Merge pull request #10504 from miyazakh/f-2180_pbkdf

f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
This commit is contained in:
Sean Parkinson
2026-05-28 09:32:01 +10:00
committed by GitHub
8 changed files with 134 additions and 7 deletions
+1
View File
@@ -2951,6 +2951,7 @@ if(WOLFSSL_EXAMPLES)
tests/api/test_asn.c
tests/api/test_pkcs7.c
tests/api/test_pkcs12.c
tests/api/test_pwdbased.c
tests/api/test_ossl_asn1.c
tests/api/test_ossl_bio.c
tests/api/test_ossl_bn.c
+4
View File
@@ -242,6 +242,7 @@
#include <tests/api/test_asn.h>
#include <tests/api/test_pkcs7.h>
#include <tests/api/test_pkcs12.h>
#include <tests/api/test_pwdbased.h>
#include <tests/api/test_ossl_asn1.h>
#include <tests/api/test_ossl_bn.h>
#include <tests/api/test_ossl_bio.h>
@@ -40260,6 +40261,9 @@ TEST_CASE testCases[] = {
/* wolfCrypt PKCS#12 */
TEST_PKCS12_DECLS,
/* wolfCrypt pwdbased (PBKDF1/PBKDF2) */
TEST_PWDBASED_DECLS,
/*
* test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to
* avoid memory leaks.
+3
View File
@@ -66,6 +66,8 @@ tests_unit_test_SOURCES += tests/api/test_asn.c
tests_unit_test_SOURCES += tests/api/test_pkcs7.c
# PKCS#12
tests_unit_test_SOURCES += tests/api/test_pkcs12.c
# pwdbased (PBKDF1/PBKDF2)
tests_unit_test_SOURCES += tests/api/test_pwdbased.c
# OpenSSL ASN.1
tests_unit_test_SOURCES += tests/api/test_ossl_asn1.c
# OpenSSL BN
@@ -166,6 +168,7 @@ EXTRA_DIST += tests/api/test_x509.h
EXTRA_DIST += tests/api/test_asn.h
EXTRA_DIST += tests/api/test_pkcs7.h
EXTRA_DIST += tests/api/test_pkcs12.h
EXTRA_DIST += tests/api/test_pwdbased.h
EXTRA_DIST += tests/api/test_ossl_asn1.h
EXTRA_DIST += tests/api/test_ossl_bn.h
EXTRA_DIST += tests/api/test_ossl_bio.h
+12 -3
View File
@@ -647,10 +647,11 @@ int test_wc_PKCS12_PBKDF(void)
salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0);
ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
/* iterations <= 0 treated as 1 */
/* iterations <= 0 must be rejected */
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), 0);
ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), BAD_FUNC_ARG);
ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1), BAD_FUNC_ARG);
#endif
return EXPECT_RESULT();
}
@@ -714,6 +715,14 @@ int test_wc_PKCS12_PBKDF_ex(void)
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 2, NULL), 0);
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0);
/* iterations <= 0 must be rejected */
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1, NULL),
BAD_FUNC_ARG);
ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1, 24, WC_SHA256, 1, NULL),
BAD_FUNC_ARG);
#endif
return EXPECT_RESULT();
}
+72
View File
@@ -0,0 +1,72 @@
/* test_pwdbased.c
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <tests/unit.h>
#include <wolfssl/wolfcrypt/pwdbased.h>
#include <tests/api/api.h>
#include <tests/api/test_pwdbased.h>
/* test that wc_PBKDF1_ex rejects iterations <= 0 */
int test_wc_PBKDF1_ex_iterations(void)
{
EXPECT_DECLS;
#if defined(HAVE_PBKDF1) && !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(HAVE_SELFTEST)
static const byte passwd[] = { 'p', 'a', 's', 's' };
static const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
0x5d, 0x63, 0xcb, 0x06 };
byte derived[16];
ExpectIntEQ(wc_PBKDF1_ex(derived, (int)sizeof(derived), NULL, 0,
passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0, WC_SHA, HEAP_HINT),
BAD_FUNC_ARG);
ExpectIntEQ(wc_PBKDF1_ex(derived, (int)sizeof(derived), NULL, 0,
passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1, WC_SHA, HEAP_HINT),
BAD_FUNC_ARG);
#endif
return EXPECT_RESULT();
}
/* test that wc_PBKDF2_ex rejects iterations <= 0 */
int test_wc_PBKDF2_ex_iterations(void)
{
EXPECT_DECLS;
#if defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
!defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
static const byte passwd[] = { 'p', 'a', 's', 's' };
static const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
0x5d, 0x63, 0xcb, 0x06 };
byte derived[24];
ExpectIntEQ(wc_PBKDF2_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), 0,
(int)sizeof(derived), WC_SHA256, HEAP_HINT, INVALID_DEVID),
BAD_FUNC_ARG);
ExpectIntEQ(wc_PBKDF2_ex(derived, passwd, (int)sizeof(passwd),
salt, (int)sizeof(salt), -1,
(int)sizeof(derived), WC_SHA256, HEAP_HINT, INVALID_DEVID),
BAD_FUNC_ARG);
#endif
return EXPECT_RESULT();
}
+34
View File
@@ -0,0 +1,34 @@
/* test_pwdbased.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFCRYPT_TEST_PWDBASED_H
#define WOLFCRYPT_TEST_PWDBASED_H
#include <tests/api/api_decl.h>
int test_wc_PBKDF1_ex_iterations(void);
int test_wc_PBKDF2_ex_iterations(void);
#define TEST_PWDBASED_DECLS \
TEST_DECL_GROUP("pwdbased", test_wc_PBKDF1_ex_iterations), \
TEST_DECL_GROUP("pwdbased", test_wc_PBKDF2_ex_iterations)
#endif /* WOLFCRYPT_TEST_PWDBASED_H */
+4
View File
@@ -6791,6 +6791,10 @@ void wolfSSL_EVP_init(void)
if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
goto end;
/* OpenSSL treats count <= 0 as 1 iteration */
if (count <= 0)
count = 1;
ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz,
salt, EVP_SALT_SIZE, count, hashType, NULL);
if (ret == 0)
+4 -4
View File
@@ -98,7 +98,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
return BAD_FUNC_ARG;
if (iterations <= 0)
iterations = 1;
return BAD_FUNC_ARG;
if (iterations > current_wc_pbkdf_max_iterations) {
WOLFSSL_MSG("PBKDF1 iteration count exceeds current_wc_pbkdf_max_iterations");
@@ -239,7 +239,7 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
}
#endif
if (iterations <= 0)
iterations = 1;
return BAD_FUNC_ARG;
if (iterations > current_wc_pbkdf_max_iterations) {
WOLFSSL_MSG("PBKDF2 iteration count exceeds current_wc_pbkdf_max_iterations");
@@ -432,7 +432,7 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
}
if (iterations <= 0)
iterations = 1;
return BAD_FUNC_ARG;
if (iterations > current_wc_pbkdf_max_iterations) {
WOLFSSL_MSG("PKCS12 PBKDF iteration count exceeds "
@@ -660,7 +660,7 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
}
if (iterations <= 0) {
iterations = 1;
return BAD_FUNC_ARG;
}
if (iterations > current_wc_pbkdf_max_iterations) {