GCM,CCM}_OVERFLOW_E.
2026-06-17 13:18:46 -05:00
Tobias Frauenschläger dedba75ad4 Reject duplicate certificatePolicies extension in WOLFSSL_CERT_EXT builds
DecodeExtensionType() guarded the certificatePolicies duplicate check
(VERIFY_AND_SET_OID) under WOLFSSL_SEP only, because the extCertPolicySet
tracking bit was SEP-only. In a WOLFSSL_CERT_EXT-without-WOLFSSL_SEP build a
cert with two certificatePolicies extensions was accepted and the second
silently overwrote the first (RFC 5280 4.2 forbids repeats). Make the bit and
the guard available under WOLFSSL_CERT_EXT too, matching every other
non-repeatable extension.

Add test_DecodeCertExtensions_dup_certpol (DecodeExtensionType now
WOLFSSL_TEST_VIS).
2026-06-17 19:14:21 +02:00
Tobias Frauenschläger 8e5be42a9d Fix !aNULL/!eNULL to drop explicitly-listed anonymous/NULL cipher suites
ParseCipherList() only cleared the InitSuites mask for "!aNULL"/"!eNULL",
which governs generated defaults, so an explicitly listed ADH or NULL-cipher
suite survived (e.g. "ADH-AES128-SHA:!aNULL" still offered an unauthenticated
suite). Scrub the explicit suites after parsing; exclusions are order-
independent and sticky (a later "ALL" cannot re-enable them).

Add test_wolfSSL_set_cipher_list_exclusions.
2026-06-17 19:14:07 +02:00
Lealem Amedie a3ca9e1dfa Fix FORCE_FAILURE_RDSEED case guard 2026-06-17 11:12:55 -06:00
Daniel Pouzzner 1070384034 wolfcrypt/src/aes.c and wolfcrypt/test/test.c: fixes from review, re "catch and error on total length overflow". 2026-06-17 12:01:06 -05:00
Daniel Pouzzner 5def276e07 wolfcrypt/src/aes.c: catch and error on total length overflow in wc_AesGcmEncryptUpdate(), wc_AesGcmDecryptUpdate(), wc_AesCcmEncrypt(), and wc_AesCcmEncrypt(). 2026-06-17 12:01:06 -05:00
JacobBarthelmeh 9d60981071 Merge pull request #10695 from philljj/bsdkm_fixes
Bsdkm driver cleanup
2026-06-17 10:54:32 -06:00
Tobias Frauenschläger 160b3179a1 Add regression tests for various d2i_* methods 2026-06-17 18:44:11 +02:00
JacobBarthelmeh 7aed5ac316 Merge pull request #10698 from Frauschi/slhdsa_fixes
SLH-DSA fixes
2026-06-17 10:36:58 -06:00
Lealem Amedie a593fbe90c configure: avoid entropy fallback for AMD RDSEED in FIPS builds 2026-06-17 09:45:20 -06:00
Juliusz Sosinowicz d3659c74fd CI: move Arduino cores from actions/cache to ghcr bundles
arduino.yml's per-core actions/cache layer stored the installed cores and
toolchains (~/.arduino15) - several GB, dominated by the esp32 and mbed
cores - in the 10 GB Actions cache. For esp32 it was also ineffective: the
disk-cleanup step deletes the esp32 toolchain before actions/cache saves it,
so esp32 re-downloaded every run anyway.

- New arduino-cores-image workflow resolves each of the 9 distinct cores and
  publishes a tar of ~/.arduino15 + ~/Arduino/libraries to
  ghcr.io/<owner>/wolfssl-ci-arduino:<core>. It runs monthly: esp32, the
  fastest-moving core, releases ~monthly and the rest far less often.
- New install-arduino-core composite action restores that bundle offline and
  verifies the core is present, falling back to `arduino-cli core install`
  when the bundle is unavailable - so nothing breaks until the image is first
  published and made public.
- arduino.yml calls the action in place of the inline core install and the
  actions/cache step.

This takes the flaky espressif / esp8266.com / pjrc.com downloads off the PR
critical path and frees the Actions cache of the largest binaries it held.
2026-06-17 09:29:48 +00:00
Juliusz Sosinowicz 94a671bed8 CI: disable setup-alire's cache in the Ada workflow
setup-alire@v5 caches the gnat_native+gprbuild toolchain via actions/cache
(key alr[1][2.1.0][...]), holding ~1.26 GiB - 3x the 428 MiB toolchain, one
copy per ref - against the repo's 10 GiB cache cap. On a miss the toolchain
is only a ~17s pull from github.com (alire-project releases), so the cache
saved ~20-30s on a ~6.5min Ada job (dominated by gnatprove). Not worth the
space; install it fresh each run.
2026-06-17 09:29:48 +00:00
JacobBarthelmeh 6ff1f8f2b8 Merge pull request #10705 from cconlon/tsipMemFix
Renesas TSIP: skip XMEMCPY on MEMORY_E from tsip_StoreMessage()
2026-06-16 16:14:54 -06:00
JacobBarthelmeh e6f02ecf4d fix for clang-tidy warning on variable not read 2026-06-16 16:09:42 -06:00
Chris Conlon 6ebc379f31 Renesas TSIP: skip XMEMCPY on MEMORY_E from tsip_StoreMessage() 2026-06-16 13:58:52 -06:00
Tobias Frauenschläger eaa563419e BIO: reject negative length in memory BIO read
Reject a negative read length in the memory BIO read path so it cannot bypass
the signed bounds checks and reach a wild copy. Adds a regression test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger 8f55480a1d SP math: validate ECDH shared-secret output buffer against the field size
Regenerate the SP backends so the ECDH secret generators check the caller's
buffer against the number of bytes actually written. Adds a P-384/P-521
buffer-size regression test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger f23544f094 TLS 1.3: fix for post-handshake authentication
Only exempt the missing-certificate check during the initial handshake; once a
post-handshake CertificateRequest is outstanding the server again requires the
client certificate (and its CertificateVerify). Adds a post-handshake auth
test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger c929798460 TLS: validate negotiated certificate type for raw public keys
Ensure a peer's certificate form (X.509 vs raw public key) matches the
negotiated certificate type, defaulting to X.509 when none was negotiated,
on both the client and server. Adds RPK regression tests covering both
directions.
2026-06-16 20:31:36 +02:00