F-1899 : fix potential heap buffer over-read#220
F-1899 : fix potential heap buffer over-read#220miyazakh wants to merge 4 commits intowolfSSL:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses robustness and safety in signing/verification workflows, primarily targeting Dilithium signing error handling to prevent potential heap misuse, and extends regression coverage via shell tests.
Changes:
- Refactors
wolfCLU_sign_data_dilithiumto improve cleanup/error-path handling and avoid unsafe buffer usage patterns. - Updates ECC sign/verify to hash input data before calling ECDSA primitives.
- Adds Dilithium negative-path regression tests to ensure failures don’t create output files.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| tests/genkey_sign_ver/genkey-sign-ver-test.sh | Adds Dilithium failure-mode tests (invalid output path, wrong key type, corrupted key) and cleans up new artifacts. |
| src/x509/clu_x509_sign.c | Adjusts wolfSSL_BIO_get_fp calls (casts) while loading key material for Chimera cert signing. |
| src/sign-verify/clu_verify.c | Changes ECC verification to hash input data prior to wc_ecc_verify_hash. |
| src/sign-verify/clu_sign.c | Changes ECC signing to hash input data prior to wc_ecc_sign_hash; refactors Dilithium signing for safer handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
miyazakh
force-pushed
the
f-1899_heapbuffer_over-read
branch
from
dc2f472 to
4328349
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: REQUEST_CHANGES
Findings: 3 total — 2 posted, 1 skipped
Posted findings
- [High]
wc_dilithium_initfailure not captured inret— execution continues on error —src/sign-verify/clu_sign.c:648-650 - [Medium] Error log for allocation failure prints stale
retvalue (always 0) —src/sign-verify/clu_sign.c:724-725
Skipped findings
- [Info] Extra blank line where
XMEMSETwas removed
Review generated by Skoll via openclaw
add test coverage
migrate tests to python
miyazakh
force-pushed
the
f-1899_heapbuffer_over-read
branch
from
620f391 to
7d03ee9
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| keyFile = XFOPEN(keyPath, "rb"); | ||
| if (keyFile == NULL) { | ||
| wolfCLU_LogError("Faild to open Private key FILE."); | ||
| wolfCLU_LogError("Failed to open Private key FILE."); |
There was a problem hiding this comment.
The error path when opening the Dilithium public key logs "Failed to open Private key FILE." even though this function is reading a public key (see the preceding comment "open and read public key"). Please correct the message to reference the public key to avoid confusing diagnostics.
| wolfCLU_LogError("Failed to open Private key FILE."); | |
| wolfCLU_LogError("Failed to open Public key FILE."); |
| XFWRITE(outBuf, 1, outBufSz, outFile); | ||
| XFCLOSE(outFile); |
There was a problem hiding this comment.
Signature write success isn’t validated: if XFWRITE() fails (disk full, permission issues, etc.), ret remains 0 and the function will return success. Check the XFWRITE() result and convert failures into an error code (and ideally avoid leaving a partially-written output file).
| XFWRITE(outBuf, 1, outBufSz, outFile); | |
| XFCLOSE(outFile); | |
| size_t written = XFWRITE(outBuf, 1, outBufSz, outFile); | |
| if (written != outBufSz) { | |
| wolfCLU_LogError("Failed to write signature to output file %s", | |
| out); | |
| ret = IO_FAILED_E; | |
| } | |
| if (XFCLOSE(outFile) != 0 && ret == 0) { | |
| wolfCLU_LogError("Failed to close output file %s", out); | |
| ret = IO_FAILED_E; | |
| } | |
| if (ret != 0) { | |
| XREMOVE(out); | |
| } |
| with open(corrupt_key, "w") as f: | ||
| f.write("INVALID KEY DATA") |
There was a problem hiding this comment.
This test writes a file intended to be parsed as DER (-inform der), but opens it in text mode ("w"). On Windows this can introduce newline translation and make the test less predictable. Open the corrupted key file in binary mode ("wb") for consistency with other tests (e.g., RSA invalid key test).
| with open(corrupt_key, "w") as f: | |
| f.write("INVALID KEY DATA") | |
| with open(corrupt_key, "wb") as f: | |
| f.write(b"INVALID KEY DATA") |
| if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || | ||
| (int)XFREAD(privBuf, 1, privFileSz, privKeyFile) != privFileSz) { | ||
| wolfCLU_LogError("Incorrect private key file size: %d", privFileSz); | ||
| ret = WOLFCLU_FATAL_ERROR; | ||
| } |
There was a problem hiding this comment.
This failure condition covers both seek/read errors (not just size mismatches), but the log message always reports an "Incorrect private key file size". Consider logging a more accurate read/seek failure message (or splitting the checks) to make debugging I/O errors easier.
| if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || | |
| (int)XFREAD(privBuf, 1, privFileSz, privKeyFile) != privFileSz) { | |
| wolfCLU_LogError("Incorrect private key file size: %d", privFileSz); | |
| ret = WOLFCLU_FATAL_ERROR; | |
| } | |
| if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0) { | |
| wolfCLU_LogError("Failed to seek to beginning of private key file."); | |
| ret = WOLFCLU_FATAL_ERROR; | |
| } | |
| else if ((int)XFREAD(privBuf, 1, privFileSz, privKeyFile) != privFileSz) { | |
| wolfCLU_LogError("Failed to read private key file: expected %d bytes.", | |
| privFileSz); | |
| ret = WOLFCLU_FATAL_ERROR; | |
| } |
Fix potential heap buffer over-read
Refactor
wolfCLU_sign_data_dilithiumAdd test coverage
Depend on : #219