Commit Graph

29585 Commits

Author SHA1 Message Date
rizlik df2fd4ec06 swdev: refcount swdev Init/Cleanup 2026-05-13 16:18:52 +02:00
rizlik ade53b0c59 CRYPTO_CB_ONLY_SHA256: fix: guard Sha256FinalRaw under CB_ONLY_SHA256 2026-05-13 16:18:52 +02:00
rizlik c5ef060139 WOLF_CRYPTO_CB_ONLY_AES: add support + swdev for testing
Modes (CTR, GCM, CCM, etc.) can be supported either directly or fallback
to invoking the crypto callback with a "direct" (ECB) mode.
Software implementation and AES tables are stripped under CB_ONLY_AES.

wc_swdev gains AES support so WOLF_CRYPTO_CB_ONLY_AES builds can be
tested.

crypto find cb support added to wc_AesSetKey in order to support current
CI tests that use INVALID_DEVID.
2026-05-13 16:18:52 +02:00
rizlik 61bfff1dac WOLF_CRYPTO_CB_ONLY_SHA256: strip software SHA-256 and dispatch via swdev
Add WOLF_CRYPTO_CB_ONLY_SHA256: when set, the SHA-256 software.
wc_Sha256FinalRaw is reduced to a stub returning NO_VALID_DEVID, and
sha256.h force-defines WOLFSSL_NO_HASH_RAW so the constant-time TLS HMAC
path falls back to its backend-opaque variant.

Incompatible with
WOLFSSL_SHA224, which aliases the SHA-256 statics; #error guard added.

Add wc_swdev support for SHA-256 for testing.
2026-05-13 16:18:51 +02:00
rizlik 65b49b2fb5 _CRYPTO_CB_ONLY_{RSA,ECC,SHA256,AES}: move WOLF_CRYPTO_CB guards to settings.h 2026-05-13 16:18:51 +02:00
rizlik 8f0d4db7d9 tests/swdev: add RSA support to wc_swdev
Extend the swdev callback to handle RSA operations: public/private encrypt
and decrypt, plus key generation.
2026-05-13 16:18:51 +02:00
rizlik 6fb617aba9 tests/swdev: add ECC support to wc_swdev
Extend the swdev callback to handle ECC operations: keygen, ECDH, sign,
verify, get-size, get-sig-size.

Relax WOLF_CRYPTO_CB_ONLY_ECC guards in the test suite so that tests run
under swdev, and wire wc_SwDev_Init/Cleanup into testsuite, client, and
server.  Two tests are intentionally kept excluded even with swdev because
they call raw ECC math primitives (wc_ecc_mulmod, on-curve validation in
wc_ecc_import_x963) that are stripped below the cryptocb dispatch layer:

  - ecc_mulmod_test (wolfcrypt/test/test.c)
  - test_wc_ecc_import_x963_off_curve (tests/api/test_ecc.c)
2026-05-13 16:18:51 +02:00
rizlik 0f82b9e5fb tests/swdev: add scaffolding for WOLF_CRYPTO_CB_ONLY_* testing
Add a software crypto-callback device (wc_swdev) that lets the wolfcrypt
test suite run under WOLF_CRYPTO_CB_ONLY_* flags without per-test devId
plumbing.  The bundle is a separately-compiled second copy of wolfcrypt
(software implementations enabled, WOLF_CRYPTO_CB_ONLY_* stripped) linked
into testwolfcrypt as a single relocatable object; every symbol is demoted
to local via objcopy --keep-global-symbol except wc_SwDev_Callback, so there
is no collision with the main libwolfssl.

A find callback routes unbound operations (devId == INVALID_DEVID) to the
swdev while letting real device IDs pass through.

wc_SwDev_Init / wc_SwDev_Cleanup hooks are wired into wolfcrypt/test/test.c.
cryptocb_test's WOLF_CRYPTO_CB_FIND and WOLF_CRYPTO_CB_ONLY_RSA blocks are
gated off under WOLFSSL_SWDEV.

