Merged
Conversation
Member
danielinux
commented
Mar 10, 2026
danielinux
commented
- 20d9e39 F/011 Guard NULL in psa_key_derivation_get_capacity
- b04e6c3 F/003 Reject AES keys for ChaCha20-Poly1305
- 04f5550 F/014 Fix EdDSA length handling on 64-bit
- e9b00d2 F/009 Fix LMS and XMSS output lengths on 64-bit
- 44005a6 F/001 Zeroize AEAD keys before free
- 8cf6e69 F/002 Zeroize KDF secret buffers before free
- 7d6b0ac F/007 Guard AEAD buffer growth overflow
- 3f80c28 F/008 Guard KDF buffer growth overflow
- 8070a3a F/013 Free volatile key data on export rejection
- 003627c F/015 Fix PQ key-type switch fallthrough
- b964bd9 F/012 Fix RSA-PSS MGF and verify handling
- 8e947b8 F/004 Use constant-time compare for MAC verify
- a826de8 F/005 Use constant-time compare for KDF verify
- d500173 F/006 Use constant-time compare for RSA verify
- b720999 F/010 Use constant-time compare for hash verify
- ba7aea9 F/016 Use Dilithium export APIs for ML-DSA keys
danielinux
requested review from
Copilot and
rizlik
and removed request for
Copilot
rizlik
requested changes
Mar 11, 2026
There was a problem hiding this comment.
Pull request overview
Addresses a set of static-analyzer findings across the wolfPSA PSA engine implementation, focusing on correctness on 64-bit platforms, constant-time verification, buffer overflow/zeroization hardening, and added regression tests.
Changes:
- Harden crypto verification and secret handling (constant-time compares, key/secret zeroization, overflow guards).
- Fix algorithm/key-type correctness and size/length handling (RSA-PSS MGF/padding, AEAD key-type checks, EdDSA/LMS/XMSS 64-bit length fixes, PQ key-type switch fix).
- Add/extend PSA server tests, including a new RSA-PSS interop test and additional negative/regression cases.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| test/psa_server/psa_rsa_pss_interop_test.c | New RSA-PSS interop/regression test between PSA and wolfCrypt. |
| test/psa_server/psa_api_test.c | Adds skipped-test reporting and new regression tests (ChaCha20/AES key rejection, Ed25519 signature length, KDF NULL capacity). |
| test/Makefile | Builds and links the new RSA-PSS interop test binary. |
| src/psa_rsa.c | Fixes RSA-PSS MGF selection and verification flow; switches to constant-time compare for PKCS#1 v1.5 path. |
| src/psa_pq.c | Fixes key-type support/size checks for LMS/XMSS to return success instead of falling through. |
| src/psa_mldsa.c | Exports ML-DSA keys via Dilithium export APIs (instead of copying internal buffers). |
| src/psa_mac.c | Switches MAC verification to constant-time compare. |
| src/psa_lms_xmss.c | Fixes 64-bit length handling by avoiding size_t* → word32* casts. |
| src/psa_key_storage.c | Frees volatile key material when public-key export rejects unsupported types. |
| src/psa_key_derivation.c | Adds NULL guard, overflow guard, buffer zeroization, and constant-time compare for derivation verification. |
| src/psa_hash_engine.c | Switches hash verification/compare to constant-time compare. |
| src/psa_ed25519_ed448.c | Fixes Ed25519/Ed448 length handling by avoiding size_t* → word32* casts. |
| src/psa_aead.c | Adds overflow guard and key zeroization; tightens ChaCha20-Poly1305 key-type checks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rizlik
reviewed
Mar 11, 2026
Member
Author
|
All comments addressed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.