Skip to content

Fenrir fixes#10136

Merged
SparkiDev merged 7 commits into
wolfSSL:masterfrom
JeremiahM37:fenrir-issues-2
Apr 15, 2026
Merged

Fenrir fixes#10136
SparkiDev merged 7 commits into
wolfSSL:masterfrom
JeremiahM37:fenrir-issues-2

Conversation

@JeremiahM37

@JeremiahM37 JeremiahM37 commented Apr 6, 2026

Copy link
Copy Markdown
Contributor

Fixes F-1916, F-1907, F-1911, F-1915, F-1909, F-1913, F-1914

  • Fix NULL drbg pointer dereference in wc_RNG_DRBG_Reseed on non-Intel platforms when HAVE_INTEL_RDSEED/HAVE_INTEL_RDRAND are not defined
  • Save key->heap before wc_FreeRsaKey in wc_DeleteRsaKey to prevent use-after-free on the heap hint
  • Add NULL parameter checks to Base64_Decode, Base64_Decode_nonCT, and DoBase64_Encode matching existing Base16_Decode pattern
  • Reject non-block-aligned input with BAD_LENGTH_E in RC2, Camellia, and DES/DES3 CBC encrypt/decrypt instead of silently truncating

@JeremiahM37 JeremiahM37 changed the title Fenrir issues 2 Fenrir fixes Apr 6, 2026
@JeremiahM37 JeremiahM37 changed the title Fenrir fixes wolfcrypt Fenrir fixes Apr 6, 2026
@JeremiahM37 JeremiahM37 changed the title wolfcrypt Fenrir fixes Fenrir fixes Apr 6, 2026

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10136

Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-port, wolfcrypt-port-bugs, wolfcrypt-portability, wolfcrypt-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@JeremiahM37 JeremiahM37 marked this pull request as ready for review April 7, 2026 14:42

@dgarske dgarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Skoll Code Review

Overall recommendation: APPROVE
Findings: 3 total — 3 posted, 2 skipped

Posted findings

  • [Medium] Des3 CBC alignment check placed after crypto callback and async dispatchwolfcrypt/src/des3.c:1822,1877
  • [Medium] No test coverage for new BAD_LENGTH_E alignment checkstests/api/test_camellia.c, tests/api/test_des3.c, tests/api/test_rc2.c
  • [Low] DoBase64_Encode NULL check placed after arithmetic on inLenwolfcrypt/src/coding.c:480-484
Skipped findings
  • [Medium] Des3 CBC alignment check placed after crypto callback and async dispatch
  • [Medium] No test coverage for new BAD_LENGTH_E alignment checks

Review generated by Skoll via openclaw

Comment thread wolfcrypt/src/coding.c Outdated
@JeremiahM37

Copy link
Copy Markdown
Contributor Author

Jenkins retest this please

@JeremiahM37 JeremiahM37 assigned dgarske and unassigned JeremiahM37 Apr 15, 2026
@dgarske dgarske removed their assignment Apr 15, 2026
@dgarske dgarske self-requested a review April 15, 2026 16:33
@dgarske dgarske requested a review from SparkiDev April 15, 2026 21:48
@SparkiDev SparkiDev merged commit cd6b062 into wolfSSL:master Apr 15, 2026
531 of 533 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants