Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses several static-analysis findings and PKCS#11 conformance issues by correcting return codes, recording key-generation metadata (CKA_LOCAL / CKA_KEY_GEN_MECHANISM), and adding regression tests (plus an HKDF length-cast fix).
Changes:
- Fix PIN length handling to return
CKR_PIN_LEN_RANGEand update tests accordingly. - Track locally-generated keys and key generation mechanisms for
C_GenerateKey(including PBKDF2/PBE and random symmetric generation) and set derived sensitivity/extractability attributes. - Add new tests validating
CKA_LOCAL/CKA_KEY_GEN_MECHANISMfor AES and PBKDF2 key generation; adjust HKDFCKA_VALUE_LENread to useCK_ULONG.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
wolfpkcs11/internal.h |
Adds internal helper prototype and updates random-key generator signature to include mechanism. |
src/internal.c |
Implements helper to mark objects as locally generated and store key-gen mechanism; updates random key generation. |
src/crypto.c |
Updates digest return handling, verify-recover attribute check, key generation metadata/attrs, and HKDF length casting. |
src/slot.c |
Returns CKR_PIN_LEN_RANGE for invalid PIN lengths; propagates that return through token/PIN APIs. |
tests/pkcs11test.c |
Updates expected error codes for too-short/too-long PIN test cases. |
tests/include.am |
Adds new AES and PBKDF2 keygen attribute tests to the build. |
tests/aes_keygen_attrs_test.c |
New regression test for CKA_LOCAL / CKA_KEY_GEN_MECHANISM on AES key generation. |
tests/pbkdf2_keygen_attrs_test.c |
New regression test for CKA_LOCAL / CKA_KEY_GEN_MECHANISM and sensitivity/extractability-derived attributes on PBKDF2 keygen. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #178
Scan targets checked: wolfpkcs11-bugs, wolfpkcs11-compliance, wolfpkcs11-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
F-2032
F-2028
F-2029
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Mostly fixes to missing flags or incorrect return codes. Also an endianness fix.