Conversation
F-2032
F-2028
F-2029
There was a problem hiding this comment.
Pull request overview
This PR addresses several static-analysis findings and PKCS#11 conformance issues by correcting return codes, recording key-generation metadata (CKA_LOCAL / CKA_KEY_GEN_MECHANISM), and adding regression tests (plus an HKDF length-cast fix).
Changes:
- Fix PIN length handling to return
CKR_PIN_LEN_RANGEand update tests accordingly. - Track locally-generated keys and key generation mechanisms for
C_GenerateKey(including PBKDF2/PBE and random symmetric generation) and set derived sensitivity/extractability attributes. - Add new tests validating
CKA_LOCAL/CKA_KEY_GEN_MECHANISMfor AES and PBKDF2 key generation; adjust HKDFCKA_VALUE_LENread to useCK_ULONG.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
wolfpkcs11/internal.h |
Adds internal helper prototype and updates random-key generator signature to include mechanism. |
src/internal.c |
Implements helper to mark objects as locally generated and store key-gen mechanism; updates random key generation. |
src/crypto.c |
Updates digest return handling, verify-recover attribute check, key generation metadata/attrs, and HKDF length casting. |
src/slot.c |
Returns CKR_PIN_LEN_RANGE for invalid PIN lengths; propagates that return through token/PIN APIs. |
tests/pkcs11test.c |
Updates expected error codes for too-short/too-long PIN test cases. |
tests/include.am |
Adds new AES and PBKDF2 keygen attribute tests to the build. |
tests/aes_keygen_attrs_test.c |
New regression test for CKA_LOCAL / CKA_KEY_GEN_MECHANISM on AES key generation. |
tests/pbkdf2_keygen_attrs_test.c |
New regression test for CKA_LOCAL / CKA_KEY_GEN_MECHANISM and sensitivity/extractability-derived attributes on PBKDF2 keygen. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #178
Scan targets checked: wolfpkcs11-bugs, wolfpkcs11-compliance, wolfpkcs11-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| return ret; | ||
| if (ret < 0) | ||
| return CKR_FUNCTION_FAILED; | ||
| return CKR_OK; |
There was a problem hiding this comment.
C_DigestKey() now returns CKR_OK for any non-negative value from WP11_Digest_Key(). However, WP11_Digest_Key() can return a non-zero CK_RV like CKR_FUNCTION_NOT_SUPPORTED (e.g., when WOLFPKCS11_NO_STORE is enabled), which should be propagated to the caller instead of being treated as success.
| return CKR_OK; | |
| return (CK_RV)ret; |
src/crypto.c
Outdated
| rv = WP11_Object_GetAttr(pbkdf2Key, CKA_SENSITIVE, | ||
| &getVar, &getVarLen); | ||
| if ((rv == CKR_OK) && (getVar == CK_TRUE)) { | ||
| rv = WP11_Object_SetAttr(pbkdf2Key, | ||
| CKA_ALWAYS_SENSITIVE, | ||
| &trueVar, sizeof(CK_BBOOL)); | ||
| } | ||
| if (rv == CKR_OK) { | ||
| rv = WP11_Object_GetAttr(pbkdf2Key, CKA_EXTRACTABLE, | ||
| &getVar, &getVarLen); | ||
| if ((rv == CKR_OK) && (getVar == CK_FALSE)) { | ||
| rv = WP11_Object_SetAttr(pbkdf2Key, | ||
| CKA_NEVER_EXTRACTABLE, | ||
| &trueVar, | ||
| sizeof(CK_BBOOL)); | ||
| } | ||
| } |
There was a problem hiding this comment.
The PBKDF2/NSS-PBE keygen blocks duplicate the same initial-state logic that already exists in SetInitialStates() (CKA_ALWAYS_SENSITIVE/CKA_NEVER_EXTRACTABLE derivation). To avoid divergence between these early-return paths and the standard keygen path, consider calling SetInitialStates(pbkdf2Key/pbeKey) here instead of duplicating the attribute-get/set sequence.
| rv = WP11_Object_GetAttr(pbkdf2Key, CKA_SENSITIVE, | |
| &getVar, &getVarLen); | |
| if ((rv == CKR_OK) && (getVar == CK_TRUE)) { | |
| rv = WP11_Object_SetAttr(pbkdf2Key, | |
| CKA_ALWAYS_SENSITIVE, | |
| &trueVar, sizeof(CK_BBOOL)); | |
| } | |
| if (rv == CKR_OK) { | |
| rv = WP11_Object_GetAttr(pbkdf2Key, CKA_EXTRACTABLE, | |
| &getVar, &getVarLen); | |
| if ((rv == CKR_OK) && (getVar == CK_FALSE)) { | |
| rv = WP11_Object_SetAttr(pbkdf2Key, | |
| CKA_NEVER_EXTRACTABLE, | |
| &trueVar, | |
| sizeof(CK_BBOOL)); | |
| } | |
| } | |
| rv = SetInitialStates(pbkdf2Key); |
| @@ -3892,7 +3895,9 @@ CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, | |||
| session); | |||
| *pulDigestLen = hashLen; | |||
|
|
|||
There was a problem hiding this comment.
C_Digest() maps any negative return from WP11_Digest_Single() to CKR_FUNCTION_FAILED. WP11_Digest_Single can return BUFFER_E when the output buffer is too small, which should be surfaced as CKR_BUFFER_TOO_SMALL (similar to how C_GetAttributeValue maps BUFFER_E). Consider translating BUFFER_E to CKR_BUFFER_TOO_SMALL instead of collapsing it into CKR_FUNCTION_FAILED.
| if (ret == BUFFER_E) | |
| return CKR_BUFFER_TOO_SMALL; |
| @@ -4027,7 +4036,9 @@ CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, | |||
| ret = WP11_Digest_Final(pDigest, &hashLen, session); | |||
| *pulDigestLen = hashLen; | |||
|
|
|||
There was a problem hiding this comment.
C_DigestFinal() maps BUFFER_E (returned when the caller-provided digest buffer is too small) to CKR_FUNCTION_FAILED. This loses the PKCS#11-required CKR_BUFFER_TOO_SMALL signal; please translate BUFFER_E to CKR_BUFFER_TOO_SMALL (and only use CKR_FUNCTION_FAILED for true internal failures).
| if (ret == BUFFER_E) | |
| return CKR_BUFFER_TOO_SMALL; |
| if (pinLen > WP11_MAX_PIN_LEN) | ||
| #endif | ||
| return CKR_PIN_INCORRECT; | ||
| return CKR_PIN_LEN_RANGE; |
There was a problem hiding this comment.
checkPinLen() now returns CKR_PIN_LEN_RANGE, but some callers (e.g., C_Login and the ulOldLen check in C_SetPIN) still discard the return code and hardcode CKR_PIN_INCORRECT. This makes PIN-length failures inconsistent across APIs. Consider either propagating CKR_PIN_LEN_RANGE consistently everywhere checkPinLen() is used, or changing checkPinLen() to return only CKR_OK/CKR_GENERAL_ERROR and letting each API choose its CKR_* mapping.
| return CKR_PIN_LEN_RANGE; | |
| return CKR_PIN_INCORRECT; |
Mostly fixes to missing flags or incorrect return codes. Also an endianness fix.