Skip to content

tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD. #10428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kareem-wolfssl wants to merge 5 commits into
base: master
Choose a base branch
from
+78 −18
Open

tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD. #10428

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ee74935
In Tls13_Exporter, check all length arguments before casting and usin…
kareem-wolfssl May 7, 2026
3796191
In DoTls13CertificateRequest, avoid assigned the CertReqCtx to the SS…
kareem-wolfssl May 7, 2026
eeb34a7
NULL check wolfSSL_get_cipher_name_by_hash arguments.
kareem-wolfssl May 7, 2026
a0cce92
Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
kareem-wolfssl May 7, 2026
853065a
Code review feedback
kareem-wolfssl May 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2243,6 +2243,10 @@ add_option("WOLFSSL_CRYPTOCB_NO_SW_TEST"
"Disable crypto callback SW testing (default: disabled)"
"no" "yes;no")

add_option("WOLFSSL_CRYPTOCB_RSA_PAD"
"Enable RSA padding aware crypto callbacks (default: disabled)"
"no" "yes;no")

Comment thread
kareem-wolfssl marked this conversation as resolved.
add_option("WOLFSSL_PKCALLBACKS"
"Enable public key callbacks (default: disabled)"
"no" "yes;no")
Expand Down Expand Up @@ -2475,6 +2479,13 @@ if(WOLFSSL_CRYPTOCB_NO_SW_TEST)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_TEST_NO_CRYPTOCB_SW_TEST")
endif()

if(WOLFSSL_CRYPTOCB_RSA_PAD)
if(NOT WOLFSSL_CRYPTOCB)
message(FATAL_ERROR "WOLFSSL_CRYPTOCB_RSA_PAD requires WOLFSSL_CRYPTOCB")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB_RSA_PAD")
Comment thread
kareem-wolfssl marked this conversation as resolved.
endif()

# Public Key Callbacks
if(WOLFSSL_PKCALLBACKS)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
Expand Down
2 changes: 2 additions & 0 deletions cmake/options.h.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,8 @@ extern "C" {
#cmakedefine WC_RSA_PSS
#undef WOLF_CRYPTO_CB
#cmakedefine WOLF_CRYPTO_CB
#undef WOLF_CRYPTO_CB_RSA_PAD
#cmakedefine WOLF_CRYPTO_CB_RSA_PAD
#undef WOLFSSL_AARCH64_BUILD
#cmakedefine WOLFSSL_AARCH64_BUILD
#undef WOLFSSL_AES_CFB
Expand Down
18 changes: 18 additions & 0 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10512,6 +10512,24 @@ if test "$ENABLED_CRYPTOCB_UTILS" != "no"; then
fi
fi

# Crypto callback RSA padding support
# When enabled, the RSA crypto callback args struct exposes the RsaPadding
# parameters so the callback can perform RSA padding/unpadding itself or
# offload it together with the modular exponentiation.
AC_ARG_ENABLE([cryptocb-rsa-pad],
[AS_HELP_STRING([--enable-cryptocb-rsa-pad],[Enable RSA padding aware crypto callbacks (default: disabled). Requires --enable-cryptocb])],
[ ENABLED_CRYPTOCB_RSA_PAD=$enableval ],
[ ENABLED_CRYPTOCB_RSA_PAD=no ]
)

if test "$ENABLED_CRYPTOCB_RSA_PAD" = "yes"
then
if test "x$ENABLED_CRYPTOCB" = "xno"; then
AC_MSG_ERROR([--enable-cryptocb-rsa-pad requires --enable-cryptocb])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_RSA_PAD"
Comment thread
kareem-wolfssl marked this conversation as resolved.
fi


# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
Expand Down
65 changes: 47 additions & 18 deletions src/tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -995,6 +995,19 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
}
#endif /* WOLFSSL_DTLS13 */

/* Sanity check contextLen to prevent truncation when cast to word32. */
if (contextLen > WOLFSSL_MAX_32BIT)
return BAD_FUNC_ARG;
/* RFC 8446 HkdfLabel encodes the output length as a uint16, so requested
* lengths > 65535 cannot be represented and must be rejected. */
if (outLen > WOLFSSL_MAX_16BIT)
return BAD_FUNC_ARG;
/* RFC 8446 HkdfLabel encodes the label length in a single byte, so
* anything > 255 cannot be represented and must be rejected.
* The protocol length is included in the label. */
if ((labelLen + protocolLen) > WOLFSSL_MAX_8BIT)
return BAD_FUNC_ARG;
Comment thread
kareem-wolfssl marked this conversation as resolved.

switch (ssl->specs.mac_algorithm) {
#ifndef NO_SHA256
case sha256_mac:
Expand Down Expand Up @@ -1040,11 +1053,6 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
if (ret != 0)
return ret;

/* Sanity check contextLen to prevent truncation when cast to word32. */
if (contextLen > WOLFSSL_MAX_32BIT) {
return BAD_FUNC_ARG;
}

/* Hash(context_value) */
ret = wc_Hash(hashType, context, (word32)contextLen, hashOut, WC_MAX_DIGEST_SIZE);
if (ret != 0)
Expand Down Expand Up @@ -6046,7 +6054,8 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
int ret = 0;
Suites peerSuites;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
CertReqCtx* certReqCtx;
word16 reqCtxLen;
const byte* reqCtxData;
#endif

WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_DO);
Expand All @@ -6070,18 +6079,12 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
return BUFFER_ERROR;

#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
/* CertReqCtx has one byte at end for context value.
* Increase size to handle other implementations sending more than one byte.
* That is, allocate extra space, over one byte, to hold the context value.
/* Remember the request context bytes; the CertReqCtx allocation and
* linking into ssl->certReqCtx is deferred until after the rest of the
* message has been validated.
*/
certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx) + (len == 0 ? 0 : len - 1), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (certReqCtx == NULL)
return MEMORY_E;
certReqCtx->next = ssl->certReqCtx;
certReqCtx->len = len;
XMEMCPY(&certReqCtx->ctx, input + *inOutIdx, len);
ssl->certReqCtx = certReqCtx;
reqCtxLen = len;
reqCtxData = input + *inOutIdx;
#endif
*inOutIdx += len;

Expand Down Expand Up @@ -6148,6 +6151,24 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
/* This message is always encrypted so add encryption padding. */
*inOutIdx += ssl->keys.padSz;

#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
{
/* CertReqCtx has one byte at end for context value.
* Increase size to handle other implementations sending more than one byte.
* That is, allocate extra space, over one byte, to hold the context value.
*/
CertReqCtx* certReqCtx = (CertReqCtx*)XMALLOC(
sizeof(CertReqCtx) + (reqCtxLen == 0 ? 0 : reqCtxLen - 1),
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (certReqCtx == NULL)
return MEMORY_E;
certReqCtx->next = ssl->certReqCtx;
certReqCtx->len = reqCtxLen;
XMEMCPY(&certReqCtx->ctx, reqCtxData, reqCtxLen);
ssl->certReqCtx = certReqCtx;
}
#endif

WOLFSSL_LEAVE("DoTls13CertificateRequest", ret);
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);

Expand Down Expand Up @@ -15127,7 +15148,15 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
const char* name = NULL;
byte mac = no_mac;
int i;
const Suites* suites = WOLFSSL_SUITES(ssl);
const Suites* suites;

if (hash == NULL || ssl == NULL ||
(ssl->suites == NULL && ssl->ctx == NULL))
return NULL;

suites = WOLFSSL_SUITES(ssl);
if (suites == NULL)
return NULL;

if (XSTRCMP(hash, "SHA256") == 0) {
mac = sha256_mac;
Expand Down
Loading