Add CMAC cleanup and RSA TLS bounds check

Author: JeremiahM37

src/wp_aes_block.c

@@ -433,6 +433,19 @@ static int wp_aes_block_doit(wp_AesBlockCtx *ctx, unsigned char *out,
 {
     int rc = 0;
 
+    /* Reject unsupported modes up-front so an inLen == 0 call with a
+     * non-CBC/non-ECB mode does not silently succeed. */
+    if (1
+    #ifdef WP_HAVE_AESCBC
+        && (ctx->mode != EVP_CIPH_CBC_MODE)
+    #endif
+    #ifdef WP_HAVE_AESECB
+        && (ctx->mode != EVP_CIPH_ECB_MODE)
+    #endif
+        ) {
+        return 0;
+    }
+
     while ((rc == 0) && (inLen > 0)) {
         /* Chunk must be block-aligned (AES block size = 16). */
         word32 chunk = (inLen > 0xFFFFFFF0U) ? 0xFFFFFFF0U : (word32)inLen;

src/wp_aes_stream.c

@@ -534,7 +534,9 @@ static int wp_aes_stream_doit(wp_AesStreamCtx *ctx, unsigned char *out,
     if (ctx->mode == EVP_CIPH_CTR_MODE) {
         XMEMCPY(&ctx->aes.reg, ctx->iv, ctx->ivLen);
         while (ok && (inLen > 0)) {
-            word32 chunk = (inLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)inLen;
+            /* Cap chunk to largest word32 multiple of AES_BLOCK_SIZE so the
+             * IV/counter state is consistent across chunk boundaries. */
+            word32 chunk = (inLen > 0xFFFFFFF0U) ? 0xFFFFFFF0U : (word32)inLen;
             int rc = wc_AesCtrEncrypt(&ctx->aes, out, in, chunk);
             if (rc != 0) {
                 WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
@@ -555,7 +557,9 @@ static int wp_aes_stream_doit(wp_AesStreamCtx *ctx, unsigned char *out,
     if (ctx->mode == EVP_CIPH_CFB_MODE) {
         XMEMCPY(&ctx->aes.reg, ctx->iv, ctx->ivLen);
         while (ok && (inLen > 0)) {
-            word32 chunk = (inLen > 0xFFFFFFFFU) ? 0xFFFFFFFFU : (word32)inLen;
+            /* Cap chunk to largest word32 multiple of AES_BLOCK_SIZE so the
+             * IV/counter state is consistent across chunk boundaries. */
+            word32 chunk = (inLen > 0xFFFFFFF0U) ? 0xFFFFFFF0U : (word32)inLen;
             int rc;
             if (ctx->enc) {
                 rc = wc_AesCfbEncrypt(&ctx->aes, out, in, chunk);

src/wp_cmac.c

@@ -90,6 +90,9 @@ static wp_CmacCtx* wp_cmac_new(WOLFPROV_CTX* provCtx)
 static void wp_cmac_free(wp_CmacCtx* macCtx)
 {
     if (macCtx != NULL) {
+    #ifndef HAVE_FIPS
+        wc_CmacFree(&macCtx->cmac);
+    #endif
         OPENSSL_cleanse(macCtx->key, macCtx->keyLen);
         OPENSSL_clear_free(macCtx, sizeof(*macCtx));
     }

src/wp_rsa_asym.c

@@ -463,6 +463,9 @@ static int wp_rsaa_decrypt(wp_RsaAsymCtx* ctx, unsigned char* out,
             if (ctx->clientVersion <= 0) {
                 ok = 0;
             }
+            if (ok && (outSize < WOLFSSL_MAX_MASTER_KEY_LENGTH)) {
+                ok = 0;
+            }
             if (ok) {
                 byte mask;
                 byte negMask;

test/test_cipher.c

@@ -1490,12 +1490,18 @@ int test_aes256_cbc_bad_pad(void *data)
 
 /******************************************************************************/
 
+#endif /* WP_HAVE_AESCBC */
+
+#if defined(WP_HAVE_AESCBC) || defined(WP_HAVE_AESCTR) || \
+    defined(WP_HAVE_AESCFB) || defined(WP_HAVE_DES3CBC)
 /**
- * Test AES-CBC encrypt/decrypt roundtrip with a large buffer processed in
- * multiple update calls. Validates the chunked loop path in
- * wp_aes_block_doit (F-1641).
+ * Test cipher encrypt/decrypt roundtrip with a large buffer processed in
+ * multiple update calls. Validates the chunked loop path used by
+ * wp_aes_block_doit, wp_aes_stream_doit, and wp_des3_block_doit
+ * (F-1641, F-1642, F-1643).
  */
-static int test_aes_cbc_large_update_helper(OSSL_LIB_CTX *libCtx)
+static int test_cipher_large_update_helper(OSSL_LIB_CTX *libCtx,
+    const char *cipherName, int keyLen, int ivLen)
 {
     int err;
     EVP_CIPHER_CTX *ctx = NULL;
@@ -1511,11 +1517,13 @@ static int test_aes_cbc_large_update_helper(OSSL_LIB_CTX *libCtx)
     int totalDec = 0;
     size_t i;
 
-    RAND_bytes(key, sizeof(key));
-    RAND_bytes(iv, sizeof(iv));
+    RAND_bytes(key, keyLen);
+    if (ivLen > 0) {
+        RAND_bytes(iv, ivLen);
+    }
     RAND_bytes(plain, sizeof(plain));
 
-    err = (cipher = EVP_CIPHER_fetch(libCtx, "AES-256-CBC", "")) == NULL;
+    err = (cipher = EVP_CIPHER_fetch(libCtx, cipherName, "")) == NULL;
 
     /* Encrypt in 1024-byte chunks */
     if (err == 0) {
@@ -1575,20 +1583,72 @@ static int test_aes_cbc_large_update_helper(OSSL_LIB_CTX *libCtx)
     EVP_CIPHER_free(cipher);
     return err;
 }
+#endif /* any large-update-testable cipher */
 
+#ifdef WP_HAVE_AESCBC
 int test_aes_cbc_large_update(void *data)
 {
     int err;
 
     (void)data;
 
     PRINT_MSG("AES-CBC large update with OpenSSL");
-    err = test_aes_cbc_large_update_helper(osslLibCtx);
+    err = test_cipher_large_update_helper(osslLibCtx, "AES-256-CBC", 32, 16);
     if (err == 0) {
         PRINT_MSG("AES-CBC large update with wolfProvider");
-        err = test_aes_cbc_large_update_helper(wpLibCtx);
+        err = test_cipher_large_update_helper(wpLibCtx, "AES-256-CBC", 32, 16);
     }
     return err;
 }
-
 #endif /* WP_HAVE_AESCBC */
+
+#ifdef WP_HAVE_AESCTR
+int test_aes_ctr_large_update(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("AES-CTR large update with OpenSSL");
+    err = test_cipher_large_update_helper(osslLibCtx, "AES-256-CTR", 32, 16);
+    if (err == 0) {
+        PRINT_MSG("AES-CTR large update with wolfProvider");
+        err = test_cipher_large_update_helper(wpLibCtx, "AES-256-CTR", 32, 16);
+    }
+    return err;
+}
+#endif /* WP_HAVE_AESCTR */
+
+#ifdef WP_HAVE_AESCFB
+int test_aes_cfb_large_update(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("AES-CFB large update with OpenSSL");
+    err = test_cipher_large_update_helper(osslLibCtx, "AES-256-CFB", 32, 16);
+    if (err == 0) {
+        PRINT_MSG("AES-CFB large update with wolfProvider");
+        err = test_cipher_large_update_helper(wpLibCtx, "AES-256-CFB", 32, 16);
+    }
+    return err;
+}
+#endif /* WP_HAVE_AESCFB */
+
+#ifdef WP_HAVE_DES3CBC
+int test_des3_cbc_large_update(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("DES3-CBC large update with OpenSSL");
+    err = test_cipher_large_update_helper(osslLibCtx, "DES-EDE3-CBC", 24, 8);
+    if (err == 0) {
+        PRINT_MSG("DES3-CBC large update with wolfProvider");
+        err = test_cipher_large_update_helper(wpLibCtx, "DES-EDE3-CBC", 24, 8);
+    }
+    return err;
+}
+#endif /* WP_HAVE_DES3CBC */

test/unit.c

@@ -232,6 +232,7 @@ TEST_CASE test_case[] = {
         TEST_DECL(test_des3_cbc, NULL),
         TEST_DECL(test_des3_cbc_stream, NULL),
         TEST_DECL(test_des3_cbc_bad_pad, NULL),
+        TEST_DECL(test_des3_cbc_large_update, NULL),
     #endif
 #endif
 #ifdef WP_HAVE_AESECB
@@ -257,11 +258,13 @@ TEST_CASE test_case[] = {
     TEST_DECL(test_aes128_ctr_stream, NULL),
     TEST_DECL(test_aes192_ctr_stream, NULL),
     TEST_DECL(test_aes256_ctr_stream, NULL),
+    TEST_DECL(test_aes_ctr_large_update, NULL),
 #endif
 #ifdef WP_HAVE_AESCFB
     TEST_DECL(test_aes128_cfb_stream, NULL),
     TEST_DECL(test_aes192_cfb_stream, NULL),
     TEST_DECL(test_aes256_cfb_stream, NULL),
+    TEST_DECL(test_aes_cfb_large_update, NULL),
 #endif
 #ifdef WP_HAVE_AESCTS
     TEST_DECL(test_aes128_cts, NULL),

test/unit.h

@@ -153,6 +153,7 @@ int test_krb5kdf(void *data);
 int test_des3_cbc(void *data);
 int test_des3_cbc_stream(void *data);
 int test_des3_cbc_bad_pad(void *data);
+int test_des3_cbc_large_update(void *data);
 #endif
 
 #ifdef WP_HAVE_AESECB
@@ -185,6 +186,7 @@ int test_aes_cbc_large_update(void *data);
 int test_aes128_ctr_stream(void *data);
 int test_aes192_ctr_stream(void *data);
 int test_aes256_ctr_stream(void *data);
+int test_aes_ctr_large_update(void *data);
 
 #endif
 
@@ -193,6 +195,7 @@ int test_aes256_ctr_stream(void *data);
 int test_aes128_cfb_stream(void *data);
 int test_aes192_cfb_stream(void *data);
 int test_aes256_cfb_stream(void *data);
+int test_aes_cfb_large_update(void *data);
 
 #endif