Skip to content

Fix ECX/ECC get_params to size export buffer from data_size#447

Open
yosuke-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
yosuke-wolfssl:fix/f_2236
Open

Fix ECX/ECC get_params to size export buffer from data_size#447
yosuke-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
yosuke-wolfssl:fix/f_2236

Conversation

@yosuke-wolfssl

Copy link
Copy Markdown
Contributor

Summary

Fixes finding f_2236: ECX and ECC get_params used p->return_size instead of
p->data_size as the export buffer size.

Per the OSSL_PARAM contract, data_size is the caller's buffer capacity while
return_size is the provider's output field for the actual data length. Three
get_params helpers seeded the wolfSSL export length (outLen, an in/out
parameter) from return_size. When a param is reused — e.g. it carries a stale
or zero return_size from a prior size-query call — the export function receives
a wrong (often 0) buffer size and truncates or fails. It only worked for
freshly-constructed params because OpenSSL initializes return_size to an
unmodified sentinel rather than a small value.

Changes

  • src/wp_ecx_kmgmt.c
    • wp_ecx_get_params_enc_pub_key: outLen now seeded from p->data_size.
    • wp_ecx_get_params_priv_key: same fix.
  • src/wp_ecc_kmgmt.c
    • wp_ecc_get_params_enc_pub_key: same fix.
  • test/test_ecx.c (+ test/unit.c, test/unit.h)
    • New test_ecx_x25519_get_params_stale_ret: constructs params with a valid
      32-byte buffer but forces return_size = 0 (the reused-param condition),
      then calls EVP_PKEY_get_params for both the private and public key and
      verifies the returned bytes (against the RFC 7748 §6.1 Alice key pair) and
      return_size.

The p->return_size = outLen output assignments at the end of each helper are
unchanged — those are correct. A repo-wide sweep of return_size/data_size
uses confirmed no other helper (ML-DSA, ML-KEM, ML-X, DH, RSA) misused
return_size as an input; those already size from data_size.

Testing

  • New test passes; reverting the fix makes it fail (priv key get_params failed with stale return_size), confirming it catches the bug.
  • All 34 ECX/ECC/ECDH/eckeygen unit tests pass.

@yosuke-wolfssl yosuke-wolfssl self-assigned this Jul 15, 2026
Copilot AI review requested due to automatic review settings July 15, 2026 04:05

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes ECX/ECC get_params export behavior to follow the OSSL_PARAM contract by sizing the export buffer from the caller-provided data_size (capacity) rather than return_size (provider-filled output length). This prevents failures/truncation when callers reuse an OSSL_PARAM that carries a stale (e.g., zero) return_size from a prior size-query call.

Changes:

  • Update ECX get_params helpers to seed outLen from p->data_size for encoded public key and private key exports.
  • Update ECC encoded public key get_params helper to seed outLen from p->data_size.
  • Add a regression test that forces return_size = 0 while providing a valid 32-byte buffer, verifying correct returned bytes and updated return_size for X25519 private/public key params.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/wp_ecx_kmgmt.c Fixes ECX export buffer sizing in get_params to use data_size as input capacity.
src/wp_ecc_kmgmt.c Fixes ECC encoded public key export buffer sizing in get_params to use data_size as input capacity.
test/test_ecx.c Adds a regression test covering reused-parameter/stale-return_size behavior for X25519 EVP_PKEY_get_params.
test/unit.c Registers the new X25519 stale-return_size unit test.
test/unit.h Declares the new X25519 stale-return_size unit test.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #447

Scan targets checked: wolfprovider-bugs, wolfprovider-src

Findings: 2
2 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread test/test_ecx.c
Comment thread src/wp_ecc_kmgmt.c
Comment thread test/test_ecx.c
Comment thread src/wp_ecc_kmgmt.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #447

Scan targets checked: wolfprovider-bugs, wolfprovider-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants