Skip to content

Cryptocb hooks rsapss ed448 cmac#10886

Open
night1rider wants to merge 5 commits into
wolfSSL:masterfrom
night1rider:cryptocb-hooks-rsapss-ed448-cmac
Open

Cryptocb hooks rsapss ed448 cmac#10886
night1rider wants to merge 5 commits into
wolfSSL:masterfrom
night1rider:cryptocb-hooks-rsapss-ed448-cmac

Conversation

@night1rider

Copy link
Copy Markdown
Contributor

No description provided.

@night1rider night1rider self-assigned this Jul 12, 2026
@night1rider night1rider marked this pull request as ready for review July 12, 2026 03:51
@github-actions

Copy link
Copy Markdown

retest this please

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10886

Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

Findings: 4
4 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

@night1rider night1rider force-pushed the cryptocb-hooks-rsapss-ed448-cmac branch from 0108bd2 to 10370ac Compare July 12, 2026 04:45

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10886

Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

@night1rider night1rider force-pushed the cryptocb-hooks-rsapss-ed448-cmac branch from 10370ac to 513619f Compare July 12, 2026 06:08

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10886

Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

Findings: 2
2 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10886

Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/rsa.c
/* The device verified internally; there is no recovered PSS
* block to expose (in is the untouched ciphertext), so report
* no inline output rather than a misleading pointer. */
if (out != NULL)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*🟠 [Medium] wc_RsaPSS_VerifyCheckInline returns positive length with out=NULL on callback path · NULL pointer dereference

When a crypto callback device handles the verify, the function sets *out = NULL but still returns a positive length (inLen), violating the established contract that a positive return means *out points to valid recovered PSS data. External callers that dereference *out after a positive return will NULL-deref. The behavioral change is documented only in the C source comment, not in the public WOLFSSL_API header declaration.

Fix: Either return a non-length positive sentinel (e.g., 1) on callback success so callers cannot use the value as a byte count against *out, or add the NULL-*out caveat to wolfssl/wolfcrypt/rsa.h.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants