Commit Graph

29160 Commits

Author SHA1 Message Date
night1rider f081a08c5c Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir 2026-04-15 11:28:03 -06:00
night1rider 802c34018c Add more in depth comments in header file for she.h 2026-04-15 11:28:03 -06:00
night1rider ee7fe9e1b1 SHE API: remove key storage from context, add direct output params 2026-04-15 11:28:03 -06:00
night1rider 8c0999a352 fix macro guarding in tests/api.c 2026-04-15 11:28:03 -06:00
night1rider eeedc470e9 Add SHE (Secure Hardware Extension) support to wolfCrypt 2026-04-15 11:27:44 -06:00
David Garske 1a67eb7223 Merge pull request #9851 from night1rider/setkey-callbacks
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Jeremiah Mackey e182645d20 zero PKCS12 key bag buffers before free 2026-04-15 16:59:18 +00:00
Daniel Pouzzner bfca39a97b src/ssl.c, src/ssl_sess.c, src/x509.c, wolfssl/internal.h: rename wolfssl_get_ex_new_index() to wolfssl_local_get_ex_new_index(). 2026-04-15 11:53:32 -05:00
Daniel Pouzzner d8085cc427 src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating. 2026-04-15 11:53:06 -05:00
Jeremiah Mackey 897ce55e2d zero HMAC-DRBG K and V in deterministic k 2026-04-15 16:46:32 +00:00
Jeremiah Mackey bdebcfc5a0 reject negative pemSz in PEM-to-DER APIs 2026-04-15 16:46:32 +00:00
David Garske 240703c959 Merge pull request #10219 from rizlik/se050
SE050: Fixes  + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
David Garske 22b6b1a1cf Merge pull request #10228 from michael-membrowse/master
ci: preserve membrowse push-to-master runs from cancellation
2026-04-15 09:34:17 -07:00
Anthony Hu b96a83699b Guarding fix 2026-04-15 11:47:56 -04:00
Josh Holtrop 4f31ff95f7 Rust wrapper: require fixed length index buffers for SRTP/SRTCP 2026-04-15 11:36:02 -04:00
sebastian-carpenter 9a161a69f2 extra overflow clamp 2026-04-15 09:31:22 -06:00
Reda Chouk 1576cf9edc add exact-boundary tests at wolfssl_quic_max_record_capacity and cap+1 to catch off-by-onee mutations in the early data capacity check 2026-04-15 14:36:35 +02:00
Mattia Moffa bd3cf10270 DTLS export: cap IV size at buffer size
ExportKeyState was writing ssl->specs.iv_size bytes from
keys->aead_enc_imp_IV (always sized AEAD_MAX_IMP_SZ). ssl->specs.iv_size
carries a different meaning depending on the cipher suite: in AEAD
suites it's the implicit IV / nonce size, but in CBC it's the block
cipher's IV size (16). In CBC this overran the size of aead_enc_imp_IV
(12).
2026-04-15 12:39:49 +02:00
Sean Parkinson b44d8c66d7 Merge pull request #10192 from mattia-moffa/20260409-fixes
Various fixes
2026-04-15 20:35:04 +10:00
Sean Parkinson 18b0d313af Merge pull request #10227 from douzzer/20260414-fixes
20260414-fixes
2026-04-15 20:24:23 +10:00
Michael Rogov Papernov e38c88daf3 ci: preserve membrowse push-to-master runs from cancellation
Use unique concurrency group per commit for push events so that
sequential merges to master don't cancel each other's queued runs.
This ensures every master commit gets analyzed for memory tracking.
2026-04-15 11:07:41 +01:00
Sean Parkinson c905033acf API tests: more cipher tests
1. Unaligned Buffer Tests
Verify correct output when input/output buffers are byte-offset by 1,
2, and 3 bytes.
  - AES-CBC, AES-CTS, AES-CTR, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305

2. In-Place (Overlapping) Buffer Tests
Verify correct output when out == in (same pointer for input and
output).
  - AES-CTS, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305

3. Cross-Cipher Verification Tests
Verify that a higher-level mode produces identical output when
manually reconstructed from a lower-level primitive (typically AES-ECB +
XOR).
- AES-CBC (= ECB + XOR chaining)
- AES-CFB (= ECB(ciphertext feedback) + XOR)
  - AES-OFB (= ECB(output feedback) + XOR)
- AES-CTR (= ECB(counter) + XOR with big-endian increment)
  - AES-GCM (ciphertext portion = CTR starting at counter J0+1)
- ChaCha20-Poly1305 (ciphertext = raw ChaCha20 keystream XOR; tag =
independent Poly1305)

4. Counter Overflow Tests
Verify correct carry propagation when the internal block counter wraps
around.
  - AES-CTR (32-bit big-endian carry across 4 bytes: 0xFFFFFFFE → wrap)
- ChaCha20 (32-bit counter: 0xFFFFFFFF → 0x00000000)

5. AEAD Edge Case Tests
Verify correct behavior for empty inputs, empty AAD, and invalid auth
tag rejection.
  - Ascon-AEAD128
  - AES-CCM
  - ChaCha20-Poly1305

6. Non-Standard Parameter Tests
  Verify behavior outside the common fast path.
- AES-GCM: non-96-bit nonce lengths (1-byte, 60-byte, variable-length
loop, zero-length rejection)

7. Streaming API State Tests
Verify mid-stream state behavior and re-initialization after a final
call.
  - AES-GCM stream, AES-XTS stream
  - ChaCha20-Poly1305 stream
2026-04-15 17:05:32 +10:00
Marco Oliverio 8b01033d0b se050: reviewer's fixes 2026-04-15 08:52:16 +02:00
Marco Oliverio 2f5df5c9f8 se050: abide compilers warning about init keyId 2026-04-15 08:33:30 +02:00
Daniel Pouzzner e4fab90938 scripts/*.test: in kill -0 PID existence tests, close stderr to silence noise. 2026-04-14 23:23:53 -05:00
Daniel Pouzzner 48b763a5d1 .wolfssl_known_macro_extras: remove WOLF_CRYPTO_CB_FIND (now covered by .github/workflows/os-check.yml). 2026-04-14 23:10:48 -05:00
Daniel Pouzzner 575ac48664 wolfssl/wolfcrypt/aes.h and wolfssl/wolfcrypt/cmac.h: fix circular dependency mitigation for struct AesEax more robustly. 2026-04-14 23:09:21 -05:00
Daniel Pouzzner 9bc221bfec wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0. 2026-04-14 23:09:21 -05:00
Daniel Pouzzner 1df26161a7 configure.ac: exclude AES-EAX from --enable-all-crypto when --enable-afalg. 2026-04-14 23:09:21 -05:00
Daniel Pouzzner 96199467f9 scripts/*.test: delay reaping servers in cleanup handlers to allow sanitizers to finish rendering backtraces. 2026-04-14 23:09:20 -05:00
Daniel Pouzzner ebbab7ac45 src/crl.c: fix sequence in FreeCRL(): First decrement the refcount, then shut down the CRL monitor, then deallocate resources (fixes ASAN-detected read-after-free). 2026-04-14 23:09:20 -05:00
Mattia Moffa 95c177b441 Set MAX_ENCODED_SIG_SZ to FP_MAX_BITS / 16 rather than / 8
FP_MAX_BITS is the largest possible size of any intermediate operand.
RSA requires multiplying together integers with the size of signatures
(N), resulting in a size of 2N. So we must assume FP_MAX_BITS is 2N, not
N (in bits: 16N, not 8N).
2026-04-15 04:43:08 +02:00
Sean Parkinson 6ac0f82b85 Merge pull request #10204 from mattia-moffa/20260413-fixes
SetSuitesHashSigAlgo fix
2026-04-15 11:39:26 +10:00
Mattia Moffa 6b535a4bd3 Initialize ctTampered in test 2026-04-15 03:09:11 +02:00
Mattia Moffa 41e54ba4f0 Initialize fullMac in test 2026-04-15 03:09:11 +02:00
Mattia Moffa 7bd2c3c946 Fix clang-tidy complaints 2026-04-15 03:09:11 +02:00
Mattia Moffa 1d4c5f7022 Fix codespell false positive 2026-04-15 03:09:11 +02:00
Mattia Moffa 0749f20c33 Require exact tag length in EVP_DigestVerifyFinal HMAC path
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa 0a00b47c75 Fix ML-KEM ARM64 NEON ciphertext comparison reduction
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa 9c304bdc09 PKCS12: check mismatch between hash algo and hash size
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Josh Holtrop 4fb4b3c0c8 Rust wrapper: test BLAKE2 finalize() returns error for empty output buffer 2026-04-14 20:50:08 -04:00
Josh Holtrop ca362a4e8f Rust wrapper: also check usize to u32 conversions for digest_size 2026-04-14 20:50:08 -04:00
Josh Holtrop e1a01926bc Rust wrapper: check length returned by Lms.get_kid() in unit test 2026-04-14 20:50:08 -04:00
Josh Holtrop 15ac0718a3 Rust wrapper: make zeroize functions private 2026-04-14 20:50:08 -04:00
Josh Holtrop 2f94121078 Rust wrapper: require caller supplied buffer for Lms.get_kid()
Fixes F-1073.
2026-04-14 20:50:08 -04:00
Josh Holtrop 10fbc95241 Rust wrapper: add comment to MlKem about not implementing Send/Sync
Fixes F-1072.
2026-04-14 20:50:08 -04:00
Josh Holtrop 85ad08a50a Rust wrapper: avoid as_ptr() to *mut u8 casts
Fixes F-1065.
2026-04-14 20:50:08 -04:00
Josh Holtrop 884b882afe Rust wrapper: remove generic types for AES buffers
Fixes F-1071.
This is an API-breaking change, so will lead to a new crate major
version.
2026-04-14 20:50:08 -04:00
Josh Holtrop db1aab959c Rust wrapper: zeroize structs on drop 2026-04-14 20:50:08 -04:00
Josh Holtrop f1a041a216 Rust wrapper: add zeroizing Drop impl for ChaCha20Poly1305
Fix F-1069
2026-04-14 20:50:08 -04:00