Merge pull request #10468 from JeremiahM37/fenrir-wolfcrypt-api-hardening

wolfCrypt API hardening: input validation, key zeroization, hardware ports
This commit is contained in:
Sean Parkinson
2026-05-14 20:00:39 +10:00
committed by GitHub
9 changed files with 76 additions and 7 deletions
+25
View File
@@ -284,3 +284,28 @@ int test_wc_Rc2Cbc_MonteCarlo(void)
#endif
return EXPECT_RESULT();
}
/*
* Testing function for wc_Rc2Free().
*/
int test_wc_Rc2Free(void)
{
EXPECT_DECLS;
#ifdef WC_RC2
Rc2 rc2;
byte key[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
byte zero[sizeof(rc2)];
XMEMSET(&rc2, 0, sizeof(rc2));
XMEMSET(zero, 0, sizeof(zero));
wc_Rc2Free(NULL);
ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32)sizeof(key), iv, 40), 0);
ExpectIntNE(XMEMCMP(&rc2, zero, sizeof(rc2)), 0);
wc_Rc2Free(&rc2);
ExpectIntEQ(XMEMCMP(&rc2, zero, sizeof(rc2)), 0);
#endif
return EXPECT_RESULT();
}
+3 -1
View File
@@ -29,12 +29,14 @@ int test_wc_Rc2SetIV(void);
int test_wc_Rc2EcbEncryptDecrypt(void);
int test_wc_Rc2CbcEncryptDecrypt(void);
int test_wc_Rc2Cbc_MonteCarlo(void);
int test_wc_Rc2Free(void);
#define TEST_RC2_DECLS \
TEST_DECL_GROUP("rc2", test_wc_Rc2SetKey), \
TEST_DECL_GROUP("rc2", test_wc_Rc2SetIV), \
TEST_DECL_GROUP("rc2", test_wc_Rc2EcbEncryptDecrypt), \
TEST_DECL_GROUP("rc2", test_wc_Rc2CbcEncryptDecrypt), \
TEST_DECL_GROUP("rc2", test_wc_Rc2Cbc_MonteCarlo)
TEST_DECL_GROUP("rc2", test_wc_Rc2Cbc_MonteCarlo), \
TEST_DECL_GROUP("rc2", test_wc_Rc2Free)
#endif /* WOLFCRYPT_TEST_RC2_H */
+8
View File
@@ -309,6 +309,11 @@ int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
if ((pub == NULL) || (priv == NULL)) {
return ECC_BAD_ARG_E;
}
#ifndef FREESCALE_LTC_ECC
if (rng == NULL) {
return ECC_BAD_ARG_E;
}
#endif
/* check clamping */
ret = curve25519_priv_clamp_check(priv);
@@ -420,6 +425,9 @@ int wc_curve25519_generic_blind(int public_size, byte* pub,
}
if ((pub == NULL) || (priv == NULL) || (basepoint == NULL))
return ECC_BAD_ARG_E;
if (rng == NULL) {
return ECC_BAD_ARG_E;
}
/* check clamping */
ret = curve25519_priv_clamp_check(priv);
@@ -251,7 +251,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
*/
int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret;
int ret = CRYPTOCB_UNAVAILABLE;
int keySize;
int type;
tsip_rsa_byte_data_t plain, cipher;
@@ -321,6 +321,9 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
*(info->pk.rsa.outLen) = plain.data_length;
}
}
else {
ret = CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
}
+13 -2
View File
@@ -52,11 +52,17 @@ int casper_rsa_public_exptmod(
int res;
int sig_sz = inLen;
int key_sz = mp_unsigned_bin_size(&key->n);
word32 exp = 0;
int exp_sz = mp_unsigned_bin_size(&key->e);
uint8_t exp_buf[sizeof(uint32_t)];
uint32_t exp = 0;
if (inLen > CASPER_MAX_BUF_SZ || *outLen > CASPER_MAX_BUF_SZ)
return BAD_FUNC_ARG;
/* casper only accepts a 32-bit public exponent */
if (exp_sz <= 0 || exp_sz > (int)sizeof(exp_buf))
return BAD_FUNC_ARG;
/* casper requires little endian format for inputs/outputs */
XMEMCPY(sig_buf, in, sig_sz);
mp_reverse(sig_buf, sig_sz);
@@ -65,8 +71,13 @@ int casper_rsa_public_exptmod(
return res;
mp_reverse(key_buf, key_sz);
if ((res = mp_to_unsigned_bin(&key->e, (uint8_t *)&exp)) != MP_OKAY)
XMEMSET(exp_buf, 0, sizeof(exp_buf));
if ((res = mp_to_unsigned_bin(&key->e,
exp_buf + sizeof(exp_buf) - exp_sz))
!= MP_OKAY)
return res;
exp = ((uint32_t)exp_buf[0] << 24) | ((uint32_t)exp_buf[1] << 16) |
((uint32_t)exp_buf[2] << 8) | ((uint32_t)exp_buf[3]);
CASPER_ModExp(CASPER, (void *)sig_buf, (void *)key_buf,
key_sz / sizeof(uint32_t), exp, out_buf);
+8
View File
@@ -348,5 +348,13 @@ int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
}
void wc_Rc2Free(Rc2* rc2)
{
if (rc2 == NULL)
return;
ForceZero(rc2, sizeof(Rc2));
}
#endif /* WC_RC2 */
+1 -1
View File
@@ -649,7 +649,7 @@ int wc_CryptKey(const char* password, int passwordSz, const byte* salt,
else
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
ForceZero(&rc2, sizeof(Rc2));
wc_Rc2Free(&rc2);
break;
}
#endif
+12 -2
View File
@@ -495,6 +495,10 @@ int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt)
int ret = 0;
int locked = 0;
if (raw == NULL || cnt <= 0) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_FIPS
if (!entropy_memuse_initialized) {
ret = Entropy_Init();
@@ -809,10 +813,16 @@ static int Entropy_Condition(byte* output, word32 len, byte* noise,
int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
{
int ret = 0;
int noise_len;
static byte noise[MAX_NOISE_CNT];
if (bits <= 0 || (entropy == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
/* Noise length is the number of 8 byte samples required to get the bits of
* entropy requested. */
int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN;
static byte noise[MAX_NOISE_CNT];
noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN;
#ifdef HAVE_FIPS
/* FIPS KATs, e.g. EccPrimitiveZ_KnownAnswerTest(), call wc_Entropy_Get()
+2
View File
@@ -60,6 +60,8 @@ WOLFSSL_API int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out,
WOLFSSL_API int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out,
const byte* in, word32 sz);
WOLFSSL_API void wc_Rc2Free(Rc2* rc2);
#ifdef __cplusplus
} /* extern "C" */
#endif