[Renesas RA6M4] Fix Renesas RA6M4 SCE session-key generation issues#10869
Draft
miyazakh wants to merge 1 commit into
Draft
[Renesas RA6M4] Fix Renesas RA6M4 SCE session-key generation issues#10869miyazakh wants to merge 1 commit into
miyazakh wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR targets the Renesas FSPSM (RA6M4 SCE) TLS integration to prevent crashes/lockups during session-key setup and to correct a misleading AES-GCM decrypt log message.
Changes:
- Prevent NULL-pointer dereference in
wc_fspsm_generateSessionKey()by skipping wrapped-key copies when AES-GCM session-key generation is deferred. - Fix hardware mutex leaks on multiple out-of-memory early-return paths in
wc_fspsm_generateSessionKey(). - Correct a copy-paste error in an AES-GCM decrypt error message.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| wolfcrypt/src/port/Renesas/renesas_fspsm_util.c | Adds hw-unlock on OOM exits and guards wrapped-key copy to avoid NULL deref when AES-GCM session-key generation is deferred. |
| wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c | Fixes decrypt-side error message text for too-small auth tag. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+834
to
+838
| if (key_client_aes != NULL && key_server_aes != NULL) { | ||
| if (ssl->options.side == PROVISION_CLIENT) { | ||
| XMEMCPY(enc->aes->ctx.wrapped_key, key_client_aes, | ||
| sizeof(FSPSM_AES_WKEY)); | ||
| XMEMCPY(dec->aes->ctx.wrapped_key, key_server_aes, |
Comment on lines
761
to
764
| if (key_client_aes == NULL || key_server_aes == NULL) { | ||
| wc_fspsm_hw_unlock(); | ||
| return MEMORY_E; | ||
| } |
Comment on lines
813
to
817
| if (enc) { | ||
| XFREE(enc->aes, NULL, DYNAMIC_TYPE_CIPHER); | ||
| } | ||
| wc_fspsm_hw_unlock(); | ||
| return MEMORY_E; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix Renesas FSPSM (RA6M4 SCE) session-key generation bugs
Summary
Three fixes to the Renesas FSPSM (RA6M4 Secure Cryptography Engine) port, driven by cases
found in wolfSSL's internal issue tracker:
renesas_fspsm_util.c—wc_fspsm_generateSessionKey():session key buffers NULL.
renesas_fspsm_aes.c—wc_fspsm_AesGcmDecrypt():Details
NULL-pointer dereference in
wc_fspsm_generateSessionKey(issue f5408)When AES-GCM session-key generation takes the deferred path,
key_client_aesandkey_server_aesare leftNULL(the real per-record key is generated later, insidewc_fspsm_AesGcmEncrypt/Decrypt). The subsequentXMEMCPYintoenc/dec->aes->ctx.wrapped_keydid not check for this and copied from the NULL pointersunconditionally, crashing — remotely triggerable via cipher suite choice.
Fix: guard the copy with
if (key_client_aes != NULL && key_server_aes != NULL).Hardware mutex leak on allocation failure (issues f5417, f5409 — duplicate)
Five
return MEMORY_E;exit paths inside thewc_fspsm_hw_lock()'d block ofwc_fspsm_generateSessionKey(client/server AES key alloc, encrypt-sideAes/wrapped-keyalloc, decrypt-side
Aes/wrapped-key alloc) returned without callingwc_fspsm_hw_unlock(), leaving the hardware mutex permanently locked after an allocationfailure.
Fix: add
wc_fspsm_hw_unlock();before each of the 5 early returns.(f5409 reported the same root cause under a different description; no additional change was
needed beyond the f5417 fix.)
Copy-paste error in
wc_fspsm_AesGcmDecrypterror message (issue 1537)The
authTagSz-too-small error message read"GcmEncrypt authTagSz too small error"insidethe decrypt function — copy-pasted from the encrypt path. Message-only fix, no functional
impact: now reads
"GcmDecrypt authTagSz too small error".Testing
Run crypt and benchmark test on the board
Checklist