Conversation
walterchris
force-pushed
the
fix/CodeQL
branch
2 times, most recently
from
fb1bf65 to
0a64736
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses CodeQL/static-analysis findings in the OpenSSL provider plugin by tightening file-output handling for masked key material and cleaning up unused code/comments.
Changes:
- Write masked EC key blobs using
open()with explicit owner-only permissions beforefdopen()/fwrite(). - Remove unused variables/functions flagged by analysis.
- Add clarifying inline comments for key exchange and signing code paths.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/ossl_prov/src/azihsm_ossl_keymgmt_ec.c | Switch masked-key file writing to open() + fdopen() and improve parameter parsing comments. |
| plugins/ossl_prov/src/azihsm_ossl_keyexch.c | Add explanatory comments to EC point → DER SPKI encoding flow. |
| plugins/ossl_prov/src/azihsm_ossl_hsm.c | Simplify file-size validation comment/check; add explanatory comments in signing routine. |
| plugins/ossl_prov/src/azihsm_ossl_encoder_ec.c | Remove unused local buffers. |
| plugins/ossl_prov/src/azihsm_ossl_digest.c | Remove unused azihsm_ossl_newctx stub. |
Comments suppressed due to low confidence (1)
plugins/ossl_prov/src/azihsm_ossl_keymgmt_ec.c:515
- On the error paths after creating/truncating the masked-key file (e.g.,
fdopen()failure or short write), the code returns without removing the file. This can leave an empty or partially written sensitive blob on disk. The provider already unlinks in similar cases (e.g.,azihsm_ossl_hsm.c:136,azihsm_ossl_keyexch.c:574); consider unlinkinggenctx->masked_key_fileon these failures as well.
FILE *f = fdopen(fd, "wb");
if (f == NULL)
{
close(fd);
azihsm_key_delete(private);
azihsm_key_delete(public);
OPENSSL_cleanse(masked_key_buffer, masked_key_buffer_size);
OPENSSL_free(masked_key_buffer);
OPENSSL_free(ec_key);
ERR_raise(ERR_LIB_PROV, ERR_R_OPERATION_FAIL);
return NULL;
}
size_t written = fwrite(masked_key_buffer, 1, prop.len, f);
fclose(f);
if (written != prop.len)
{
azihsm_key_delete(private);
azihsm_key_delete(public);
OPENSSL_cleanse(masked_key_buffer, masked_key_buffer_size);
OPENSSL_free(masked_key_buffer);
OPENSSL_free(ec_key);
ERR_raise(ERR_LIB_PROV, ERR_R_OPERATION_FAIL);
return NULL;
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
walterchris
force-pushed
the
fix/CodeQL
branch
from
000d13d to
8f3e6cc
Compare
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
walterchris
force-pushed
the
fix/CodeQL
branch
from
8f3e6cc to
e3939fe
Compare
jaygmsft
added a commit
that referenced
this pull request
Feb 18, 2026
* Initial commit * Snapshot from main: 12/11/2025, top-level folder name update, and various fixes for actions * trigger actions on dev * Snapshot from main: 1/6/2026 (#11) * snapshot from main: 1/5/2026 * various action fixes * fix setup step in windows action * update install-symcrypt.ps1 * fix install_symcrypt xtask * add copyright to install-symcrypt.ps1 * Update code owners (#12) * snapshot from main: 1/8/26 8517678ca (#17) * [feature] Add toml formatting support (#13) * Add toml formatting support * Force LF line endings for TOML files so taplo works fine on Windows * Move location of .gitattributes * snapshot from main: 1/8/26 6a1187a4c (#21) * snapshot from main: 1/8/26 055aa926e * Remove symcrypt from SDK completely * Remove symcrypt from actions * update taplo.toml * add stages to precheck xtask (#24) * add stages to precheck xtask * update actions to use precheck stages * add audit xtask (#25) * add audit xtask * fix audit version number & fmt error * fix RUSTSEC-2024-0436, deny warnings in audit xtask, and remove unused paste dependencies * run audit precheck stage in actions (#30) * Merge Native API branch to dev (#38) * Merge native api * [BUILD] Remove Native API Build & Test in pipelines * [feat] ECC KeyGen and one-shot and streaming Sign/Verify native API (#22) * ECC KeyGen Native API * ECC Sign/Verify one-shot native API * ECC Sign/Verify streaming native API * Moving dispatch to FFI boundary * Moving key generation to specific modules * Added HMAC support in napi (#23) * Added HMAC support in napi * added HMAC tests * fixed clippy warning * Added Key Convertion from HsmGenericSecret key into Aes or Hmac * [feat] RSA wrapping keypair gen + SHA one-shot + SHA streaming native API (#26) * RSA key unwrapping key pair generation * SHA one-shot native api * SHA streaming native api * [fix] Fixed HMAC Verify Context (#27) * Added HMAC support in napi * added HMAC tests * fixed clippy warning * Added Key Convertion from HsmGenericSecret key into Aes or Hmac * Added HMAC Verify Context * Validate AES Key Properties (#28) * initial key properties check * Added key prop test cases * added HsmKeyPropFlags check * Addressing review comments * added test to validate token AES key gen * [feat] HMAC one-shot and streaming native API (#29) HMAC one-shot and streaming native API * Ecc key prop validation (#31) * added key prop validation for ECC * added rust doc comments * Fixed clippy warning --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Validate RSA properties (#32) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Implement cpp code formatting check/fix via xtask fmt * Fix clippy errors * [build] Add cpp code formatting checks (#34) * Implement cpp code formatting check/fix via xtask fmt * Fix clippy errors * Fix audit violation for atty * Check Generic Secret Key properties (#33) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * [feat] Key Unwrap, RSA Encrypt/Decrypt, RSA Sign/Verify Native API (#35) * Remove audit.toml and fix typo in cargo xtask main * Fix windows build break * [build] Cleanup for merge to devi This commit contains following 1. Delete old api folder 2. Rename napi folder to api 3. Integrate OpenSSL Provider into the build system * Fix build break * Disable clang-format in pipeline * Fix build break in ossl provider * Implement Key Unmasking for AES, ECC & RSA Keys (#36) This pull request implements key unmasking functionality for AES, ECC, and RSA keys, allowing keys to be reconstructed from their masked representation. The PR also includes API renaming (RsaAesKeywrap → RsaAesKeyWrap) and removes unused key property functions. Changes: Implements key unmasking traits and algorithms for AES, ECC, and RSA keys Adds masked key parsing infrastructure to extract key properties from masked key blobs Refactors existing tests and adds comprehensive unmask tests for all key types Renames algorithm identifier from RsaAesKeywrap to RsaAesKeyWrap across codebase Removes unused key property flags and methods (PRIVATE, MODIFIABLE, COPYABLE, DESTROYABLE, ALWAYS_SENSITIVE, NEVER_EXTRACTABLE) Updates check_supported_flags to allow SENSITIVE, EXTRACTABLE, and LOCAL flags universally * [feat] RSA Sign/Verify Streaming Native API * [feat] Add key unmasking and property API enhancements (#37) * [feat] Add key unmasking and property API enhancements This commit implements key unmasking capabilities for AES, RSA, and ECC keys, allowing keys to be restored from their masked (encrypted) state. It also standardizes key property handling and updates the native C API to support these features. Key changes: - Add azihsm_key_unmask() for symmetric keys (AES) - Add azihsm_key_unmask_pair() for asymmetric key pairs (RSA, ECC) - Implement unmask operations in algo modules (aes, rsa, ecc) - Rename azihsm_keypair_unwrap to azihsm_key_unwrap_pair for consistency - Enhance azihsm_key_get_prop to support all key types - Refactor shared_types.rs to use zerocopy derives and remove TryFrom impls - Simplify error handling in masked_key.rs (use return instead of Err?) - Update key property IDs to match revised documentation - Add copy_to_key_prop helper for property buffer management - Add comprehensive tests for key unmasking operations - Update documentation to reflect new key property IDs * Fix OSSL Provider * [refactor] Rename AZIHSM_ERROR to AZIHSM_STATUS --------- Co-authored-by: Vishal Mhatre <38512878+mhatrevi@users.noreply.github.com> Co-authored-by: Rajesh Gali <g.rajesh@live.com> Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> Co-authored-by: Vishal Mhatre <vishal.mhatre@gmail.com> * Fix cargo Collison warnings (#42) * fix: rename provider from azishm to azihsm (#46) Signed-off-by: Christian Walter <christian.walter@9elements.com> * [feat] Implement Asymmetric Key Report Generation (#44) * [test] Native test update (#45) * [feat] Add slice-based API for AES XTS and GCM fast path operations (#50) * [feat] Add slice-based API for AES XTS fast path operations * [feat] Add slice-based API for AES XTS fast path operations * Addressing PR feedback: Iteration 1 * Consolidate DdiReqHdr construction with a single builder function (#51) * [feat] Key Attestation Native API (#52) Key Attestation Native API * [feat] Add github copilot instructions (#53) * Adding copilot-instructions.md * Resolve copilot PR feedback * Resolve PR feedback * generate code coverage report during actions (#43) * install cargo-llvm-cov in setup xtask * add coverage xtask & enable in actions * update coverage report location in actions * fix fmt errors * merge branch 'dev' into users/v-davidz/add_cargo-llvm-cov & fix windows 'os error 3' * attempt fix of missing cobertura_sdk.xml artifact on ubuntu * remove console coverage report, fix exclusion of xtask coverage data, & debug missing coverage artifacts on ubuntu * fix ./target/report location & remove debug step in actions * disable code coverage stage in local precheck * upgrade ubuntu in actions to 24.04 (#57) * [update] AES native API udpate + misc fixes (#54) * Add support for retrieving device cert chain (#60) * Add merge_group trigger to Rust workflow (#63) * Update copilot instructions (#62) * Update copilot instructions * Update .github/copilot-instructions.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Validating Device returned key properties (#48) * add check to validate device returned key props * fixed clippy warning * updated keybit len in CPP HMAC SH512 test * Added ECDH Device property checks * addressing copilot comments * Addressing review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * [ci] Remove redundant test steps (#71) * Update fmt command to use nightly toolchain (#68) * Initial plan * Update fmt command to use nightly toolchain Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: Jayant Gandhi <jayg@microsoft.com> * Remove duplicate copyright header in hash_sign_tests.rs (#66) * Initial plan * Remove duplicate copyright line from hash_sign_tests.rs Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Add copilot-setup-steps.yml for GitHub Copilot coding agent (#67) * Initial plan * Add copilot-setup-steps.yml for GitHub Copilot coding agent Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * feat: add dgst operations for sha1, sha256, sha384, sha512 (#47) This commit adds sha1, sha256, sha384 and sha512 dgst operation. Signed-off-by: Christian Walter <christian.walter@9elements.com> * Refine xtask copyright header repair to update existing Microsoft notices (#65) * Initial plan * Improve copyright fix handling Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Refine copyright replacement logic Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Align imports with nightly rustfmt Co-authored-by: vsonims <39780523+vsonims@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: vsonims <39780523+vsonims@users.noreply.github.com> * [Feat] AES XTS Encryption & Decryption (#55) * initial aes xts commits * added XTS Enc/Dec * fixed clippy warning * added xts key prop tests * Updated DUL max size * addressing review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Create github cache setup workflow (#80) Co-authored-by: Vishal Soni <vsoni@microsoft.com> * Enable CI Workflow Cache (#81) * Remove println statement from production Rust code (#79) * Initial plan * Remove println statement from crates/crypto/src/aes/cbc_cng.rs Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: Vishal Soni <39780523+vsonims@users.noreply.github.com> * schedule rust.yml to trigger daily at midnight PST (#82) Co-authored-by: Vishal Soni <39780523+vsonims@users.noreply.github.com> * Add Session and Masked attributes to the EC key generation (#39) * feat: update provider readme Signed-off-by: Christian Walter <christian.walter@9elements.com> * add provider .so auto-copy with --features provider - Add 'provider' feature to ossl_prov that triggers auto-copy of built .so - Add copying of the provider itself as a CMake post step Signed-off-by: Christian Walter <christian.walter@9elements.com> * feat: add session and masked flag to EC key generation This commit adds the session flag through azihsm.session:true/false through pkeyopt. It also adds the export of the masked key through a pkeyopt with azihsm.masked_key:{filepath}. Signed-off-by: Christian Walter <christian.walter@9elements.com> --------- Signed-off-by: Christian Walter <christian.walter@9elements.com> * Upgrade Rust toolchain from 1.90 to 1.92 (#77) * Initial plan * Upgrade Rust version from 1.90 to 1.92 Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Final update: All tests pass with Rust 1.92 Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Remove CodeQL build artifacts and add to .gitignore Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Fix clippy errors for Rust 1.92 compatibility Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Fix for windows build --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: Jayant Gandhi <jayg@microsoft.com> * Update copilot-setup-steps.yml (#83) * Move file * Update .github/workflows/copilot-setup-steps.yml * Resolve PR feedback * Resolve PR feedback * Return PEM cert chains as String and unify API (#85) * Initial plan * Update cert_chain to return String Co-authored-by: vsonims <39780523+vsonims@users.noreply.github.com> * Fix PEM chain formatting and test validation Co-authored-by: vsonims <39780523+vsonims@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: vsonims <39780523+vsonims@users.noreply.github.com> * Add Copilot coding agent guidance to repository instructions (#70) * Initial plan * Add Copilot coding agent guidance Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Refine Copilot artifact examples Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * fix: remove debug printf statements and replace with proper err handling (#92) Signed-off-by: Christian Walter <christian.walter@9elements.com> * [feat] Partition/Session Properties and Handle management Native API (#59) * [feat] Partition Properties Native API * Addressing feedback: Iteration 1 * [feat] Session property and Handle management native APIs * Addressing feedback: Iteration 2 * Fixing get_prop_manufacturer_cert test * [fix] Update AzihsmStr::from_string method to prevent a memory leak in AzihsmStr::drop method (#94) * [feat] Native AES XTS Encryption/Decryption support (#93) * initial native XTS support * fixed clippy warning * added AES XTS native tests * addressing review comments * updated comment * rename dul to data_unit_length, to match with doc * Addrressed review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * [feat] Adding TPM Crate (#96) * [feat] Enable clippy rules (#102) * [feat] Enable clippy rules * Replace std::sync::Mutex with parking_lot::Mutex in TPM device modules (#103) * Initial plan * Replace std::sync::Mutex with parking_lot::Mutex in tpm device modules Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * [WIP] Enable clippy rules to enforce parking_lot usage (#104) * Initial plan * Fix formatting: add blank lines between std and external imports Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> * Enable clippy rules to warn on unwrap use in product code (#105) * enable clang-format & pin clang-format to version 18 (#64) * pin clang-format to version 18 * output cargo command versions during setup and execution * use more specific name for rust_toolchain clone * fix fmt errors * add version constants to setup.rs & remove old version checking logic from rust.yml * put conditional check on Linux-specific constant * pin clang-format in fmt.rs * disable clang-format on windows in CI and precheck * relocate conditional check to precheck.rs * fix fmt errors * remove --skip-clang flag * CR feedback * add skip_clang flag to precheck * [update] Adding 'seed' parameter to azihsm_sess_open native API (#110) * AES XTS key Unwrap and unmask support (#72) * initial aes xts commits * added XTS Enc/Dec * added xts key prop tests * addressing review comments * added XTS Enc/Dec * initial XTS unwrap * unmask xts key support * fix clippy warning * Updated xts dev prop validation * addressing PR comments * Added native tests for XTS key unwrap/unmask * Adressing review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Snapshot from main 57950dfd (#113) * feat: modify part_init to load bmk and mobk (#95) Signed-off-by: Christian Walter <christian.walter@9elements.com> * Added Inner struct for Key Pair (#112) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Snapshot from main 8b7bdb94 (#114) * cherrypick# PR 14524803, added key_length to Masked Key Metadata * Merged HMAC changes * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> Co-authored-by: Jayant Gandhi <jayg@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat: add OpenSSL store provider for azihsm:// URI scheme (#97) * feat: add OpenSSL store provider for azihsm:// URI scheme Implements OSSL_OP_STORE to allow loading keys via URIs like: azihsm:///path/to/masked_key.bin;type=ec The store provider: - Parses azihsm:// URIs with path and type attributes - Reads masked key files from the filesystem - Unmaskes keys via HSM using azihsm_key_unmask_pair - Returns key handles via OSSL_OBJECT_PARAM_REFERENCE - Supports EC keys Signed-off-by: Christian Walter <christian.walter@9elements.com> * feat: add ECDSA signature generation (#98) * feat: add ECDSA signature generation Implements ECDSA signature operations: - One-shot sign/verify for pre-hashed data - Streaming digest_sign/verify for automatic hashing - Support for SHA-1, SHA-256, SHA-384, SHA-512 Removes the old stub signature.c in favor of split _ec.c and _rsa.c files. Signed-off-by: Christian Walter <christian.walter@9elements.com> * snapshot from main 270b3dc0 (#117) Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * Updated ECC Pub key to allow Derive prop (#121) * Updated ECC Pub key to allow Derive prop * addressing PR review comments --------- Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> * [feat] Add support for unmasking shared secret keys (#123) * [update] HMAC get props and key deletion support (#124) * Add EC Key unwrapping (#118) * feat: add key import to EC key generation Signed-off-by: Christian Walter <christian.walter@9elements.com> * [update] Umasking support for HMAC keys (#138) * Update copyright headers to MIT format (#132) * Add MIT License to the project (#133) * Add Microsoft Open Source Code of Conduct (#134) This document outlines the Microsoft Open Source Code of Conduct and provides resources for adherence. * Create SUPPORT file with issue filing guidelines (#137) * Create SUPPORT file with issue filing guidelines Added support documentation for filing issues and getting help. * Correct capitalization of 'GitHub' and project name * Enable CodeQL (#109) * Enable CodeQL * Explicitly set rust build mode to none * [fix] Issue #125: Added key id guard to unmask op (#140) * Remove SUPPORT (#146) * Add CONTRIBUTING guidelines for the project (#136) * Add CONTRIBUTING guidelines for the project Added guidelines for contributing to the project, including the fork-and-pull model and communication with maintainers. * Revise CONTRIBUTING.md with CLA and Code of Conduct Updated contributing guidelines to include CLA information and Code of Conduct. * Enhance README with build and contribution details (#141) * Enhance README with build and contribution details Expanded the README.md to include detailed build steps, testing instructions, and contribution guidelines. * Update README.md --------- Co-authored-by: Jayant Gandhi <jayg@microsoft.com> * Added partition reset (#147) * Implement AES GCM Support (#91) * [feat] TPM integration with partition initialization (#107) * Updated MaskedKeyAtrrib fields in sim layer. (#116) * Remove internal links (#151) * Remove dev branches from CI (#150) * Re-enable CI for dev (#153) * Cache fail behavior (#154) * Remove tests from C++ codeql build (#156) * Add support for owner endoresement of partition (#159) * feat: improve key deletion (#144) Properly pass over key ownership and only delete keys if its owned by us. Signed-off-by: Christian Walter <christian.walter@9elements.com> * Fix OBK (#157) The provider was incorrectly feeding the masked owner backup key (MOBK) back as the owner backup key (OBK) on subsequent runs. The OBK is the raw key for init_bk3, not the encrypted MOBK returned by the HSM. - Always use DEFAULT_OBK or custom OBK from file for part_init - Remove MOBK write-back logic (no longer needed) - Guard free_buffer on static DEFAULT_OBK to prevent segfault - Rename mobk_path -> obk_path and AZIHSM_DEFAULT_MOBK_PATH -> AZIHSM_DEFAULT_OBK_PATH - Remove debug fprintf statements Signed-off-by: Christian Walter <christian.walter@9elements.com> * Add ECDH to OpenSSL provider (#130) feat: add ECDH feature Signed-off-by: Christian Walter <christian.walter@9elements.com> * Test cleanup (#161) * Add POTA Endorsement (#164) * feat: add proper MUK handling (#145) * Replace azihsm_free_handle with type-dispatched azihsm_free_ctx_handle (#170) * Renaming _final to _finish for api names (#174) * Add RSA signature generation (#128) * feat: extend store provider for RSA-PSS key loading * feat: add RSA key generation * feat: add RSA-PKCS1 and RSA-PSS signature generation * fix: check has_private in sign_init to prevent signing with public-only keys When loading keys via OSSL_STORE with expect=OSSL_STORE_INFO_PUBKEY, has_private is set to false but the private handle remains populated. Since the signature implementation used key.priv directly without checking has_private, this allowed signing with keys loaded as public-only, violating OpenSSL semantics. Add explicit has_private checks in all sign_init functions (RSA and EC) that fail with PROV_R_NOT_A_PRIVATE_KEY when the key lacks a private component. * refactor: use two-step query to get size of masked key buffers The previous implementation used a fixed 8192-byte buffer for masked key retrieval and did not handle AZIHSM_STATUS_BUFFER_TOO_SMALL. If the masked key blob exceeded this size, the operation would fail with a generic error. Now uses the HSM's two-step query feature: 1. First call with NULL/0 to query required buffer size 2. Allocate exact buffer size 3. Second call to retrieve data Signed-off-by: Jens Topp <jens.topp@9elements.com> --------- Signed-off-by: Jens Topp <jens.topp@9elements.com> * Feat/add hkdf (#172) * feat: add HKDF Signed-off-by: Christian Walter <christian.walter@9elements.com> * Add rand_vec to Rng (#177) * Code QL Fixes (#175) * fix: CodeQL Fixes Signed-off-by: Christian Walter <christian.walter@9elements.com> * feat: add NO_FOLLOW to open Signed-off-by: Christian Walter <christian.walter@9elements.com> --------- Signed-off-by: Christian Walter <christian.walter@9elements.com> * feat: add RSA-PKCS1 and RSA-OAEP encryption (#139) * Fix more CodeQL issues (#181) --------- Signed-off-by: Christian Walter <christian.walter@9elements.com> Signed-off-by: Jens Topp <jens.topp@9elements.com> Co-authored-by: zimmy87 <zimmy87@gmail.com> Co-authored-by: Jayant Gandhi <jayg@microsoft.com> Co-authored-by: Vishal Mhatre <38512878+mhatrevi@users.noreply.github.com> Co-authored-by: Rajesh Gali <g.rajesh@live.com> Co-authored-by: Rajesh Gali <rajeshgali@microsoft.com> Co-authored-by: Vishal Mhatre <vishal.mhatre@gmail.com> Co-authored-by: Christian Walter <christian.walter@9elements.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: jaygmsft <22506014+jaygmsft@users.noreply.github.com> Co-authored-by: CPiccini <47435428+CPiccini@users.noreply.github.com> Co-authored-by: Jens Topp <jens.topp@9elements.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.