Merge pull request #10136 from JeremiahM37/fenrir-issues-2

Fenrir fixes
This commit is contained in:
Sean Parkinson
2026-04-16 08:51:17 +10:00
committed by GitHub
9 changed files with 93 additions and 22 deletions
+6
View File
@@ -210,6 +210,12 @@ int test_wc_CamelliaCbcEncryptDecrypt(void)
WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* non-block-aligned input rejected with BAD_LENGTH_E */
ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
WC_CAMELLIA_BLOCK_SIZE - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E));
ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc,
WC_CAMELLIA_BLOCK_SIZE - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif
return EXPECT_RESULT();
} /* END test_wc_CamelliaCbcEncryptDecrypt */
+10
View File
@@ -165,6 +165,16 @@ int test_wc_Des3_CbcEncryptDecrypt(void)
ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#ifndef HAVE_FIPS
/* non-block-aligned input rejected with BAD_LENGTH_E.
* FIPS builds use the FIPS-certified DES3 implementation which does not
* have this check, so skip the test for FIPS. */
ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, DES_BLOCK_SIZE - 1),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, DES_BLOCK_SIZE - 1),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif
wc_Des3Free(&des);
#endif
return EXPECT_RESULT();
+6
View File
@@ -217,6 +217,12 @@ int test_wc_Rc2CbcEncryptDecrypt(void)
/* null input buffer */
ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* non-block-aligned input rejected with BAD_LENGTH_E */
ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE - 1),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, RC2_BLOCK_SIZE - 1),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif
return EXPECT_RESULT();
} /* END test_wc_Rc2CbcEncryptDecrypt */
+7 -2
View File
@@ -64,8 +64,7 @@
#include <wolfcrypt/src/misc.c>
#endif
/* u32 must be 32bit word */
typedef unsigned int u32;
typedef word32 u32;
typedef unsigned char u8;
/* key constants */
@@ -1591,6 +1590,9 @@ int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
if (cam == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
while (blocks--) {
@@ -1613,6 +1615,9 @@ int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
if (cam == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
while (blocks--) {
+14 -2
View File
@@ -174,6 +174,9 @@ int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
int ret;
const byte maxIdx = BASE64DECODE_TABLE_SZ + BASE64_MIN - 1;
if ((in == NULL && inLen > 0) || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
while (inLen > 3) {
int pad3 = 0;
int pad4 = 0;
@@ -273,6 +276,9 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
word32 j = 0;
int ret;
if ((in == NULL && inLen > 0) || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
while (inLen > 3) {
int pad3 = 0;
int pad4 = 0;
@@ -471,8 +477,14 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
int getSzOnly = (out == NULL);
word32 outSz = (inLen + 3 - 1) / 3 * 4;
word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */
word32 outSz;
word32 addSz;
if (in == NULL && inLen > 0)
return BAD_FUNC_ARG;
outSz = (inLen + 3 - 1) / 3 * 4;
addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ; /* new lines */
if (escaped == WC_ESC_NL_ENC)
addSz *= 3; /* instead of just \n, we're doing %0A triplet */
+32 -14
View File
@@ -1234,49 +1234,49 @@
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
}
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
}
int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
}
int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
}
@@ -1734,12 +1734,17 @@
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
word32 blocks;
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
@@ -1753,12 +1758,17 @@
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
word32 blocks;
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
DesProcessBlock(des, (byte*)des->tmp, out);
@@ -1779,6 +1789,10 @@
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
#ifdef WOLF_CRYPTO_CB
if (des->devId != INVALID_DEVID) {
int ret = wc_CryptoCb_Des3Encrypt(des, out, in, sz);
@@ -1830,6 +1844,10 @@
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
#ifdef WOLF_CRYPTO_CB
if (des->devId != INVALID_DEVID) {
int ret = wc_CryptoCb_Des3Decrypt(des, out, in, sz);
+1 -1
View File
@@ -496,8 +496,8 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
/* using RDRAND not DRBG, so return success */
return 0;
}
return BAD_FUNC_ARG;
#endif
return BAD_FUNC_ARG;
}
return Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, seed, seedSz);
+14 -2
View File
@@ -279,7 +279,7 @@ int wc_Rc2EcbDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
{
int ret;
word32 blocks = (sz / RC2_BLOCK_SIZE);
word32 blocks;
if (rc2 == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -289,6 +289,12 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
return 0;
}
if (sz % RC2_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / RC2_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)rc2->reg, in, RC2_BLOCK_SIZE);
ret = wc_Rc2EcbEncrypt(rc2, (byte*)rc2->reg, (byte*)rc2->reg,
@@ -308,7 +314,7 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
{
int ret;
word32 blocks = (sz / RC2_BLOCK_SIZE);
word32 blocks;
if (rc2 == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -318,6 +324,12 @@ int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
return 0;
}
if (sz % RC2_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / RC2_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(rc2->tmp, in, RC2_BLOCK_SIZE);
ret = wc_Rc2EcbDecrypt(rc2, out, (byte*)rc2->tmp, RC2_BLOCK_SIZE);
+3 -1
View File
@@ -270,11 +270,13 @@ RsaKey* wc_NewRsaKey_Label(const char* label, void* heap, int devId,
int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
{
void* heap;
if (key == NULL) {
return BAD_FUNC_ARG;
}
heap = key->heap;
wc_FreeRsaKey(key);
XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
XFREE(key, heap, DYNAMIC_TYPE_RSA);
if (key_p != NULL) {
*key_p = NULL;
}