Enable via --enable-swdev (requires --enable-cryptocb).
2026-05-13 16:18:51 +02:00
Tobias Frauenschläger 12070eb032 Merge pull request #10473 from douzzer/20260512-fips-gating-fixes
20260512-fips-gating-fixes
2026-05-13 16:15:30 +02:00
Sean Parkinson 58c41b6d57 Merge pull request #10458 from philljj/fix_GetShortInt
asn: fix GetShortInt for asn original.
2026-05-13 16:44:38 +10:00
Sean Parkinson cef3187fdb Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix
Fix LMS and XMSS cryptocb software fallback
2026-05-13 16:43:41 +10:00
Sean Parkinson 9e739c6ad0 Merge pull request #10455 from sebastian-carpenter/hpke-fix
Fix: hpke return code improvements
2026-05-13 16:42:45 +10:00
Sean Parkinson 581a9688c6 Merge pull request #10444 from philljj/fix_wc_export_int
wolfmath: check mpSz in wc_export_int.
2026-05-13 16:41:17 +10:00
Sean Parkinson b8bc480394 Merge pull request #10291 from JeremiahM37/test-coverage
Add negative tests for AEAD, PKCS7, PSS, DSA, DRBG, and PQ key
2026-05-13 16:39:54 +10:00
Sean Parkinson 2670a4f976 Merge pull request #10441 from padelsbach/pkcs7-verify-fix
Fix OOB possibility in PKCS7_VerifySignedData
2026-05-13 16:19:15 +10:00
Sean Parkinson 16132b4582 Merge pull request #10445 from embhorn/zd21742
Fix in ECC point conversion
2026-05-13 16:09:02 +10:00
Daniel Pouzzner e1c7385ccf wolfcrypt/test/test.c:
* in pbkdf2_test(), pwdbased_test(), and pkcs12_test(), add missing FIPS v7+
    gates around stanzas that use wc_PBKDF_max_iterations_set() and
    wc_PBKDF_max_iterations_get() or depend on erroring for excessive PBKDF
    iterations (fixes #10050);

  * in ecc_test_buffers(), omit new corrupt HMAC tag test on FIPS <v6 (fixes
    8f2a3f9563).

tests/api/test_dtls.c: add FIPS v7+ gate to test_dtls13_frag_ch2_with_ch1_rtx().

wolfssl/wolfcrypt/memory.h: #include "../../linuxkm/linuxkm_memory.h" rather than "linuxkm/linuxkm_memory.h", following pattern in wc_port.h.
2026-05-12 20:46:46 -05:00
Daniel Pouzzner dc4796b06c Merge pull request #10404 from SparkiDev/test_c_refactor_1
test.c: Improved testing
2026-05-12 20:46:25 -05:00
David Garske dfe03ff538 Merge pull request #10381 from kareem-wolfssl/zd21694
Validate DSA parameters when verifying DSA key.
2026-05-12 16:29:29 -07:00
Jeremiah Mackey efe98a71fd add DRBG reseed boundary test 2026-05-12 20:59:29 +00:00
Jeremiah Mackey 0b917bc206 add signature negative verify tests 2026-05-12 20:59:29 +00:00
Jeremiah Mackey 71ce5a1e56 add PQ key integrity tests 2026-05-12 20:59:29 +00:00
Jeremiah Mackey 0a4ef94f5e add PKCS7 tampered attribs tests 2026-05-12 20:59:29 +00:00
Jeremiah Mackey ec44572bfc add AEAD bad tag tests 2026-05-12 20:59:29 +00:00
Andrew Hutchings 90359f90e1 Add STM32 emulator from simulators repo
This tests a lot more than the Renode STM32H753 test, so this PR removes
that and adds our own emulator for STM32H753 and STM32U585. This
includes testing the v1 and v2 HAL CRYP / HASH / PKA functionality.
2026-05-12 20:17:11 +02:00
David Garske eecb8cc601 Merge pull request #10461 from SparkiDev/tls13_cipher_fuzzing
TLSv1.3 testing: add fuzz test of decryption
2026-05-12 09:26:53 -07:00
David Garske 32439c975f Merge pull request #10448 from SparkiDev/lms_fixes_1
LMS: fixes and improvements
2026-05-12 09:26:42 -07:00
David Garske 2239fc336b Merge pull request #10430 from SparkiDev/mlkem_avx2_fixes
ML-KEM: fix AVX2 assembly
2026-05-12 09:25:54 -07:00
David Garske f8bc0ce95a Merge pull request #10457 from danielinux/iotsafe-fix-tls-wrapper
IDE/iotsafe: fix memory TLS wrapper and example build
2026-05-12 09:23:28 -07:00
David Garske 15f3f7b102 Merge pull request #10439 from ejohnstown/octeon-fix
port/cavium: fix Octeon AES-GCM AAD GHASH bug
2026-05-12 09:22:10 -07:00
Sean Parkinson df5b2b6cb1 test.c: Improved testing
Top-level test extraction into typed sub-functions

- Digest tests (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512,
SHA-512/224,   SHA-512/256, SHA-3 224/256/384/512, SHAKE128/256): each
test category (KAT, large-hash, copy-cleanup, unaligned-memory,
interleave, copy-Sha3 heap-allocation pattern) is now its own static
wc_test_ret_t function rather than inline blocks inside one giant
top-level test.
- rsa_test: extracted rsa_pkcs1_test, rsa_cert_parse_test,
rsa_pub_key_decode_test, rsa_certreq_test.
- ecc_test: extracted ecc_test_all_curves, ecc_test_all_deterministic_k
from the dispatcher; ecc_encrypt_combos_test from ecc_encrypt_test;
ecc_buffers_encrypt_test, ecc_buffers_sign_verify_test,
ecc_buffers_pub_key_decode_test from ecc_test_buffers.
- dh_test: extracted dh_keyagree_test, dh_check_priv_key_test,
dh_agree_ct_test, dh_key_import_export_test, dh_set_check_key_test.
- Curve25519 / Ed25519 / Curve448 / Ed448: extracted KAT, key-agreement,
ASN, and rare-sig sub-tests from each top-level dispatcher.
- Cipher tests: extracted streaming sub-tests from aesofb_test,
aescfb_test, aes_cts_test (aes_cts_192/256_stream_test).

Coverage additions

- Added state-copy testing inside the SHA-3 KAT loops (matching the
existing pattern in SHA-1/224/256/etc. KAT loops).
- Added a SHA-224 large-hash test (parity with the other digest
families).
- Added copy-cleanup tests for SHA-512/224 and SHA-512/256.
- Added Unaligned memory access testing to all *_large_hash_test
functions (MD5, SHA-1/224/256/384, SHA3-224/256/384/512), matching the
pattern that previously only existed for SHA-512/224/256.
2026-05-12 09:21:00 -07:00
David Garske 3e6efbac52 Merge pull request #9567 from jackctj117/serial-0
Allow serial number 0 for root CA certificates
2026-05-12 09:19:56 -07:00
David Garske 33efd8c9b3 Merge pull request #10050 from anhu/pbkdf_max
Add upper limit to PBKDF iteration count
2026-05-12 09:10:54 -07:00
Daniel Pouzzner 7cfc9e9103 Merge pull request #10465 from Frauschi/slhdsa_pre_hash
SLH-DSA fixes
2026-05-12 10:38:49 -05:00
Sean Parkinson d7bdfd3e90 Merge pull request #10349 from rizlik/dtls13_rtx_fixes
DTLS13:  Fixes unnecessary client rtx and increase server robustness
2026-05-12 22:19:56 +10:00
Sean Parkinson 6942797cd3 Merge pull request #10301 from julek-wolfssl/openssh-10.3p1
ci: add OpenSSH 10.3p1 to CI matrix
2026-05-12 22:10:10 +10:00
Sean Parkinson f436fb858e Merge pull request #10437 from gasbytes/CertManagerLoadCABufferType_MoveXMemset
zero-initialize DecodedCert immediately after allocation in wolfSSL_CertManagerCABufferType
2026-05-12 22:08:53 +10:00
Sean Parkinson 2c4f854962 Merge pull request #10447 from mattia-moffa/20260508-blake2-long-key-fix
Fix Blake2 oversized key path
2026-05-12 22:07:16 +10:00
Sean Parkinson 443861563d Merge pull request #10453 from LinuxJedi/fix-memtrack
Fix mem_track.h compile failure on multi-threaded non-Linux builds
2026-05-12 22:01:21 +10:00
Tobias Frauenschläger bec6c0fef2 SLH-DSA fixes
Follow up to PR #10450 with some minor fixes:

* FIPS 205 numbering: slh_sign is §10.2.1 Alg 22; slh_verify is Alg 24;
  hash_slh_verify is Alg 25 (impl comments and doxygen).
* Widen wc_SlhDsaKey_SignHashWithRandom's addRnd to const byte* to
  match wc_SlhDsaKey_SignWithRandom.
* Make the SLHDSA_PHMSG_MAX_LEN invariant explicit with a named
  SLHDSA_LARGEST_APPROVED_PHM_LEN constant and a wc_static_assert.
* SHAKE128/SHAKE256 round-trip and length-rejection coverage for both
  SignHash and VerifyHash.
* Doxygen: briefs for the five DER encode/decode APIs; accurate
  decoder failure-rollback wording; tighter return-code lists for
  Verify and VerifyMsg.
* ChangeLog: silent-failure caveat for raw messages whose length
  happens to equal the digest size of the chosen hashType.
2026-05-12 13:24:24 +02:00
Sean Parkinson c1cf8ffb2e TLSv1.3 testing: add fuzz test of decryption
Fixes F-3478
Add a fuzzing test for each cipher that modifies a random byte at a
random offset of an encrypted message and checks that the reading fails
with an appropriate return and error code.
Fuzzes both sides 5 times each for each cipher suite.
2026-05-12 15:59:28 +10:00
David Garske a2b054e3b8 Merge pull request #10155 from aidangarske/fenrir-fixes-2
Add Negative Testing and Zeroization
2026-05-11 21:07:53 -07:00
Sean Parkinson 3c9423257f ML-KEM: fix AVX2 assembly
AVX2 not decompressing 5-bit values correctly.
AVX2 not comparing last 32 bytes of ciphertext.
Protect mlkemkey_get_k to only be compiled when make key is compiled in.
2026-05-12 13:32:19 +10:00
Sean Parkinson 218ddb449e Merge pull request #10394 from dgarske/sp_nonblock_rsa_dh
Add RSA/DH SP non-blocking support for C/Small 2048/3072/4096
2026-05-12 13:25:43 +10:00
jordan 5918eabe2c wolfmath: fix mpSz cast. 2026-05-11 21:46:36 -05:00
John Safranek 82b30797a1 port/cavium: fix Octeon AES-GCM AAD GHASH bug
Octeon_AesGcm_SetAAD unconditionally ran XOR0/XORMUL1 on the partial-block
buffer after the main loop, which processed an extra all-zero block when
aadSz was a non-zero multiple of 16, corrupting the GCM tag. Guard the
trailing XOR/MUL with `if (remainder > 0)`.

Issue: F-3335
2026-05-11 14:39:06 -07:00
Daniel Pouzzner 3afa9018f4 Merge pull request #10450 from Frauschi/slhdsa_pre_hash
HashSLH-DSA APIs take the pre-hashed digest, not the raw message
2026-05-11 16:29:32 -05:00
Daniel Pouzzner 717ce03614 .wolfssl_known_macro_extras: clean up unneeded and out-of-order ents. 2026-05-11 16:24:09 -05:00
Daniel Pouzzner 0470910acb wolfcrypt/test/test.c: fix unused-result warnings and unencoded result codes in pwdbased_test(). 2026-05-11 16:23:39 -05:00
Daniel Pouzzner b2a56e7947 wolfcrypt/src/pwdbased.c:
* fix typography of wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() (peer review).
* refactor overflow prevention in wc_PKCS12_PBKDF_ex() to use WC_SAFE_SUM_UNSIGNED().

wolfcrypt/test/test.c: in pwdbased_test(), omit "INT_MAX MAC iterations" test if WOLFSSL_NO_MALLOC (uses wc_PKCS12_new_ex()).
2026-05-11 15:57:23 -05:00