Skip to content

Fenrir fixes#236

Merged
rlm2002 merged 10 commits into
wolfSSL:masterfrom
cconlon:fenrirJuly26
Jul 6, 2026
Merged

Fenrir fixes#236
rlm2002 merged 10 commits into
wolfSSL:masterfrom
cconlon:fenrirJuly26

Conversation

@cconlon

@cconlon cconlon commented Jul 6, 2026

Copy link
Copy Markdown
Member

This PR includes fixes for 11 Fenrir items:

  • RSA PSS verify (F-4434): honor the caller-provided saltLen in Rsa.wc_RsaPSS_VerifyCheck().
  • Android gradlew (F-5402): update the wrapper scripts to a newer version.
  • AES-GCM / AES-CCM (F-3569, F-3570): fix a native authTag buffer leak in the encrypt wrappers.
  • CertManager (F-5397, F-5398): handle null file/directory args in CertManagerLoadCA() and honor caller-provided buffer sizes in the WolfSSLCertManager wrappers.
  • RSA (F-5399, F-5400): validate caller-provided sizes against actual buffer lengths in the Rsa wrappers.
  • ML-KEM (F-6436): gate JNI code on WOLFSSL_HAVE_MLKEM only, removing the unused HAVE_MLKEM macro.
  • ASN.1 (F-3997): validate hash and output buffer sizes in the Asn.encodeSignature() wrappers.
  • Ant build (F-5403): pin the classpath to wolfcrypt-jni.jar instead of a lib/*.jar glob.

@cconlon cconlon self-assigned this Jul 6, 2026
Copilot AI review requested due to automatic review settings July 6, 2026 15:23

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a set of Fenrir-tracked hardening and correctness issues across the wolfcrypt JNI bindings, primarily by tightening size/NULL validation in native wrappers, fixing an authTag buffer handling issue in AES-GCM/CCM encrypt wrappers, and adding/expanding regression tests. It also includes small build/packaging improvements (Ant classpath pinning, Gradle wrapper script updates) and a minor ML-KEM compile-time gating cleanup.

Changes:

  • Add/extend JNI parameter validation (buffer sizes, optional NULL args) and adjust RSA-PSS verify to honor caller-provided saltLen.
  • Fix AES-GCM/CCM encrypt wrapper handling of authTag array release/commit to avoid leaking a native buffer/copy.
  • Add new JUnit4 regression tests and wire them into the test suite; tighten Ant classpath and update Android Gradle wrapper scripts.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/test/java/com/wolfssl/wolfcrypt/test/WolfSSLCertManagerTest.java New regression tests for CertManager CA loading behavior and size handling.
src/test/java/com/wolfssl/wolfcrypt/test/WolfCryptTestSuite.java Registers the new CertManager test class in the suite.
src/test/java/com/wolfssl/wolfcrypt/test/RsaTest.java Adds regression tests for RSA raw key size validation and RSA-PSS verify saltLen handling.
src/test/java/com/wolfssl/wolfcrypt/test/AsnTest.java Adds regression tests ensuring encodeSignature rejects invalid sizes (byte[] and ByteBuffer).
jni/jni_wolfssl_cert_manager.c Makes file/dir args optional and honors caller-provided buffer sizes for CertManager APIs.
jni/jni_rsa.c Adds size validation for raw public key decode/export and updates RSA-PSS verify path for non-default salt lengths.
jni/jni_mlkem.c Gates ML-KEM JNI compilation on WOLFSSL_HAVE_MLKEM only.
jni/jni_asn.c Adds hash/output buffer size validation in encodeSignature JNI wrappers.
jni/jni_aesgcm.c Fixes authTag array release mode in AES-GCM encrypt wrapper to avoid buffer leak.
jni/jni_aesccm.c Fixes authTag array release mode in AES-CCM encrypt wrapper to avoid buffer leak.
IDE/Android/gradlew.bat Updates Windows Gradle wrapper script.
IDE/Android/gradlew Updates POSIX Gradle wrapper script.
build.xml Pins Ant test/provider classpath to wolfcrypt-jni.jar directly (no lib/*.jar glob).
Comments suppressed due to low confidence (4)

jni/jni_wolfssl_cert_manager.c:429

  • GetByteArrayElements can return NULL (e.g., OOM), and the current code will still call into wolfSSL and then ReleaseByteArrayElements with a NULL pointer. That risks a native crash and can also mask the pending Java exception. Add a NULL check and return MEMORY_E (matching other OCSP paths in this file) before using or releasing buff.
    buff = (byte*)(*env)->GetByteArrayElements(env, in, NULL);
    buffSz = (word32)sz;

    ret = wolfSSL_CertManagerLoadCABuffer(cm, buff, buffSz, format);

    (*env)->ReleaseByteArrayElements(env, in, (jbyte*)buff, JNI_ABORT);

jni/jni_wolfssl_cert_manager.c:453

  • GetByteArrayElements may return NULL (e.g., OOM). The code currently passes buff directly to wolfSSL_CertManagerLoadCABuffer_ex and then calls ReleaseByteArrayElements unconditionally, which can crash if buff is NULL. Add a NULL check and return MEMORY_E before using or releasing buff.
    buff = (byte*)(*env)->GetByteArrayElements(env, in, NULL);
    buffSz = (word32)sz;

    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, buff, buffSz, format, 0,
        (word32)flags);

    (*env)->ReleaseByteArrayElements(env, in, (jbyte*)buff, JNI_ABORT);

jni/jni_wolfssl_cert_manager.c:494

  • If GetByteArrayElements returns NULL, this path will call wolfSSL_CertManagerVerifyBuffer and then ReleaseByteArrayElements with a NULL pointer, risking a crash. Add a NULL check and return MEMORY_E before using or releasing buff.
    buff = (byte*)(*env)->GetByteArrayElements(env, in, NULL);
    buffSz = (word32)sz;

    ret = wolfSSL_CertManagerVerifyBuffer(cm, buff, buffSz, format);

    (*env)->ReleaseByteArrayElements(env, in, (jbyte*)buff, JNI_ABORT);

jni/jni_wolfssl_cert_manager.c:562

  • GetByteArrayElements can return NULL (e.g., OOM), but this code unconditionally uses buff and then releases it. That can crash if buff is NULL. Add a NULL check and return MEMORY_E before using or releasing buff.
    buff = (byte*)(*env)->GetByteArrayElements(env, in, NULL);
    buffSz = (word32)sz;

    ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buff, buffSz, type);

    (*env)->ReleaseByteArrayElements(env, in, (jbyte*)buff, JNI_ABORT);


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cconlon cconlon assigned rlm2002 and unassigned cconlon Jul 6, 2026
@rlm2002 rlm2002 merged commit 43c0058 into wolfSSL:master Jul 6, 2026
144 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants