Fix ECX/ECC get_params to size export buffer from data_size#447
Fix ECX/ECC get_params to size export buffer from data_size#447yosuke-wolfssl wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes ECX/ECC get_params export behavior to follow the OSSL_PARAM contract by sizing the export buffer from the caller-provided data_size (capacity) rather than return_size (provider-filled output length). This prevents failures/truncation when callers reuse an OSSL_PARAM that carries a stale (e.g., zero) return_size from a prior size-query call.
Changes:
- Update ECX
get_paramshelpers to seedoutLenfromp->data_sizefor encoded public key and private key exports. - Update ECC encoded public key
get_paramshelper to seedoutLenfromp->data_size. - Add a regression test that forces
return_size = 0while providing a valid 32-byte buffer, verifying correct returned bytes and updatedreturn_sizefor X25519 private/public key params.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
src/wp_ecx_kmgmt.c |
Fixes ECX export buffer sizing in get_params to use data_size as input capacity. |
src/wp_ecc_kmgmt.c |
Fixes ECC encoded public key export buffer sizing in get_params to use data_size as input capacity. |
test/test_ecx.c |
Adds a regression test covering reused-parameter/stale-return_size behavior for X25519 EVP_PKEY_get_params. |
test/unit.c |
Registers the new X25519 stale-return_size unit test. |
test/unit.h |
Declares the new X25519 stale-return_size unit test. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #447
Scan targets checked: wolfprovider-bugs, wolfprovider-src
Findings: 2
2 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
d4bd0bc to
37120c6
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #447
Scan targets checked: wolfprovider-bugs, wolfprovider-src
No new issues found in the changed files. ✅
Summary
Fixes finding f_2236: ECX and ECC
get_paramsusedp->return_sizeinstead ofp->data_sizeas the export buffer size.Per the
OSSL_PARAMcontract,data_sizeis the caller's buffer capacity whilereturn_sizeis the provider's output field for the actual data length. Threeget_paramshelpers seeded the wolfSSL export length (outLen, an in/outparameter) from
return_size. When a param is reused — e.g. it carries a staleor zero
return_sizefrom a prior size-query call — the export function receivesa wrong (often 0) buffer size and truncates or fails. It only worked for
freshly-constructed params because OpenSSL initializes
return_sizeto anunmodified sentinel rather than a small value.
Changes
src/wp_ecx_kmgmt.cwp_ecx_get_params_enc_pub_key:outLennow seeded fromp->data_size.wp_ecx_get_params_priv_key: same fix.src/wp_ecc_kmgmt.cwp_ecc_get_params_enc_pub_key: same fix.test/test_ecx.c(+test/unit.c,test/unit.h)test_ecx_x25519_get_params_stale_ret: constructs params with a valid32-byte buffer but forces
return_size = 0(the reused-param condition),then calls
EVP_PKEY_get_paramsfor both the private and public key andverifies the returned bytes (against the RFC 7748 §6.1 Alice key pair) and
return_size.The
p->return_size = outLenoutput assignments at the end of each helper areunchanged — those are correct. A repo-wide sweep of
return_size/data_sizeuses confirmed no other helper (ML-DSA, ML-KEM, ML-X, DH, RSA) misused
return_sizeas an input; those already size fromdata_size.Testing
priv key get_params failed with stale return_size), confirming it catches the bug.