Skip to content

Add negative tests for AEAD, PKCS7, PSS, DSA, DRBG, and PQ key#10291

Open
JeremiahM37 wants to merge 5 commits intowolfSSL:masterfrom
JeremiahM37:test-coverage
Open

Add negative tests for AEAD, PKCS7, PSS, DSA, DRBG, and PQ key#10291
JeremiahM37 wants to merge 5 commits intowolfSSL:masterfrom
JeremiahM37:test-coverage

Conversation

@JeremiahM37
Copy link
Copy Markdown
Contributor

@JeremiahM37 JeremiahM37 commented Apr 23, 2026

Addresses F-2195, F-2204, F-2198, F-2199, F-3072, F-3073, F-2640, F-2643, F-3074.

  • AEAD bad auth tag: streaming AES-GCM decrypt final and XChaCha20-Poly1305 one-shot decrypt.
  • PKCS7 SignedData with tampered signedAttribs (non-messageDigest bytes) for RSA and ECDSA signers — exercises wc_PKCS7_RsaVerify recovered-digest XMEMCMP and wc_PKCS7_EcdsaVerify res==1 guard.
  • RSA PSS: constructs a signature whose recovered EM has a wrong 0xbc terminator; asserts BAD_PADDING_E specifically.
  • DRBG: sets reseedCtr = WC_RESEED_INTERVAL - 1 and verifies the boundary check fires (counter resets after next generate).
  • ML-KEM: flips a byte inside H(ek) of an encoded private key blob; asserts MLKEM_PUB_HASH_E.
  • SLH-DSA: tampers a seed in key->sk after import; asserts wc_SlhDsaKey_CheckKey returns WC_KEY_MISMATCH_E.
  • DSA: tampered hash produces answer == 0 via the final mp_cmp(r, v) check.

@JeremiahM37 JeremiahM37 self-assigned this Apr 23, 2026
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10291

No scan targets match the changed files in this PR. Review skipped.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026
edited
Loading

MemBrowse Memory Report

No memory changes detected for:

@JeremiahM37 JeremiahM37 force-pushed the test-coverage branch 4 times, most recently from 22da37f to f107414 Compare April 24, 2026 16:02
@JeremiahM37
Copy link
Copy Markdown
Contributor Author

JeremiahM37 commented Apr 24, 2026

Jenkins retest this please

dgarske
dgarske requested changes May 5, 2026
View reviewed changes
Comment thread tests/api/test_aes.c Outdated
@JeremiahM37 JeremiahM37 force-pushed the test-coverage branch 2 times, most recently from 4034b53 to 9603eca Compare May 6, 2026 15:11
@JeremiahM37 JeremiahM37 removed their assignment May 7, 2026
dgarske
dgarske previously approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, very surprised this didn't propigate any errors. I sent you a note to double check things (force a failure to make sure its actually reported). For now marking approved, but holding merge since it did not change/fix any core code...

@JeremiahM37 JeremiahM37 force-pushed the test-coverage branch 2 times, most recently from 363bd73 to 63c00ae Compare May 8, 2026 14:46
@JeremiahM37 JeremiahM37 removed their assignment May 8, 2026
@JeremiahM37 JeremiahM37 requested a review from dgarske May 11, 2026 06:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@dgarske dgarske Awaiting requested review from dgarske

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JeremiahM37 @dgarske @wolfSSL-Fenrir-bot @wolfSSL-Bot