Skip to content

Add buffer size and callback checks to wc_LmsKey_Sign#10084

Open
holtrop-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
holtrop-wolfssl:zd21439
Open

Add buffer size and callback checks to wc_LmsKey_Sign#10084
holtrop-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
holtrop-wolfssl:zd21439

Conversation

@holtrop-wolfssl
Copy link
Copy Markdown
Contributor

@holtrop-wolfssl holtrop-wolfssl commented Mar 26, 2026

Description

Add buffer size and callback checks to wc_LmsKey_Sign

Fixes ZD#21439

Testing

Added unit tests to reproduce ZD bug report. Tested with and without fix in place.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@holtrop-wolfssl holtrop-wolfssl self-assigned this Mar 26, 2026
Copilot AI review requested due to automatic review settings March 26, 2026 19:21
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds stricter input validation to wc_LmsKey_Sign to prevent signing when the output buffer is too small or when required callbacks/context are missing, along with unit tests reproducing the reported issue (ZD#21439).

Changes:

  • Add signature buffer size validation in wc_LmsKey_Sign.
  • Require read/write private-key callbacks and context to be configured before signing.
  • Add unit tests covering the new validation failures.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
wolfcrypt/src/wc_lms.c Adds early validation for signature buffer size, callbacks, and context in wc_LmsKey_Sign.
wolfcrypt/test/test.c Adds unit tests to ensure wc_LmsKey_Sign returns expected errors for invalid inputs.
Comments suppressed due to low confidence (4)

wolfcrypt/test/test.c:1

  • These casts convert msg to a non-const byte*, which discards constness even though wc_LmsKey_Sign takes a const byte* message pointer. Prefer passing msg without a cast (or casting to const byte* if needed) to avoid hiding accidental mutation and to keep const-correctness in the test.
    wolfcrypt/test/test.c:1
  • These casts convert msg to a non-const byte*, which discards constness even though wc_LmsKey_Sign takes a const byte* message pointer. Prefer passing msg without a cast (or casting to const byte* if needed) to avoid hiding accidental mutation and to keep const-correctness in the test.
    wolfcrypt/test/test.c:1
  • These casts convert msg to a non-const byte*, which discards constness even though wc_LmsKey_Sign takes a const byte* message pointer. Prefer passing msg without a cast (or casting to const byte* if needed) to avoid hiding accidental mutation and to keep const-correctness in the test.
    wolfcrypt/test/test.c:1
  • These casts convert msg to a non-const byte*, which discards constness even though wc_LmsKey_Sign takes a const byte* message pointer. Prefer passing msg without a cast (or casting to const byte* if needed) to avoid hiding accidental mutation and to keep const-correctness in the test.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@holtrop-wolfssl holtrop-wolfssl marked this pull request as ready for review March 27, 2026 03:53
Copilot AI review requested due to automatic review settings March 27, 2026 03:53
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings March 27, 2026 12:49
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@holtrop-wolfssl holtrop-wolfssl added the For This Release Release version 5.9.1 label Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@holtrop-wolfssl @wolfSSL-Bot