Skip to content

F-1370 : Tighten key_len check from >= to == #10122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
miyazakh wants to merge 1 commit into
base: master
Choose a base branch
from
+70 −24
Open

F-1370 : Tighten key_len check from >= to == #10122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 46 additions & 19 deletions doc/dox_comments/header_files/signature.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,22 @@
\brief This function returns the maximum size of the resulting signature.

\return Returns SIG_TYPE_E if sig_type is not supported. Returns
BAD_FUNC_ARG if sig_type was invalid. A positive return value indicates
BAD_FUNC_ARG if sig_type was invalid or key_len does not exactly match
the size of the expected key structure. A positive return value indicates
the maximum size of a signature.

\param sig_type A signature type enum value such as
WC_SIGNATURE_TYPE_ECC or WC_SIGNATURE_TYPE_RSA.
\param key Pointer to a key structure such as ecc_key or RsaKey.
\param key_len Size of the key structure.
\param key Pointer to the key structure corresponding to sig_type:
pass an ecc_key* (cast to const void*) for
WC_SIGNATURE_TYPE_ECC, or a RsaKey* for
Comment on lines +14 to +15
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This text calls out a cast to const void* for ecc_key* but not for RsaKey*, even though both convert implicitly to const void* in C/C++. Consider making this consistent (either remove the cast mention entirely, or mention it uniformly for both) to avoid implying different call requirements.

Suggested change
pass an ecc_key* (cast to const void*) for
WC_SIGNATURE_TYPE_ECC, or a RsaKey* for
pass an ecc_key* for WC_SIGNATURE_TYPE_ECC, or a RsaKey* for

Copilot uses AI. Check for mistakes.
WC_SIGNATURE_TYPE_RSA / WC_SIGNATURE_TYPE_RSA_W_ENC.
The caller is responsible for ensuring the pointer refers to the correct
type; this function cannot verify the actual runtime type of the object.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching the sig_type. Passing any other value
causes the function to return BAD_FUNC_ARG without dereferencing key.
The conventional idiom is to pass sizeof(*key) at the call site.
Comment on lines +13 to +22
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The updated docs state key_len “must be exactly …” unconditionally, but the tests show wc_SignatureGetSize(sig_type, NULL, key_len) is valid and returns 0 (even when key_len is non-matching). Please clarify the contract, e.g., “If key is non-NULL, key_len must be exactly …; if key is NULL, key_len is ignored and the function returns 0,” to avoid misleading API consumers.

Copilot uses AI. Check for mistakes.

_Example_
\code
Expand Down Expand Up @@ -43,16 +52,19 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
\return BAD_FUNC_ARG -173, bad function argument provided
\return BUFFER_E -132, output buffer too small or input too large.

\param hash_type A hash type from the enum wc_HashType such as
WC_HASH_TYPE_SHA256.
\param hash_type A hash type from the "enum wc_HashType" such as
"WC_HASH_TYPE_SHA256".
\param sig_type A signature type enum value such as
WC_SIGNATURE_TYPE_ECC or WC_SIGNATURE_TYPE_RSA.
\param data Pointer to buffer containing the data to hash.
\param data_len Length of the data buffer.
\param sig Pointer to buffer to output signature.
\param sig_len Length of the signature output buffer.
\param key Pointer to a key structure such as ecc_key or RsaKey.
\param key_len Size of the key structure.
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().

_Example_
\code
Expand Down Expand Up @@ -93,16 +105,19 @@ int wc_SignatureVerify(
\return BAD_FUNC_ARG -173, bad function argument provided
\return BUFFER_E -132, output buffer too small or input too large.

\param hash_type A hash type from the enum wc_HashType
such as WC_HASH_TYPE_SHA256.
\param hash_type A hash type from the "enum wc_HashType"
such as "WC_HASH_TYPE_SHA256".
\param sig_type A signature type enum value such as
WC_SIGNATURE_TYPE_ECC or WC_SIGNATURE_TYPE_RSA.
\param data Pointer to buffer containing the data to hash.
\param data_len Length of the data buffer.
\param sig Pointer to buffer to output signature.
\param sig_len Length of the signature output buffer.
\param key Pointer to a key structure such as ecc_key or RsaKey.
\param key_len Size of the key structure.
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().
\param rng Pointer to an initialized RNG structure.

