@@ -89,6 +89,10 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
8989 Hmac hmac [1 ];
9090#endif
9191
92+ if ((result == NULL && resLen != 0 ) || (secret == NULL && secLen != 0 ) ||
93+ (seed == NULL && seedLen != 0 ))
94+ return BAD_FUNC_ARG ;
95+
9296 switch (hash ) {
9397 #ifndef NO_MD5
9498 case md5_mac :
@@ -234,8 +238,18 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
234238 WC_DECLARE_VAR (sha_result , byte , MAX_PRF_DIG , heap ); /* digLen is real size */
235239 WC_DECLARE_VAR (labelSeed , byte , MAX_PRF_LABSEED , heap );
236240
241+ if ((digest == NULL && digLen != 0 ) ||
242+ (secret == NULL && secLen != 0 ) ||
243+ (label == NULL && labLen != 0 ) ||
244+ (seed == NULL && seedLen != 0 )) {
245+ return BAD_FUNC_ARG ;
246+ }
247+
248+ /* labLen + seedLen is checked with subtraction to avoid word32 wraparound
249+ * (the labLen bound first ensures MAX_PRF_LABSEED - labLen cannot
250+ * underflow). */
237251 if (half > MAX_PRF_HALF ||
238- labLen + seedLen > MAX_PRF_LABSEED ||
252+ labLen > MAX_PRF_LABSEED || seedLen > ( MAX_PRF_LABSEED - labLen ) ||
239253 digLen > MAX_PRF_DIG )
240254 {
241255 return BUFFER_E ;
@@ -251,8 +265,10 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
251265 sha_half = secret + half - secLen % 2 ;
252266 md5_result = digest ;
253267
254- XMEMCPY (labelSeed , label , labLen );
255- XMEMCPY (labelSeed + labLen , seed , seedLen );
268+ if (labLen != 0 )
269+ XMEMCPY (labelSeed , label , labLen );
270+ if (seedLen != 0 )
271+ XMEMCPY (labelSeed + labLen , seed , seedLen );
256272
257273 if ((ret = wc_PRF (md5_result , digLen , md5_half , half , labelSeed ,
258274 labLen + seedLen , md5_mac , heap , devId )) == 0 ) {
@@ -286,6 +302,13 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
286302{
287303 int ret = 0 ;
288304
305+ if ((digest == NULL && digLen != 0 ) ||
306+ (secret == NULL && secLen != 0 ) ||
307+ (label == NULL && labLen != 0 ) ||
308+ (seed == NULL && seedLen != 0 )) {
309+ return BAD_FUNC_ARG ;
310+ }
311+
289312#ifdef WOLFSSL_DEBUG_TLS
290313 WOLFSSL_MSG (" secret" );
291314 WOLFSSL_BUFFER (secret , secLen );
@@ -298,15 +321,19 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
298321 if (useAtLeastSha256 ) {
299322 WC_DECLARE_VAR (labelSeed , byte , MAX_PRF_LABSEED , 0 );
300323
301- if (labLen + seedLen > MAX_PRF_LABSEED ) {
324+ /* Checked with subtraction to avoid word32 wraparound of
325+ * labLen + seedLen. */
326+ if (labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen )) {
302327 return BUFFER_E ;
303328 }
304329
305330 WC_ALLOC_VAR_EX (labelSeed , byte , MAX_PRF_LABSEED , heap ,
306331 DYNAMIC_TYPE_DIGEST , return MEMORY_E );
307332
308- XMEMCPY (labelSeed , label , labLen );
309- XMEMCPY (labelSeed + labLen , seed , seedLen );
333+ if (labLen != 0 )
334+ XMEMCPY (labelSeed , label , labLen );
335+ if (seedLen != 0 )
336+ XMEMCPY (labelSeed + labLen , seed , seedLen );
310337
311338 /* If a cipher suite wants an algorithm better than sha256, it
312339 * should use better. */
0 commit comments