Harden CMAC cleanup, RSA TLS bounds, test guard

Author: JeremiahM37

src/wp_cmac.c

@@ -90,6 +90,9 @@ static wp_CmacCtx* wp_cmac_new(WOLFPROV_CTX* provCtx)
 static void wp_cmac_free(wp_CmacCtx* macCtx)
 {
     if (macCtx != NULL) {
+    #ifndef HAVE_FIPS
+        wc_CmacFree(&macCtx->cmac);
+    #endif
         OPENSSL_cleanse(macCtx->key, macCtx->keyLen);
         OPENSSL_clear_free(macCtx, sizeof(*macCtx));
     }

src/wp_rsa_asym.c

@@ -463,6 +463,9 @@ static int wp_rsaa_decrypt(wp_RsaAsymCtx* ctx, unsigned char* out,
             if (ctx->clientVersion <= 0) {
                 ok = 0;
             }
+            if (ok && (outSize < WOLFSSL_MAX_MASTER_KEY_LENGTH)) {
+                ok = 0;
+            }
             if (ok) {
                 byte mask;
                 byte negMask;

test/unit.c

@@ -202,7 +202,9 @@ TEST_CASE test_case[] = {
 #ifdef WP_HAVE_SHAKE_256
     TEST_DECL(test_shake_256, NULL),
 #endif
+#ifdef WP_HAVE_DIGEST
     TEST_DECL(test_digest_multi_update, NULL),
+#endif
 #ifdef WP_HAVE_HMAC
     TEST_DECL(test_hmac_create, NULL),
     TEST_DECL(test_hmac_multi_update, NULL),

test/unit.h

@@ -114,11 +114,10 @@ int test_sha3_512(void *data);
 #ifdef WP_HAVE_SHAKE_256
 int test_shake_256(void *data);
 #endif
+int test_digest_multi_update(void *data);
 
 #endif /* WP_HAVE_DIGEST */
 
-int test_digest_multi_update(void *data);
-
 #ifdef WP_HAVE_HMAC
 int test_hmac_create(void *data);
 int test_hmac_multi_update(void *data);