Fix fenrir issues 169, 170, 171, 172, 271, 395, 396, 510, 511, 512, 514, 829, 830, 836, 837, 838, 839, 1183, 1184, 1185, 1186, 1187, 1280, 1281 for wolfProvider

aidangarske · aidangarske · commit 4ae7cc0a14a3 · 2026-03-23T12:37:24.000-07:00
diff --git a/src/wp_aes_aead.c b/src/wp_aes_aead.c
@@ -1688,6 +1688,10 @@ static void *wp_aes_gcm_newctx(WOLFPROV_CTX* provCtx, size_t keyBits)
  */
 static void wp_aes_gcm_freectx(wp_AeadCtx* ctx)
 {
+    OPENSSL_free(ctx->aad);
+#if defined(WP_HAVE_AESGCM) && !defined(WOLFSSL_AESGCM_STREAM)
+    OPENSSL_free(ctx->in);
+#endif
     wc_AesFree(&ctx->aes);
     OPENSSL_free(ctx);
 }
diff --git a/src/wp_aes_block.c b/src/wp_aes_block.c
@@ -866,21 +866,22 @@ static int wp_aes_block_final_dec(wp_AesBlockCtx* ctx, unsigned char *out,
 
     if (ok && ctx->pad) {
         unsigned char pad;
+        unsigned char invalid;
+        unsigned char i;
 
         pad = ctx->buf[AES_BLOCK_SIZE - 1];
-        if ((pad == 0) || (pad > AES_BLOCK_SIZE)) {
+        invalid = wp_ct_byte_mask_eq(pad, 0) |
+                  ~wp_ct_int_mask_gte(AES_BLOCK_SIZE, (int)pad);
+        for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            unsigned char mask = wp_ct_int_mask_gte((int)i,
+                AES_BLOCK_SIZE - (int)pad);
+            invalid |= mask & wp_ct_byte_mask_ne(ctx->buf[i], pad);
+        }
+        if (invalid) {
             ok = 0;
         }
-        if (ok) {
-            unsigned char len = AES_BLOCK_SIZE;
-            unsigned char i;
-
-            for (i = 0; i < pad; i++) {
-                if (ctx->buf[--len] != pad) {
-                    return 0;
-                }
-            }
-            ctx->bufSz = len;
+        else {
+            ctx->bufSz = AES_BLOCK_SIZE - pad;
         }
     }
 
diff --git a/src/wp_cmac.c b/src/wp_cmac.c
@@ -162,11 +162,12 @@ static wp_CmacCtx* wp_cmac_dup(wp_CmacCtx* src)
         dst = wp_cmac_new(NULL);
     }
     if (dst != NULL) {
-        *dst = *src;
-        dst->keyLen = 0;
+        dst->type = src->type;
+        dst->size = src->size;
+        dst->expKeySize = src->expKeySize;
 
         if ((src->keyLen != 0) &&
-            (!wp_cmac_set_key(dst, src->key, src->keyLen, 0))) {
+            (!wp_cmac_set_key(dst, src->key, src->keyLen, 1))) {
             wp_cmac_free(dst);
             dst = NULL;
         }
diff --git a/src/wp_des.c b/src/wp_des.c
@@ -418,10 +418,15 @@ static int wp_des3_block_update(wp_Des3BlockCtx *ctx, unsigned char *out,
         int i;
         unsigned char off = inLen % DES_BLOCK_SIZE;
         unsigned char pad = DES_BLOCK_SIZE - off - 1;
-        for (i = off; i < DES_BLOCK_SIZE; i++) {
-            out[inLen - off + i] = pad;
+        if (outSize < inLen + pad + 1) {
+            ok = 0;
+        }
+        if (ok) {
+            for (i = off; i < DES_BLOCK_SIZE; i++) {
+                out[inLen - off + i] = pad;
+            }
+            inLen += pad + 1;
         }
-        inLen += pad + 1;
     }
     if (ctx->bufSz != 0) {
         size_t len = DES_BLOCK_SIZE - ctx->bufSz;
@@ -578,21 +583,22 @@ static int wp_des3_block_final_dec(wp_Des3BlockCtx* ctx, unsigned char *out,
 
     if (ok && ctx->pad) {
         unsigned char pad;
+        unsigned char invalid;
+        unsigned char i;
 
         pad = ctx->buf[DES_BLOCK_SIZE - 1];
-        if ((pad == 0) || (pad > DES_BLOCK_SIZE)) {
+        invalid = wp_ct_byte_mask_eq(pad, 0) |
+                  ~wp_ct_int_mask_gte(DES_BLOCK_SIZE, (int)pad);
+        for (i = 0; i < DES_BLOCK_SIZE; i++) {
+            unsigned char mask = wp_ct_int_mask_gte((int)i,
+                DES_BLOCK_SIZE - (int)pad);
+            invalid |= mask & wp_ct_byte_mask_ne(ctx->buf[i], pad);
+        }
+        if (invalid) {
             ok = 0;
         }
-        if (ok) {
-            unsigned char len = DES_BLOCK_SIZE;
-            unsigned char i;
-
-            for (i = 0; i < pad; i++) {
-                if (ctx->buf[--len] != pad) {
-                    return 0;
-                }
-            }
-            ctx->bufSz = len;
+        else {
+            ctx->bufSz = DES_BLOCK_SIZE - pad;
         }
     }
 
diff --git a/src/wp_dh_kmgmt.c b/src/wp_dh_kmgmt.c
@@ -453,7 +453,7 @@ void wp_dh_free(wp_Dh* dh)
         if (cnt == 0) {
             /* No more references to this object. */
             OPENSSL_free(dh->pub);
-            OPENSSL_free(dh->priv);
+            OPENSSL_clear_free(dh->priv, dh->privSz);
     #ifndef WP_SINGLE_THREADED
             wc_FreeMutex(&dh->mutex);
     #endif
@@ -730,6 +730,9 @@ static int wp_dh_get_params_encoded_public_key(wp_Dh* dh, OSSL_PARAM params[])
                 if (p->data_size < outLen) {
                     ok = 0;
                 }
+                if (ok && (dh->pubSz > outLen)) {
+                    ok = 0;
+                }
                 if (ok) {
                     unsigned char* data = p->data;
                     size_t padSz = outLen - dh->pubSz;
@@ -863,16 +866,6 @@ static int wp_dh_get_params(wp_Dh* dh, OSSL_PARAM params[])
             }
         }
     }
-    if (ok) {
-        /* Only call if we haven't already handled OSSL_PKEY_PARAM_PRIV_KEY */
-        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
-        if (p == NULL || p->data != NULL) {
-            if (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PRIV_KEY,
-                    dh->priv, dh->privSz)) {
-                ok = 0;
-            }
-        }
-    }
     if (ok && (!wp_dh_get_params_encoded_public_key(dh, params))) {
         ok = 0;
     }
diff --git a/src/wp_drbg.c b/src/wp_drbg.c
@@ -335,28 +335,23 @@ static int wp_drbg_reseed(wp_DrbgCtx* ctx, int predResist,
 {
     int ok = 1;
 
+    int rc;
+
     WOLFPROV_ENTER(WP_LOG_COMP_RNG, "wp_drbg_reseed");
 
-#if 0
-    /* Calling Hash_DRBG_Instantiate would be better. */
-    int rc;
-    rc = wc_RNG_DRBG_Reseed(ctx->rng, entropy, entropyLen);
+    rc = wc_RNG_DRBG_Reseed(ctx->rng, entropy, (word32)entropyLen);
     if (rc != 0) {
+        WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG, "wc_RNG_DRBG_Reseed", rc);
         ok = 0;
     }
     if (ok && (addInLen > 0)) {
-        rc = wc_RNG_DRBG_Reseed(ctx->rng, addIn, addInLen);
+        rc = wc_RNG_DRBG_Reseed(ctx->rng, addIn, (word32)addInLen);
         if (rc != 0) {
+            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG,
+                "wc_RNG_DRBG_Reseed", rc);
             ok = 0;
         }
     }
-#else
-    (void)ctx;
-    (void)entropy;
-    (void)entropyLen;
-    (void)addIn;
-    (void)addInLen;
-#endif
 
     (void)predResist;
 
@@ -388,6 +383,7 @@ static int wp_drbg_enable_locking(wp_DrbgCtx* ctx)
             if (rc != 0) {
                 WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_COMP_RNG, "wc_InitMutex", rc);
                 OPENSSL_free(ctx->mutex);
+                ctx->mutex = NULL;
                 ok = 0;
             }
         }
@@ -547,11 +543,16 @@ static int wp_drbg_set_ctx_params(wp_DrbgCtx* ctx, const OSSL_PARAM params[])
  */
 static int wp_drbg_verify_zeroization(wp_DrbgCtx* ctx)
 {
+    int ok;
+
     WOLFPROV_ENTER(WP_LOG_COMP_RNG, "wp_drbg_verify_zeroization");
 
-    (void)ctx;
-    WOLFPROV_LEAVE(WP_LOG_COMP_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), 1);
-    return 1;
+    /* After uninstantiate, ctx->rng is freed (with internal state zeroized
+     * by wolfSSL) and set to NULL. Verify that cleanup occurred. */
+    ok = (ctx->rng == NULL);
+
+    WOLFPROV_LEAVE(WP_LOG_COMP_RNG, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
 }
 
 /**
diff --git a/src/wp_ecx_kmgmt.c b/src/wp_ecx_kmgmt.c
@@ -356,16 +356,65 @@ static wp_Ecx* wp_ecx_dup(const wp_Ecx* src, int selection)
 {
     wp_Ecx* dst = NULL;
 
-    (void)selection;
     if (wolfssl_prov_is_running()) {
         /* Create a new ecx object. */
         dst = wp_ecx_new(src->provCtx, src->data);
     }
     if (dst != NULL) {
-        XMEMCPY(&dst->key, &src->key, sizeof(src->key));
+        int ok = 1;
+
         dst->includePublic = src->includePublic;
-        dst->hasPub        = src->hasPub;
-        dst->hasPriv       = src->hasPriv;
+
+        /* Copy public key if available and requested. */
+        if (ok && src->hasPub &&
+            ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)) {
+            byte buf[64];
+            word32 len = (word32)sizeof(buf);
+            int rc = (*src->data->exportPub)((void*)&src->key, buf, &len,
+                ECX_LITTLE_ENDIAN);
+            if (rc != 0) {
+                ok = 0;
+            }
+            if (ok) {
+                rc = (*dst->data->importPub)(buf, len, (void*)&dst->key,
+                    ECX_LITTLE_ENDIAN);
+                if (rc != 0) {
+                    ok = 0;
+                }
+            }
+            if (ok) {
+                dst->hasPub = 1;
+            }
+        }
+        /* Copy private key if available and requested. */
+        if (ok && src->hasPriv &&
+            ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) {
+            byte buf[64];
+            word32 len = (word32)sizeof(buf);
+            int rc = (*src->data->exportPriv)((void*)&src->key, buf, &len);
+            if (rc != 0) {
+                ok = 0;
+            }
+            if (ok) {
+                rc = (*dst->data->importPriv)(buf, len, (void*)&dst->key,
+                    ECX_LITTLE_ENDIAN);
+                if (rc != 0) {
+                    ok = 0;
+                }
+            }
+            if (ok) {
+                dst->hasPriv = 1;
+                dst->clamped = src->clamped;
+                XMEMCPY(dst->unclamped, src->unclamped,
+                    sizeof(src->unclamped));
+            }
+            wc_ForceZero(buf, len);
+        }
+
+        if (!ok) {
+            wp_ecx_free(dst);
+            dst = NULL;
+        }
     }
 
     return dst;
diff --git a/src/wp_hkdf.c b/src/wp_hkdf.c
@@ -716,6 +716,9 @@ static int wp_kdf_tls1_3_derive(wp_HkdfCtx* ctx, unsigned char* key,
                 ok = 0;
             }
         }
+        else {
+            ok = 0;
+        }
     }
 
     WOLFPROV_LEAVE(WP_LOG_COMP_HKDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
diff --git a/src/wp_hmac.c b/src/wp_hmac.c
@@ -187,12 +187,24 @@ static wp_HmacCtx* wp_hmac_dup(wp_HmacCtx* src)
         dst = wp_hmac_new(src->provCtx);
     }
     if (dst != NULL) {
-        *dst = *src;
-        dst->key = NULL;
-        dst->keyLen = 0;
+        int ok = 1;
+        int rc;
 
-        if ((src->key != NULL) &&
+        dst->type = src->type;
+        dst->size = src->size;
+        dst->provCtx = src->provCtx;
+
+        rc = wc_HmacCopy(&src->hmac, &dst->hmac);
+        if (rc != 0) {
+            ok = 0;
+        }
+
+        if (ok && (src->key != NULL) &&
             (!wp_hmac_set_key(dst, src->key, src->keyLen, 0))) {
+            ok = 0;
+        }
+
+        if (!ok) {
             wp_hmac_free(dst);
             dst = NULL;
         }
diff --git a/src/wp_mac_kmgmt.c b/src/wp_mac_kmgmt.c
@@ -223,10 +223,11 @@ void wp_mac_free(wp_Mac* mac)
         int rc;
 
