From 39c9fa96bcbd793648f2f3c69826743e5942498a Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 28 Oct 2021 15:02:53 -0700 Subject: [PATCH] wc_scrypt: Code review feedback. --- wolfcrypt/src/pwdbased.c | 11 ++++------- wolfcrypt/test/test.c | 6 ++++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 9b6a16f0f..b2400a2a2 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -567,9 +567,9 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, #define R(a, b) rotlFixed(a, b) /* (2^32 - 1) */ -#define WORD32_MAX 4294967295 +#define SCRYPT_WORD32_MAX 4294967295U /* (2^32 - 1) * 32, used in a couple of scrypt max calculations. */ -#define SCRYPT_MAX 137438953440 +#define SCRYPT_MAX 137438953440UL /* One round of Salsa20/8. * Code taken from RFC 7914: scrypt PBKDF. @@ -760,14 +760,11 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, if (cost < 1 || cost >= 128 * blockSize / 8 || parallel < 1 || dkLen < 1) return BAD_FUNC_ARG; - if (parallel > (SCRYPT_MAX / (128 * blockSize))) - return BAD_FUNC_ARG; - - if (blockSize > (WORD32_MAX / 128)) + if ((word32)parallel > (SCRYPT_MAX / (128 * blockSize))) return BAD_FUNC_ARG; bSz = 128 * blockSize; - if (parallel > (WORD32_MAX / bSz)) + if ((word32)parallel > (SCRYPT_WORD32_MAX / bSz)) return BAD_FUNC_ARG; blocksSz = bSz * parallel; blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 94d55690d..940d6b68b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -20177,6 +20177,12 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void) if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) return -9203; + /* Test case with parallel overflowing */ + ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608, + sizeof(verify2)); + if (ret != BAD_FUNC_ARG) + return -9210; + /* Don't run these test on embedded, since they use large mallocs */ #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA) ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,