Commit Graph

27397 Commits

Author SHA1 Message Date
Kareem 1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem 6b01053d98 Add test case for new x509_verify_cert retry functionality.
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem 027f0891f4 Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove. 2025-08-18 10:21:53 -07:00
Kareem aaadb7971d Fix narrowing conversion of type in RemoveCa. 2025-08-18 10:21:53 -07:00
Kareem 7b4a50b701 Add missing XFREE for dCert. 2025-08-18 10:21:53 -07:00
Kareem d6f603b661 Add X509StoreRemoveCa wrapper around RemoveCa
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined.  Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem 15a147d957 Remove incorrectly added NULL check, add debug logging to RemoveCA. 2025-08-18 10:21:53 -07:00
Kareem f9eda18445 Fix missing cast and correct freeing of certs. 2025-08-18 10:21:53 -07:00
Kareem 946f20ccc7 Add type parameter to RemoveCA to avoid removing CAs of the wrong type. 2025-08-18 10:21:53 -07:00
Kareem 025dbc3454 Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains. 2025-08-18 10:21:52 -07:00
Sean Parkinson 43f94a5d7d Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson 0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner 39c6c5af6f wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
regular word32, and use non-atomics for general flag checking, with a new
  implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;

rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
  (strictly accurate return value), and add cpuid_flags_atomic_t and
  WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
  cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47 b096d9b250 Merge pull request #9106 from dgarske/zd20399
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske 32b0bd963b Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399) 2025-08-15 10:08:28 -07:00
David Garske a98006eca9 Merge pull request #9105 from douzzer/20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
2025-08-15 09:07:38 -07:00
Daniel Pouzzner 10a05ad839 wolfcrypt/src/dilithium.c: fix dilithium_expand_s() to fall through to dilithium_expand_s_c() for s1Len not implemented for USE_INTEL_SPEEDUP. 2025-08-15 09:48:55 -05:00
Juliusz Sosinowicz ffe3d80f8d Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Sean Parkinson 5b1302e4df Merge pull request #9094 from dgarske/zd20369
Fix to better detect sniffer invalid spurious re-transmissions
2025-08-15 09:01:02 +10:00
Sean Parkinson 228ede7495 Merge pull request #9102 from rlm2002/zd20212
Remove dead code and check return values.
2025-08-15 08:21:38 +10:00
Daniel Pouzzner c5bbf4c7e0 Merge pull request #9085 from effbiae/while-pending
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00
David Garske e00fd2fd70 Fix to better detect invalid spurious retransmission. 2025-08-14 12:19:39 -07:00
Kareem c535e281c6 Skip unit test when using Apple native cert validation. 2025-08-14 11:34:15 -07:00
Kareem cb3f7de3f7 Fix issues found by CI/CD tests. 2025-08-14 11:34:15 -07:00
Kareem 3bcbbd2924 Fix issue with loading PEM certs. Address code review feedback.
Add tests.
2025-08-14 11:34:15 -07:00
Kareem a652b733e4 Fix conversion warning. 2025-08-14 11:34:15 -07:00
Kareem ab342978d7 Fix implicit conversion warning. 2025-08-14 11:34:14 -07:00
Kareem 61ccea55ac Allow setting the CA type when loading into cert manager
and unloading specific CA types from the cert manager.
2025-08-14 11:34:14 -07:00
Kareem cb623dc9ea Multiple fixes to wolfSSL_CIPHER_description to match documentation.
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
2025-08-14 11:27:10 -07:00
Koji Takeda 0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
Daniel Pouzzner cefeb4cd7e atomics/cpuid_flags fixes from peer review:
wolfcrypt/src/cpuid.c: cpuid_set_flag() and cpuid_clear_flag() thread safety;

wolfcrypt/src/wc_port.c: comments re __ATOMIC_SEQ_CST and __ATOMIC_ACQUIRE;

wolfssl/wolfcrypt/wc_port.h: single overrideable definitions for WOLFSSL_ATOMIC_COERCE_[U]INT(), and comment cleanup.

also added WOLFSSL_USER_DEFINED_ATOMICS.
2025-08-14 09:33:14 -05:00
Daniel Pouzzner bd4e723f9d add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex();
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;

refactor cpuid_set_flags() to be race-free;

wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()

wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;

.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
2025-08-14 08:44:28 -05:00
Sean Parkinson a1dd7dae6f Merge pull request #9095 from miyazakh/add_sha512_typeproperty
Add hashtype property to wc_Sha512 structure
2025-08-14 21:43:06 +10:00
Sean Parkinson 102525c9c9 Merge pull request #9100 from dgarske/cryptocb_only
Improve some of the build cases around crypto callback only
2025-08-14 21:41:26 +10:00
Sean Parkinson 034df3d28f Merge pull request #9101 from dgarske/asm_introspection
Add assembly introspection for RISC-V and PPC32
2025-08-14 21:38:42 +10:00
Daniel Pouzzner a64c719fd2 Merge pull request #9092 from douzzer/20250812-Base64_Decode-outLen-bounds-fix
20250812-Base64_Decode-outLen-bounds-fix

reviewed+approved by @dgarske and @SparkiDev
2025-08-13 23:15:04 -05:00
effbiae 0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
JacobBarthelmeh 8458b5ec1d Merge pull request #9053 from rlm2002/sessionTickets
update wolfSSL_get_SessionTicket to be able to return ticket length
2025-08-13 17:19:52 -06:00
Ruby Martin 18f3f22a7e add option for WOLFSSL_ARMASM_INLINE to CMake 2025-08-13 17:05:48 -06:00
Daniel Pouzzner 7fe890d5e7 wolfcrypt/src/coding.c: clean up comment in Base64_Decode(), per peer review. 2025-08-13 18:00:36 -05:00
Daniel Pouzzner 344db9d7f7 wolfcrypt/src/coding.c: in Base64_Decode_nonCT() and Base64_Decode(), remove overly restrictive preamble check on outLen; return BUFFER_E, not BAD_FUNC_ARG, when output buffer is too short (similarly fixed in Base16_Decode());
wolfcrypt/test/test.c: add N_BYTE_TEST() and test vectors to test all input and output length scenarios.
2025-08-13 17:43:33 -05:00
Ruby Martin dc18f404ca remove dead code in fe_operations.c 2025-08-13 16:34:14 -06:00
Ruby Martin 71c2878780 verify previously unchecked return values 2025-08-13 16:28:36 -06:00
David Garske 53c36f8529 Add assembly introspection for RISC-V and PPC32. 2025-08-13 22:30:15 +01:00
David Garske d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Hideki Miyazaki b67e063535 add hashtype property to wc_Sha512 2025-08-14 05:37:40 +09:00
Daniel Pouzzner 22b221a8be Merge pull request #9099 from gojimmypi/pr-cert-test-sizeof
Change certs_test sizeof const to define for Watcom
2025-08-13 14:41:21 -05:00
gojimmypi f279f9cd71 Change certs_test sizeof const to define for Watcom 2025-08-13 11:58:59 -07:00
Ruby Martin a725f4d7ac update wolfSSL_get_SessionTicket() function dox comment 2025-08-13 08:29:30 -06:00
Ruby Martin a02025d0c9 add session ticket length return check to api tests 2025-08-13 08:29:30 -06:00