crl.c, internal.h: leak of sigParams requiring reorder the struct fields to that it is above memcpy part.
dtl13.c: free the DRLS fragments buffer in Dtls13FreeFsmResources in case fragment is never sent.
ocsp.c: only free cid if locally allocated.
tls.c: make sure ecc_kse is zeroized and can be freed.
tls13.c: set hsHashesEch after init so isn't lost on failure.
evp_pk.c: free key on the BIO error path
Fixed various tests to not leak or crash on memory allocation failure.
wolfcrypt/src/wc_port.c: fix several missed refactors to WC_ATOMIC_[U]INT_ARG.
wolfssl/wolfcrypt/wc_port.h:
* harmonize the return type of WOLFSSL_ATOMIC_STORE() (always void).
* fix MSVC WOLFSSL_ATOMIC_LOAD() and _STORE() with correct atomic semantics, and add gating on USE_WINDOWS_API.
Extend test_tls13_apis with negative-count assertions for
wolfSSL_CTX_set_groups and wolfSSL_set_groups, and NULL-groups
assertions for wolfSSL_CTX_set1_groups and wolfSSL_set1_groups
(tests/api/test_tls13.c).
Add test_wolfSSL_get_shared_ciphers covering NULL ssl, NULL buf, and
zero-length inputs (tests/api/test_tls.c).
Add count < 0 validation to wolfSSL_CTX_set_groups and wolfSSL_set_groups
(src/tls.c) to prevent negative count from bypassing the upper-bound check
and corrupting numGroups via byte truncation.
Widen count == 0 to count <= 0 and add NULL groups check in
wolfSSL_CTX_set1_groups and wolfSSL_set1_groups (src/ssl.c).
Add NULL buf and NULL cipher checks in wolfSSL_get_shared_ciphers to
prevent NULL pointer dereference.
* wc_local_InitUp()
* wc_local_InitUpDone()
* wc_local_InitDown()
* wc_local_InitDownDone()
* wc_init_state_t
* WC_DECLARE_INIT_STATE()
* WC_INIT_STATE_*
* union wc_init_state_bitfields
* WC_INIT_STATE_RAISE_BAD_STATE()
* WC_ATOMIC_INT_ARG and WC_ATOMIC_UINT_ARG, pivoting on WC_16BIT_CPU, used to assure operands to atomic operators are 32 bits, and that wc_init_state_t is 32 bits, even on 16 bit targets like Arduino.
fix&refactor thread safety mechanisms in wolfCrypt_Init() and wolfCrypt_Cleanup(), and fix a few preexisting error-handling flubs in wolfCrypt_Init().
The two new tests (test_tls12_ecdhe_ecdsa_rsa_client_cert and
test_tls12_ecdhe_rsa_ecdsa_client_cert) were appended right after
test_wolfSSL_alert_desc_string, the last function in test_tls.c. Another
in-flight branch appends its own new tests at the same anchor, producing
a spurious add/add merge conflict even though the additions are
independent. Move these two functions just above
test_wolfSSL_alert_desc_string so the two branches insert at different
locations and merge cleanly. Pure code movement; no behavior change.
The TLS 1.2 server derived the single advertised ClientCertificateType
and the signature_algorithms list in its CertificateRequest from the
negotiated cipher suite's own signature algorithm. On an ECDHE-ECDSA
suite only ecdsa_sign was offered (and only ECDSA sig algs), so RSA
clients could not authenticate even though the server could happily
verify an RSA certificate. The same was true in reverse for an RSA
server: the CertificateRequest only advertised rsa_sign.
Refactor SendCertificateRequest to advertise certificate_types and
signature_algorithms covering both sig families when both are compiled
in. Three static helpers in internal.c keep the logic in one place
without mutating ssl->suites:
GetServerCertReqCertTypes - certificate_types to emit
GetServerCertReqHashSigAlgo - signature_algorithms to emit
InServerCertReqHashSigAlgo - membership check used for verification
The advertised lists are written to stack buffers in the caller. To
keep DoCertificateVerify in agreement with what we actually sent, the
SupportedHashSigAlgo call site there is replaced with
InServerCertReqHashSigAlgo, which rebuilds the same list locally and
looks up the client's chosen algo.
Replace the magic certTypes buffer size with a new
MAX_CERT_REQ_CERT_TYPE_CNT constant declared next to
ClientCertificateType.
Add two end-to-end mutual-auth tests covering both directions:
test_tls12_ecdhe_ecdsa_rsa_client_cert - ECDSA server, RSA client
test_tls12_ecdhe_rsa_ecdsa_client_cert - RSA server, ECDSA client
Update test_certreq_sighash_algos to permit RSA / RSA-PSS sig algs in
the ECDHE-ECDSA CertificateRequest; the previous assertion locked in
the ECDSA-only behaviour that this change corrects.
TLS 1.3 is unaffected: RFC 8446 removed certificate_types from
CertificateRequest, and TLS 1.3 cipher suites do not bind a signature
algorithm, so the server's hashSigAlgo already covers both sig
families when either has been compiled in.