Brett Nicholas
4bf334c299
Merge pull request #10009 from night1rider/SHE-update
...
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
David Garske
3d548f46b3
Merge pull request #10235 from SparkiDev/sp_int_fixes_6
...
SP int: fixes from review by Claude
2026-04-16 15:39:23 -07:00
David Garske
7486183f22
Merge pull request #10237 from douzzer/20260416-SNI-WOLFSSL_HOST_NAME_MAX
...
20260416-SNI-WOLFSSL_HOST_NAME_MAX
2026-04-16 10:52:09 -07:00
Daniel Pouzzner
801c412ad2
src/tls.c, wolfssl/ssl.h, tests/api.c: followup to ff7a32d022 ( #10182 ):
...
* Fix OOB heap reads via TLSX_ExtractEch() by preemptively rejecting oversized
SNI names in TLSX_UseSNI().
* In TLSX_EchChangeSNI(), don't attempt to truncate if an oversized name is
seen, just return error.
* Move definition of WOLFSSL_HOST_NAME_MAX to an ungated context in ssl.h, and
use it consistently in tls.c, eliminating the duplicative
WOLFSSL_HOST_NAME_MAX.
2026-04-16 11:12:02 -05:00
Sean Parkinson
c119a21931
SP int: fixes from review by Claude
...
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
2. sp_mod_d (line ~7271) — Negative modulo correction was applied even
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits *
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp.
Added early zero path to skip the allocation/squaring when input is
zero.
8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
2026-04-16 19:01:53 +10:00
David Garske
f086e91cbf
Merge pull request #10234 from douzzer/20260415-trace-errcodes-fixes-and-tests
...
20260415-trace-errcodes-fixes-and-tests
2026-04-15 20:38:53 -07:00
Daniel Pouzzner
4cd7126092
tests/api/test_aes.c: fix gating for test_wc_AesGcm_MonteCarlo() to exclude WOLFSSL_AFALG and WOLFSSL_DEVCRYPTO.
2026-04-15 21:29:17 -05:00
Daniel Pouzzner
0f0dab0105
wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp().
2026-04-15 21:28:43 -05:00
Daniel Pouzzner
8d332778b0
wolfcrypt/test/test.c: in ed25519_test(), fix RARE_ED_BAD_ENC_E and RARE_ED_BAD_SIG_E macros to use WC_NO_ERR_TRACE() safely;
...
.github/workflows/trackmemory.yml: add --enable-debug-trace-errcodes to a couple scenarios.
2026-04-15 21:12:21 -05:00
night1rider
64a1ac8dd2
wc_SHE_ImportM1M2M3: fix guard from || to && so it gates on WOLF_CRYPTO_CB
2026-04-15 18:03:39 -06:00
Sean Parkinson
3c2a92d21d
Merge pull request #10225 from kareem-wolfssl/zd21544
...
Fix uninitialized before use warning. Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson
cd6b062847
Merge pull request #10136 from JeremiahM37/fenrir-issues-2
...
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson
d2175f3b42
Merge pull request #10222 from embhorn/zd21597
...
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
Sean Parkinson
f286f62cb3
Merge pull request #10201 from gasbytes/quic_record_cap
...
add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data
2026-04-16 08:42:35 +10:00
Sean Parkinson
6be03a5dab
Merge pull request #10182 from embhorn/zd21576
...
Fix TLSX_EchChangeSNI to check hostname termination
2026-04-16 08:37:42 +10:00
Sean Parkinson
0c93bf9e7c
Merge pull request #10229 from mattia-moffa/20260415-zd21621
...
Fix regressions (fast math MAX_ENCODED_SIG_SZ; DTLS export IV buffer size)
2026-04-16 08:33:23 +10:00
Sean Parkinson
1fab25301f
Merge pull request #10221 from julek-wolfssl/gh/10197
...
TLS 1.3: evict session from cache after accepted 0-RTT resumption
2026-04-16 08:16:31 +10:00
David Garske
26a7d594e3
Merge pull request #10232 from douzzer/20260415-confusing_globals
...
20260415-confusing_globals
2026-04-15 15:02:40 -07:00
David Garske
faa6e985a5
Merge pull request #10226 from SparkiDev/api_test_cipher_algs_3
...
API tests: more cipher tests
2026-04-15 14:32:11 -07:00
David Garske
48a0347581
Merge pull request #10180 from Frauschi/dilithium-alloc-key
...
Add dynamic key allocation support for Dilithium
2026-04-15 10:36:14 -07:00
Daniel Pouzzner
4ac3c89cd7
wolfssl/ssl.h: add backward compat mappings for wolfSSL*PrivateKey_id().
2026-04-15 12:29:35 -05:00
night1rider
9775795470
Add ability to skip load key verify test
2026-04-15 11:28:03 -06:00
night1rider
1413afb0db
Fix CMake SHE build: add wc_she.c to sources, propagate CMAC/AES_DIRECT defines,
2026-04-15 11:28:03 -06:00
night1rider
1078e797f8
Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage
2026-04-15 11:28:03 -06:00
Zackery Backman
92bd03a8a2
Fix .wolfssl_known_macro_extras: remove 19 unneeded macros, add NO_WC_SHE_LOADKEY, fix sort order
2026-04-15 11:28:03 -06:00
night1rider
8760b72426
Add missing NO_WC_SHE_LOADKEY macro to known macros list
2026-04-15 11:28:03 -06:00
night1rider
994b0cdedd
Add one-shot SHE LoadKey and LoadKey Verify convenience APIs: wc_SHE_LoadKey, wc_SHE_LoadKey_Id, wc_SHE_LoadKey_Label and their verify counterparts
2026-04-15 11:28:03 -06:00
night1rider
f8956abcc1
update she union for callback to be getUid not setUid
2026-04-15 11:28:03 -06:00
night1rider
f081a08c5c
Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir
2026-04-15 11:28:03 -06:00
night1rider
802c34018c
Add more in depth comments in header file for she.h
2026-04-15 11:28:03 -06:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
8c0999a352
fix macro guarding in tests/api.c
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
David Garske
1a67eb7223
Merge pull request #9851 from night1rider/setkey-callbacks
...
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Daniel Pouzzner
bfca39a97b
src/ssl.c, src/ssl_sess.c, src/x509.c, wolfssl/internal.h: rename wolfssl_get_ex_new_index() to wolfssl_local_get_ex_new_index().
2026-04-15 11:53:32 -05:00
Daniel Pouzzner
d8085cc427
src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating.
2026-04-15 11:53:06 -05:00
David Garske
240703c959
Merge pull request #10219 from rizlik/se050
...
SE050: Fixes + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
David Garske
22b6b1a1cf
Merge pull request #10228 from michael-membrowse/master
...
ci: preserve membrowse push-to-master runs from cancellation
2026-04-15 09:34:17 -07:00
Reda Chouk
1576cf9edc
add exact-boundary tests at wolfssl_quic_max_record_capacity and cap+1 to catch off-by-onee mutations in the early data capacity check
2026-04-15 14:36:35 +02:00
Mattia Moffa
bd3cf10270
DTLS export: cap IV size at buffer size
...
ExportKeyState was writing ssl->specs.iv_size bytes from
keys->aead_enc_imp_IV (always sized AEAD_MAX_IMP_SZ). ssl->specs.iv_size
carries a different meaning depending on the cipher suite: in AEAD
suites it's the implicit IV / nonce size, but in CBC it's the block
cipher's IV size (16). In CBC this overran the size of aead_enc_imp_IV
(12).
2026-04-15 12:39:49 +02:00
Sean Parkinson
b44d8c66d7
Merge pull request #10192 from mattia-moffa/20260409-fixes
...
Various fixes
2026-04-15 20:35:04 +10:00
Sean Parkinson
18b0d313af
Merge pull request #10227 from douzzer/20260414-fixes
...
20260414-fixes
2026-04-15 20:24:23 +10:00
Michael Rogov Papernov
e38c88daf3
ci: preserve membrowse push-to-master runs from cancellation
...
Use unique concurrency group per commit for push events so that
sequential merges to master don't cancel each other's queued runs.
This ensures every master commit gets analyzed for memory tracking.
2026-04-15 11:07:41 +01:00
Sean Parkinson
c905033acf
API tests: more cipher tests
...
1. Unaligned Buffer Tests
Verify correct output when input/output buffers are byte-offset by 1,
2, and 3 bytes.
- AES-CBC, AES-CTS, AES-CTR, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
2. In-Place (Overlapping) Buffer Tests
Verify correct output when out == in (same pointer for input and
output).
- AES-CTS, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
3. Cross-Cipher Verification Tests
Verify that a higher-level mode produces identical output when
manually reconstructed from a lower-level primitive (typically AES-ECB +
XOR).
- AES-CBC (= ECB + XOR chaining)
- AES-CFB (= ECB(ciphertext feedback) + XOR)
- AES-OFB (= ECB(output feedback) + XOR)
- AES-CTR (= ECB(counter) + XOR with big-endian increment)
- AES-GCM (ciphertext portion = CTR starting at counter J0+1)
- ChaCha20-Poly1305 (ciphertext = raw ChaCha20 keystream XOR; tag =
independent Poly1305)
4. Counter Overflow Tests
Verify correct carry propagation when the internal block counter wraps
around.
- AES-CTR (32-bit big-endian carry across 4 bytes: 0xFFFFFFFE → wrap)
- ChaCha20 (32-bit counter: 0xFFFFFFFF → 0x00000000)
5. AEAD Edge Case Tests
Verify correct behavior for empty inputs, empty AAD, and invalid auth
tag rejection.
- Ascon-AEAD128
- AES-CCM
- ChaCha20-Poly1305
6. Non-Standard Parameter Tests
Verify behavior outside the common fast path.
- AES-GCM: non-96-bit nonce lengths (1-byte, 60-byte, variable-length
loop, zero-length rejection)
7. Streaming API State Tests
Verify mid-stream state behavior and re-initialization after a final
call.
- AES-GCM stream, AES-XTS stream
- ChaCha20-Poly1305 stream
2026-04-15 17:05:32 +10:00
Marco Oliverio
8b01033d0b
se050: reviewer's fixes
2026-04-15 08:52:16 +02:00
Marco Oliverio
2f5df5c9f8
se050: abide compilers warning about init keyId
2026-04-15 08:33:30 +02:00
Daniel Pouzzner
e4fab90938
scripts/*.test: in kill -0 PID existence tests, close stderr to silence noise.
2026-04-14 23:23:53 -05:00
Daniel Pouzzner
48b763a5d1
.wolfssl_known_macro_extras: remove WOLF_CRYPTO_CB_FIND (now covered by .github/workflows/os-check.yml).
2026-04-14 23:10:48 -05:00
Daniel Pouzzner
575ac48664
wolfssl/wolfcrypt/aes.h and wolfssl/wolfcrypt/cmac.h: fix circular dependency mitigation for struct AesEax more robustly.
2026-04-14 23:09:21 -05:00
Daniel Pouzzner
9bc221bfec
wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0.
2026-04-14 23:09:21 -05:00