From 70288b017fb98aafbca0eac92191b2236586dfb0 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 May 2026 14:23:59 -0600 Subject: [PATCH] add sanity check on AES key length --- wolfcrypt/src/port/tropicsquare/tropic01.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c index 33748543e9..e77ca2d6aa 100644 --- a/wolfcrypt/src/port/tropicsquare/tropic01.c +++ b/wolfcrypt/src/port/tropicsquare/tropic01.c @@ -317,10 +317,18 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) word32 keyLen = info->cipher.enc ? info->cipher.aesgcm_enc.aes->keylen : info->cipher.aesgcm_dec.aes->keylen; + if (keyLen != AES_128_KEY_SIZE && + keyLen != AES_192_KEY_SIZE && + keyLen != AES_256_KEY_SIZE) { + WOLFSSL_MSG_EX( + "TROPIC01: CryptoCB: invalid AES key length %u", + keyLen); + return BAD_FUNC_ARG; + } ret = Tropic01_GetKeyAES( lt_key, TROPIC01_AES_KEY_RMEM_SLOT, - keyLen); + TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES key,ret=%d", @@ -401,10 +409,17 @@ int Tropic01_CryptoCb(int devId, wc_CryptoInfo* info, void* ctx) #ifdef HAVE_AES_CBC if (info->cipher.type == WC_CIPHER_AES_CBC) { word32 keyLen = info->cipher.aescbc.aes->keylen; + if (keyLen != AES_128_KEY_SIZE && + keyLen != AES_192_KEY_SIZE && + keyLen != AES_256_KEY_SIZE) { + WOLFSSL_MSG_EX( + "TROPIC01: CryptoCB: invalid AES key length %u", keyLen); + return BAD_FUNC_ARG; + } ret = Tropic01_GetKeyAES( lt_key, TROPIC01_AES_KEY_RMEM_SLOT, - keyLen); + TROPIC01_AES_MAX_KEY_SIZE); if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES key,ret=%d", ret);