Commit Graph

30212 Commits

Author SHA1 Message Date
Daniel Pouzzner cac0f231db fix F-679: HMAC Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 3057314f65 fix F-678: SHA3 Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 38c2477cbb fix F-677: SHA3 Init Memory Leak on wc_InitSha3 Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 85091c7d06 fix F-676: Missing ForceZero on RSA Decrypted Plaintext Buffer
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
2026-06-12 18:14:50 -05:00
Daniel Pouzzner 1df8d453c9 fix F-3948: Missing KAT mismatch check in aes_xts_256_test partial block encrypt path 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 21a57cf003 Fixes for Fenrir items:
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure
F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard
F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
2026-06-12 18:14:50 -05:00
Daniel Pouzzner b3cb06e98a fix F-1426: PTR_ERR on malloc Results Always Yields 0 in AES-GCM Self-Test Error Messages 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 8c1013ad52 fix F-1425: PTR_ERR on malloc Result Always Yields 0 in Error Message 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 682a09d5a7 fix F-1424: Sysfs Node Resource Leak When Second Install Fails 2026-06-12 18:14:49 -05:00
Daniel Pouzzner f48efe5bfc fix F-705: Missing wc_RsaSetRNG in sig_alg km_pkcs1_set_pub After Key Re-Init 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 9c1d9c164b fix F-673: Wrong sizeof Type in Allocation Failure Error Message 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 1c9abac6f5 fix F-672: Copy-Paste Duplicate: pkcs1_sha384 Unregistered Twice in Both RSA Paths 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 546ac0ac36 linuxkm/lkcapi_aes_glue.c: clean up pr_err()s on allocation failures. 2026-06-12 18:14:48 -05:00
JacobBarthelmeh 86ba8f7770 Merge pull request #10652 from SparkiDev/regression_fixes_25
Regression testing fixes - memory allocation failure testing
2026-06-12 16:30:57 -06:00
David Garske bfef92c343 Merge pull request #10656 from holtrop-wolfssl/f-4427
Ed448: check for public key presence on export
2026-06-12 15:30:07 -07:00
David Garske e4b7b67f06 Merge pull request #10674 from Frauschi/cert_chain_fix
Fixes for OpenSSL compatibility layer
2026-06-12 14:10:13 -07:00
Josh Holtrop 445b8b272c Document PUBLIC_KEY_E return value for wc_ed448_export_public() in source comment 2026-06-12 15:58:27 -04:00
Josh Holtrop 8c1e3a261f Fix Ed448/25519 export private-only key unit tests for FIPS pre-v7 2026-06-12 15:58:27 -04:00
Josh Holtrop daa22e9fb9 Document PUBLIC_KEY_E return for wc_ed448_export_public() 2026-06-12 15:58:27 -04:00
Josh Holtrop 955ffb92d3 Free RNG from updated Ed448/Ed25519 unit tests 2026-06-12 15:58:27 -04:00
Josh Holtrop 2914a85741 Document PUBLIC_KEY_E error return from wc_edXXX_export_key() 2026-06-12 15:58:27 -04:00
Josh Holtrop 92500e728f Preserve Ed25519/448 PublicKeyToDer unit testing for BUFFER_E 2026-06-12 15:58:27 -04:00
Josh Holtrop 6270029cc4 Fix wc_Ed25519PublicKeyToDer doxygen documentation 2026-06-12 15:58:27 -04:00
Josh Holtrop 3d517841d5 Ed448: check for public key presence on export
Return PUBLIC_KEY_E for wc_ed25519_export_key if public key is not
present.
Return PUBLIC_KEY_E for wc_ed448_export_key if public key is not
present.
Rename several inLen parameters to outLen for consistency.

Fix F-4427
2026-06-12 15:58:27 -04:00
David Garske fb80740738 Merge pull request #10664 from JacobBarthelmeh/nightly
the examples pem.c --padding flag does not need gated behind WOLFSSL_DER_TO_PEM
2026-06-12 10:55:49 -07:00
JacobBarthelmeh d9ca55e5c0 the examples pem.c --padding flag does not need gated behind WOLFSSL_DER_TO_PEM 2026-06-12 10:46:01 -06:00
David Garske 6081106ae3 Merge pull request #10647 from philljj/misc_fixes
Misc wolfcrypt fixes
2026-06-12 09:13:26 -07:00
David Garske 2f7b8b23d8 Merge pull request #10672 from philljj/genseed_fortest
settings.h: don't set WOLFSSL_GENSEED_FORTEST.
2026-06-12 08:44:25 -07:00
Tobias Frauenschläger 5c1225e6ab x509: harden wolfSSL_X509_verify_cert() against alloc failure and stack pollution
Robustness fixes in the OpenSSL-compatibility certificate verifier, independent
of the depth-exhaustion fix:

- Fail closed on allocation failure. When the failedCerts working stack could
  not be allocated, the function fell through to exit with ret still set to
  WOLFSSL_SUCCESS and reported the chain as verified without checking anything
  (a fail-open regression from the leak fix that turned the early return into a
  goto exit). Also check the ctx->chain allocation. Both now set an error.

