Skip to content

Fenrir fixes#10136

Merged
SparkiDev merged 7 commits into
wolfSSL:masterfrom
JeremiahM37:fenrir-issues-2
Apr 15, 2026
Merged

Fenrir fixes#10136
SparkiDev merged 7 commits into
wolfSSL:masterfrom
JeremiahM37:fenrir-issues-2

Conversation

@JeremiahM37

@JeremiahM37 JeremiahM37 commented Apr 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Fixes F-1916, F-1907, F-1911, F-1915, F-1909, F-1913, F-1914

  • Fix NULL drbg pointer dereference in wc_RNG_DRBG_Reseed on non-Intel platforms when HAVE_INTEL_RDSEED/HAVE_INTEL_RDRAND are not defined
  • Save key->heap before wc_FreeRsaKey in wc_DeleteRsaKey to prevent use-after-free on the heap hint
  • Add NULL parameter checks to Base64_Decode, Base64_Decode_nonCT, and DoBase64_Encode matching existing Base16_Decode pattern
  • Reject non-block-aligned input with BAD_LENGTH_E in RC2, Camellia, and DES/DES3 CBC encrypt/decrypt instead of silently truncating

@JeremiahM37 JeremiahM37 changed the title Fenrir issues 2 Fenrir fixes Apr 6, 2026
@JeremiahM37 JeremiahM37 changed the title Fenrir fixes wolfcrypt Fenrir fixes Apr 6, 2026
@JeremiahM37 JeremiahM37 changed the title wolfcrypt Fenrir fixes Fenrir fixes Apr 6, 2026
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 6, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10136

Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-port, wolfcrypt-port-bugs, wolfcrypt-portability, wolfcrypt-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@JeremiahM37 JeremiahM37 marked this pull request as ready for review April 7, 2026 14:42
dgarske
dgarske reviewed Apr 9, 2026
View reviewed changes

@dgarske dgarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Skoll Code Review

Overall recommendation: APPROVE
Findings: 3 total — 3 posted, 2 skipped

Posted findings

  • [Medium] Des3 CBC alignment check placed after crypto callback and async dispatchwolfcrypt/src/des3.c:1822,1877
  • [Medium] No test coverage for new BAD_LENGTH_E alignment checkstests/api/test_camellia.c, tests/api/test_des3.c, tests/api/test_rc2.c
  • [Low] DoBase64_Encode NULL check placed after arithmetic on inLenwolfcrypt/src/coding.c:480-484
Skipped findings
  • [Medium] Des3 CBC alignment check placed after crypto callback and async dispatch
  • [Medium] No test coverage for new BAD_LENGTH_E alignment checks

Review generated by Skoll via openclaw

Comment thread wolfcrypt/src/coding.c Outdated
@JeremiahM37

JeremiahM37 commented Apr 14, 2026

Copy link
Copy Markdown
Contributor Author

Jenkins retest this please

@JeremiahM37 JeremiahM37 assigned dgarske and unassigned JeremiahM37 Apr 15, 2026
@dgarske dgarske removed their assignment Apr 15, 2026
@dgarske dgarske self-requested a review April 15, 2026 16:33
@dgarske dgarske requested a review from SparkiDev April 15, 2026 21:48
@SparkiDev SparkiDev merged commit cd6b062 into wolfSSL:master Apr 15, 2026
531 of 533 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments
@dgarske dgarske dgarske approved these changes
@SparkiDev SparkiDev SparkiDev approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@JeremiahM37 @dgarske @SparkiDev @wolfSSL-Fenrir-bot @wolfSSL-Bot