wolfcrypt polish: init, checks, corrections

wolfcrypt/src/aes.c

@@ -2676,6 +2676,24 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             return BAD_FUNC_ARG;
         }
 
+    #if !defined(WOLFSSL_AES_128)
+        if (keylen == 16) {
+            return BAD_FUNC_ARG;
+        }
+    #endif
+
+    #if !defined(WOLFSSL_AES_192)
+        if (keylen == 24) {
+            return BAD_FUNC_ARG;
+        }
+    #endif
+
+    #if !defined(WOLFSSL_AES_256)
+        if (keylen == 32) {
+            return BAD_FUNC_ARG;
+        }
+    #endif
+
         aes->keylen = keylen;
         aes->rounds = keylen/4 + 6;
 

wolfcrypt/src/asn.c

@@ -18882,7 +18882,7 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
         #endif
                ) {
             ASNGetData dataASN[policyInfoASN_Length];
-            byte* data;
+            byte* data = NULL;
             word32 length = 0;
 
             /* Clear dynamic data and check OID is a cert policy type. */
@@ -20002,7 +20002,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         /* Check parameters starting with a SEQUENCE. */
         else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
             word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
-            word32 sigAlgParamsSz;
+            word32 sigAlgParamsSz = 0;
 
             /* Parameters only with RSA PSS. */
             if (oid != CTC_RSASSAPSS) {
@@ -29050,9 +29050,9 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
     return ret;
 #else
     DECL_ASNSETDATA(dataASN, certReqBodyASN_Length);
-    word32 publicKeySz;
+    word32 publicKeySz = 0;
     word32 subjectSz = 0;
-    word32 extSz;
+    word32 extSz = 0;
     int sz = 0;
     int ret = 0;
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)

wolfcrypt/src/cmac.c

@@ -216,6 +216,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
 {
     int ret;
     const byte* subKey;
+    word32 remainder = 0;
 
     if (cmac == NULL || out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
@@ -237,14 +238,19 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
         subKey = cmac->k1;
     }
     else {
-        word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz;
+        /* ensure we will have a valid remainder value */
+        if (cmac->bufferSz > AES_BLOCK_SIZE) {
+            return BAD_STATE_E;
+        }
+        remainder = AES_BLOCK_SIZE - cmac->bufferSz;
 
         if (remainder == 0) {
             remainder = AES_BLOCK_SIZE;
         }
         if (remainder > 1) {
             XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
         }
+
         cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
         subKey = cmac->k2;
     }

wolfcrypt/src/ed25519.c

@@ -53,17 +53,28 @@
 #endif
 
 #if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_VERIFY)
-#define ED25519CTX_SIZE    32
+    /* set a static message string for Sig No Collisions Message SNC */
+    #define ED25519CTX_SNC_MESSAGE "SigEd25519 no Ed25519 collisions"
 
-static const byte ed25519Ctx[ED25519CTX_SIZE+1] =
-                                             "SigEd25519 no Ed25519 collisions";
+    /* reminder the sizeof includes n+1 terminator; we don't want for size: */
+    #define ED25519CTX_SIZE (int)(sizeof(ED25519CTX_SNC_MESSAGE) / \
+                                  sizeof(ED25519CTX_SNC_MESSAGE[0]) - 1)
+
+    /* ED25519CTX_SIZE is typically 32 for the above message */
+    static const byte ed25519Ctx[ED25519CTX_SIZE + 1] = ED25519CTX_SNC_MESSAGE;
 #endif
 
 static int ed25519_hash_init(ed25519_key* key, wc_Sha512 *sha)
 {
     int ret;
 
+#ifndef WOLFSSL_ED25519_PERSISTENT_SHA
+    /* when not using persistent SHA, we'll zero the sha param */
+    XMEMSET(sha, 0, sizeof(wc_Sha512));
+#endif
+
     ret = wc_InitSha512_ex(sha, key->heap,
+
 #if defined(WOLF_CRYPTO_CB)
                            key->devId
 #else
@@ -334,8 +345,9 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
 #else
         wc_Sha512 sha[1];
         ret = ed25519_hash_init(key, sha);
-        if (ret < 0)
+        if (ret < 0) {
             return ret;
+        }
 #endif
 
         if (type == Ed25519ctx || type == Ed25519ph) {
@@ -386,6 +398,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
         wc_Sha512 *sha = &key->sha;
 #else
         wc_Sha512 sha[1];
+
         ret = ed25519_hash_init(key, sha);
         if (ret < 0)
             return ret;
@@ -765,9 +778,10 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
     sha = &key->sha;
 #else
     ret = ed25519_hash_init(key, sha);
-    if (ret < 0)
+    if (ret < 0) {
         return ret;
-#endif
+    }
+#endif /* WOLFSSL_ED25519_PERSISTENT_SHA */
 
     ret = ed25519_verify_msg_init_with_sha(sig, sigLen, key, sha, type, context,
         contextLen);
@@ -871,7 +885,9 @@ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
     if (key == NULL)
         return BAD_FUNC_ARG;
 
+    /* for init, ensure the key is zeroed*/
     XMEMSET(key, 0, sizeof(ed25519_key));
+
 #ifdef WOLF_CRYPTO_CB
     key->devId = devId;
 #else

wolfcrypt/src/md5.c

@@ -450,7 +450,12 @@ int wc_Md5Final(wc_Md5* md5, byte* hash)
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
-    local = (byte*)md5->buffer;
+    local = (byte*)md5->buffer; /* buffer allocated in word32 size */
+
+    /* ensure we have a valid buffer length; (-1 to append a byte to length) */
+    if (md5->buffLen > WC_MD5_BLOCK_SIZE - 1) {
+        return BUFFER_E;
+    }
 
     local[md5->buffLen++] = 0x80;  /* add 1 */
 

wolfcrypt/src/random.c

@@ -36,6 +36,9 @@ This library contains implementation for the random number generator.
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
 
 */
+#if defined(ESP_IDF_VERSION_MAJOR) && ESP_IDF_VERSION_MAJOR >= 5
+    #include <esp_random.h>
+#endif
 
 #if defined(HAVE_FIPS) && \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)

wolfcrypt/src/ripemd.c

@@ -324,6 +324,12 @@ int wc_RipeMdFinal(RipeMd* ripemd, byte* hash)
 
     AddLength(ripemd, ripemd->buffLen);               /* before adding pads */
 
+    /* ensure we have a valid buffer length; */
+    if (ripemd->buffLen > RIPEMD_BLOCK_SIZE) {
+        /* exit with error code if there's a bad buffer size in buffLen */
+        return BAD_STATE_E;
+    } /* buffLen check */
+
     local[ripemd->buffLen++] = 0x80;  /* add 1 */
 
     /* pad with zeros */