- Remove caller-supplied intermediates from the correct stack. The intermediates
  appended to the working cert list during chain building were popped from
  ctx->store->certs by count, but they are appended to whichever stack is in use
  - which may be the caller's setTrustedSk (X509_STORE_CTX_set0_trusted_stack).
  Remove them by pointer identity from that same stack, recomputed from
  ctxIntermediates. Identity removal also survives the chain-building retries
  that reorder the stack, where a positional pop could drop a legitimate trusted
  entry and leave an injected intermediate behind - which a later verification
  reusing the store/ctx would then snapshot as a trust anchor. The removal helper
  walks the list once (O(n)) rather than indexing per position.

- NULL-guard ctx->store->param before dereferencing its flags in the
  partial-chain check.

Add regression tests covering: the trusted stack being restored after
verification, and the retry path (tampered plus genuine same-subject
intermediates, both orderings) leaving the store clean for later use.
2026-06-12 17:29:31 +02:00
Tobias Frauenschläger 2d76a68925 x509: reject depth-exhausted chains in wolfSSL_X509_verify_cert()
Fail compatibility-layer verification when the path-building loop runs
out of its depth budget before reaching a configured trust anchor,
instead of accepting the last verified link. Add a regression test.
2026-06-12 17:29:31 +02:00
Tobias Frauenschläger 3e2c46001e x509: require a trusted anchor in wolfSSL_X509_verify_cert()
Ensure caller-supplied intermediate certificates cannot terminate the
chain during compatibility-layer verification; a path must reach a
configured trust anchor. Add a regression test and supporting certs.
2026-06-12 17:29:31 +02:00
David Garske f7ad60cb8d Merge pull request #10667 from julek-wolfssl/ci-parallel-make-check
CI: pool the per-config runner matrices into parallel make-check jobs
2026-06-12 07:53:34 -07:00
Juliusz Sosinowicz 742a0267f2 trackmemory: raise timeout to 40 min for wolfEntropy runtime variance 2026-06-12 14:12:56 +02:00
Juliusz Sosinowicz 6d1d750ad3 parallel-make-check: reserved names, type hints, readability
- Reject the config names "aux" and "test": build-aux/ is autotools'
  aux-script dir and build-test/ a legacy build dir, neither the
  script's to wipe and rebuild over.
- Add type hints throughout.
- Reword the shard-partition comment (the LPT bound was unparseable)
  and replace the zip-over-pool.map result pairing with a run_one()
  helper so the pool returns complete result rows.
2026-06-12 13:39:28 +02:00
Juliusz Sosinowicz 1b3a1ef6a6 Fix CI: register JSON-config CPPFLAGS macros in .wolfssl_known_macro_extras
The workflow matrix rework moved configure args into JSON lists, where
CPPFLAGS defines appear as "CPPFLAGS=-DFOO". The known-macro scan in
check-source-text only recognizes -D tokens preceded by whitespace or a
quote, so macros whose only -D site now sits directly after the '=' are
no longer registered as known. Add those macros to
.wolfssl_known_macro_extras, and drop two entries that became redundant
because the new workflow configs define them at a position the scanner
does recognize.
2026-06-12 09:47:14 +00:00
Juliusz Sosinowicz 85d3bc2380 parallel-make-check: drop the --jobs option
wolfSSL's configure enables make's jobserver by default
(AX_AM_JOBSERVER([yes]) -> AM_MAKEFLAGS += -j<nproc+1> in aminclude.am),
and automake passes that explicit -j to every recursive sub-make, where
it overrides the invoking make's job limit. The script's -j therefore
only ever scheduled the outermost recursion hop: --jobs was inert.

Measured on a 4-CPU host with 10 build-only configs oversaturating the
worker pool, the jobserver default is also the better policy: capping
sub-makes via --disable-jobserver and -j2 dropped CPU utilization from
96% to 89% and lengthened the wall time, because configs' serial
phases (configure, link) stopped being backfilled by other configs'
compile jobs. So make is now invoked with no -j at all - parallelism
within a config comes from the configure-default jobserver - and the
misleading knob is gone, including the macOS job's --jobs 3.
2026-06-12 09:47:14 +00:00
Juliusz Sosinowicz 12597308de smoke-test, os-check: pin CCACHE_DIR to the cached path
The two jobs that manage their ccache cache manually rely on ccache's
XDG default (~/.cache/ccache) matching the actions/cache path. That
holds today, but nothing enforces it: a later change that sets
CCACHE_DIR (e.g. adopting the ccache-setup composite, which uses
~/.ccache) would silently decouple the build's cache from the
saved/restored directory. Pin CCACHE_DIR explicitly to the cached
path so the pairing is visible and cannot drift.
2026-06-12 09:47:13 +00:00
Juliusz Sosinowicz 1f6abed28e CI hardening: stamp under set -e, SIGKILL escalation for fail-fast
Third Copilot review round:

- Makefile.am: run the test-data stamp recipe body under set -e. A
  failed symlink mid-loop previously did not fail the compound command
  (only the last command's status counted), so a partially-populated
  build tree could be stamped complete. Now any failed setup command
  aborts the recipe and the stamp is not created.

- parallel-make-check.py: fail-fast sent SIGTERM only, so a test that
  traps or ignores SIGTERM could keep the job alive until the workflow
  timeout. abort_others() now polls the swept processes and SIGKILLs
  whatever is still alive after a 10 s grace period, and the
  post-registration race-window kill escalates the same way (bounded
  wait, then SIGKILL). Verified with a config running
  "trap '' TERM; sleep 300": the run completes in ~10 s with the
  stubborn config reported as aborted and no surviving processes.
2026-06-12 09:47:13 +00:00
Juliusz Sosinowicz eb59a12b36 parallel-make-check: close the fail-fast race, contain callable errors
Two fixes from the second Copilot review round:

A process spawned between abort_others()' live_procs snapshot and its
registration escaped the kill sweep, leaving that build/check running
to completion after fail-fast had begun. Re-check stop_event right
after registering the process and SIGTERM its process group if the
abort already started: either the registration happened before the
sweep's snapshot (the sweep kills it) or it happened after stop_event
was set (the re-check sees it), so the window is closed.

Exceptions from callable steps (user_settings staging, private-dir
copies) used to escape the worker thread and crash the whole script
with no summary. They are now recorded as that config's step failure
with the exception written to its make-check.log, e.g. a bad
"user_settings" path reports FAIL (stage <path>) while the other
configs keep running; the fail-fast bookkeeping is shared with the
nonzero-exit path via record_failure().
2026-06-12 09:47:13 +00:00
Juliusz Sosinowicz a62884599b CI review fixes: JSON validation, log volume, rm -rf, flag spelling
Address the Copilot review:
- parallel-make-check.py: validate "configure" (list of strings) and
  cflags/ldflags (strings) so a malformed entry fails the load instead
  of exploding a string into per-character configure arguments; print
  a single line for passing configs instead of dumping their full
  make-check.log into the CI log (failure dumps unchanged; the logs
  remain in build-<name>/ for the failure artifacts).
- Makefile.am: use rm -rf for the certs/input/quit setup and distclean
  cleanup. A --private-dir run replaces the certs symlink with a
  private directory copy that rm -f cannot remove (verified: make
  distclean in a build dir with a privatized certs/ now succeeds and
  removes it).
- psk.yml, disable-pk-algs.yml: normalize the single-dash tokens
  (-disable-rsa, -disable-ecc, -disable-aescbc, -enable-cryptonly)
  carried verbatim from the old matrices to the canonical double-dash
  form. No coverage change: configure honors single-dash spellings
  (verified -disable-rsa sets NO_RSA with no unrecognized-option
  warning), so these were always in effect; both touched configs
  re-validated end-to-end.

The --cc default stays "ccache gcc": ccache resolves the compiler
through its own masquerade symlinks (verified: no recursion and normal
cache hits with /usr/lib/ccache prepended to PATH), and the explicit
CC= also covers jobs that use ccache without the PATH masquerade.
2026-06-12 09:47:13 +00:00
Juliusz Sosinowicz 3a6c31a51e CI: pool the per-config runner matrices into parallel make-check jobs
Replace the one-runner-per-configuration matrices across the
make-check workflow family with a generic pooled runner,
.github/scripts/parallel-make-check.py. Each workflow keeps its
configuration list as JSON next to the invocation; one runner (or a
small fixed set of shards, balanced by measured per-config minutes)
builds every config in its own out-of-tree (VPATH) build directory off
a single checkout/autogen, on a pool of one-per-CPU worker threads,
longest first. Concurrent checks are isolated with bubblewrap network
namespaces, compilations are cached with ccache, the first failure
aborts the rest (fail-fast, with --no-fail-fast to run everything),
and per-config timings plus pool efficiency land in the step summary.
Failure logs upload as artifacts. smoke-test.yml is likewise reworked
into a single pooled job that runs its nine configs on one runner.

