From 3e0184d633b5586b4347c156d559ce35eb67f773 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Sat, 4 Apr 2026 18:48:00 -0700 Subject: [PATCH 1/3] Fix fenrir issue and test PRB trigger --- src/wp_drbg.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/wp_drbg.c b/src/wp_drbg.c index daf4e565..987729d4 100644 --- a/src/wp_drbg.c +++ b/src/wp_drbg.c @@ -303,8 +303,11 @@ static int wp_drbg_generate(wp_DrbgCtx* ctx, unsigned char* out, (void)addIn; (void)addInLen; #endif + if (ok && (outLen > 0xFFFFFFFFU)) { + ok = 0; + } if (ok) { - rc = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outLen); + rc = wc_RNG_GenerateBlock(ctx->rng, out, outLen); if (rc != 0) { WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG, "wc_RNG_GenerateBlock", rc); ok = 0; @@ -595,6 +598,11 @@ static size_t wp_drbg_get_seed(wp_DrbgCtx* ctx, unsigned char** pSeed, goto end; } + if (minLen > 0xFFFFFFFFU) { + OPENSSL_secure_free(buffer); + goto end; + } + rc = wc_RNG_GenerateBlock(ctx->rng, buffer, (word32)minLen); if (rc != 0) { WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG, From 3754c9497bb0ad6a95f94f67fc9c8a6a3cc10a5f Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Sat, 4 Apr 2026 22:19:38 -0700 Subject: [PATCH 2/3] Force fail for testing --- src/wp_internal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/wp_internal.c b/src/wp_internal.c index b5bfec7c..e1a9350c 100644 --- a/src/wp_internal.c +++ b/src/wp_internal.c @@ -125,6 +125,7 @@ int wp_init_cast(int algo) wc_RunCast_fips(FIPS_CAST_AES_GCM) != 0) { ok = 0; } + ok = 0; /* Force AES CAST failure for CI dashboard testing */ break; #endif #ifdef WP_HAVE_HMAC From d1f786d774f6087cda9df10f06afa4651e984cd2 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 7 Apr 2026 23:04:51 -0700 Subject: [PATCH 3/3] Fix up for CI --- src/wp_drbg.c | 2 +- src/wp_internal.c | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/wp_drbg.c b/src/wp_drbg.c index 987729d4..95fdee35 100644 --- a/src/wp_drbg.c +++ b/src/wp_drbg.c @@ -307,7 +307,7 @@ static int wp_drbg_generate(wp_DrbgCtx* ctx, unsigned char* out, ok = 0; } if (ok) { - rc = wc_RNG_GenerateBlock(ctx->rng, out, outLen); + rc = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outLen); if (rc != 0) { WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG, "wc_RNG_GenerateBlock", rc); ok = 0; diff --git a/src/wp_internal.c b/src/wp_internal.c index e1a9350c..b5bfec7c 100644 --- a/src/wp_internal.c +++ b/src/wp_internal.c @@ -125,7 +125,6 @@ int wp_init_cast(int algo) wc_RunCast_fips(FIPS_CAST_AES_GCM) != 0) { ok = 0; } - ok = 0; /* Force AES CAST failure for CI dashboard testing */ break; #endif #ifdef WP_HAVE_HMAC