Skip to content

Commit b6d8829

Browse files
douzzerdouzzer
authored
Merge pull request #10114 from Frauschi/fenrir
Fenrir fixes
2 parents 2c41a7c + 22a2290 commit b6d8829

14 files changed

Lines changed: 218 additions & 197 deletions

File tree

tests/api/test_blake2.c

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,12 @@ int test_wc_InitBlake2b(void)
5050
ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5151
ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE),
5252
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
53+
/* digestSz values that truncate via (byte) cast to a valid size must be
54+
* rejected: 257 mod 256 = 1, 320 mod 256 = 64 - both within BLAKE2B range */
55+
ExpectIntEQ(wc_InitBlake2b(&blake, 257),
56+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
57+
ExpectIntEQ(wc_InitBlake2b(&blake, 256 + BLAKE2B_OUTBYTES),
58+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5359

5460
/* Test good arg. */
5561
ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
@@ -82,6 +88,12 @@ int test_wc_InitBlake2b_WithKey(void)
8288
ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
8389
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
8490

91+
/* digestSz that truncates to a valid byte-sized value must be rejected */
92+
ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 257, NULL, keylen),
93+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
94+
ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 256 + BLAKE2B_OUTBYTES, NULL, keylen),
95+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
96+
8597
/* Test good arg. */
8698
ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
8799
ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
@@ -127,8 +139,14 @@ int test_wc_Blake2bFinal(void)
127139
ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0),
128140
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
129141
ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
142+
/* requestSz that truncates to valid byte must be rejected */
143+
ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 257),
144+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
145+
ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 256 + BLAKE2B_OUTBYTES),
146+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
130147

131148
/* Test good args. */
149+
ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
132150
ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
133151
#endif
134152
return EXPECT_RESULT();
@@ -322,6 +340,12 @@ int test_wc_InitBlake2s(void)
322340
ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
323341
ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE),
324342
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
343+
/* digestSz that truncates via (byte) cast to a valid size must be rejected:
344+
* 257 mod 256 = 1, 288 mod 256 = 32 - both within BLAKE2S range */
345+
ExpectIntEQ(wc_InitBlake2s(&blake, 257),
346+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
347+
ExpectIntEQ(wc_InitBlake2s(&blake, 256 + BLAKE2S_OUTBYTES),
348+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
325349

326350
/* Test good arg. */
327351
ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
@@ -352,6 +376,12 @@ int test_wc_InitBlake2s_WithKey(void)
352376
ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
353377
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
354378

379+
/* digestSz that truncates to a valid byte-sized value must be rejected */
380+
ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 257, NULL, keylen),
381+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
382+
ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 256 + BLAKE2S_OUTBYTES, NULL, keylen),
383+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
384+
355385
/* Test good arg. */
356386
ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
357387
ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
@@ -397,8 +427,14 @@ int test_wc_Blake2sFinal(void)
397427
ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0),
398428
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
399429
ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
430+
/* requestSz that truncates to valid byte must be rejected */
431+
ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 257),
432+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
433+
ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 256 + BLAKE2S_OUTBYTES),
434+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
400435

401436
/* Test good args. */
437+
ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
402438
ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
403439
#endif
404440
return EXPECT_RESULT();

wolfcrypt/src/ascon.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@
4545
#ifndef WORD64_AVAILABLE
4646
#error "Ascon implementation requires a 64-bit word"
4747
#endif
48+
#ifdef BIG_ENDIAN_ORDER
49+
#error "Ascon not yet supported on big-endian systems"
50+
#endif
4851

4952
/* Data block size in bytes */
5053
#define ASCON_HASH256_RATE 8

wolfcrypt/src/blake2b.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -426,6 +426,9 @@ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz)
426426
if (b2b == NULL){
427427
return BAD_FUNC_ARG;
428428
}
429+
if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) {
430+
return BAD_FUNC_ARG;
431+
}
429432
b2b->digestSz = digestSz;
430433

431434
return blake2b_init(b2b->S, (byte)digestSz);
@@ -437,6 +440,9 @@ int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word3
437440
if (b2b == NULL){
438441
return BAD_FUNC_ARG;
439442
}
443+
if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) {
444+
return BAD_FUNC_ARG;
445+
}
440446
b2b->digestSz = digestSz;
441447

442448
if (keylen >= 256)
@@ -478,6 +484,9 @@ int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
478484
}
479485

480486
sz = requestSz ? requestSz : b2b->digestSz;
487+
if (sz == 0 || sz > BLAKE2B_OUTBYTES) {
488+
return BAD_FUNC_ARG;
489+
}
481490

482491
return blake2b_final(b2b->S, final, (byte)sz);
483492
}

wolfcrypt/src/blake2s.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -421,6 +421,9 @@ int wc_InitBlake2s(Blake2s* b2s, word32 digestSz)
421421
if (b2s == NULL){
422422
return BAD_FUNC_ARG;
423423
}
424+
if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) {
425+
return BAD_FUNC_ARG;
426+
}
424427
b2s->digestSz = digestSz;
425428

426429
return blake2s_init(b2s->S, (byte)digestSz);
@@ -433,6 +436,9 @@ int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, const byte *key, word3
433436
if (b2s == NULL){
434437
return BAD_FUNC_ARG;
435438
}
439+
if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) {
440+
return BAD_FUNC_ARG;
441+
}
436442
b2s->digestSz = digestSz;
437443

438444
if (keylen >= 256)
@@ -475,6 +481,9 @@ int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz)
475481
}
476482

477483
sz = requestSz ? requestSz : b2s->digestSz;
484+
if (sz == 0 || sz > BLAKE2S_OUTBYTES) {
485+
return BAD_FUNC_ARG;
486+
}
478487

479488
return blake2s_final(b2s->S, final, (byte)sz);
480489
}

wolfcrypt/src/evp.c

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -695,10 +695,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
695695
break;
696696
#if defined(WOLFSSL_DES_ECB)
697697
case WC_DES_ECB_TYPE:
698-
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
698+
if (ctx->enc)
699+
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
700+
else
701+
ret = wc_Des_EcbDecrypt(&ctx->cipher.des, out, in, inl);
699702
break;
700703
case WC_DES_EDE3_ECB_TYPE:
701-
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
704+
if (ctx->enc)
705+
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
706+
else
707+
ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
702708
break;
703709
#endif
704710
#endif
@@ -8749,13 +8755,19 @@ void wolfSSL_EVP_init(void)
87498755
#ifdef WOLFSSL_DES_ECB
87508756
case WC_DES_ECB_TYPE :
87518757
WOLFSSL_MSG("DES ECB");
8752-
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
8758+
if (ctx->enc)
8759+
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
8760+
else
8761+
ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len);
87538762
if (ret == 0)
87548763
ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
87558764
break;
87568765
case WC_DES_EDE3_ECB_TYPE :
87578766
WOLFSSL_MSG("DES3 ECB");
8758-
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
8767+
if (ctx->enc)
8768+
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
8769+
else
8770+
ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len);
87598771
if (ret == 0)
87608772
ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
87618773
break;

wolfcrypt/src/port/caam/wolfcaam_seco.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1075,7 +1075,7 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
10751075
}
10761076
XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
10771077
(void)sz;
1078-
return HSM_NO_ERROR;
1078+
return err;
10791079
}
10801080

10811081

wolfcrypt/src/sp_arm32.c

Lines changed: 24 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -75874,17 +75874,16 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
7587475874
if (cache->cnt == 2)
7587575875
sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
7587675876

75877-
#ifndef HAVE_THREAD_LS
75878-
wc_UnLockMutex(&sp_cache_256_lock);
75879-
#endif /* HAVE_THREAD_LS */
75880-
7588175877
if (cache->cnt < 2) {
7588275878
err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
7588375879
}
7588475880
else {
7588575881
err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
7588675882
map, ct, heap);
7588775883
}
75884+
#ifndef HAVE_THREAD_LS
75885+
wc_UnLockMutex(&sp_cache_256_lock);
75886+
#endif /* HAVE_THREAD_LS */
7588875887
}
7588975888

7589075889
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -76256,17 +76255,16 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
7625676255
if (cache->cnt == 2)
7625776256
sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
7625876257

76259-
#ifndef HAVE_THREAD_LS
76260-
wc_UnLockMutex(&sp_cache_256_lock);
76261-
#endif /* HAVE_THREAD_LS */
76262-
7626376258
if (cache->cnt < 2) {
7626476259
err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
7626576260
}
7626676261
else {
7626776262
err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
7626876263
map, ct, heap);
7626976264
}
76265+
#ifndef HAVE_THREAD_LS
76266+
wc_UnLockMutex(&sp_cache_256_lock);
76267+
#endif /* HAVE_THREAD_LS */
7627076268
}
7627176269