Converted workflows (runner jobs per full pass):
  os-check.yml             101 -> 8  (92 Ubuntu configs -> 4 shards;
                           the macOS matrix, the user-settings jobs and
                           the standalone
                           macos-apple-native-cert-validation.yml fold
                           into one macOS runner; Windows unchanged)
  pq-all.yml                21 -> 2 shards
  disable-pk-algs.yml       15 -> 1
  wolfCrypt-Wconversion.yml 11 -> 1
  trackmemory.yml            7 -> 1
  cryptocb-only.yml          8 -> 1  (incl. the two new SHA512 entries)
  multi-compiler.yml         6 -> 1
  smallStackSize.yml         6 -> 1
  multi-arch.yml             6 -> 1
  async.yml                  5 -> 1
  psk.yml                    5 -> 1
  no-malloc.yml              3 -> 1
  wolfsm.yml                 3 -> 1
  opensslcoexist.yml         2 -> 1

Measured against current upstream passing runs (job execution time,
queue excluded): ~200 runner jobs / ~374 runner-minutes per full pass
become 23 jobs / ~168 runner-minutes, with more coverage than before.
multi-arch's old matrix combined an "include" list of four
architectures with an "opts" axis; GitHub's include-merge rules made
each arch entry overwrite the previous one, so only the armel
combinations actually ran. The pooled list restores the intended
aarch64/armhf/riscv64 coverage (23 combinations; riscv64 x sp-math is
omitted as invalid - configure rejects sp-math without SP, and
--enable-riscv-asm, unlike --enable-sp-asm, does not bring SP in).

Out-of-tree build fixes this depends on:
- Makefile.am: symlink the read-only test data (certs/, tests/ config
  files, sniffer captures and helpers, examples/crypto_policies,
  input, quit) into the build tree via a BUILT_SOURCES stamp, removed
  again in distclean-local. ChangeToWolfRoot() and the script tests
  resolve everything relative to the working directory, so out-of-tree
  make check and make distcheck now pass.
- scripts/multi-msg-record.py: locate the client binary from the build
  tree working directory rather than the script's source directory.
- configure.ac + wolfssl/include.am: run
  support/gen-debug-trace-error-codes.sh from $srcdir; it reads the
  error-code headers from the source tree and generates into the build
  tree.
- tests/swdev: a WOLFBUILD variable points the sub-make at the build
  tree for the configure-generated headers (wolfssl/options.h,
  wolfssl/version.h); the in-tree-only guards are dropped.

Portions of PR #10649 are incorporated: the cross-platform
ccache-setup composite action, repository_owner gates on check-headers
and check-source-text, the docs-only paths-ignore on os-check, and the
libspdm timeout bumps.
2026-06-12 09:47:13 +00:00
Tobias Frauenschläger 351b775fd4 Merge pull request #10665 from anhu/mlkem-keygen-zeroize
Zeroize some private data before releasing memory
2026-06-12 08:41:16 +02:00
jordan ab09d0c95b misc_fixes: cleanup for skoll review. 2026-06-12 00:12:45 -05:00
Daniel Pouzzner 3e390b1b29 Merge pull request #10666 from douzzer/20260611-AES-XTS-key-half-inequality
20260611-AES-XTS-key-half-inequality

approved by @dgarske and @kareem-wolfssl, final by @SparkiDev.
2026-06-11 21:55:37 -05:00
jordan b495180e01 settings.h: don't set WOLFSSL_GENSEED_FORTEST. 2026-06-11 20:50:35 -05:00
Sean Parkinson 3c34a97164 Merge pull request #10603 from aidangarske/pqc-decode-validation
PQC enforce modulus and eta range checks in DecodePrivateKey
2026-06-12 09:22:12 +10:00
David Garske 29f14ed2ee Merge pull request #10582 from julek-wolfssl/fenrir-20260602
Fenrir 2026-06-02: TLS/DTLS correctness, resumption & renegotiation safety fixes
2026-06-11 15:29:51 -07:00
David Garske 74c3b50080 Merge pull request #10669 from night1rider/Zephyr-4-4-0-PRB-fix
Switch to use merge branch for PR testing instead of HEAD Branch
2026-06-11 15:29:27 -07:00
night1rider aa7b7defba Switch to use merge branch for PR testing instead of HEAD Branch 2026-06-11 15:57:29 -06:00
Aidan Keefe 744d25fdc3 Merge pull request #10648 from aidankeefe2022/fix-Der-to-Oid-coversion
Fix EncodedDottedForm to handle when first arc is 2
2026-06-11 15:12:53 -06:00