night1rider
f081a08c5c
Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir
2026-04-15 11:28:03 -06:00
night1rider
802c34018c
Add more in depth comments in header file for she.h
2026-04-15 11:28:03 -06:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
8c0999a352
fix macro guarding in tests/api.c
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
David Garske
1a67eb7223
Merge pull request #9851 from night1rider/setkey-callbacks
...
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Jeremiah Mackey
e182645d20
zero PKCS12 key bag buffers before free
2026-04-15 16:59:18 +00:00
Daniel Pouzzner
bfca39a97b
src/ssl.c, src/ssl_sess.c, src/x509.c, wolfssl/internal.h: rename wolfssl_get_ex_new_index() to wolfssl_local_get_ex_new_index().
2026-04-15 11:53:32 -05:00
Daniel Pouzzner
d8085cc427
src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating.
2026-04-15 11:53:06 -05:00
Jeremiah Mackey
897ce55e2d
zero HMAC-DRBG K and V in deterministic k
2026-04-15 16:46:32 +00:00
Jeremiah Mackey
bdebcfc5a0
reject negative pemSz in PEM-to-DER APIs
2026-04-15 16:46:32 +00:00
David Garske
240703c959
Merge pull request #10219 from rizlik/se050
...
SE050: Fixes + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
David Garske
22b6b1a1cf
Merge pull request #10228 from michael-membrowse/master
...
ci: preserve membrowse push-to-master runs from cancellation
2026-04-15 09:34:17 -07:00
Anthony Hu
b96a83699b
Guarding fix
2026-04-15 11:47:56 -04:00
Josh Holtrop
4f31ff95f7
Rust wrapper: require fixed length index buffers for SRTP/SRTCP
2026-04-15 11:36:02 -04:00
sebastian-carpenter
9a161a69f2
extra overflow clamp
2026-04-15 09:31:22 -06:00
Reda Chouk
1576cf9edc
add exact-boundary tests at wolfssl_quic_max_record_capacity and cap+1 to catch off-by-onee mutations in the early data capacity check
2026-04-15 14:36:35 +02:00
Mattia Moffa
bd3cf10270
DTLS export: cap IV size at buffer size
...
ExportKeyState was writing ssl->specs.iv_size bytes from
keys->aead_enc_imp_IV (always sized AEAD_MAX_IMP_SZ). ssl->specs.iv_size
carries a different meaning depending on the cipher suite: in AEAD
suites it's the implicit IV / nonce size, but in CBC it's the block
cipher's IV size (16). In CBC this overran the size of aead_enc_imp_IV
(12).
2026-04-15 12:39:49 +02:00
Sean Parkinson
b44d8c66d7
Merge pull request #10192 from mattia-moffa/20260409-fixes
...
Various fixes
2026-04-15 20:35:04 +10:00
Sean Parkinson
18b0d313af
Merge pull request #10227 from douzzer/20260414-fixes
...
20260414-fixes
2026-04-15 20:24:23 +10:00
Michael Rogov Papernov
e38c88daf3
ci: preserve membrowse push-to-master runs from cancellation
...
Use unique concurrency group per commit for push events so that
sequential merges to master don't cancel each other's queued runs.
This ensures every master commit gets analyzed for memory tracking.
2026-04-15 11:07:41 +01:00
Sean Parkinson
c905033acf
API tests: more cipher tests
...
1. Unaligned Buffer Tests
Verify correct output when input/output buffers are byte-offset by 1,
2, and 3 bytes.
- AES-CBC, AES-CTS, AES-CTR, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
2. In-Place (Overlapping) Buffer Tests
Verify correct output when out == in (same pointer for input and
output).
- AES-CTS, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
3. Cross-Cipher Verification Tests
Verify that a higher-level mode produces identical output when
manually reconstructed from a lower-level primitive (typically AES-ECB +
XOR).
- AES-CBC (= ECB + XOR chaining)
- AES-CFB (= ECB(ciphertext feedback) + XOR)
- AES-OFB (= ECB(output feedback) + XOR)
- AES-CTR (= ECB(counter) + XOR with big-endian increment)
- AES-GCM (ciphertext portion = CTR starting at counter J0+1)
- ChaCha20-Poly1305 (ciphertext = raw ChaCha20 keystream XOR; tag =
independent Poly1305)
4. Counter Overflow Tests
Verify correct carry propagation when the internal block counter wraps
around.
- AES-CTR (32-bit big-endian carry across 4 bytes: 0xFFFFFFFE → wrap)
- ChaCha20 (32-bit counter: 0xFFFFFFFF → 0x00000000)
5. AEAD Edge Case Tests
Verify correct behavior for empty inputs, empty AAD, and invalid auth
tag rejection.
- Ascon-AEAD128
- AES-CCM
- ChaCha20-Poly1305
6. Non-Standard Parameter Tests
Verify behavior outside the common fast path.
- AES-GCM: non-96-bit nonce lengths (1-byte, 60-byte, variable-length
loop, zero-length rejection)
7. Streaming API State Tests
Verify mid-stream state behavior and re-initialization after a final
call.
- AES-GCM stream, AES-XTS stream
- ChaCha20-Poly1305 stream
2026-04-15 17:05:32 +10:00
Marco Oliverio
8b01033d0b
se050: reviewer's fixes
2026-04-15 08:52:16 +02:00
Marco Oliverio
2f5df5c9f8
se050: abide compilers warning about init keyId
2026-04-15 08:33:30 +02:00
Daniel Pouzzner
e4fab90938
scripts/*.test: in kill -0 PID existence tests, close stderr to silence noise.
2026-04-14 23:23:53 -05:00
Daniel Pouzzner
48b763a5d1
.wolfssl_known_macro_extras: remove WOLF_CRYPTO_CB_FIND (now covered by .github/workflows/os-check.yml).
2026-04-14 23:10:48 -05:00
Daniel Pouzzner
575ac48664
wolfssl/wolfcrypt/aes.h and wolfssl/wolfcrypt/cmac.h: fix circular dependency mitigation for struct AesEax more robustly.
2026-04-14 23:09:21 -05:00
Daniel Pouzzner
9bc221bfec
wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0.
2026-04-14 23:09:21 -05:00
Daniel Pouzzner
1df26161a7
configure.ac: exclude AES-EAX from --enable-all-crypto when --enable-afalg.
2026-04-14 23:09:21 -05:00
Daniel Pouzzner
96199467f9
scripts/*.test: delay reaping servers in cleanup handlers to allow sanitizers to finish rendering backtraces.
2026-04-14 23:09:20 -05:00
Daniel Pouzzner
ebbab7ac45
src/crl.c: fix sequence in FreeCRL(): First decrement the refcount, then shut down the CRL monitor, then deallocate resources (fixes ASAN-detected read-after-free).
2026-04-14 23:09:20 -05:00
Mattia Moffa
95c177b441
Set MAX_ENCODED_SIG_SZ to FP_MAX_BITS / 16 rather than / 8
...
FP_MAX_BITS is the largest possible size of any intermediate operand.
RSA requires multiplying together integers with the size of signatures
(N), resulting in a size of 2N. So we must assume FP_MAX_BITS is 2N, not
N (in bits: 16N, not 8N).
2026-04-15 04:43:08 +02:00
Sean Parkinson
6ac0f82b85
Merge pull request #10204 from mattia-moffa/20260413-fixes
...
SetSuitesHashSigAlgo fix
2026-04-15 11:39:26 +10:00
Mattia Moffa
6b535a4bd3
Initialize ctTampered in test
2026-04-15 03:09:11 +02:00
Mattia Moffa
41e54ba4f0
Initialize fullMac in test
2026-04-15 03:09:11 +02:00
Mattia Moffa
7bd2c3c946
Fix clang-tidy complaints
2026-04-15 03:09:11 +02:00
Mattia Moffa
1d4c5f7022
Fix codespell false positive
2026-04-15 03:09:11 +02:00
Mattia Moffa
0749f20c33
Require exact tag length in EVP_DigestVerifyFinal HMAC path
...
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa
0a00b47c75
Fix ML-KEM ARM64 NEON ciphertext comparison reduction
...
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa
9c304bdc09
PKCS12: check mismatch between hash algo and hash size
...
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Josh Holtrop
4fb4b3c0c8
Rust wrapper: test BLAKE2 finalize() returns error for empty output buffer
2026-04-14 20:50:08 -04:00
Josh Holtrop
ca362a4e8f
Rust wrapper: also check usize to u32 conversions for digest_size
2026-04-14 20:50:08 -04:00
Josh Holtrop
e1a01926bc
Rust wrapper: check length returned by Lms.get_kid() in unit test
2026-04-14 20:50:08 -04:00
Josh Holtrop
15ac0718a3
Rust wrapper: make zeroize functions private
2026-04-14 20:50:08 -04:00
Josh Holtrop
2f94121078
Rust wrapper: require caller supplied buffer for Lms.get_kid()
...
Fixes F-1073.
2026-04-14 20:50:08 -04:00
Josh Holtrop
10fbc95241
Rust wrapper: add comment to MlKem about not implementing Send/Sync
...
Fixes F-1072.
2026-04-14 20:50:08 -04:00
Josh Holtrop
85ad08a50a
Rust wrapper: avoid as_ptr() to *mut u8 casts
...
Fixes F-1065.
2026-04-14 20:50:08 -04:00
Josh Holtrop
884b882afe
Rust wrapper: remove generic types for AES buffers
...
Fixes F-1071.
This is an API-breaking change, so will lead to a new crate major
version.
2026-04-14 20:50:08 -04:00
Josh Holtrop
db1aab959c
Rust wrapper: zeroize structs on drop
2026-04-14 20:50:08 -04:00
Josh Holtrop
f1a041a216
Rust wrapper: add zeroizing Drop impl for ChaCha20Poly1305
...
Fix F-1069
2026-04-14 20:50:08 -04:00