7627276270
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -93909,17 +93907,16 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
9390993907
if (cache->cnt == 2)
9391093908
sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);
9391193909

93912-
#ifndef HAVE_THREAD_LS
93913-
wc_UnLockMutex(&sp_cache_384_lock);
93914-
#endif /* HAVE_THREAD_LS */
93915-
9391693910
if (cache->cnt < 2) {
9391793911
err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
9391893912
}
9391993913
else {
9392093914
err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
9392193915
map, ct, heap);
9392293916
}
93917+
#ifndef HAVE_THREAD_LS
93918+
wc_UnLockMutex(&sp_cache_384_lock);
93919+
#endif /* HAVE_THREAD_LS */
9392393920
}
9392493921

9392593922
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -94307,17 +94304,16 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
9430794304
if (cache->cnt == 2)
9430894305
sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);
9430994306

94310-
#ifndef HAVE_THREAD_LS
94311-
wc_UnLockMutex(&sp_cache_384_lock);
94312-
#endif /* HAVE_THREAD_LS */
94313-
9431494307
if (cache->cnt < 2) {
9431594308
err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
9431694309
}
9431794310
else {
9431894311
err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
9431994312
map, ct, heap);
9432094313
}
94314+
#ifndef HAVE_THREAD_LS
94315+
wc_UnLockMutex(&sp_cache_384_lock);
94316+
#endif /* HAVE_THREAD_LS */
9432194317
}
9432294318

9432394319
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -121070,17 +121066,16 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
121070121066
if (cache->cnt == 2)
121071121067
sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);
121072121068

121073-
#ifndef HAVE_THREAD_LS
121074-
wc_UnLockMutex(&sp_cache_521_lock);
121075-
#endif /* HAVE_THREAD_LS */
121076-
121077121069
if (cache->cnt < 2) {
121078121070
err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
121079121071
}
121080121072
else {
121081121073
err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
121082121074
map, ct, heap);
121083121075
}
121076+
#ifndef HAVE_THREAD_LS
121077+
wc_UnLockMutex(&sp_cache_521_lock);
121078+
#endif /* HAVE_THREAD_LS */
121084121079
}
121085121080

121086121081
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -121488,17 +121483,16 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
121488121483
if (cache->cnt == 2)
121489121484
sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);
121490121485

121491-
#ifndef HAVE_THREAD_LS
121492-
wc_UnLockMutex(&sp_cache_521_lock);
121493-
#endif /* HAVE_THREAD_LS */
121494-
121495121486
if (cache->cnt < 2) {
121496121487
err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
121497121488
}
121498121489
else {
121499121490
err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
121500121491
map, ct, heap);
121501121492
}
121493+
#ifndef HAVE_THREAD_LS
121494+
wc_UnLockMutex(&sp_cache_521_lock);
121495+
#endif /* HAVE_THREAD_LS */
121502121496
}
121503121497

121504121498
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -150839,17 +150833,16 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
150839150833
if (cache->cnt == 2)
150840150834
sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);
150841150835

150842-
#ifndef HAVE_THREAD_LS
150843-
wc_UnLockMutex(&sp_cache_1024_lock);
150844-
#endif /* HAVE_THREAD_LS */
150845-
150846150836
if (cache->cnt < 2) {
150847150837
err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
150848150838
}
150849150839
else {
150850150840
err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
150851150841
map, ct, heap);
150852150842
}
150843+
#ifndef HAVE_THREAD_LS
150844+
wc_UnLockMutex(&sp_cache_1024_lock);
150845+
#endif /* HAVE_THREAD_LS */
150853150846
}
150854150847

150855150848
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -151154,17 +151147,16 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
151154151147
if (cache->cnt == 2)
151155151148
sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);
151156151149

151157-
#ifndef HAVE_THREAD_LS
151158-
wc_UnLockMutex(&sp_cache_1024_lock);
151159-
#endif /* HAVE_THREAD_LS */
151160-
151161151150
if (cache->cnt < 2) {
151162151151
err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
151163151152
}
151164151153
else {
151165151154
err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
151166151155
map, ct, heap);
151167151156
}
151157+
#ifndef HAVE_THREAD_LS
151158+
wc_UnLockMutex(&sp_cache_1024_lock);
151159+
#endif /* HAVE_THREAD_LS */
151168151160
}
151169151161

151170151162
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);

0 commit comments

Comments
 (0)