Commit Graph

29102 Commits

Author SHA1 Message Date
Juliusz Sosinowicz ff60134ff0 tests: add TLS 1.3 ticket age out-of-window test (F-1824)
DoClientTicketCheck's ticket-age bounds (-1000 ms low bound and
MAX_TICKET_AGE_DIFF*1000+1000 ms high bound) were never exercised by
any integration test, so mutations of the constants went undetected.
Establish a TLS 1.3 session, read the NewSessionTicket, then shift the
client's cached ageAdd by well over 1 second so the server's
unobfuscated diff falls outside the valid window on resumption. The
server must reject the PSK — session_reused stays 0.
2026-04-27 14:03:14 +02:00
Juliusz Sosinowicz 2df4936092 tests: add HRR cipher-suite mismatch negative test (F-2126)
DoTls13ClientHello enforces RFC 8446 Section 4.1.4 by comparing the
cipher suite in the second ClientHello to the hrrCipherSuite cached on
the server from the HelloRetryRequest. No existing test covers the
mismatch branch, so a deletion of the check would silently allow a
client to switch cipher suite between CH1 and CH2. Drive a partial
handshake until the server has emitted the HRR, then flip the cached
hrrCipherSuite on the server; processing CH2 must surface
INVALID_PARAMETER.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 9aa69f4996 tests: add default ticket key callback HMAC negative test (F-2922)
wolfSSL_TicketKeyCb is the built-in ticket callback registered by the
OpenSSL-compat wolfSSL_CTX_set_tlsext_ticket_key_cb API. Its
ConstantCompare of the ticket HMAC was never reached in any test, so a
deletion of the check would silently accept forged tickets. New test
sets up the compat callback, establishes a TLS 1.2 session, saves it,
flips a byte of the encrypted ticket, and asserts the resumption
attempt does not complete.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 920e175dd6 tests: add SCR verify_data mismatch test (F-2913, F-2914)
Cover both branches of TLSX_SecureRenegotiation_Parse's ConstantCompare
against the cached Finished verify_data: a single memio test loops
over client-side and server-side corruption, renegotiates, and
asserts the offending peer surfaces SECURE_RENEGOTIATION_E.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz d97d0370d1 tests: add TLS 1.3 null cipher HMAC negative test (F-2916)
Tls13IntegrityOnly_Decrypt was completely untouched by existing tests,
so any mutation of its ConstantCompare would pass CI. Add a memio
TLS 1.3 handshake over TLS13-SHA256-SHA256 (integrity-only NULL cipher),
then corrupt the final byte of the next record body via an IORecv
wrapper and assert the server surfaces DECRYPT_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 01cc5b1655 tests: add ChaCha20-Poly1305 AEAD tag negative test (F-2921)
Cover the Poly1305 ConstantCompare tag check in ChachaAEADDecrypt that
no existing test was hitting (VERIFY_MAC_ERROR never expected in the
suite). A memio-based TLS 1.2 handshake over
ECDHE-RSA-CHACHA20-POLY1305 completes, the server's IORecv is then
replaced with a wrapper that flips the final byte of the next record
body so the forged Poly1305 tag no longer matches. The server's
wolfSSL_read must surface VERIFY_MAC_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz ef73b3b233 tests: add EMS resumption downgrade negative test (F-2915)
Covers the HandleResumeHistory check that RFC 7627 Section 5.3 requires:
if the original session used Extended Master Secret, the server MUST
abort when a resumption ClientHello is received without EMS. The new
memio test performs a TLS 1.2 handshake with EMS, saves the session,
disables EMS on a fresh client, resumes with the saved session, and
asserts the server returns EXT_MASTER_SECRET_NEEDED_E.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 0f9fb2fb1d tls: fix TLSX_CA_Names_GetSize word16 overflow (F-2927)
The CA Names extension size accumulator was a word16. With enough
CA entries (or large DER-encoded names) the running total can wrap
silently, leaving TLSX_CA_Names_Write to overflow an undersized
extension buffer. Match TLSX_SNI_GetSize: use a word32 accumulator
and return 0 when the total exceeds WOLFSSL_MAX_16BIT.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz b8da926ae8 tls: fix TLSX_PreSharedKey_GetSize word16 overflow (F-2925)
Both TLSX_PreSharedKey_GetSize and TLSX_PreSharedKey_GetSizeBinders
accumulate per-identity bytes into a word16. With enough PSK entries
(or large binderLen/identityLen values) the accumulator wraps silently
and the caller allocates an undersized extension buffer, which
TLSX_PreSharedKey_Write then overflows.

Switch both accumulators to word32 and return LENGTH_ERROR when the
total would exceed the 16-bit wire length field.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 535aaf2325 tls: fix TLSX_TCA_GetSize word16 overflow (F-2131)
Mirror the TLSX_SNI_GetSize pattern: accumulate into a word32 and
return 0 when the aggregate size exceeds WOLFSSL_MAX_16BIT so large
idSz values or many TCA entries no longer silently wrap to a small
value that undersizes the TLSX_TCA_Write output buffer.
2026-04-27 14:01:55 +02:00
Juliusz Sosinowicz 646ff6dde4 tls: fix TLSX_ALPN_GetSize word16 overflow (F-2128)
Match the TLSX_SNI_GetSize pattern: use a word32 accumulator and return
0 if the aggregate size exceeds WOLFSSL_MAX_16BIT, so a large number of
ALPN entries can no longer silently wrap the length computation.
2026-04-27 14:01:55 +02:00
David Garske 6074a2dbe8 Merge pull request #10308 from douzzer/20260424-fixes
20260424-fixes
2026-04-25 16:35:09 -07:00
Daniel Pouzzner 6040cd7915 configure.ac: fix to allow SHAKE force-off FIPS lean-aesgcm setup. 2026-04-25 12:34:25 -05:00
Daniel Pouzzner 0bfa206b74 configure.ac: for FIPS v6 setup, explicitly set WOLFSSL_NOSHA512_224 and WOLFSSL_NOSHA512_256;
wolfssl/wolfcrypt/hash.h: when WOLFSSL_NOSHA512_{224,256}, gate out prototypes for wc_Sha512_{224,256}Hash[_ex](), to shift build failures from link-time to compile-time.
2026-04-25 12:21:26 -05:00
Daniel Pouzzner caffc458af .github/workflows/: add -Wnull-dereferences to a few -pedantic scenarios missed in the first pass. 2026-04-25 11:47:25 -05:00
Daniel Pouzzner aab90d7a25 tests/api.c: fix false-positive -Wmaybe-uninitialized in test_wolfSSL_clear_secure_renegotiation() with --enable-all CFLAGS=-Og. 2026-04-25 11:47:25 -05:00
Daniel Pouzzner df486d8cd5 src/ssl_load.c: fix -Wnull-dereference in wolfssl_ctx_set_tmp_dh() (detected by armel build);
.github/workflows/pq-all.yml: for the --enable-sp-math scenario, --disable-quic (QUIC unit tests fail on that combo);

wolfcrypt/test/test.c: add WC_MAYBE_UNUSED to ecdsa_test_deterministic_k_rs(), to fix armel sp-math build.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner 363bb0e216 configure.ac:
* allow for fips-dev in v7|ready|dev ENABLED_SHA256_DRBG and ENABLED_SHA512_DRBG setup and change from AC_MSG_WARN to AC_MSG_ERROR if user tries to disable outside fips-dev;
* set ENABLED_SHA512_DRBG=no in lean-aesgcm setup;

wolfcrypt/test/test.c: suppress concurrency-mt-unsafe in myFipsCb();