_Example_
Expand Down Expand Up @@ -166,8 +181,11 @@ int wc_SignatureGenerate(
\param hash_len Length of the hash buffer
\param sig Pointer to buffer containing the signature
\param sig_len Length of the signature buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().

_Example_
\code
Expand Down Expand Up @@ -216,8 +234,11 @@ int wc_SignatureVerifyHash(enum wc_HashType hash_type,
\param hash_len Length of the hash buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().
\param rng Pointer to an initialized RNG structure

_Example_
Expand Down Expand Up @@ -266,8 +287,11 @@ int wc_SignatureGenerateHash(enum wc_HashType hash_type,
\param hash_len Length of the hash buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().
\param rng Pointer to an initialized RNG structure
\param verify If non-zero, verify the signature after generation

Expand Down Expand Up @@ -317,8 +341,11 @@ int wc_SignatureGenerateHash_ex(enum wc_HashType hash_type,
\param data_len Length of the data buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param key Pointer to the key structure corresponding to sig_type.
See wc_SignatureGetSize() for the type-safety constraints that apply
to this parameter.
\param key_len Must be exactly sizeof(ecc_key) or
sizeof(RsaKey) matching sig_type. See wc_SignatureGetSize().
\param rng Pointer to an initialized RNG structure
\param verify If non-zero, verify the signature after generation

Expand Down
14 changes: 14 additions & 0 deletions tests/api/test_signature.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,13 @@ int test_wc_SignatureGetSize_ecc(void)
sig_type = WC_SIGNATURE_TYPE_ECC;
ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
key_len = (word32)0;
ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* key_len must be exactly sizeof(ecc_key): one less or one more is invalid */
key_len = (word32)(sizeof(ecc_key) - 1);
ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
key_len = (word32)(sizeof(ecc_key) + 1);
ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));

Expand Down Expand Up @@ -138,6 +145,13 @@ int test_wc_SignatureGetSize_rsa(void)
ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
key_len = (word32)0;
ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* key_len must be exactly sizeof(RsaKey): one less or one more is invalid */
key_len = (word32)(sizeof(RsaKey) - 1);
ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
key_len = (word32)(sizeof(RsaKey) + 1);
ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));

Expand Down
2 changes: 1 addition & 1 deletion tests/api/test_signature.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ int test_wc_SignatureGetSize_rsa(void);

#define TEST_SIGNATURE_DECLS \
TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc), \
TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc)
TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_rsa)

#endif /* WOLFCRYPT_TEST_SIGNATURE_H */
13 changes: 9 additions & 4 deletions wolfcrypt/src/signature.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC:
#ifdef HAVE_ECC
/* Sanity check that void* key is at least ecc_key in size */
if (key_len >= sizeof(ecc_key)) {
/* Verify that key_len matches exactly sizeof(ecc_key).
* This is a necessary but not sufficient type check: the void*
* API cannot verify the actual runtime type of the pointed-to
* object. Callers must pass a valid ecc_key* cast to void*. */
if (key_len == sizeof(ecc_key)) {
Comment on lines +96 to +100
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment refers to a void* API and says “cast to void*”, but the function parameter is const void*. To keep the comment accurate (and avoid encouraging dropping const), adjust wording to const void* / “cast to const void*”.

Copilot uses AI. Check for mistakes.
sig_len = wc_ecc_sig_size((ecc_key*)key);
}
else {
Expand All @@ -108,8 +111,10 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
case WC_SIGNATURE_TYPE_RSA_W_ENC:
case WC_SIGNATURE_TYPE_RSA:
#ifndef NO_RSA
/* Sanity check that void* key is at least RsaKey in size */
if (key_len >= sizeof(RsaKey)) {
/* Verify that key_len matches exactly sizeof(RsaKey).
* Same caveat as the ECC case above: size equality is necessary
* but not sufficient; the caller must pass a valid RsaKey*. */
if (key_len == sizeof(RsaKey)) {
sig_len = wc_RsaEncryptSize((RsaKey*)key);
}
else {
Expand Down
Loading