From 132079d2a13a5b73d2ace2e291a150908dc9c80b Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 9 Jun 2026 10:02:51 -0500 Subject: [PATCH 1/8] hmac: err on update if key not set. --- tests/api/test_hmac.c | 15 +++++++++++++++ wolfcrypt/src/hmac.c | 1 + 2 files changed, 16 insertions(+) diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c index b2c83f2794..5c628f0086 100644 --- a/tests/api/test_hmac.c +++ b/tests/api/test_hmac.c @@ -305,6 +305,9 @@ int test_wc_Md5HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + /* update before setkey results in err. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -346,6 +349,9 @@ int test_wc_ShaHmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + /* update before setkey results in err. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -387,6 +393,9 @@ int test_wc_Sha224HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + /* update before setkey results in err. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -428,6 +437,9 @@ int test_wc_Sha256HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + /* update before setkey results in err. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -469,6 +481,9 @@ int test_wc_Sha384HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + /* update before setkey results in err. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index b18c0e0e49..963c4ab2b5 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1135,6 +1135,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #endif default: + ret = BAD_FUNC_ARG; break; } From 04e57d7fd7a45b41ba2e24eec7af0436e66d145a Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 9 Jun 2026 10:51:58 -0500 Subject: [PATCH 2/8] evp: fix dangling pkey pointer. --- wolfcrypt/src/evp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 7dfa159227..d4dd514297 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9850,6 +9850,7 @@ static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) 1)) < 0) { XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); derBuf = NULL; + pkey->pkey.ptr = NULL; } } } From 8b8603c702dc72e2698861422d61c8467f31c293 Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 9 Jun 2026 11:20:28 -0500 Subject: [PATCH 3/8] pwdbased: add missing force zero. --- wolfcrypt/src/pwdbased.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 86ced62fc4..c25b6f6da8 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -778,6 +778,7 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, } WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + ForceZero(buffer, totalLen); if (buffer != staticBuffer) { XFREE(buffer, heap, DYNAMIC_TYPE_KEY); } From f063721fac5d72eecc31c966059a567a9730d59b Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 9 Jun 2026 12:27:08 -0500 Subject: [PATCH 4/8] dsa: check that key was created before export. --- tests/api/test_dsa.c | 3 +++ wolfcrypt/src/dsa.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/tests/api/test_dsa.c b/tests/api/test_dsa.c index bfdc08e212..5f239dbe92 100644 --- a/tests/api/test_dsa.c +++ b/tests/api/test_dsa.c @@ -555,6 +555,9 @@ int test_wc_DsaExportKeyRaw(void) ExpectIntEQ(wc_InitDsaKey(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0); + /* export before make key should return error. */ + ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); /* try successful export */ diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 5df809c2da..a504b43267 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -709,6 +709,11 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) if (dsa == NULL || xSz == NULL || ySz == NULL) return BAD_FUNC_ARG; + /* check we have a key to export */ + if (mp_iszero(&dsa->x) || mp_iszero(&dsa->y)) { + return BAD_FUNC_ARG; + } + /* get required output buffer sizes */ xLen = (word32)mp_unsigned_bin_size(&dsa->x); yLen = (word32)mp_unsigned_bin_size(&dsa->y); From 2648a84f46449a8eca41fe0225c6aa17a24e048b Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 10 Jun 2026 01:11:35 -0500 Subject: [PATCH 5/8] hmac: appease multi-test for unused ret value. --- wolfcrypt/src/hmac.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 963c4ab2b5..12fbc5c670 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1019,8 +1019,6 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) ret = wc_CryptoCb_Hmac(hmac, hmac->macType, msg, length, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; - /* fall-through when unavailable */ - ret = 0; /* reset error code */ } #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) From 2f5ad2d1d21085a153625191983c5247f1e2e244 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 10 Jun 2026 09:53:00 -0500 Subject: [PATCH 6/8] hmac: cleanup, and fix fips gating in api tests. --- tests/api/test_hmac.c | 10 ++++++++++ wolfcrypt/src/hmac.c | 1 + 2 files changed, 11 insertions(+) diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c index 5c628f0086..0602f5f908 100644 --- a/tests/api/test_hmac.c +++ b/tests/api/test_hmac.c @@ -305,9 +305,11 @@ int test_wc_Md5HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -349,9 +351,11 @@ int test_wc_ShaHmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -393,9 +397,11 @@ int test_wc_Sha224HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -437,9 +443,11 @@ int test_wc_Sha256HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); @@ -481,9 +489,11 @@ int test_wc_Sha384HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 12fbc5c670..1df8389917 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1019,6 +1019,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) ret = wc_CryptoCb_Hmac(hmac, hmac->macType, msg, length, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; + /* fall-through when unavailable */ } #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) From 7926d9dea46a7844a31b9566df1ac8c35150b2b3 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 10 Jun 2026 14:10:21 -0500 Subject: [PATCH 7/8] dsa: fix fips gating in api tests. --- tests/api/test_dsa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api/test_dsa.c b/tests/api/test_dsa.c index 5f239dbe92..0fd0efaebe 100644 --- a/tests/api/test_dsa.c +++ b/tests/api/test_dsa.c @@ -555,9 +555,11 @@ int test_wc_DsaExportKeyRaw(void) ExpectIntEQ(wc_InitDsaKey(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0); + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* export before make key should return error. */ ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); /* try successful export */ From ab09d0c95b61adc0dea668b2f9fb42d83b8a1f4e Mon Sep 17 00:00:00 2001 From: jordan Date: Fri, 12 Jun 2026 00:12:45 -0500 Subject: [PATCH 8/8] misc_fixes: cleanup for skoll review. --- tests/api/test_dsa.c | 5 ++--- tests/api/test_hmac.c | 6 ++++-- wolfcrypt/src/dsa.c | 10 +++++----- wolfcrypt/src/evp.c | 3 ++- wolfcrypt/src/hmac.c | 2 ++ wolfcrypt/src/pwdbased.c | 1 + 6 files changed, 16 insertions(+), 11 deletions(-) diff --git a/tests/api/test_dsa.c b/tests/api/test_dsa.c index 0fd0efaebe..b645a57f45 100644 --- a/tests/api/test_dsa.c +++ b/tests/api/test_dsa.c @@ -547,7 +547,8 @@ int test_wc_DsaExportKeyRaw(void) WC_RNG rng; byte xOut[MAX_DSA_PARAM_SIZE]; byte yOut[MAX_DSA_PARAM_SIZE]; - word32 xOutSz, yOutSz; + word32 xOutSz = sizeof(xOut); + word32 yOutSz = sizeof(yOut); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&rng, 0, sizeof(rng)); @@ -563,8 +564,6 @@ int test_wc_DsaExportKeyRaw(void) ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); /* try successful export */ - xOutSz = sizeof(xOut); - yOutSz = sizeof(yOut); ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0); /* test bad args */ diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c index 0602f5f908..8ecb7f4b86 100644 --- a/tests/api/test_hmac.c +++ b/tests/api/test_hmac.c @@ -305,11 +305,13 @@ int test_wc_Md5HmacUpdate(void) b.inLen = XSTRLEN(b.input); ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + #if !defined(WOLFSSL_KCAPI_HMAC) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) /* update before setkey results in err. */ ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ + #endif /* !WOLFSSL_KCAPI_HMAC && !HAVE_SELFTEST && \ + (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys)), 0); ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index a504b43267..6ae9d0a1ab 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -709,11 +709,6 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) if (dsa == NULL || xSz == NULL || ySz == NULL) return BAD_FUNC_ARG; - /* check we have a key to export */ - if (mp_iszero(&dsa->x) || mp_iszero(&dsa->y)) { - return BAD_FUNC_ARG; - } - /* get required output buffer sizes */ xLen = (word32)mp_unsigned_bin_size(&dsa->x); yLen = (word32)mp_unsigned_bin_size(&dsa->y); @@ -728,6 +723,11 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) if (x == NULL || y == NULL) return BAD_FUNC_ARG; + /* check we have a key to export */ + if (mp_iszero(&dsa->x) && mp_iszero(&dsa->y)) { + return BAD_FUNC_ARG; + } + /* export x */ if (*xSz < xLen) { WOLFSSL_MSG("Output buffer for DSA private key (x) too small, " diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index d4dd514297..5001288338 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9848,9 +9848,10 @@ static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) pkey->pkey.ptr = (char*)derBuf; if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, (word32)derSz, 1)) < 0) { - XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL); derBuf = NULL; pkey->pkey.ptr = NULL; + pkey->pkey_sz = 0; } } } diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 1df8389917..68d21ab052 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -368,6 +368,7 @@ static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst) #endif default: + ret = BAD_FUNC_ARG; break; } @@ -475,6 +476,7 @@ static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad) #endif default: + ret = BAD_FUNC_ARG; break; } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index c25b6f6da8..c27e12515b 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -777,6 +777,7 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, #endif } + ForceZero(B, WC_MAX_BLOCK_SIZE); WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); ForceZero(buffer, totalLen); if (buffer != staticBuffer) {