From edda2d3a47b4aedfa9a1a1a9cd644caafa647a24 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Tue, 9 Jun 2026 04:33:23 -0400 Subject: [PATCH] Address pr comments, skoll, etc. --- wolfcrypt/src/hmac.c | 17 +++++++---------- wolfcrypt/test/test.c | 24 +++++++++++++++++------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 5f2f3073a8..48d84c60f7 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1754,29 +1754,27 @@ int wolfSSL_GetHmacMaxSize(void) const byte* localSalt; /* either points to user input or tmp */ word32 hashSz; - if (out == NULL || (inKey == NULL && inKeySz > 0)) { + if (out == NULL || (inKey == NULL && inKeySz > 0)) return BAD_FUNC_ARG; - } #ifdef WOLF_CRYPTO_CB /* Try crypto callback first */ if (devId != INVALID_DEVID) { - ret = wc_CryptoCb_Hkdf_Extract(type, salt, saltSz, inKey, inKeySz, - out, devId); + ret = wc_CryptoCb_Hkdf_Extract(type, salt, saltSz, inKey, inKeySz, + out, devId); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; } #endif ret = wc_HmacSizeByType(type); - if (ret < 0) { + if (ret < 0) return ret; - } + hashSz = (word32)ret; WC_ALLOC_VAR_EX(myHmac, Hmac, 1, NULL, DYNAMIC_TYPE_HMAC, return MEMORY_E); - hashSz = (word32)ret; localSalt = salt; if (localSalt == NULL) { XMEMSET(tmp, 0, hashSz); @@ -1832,7 +1830,7 @@ int wolfSSL_GetHmacMaxSize(void) word32 hashSz; byte n = 0x1; - if (inKey == NULL || out == NULL) + if (out == NULL || (inKey == NULL && inKeySz > 0)) return BAD_FUNC_ARG; ret = wc_HmacSizeByType(type); @@ -1947,9 +1945,8 @@ int wolfSSL_GetHmacMaxSize(void) #endif ret = wc_HmacSizeByType(type); - if (ret < 0) { + if (ret < 0) return ret; - } hashSz = (word32)ret; ret = wc_HKDF_Extract_ex(type, salt, saltSz, inKey, inKeySz, prk, heap, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5228b5f3bf..6fbc82ce8b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -34800,7 +34800,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ L = (int)sizeof(okm1); -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) +#if !defined(HAVE_SELFTEST) ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId); #else @@ -34812,7 +34812,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (XMEMCMP(okm1, res2, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; -#endif /* HAVE_FIPS */ +#endif /* !HAVE_FIPS */ #endif /* !NO_SHA */ #ifndef NO_SHA256 @@ -34845,7 +34845,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (XMEMCMP(okm1, res4, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; -#endif /* HAVE_FIPS */ +#endif /* !HAVE_FIPS */ #endif /* !NO_SHA256 */ #ifndef NO_SHA @@ -34873,7 +34873,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) #ifndef HAVE_FIPS /* fips can't have key size under 14 bytes, salt is key too */ -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) +#if !defined(HAVE_SELFTEST) ret = wc_HKDF_Extract_ex(WC_SHA, salt1, (word32)sizeof(salt1), ikm1, 11, prk, HEAP_HINT, devId); #else @@ -34882,7 +34882,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) +#if !defined(HAVE_SELFTEST) ret = wc_HKDF_Expand_ex(WC_SHA, prk, WC_SHA_DIGEST_SIZE, info1, (word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId); #else @@ -34894,7 +34894,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (XMEMCMP(okm1, res2, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; -#endif /* HAVE_FIPS */ +#endif /* !HAVE_FIPS */ #endif /* !NO_SHA */ #ifndef NO_SHA256 @@ -34944,7 +34944,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (XMEMCMP(okm1, res4, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; -#endif /* HAVE_FIPS */ +#endif /* !HAVE_FIPS */ #endif /* !NO_SHA256 */ #endif /* !NO_SHA || !NO_SHA256 */ @@ -34958,6 +34958,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, NULL, 5, okm1); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); + /* wc_HKDF_Expand bad arg: NULL out */ + ret = wc_HKDF_Expand(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, info1, + (word32)sizeof(info1), NULL, (word32)L); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* wc_HKDF_Expand bad arg: NULL inKey with non-zero inKeySz */ + ret = wc_HKDF_Expand(WC_SHA256, NULL, WC_SHA256_DIGEST_SIZE, info1, + (word32)sizeof(info1), okm1, (word32)L); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); #endif /* !NO_SHA256 && !HAVE_SELFTEST && */ /* (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */