Engine cleanup and hardening by aidangarske · Pull Request #226 · wolfSSL/wolfEngine

aidangarske · 2026-06-17T21:38:13Z

F-4173, F-4174, F-4175, F-4176, F-4177, F-4200, F-4201, F-4202, F-4203, F-4204,
F-4205, F-4206, F-4207, F-4208, F-4209, F-4469, F-4470, F-4471, F-4472, F-4473,
F-4474, F-4477, F-4478, F-4479, F-4480, F-5441, F-5442, F-5443, F-5444, F-5445,
F-5446, F-5447, F-5448, F-5450, F-6009, F-6010, F-6011, F-6013, F-6014

…C-HMAC

… absent OpenSSL 1.1.1 only provides EVP_aes_128_cbc_hmac_sha256() on platforms where it has a hand-written stitched implementation (notably AES-NI on x86_64). On every other build it returns NULL, so EVP_DecryptInit_ex fails with "no cipher set" before the engine path is ever exercised and the test asserts an unrelated failure. Detect the NULL cipher and return success so the suite is portable to non-x86_64 agents and to x86_64 VMs without AES-NI passthrough.

…" because its test_hmac_empty_raw_key crashes the Non FIPSv2 CI job with a double free on OpenSSL 1.1.1b.

aidangarske added 30 commits June 17, 2026 12:56

Fix wrong variable in NULL check after EVP_CIPHER_meth_new for AES-CB…

4ba0fd1

…C-HMAC

Validate record length in AES-CBC-HMAC TLS decrypt to prevent underflow

7ed5e44

Handle NULL output length query in RSA private decrypt

35a9a2a

Use correct element size when copying RSA NID list into digest method

d9d3c6f

Correct inverted NULL check on cipher data in we_aes_cbc_ctrl

411627c

Correct inverted NULL check on cipher data in we_aes_ecb_ctrl

bfff84a

Correct inverted NULL check on cipher data in we_des3_cbc_ctrl

46ae9c8

Initialize AES-ECB key alongside wc_AesInit when key is provided

86d15cf

Reject unknown digest names in TLS1-PRF and HKDF ctrl_str handlers

29007f3

Initialize ECDSA signature mp_ints once in direct sign path

d25f537

Free DH generator buffer on all paths in key generation

05b0870

Clamp GCM IV increment loop to avoid out-of-bounds write for short IVs

dee9486

Propagate EVP_CIPHER_asn1_to_param failure in PBES2 key generation

bbf0e46

Return 0 not -1 from AES-CTR init on IV-set failure

821b1ed

Use AES block size for AES-CTR block counter modulus

2f78625

Log salt pointer not key in HKDF salt allocation failure

92dfc06

Advance buffer index by two after debug separator in hex dump

e4e17ac

Fix mismatched endif comment in we_random.c

308fbad

Match RNG cleanup condition to RNG init condition

3732cb2

Only store RSA-PSS salt length when padding mode is PSS

70f603f

Free buffered GCM input before reallocating on repeated update

ddbb407

Zeroize buffered GCM plaintext when freeing in final and cleanup

c5a7898

Use clear_realloc to wipe relocated HMAC key padding buffer

5a3702b

Free ASN1 key when EVP_PKEY_assign fails in HMAC keygen

0e1cfe6

Free DH object when EVP_PKEY_assign_DH fails in paramgen

c629cb5

Free DH object when EVP_PKEY_assign_DH fails in keygen

0e92222

Free RSA object when EVP_PKEY_assign_RSA fails in keygen

c6abe22

Zeroize HKDF salt buffer on context cleanup

cbdd2ce

Cleanse derived key and IV stack buffers in PBE key generation

8342ade

Zeroize private key BIGNUMs in EC_KEY_oct2priv and DH_set0_key backports

76b800f

aidangarske added 8 commits June 17, 2026 13:28

Reject GCM IV generation longer than the IV buffer

4265cbd

Accept zero-length CMAC update to match OpenSSL and HMAC behavior

ec8af66

Bound HMAC ASN1 private key length before narrowing to int

8e224c2

Bound ECDSA signature SEQUENCE length parse to signature buffer

39ea99a

Pad HMAC key via portable malloc and clear_free instead of clear_realloc

3ed3afe

Size debug hex-dump line buffer for the two-byte separator

e1f923f

Swap GCM buffer only after successful allocation in update

8b5cd04

Allow empty HMAC raw private key import while bounding length

0bbcc46

aidangarske self-assigned this Jun 17, 2026

aidangarske added 3 commits June 17, 2026 15:07

Skip stitched AES-CBC-HMAC and RSA no-padding query tests under FIPS

0f87f18

Guard remaining new negative tests under FIPS builds

73177c9

aidangarske force-pushed the fenrir-findings-fixes branch from 1c1a90e to 0a8e791 Compare June 17, 2026 23:23

Revert "Allow empty HMAC raw private key import while bounding length…

5fdc1ca

…" because its test_hmac_empty_raw_key crashes the Non FIPSv2 CI job with a double free on OpenSSL 1.1.1b.

aidangarske force-pushed the fenrir-findings-fixes branch from f7f7274 to 5fdc1ca Compare June 18, 2026 00:48

aidangarske marked this pull request as ready for review June 18, 2026 15:48

aidangarske requested a review from ColtonWilley June 18, 2026 15:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Engine cleanup and hardening #226

Engine cleanup and hardening #226
aidangarske wants to merge 42 commits into
wolfSSL:masterfrom
aidangarske:fenrir-findings-fixes

aidangarske commented Jun 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

aidangarske commented Jun 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant