Fix alert type for missing cert. Prevent building with RNG disabled and blinding enabled by default. Enforce bounds for AES CMAC size in verify.#10462
Open
kareem-wolfssl wants to merge 4 commits into
Conversation
…as none set. Thanks to Cal Page for the report.
…G_MIN_SZ, WC_AES_BLOCK_SIZE]. Fixes F-3084.
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR hardens cryptographic configuration and CMAC verification behavior, and corrects a TLS 1.3 alert for missing client certificates.
Changes:
- Prevent builds that combine
WC_NO_RNGwith blinding options (unless explicitly acknowledged). - Enforce AES-CMAC tag length bounds in verify APIs and return
MAC_CMP_FAILED_Eon mismatch. - Send TLS 1.3
certificate_requiredalert when the client can’t provide a required certificate; update docs/tests accordingly.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
wolfssl/wolfcrypt/settings.h |
Avoid enabling Curve25519 blinding when RNG is disabled; add build-time error for blinding+no-RNG configurations. |
wolfcrypt/src/cmac.c |
Enforce CMAC tag-size bounds; prevent callback-driven size tampering; return consistent mismatch error. |
tests/api/test_cmac.c |
Add coverage for CMAC verify bounds, truncation behavior, and mismatch return code. |
src/tls13.c |
Fix TLS 1.3 alert to certificate_required for missing client certificate. |
doc/formats/html/doxygen_warnings |
Adds a doxygen warnings output file. |
doc/dox_comments/header_files/cmac.h |
Update doxygen docs for new CMAC verify behavior and examples. |
.wolfssl_known_macro_extras |
Add an acknowledgment macro to the known-macros list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+4226
to
+4237
| /* WC_NO_RNG silently removes RSA blinding, as blinding depends on the RNG. | ||
| * Refuse to build until the conflict is resolved or the loss of hardening is | ||
| * explicitly acknowledged via WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS. */ | ||
| #if defined(WC_NO_RNG) && ((defined(WC_RSA_BLINDING) && !defined(NO_RSA)) || \ | ||
| (defined(HAVE_CURVE25519) && defined(WOLFSSL_CURVE25519_BLINDING)) || \ | ||
| (defined(HAVE_ECC) && defined(WOLFSSL_ECC_BLIND_K))) && \ | ||
| !defined(WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS) | ||
| #error "Blinding is enabled but the RNG is disabled. Either remove \ | ||
| WC_NO_RNG to enable the RNG, disable blinding by removing WC_RSA_BLINDING/\ | ||
| WOLFSSL_CURVE25519_BLINDING/WOLFSSL_ECC_BLIND_K, or acknowledge the loss of \ | ||
| blinding by defining WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS." | ||
| #endif |
| WC_RSA_NONBLOCK | ||
| WC_RSA_NONBLOCK_TIME | ||
| WC_RSA_NO_FERMAT_CHECK | ||
| WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS |
Comment on lines
+1
to
+30
| warning: source '../../mainpage.dox' is not a readable file or directory... skipping. | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:572: warning: no matching file member found for | ||
| wc_AsconAEAD128 * wc_AsconAEAD128_New(void) | ||
| Possible candidates: | ||
| 'wc_AsconAEAD128 * wc_AsconAEAD128_New(void)' at line 110 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:5565: warning: no matching file member found for | ||
| long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg) | ||
| Possible candidates: | ||
| 'long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg)' at line 5462 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:1376: warning: no matching file member found for | ||
| void * wolfSSL_GetCookieCtx(WOLFSSL *ssl) | ||
| Possible candidates: | ||
| 'void * wolfSSL_GetCookieCtx(WOLFSSL *ssl)' at line 539 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:65: warning: The following parameters of wc_AsconHash256_Final(wc_AsconHash256 *a, byte *hash) are not documented: | ||
| parameter 'a' | ||
| parameter 'hash' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:34: warning: The following parameters of wc_AsconHash256_Update(wc_AsconHash256 *a, const byte *data, word32 dataSz) are not documented: | ||
| parameter 'a' | ||
| parameter 'data' | ||
| parameter 'dataSz' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/cryptocb.h:8: warning: The following parameter of wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void *ctx) is not documented: | ||
| parameter 'ctx' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:555: warning: The following parameter of wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, const uint8_t *enc, size_t enclen, const uint8_t *iv, const uint8_t *aad, size_t aadlen) is not documented: | ||
| parameter 'enclen' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:428: warning: The following parameter of wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: | ||
| parameter 'aead_cipher' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:449: warning: The following parameter of wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: | ||
| parameter 'aead_cipher' | ||
| /home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:407: warning: The following parameter of wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: | ||
| parameter 'aead_cipher' |
| byte truncMac[WC_AES_BLOCK_SIZE]; | ||
| word32 truncSz; | ||
| word32 lengths[] = { WC_CMAC_TAG_MIN_SZ, 8, WC_AES_BLOCK_SIZE - 1 }; | ||
| word32 li; |
| _Example_ | ||
| \code | ||
| byte mac[AES_BLOCK_SIZE]; | ||
| Cmac cmac; |
| byte key[16], msg[64]; | ||
|
|
||
| int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg, | ||
| int ret = wc_AesCmacVerify_ex(&cmac, mac, sizeof(mac), msg, |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes zd#21507, F-2624, F-3084.
Testing
Built in tests
Checklist