Sean Parkinson
460463aa8f
Merge pull request #10166 from JeremiahM37/test-coverage
...
Add negative tests for TLS handshake verification paths
2026-04-17 10:41:53 +10:00
Sean Parkinson
9d1fe652b1
Merge pull request #10224 from embhorn/zd21594
...
Various fixes in internal.c
2026-04-17 09:44:33 +10:00
Brett Nicholas
4bf334c299
Merge pull request #10009 from night1rider/SHE-update
...
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Jeremiah Mackey
a0614dd3c0
add negative tests for TLS handshake verification paths
2026-04-16 14:37:07 +00:00
Daniel Pouzzner
4cd7126092
tests/api/test_aes.c: fix gating for test_wc_AesGcm_MonteCarlo() to exclude WOLFSSL_AFALG and WOLFSSL_DEVCRYPTO.
2026-04-15 21:29:17 -05:00
night1rider
64a1ac8dd2
wc_SHE_ImportM1M2M3: fix guard from || to && so it gates on WOLF_CRYPTO_CB
2026-04-15 18:03:39 -06:00
Sean Parkinson
cd6b062847
Merge pull request #10136 from JeremiahM37/fenrir-issues-2
...
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson
d2175f3b42
Merge pull request #10222 from embhorn/zd21597
...
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
Sean Parkinson
1fab25301f
Merge pull request #10221 from julek-wolfssl/gh/10197
...
TLS 1.3: evict session from cache after accepted 0-RTT resumption
2026-04-16 08:16:31 +10:00
David Garske
faa6e985a5
Merge pull request #10226 from SparkiDev/api_test_cipher_algs_3
...
API tests: more cipher tests
2026-04-15 14:32:11 -07:00
Eric Blankenhorn
c429a41121
Fix from review
2026-04-15 15:26:46 -05:00
night1rider
1078e797f8
Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage
2026-04-15 11:28:03 -06:00
night1rider
f081a08c5c
Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir
2026-04-15 11:28:03 -06:00
night1rider
802c34018c
Add more in depth comments in header file for she.h
2026-04-15 11:28:03 -06:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
Sean Parkinson
c905033acf
API tests: more cipher tests
...
1. Unaligned Buffer Tests
Verify correct output when input/output buffers are byte-offset by 1,
2, and 3 bytes.
- AES-CBC, AES-CTS, AES-CTR, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
2. In-Place (Overlapping) Buffer Tests
Verify correct output when out == in (same pointer for input and
output).
- AES-CTS, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
3. Cross-Cipher Verification Tests
Verify that a higher-level mode produces identical output when
manually reconstructed from a lower-level primitive (typically AES-ECB +
XOR).
- AES-CBC (= ECB + XOR chaining)
- AES-CFB (= ECB(ciphertext feedback) + XOR)
- AES-OFB (= ECB(output feedback) + XOR)
- AES-CTR (= ECB(counter) + XOR with big-endian increment)
- AES-GCM (ciphertext portion = CTR starting at counter J0+1)
- ChaCha20-Poly1305 (ciphertext = raw ChaCha20 keystream XOR; tag =
independent Poly1305)
4. Counter Overflow Tests
Verify correct carry propagation when the internal block counter wraps
around.
- AES-CTR (32-bit big-endian carry across 4 bytes: 0xFFFFFFFE → wrap)
- ChaCha20 (32-bit counter: 0xFFFFFFFF → 0x00000000)
5. AEAD Edge Case Tests
Verify correct behavior for empty inputs, empty AAD, and invalid auth
tag rejection.
- Ascon-AEAD128
- AES-CCM
- ChaCha20-Poly1305
6. Non-Standard Parameter Tests
Verify behavior outside the common fast path.
- AES-GCM: non-96-bit nonce lengths (1-byte, 60-byte, variable-length
loop, zero-length rejection)
7. Streaming API State Tests
Verify mid-stream state behavior and re-initialization after a final
call.
- AES-GCM stream, AES-XTS stream
- ChaCha20-Poly1305 stream
2026-04-15 17:05:32 +10:00
Mattia Moffa
6b535a4bd3
Initialize ctTampered in test
2026-04-15 03:09:11 +02:00
Mattia Moffa
41e54ba4f0
Initialize fullMac in test
2026-04-15 03:09:11 +02:00
Mattia Moffa
7bd2c3c946
Fix clang-tidy complaints
2026-04-15 03:09:11 +02:00
Mattia Moffa
1d4c5f7022
Fix codespell false positive
2026-04-15 03:09:11 +02:00
Mattia Moffa
0749f20c33
Require exact tag length in EVP_DigestVerifyFinal HMAC path
...
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa
0a00b47c75
Fix ML-KEM ARM64 NEON ciphertext comparison reduction
...
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa
9c304bdc09
PKCS12: check mismatch between hash algo and hash size
...
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Sean Parkinson
0b88017e20
Merge pull request #10181 from embhorn/zd21567
...
Fix ReqCertFromX509 to check bounds
2026-04-15 09:01:25 +10:00
Sean Parkinson
409b5fcf38
Merge pull request #10172 from embhorn/zd21568
...
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
Sean Parkinson
14ebd3d649
Merge pull request #10170 from embhorn/zd21566
...
