Commit Graph

3493 Commits

Author SHA1 Message Date
Lealem Amedie 1f260ccb0a Add TLS-ALPN-01 challenge cert support (RFC 8737 acmeId extension) 2026-04-27 17:15:06 -06:00
Juliusz Sosinowicz ff60134ff0 tests: add TLS 1.3 ticket age out-of-window test (F-1824)
DoClientTicketCheck's ticket-age bounds (-1000 ms low bound and
MAX_TICKET_AGE_DIFF*1000+1000 ms high bound) were never exercised by
any integration test, so mutations of the constants went undetected.
Establish a TLS 1.3 session, read the NewSessionTicket, then shift the
client's cached ageAdd by well over 1 second so the server's
unobfuscated diff falls outside the valid window on resumption. The
server must reject the PSK — session_reused stays 0.
2026-04-27 14:03:14 +02:00
Juliusz Sosinowicz 2df4936092 tests: add HRR cipher-suite mismatch negative test (F-2126)
DoTls13ClientHello enforces RFC 8446 Section 4.1.4 by comparing the
cipher suite in the second ClientHello to the hrrCipherSuite cached on
the server from the HelloRetryRequest. No existing test covers the
mismatch branch, so a deletion of the check would silently allow a
client to switch cipher suite between CH1 and CH2. Drive a partial
handshake until the server has emitted the HRR, then flip the cached
hrrCipherSuite on the server; processing CH2 must surface
INVALID_PARAMETER.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 9aa69f4996 tests: add default ticket key callback HMAC negative test (F-2922)
wolfSSL_TicketKeyCb is the built-in ticket callback registered by the
OpenSSL-compat wolfSSL_CTX_set_tlsext_ticket_key_cb API. Its
ConstantCompare of the ticket HMAC was never reached in any test, so a
deletion of the check would silently accept forged tickets. New test
sets up the compat callback, establishes a TLS 1.2 session, saves it,
flips a byte of the encrypted ticket, and asserts the resumption
attempt does not complete.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 920e175dd6 tests: add SCR verify_data mismatch test (F-2913, F-2914)
Cover both branches of TLSX_SecureRenegotiation_Parse's ConstantCompare
against the cached Finished verify_data: a single memio test loops
over client-side and server-side corruption, renegotiates, and
asserts the offending peer surfaces SECURE_RENEGOTIATION_E.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz d97d0370d1 tests: add TLS 1.3 null cipher HMAC negative test (F-2916)
Tls13IntegrityOnly_Decrypt was completely untouched by existing tests,
so any mutation of its ConstantCompare would pass CI. Add a memio
TLS 1.3 handshake over TLS13-SHA256-SHA256 (integrity-only NULL cipher),
then corrupt the final byte of the next record body via an IORecv
wrapper and assert the server surfaces DECRYPT_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 01cc5b1655 tests: add ChaCha20-Poly1305 AEAD tag negative test (F-2921)
Cover the Poly1305 ConstantCompare tag check in ChachaAEADDecrypt that
no existing test was hitting (VERIFY_MAC_ERROR never expected in the
suite). A memio-based TLS 1.2 handshake over
ECDHE-RSA-CHACHA20-POLY1305 completes, the server's IORecv is then
replaced with a wrapper that flips the final byte of the next record
body so the forged Poly1305 tag no longer matches. The server's
wolfSSL_read must surface VERIFY_MAC_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz ef73b3b233 tests: add EMS resumption downgrade negative test (F-2915)
Covers the HandleResumeHistory check that RFC 7627 Section 5.3 requires:
if the original session used Extended Master Secret, the server MUST
abort when a resumption ClientHello is received without EMS. The new
memio test performs a TLS 1.2 handshake with EMS, saves the session,
disables EMS on a fresh client, resumes with the saved session, and
asserts the server returns EXT_MASTER_SECRET_NEEDED_E.
2026-04-27 14:03:13 +02:00
Daniel Pouzzner aab90d7a25 tests/api.c: fix false-positive -Wmaybe-uninitialized in test_wolfSSL_clear_secure_renegotiation() with --enable-all CFLAGS=-Og. 2026-04-25 11:47:25 -05:00
Daniel Pouzzner 1f1b572548 tests/api.c: fix -Wnull-dereferences in wolfSSL_UseSecureRenegotiation(). 2026-04-25 11:47:24 -05:00
JacobBarthelmeh 734a71180c Merge pull request #10220 from embhorn/zd21596
Fix TLS ext bounds checking
2026-04-24 15:10:05 -06:00
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn 412c428b0a Fix TLS ext bounds checking 2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz 31278ee8bd Merge pull request #10296 from JacobBarthelmeh/hostap 2026-04-24 14:13:02 +02:00
Sean Parkinson 936f8e5423 Merge pull request #10203 from Frauschi/pkcs7_fixes
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh 72c7d12cfb exclude the trust anchor from prospective certification path with pathlen check 2026-04-23 16:23:07 -06:00
JacobBarthelmeh 2ba4d7e6c9 Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
Tobias Frauenschläger 3fd4060458 Add more PKCS#7 tests 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 84fb0f694c Fix various range and size bugs in PKCS#7 code 2026-04-23 09:36:32 +02:00
JacobBarthelmeh b5738236d9 Merge pull request #10187 from embhorn/zd21587
Fixes in TLS ECH, handle empty records, and ASN len check
2026-04-22 14:44:15 -06:00
Mattia Moffa 389d15fa45 Fix compile error 2026-04-21 03:30:39 +02:00
Mattia Moffa 6f37b17757 Address Copilot suggestions 2026-04-21 02:56:36 +02:00
JacobBarthelmeh ad8b6dbc32 Merge pull request #10217 from ColtonWilley/null-checks-evp-ocsp-x509
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
2026-04-20 17:27:19 -06:00
Sean Parkinson 318cd62d44 Merge pull request #10231 from JeremiahM37/fenrir-issues-3
Fix PEM input validation and zeroize sensitive key buffers
2026-04-17 10:44:55 +10:00
Brett Nicholas 4bf334c299 Merge pull request #10009 from night1rider/SHE-update
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Daniel Pouzzner 801c412ad2 src/tls.c, wolfssl/ssl.h, tests/api.c: followup to ff7a32d022 (#10182):
* Fix OOB heap reads via TLSX_ExtractEch() by preemptively rejecting oversized
  SNI names in TLSX_UseSNI().

