Skip to content

[Renesas RA6M4] Fix Renesas RA6M4 SCE session-key generation issues#10869

Draft
miyazakh wants to merge 1 commit into
wolfSSL:masterfrom
miyazakh:f_issues_SCE
Draft

[Renesas RA6M4] Fix Renesas RA6M4 SCE session-key generation issues#10869
miyazakh wants to merge 1 commit into
wolfSSL:masterfrom
miyazakh:f_issues_SCE

Conversation

@miyazakh

@miyazakh miyazakh commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Fix Renesas FSPSM (RA6M4 SCE) session-key generation bugs

Summary

Three fixes to the Renesas FSPSM (RA6M4 Secure Cryptography Engine) port, driven by cases
found in wolfSSL's internal issue tracker:

  • renesas_fspsm_util.cwc_fspsm_generateSessionKey():
    • Fix a NULL-pointer dereference when the AES-GCM deferred-key-generation path leaves the
      session key buffers NULL.
    • Fix a hardware mutex leak on out-of-memory during session-key setup.
  • renesas_fspsm_aes.cwc_fspsm_AesGcmDecrypt():
    • Fix a copy-paste error in an error message.

Details

NULL-pointer dereference in wc_fspsm_generateSessionKey (issue f5408)

When AES-GCM session-key generation takes the deferred path, key_client_aes and
key_server_aes are left NULL (the real per-record key is generated later, inside
wc_fspsm_AesGcmEncrypt/Decrypt). The subsequent XMEMCPY into
enc/dec->aes->ctx.wrapped_key did not check for this and copied from the NULL pointers
unconditionally, crashing — remotely triggerable via cipher suite choice.

Fix: guard the copy with if (key_client_aes != NULL && key_server_aes != NULL).

Hardware mutex leak on allocation failure (issues f5417, f5409 — duplicate)

Five return MEMORY_E; exit paths inside the wc_fspsm_hw_lock()'d block of
wc_fspsm_generateSessionKey (client/server AES key alloc, encrypt-side Aes/wrapped-key
alloc, decrypt-side Aes/wrapped-key alloc) returned without calling
wc_fspsm_hw_unlock(), leaving the hardware mutex permanently locked after an allocation
failure.

Fix: add wc_fspsm_hw_unlock(); before each of the 5 early returns.

(f5409 reported the same root cause under a different description; no additional change was
needed beyond the f5417 fix.)

Copy-paste error in wc_fspsm_AesGcmDecrypt error message (issue 1537)

The authTagSz-too-small error message read "GcmEncrypt authTagSz too small error" inside
the decrypt function — copy-pasted from the encrypt path. Message-only fix, no functional
impact: now reads "GcmDecrypt authTagSz too small error".

Testing

Run crypt and benchmark test on the board

Checklist

  • [n/a] added tests
  • [n/a] updated/added doxygen
  • [n/a] updated appropriate READMEs
  • [n/a] Updated manual and documentation

Copilot AI review requested due to automatic review settings July 9, 2026 05:42
@miyazakh miyazakh self-assigned this Jul 9, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR targets the Renesas FSPSM (RA6M4 SCE) TLS integration to prevent crashes/lockups during session-key setup and to correct a misleading AES-GCM decrypt log message.

Changes:

  • Prevent NULL-pointer dereference in wc_fspsm_generateSessionKey() by skipping wrapped-key copies when AES-GCM session-key generation is deferred.
  • Fix hardware mutex leaks on multiple out-of-memory early-return paths in wc_fspsm_generateSessionKey().
  • Correct a copy-paste error in an AES-GCM decrypt error message.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
wolfcrypt/src/port/Renesas/renesas_fspsm_util.c Adds hw-unlock on OOM exits and guards wrapped-key copy to avoid NULL deref when AES-GCM session-key generation is deferred.
wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c Fixes decrypt-side error message text for too-small auth tag.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +834 to +838
if (key_client_aes != NULL && key_server_aes != NULL) {
if (ssl->options.side == PROVISION_CLIENT) {
XMEMCPY(enc->aes->ctx.wrapped_key, key_client_aes,
sizeof(FSPSM_AES_WKEY));
XMEMCPY(dec->aes->ctx.wrapped_key, key_server_aes,
Comment on lines 761 to 764
if (key_client_aes == NULL || key_server_aes == NULL) {
wc_fspsm_hw_unlock();
return MEMORY_E;
}
Comment on lines 813 to 817
if (enc) {
XFREE(enc->aes, NULL, DYNAMIC_TYPE_CIPHER);
}
wc_fspsm_hw_unlock();
return MEMORY_E;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants