Skip to content

Hash: consistent error code for uninitialized wc_Hash ops under DEBUG_WOLFSSL#10927

Merged
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
danielinux:fix-error-consistency-with-debug
Jul 16, 2026
Merged

Hash: consistent error code for uninitialized wc_Hash ops under DEBUG_WOLFSSL#10927
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
danielinux:fix-error-consistency-with-debug

Conversation

@danielinux

Copy link
Copy Markdown
Member

Description

Under DEBUG_WOLFSSL the hash->type != type check in wc_HashUpdate, wc_HashFinal and wc_HashFree fired for an uninitialized hash (hash->type == WC_HASH_TYPE_NONE), returning BAD_FUNC_ARG where a non-debug build returns HASH_TYPE_E from the type switch, so the returned error code depended on whether DEBUG_WOLFSSL was defined. Only apply the mismatch check to initialized hashes; the genuine init-then-wrong-type misuse check is preserved.

Testing

Discovered via MC/DC campaign part 3 #10912

Under DEBUG_WOLFSSL the hash->type != type check in wc_HashUpdate,
wc_HashFinal and wc_HashFree fired for an uninitialized hash
(hash->type == WC_HASH_TYPE_NONE), returning BAD_FUNC_ARG where a non-debug
build returns HASH_TYPE_E from the type switch, so the returned error code
depended on whether DEBUG_WOLFSSL was defined. Only apply the mismatch check
to initialized hashes; the genuine init-then-wrong-type misuse check is
preserved.
Copilot AI review requested due to automatic review settings July 16, 2026 07:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes wc_HashUpdate, wc_HashFinal, and wc_HashFree return consistent error codes under DEBUG_WOLFSSL when the wc_HashAlg object is uninitialized (hash->type == WC_HASH_TYPE_NONE). It ensures the debug-only “type mismatch” guard only applies after the hash has been initialized, aligning debug builds with non-debug behavior for this case.

Changes:

  • Gate the DEBUG_WOLFSSL type-mismatch check on hash->type != WC_HASH_TYPE_NONE in wc_HashUpdate.
  • Apply the same gating in wc_HashFinal.
  • Apply the same gating in wc_HashFree.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

danielinux added a commit to danielinux/wolfssl that referenced this pull request Jul 16, 2026
Under DEBUG_WOLFSSL, wc_HashUpdate/Final/Free first check (hash->type != type)
and return BAD_FUNC_ARG before the switch, so the "unsupported type ->
HASH_TYPE_E" arm is unreachable on an uninitialized hash (wc_HashInit refuses
those types). Guard those Update/Final/Free assertions with #ifndef
DEBUG_WOLFSSL; the arm's coverage comes from non-DEBUG variants in the union.
Fixes the cmake (old-TLS/debug) build failure. wc_HashInit assertions keep
running (Init has no such type check).

This bug is fixed in PR wolfSSL#10927
@danielinux

Copy link
Copy Markdown
Member Author

Jenkins retest this please

@JacobBarthelmeh
JacobBarthelmeh merged commit 5418d6c into wolfSSL:master Jul 16, 2026
339 checks passed
danielinux added a commit to danielinux/wolfssl that referenced this pull request Jul 17, 2026
Under DEBUG_WOLFSSL, wc_HashUpdate/Final/Free first check (hash->type != type)
and return BAD_FUNC_ARG before the switch, so the "unsupported type ->
HASH_TYPE_E" arm is unreachable on an uninitialized hash (wc_HashInit refuses
those types). Guard those Update/Final/Free assertions with #ifndef
DEBUG_WOLFSSL; the arm's coverage comes from non-DEBUG variants in the union.
Fixes the cmake (old-TLS/debug) build failure. wc_HashInit assertions keep
running (Init has no such type check).

This bug is fixed in PR wolfSSL#10927
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants