Skip to content

Commit 6081106

Browse files
authored
Merge pull request #10647 from philljj/misc_fixes
Misc wolfcrypt fixes
2 parents 2f7b8b2 + ab09d0c commit 6081106

6 files changed

Lines changed: 47 additions & 5 deletions

File tree

tests/api/test_dsa.c

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -547,19 +547,23 @@ int test_wc_DsaExportKeyRaw(void)
547547
WC_RNG rng;
548548
byte xOut[MAX_DSA_PARAM_SIZE];
549549
byte yOut[MAX_DSA_PARAM_SIZE];
550-
word32 xOutSz, yOutSz;
550+
word32 xOutSz = sizeof(xOut);
551+
word32 yOutSz = sizeof(yOut);
551552

552553
XMEMSET(&key, 0, sizeof(key));
553554
XMEMSET(&rng, 0, sizeof(rng));
554555

555556
ExpectIntEQ(wc_InitDsaKey(&key), 0);
556557
ExpectIntEQ(wc_InitRng(&rng), 0);
557558
ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0);
559+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
560+
/* export before make key should return error. */
561+
ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
562+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
563+
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
558564
ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
559565

560566
/* try successful export */
561-
xOutSz = sizeof(xOut);
562-
yOutSz = sizeof(yOut);
563567
ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0);
564568

565569
/* test bad args */

tests/api/test_hmac.c

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -305,6 +305,13 @@ int test_wc_Md5HmacUpdate(void)
305305
b.inLen = XSTRLEN(b.input);
306306

307307
ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
308+
#if !defined(WOLFSSL_KCAPI_HMAC) && !defined(HAVE_SELFTEST) && \
309+
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
310+
/* update before setkey results in err. */
311+
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen),
312+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
313+
#endif /* !WOLFSSL_KCAPI_HMAC && !HAVE_SELFTEST && \
314+
(!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
308315
ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
309316
(word32)XSTRLEN(keys)), 0);
310317
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
@@ -346,6 +353,11 @@ int test_wc_ShaHmacUpdate(void)
346353
b.inLen = XSTRLEN(b.input);
347354

348355
ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
356+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
357+
/* update before setkey results in err. */
358+
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen),
359+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
360+
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
349361
ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
350362
(word32)XSTRLEN(keys)), 0);
351363
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
@@ -387,6 +399,11 @@ int test_wc_Sha224HmacUpdate(void)
387399
b.inLen = XSTRLEN(b.input);
388400

389401
ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
402+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
403+
/* update before setkey results in err. */
404+
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen),
405+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
406+
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
390407
ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
391408
(word32)XSTRLEN(keys)), 0);
392409
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
@@ -428,6 +445,11 @@ int test_wc_Sha256HmacUpdate(void)
428445
b.inLen = XSTRLEN(b.input);
429446

430447
ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
448+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
449+
/* update before setkey results in err. */
450+
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen),
451+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
452+
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
431453
ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
432454
(word32)XSTRLEN(keys)), 0);
433455
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
@@ -469,6 +491,11 @@ int test_wc_Sha384HmacUpdate(void)
469491
b.inLen = XSTRLEN(b.input);
470492

471493
ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
494+
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
495+
/* update before setkey results in err. */
496+
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen),
497+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
498+
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
472499
ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
473500
(word32)XSTRLEN(keys)), 0);
474501
ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);

wolfcrypt/src/dsa.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -723,6 +723,11 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz)
723723
if (x == NULL || y == NULL)
724724
return BAD_FUNC_ARG;
725725

726+
/* check we have a key to export */
727+
if (mp_iszero(&dsa->x) && mp_iszero(&dsa->y)) {
728+
return BAD_FUNC_ARG;
729+
}
730+
726731
/* export x */
727732
if (*xSz < xLen) {
728733
WOLFSSL_MSG("Output buffer for DSA private key (x) too small, "

wolfcrypt/src/evp.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9848,8 +9848,10 @@ static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
98489848
pkey->pkey.ptr = (char*)derBuf;
98499849
if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, (word32)derSz,
98509850
1)) < 0) {
9851-
XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
9851+
XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
98529852
derBuf = NULL;
9853+
pkey->pkey.ptr = NULL;
9854+
pkey->pkey_sz = 0;
98539855
}
98549856
}
98559857
}

wolfcrypt/src/hmac.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -368,6 +368,7 @@ static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
368368
#endif
369369

370370
default:
371+
ret = BAD_FUNC_ARG;
371372
break;
372373
}
373374

@@ -475,6 +476,7 @@ static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad)
475476
#endif
476477

477478
default:
479+
ret = BAD_FUNC_ARG;
478480
break;
479481
}
480482

@@ -1020,7 +1022,6 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
10201022
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
10211023
return ret;
10221024
/* fall-through when unavailable */
1023-
ret = 0; /* reset error code */
10241025
}
10251026
#endif
10261027
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
@@ -1135,6 +1136,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
11351136
#endif
11361137

11371138
default:
1139+
ret = BAD_FUNC_ARG;
11381140
break;
11391141
}
11401142

wolfcrypt/src/pwdbased.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -777,7 +777,9 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
777777
#endif
778778
}
779779

780+
ForceZero(B, WC_MAX_BLOCK_SIZE);
780781
WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
782+
ForceZero(buffer, totalLen);
781783
if (buffer != staticBuffer) {
782784
XFREE(buffer, heap, DYNAMIC_TYPE_KEY);
783785
}

0 commit comments

Comments
 (0)