Fix CI, Fenrir, and Copilot

- wp_drbg_reseed: Replace parentClearSeed callback with OPENSSL_clear_free(seed, seedLen)
- wp_drbg_reseed: Same fix as above — securely wipes and frees the seed buffer
- wp_ecx_dup: Remove dead ok variable; when private key not selected, re-init the key and import only public part to avoid leaking private material
- wp_rsa_kmgmt.c: SHA1 fallback replaced with ok = 0 error — unknown digest is now a failure, not a silent fallback
- wp_hmac.c: Remove unused rc variable and (void)rc
- wp_cmac.c: Add keyLen <= sizeof(dst->key) bounds check before XMEMCPY
- test_tls_cbc.c: Check RAND_bytes() return value

Author: aidangarske

src/wp_cmac.c

@@ -167,8 +167,14 @@ static wp_CmacCtx* wp_cmac_dup(wp_CmacCtx* src)
         dst->type = src->type;
         dst->size = src->size;
         dst->expKeySize = src->expKeySize;
-        XMEMCPY(dst->key, src->key, src->keyLen);
-        dst->keyLen = src->keyLen;
+        if (src->keyLen <= sizeof(dst->key)) {
+            XMEMCPY(dst->key, src->key, src->keyLen);
+            dst->keyLen = src->keyLen;
+        }
+        else {
+            wp_cmac_free(dst);
+            dst = NULL;
+        }
     }
 
     return dst;

src/wp_drbg.c

@@ -377,9 +377,9 @@ static int wp_drbg_reseed(wp_DrbgCtx* ctx, int predResist,
         }
     }
 
-    /* Clear seed from parent if we obtained one. */
-    if (seed != NULL && ctx->parentClearSeed != NULL) {
-        ctx->parentClearSeed(ctx->parent, seed, seedLen);
+    /* Securely clear and free locally allocated seed buffer. */
+    if (seed != NULL) {
+        OPENSSL_clear_free(seed, seedLen);
     }
 
     (void)predResist;

src/wp_ecx_kmgmt.c

@@ -361,29 +361,40 @@ static wp_Ecx* wp_ecx_dup(const wp_Ecx* src, int selection)
         dst = wp_ecx_new(src->provCtx, src->data);
     }
     if (dst != NULL) {
-        int ok = 1;
-
         dst->includePublic = src->includePublic;
 
-        /* Copy the key union directly to preserve all internal state. */
+        /* Copy the full key union to preserve internal wolfSSL state.
+         * Private material is zeroized below if not selected. */
         XMEMCPY(&dst->key, &src->key, sizeof(src->key));
 
-        /* Copy public key flags if available and requested. */
+        /* Set public key flag if available and requested. */
         if (src->hasPub &&
             ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)) {
             dst->hasPub = 1;
         }
-        /* Copy private key flags if available and requested. */
+        /* Set private key flag if available and requested. */
         if (src->hasPriv &&
             ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) {
             dst->hasPriv = 1;
             dst->clamped = src->clamped;
             XMEMCPY(dst->unclamped, src->unclamped, sizeof(src->unclamped));
         }
-
-        if (!ok) {
-            wp_ecx_free(dst);
-            dst = NULL;
+        else {
+            /* Private key not selected — re-import only public key to
+             * ensure no private material remains in the dst key object. */
+            if (dst->hasPub) {
+                byte buf[64];
+                word32 len = (word32)sizeof(buf);
+                int rc = (*src->data->exportPub)((void*)&src->key, buf, &len,
+                    ECX_LITTLE_ENDIAN);
+                if (rc == 0) {
+                    /* Re-init key and import only public part. */
+                    (*dst->data->freeKey)((void*)&dst->key);
+                    (*dst->data->initKey)((void*)&dst->key);
+                    (*dst->data->importPub)(buf, len, (void*)&dst->key,
+                        ECX_LITTLE_ENDIAN);
+                }
+            }
         }
     }
 

src/wp_hmac.c

@@ -188,7 +188,6 @@ static wp_HmacCtx* wp_hmac_dup(wp_HmacCtx* src)
     }
     if (dst != NULL) {
         int ok = 1;
-        int rc;
 
         dst->type = src->type;
         dst->size = src->size;
@@ -197,7 +196,6 @@ static wp_HmacCtx* wp_hmac_dup(wp_HmacCtx* src)
         /* Copy the Hmac struct directly to preserve in-progress state.
          * wc_HmacCopy is not available in all wolfSSL versions. */
         XMEMCPY(&dst->hmac, &src->hmac, sizeof(Hmac));
-        (void)rc;
 
         if (ok && (src->key != NULL) &&
             (!wp_hmac_set_key(dst, src->key, src->keyLen, 0))) {

src/wp_rsa_kmgmt.c

@@ -1014,17 +1014,21 @@ static int wp_rsa_get_params_pss(wp_RsaPssParams* pss,  OSSL_PARAM params[])
                     default: break;
                 }
                 if (mgfHash != WC_HASH_TYPE_NONE) {
-                    wp_digest_to_ossl_digest(mgfHash, &mgfName);
+                    if (!wp_digest_to_ossl_digest(mgfHash, &mgfName)) {
+                        ok = 0;
+                    }
                 }
             }
             /* Fall back to signing digest if MGF1 not explicitly set. */
-            if (mgfName == NULL) {
+            if (ok && mgfName == NULL) {
                 if (!wp_digest_to_ossl_digest(pss->hashType, &mgfName)) {
-                    mgfName = OSSL_DIGEST_NAME_SHA1;
+                    ok = 0;
                 }
             }
-            if (!OSSL_PARAM_set_utf8_string(p, mgfName)) {
-                ok = 0;
+            if (ok && mgfName != NULL) {
+                if (!OSSL_PARAM_set_utf8_string(p, mgfName)) {
+                    ok = 0;
+                }
             }
         }
     }

test/test_tls_cbc.c

@@ -269,7 +269,9 @@ static int test_des3_cbc_pad_roundtrip(OSSL_LIB_CTX *encCtx,
 
     memset(key, 0xAA, sizeof(key));
     memset(iv, 0xBB, sizeof(iv));
-    RAND_bytes(pt, sizeof(pt));
+    if (RAND_bytes(pt, sizeof(pt)) != 1) {
+        err = 1;
+    }
 
     /* Test various plaintext sizes to exercise all padding values (1-8). */
     for (i = 1; i <= 8 && err == 0; i++) {