Commit Graph

29626 Commits

Author SHA1 Message Date
David Garske ab8cd6fc46 Merge pull request #9937 from douzzer/20260306-wc_Hash-refactor
20260306-wc_Hash-refactor
2026-03-24 08:48:08 -07:00
David Garske 051b83b517 Merge pull request #9999 from sebastian-carpenter/hpke-fix
Fix: Improved support for combinations of HPKE algos
2026-03-24 08:47:01 -07:00
David Garske 3b9084142d Merge pull request #10020 from SparkiDev/sp_int_ai_fixes_1
SP int: fixes from AI review
2026-03-24 08:43:50 -07:00
Juliusz Sosinowicz a0e1fcebfb Re-enable hostap tests and remove some flaky tests
ALL should not include NULL ciphersuites. Those need to be enabled explicitly.
2026-03-24 16:31:31 +01:00
Andrew Hutchings 36de828dc0 Composite GHA action with caching
This adds caching for apt and should make things a bit more stable and
faster.
2026-03-24 15:24:01 +00:00
jordan 7016be9c29 bsdkm: clean up benchmark cflags. 2026-03-24 09:08:49 -05:00
jordan 019e6bca6f bsdkm benchmark: fix build. 2026-03-24 08:13:27 -05:00
Eric Blankenhorn 1d1d8ff41e Fix OCSP tests to use Alloc/FreeDer 2026-03-24 07:41:40 -05:00
Eric Blankenhorn e58b0d69b8 Fix test failure 2026-03-24 07:05:43 -05:00
Eric Blankenhorn 3a6ccc13a1 Fix FillSigner to clear pubkeystored 2026-03-24 07:05:43 -05:00
Tobias Frauenschläger 3fd13b819d Guard old non-ctx ML-DSA API by default 2026-03-24 11:16:22 +01:00
JacobBarthelmeh 81c3d26dde update macro guards for coexist build and use ret when getting SSL error 2026-03-23 22:46:34 -04:00
JacobBarthelmeh 3d62a6fe09 adjustment for openssl coexist build with the examples 2026-03-23 21:51:10 -04:00
JacobBarthelmeh bab432d84b fix examples to follow options.h config 2026-03-23 21:51:09 -04:00
Takashi Kojo ad7914b2ce automatic WOLFSSL_SP_4096setting.h/user_settings.h 2026-03-24 10:05:12 +09:00
Sean Parkinson f15199906d SP int: fixes from AI review
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.

sp_int.c:
  Fixes to comments.
  Added more define build options documentation to top of file.
  Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
  sp_sub has different checks on a->used when values are only positive.
  sp_dic_2d  missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.

Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00
David Garske 8cd9af3036 Peer review fixes 2026-03-23 15:27:47 -07:00
David Garske 99c089411c Fix memory leak after refactor 2026-03-23 15:27:47 -07:00
David Garske 44af0ab3c5 Group forward declarations by guard context
Forward declarations in asn.c and asn_orig.c now use guard transitions
(same mechanism as the function bodies) so consecutive declarations with
the same feature guard are grouped in a single #ifdef/#endif block rather
than each having its own open/close pair.

Also removed the now-redundant _find_func_outer_guards calls from
_emit_split_body_orig; outer feature guard context is emitted at the
generate_asn_orig loop level, not inside the per-block emitters.

Both modes still build and pass tests (5 PASS, 0 FAIL each).
2026-03-23 15:27:47 -07:00
David Garske 653aac2cd3 Fix guard context for forward declarations in asn split
Three fixes for guard-context correctness in the ASN.1 code split:

1. Strip WOLFSSL_ASN_ORIG_INCLUDED from forward declaration wrappers.
   The file-guard was being applied to fwd decls in asn.c, but at the
   fwd-decl site that macro is not yet defined, so #ifndef ... #else
   inverted the condition and hid all declarations.

2. Add outer feature guard tracking. Large feature sections (HAVE_OCSP,
   HAVE_CRL, WOLFSSL_CERT_GEN, etc.) that span many functions in asn.c
   are now tracked and re-emitted around the corresponding blocks in
   asn_orig.c, fixing 'unknown type name' errors in minimal builds.

3. Collect multi-line #if continuations in the outer guard map so that
   full guard conditions (e.g. #if !defined(NO_RSA) && \ continued
   across lines) are stored and compared as complete strings, preventing
   duplicate guard emission.

Both modes build and pass tests (5 PASS, 0 FAIL each):
  ./configure --enable-asn=original && make check
  ./configure && make check
2026-03-23 15:27:47 -07:00
David Garske 78a28d153a Fix async examples build for asn_orig.c
Add settings.h include before the compile guard in asn_orig.c so
WOLFSSL_IGNORE_FILE_WARN is available when compiled separately.
Add -Wno-pedantic for asn_orig.c in async examples Makefile to
suppress empty translation unit warning.
2026-03-23 15:27:47 -07:00
David Garske 6b1f5ddb92 Split original ASN.1 code from asn.c into asn_orig.c
Move non-template (WOLFSSL_ASN_ORIGINAL) code into asn_orig.c and include from asn.c.
2026-03-23 15:27:47 -07:00
David Garske 4b8c5247fe Merge pull request #10053 from douzzer/20260323-revert-9841
20260323-revert-9841
2026-03-23 15:27:36 -07:00
Daniel Pouzzner 812161cec2 Revert "Re-enable hostap tests and remove some flaky tests"
This reverts commit 4498e12805.

see #9841 and #10052.
2026-03-23 17:22:35 -05:00
Daniel Pouzzner 2c266156c8 wolfssl/wolfcrypt/types.h: add missing values in FIPS <=v2 enum wc_HashType definition;
wolfcrypt/src/hash.c: in wc_OidGetHash(), fix misplaced gate re case SHA3_512h.
2026-03-23 14:04:06 -05:00
David Garske 54d6555194 Merge pull request #9841 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-03-23 11:48:32 -07:00
Daniel Pouzzner cba5c172ed wolfcrypt/src/evp.c: in wolfSSL_EVP_init(), fix -Wswitch-enums for WC_HASH_TYPE_SHAKE128 and WC_HASH_TYPE_SHAKE256. 2026-03-23 13:15:52 -05:00
Daniel Pouzzner 262799dfbd wolfcrypt/src/evp.c: in wolfSSL_EVP_MD_type(), fix -Wswitch-enums for WC_HASH_TYPE_BLAKE2B and WC_HASH_TYPE_BLAKE2S exposed in default+opensslall configs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 799637689b configure.ac: fix stray tabs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner d70839506b refactor wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; add detailed error code tracing in wolfcrypt/src/hash.c. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 29783dd2cf wolfssl/wolfcrypt/error-crypt.h: add do-nothing WC_ERR_TRACE() fallthrough definition to make WC_ERR_TRACE() safe to use ungated in code. 2026-03-23 13:01:37 -05:00
Anthony Hu ce74def877 Enforce URI name constraints in ConfirmNameConstraints 2026-03-23 14:00:39 -04:00
Daniel Pouzzner b2f1c5864d Merge pull request #10021 from dgarske/name_mismatches
Fixes for documentation typos on arguments
2026-03-23 12:26:23 -05:00
Daniel Pouzzner 6cd001800c Merge pull request #10022 from dgarske/nb_leak
Fix to make sure a double free cannot occur with non-blocking async
2026-03-23 12:21:26 -05:00
David Garske 02bd0753b1 Merge pull request #10006 from julek-wolfssl/zd/21329
DTLS 1.3 write dup support
2026-03-23 09:55:24 -07:00
David Garske 6bd1785925 Merge pull request #10004 from julek-wolfssl/zd/21318
Add custom BIO callback dispatching
2026-03-23 09:54:30 -07:00
Juliusz Sosinowicz 99ae809e08 Improve ctx->param handling
- wolfSSL_X509_verify_cert: add host check from `ctx->param`
- wolfSSL_X509_verify_cert: Set `ctx->error_depth` on error
- Use WOLFSSL_-prefixed error constants (always available) instead of
  OPENSSL_COEXIST-guarded macros, fixing error code mismatch in
  coexist builds
- Set ctx->current_cert = orig on hostname/IP mismatch so error
  reporting aligns with error_depth = 0 (leaf cert)
- Add IP address verification test cases (match + mismatch)
2026-03-23 16:55:07 +01:00
David Garske 15fa0b7abe Merge pull request #10044 from SparkiDev/asm_gen_fixes_3
SP non-block ECC: correct mont_inv_order
2026-03-23 08:31:06 -07:00
Josh Holtrop ffa466f463 Rust wrapper: minor build.rs improvements for cross-compiling 2026-03-23 11:22:47 -04:00
Juliusz Sosinowicz 4498e12805 Re-enable hostap tests and remove some flaky tests
Set suites->setSuites to 1 in ParseCipherList function
2026-03-23 15:28:04 +01:00
Eric Blankenhorn b553e7485f Fix IAR warning about volatile access 2026-03-23 08:20:04 -05:00
Sean Parkinson b5ec204ca4 SP non-block ECC: correct mont_inv_order
Was not doing last bit but result still worked (likely because it was
the square root).
2026-03-23 23:18:37 +10:00
Juliusz Sosinowicz 1f9b999553 Consistently fail on mutex error 2026-03-23 12:21:40 +01:00
Juliusz Sosinowicz 9dbd35dc7c DTLS 1.3 write dup support
- Copy TLS 1.3 traffic secrets and DTLS 1.3 epoch/cipher state to the
  write-dup side in DupSSL so key updates can be performed.
- Delegate KeyUpdate responses from the read side to the write side via
  the shared WriteDup struct, for both peer-initiated and local key
  updates.
- Delegate DTLS 1.3 ACK sending from the read side to the write side.
- Track DTLS 1.3 KeyUpdate ACKs: write side records the in-flight
  KeyUpdate epoch/seq, read side sets keyUpdateAcked when the matching
  ACK arrives.
- Delegate post-handshake certificate authentication (CertificateRequest
  processing) from the read side to the write side, transferring
  transcript hashes, cert context, and signature parameters.
- Reset prevSent/plainSz to prevent stale values from SendData to think
  that data was already sent.
- Refactor FreeHandshakeHashes into Free_HS_Hashes for reuse.
- Move DTLS 1.3 epoch initialization earlier in InitSSL so the
  write-dup early-return path has valid epoch state.
- Add tests for write dup with all protocol versions, key update,
  post-handshake auth, and WANT_WRITE recovery.
- Add --enable-all --enable-writedup to CI os-check matrix.
2026-03-23 12:21:40 +01:00
Sean Parkinson 86db2d4a77 Merge pull request #10041 from douzzer/20260322-various-fixes
20260322-various-fixes
2026-03-23 21:16:19 +10:00
Daniel Pouzzner b8f9b06b5d wolfcrypt/src/logging.c: fix recursion in wc_backtrace_render(). 2026-03-22 13:22:27 -05:00
Daniel Pouzzner 678660e26d src/keys.c and src/tls13.c: add WC_NO_ERR_TRACE() annotations for various initializations.
wolfssl/ssl.h, examples/client/client.c, examples/server/server.c, src/bio.c, tests/api.c: add error tracing for WOLFSSL_SHUTDOWN_NOT_DONE.

tests/api.c: in test_wolfSSL_read_write_ex(), use WOLFSSL_SUCCESS rather than 1 for expected-success wolfSSL_shutdown()s, and add note that the wrong value is being returned (the test currently always fails, which is masked by an always-success retval).
2026-03-22 13:17:47 -05:00
Daniel Pouzzner b7fd9cb002 wolfssl/wolfcrypt/error-crypt.h: add __extension__ to __GNUC__&&!__STRICT_ANSI__ variant of wc_debug_trace_error_codes_enabled(), to inhibit false positive "error: ISO C forbids braced-groups within expressions" with -pedantic. 2026-03-22 13:11:08 -05:00
David Garske 20f640a19f Merge pull request #10035 from night1rider/allow-0-len-input-hash-update
Allow zero-length input in _wc_Hash_Grow and fix SHA Copy MAX32666
2026-03-21 15:20:53 -07:00
David Garske 6f23de44e6 Merge pull request #10036 from douzzer/20260319-trace-errocde-runtime-control-and-various-fixes
20260319-trace-errcode-runtime-control-and-various-fixes
2026-03-21 15:05:39 -07:00