 .wolfssl_known_macro_extras: fix lexical order.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner 72a39bfa57 wolfssl/wolfcrypt/random.h: fix "comma at end of enumerator list [-Werror=pedantic]" in enum wc_DrbgType. 2026-04-25 11:47:25 -05:00
Daniel Pouzzner b79221acd3 wolfcrypt/test/test.c: in random_bank_test(), accommodate WOLFSSL_DRBG_SHA512 in the WC_RNG_BANK_FLAG_NO_VECTOR_OPS test;
linuxkm/lkcapi_sha_glue.c: in wc_mix_pool_bytes(), accommodate WOLFSSL_DRBG_SHA512.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner d14b8f8e79 .github/workflows/:
* add "-Wnull-dereference" to all existing "-pedantic -Wdeclaration-after-statement" configs;
* add an --enable-sp-math config to .github/workflows/pq-all.yml and .github/workflows/multi-arch.yml.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner 91c7c8f9fb wolfcrypt/test/test.c and wolfcrypt/test/test.h: fix gating for dsa_test() and srp_test() prototypes to avoid -Wunused-function in --enable-sp-math builds. 2026-04-25 11:47:24 -05:00
Daniel Pouzzner 91f66fb9c0 tests/api/test_pkcs7.c: in test_wc_PKCS7_BER(), in expected-failure wc_PKCS7_DecodeEnvelopedData() in WOLFSSL_SP_MATH build, allow failure with either WC_KEY_SIZE_E or BUFFER_E, to accommodate blinding added by #10128 / 589feabc0c. 2026-04-25 11:47:24 -05:00
Daniel Pouzzner 1f1b572548 tests/api.c: fix -Wnull-dereferences in wolfSSL_UseSecureRenegotiation(). 2026-04-25 11:47:24 -05:00
Daniel Pouzzner 6c9e0ea5a7 linuxkm/lkcapi_ecdsa_glue.c: in km_ecdsa_verify(), add checks on hash_len following pattern of #10131, before calling wc_ecc_verify_hash(), for defense-in-depth. 2026-04-25 11:47:24 -05:00
David Garske 426dc7bb76 Merge pull request #10236 from Roy-Carter/feature/enhance_conf_and_max_size
Enhance extra user data value and external cookie length max size
2026-04-24 14:42:44 -07:00
David Garske 21921408b9 Merge pull request #10216 from ColtonWilley/add-null-checks-public-api
Add missing NULL checks in public API functions
2026-04-24 14:42:24 -07:00
JacobBarthelmeh 734a71180c Merge pull request #10220 from embhorn/zd21596
Fix TLS ext bounds checking
2026-04-24 15:10:05 -06:00
JacobBarthelmeh c6953b868a Merge pull request #10260 from Frauschi/ecc_fix
Fix ECC validation regression
2026-04-24 14:39:50 -06:00
JacobBarthelmeh 46cedcf0f6 Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support
zephyr: changes needed for Zephyr 4.3 default TLS support
2026-04-24 14:30:59 -06:00
JacobBarthelmeh 0c9a496215 Merge pull request #10162 from embhorn/gh9753
Use O_CLOEXEC to avoid race conditions
2026-04-24 14:28:00 -06:00
JacobBarthelmeh a20c391b84 Merge pull request #10282 from kareem-wolfssl/zd21527
Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler.
2026-04-24 14:11:41 -06:00
JacobBarthelmeh b9514e70be Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
JacobBarthelmeh 06abf84ca8 Merge pull request #10300 from julek-wolfssl/hostap-remove-ap_wpa2_eap_sim_sql
Remove ap_wpa2_eap_sim_sql
2026-04-24 13:50:49 -06:00
JacobBarthelmeh 1da353b516 Merge pull request #10248 from holtrop-wolfssl/rust-digest-signature
Rust wrapper: add digest and signature crate trait implementations
2026-04-24 11:15:40 -06:00
JacobBarthelmeh cf2db428ba Merge pull request #9843 from kaleb-himes/PQ-FS-2026-Part2
Phase 2: PQ in boundary and SHA512 DRBG
2026-04-24 10:55:36 -06:00
Daniel Pouzzner 134f63a38c Merge pull request #10280 from philljj/no_stddef_h_guard
wc_port: guard stddef header include.
2026-04-24 11:33:55 -05:00
Juliusz Sosinowicz 5dad65c04c Remove ap_wpa2_eap_sim_sql 2026-04-24 17:07:37 +02:00
Colton Willey 008ca51cb5 Add additional macros to known macro list 2026-04-24 06:09:25 -07:00
Eric Blankenhorn 6f2d48cd4c Fix from review 2026-04-24 07:54:52 -05:00
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn 412c428b0a Fix TLS ext bounds checking 2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz 31278ee8bd Merge pull request #10296 from JacobBarthelmeh/hostap 2026-04-24 14:13:02 +02:00
JacobBarthelmeh 29f674e5b6 avoid glitch hardening false positive byte collision with small messages and adjust test case 2026-04-24 01:08:00 -06:00
Sean Parkinson 936f8e5423 Merge pull request #10203 from Frauschi/pkcs7_fixes
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh 20c1b91914 Merge pull request #10286 from LinuxJedi/git-action
ci: add PR commit message sanity check workflow
2026-04-23 17:16:26 -06:00
JacobBarthelmeh d9beec2e81 Merge pull request #10283 from night1rider/SHE-test-double-free-fix
Fix double-free of she2 in she_test()
2026-04-23 16:59:52 -06:00
JacobBarthelmeh 90366b747f Merge pull request #10142 from kareem-wolfssl/variousFixes2
Various fixes
2026-04-23 16:47:21 -06:00
JacobBarthelmeh 72c7d12cfb exclude the trust anchor from prospective certification path with pathlen check 2026-04-23 16:23:07 -06:00
JacobBarthelmeh fe8541cc47 Merge pull request #10193 from padelsbach/set-hashtype-in-ports
Set hashType in ports
2026-04-23 15:02:30 -06:00