Skip to content

Fixes for things found with the NSS regression suite #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
douzzer merged 50 commits into from
Aug 6, 2025
Merged

Fixes for things found with the NSS regression suite #110

douzzer merged 50 commits into from
Aug 6, 2025

Conversation

@LinuxJedi
Copy link
Member

@LinuxJedi LinuxJedi commented Jul 2, 2025
edited
Loading

  • Declare CKM_HKDF_KEY_GEN properly
  • Increase object counts for NSS
  • Add configdir parameter during C_Initialize for NSS
  • C_CopyObject was not doing a proper copy. This changes the behaviour so that it does.
  • C_CopyObject template check if there is a ulCount
  • WP_EC_Derive would crash when the point isn't DER encoded
  • Add CKM_RSA_PKCS to wrap and unwrap
  • C_Decrypt should return CKR_ENCRYPTED_DATA_INVALID when decryption
    fails
  • Add support for CKO_DATA objects
  • Improve file path handling
  • Move debugging functions into public API file
  • Make salt length errors fail signature verification

@LinuxJedi LinuxJedi force-pushed the nss-fixes branch 4 times, most recently from 4c38cd8 to 94ad8ff Compare July 3, 2025 11:38
@LinuxJedi LinuxJedi marked this pull request as ready for review July 3, 2025 12:28
@JacobBarthelmeh
Copy link
Contributor

JacobBarthelmeh commented Jul 3, 2025

@julek-wolfssl when back could you review this? Please un-assign yourself and assign to wolfssl-bot when ready for final review/merge.

julek-wolfssl
julek-wolfssl requested changes Jul 7, 2025
View reviewed changes
@LinuxJedi LinuxJedi force-pushed the nss-fixes branch 2 times, most recently from 6a48d28 to c929ebf Compare July 9, 2025 12:55
@LinuxJedi LinuxJedi requested a review from julek-wolfssl July 10, 2025 06:06
@LinuxJedi LinuxJedi assigned julek-wolfssl and unassigned LinuxJedi Jul 10, 2025
julek-wolfssl
julek-wolfssl previously requested changes Jul 10, 2025
View reviewed changes
@LinuxJedi LinuxJedi mentioned this pull request Jul 22, 2025
Merged
@julek-wolfssl julek-wolfssl force-pushed the nss-fixes branch 2 times, most recently from bb1c7dd to 6e43521 Compare July 30, 2025 12:33
@LinuxJedi LinuxJedi force-pushed the nss-fixes branch 4 times, most recently from 857da01 to 1fcfe68 Compare August 4, 2025 16:41
@julek-wolfssl @LinuxJedi
Add configdir and other fixes
0c18e56 
* Declare `CKM_HKDF_KEY_GEN` properly
* Increase object cuonts for NSS
* Add configdir parameter during `C_Initialize` for NSS
@julek-wolfssl @LinuxJedi
Fix C_CopyObject
93a1ce3 
`C_CopyObject` was not doing a proper copy. This changes the behaviour
so that it does.
@LinuxJedi LinuxJedi force-pushed the nss-fixes branch 3 times, most recently from cf9ac1e to 815123c Compare August 5, 2025 13:49
dgarske
dgarske approved these changes Aug 5, 2025
View reviewed changes
Copy link
Collaborator

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's get this PR merged. Reviewed and tested

@dgarske dgarske requested a review from julek-wolfssl August 5, 2025 18:02
@dgarske
Copy link
Collaborator

dgarske commented Aug 5, 2025
edited
Loading

Note: There is an occasional issue with TPM based ECC verify I am trying to locate. Only happens on the ARM cross compiled tests.

58: test_ecc_gen_keys ... 
tests/pkcs11test.c:7954 - ECDSA Verify: c0 - FAIL

@dgarske dgarske assigned wolfSSL-Bot and unassigned LinuxJedi and julek-wolfssl Aug 5, 2025
@dgarske dgarske requested a review from mattia-moffa August 5, 2025 18:47
douzzer
douzzer approved these changes Aug 6, 2025
View reviewed changes
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left a note to revisit the XMEMSET() of sensitive data -- change to ForceZero() in a follow-up PR.

@douzzer douzzer merged commit c96d0c1 into wolfSSL:master Aug 6, 2025
56 of 57 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@douzzer douzzer douzzer approved these changes

@mattia-moffa mattia-moffa mattia-moffa approved these changes

@julek-wolfssl julek-wolfssl julek-wolfssl approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@LinuxJedi @JacobBarthelmeh @dgarske @douzzer @mattia-moffa @julek-wolfssl @wolfSSL-Bot