diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 2835c556cd..b5e23f85b1 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -71,6 +71,8 @@ */ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz) { + if ((cmac == NULL) || (in == NULL && inSz != 0)) + return BAD_FUNC_ARG; return _wc_Hash_Grow(&cmac->msg, &cmac->used, &cmac->len, in, inSz, cmac->aes.heap); } #endif /* WOLFSSL_HASH_KEEP */ diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index f8ca74255c..a7d0ec7ff5 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -971,6 +971,9 @@ int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, if (key == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; + if (!key->privSet) + return ECC_BAD_ARG_E; + /* check size of outgoing buffer */ if (*outLen < CURVE25519_KEYSIZE) { *outLen = CURVE25519_KEYSIZE; diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c index cbf3486364..8f1ded41dc 100644 --- a/wolfcrypt/src/curve448.c +++ b/wolfcrypt/src/curve448.c @@ -478,6 +478,10 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, ret = BAD_FUNC_ARG; } + if ((ret == 0) && (!key->privSet)) { + ret = ECC_BAD_ARG_E; + } + /* check size of outgoing buffer */ if ((ret == 0) && (*outLen < CURVE448_KEY_SIZE)) { *outLen = CURVE448_KEY_SIZE; diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index e741f32d0a..8b37519126 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1414,7 +1414,7 @@ int wc_ed25519_import_private_key(const byte* priv, word32 privSz, int wc_ed25519_export_private_only(const ed25519_key* key, byte* out, word32* outLen) { /* sanity checks on arguments */ - if (key == NULL || out == NULL || outLen == NULL) + if (key == NULL || !key->privKeySet || out == NULL || outLen == NULL) return BAD_FUNC_ARG; if (*outLen < ED25519_KEY_SIZE) { diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c index a3f931f5c5..0b6b1e4108 100644 --- a/wolfcrypt/src/ed448.c +++ b/wolfcrypt/src/ed448.c @@ -1301,6 +1301,10 @@ int wc_ed448_export_private_only(const ed448_key* key, byte* out, word32* outLen ret = BAD_FUNC_ARG; } + if ((ret == 0) && (!key->privKeySet)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (*outLen < ED448_KEY_SIZE)) { *outLen = ED448_KEY_SIZE; ret = BUFFER_E; @@ -1333,6 +1337,10 @@ int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen) ret = BAD_FUNC_ARG; } + if ((ret == 0) && (!key->privKeySet)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (*outLen < ED448_PRV_KEY_SIZE)) { *outLen = ED448_PRV_KEY_SIZE; ret = BUFFER_E; diff --git a/wolfcrypt/src/rng_bank.c b/wolfcrypt/src/rng_bank.c index a57b1a2edc..3aff7a821e 100644 --- a/wolfcrypt/src/rng_bank.c +++ b/wolfcrypt/src/rng_bank.c @@ -928,6 +928,8 @@ WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng) { int isZero = 0; int ret = 0; + if (rng == NULL) + return BAD_FUNC_ARG; if (rng->bankref == NULL) return BAD_FUNC_ARG; wolfSSL_RefDec(&rng->bankref->refcount, &isZero, &ret);