Kareem
1e367597b6
Fix memory leak in newly added unit test.
2025-08-18 10:21:53 -07:00
Kareem
6b01053d98
Add test case for new x509_verify_cert retry functionality.
...
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem
027f0891f4
Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove.
2025-08-18 10:21:53 -07:00
Kareem
aaadb7971d
Fix narrowing conversion of type in RemoveCa.
2025-08-18 10:21:53 -07:00
Kareem
7b4a50b701
Add missing XFREE for dCert.
2025-08-18 10:21:53 -07:00
Kareem
d6f603b661
Add X509StoreRemoveCa wrapper around RemoveCa
...
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined. Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem
15a147d957
Remove incorrectly added NULL check, add debug logging to RemoveCA.
2025-08-18 10:21:53 -07:00
Kareem
f9eda18445
Fix missing cast and correct freeing of certs.
2025-08-18 10:21:53 -07:00
Kareem
946f20ccc7
Add type parameter to RemoveCA to avoid removing CAs of the wrong type.
2025-08-18 10:21:53 -07:00
Kareem
025dbc3454
Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains.
2025-08-18 10:21:52 -07:00
Sean Parkinson
43f94a5d7d
Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
...
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson
0ba16a9c5b
Merge pull request #9104 from kojiws/export_long_key_orig_asn
...
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner
39c6c5af6f
wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
...
regular word32, and use non-atomics for general flag checking, with a new
implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;
rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
(strictly accurate return value), and add cpuid_flags_atomic_t and
WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47
b096d9b250
Merge pull request #9106 from dgarske/zd20399
...
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske
32b0bd963b
Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399)
2025-08-15 10:08:28 -07:00
David Garske
a98006eca9
Merge pull request #9105 from douzzer/20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
...
20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
2025-08-15 09:07:38 -07:00
Daniel Pouzzner
10a05ad839
wolfcrypt/src/dilithium.c: fix dilithium_expand_s() to fall through to dilithium_expand_s_c() for s1Len not implemented for USE_INTEL_SPEEDUP.
2025-08-15 09:48:55 -05:00
Juliusz Sosinowicz
ffe3d80f8d
Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
...
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Sean Parkinson
5b1302e4df
Merge pull request #9094 from dgarske/zd20369
...
Fix to better detect sniffer invalid spurious re-transmissions
2025-08-15 09:01:02 +10:00
Sean Parkinson
228ede7495
Merge pull request #9102 from rlm2002/zd20212
...
Remove dead code and check return values.
2025-08-15 08:21:38 +10:00
Daniel Pouzzner
c5bbf4c7e0
Merge pull request #9085 from effbiae/while-pending
...
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00
David Garske
e00fd2fd70
Fix to better detect invalid spurious retransmission.
2025-08-14 12:19:39 -07:00
Kareem
c535e281c6
Skip unit test when using Apple native cert validation.
2025-08-14 11:34:15 -07:00
Kareem
cb3f7de3f7
Fix issues found by CI/CD tests.
2025-08-14 11:34:15 -07:00
Kareem
3bcbbd2924
Fix issue with loading PEM certs. Address code review feedback.
...
Add tests.
2025-08-14 11:34:15 -07:00
Kareem
a652b733e4
Fix conversion warning.
2025-08-14 11:34:15 -07:00
Kareem
ab342978d7
Fix implicit conversion warning.
2025-08-14 11:34:14 -07:00
Kareem
61ccea55ac
Allow setting the CA type when loading into cert manager
...
and unloading specific CA types from the cert manager.
2025-08-14 11:34:14 -07:00
Kareem
cb623dc9ea
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
...
