Skip to content

tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.#10428

Open
kareem-wolfssl wants to merge 5 commits intowolfSSL:masterfrom
kareem-wolfssl:gh10271_10313
Open

tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.#10428
kareem-wolfssl wants to merge 5 commits intowolfSSL:masterfrom
kareem-wolfssl:gh10271_10313

Conversation

@kareem-wolfssl
Copy link
Copy Markdown
Contributor

@kareem-wolfssl kareem-wolfssl commented May 7, 2026

Description

Fixes #10271 #10313

Testing

Built in tests

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@kareem-wolfssl
In Tls13_Exporter, check all length arguments before casting and usin…
b2c4a64 
…g them.

Thanks to Cal Page for the report.
@kareem-wolfssl
In DoTls13CertificateRequest, avoid assigned the CertReqCtx to the SS…
e2ad535 
…L object until the function has finished.

This avoids ssl->certReqCtx being set when the function returns an error.
Thanks to Cal Page for the report.
@kareem-wolfssl
NULL check wolfSSL_get_cipher_name_by_hash arguments.
b1983b1 
Thanks to Cal Page for the report.
@kareem-wolfssl
Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
e4657d2 
Fixes wolfSSL#10271.
@kareem-wolfssl kareem-wolfssl self-assigned this May 7, 2026
Copilot AI review requested due to automatic review settings May 7, 2026 23:12
This was referenced May 7, 2026
Open
Open
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds safety/validation fixes in TLS 1.3 paths and introduces build-system toggles for RSA-padding-aware crypto callbacks (WOLF_CRYPTO_CB_RSA_PAD).

Changes:

  • Add additional bounds checks in Tls13_Exporter() and improve null-safety in wolfSSL_get_cipher_name_by_hash().
  • Defer CertReqCtx allocation in DoTls13CertificateRequest() until after further message validation.
  • Add --enable-cryptocb-rsa-pad (autotools) and WOLFSSL_CRYPTOCB_RSA_PAD (CMake) options to define WOLF_CRYPTO_CB_RSA_PAD.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
src/tls13.c Adds input/bounds validation and adjusts CertificateRequest context handling to reduce premature allocation; adds null-guards.
configure.ac Adds autotools configure flag to enable WOLF_CRYPTO_CB_RSA_PAD.
cmake/options.h.in Adds header-template entries for WOLF_CRYPTO_CB_RSA_PAD.
CMakeLists.txt Adds CMake option and compile definition for WOLF_CRYPTO_CB_RSA_PAD with dependency checking.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CMakeLists.txt
Comment thread CMakeLists.txt
Comment thread src/tls13.c
Comment thread configure.ac
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

MemBrowse Memory Report

No memory changes detected for:

@cpsource
Copy link
Copy Markdown

cpsource commented May 8, 2026

My tests of src/tls13.c ran ok against the patch. (issue-tls13-codex-review). I did not test the autogen/configure issues.
issue-tmp-test.c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@kareem-wolfssl kareem-wolfssl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[RFE] Expose WOLF_CRYPTO_CB_RSA_PAD as a configure knob

3 participants

@kareem-wolfssl @cpsource