riscv: add missing argument checks in AES port

Align the RISC-V AES port's argument validation with the generic aes.c
implementations (and with the port's own vector/scalar-crypto siblings):

* wc_AesSetKey (base assembly variant, i.e. neither
  WOLFSSL_RISCV_VECTOR_CRYPTO_ASM nor WOLFSSL_RISCV_SCALAR_CRYPTO_ASM):
  reject key == NULL. The vector and scalar-crypto variants of the same
  function already check it; the base variant passed NULL through to the
  key expansion and wc_AesGcmSetKey then dereferenced the uninitialized
  schedule, crashing on e.g. wc_AesGcmSetKey(aes, NULL, 16).

* wc_AesCcmEncrypt / wc_AesCcmDecrypt: reject authIn == NULL when
  authInSz > 0, as the generic implementation does. The port otherwise
  walks the NULL authIn buffer while computing the CBC-MAC.

Found by the ISO 26262 per-module MC/DC campaign's argument-matrix tests
(test_wc_AesGcmSetKey, test_wc_AesCcmArgMcdc) running the RISC-V port
under qemu-riscv64: upstream CI only exercises this port with the KAT
suite, which never passes invalid arguments.
This commit is contained in:
Daniele Lacamera
2026-07-08 16:37:08 +02:00
parent dcc2b23b1a
commit 7b72cf6acf
+3 -1
View File
@@ -2946,7 +2946,7 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
int ret = 0;
/* Validate parameters. */
if (aes == NULL) {
if ((aes == NULL) || (key == NULL)) {
ret = BAD_FUNC_ARG;
}
/* Check key size is supported by AES object. */
@@ -9097,6 +9097,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
/* sanity check on arguments */
if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) ||
((authInSz > 0) && (authIn == NULL)) ||
(nonce == NULL) || (authTag == NULL) || (nonceSz < 7) ||
(nonceSz > 13)) {
ret = BAD_FUNC_ARG;
@@ -9188,6 +9189,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
/* sanity check on arguments */
if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) ||
((authInSz > 0) && (authIn == NULL)) ||
(nonce == NULL) || (authTag == NULL) || (nonceSz < 7) ||
(nonceSz > 13)) {
ret = BAD_FUNC_ARG;