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
2025-08-14 11:27:10 -07:00
Koji Takeda
0a9356e645
Improve original implementation on SetAsymKeyDer() and the test
2025-08-15 00:04:01 +09:00
Daniel Pouzzner
cefeb4cd7e
atomics/cpuid_flags fixes from peer review:
...
wolfcrypt/src/cpuid.c: cpuid_set_flag() and cpuid_clear_flag() thread safety;
wolfcrypt/src/wc_port.c: comments re __ATOMIC_SEQ_CST and __ATOMIC_ACQUIRE;
wolfssl/wolfcrypt/wc_port.h: single overrideable definitions for WOLFSSL_ATOMIC_COERCE_[U]INT(), and comment cleanup.
also added WOLFSSL_USER_DEFINED_ATOMICS.
2025-08-14 09:33:14 -05:00
Daniel Pouzzner
bd4e723f9d
add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex();
...
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;
refactor cpuid_set_flags() to be race-free;
wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()
wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;
.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
2025-08-14 08:44:28 -05:00
Sean Parkinson
a1dd7dae6f
Merge pull request #9095 from miyazakh/add_sha512_typeproperty
...
Add hashtype property to wc_Sha512 structure
2025-08-14 21:43:06 +10:00
Sean Parkinson
102525c9c9
Merge pull request #9100 from dgarske/cryptocb_only
...
Improve some of the build cases around crypto callback only
2025-08-14 21:41:26 +10:00
Sean Parkinson
034df3d28f
Merge pull request #9101 from dgarske/asm_introspection
...
Add assembly introspection for RISC-V and PPC32
2025-08-14 21:38:42 +10:00
Daniel Pouzzner
a64c719fd2
Merge pull request #9092 from douzzer/20250812-Base64_Decode-outLen-bounds-fix
...
20250812-Base64_Decode-outLen-bounds-fix
reviewed+approved by @dgarske and @SparkiDev
2025-08-13 23:15:04 -05:00
effbiae
0e3f877326
WOLFSSL_ASYNC_WHILE_PENDING refactor
2025-08-14 12:03:13 +10:00
JacobBarthelmeh
8458b5ec1d
Merge pull request #9053 from rlm2002/sessionTickets
...
update wolfSSL_get_SessionTicket to be able to return ticket length
2025-08-13 17:19:52 -06:00
Ruby Martin
18f3f22a7e
add option for WOLFSSL_ARMASM_INLINE to CMake
2025-08-13 17:05:48 -06:00
Daniel Pouzzner
7fe890d5e7
wolfcrypt/src/coding.c: clean up comment in Base64_Decode(), per peer review.
2025-08-13 18:00:36 -05:00
Daniel Pouzzner
344db9d7f7
wolfcrypt/src/coding.c: in Base64_Decode_nonCT() and Base64_Decode(), remove overly restrictive preamble check on outLen; return BUFFER_E, not BAD_FUNC_ARG, when output buffer is too short (similarly fixed in Base16_Decode());
...
wolfcrypt/test/test.c: add N_BYTE_TEST() and test vectors to test all input and output length scenarios.
2025-08-13 17:43:33 -05:00
Ruby Martin
dc18f404ca
remove dead code in fe_operations.c
2025-08-13 16:34:14 -06:00
Ruby Martin
71c2878780
verify previously unchecked return values
2025-08-13 16:28:36 -06:00
David Garske
53c36f8529
Add assembly introspection for RISC-V and PPC32.
2025-08-13 22:30:15 +01:00
David Garske
d79ca8a746
Improve some of the build cases around crypto callback only
2025-08-13 21:58:53 +01:00
Hideki Miyazaki
b67e063535
add hashtype property to wc_Sha512
2025-08-14 05:37:40 +09:00
Daniel Pouzzner
22b221a8be
Merge pull request #9099 from gojimmypi/pr-cert-test-sizeof
...
Change certs_test sizeof const to define for Watcom
2025-08-13 14:41:21 -05:00
gojimmypi
f279f9cd71
Change certs_test sizeof const to define for Watcom
2025-08-13 11:58:59 -07:00
Ruby Martin
a725f4d7ac
update wolfSSL_get_SessionTicket() function dox comment
2025-08-13 08:29:30 -06:00
Ruby Martin
a02025d0c9
add session ticket length return check to api tests
2025-08-13 08:29:30 -06:00