Fix partial chain verification
2026-04-15 08:58:28 +10:00
David Garske
e3e95c0454
Merge pull request #10213 from SparkiDev/api_test_cipher_algs_2
...
Unit testing: Add Monte Carlo testing to ciphers
2026-04-14 13:05:08 -07:00
Eric Blankenhorn
a8ea8a898c
Fix from review
2026-04-14 13:39:17 -05:00
Eric Blankenhorn
4a13896b2e
Report cert verify failure with MD5
2026-04-14 12:31:01 -05:00
Jeremiah Mackey
83d71ee5cc
guard DES3 length test with HAVE_FIPS
2026-04-14 15:40:06 +00:00
Juliusz Sosinowicz
e5f569ad7c
TLS 1.3: evict session from cache after accepted 0-RTT resumption
...
Per RFC 8446 section 8, a server MUST ensure that any instance of it
would accept 0-RTT for the same 0-RTT handshake at most once. Without
this, the same ClientHello could be replayed to re-accept early data on
a subsequent connection.
After the PSK is authenticated (binder verified) in DoPreSharedKeys,
call wolfSSL_SSL_CTX_remove_session on ssl->session when the client
offered 0-RTT and the session permits it. That evicts the entry from
the internal cache (under the row's write lock) and invokes the
application's ctx->rem_sess_cb so any external cache can drop its copy
too. The session's timeout is also cleared so the live reference held
by the current handshake cannot be resumed again.
The mutation is paid only when the client actually included the
early_data extension on a 0-RTT-capable session, so normal resumptions
are unaffected and the existing remove-callback counts in
test_wolfSSL_CTX_add_session_ext_{tls13,dtls13} stay correct.
wolfSSL_SSL_CTX_remove_session was previously declared and defined only
under the OpenSSL compatibility layer. Because it is now called from
the core TLS 1.3 PSK path, the declaration in wolfssl/ssl.h and the
definition in src/ssl_sess.c are moved out of that block to match the
existing !NO_SESSION_CACHE gate under which the function is meaningful.
wolfSSL_SSL_get0_session stays in the compat block.
test_tls13_early_data_0rtt_replay verifies the behaviour. It does a
full TLS 1.3 handshake with stateful tickets (SSL_OP_NO_TICKET) and
max_early_data > 0, then tries to resume the saved session twice while
offering 0-RTT each time. A minimal single-slot external session cache
is wired up via wolfSSL_CTX_sess_set_{new,get,remove}_cb to confirm
both caches are cleared. Round 0 must resume and deliver the early
data, and rem_calls must hit 1 (the fix's single eviction). Round 1
must fall back to a full handshake (session_reused == 0), deliver no
early data, and leave rem_calls at 1.
Verified against multiple configurations (incl. --enable-all
--enable-earlydata, the no-compat -DHAVE_EXT_CACHE build, and the
os-check.yml combo). Valgrind under -g2 -O0 with OPENSSL_EXTRA +
HAVE_EXT_CACHE + HAVE_EX_DATA reports no errors and no
definitely-lost bytes.
Refs wolfSSL/wolfssl#10197
2026-04-14 15:35:50 +00:00
Eric Blankenhorn
68b3bbb16f
Fix from review
2026-04-14 07:47:29 -05:00
Eric Blankenhorn
2b503dae54
Fix from review
2026-04-14 07:41:30 -05:00
Eric Blankenhorn
a6fd25b94e
Fix partial chain verification
2026-04-14 07:25:11 -05:00
Sean Parkinson
59a17dd598
Unit testing: Add Monte Carlo testing to ciphers
...
Monte Carlo testing is randomized test data.
These new tests have random keys, IVs, nonce, etc and random data to
encrypt.
100 sets of random test data are encrypted and decrypted with a check to
ensure the input to encrypt is the same as the output of decrypt.
Tags are generated and checked in the calls to encrypt and decrypt.
2026-04-14 13:25:15 +10:00
Sean Parkinson
649a32fd6e
Merge pull request #10169 from embhorn/zd21565
...
Fix for peer cert verify with IP address
2026-04-14 08:21:23 +10:00
Eric Blankenhorn
33310010a9
Fix wolfSSL_sk_X509_OBJECT_deep_copy to check bounds
2026-04-13 17:02:51 -05:00
Eric Blankenhorn
863db50318
Fix word32 truncation and add true regression test for PKCS12 OOB read
2026-04-13 16:05:51 -05:00
Eric Blankenhorn
4cb016f434
Fix pkcs12 parse issue
2026-04-13 15:11:15 -05:00
David Garske
b17755b63f
Merge pull request #10164 from rizlik/bio
...
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske
a143369522
Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
...
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
Jeremiah Mackey
0525301b75
test non-block-aligned CBC input rejected
2026-04-13 16:19:30 +00:00
Sean Parkinson
a50a5403a7
Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
...
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson
0434139967
Merge pull request #10186 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-13 09:18:46 +10:00
David Garske
3d4e929869
Merge pull request #10173 from SparkiDev/init_cert_sha1
...
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
Daniel Pouzzner
1b692b8063
fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331).
2026-04-12 12:07:33 -05:00
David Garske
ae0a3877ca
Merge pull request #10122 from miyazakh/f-1370_SigGetSize
...
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
Paul Adelsbach
6f7e5d030b
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-10 10:48:17 -07:00