* In TLSX_EchChangeSNI(), don't attempt to truncate if an oversized name is
  seen, just return error.

* Move definition of WOLFSSL_HOST_NAME_MAX to an ungated context in ssl.h, and
  use it consistently in tls.c, eliminating the duplicative
  WOLFSSL_HOST_NAME_MAX.
2026-04-16 11:12:02 -05:00
Sean Parkinson 6be03a5dab Merge pull request #10182 from embhorn/zd21576
Fix TLSX_EchChangeSNI to check hostname termination
2026-04-16 08:37:42 +10:00
David Garske 26a7d594e3 Merge pull request #10232 from douzzer/20260415-confusing_globals
20260415-confusing_globals
2026-04-15 15:02:40 -07:00
night1rider ee7fe9e1b1 SHE API: remove key storage from context, add direct output params 2026-04-15 11:28:03 -06:00
night1rider 8c0999a352 fix macro guarding in tests/api.c 2026-04-15 11:28:03 -06:00
night1rider eeedc470e9 Add SHE (Secure Hardware Extension) support to wolfCrypt 2026-04-15 11:27:44 -06:00
David Garske 1a67eb7223 Merge pull request #9851 from night1rider/setkey-callbacks
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Daniel Pouzzner d8085cc427 src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating. 2026-04-15 11:53:06 -05:00
Jeremiah Mackey bdebcfc5a0 reject negative pemSz in PEM-to-DER APIs 2026-04-15 16:46:32 +00:00
Sean Parkinson 6ac0f82b85 Merge pull request #10204 from mattia-moffa/20260413-fixes
SetSuitesHashSigAlgo fix
2026-04-15 11:39:26 +10:00
night1rider 642a65a34d Add export hooks for ecc 2026-04-14 16:21:50 -06:00
night1rider 79b0d9f9f5 Add setkey/exportkey/eccgetsize test coverage in api.c 2026-04-14 16:21:50 -06:00
night1rider 1295f4fe0e Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
  and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
  keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
  options with CI test configurations in os-check.yml.

  Add test handlers in test.c and api.c with export/import delegation
  pattern, small-stack-safe allocations, custom curve support, and
  DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Eric Blankenhorn 415c288965 Fix from review 2026-04-14 08:14:55 -05:00
Eric Blankenhorn 8f73ae460d Fix TLSX_Parse to check dup ECH 2026-04-14 07:37:21 -05:00
Mattia Moffa e10ff384ba Fix unrelated flaky test 2026-04-14 10:36:47 +02:00
Colton Willey 58a27848a8 Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.
2026-04-13 20:29:50 -07:00
Colton Willey 373b45cd7a Fix dangling secure_renegotiation pointer after TLSX_FreeAll
ssl->secure_renegotiation caches a pointer into extension data owned by
the ssl->extensions list. Three call sites free that list via TLSX_FreeAll
without NULLing the cached pointer, leaving it dangling:

- wolfSSL_clear()
- FreeHandshakeResources() (TLSX_FreeAll branch)
- wolfSSL_ResourceFree()

After wolfSSL_clear(), calling wolfSSL_SSL_get_secure_renegotiation_support()
reads the freed SecureRenegotiation struct. Confirmed heap-use-after-free
under ASan with nginx, haproxy, and openssl-compat build profiles.

NULL the pointer at all three sites. Add regression test covering the
wolfSSL_clear path.
2026-04-13 14:53:22 -07:00
Mattia Moffa 99d1c80bde Add regression test 2026-04-13 22:25:15 +02:00
Eric Blankenhorn ff7a32d022 Fix TLSX_EchChangeSNI to check hostname length 2026-04-13 14:53:06 -05:00
night1rider 8cc02d8a8a Add DH regression test and incremement ref counter tests to api.c 2026-04-13 11:32:51 -06:00
Zackery Backman 0ab5401edf Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory. 2026-04-13 11:32:51 -06:00
Zackery Backman b74731d878 Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation 2026-04-13 11:32:51 -06:00
Zackery Backman 3925804da6 Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation 2026-04-13 11:32:50 -06:00
David Garske c36beba9b7 Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00