validate preconditions at public API boundary

This commit is contained in:
Jeremiah Mackey
2026-05-04 16:36:18 +00:00
parent 7b5330391b
commit cf9f852db6
6 changed files with 20 additions and 1 deletions
+2
View File
@@ -71,6 +71,8 @@
*/
int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz)
{
if ((cmac == NULL) || (in == NULL && inSz != 0))
return BAD_FUNC_ARG;
return _wc_Hash_Grow(&cmac->msg, &cmac->used, &cmac->len, in, inSz, cmac->aes.heap);
}
#endif /* WOLFSSL_HASH_KEEP */
+3
View File
@@ -971,6 +971,9 @@ int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
if (key == NULL || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
if (!key->privSet)
return ECC_BAD_ARG_E;
/* check size of outgoing buffer */
if (*outLen < CURVE25519_KEYSIZE) {
*outLen = CURVE25519_KEYSIZE;
+4
View File
@@ -478,6 +478,10 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (!key->privSet)) {
ret = ECC_BAD_ARG_E;
}
/* check size of outgoing buffer */
if ((ret == 0) && (*outLen < CURVE448_KEY_SIZE)) {
*outLen = CURVE448_KEY_SIZE;
+1 -1
View File
@@ -1414,7 +1414,7 @@ int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
int wc_ed25519_export_private_only(const ed25519_key* key, byte* out, word32* outLen)
{
/* sanity checks on arguments */
if (key == NULL || out == NULL || outLen == NULL)
if (key == NULL || !key->privKeySet || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
if (*outLen < ED25519_KEY_SIZE) {
+8
View File
@@ -1301,6 +1301,10 @@ int wc_ed448_export_private_only(const ed448_key* key, byte* out, word32* outLen
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (!key->privKeySet)) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (*outLen < ED448_KEY_SIZE)) {
*outLen = ED448_KEY_SIZE;
ret = BUFFER_E;
@@ -1333,6 +1337,10 @@ int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen)
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (!key->privKeySet)) {
ret = BAD_FUNC_ARG;
}
if ((ret == 0) && (*outLen < ED448_PRV_KEY_SIZE)) {
*outLen = ED448_PRV_KEY_SIZE;
ret = BUFFER_E;
+2
View File
@@ -928,6 +928,8 @@ WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng)
{
int isZero = 0;
int ret = 0;
if (rng == NULL)
return BAD_FUNC_ARG;
if (rng->bankref == NULL)
return BAD_FUNC_ARG;
wolfSSL_RefDec(&rng->bankref->refcount, &isZero, &ret);