Fix copilot review feedback

aidangarske · aidangarske · commit 815f672d85e8 · 2026-05-07T10:33:25.000-07:00
- wp_ecx_kmgmt.c — Added bounds guard (outLen &lt; 2 / p-&gt;data_size &lt; outLen) before unclamped byte restoration
- test_hkdf.c — Added mdSize &lt;= 0 early-return check after EVP_MD_get_size
- test_aestag.c — Changed sizeof(aad) / sizeof(pt) to exclude trailing NUL in both GCM and CCM helpers (encrypt + decrypt AAD, and ptLen)
- unit.h — Added /* WP_HAVE_X25519 */ comment to #endif
- test_rand_seed.c const cast — Skipped; (char*) is the established pattern in this file (4 pre-existing instances)
diff --git a/src/wp_ecx_kmgmt.c b/src/wp_ecx_kmgmt.c
@@ -561,8 +561,13 @@ static int wp_ecx_get_params_priv_key(wp_Ecx* ecx, OSSL_PARAM params[])
                 ok = 0;
             }
             if (ok && ecx->clamped) {
-                ((unsigned char*)p->data)[0         ] = ecx->unclamped[0];
-                ((unsigned char*)p->data)[outLen - 1] = ecx->unclamped[1];
+                if ((outLen < 2) || (p->data_size < outLen)) {
+                    ok = 0;
+                }
+                else {
+                    ((unsigned char*)p->data)[0         ] = ecx->unclamped[0];
+                    ((unsigned char*)p->data)[outLen - 1] = ecx->unclamped[1];
+                }
             }
         }
         p->return_size = outLen;
diff --git a/test/test_aestag.c b/test/test_aestag.c
@@ -1322,6 +1322,7 @@ static int test_aes_gcm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     unsigned char iv[12];
     unsigned char aad[] = "additional data";
     unsigned char pt[] = "GCM plaintext for tag test";
+    int ptLen = (int)(sizeof(pt) - 1);
     unsigned char ct[64];
     unsigned char tag[16];
     unsigned char dec[64];
@@ -1346,11 +1347,10 @@ static int test_aes_gcm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     }
     if (err == 0) {
         err = EVP_EncryptUpdate(ctx, NULL, &outLen, aad,
-                                (int)sizeof(aad)) != 1;
+                                (int)(sizeof(aad) - 1)) != 1;
     }
     if (err == 0) {
-        err = EVP_EncryptUpdate(ctx, ct, &outLen, pt,
-                                (int)sizeof(pt)) != 1;
+        err = EVP_EncryptUpdate(ctx, ct, &outLen, pt, ptLen) != 1;
     }
     if (err == 0) {
         err = EVP_EncryptFinal_ex(ctx, ct + outLen, &fLen) != 1;
@@ -1378,7 +1378,7 @@ static int test_aes_gcm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     }
     if (err == 0) {
         err = EVP_DecryptUpdate(ctx, NULL, &fLen, aad,
-                                (int)sizeof(aad)) != 1;
+                                (int)(sizeof(aad) - 1)) != 1;
     }
     if (err == 0) {
         err = EVP_DecryptUpdate(ctx, dec, &fLen, ct, outLen) != 1;
@@ -1481,7 +1481,7 @@ static int test_aes_ccm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     unsigned char iv[13];
     unsigned char aad[] = "additional data";
     unsigned char pt[] = "CCM plaintext for tag test";
-    int ptLen = (int)sizeof(pt);
+    int ptLen = (int)(sizeof(pt) - 1);
     unsigned char ct[64];
     unsigned char tag[16];
     unsigned char dec[64];
@@ -1519,7 +1519,7 @@ static int test_aes_ccm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     }
     if (err == 0) {
         err = EVP_EncryptUpdate(ctx, NULL, &outLen, aad,
-                                (int)sizeof(aad)) != 1;
+                                (int)(sizeof(aad) - 1)) != 1;
     }
     if (err == 0) {
         err = EVP_EncryptUpdate(ctx, ct, &outLen, pt, ptLen) != 1;
@@ -1563,7 +1563,7 @@ static int test_aes_ccm_bad_tag_helper(OSSL_LIB_CTX *libCtx,
     }
     if (err == 0) {
         err = EVP_DecryptUpdate(ctx, NULL, &fLen, aad,
-                                (int)sizeof(aad)) != 1;
+                                (int)(sizeof(aad) - 1)) != 1;
     }
     if (err == 0) {
         /* CCM DecryptUpdate should fail with bad tag */
diff --git a/test/test_hkdf.c b/test/test_hkdf.c
@@ -552,11 +552,16 @@ static int test_hkdf_extract_only_bad_len(OSSL_LIB_CTX *libCtx)
     PRINT_MSG("HKDF Extract-Only with wrong output length");
 
     mdSize = EVP_MD_get_size(EVP_sha256());
-
-    ctx = EVP_PKEY_CTX_new_from_name(libCtx, "HKDF", NULL);
-    if (ctx == NULL) {
+    if (mdSize <= 0) {
+        PRINT_ERR_MSG("EVP_MD_get_size(EVP_sha256()) failed: %d", mdSize);
         err = 1;
     }
+    if (err == 0) {
+        ctx = EVP_PKEY_CTX_new_from_name(libCtx, "HKDF", NULL);
+        if (ctx == NULL) {
+            err = 1;
+        }
+    }
     if (err == 0) {
         err = EVP_PKEY_derive_init(ctx) != 1;
     }
diff --git a/test/unit.h b/test/unit.h
@@ -458,7 +458,7 @@ int test_ecx_misc(void *data);
 int test_ecx_null_init(void *data);
 #ifdef WP_HAVE_X25519
 int test_ecx_x25519_raw_priv_roundtrip(void *data);
-#endif
+#endif /* WP_HAVE_X25519 */
 #endif
 
 int test_pkcs7_x509_sign_verify(void *data);

Original file line number	Diff line number	Diff line change
`@@ -561,8 +561,13 @@ static int wp_ecx_get_params_priv_key(wp_Ecx* ecx, OSSL_PARAM params[])`
`561`	`561`	`ok = 0;`
`562`	`562`	`}`
`563`	`563`	`if (ok && ecx->clamped) {`
`564`		`- ((unsigned char*)p->data)[0 ] = ecx->unclamped[0];`
`565`		`- ((unsigned char*)p->data)[outLen - 1] = ecx->unclamped[1];`
	`564`	`+ if ((outLen < 2) \|\| (p->data_size < outLen)) {`
	`565`	`+ ok = 0;`
	`566`	`+ }`
	`567`	`+ else {`
	`568`	`+ ((unsigned char*)p->data)[0 ] = ecx->unclamped[0];`
	`569`	`+ ((unsigned char*)p->data)[outLen - 1] = ecx->unclamped[1];`
	`570`	`+ }`
`566`	`571`	`}`
`567`	`572`	`}`
`568`	`573`	`p->return_size = outLen;`