From 0d031fcbd700fa73398498804eda8c3b04b82406 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Sun, 29 May 2016 13:46:27 -0700
Subject: [PATCH 1/2] added parameter checking to Generate and Verify

---
 wolfcrypt/src/cmac.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index cfc0bb210..6c7c88dc9 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -165,10 +165,22 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* key, word32 keySz)
 {
     Cmac cmac;
+    int ret;
 
-    wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL);
-    wc_CmacUpdate(&cmac, in, inSz);
-    wc_CmacFinal(&cmac, out, outSz);
+    if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0)
+        return BAD_FUNC_ARG;
+
+    ret = wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_CmacUpdate(&cmac, in, inSz);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_CmacFinal(&cmac, out, outSz);
+    if (ret != 0)
+        return ret;
 
     return 0;
 }
@@ -183,6 +195,11 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
     int result;
     int compareRet;
 
+    if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
+        key == NULL || keySz == 0)
+
+        return BAD_FUNC_ARG;
+
     XMEMSET(a, 0, aSz);
     result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
     compareRet = ConstantCompare(check, a, min(checkSz, aSz));

From ffb537c33f1e9115f4f7dc527361b6a0d7e29d92 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 1 Jun 2016 15:12:55 -0700
Subject: [PATCH 2/2] removed dependency on AES-NI for the AES-direct test

---
 wolfcrypt/test/test.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 44c1306ff..0bfdc7599 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -2906,7 +2906,7 @@ int aes_test(void)
     }
 #endif /* WOLFSSL_AES_COUNTER */
 
-#if defined(WOLFSSL_AESNI) && defined(WOLFSSL_AES_DIRECT)
+#ifdef WOLFSSL_AES_DIRECT
     {
         const byte niPlain[] =
         {
@@ -2944,7 +2944,7 @@ int aes_test(void)
         if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
             return -20007;
     }
-#endif /* WOLFSSL_AESNI && WOLFSSL_AES_DIRECT */
+#endif /* WOLFSSL_AES_DIRECT */
 
     return ret;
 }