Regression testing fixes#10596
Open
SparkiDev wants to merge 2 commits into
Open
Conversation
Contributor
Author
|
SP code changes generated by PR: |
SparkiDev
force-pushed
the
regression_fixes_24
branch
from
f7b3dc0 to
4361ba4
Compare
|
SparkiDev
force-pushed
the
regression_fixes_24
branch
from
4361ba4 to
d4be7f1
Compare
Contributor
Author
|
Jenkins: retest this please |
1. Side-aware ML-KEM in TLS (tls.c, tls13.c, ssl.c, internal.h): TLSX_IsGroupSupported/TLSX_UseSupportedCurve take a `side` arg; new TLSX_IsMlKemGroupSupported + client/server support macros. A build only capable of one ML-KEM op no longer advertises groups it can't use for its role. 2. NO_ASN_TIME support (ssl_asn1.c, ssl.h, settings.h): data-only ASN1_TIME APIs now compile without system time; OCSP responder auto-disabled under NO_ASN_TIME. 3. SP ECC (sp_*.c, sp_x86_64_asm.asm): curve `b` constants and sp_ecc_is_point_* always compiled (point-check available in more configs); asm movsxd -> movsx. 4. configure.ac: BUILD_MEMUSE fixed to trigger on != "xno". 5. Test fixes: HRR-aware TLS 1.3 memio tests (new test_memio_msg_is_hello_retry_request); tightened build guards (Ed25519/Ed448 key-import, AES decrypt, XMSS heights, SP sizes, static-PSK).
SparkiDev
force-pushed
the
regression_fixes_24
branch
from
d4be7f1 to
26a2b79
Compare
Leak fixes: free existing ssl->buffers.key before overwriting in SetSSL_CTX() (internal.c) and wolfSSL_set_SSL_CTX() (ssl.c) UAF fix: wc_CheckRsaKey() — mp_memzero_check(tmp) moved before the free (rsa.c) Build guards: #ifndef NO_ED25519/ED448_VERIFY around forged-sig test data (test_ed25519/ed448.c); guard equal()/cmov() for verify-only builds (ge_operations.c); guard unused pointers under WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC (wc_mldsa.c) Test cleanups (test.c): fix UB from out-of-range enum in hash_test(), always free AES dec object, fix der buffer declaration under small-stack builds
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Side-aware ML-KEM in TLS (tls.c, tls13.c, ssl.c, internal.h): TLSX_IsGroupSupported/TLSX_UseSupportedCurve take a
sidearg; new TLSX_IsMlKemGroupSupported + client/server support macros. A build only capable of one ML-KEM op no longer advertises groups it can't use for its role.NO_ASN_TIME support (ssl_asn1.c, ssl.h, settings.h): data-only ASN1_TIME APIs now compile without system time; OCSP responder auto-disabled under NO_ASN_TIME.
SP ECC (sp_.c, sp_x86_64_asm.asm): curve
bconstants and sp_ecc_is_point_ always compiled (point-check available in more configs); asm movsxd -> movsx.configure.ac: BUILD_MEMUSE fixed to trigger on != "xno".
Test fixes: HRR-aware TLS 1.3 memio tests (new test_memio_msg_is_hello_retry_request); tightened build guards (Ed25519/Ed448 key-import, AES decrypt, XMSS heights, SP sizes, static-PSK).
Testing
Regression testing.