         rc = wc_LockMutex(&mac->mutex);
-        cnt = --mac->refCnt;
-        if (rc == 0) {
-            wc_UnLockMutex(&mac->mutex);
+        if (rc != 0) {
+            return;
         }
+        cnt = --mac->refCnt;
+        wc_UnLockMutex(&mac->mutex);
     #else
         cnt = --mac->refCnt;
     #endif
@@ -346,7 +347,7 @@ static int wp_mac_match(const wp_Mac* mac1, const wp_Mac* mac2, int selection)
     }
     if (ok && ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) &&
         (mac1->keyLen != MAX_SIZE_T) && ((mac1->keyLen != mac2->keyLen) ||
-        (XMEMCMP(mac1->key, mac2->key, mac1->keyLen) != 0) ||
+        (CRYPTO_memcmp(mac1->key, mac2->key, mac1->keyLen) != 0) ||
         (XMEMCMP(mac1->cipher, mac2->cipher, WP_MAX_CIPH_NAME_SIZE) != 0))) {
         ok = 0;
     }
diff --git a/src/wp_mac_sig.c b/src/wp_mac_sig.c
@@ -128,6 +128,7 @@ static void wp_mac_ctx_free(wp_MacSigCtx* ctx)
 {
     if (ctx != NULL) {
         EVP_MAC_CTX_free(ctx->macCtx);
+        wp_mac_free(ctx->mac);
         OPENSSL_free(ctx->propQuery);
         OPENSSL_free(ctx);
     }
@@ -160,6 +161,9 @@ static wp_MacSigCtx* wp_mac_ctx_dup(wp_MacSigCtx* srcCtx)
                 ok = 0;
             }
         }
+        if (ok && !wp_mac_up_ref(srcCtx->mac)) {
+            ok = 0;
+        }
         if (ok) {
             dstCtx->mac = srcCtx->mac;
         }
@@ -199,8 +203,14 @@ static int wp_mac_digest_sign_init(wp_MacSigCtx *ctx, const char *mdName,
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok && mac != NULL && !wp_mac_up_ref(mac)) {
+        ok = 0;
+    }
     if (ok) {
-        ctx->mac = mac;
+        if (mac != NULL) {
+            wp_mac_free(ctx->mac);
+            ctx->mac = mac;
+        }
 
         if (!wp_mac_get_private_key(ctx->mac, &priv, &privLen)) {
             ok = 0;
diff --git a/src/wp_params.c b/src/wp_params.c
@@ -208,6 +208,9 @@ void wp_param_set_mp_buf(OSSL_PARAM* p, const char* key, unsigned char* num,
     for (i = 0; i < nLen; i++) {
         data[i] = num[nLen - 1 - i];
     }
+#else
+    XMEMCPY(data, num, nLen);
+    (void)i;
 #endif
 }
 
@@ -393,6 +396,7 @@ int wp_params_get_bn_be(const OSSL_PARAM* params, const char* key,
         }
 #else
         XMEMCPY(*data, p->data, p->data_size);
+        *len = p->data_size;
 #endif
     }
 
diff --git a/src/wp_rsa_asym.c b/src/wp_rsa_asym.c
diff --git a/src/wp_rsa_kem.c b/src/wp_rsa_kem.c
diff --git a/src/wp_rsa_kmgmt.c b/src/wp_rsa_kmgmt.c
diff --git a/src/wp_seed_src.c b/src/wp_seed_src.c

Original file line number	Diff line number	Diff line change
`@@ -1688,6 +1688,10 @@ static void wp_aes_gcm_newctx(WOLFPROV_CTX provCtx, size_t keyBits)`
`1688`	`1688`	`*/`
`1689`	`1689`	`static void wp_aes_gcm_freectx(wp_AeadCtx* ctx)`
`1690`	`1690`	`{`
	`1691`	`+ OPENSSL_free(ctx->aad);`
	`1692`	`+#if defined(WP_HAVE_AESGCM) && !defined(WOLFSSL_AESGCM_STREAM)`
	`1693`	`+ OPENSSL_free(ctx->in);`
	`1694`	`+#endif`
`1691`	`1695`	`wc_AesFree(&ctx->aes);`
`1692`	`1696`	`OPENSSL_free(ctx);`
`1693`	`1697`	`}`
Original file line number	Diff line number	Diff line change
`@@ -716,6 +716,9 @@ static int wp_kdf_tls1_3_derive(wp_HkdfCtx* ctx, unsigned char* key,`
`716`	`716`	`ok = 0;`
`717`	`717`	`}`
`718`	`718`	`}`
	`719`	`+ else {`
	`720`	`+ ok = 0;`
	`721`	`+ }`
`719`	`722`	`}`
`720`	`723`
`721`	`724`	`WOLFPROV_LEAVE(WP_LOG_COMP_HKDF, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);`