Fenrir fixes (2026-06-23)#128
Open
julek-wolfssl wants to merge 4 commits into
Open
Conversation
_FEEDBACK_MODES advertised MODE_ECB/MODE_CFB/MODE_OFB as supported, but _Cipher.__init__ then rejected every mode other than CBC/CTR with a contradictory 'not supported by this cipher' error after they had already passed the 'is supported' check. Prune _FEEDBACK_MODES to the modes the cipher actually implements (CBC, CTR) so unsupported modes get a single, accurate rejection, and drop the now-dead else branch.
ChaCha.__init__ leaves _IV_nonce empty and requires set_iv() before use, but encrypt()/decrypt() (inherited from _Cipher) did not check this. The first call ran _set_key(), which passed the empty nonce to wc_Chacha_SetIV() - a function that unconditionally reads 12 bytes - reading past the buffer and silently producing output with an undefined IV. Track an _iv_set flag and override encrypt()/decrypt() to raise WolfCryptError until set_iv() has been called.
_Hmac inherited _Hash.copy(), which - lacking a wolfCrypt copy function for Hmac - fell back to a byte-level memmove and returned an object marked _shallow_copy that aliases the original's internal C state. In async or hardware-accelerated builds those internal pointers are shared, so freeing the original leaves the copy with stale state (use-after-free, wrong MACs, or corruption). wolfCrypt exposes no safe public Hmac copy, so override copy() to raise NotImplementedError. digest()/hexdigest() are unaffected. Update the shared hash tests to expect this for HMAC.
There was a problem hiding this comment.
Pull request overview
This PR applies three Fenrir-tracked safety/consistency fixes to the wolfCrypt Python bindings: disabling unsafe HMAC state copying, tightening cipher-mode validation to avoid contradictory behavior, and preventing ChaCha encrypt/decrypt usage before an IV is set. The changes primarily harden API behavior against unsafe states and align error paths with what is actually supported.
Changes:
- Make HMAC
copy()unsupported (raisesNotImplementedError) to avoid aliasing underlying C resources. - Restrict
_Ciphermode gating to the actually supported modes (CBC, CTR) and simplify IV validation. - Require
ChaCha.set_iv()beforeencrypt()/decrypt(), with new regression tests.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
wolfcrypt/hashes.py |
Disables unsafe HMAC copying by overriding copy() to raise. |
wolfcrypt/ciphers.py |
Tightens supported mode list/validation and adds ChaCha “IV must be set” enforcement. |
tests/test_hmac_copy.py |
Adds regression coverage ensuring HMAC copy() is rejected and digest behavior remains stable. |
tests/test_hashes.py |
Updates shared hash tests to expect/skip HMAC copy behavior appropriately. |
tests/test_cipher_modes.py |
Adds coverage that supported/unsupported mode gating is consistent and non-contradictory. |
tests/test_chacha_iv.py |
Adds coverage requiring set_iv() before ChaCha encrypt/decrypt and ensuring roundtrip works after. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- ChaCha.set_iv(): only mark _iv_set after _set_key() succeeds, and clear it first, so a failed re-key cannot leave encrypt()/decrypt() unblocked with a stale or partially-applied IV. Add a regression test. - Update _Cipher.new()/encrypt()/decrypt() docstrings that still referred to CFB/segment-size behavior to match the actually supported modes (MODE_CBC, MODE_CTR) and their IV requirements.
julek-wolfssl
force-pushed
the
fenrir/20260623
branch
from
aaf423c to
b13aeea
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This branch collects a set of Fenrir-tracked fixes for the wolfCrypt Python bindings.
Changes
copy()(F-5428).set_iv(F-4463).Each fix ships with accompanying tests.