Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens several cryptographic and session-handling paths by improving constant-time behavior, tightening error handling, and ensuring sensitive intermediates are wiped, alongside small CI workflow dependency bumps.
Changes:
- Make PKCS#7 padding validation constant-time and add operation-state validation in EVP PKEY decrypt.
- Improve EdDSA/Dilithium/DH/RSA secret handling by avoiding early-returns in some paths and zeroing sensitive buffers.
- Fix robustness issues (bounds checks, memory free placement) and bump GitHub Actions versions in workflows.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfcrypt/src/evp.c | Constant-time padding verification and stricter decrypt op-state validation |
| wolfcrypt/src/ed448.c | Adjust error-flow and wipe sensitive arrays after signing |
| wolfcrypt/src/ed25519.c | Restructure signing flow to gate work on ret == 0 and wipe intermediates |
| wolfcrypt/src/eccsi.c | Simplify error cleanup by delegating to wc_FreeEccsiKey |
| wolfcrypt/src/dilithium.c | Zero seed material after key creation |
| wolfcrypt/src/dh.c | Force-zero DH private scalar on cleanup |
| wolfcrypt/src/asn.c | Guard init calls and adjust frees/logging in key OID detection |
| tests/api.c | Check fwrite result and return failure on short write |
| src/ssl_sess.c | Add missing bounds checks when decoding session ticket timing fields |
| src/pk_rsa.c | Force-zero bignum temporary on cleanup |
| src/internal.c | Adjust error codes/returns; fix pbuf free placement to avoid leaking on hash-failure |
| .github/workflows/threadx.yml | Bump actions/cache to v4 |
| .github/workflows/msys2.yml | Bump actions/checkout to v4 |
| .github/workflows/haproxy.yml | Bump actions/checkout to v4 |
Comments suppressed due to low confidence (1)
src/internal.c:1
- This change discards the specific error code from
wolfSSL_set_quic_method()and always returnsWOLFSSL_FATAL_ERROR. That reduces diagnosability and can change caller behavior if they rely on the underlying return value. Prefer returningret(or mapping only specific error(s) toWOLFSSL_FATAL_ERRORwhile preserving detail via the return code or a consistent error-reporting mechanism).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
julek-wolfssl
force-pushed
the
fenrir/260316
branch
from
64cc8a7 to
562f8ab
Compare
JacobBarthelmeh
previously approved these changes
Mar 16, 2026
dgarske
approved these changes
Mar 16, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR focuses on tightening security/memory hygiene in cryptographic operations and improving robustness in a few APIs and CI workflows.
Changes:
- Make padding validation constant-time and add operation-state validation for EVP PKEY decrypt.
- Reduce sensitive data exposure by force-zeroing secrets and using force-zero clears for big integers.
- Improve error handling/cleanup paths and update GitHub Actions workflow dependencies.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfcrypt/src/evp.c | Constant-time padding check and added decrypt-operation state validation. |
| wolfcrypt/src/ed448.c | Propagate hash-init failures without early returns and clear sensitive buffers on exit. |
| wolfcrypt/src/ed25519.c | Gate subsequent operations on ret == 0 and clear sensitive buffers on exit. |
| wolfcrypt/src/eccsi.c | Simplify error cleanup by delegating to wc_FreeEccsiKey. |
| wolfcrypt/src/dilithium.c | Clear generated seed after keygen. |
| wolfcrypt/src/dh.c | Force-zero clear of temporary DH scalar. |
| wolfcrypt/src/asn.c | Check init return codes and adjust free ordering in key OID detection. |
| tests/api.c | Ensure file is closed on fwrite failure while returning correct status. |
| src/ssl_sess.c | Fix session parse bounds checking for 32-bit vs 64-bit ticket time storage. |
| src/pk_rsa.c | Force-zero clear of temporary MPI in RSA generation. |
| src/internal.c | Adjust error codes and fix buffer free placement in issuer-hash loading. |
| .github/workflows/threadx.yml | Bump actions/cache to v4. |
| .github/workflows/msys2.yml | Bump actions/checkout to v4. |
| .github/workflows/haproxy.yml | Bump actions/checkout to v4. |
Comments suppressed due to low confidence (2)
src/internal.c:1
- This changes the error code returned by
InitSSLfromWOLFSSL_FAILUREtoBAD_STATE_E. IfInitSSLis part of an API surface where callers expect the usualWOLFSSL_SUCCESS/WOLFSSL_FATAL_ERROR(or similar) convention, this can be a breaking/behavioral change. Consider keeping the return codes consistent with otherInitSSLfailure paths (or mapping internal errors to the established public error convention) and document the rationale if a different code is required.
src/internal.c:1 - This collapses the underlying
wolfSSL_set_quic_methodfailure into a genericWOLFSSL_FATAL_ERROR, losing the originalretvalue. Ifretconveys actionable detail (or is already in the correct public error-code space), prefer returningretor translating specific errors explicitly so callers can diagnose configuration issues more precisely.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
dgarske
approved these changes
Mar 17, 2026
JacobBarthelmeh
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.