From 9e974027a8060eadf9deefac7d0a51f965a84340 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 19 Dec 2023 15:33:28 -0500
Subject: [PATCH 1/5] Fix ARIA signing

Used the wrong function to extract key
---
 wolfcrypt/src/port/aria/aria-cryptocb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index e52509a55..de696cf0c 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -204,7 +204,7 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_BuildEccKeyDer(key,keyAsn1,&keyAsn1Sz,0,0);
+        int ret = wc_EccPrivateKeyToDer(key,keyAsn1,keyAsn1Sz);
         if (ret < 0) { rv = ret; }
         else { keyAsn1Sz = ret; }
     }

From f45ffd880263c881f16f440cbb79f90dba4ecb77 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 19 Dec 2023 15:37:58 -0500
Subject: [PATCH 2/5] Rename variable to keep the names similar across
 functions

---
 wolfcrypt/src/port/aria/aria-cryptocb.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index de696cf0c..e69fd3e35 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -185,8 +185,8 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
 
     MC_APIMODE gApimode = MC_MODE_KCMV;
     MC_ALGORITHM mcAlg = {MC_ALGID_NONE, NULL, 0};
-    byte keyAsn1[ARIA_KEYASN1_MAXSZ];
-    word32 keyAsn1Sz=(word32)sizeof(keyAsn1);
+    byte keyarr[ARIA_KEYASN1_MAXSZ];
+    word32 keySz=(word32)sizeof(keyarr);
 
     WOLFSSL_ENTER("AriaSign");
 
@@ -204,13 +204,13 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_EccPrivateKeyToDer(key,keyAsn1,keyAsn1Sz);
+        int ret = wc_EccPrivateKeyToDer(key,keyarr,keySz);
         if (ret < 0) { rv = ret; }
-        else { keyAsn1Sz = ret; }
+        else { keySz = ret; }
     }
 
-    WOLFSSL_MSG_EX("AriaSign key(%d):",keyAsn1Sz);
-    WOLFSSL_BUFFER(keyAsn1,keyAsn1Sz);
+    WOLFSSL_MSG_EX("AriaSign key(%d):",keySz);
+    WOLFSSL_BUFFER(keyarr,keySz);
 
     WOLFSSL_MSG_EX("AriaSign rv=%d",rv);
 
@@ -230,7 +230,7 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
     }
 
     if (rv == MC_OK)
-        rv = MC_CreateObject(hSession, keyAsn1, keyAsn1Sz, &hPrikey);
+        rv = MC_CreateObject(hSession, keyarr, keySz, &hPrikey);
     WOLFSSL_MSG_EX("AriaSign CreateObject rv=%d",rv);
 
     if (rv == MC_OK)

From 12192b7683692a5cf2fd87c91515a57e7be23f65 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 19 Dec 2023 15:54:25 -0500
Subject: [PATCH 3/5] Set result to invalid as first step

---
 wolfcrypt/src/port/aria/aria-cryptocb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index e69fd3e35..253fc804e 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -265,12 +265,12 @@ int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
 
     WOLFSSL_ENTER("AriaVerify");
 
+    *res = 0; /* Default to invalid signature */
+
     if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    *res = 0; /* Default to invalid signature */
-
     if (rv == MC_OK)
         rv = wc_AriaInit();
 

From 77e8a66ca3cdf7561a0f42328577ba03be1f40e8 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 19 Dec 2023 15:55:38 -0500
Subject: [PATCH 4/5] Not cryptocb's job to sanity check input

Don't need to check parameters at every level
---
 wolfcrypt/src/port/aria/aria-cryptocb.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index 253fc804e..4a606260a 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -544,13 +544,11 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha256->hSession), MC_ALGID_SHA256);
                 }
 
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.in != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     ret = wc_AriaShaUpdate(info->hash.sha256->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.digest != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     MC_UINT digestSz = 32;
                     ret = wc_AriaShaFinal(info->hash.sha256->hSession,
                                         info->hash.digest, &digestSz);
@@ -573,13 +571,11 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha384->hSession), MC_ALGID_SHA384);
                 }
 
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.in != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     ret = wc_AriaShaUpdate(info->hash.sha384->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.digest != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     MC_UINT digestSz = 48;
                     ret = wc_AriaShaFinal(info->hash.sha384->hSession,
                                         info->hash.digest, &digestSz);

From b5592c4571bfbf89dadc593704bca11cf5cdd8b0 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Thu, 21 Dec 2023 16:47:01 -0500
Subject: [PATCH 5/5] Addressing PR comments

---
 wolfcrypt/src/port/aria/aria-cryptocb.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index 4a606260a..e52c83387 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -204,7 +204,7 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_EccPrivateKeyToDer(key,keyarr,keySz);
+        int ret = wc_EccPrivateKeyToDer(key, keyarr, keySz);
         if (ret < 0) { rv = ret; }
         else { keySz = ret; }
     }
@@ -265,12 +265,12 @@ int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
 
     WOLFSSL_ENTER("AriaVerify");
 
-    *res = 0; /* Default to invalid signature */
-
     if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
         return BAD_FUNC_ARG;
     }
 
+    *res = 0; /* Default to invalid signature */
+
     if (rv == MC_OK)
         rv = wc_AriaInit();
 
@@ -281,7 +281,7 @@ int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_EccPublicKeyToDer(key,keyarr,keySz,0);
+        int ret = wc_EccPublicKeyToDer(key, keyarr, keySz, 0);
         if (ret < 0) { rv = ret; }
         else { keySz = ret; }
     }