Conversation
In `quic_record_transfer()`, the unsigned subtraction `qr->end - qr->start` could wrap around if `end < start`, and the subsequent `len <= 0` check was ineffective on a `word32`. Move the comparison before the subtraction so the function returns `0` safely. In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a single byte, silently truncating names longer than 255 characters while `XMEMCPY` still copied the full string. Add a 255-byte length validation in both `wolfSSL_CTX_GenerateEchConfig()` and `GetEchConfig()`, and cache the length in a local variable to avoid redundant `XSTRLEN` calls.
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer instead of output buffer, consistent with all other AEAD ciphers (src/tls13.c) - Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM decrypt path (src/internal.c) - Fix SM2 certificate signature verification for certs using id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm. OpenSSL creates SM2 cert signatures without the standard distinguishing identifier in the ZA hash. The SM2k code path already handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c) - Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh They had expired.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32 (WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20), completely disabling key-based OCSP responder ID matching. This caused OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against any server using a key-based responder ID (e.g. login.live.com). Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before passing to CA lookup functions that compare the full KEYID_SIZE.
OpenSSL 3.5+ handles the OIDs differently.
LinuxJedi
force-pushed
the
static-fixes2
branch
from
23a4a9c to
7248ca3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This includes