riscv: return KEYUSAGE_E for AES use without a key schedule

The generic wc_AesEncrypt/wc_AesDecrypt (aes.c) reject an AES object
whose key schedule was never set (rounds outside 1..7 after halving)
with KEYUSAGE_E, and every mode inherits that through their int return.
The RISC-V port's block helpers are void, so nothing reported unkeyed
use: wc_AesEncryptDirect and wc_AesCcmEncrypt/Decrypt silently
processed with a garbage schedule, and wc_AesCtrEncrypt classified it
as BAD_FUNC_ARG instead of KEYUSAGE_E.

Align the port with the generic error contract:
* wc_AesEncryptDirect / wc_AesDecryptDirect: add the generic rounds
  check (also fixes wc_CmacUpdate error reporting, which goes through
  wc_AesEncryptDirect on this port)
* wc_AesCcmEncrypt / wc_AesCcmDecrypt: same check after the argument
  sanity block
* wc_AesCtrEncrypt (both variants): the existing rounds switch now
  returns KEYUSAGE_E instead of BAD_FUNC_ARG

Found by the ISO 26262 MC/DC campaign argument-matrix tests
(test_wc_AesSetKeyArgMcdc, test_wc_AesModesArgMcdc, test_wc_AesCcmArgMcdc,
test_wc_CmacArgMcdc) under qemu-riscv64.
This commit is contained in:
Daniele Lacamera
2026-07-08 18:29:52 +02:00
parent 7b72cf6acf
commit fc1bb6395d
+32 -2
View File
@@ -1375,8 +1375,10 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#endif /* WOLFSSL_AES_256 */
break;
default:
/* Not set or corrupted: match the generic wc_AesEncrypt
* (aes.c) behavior for an unusable key schedule. */
WOLFSSL_MSG("Bad AES-CTR round value");
ret = BAD_FUNC_ARG;
ret = KEYUSAGE_E;
}
}
@@ -4125,8 +4127,10 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#endif /* WOLFSSL_AES_256 */
break;
default:
/* Not set or corrupted: match the generic wc_AesEncrypt
* (aes.c) behavior for an unusable key schedule. */
WOLFSSL_MSG("Bad AES-CTR round value");
ret = BAD_FUNC_ARG;
ret = KEYUSAGE_E;
}
}
@@ -4236,6 +4240,12 @@ int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
WOLFSSL_MSG("Invalid input to wc_AesEncryptDirect");
ret = BAD_FUNC_ARG;
}
/* wc_AesEncrypt is void here so it cannot report an unusable key
* schedule itself; match the generic wc_AesEncrypt (aes.c) check. */
if ((ret == 0) &&
(((aes->rounds >> 1) > 7) || ((aes->rounds >> 1) == 0))) {
ret = KEYUSAGE_E;
}
if (ret == 0) {
wc_AesEncrypt(aes, in, out);
}
@@ -4259,6 +4269,12 @@ int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
WOLFSSL_MSG("Invalid input to wc_AesDecryptDirect");
ret = BAD_FUNC_ARG;
}
/* wc_AesDecrypt is void here so it cannot report an unusable key
* schedule itself; match the generic wc_AesDecrypt (aes.c) check. */
if ((ret == 0) &&
(((aes->rounds >> 1) > 7) || ((aes->rounds >> 1) == 0))) {
ret = KEYUSAGE_E;
}
if (ret == 0) {
wc_AesDecrypt(aes, in, out);
}
@@ -9102,6 +9118,13 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
(nonceSz > 13)) {
ret = BAD_FUNC_ARG;
}
/* The block cipher helpers are void here so they cannot report an
* unusable key schedule; match the generic wc_AesEncrypt (aes.c)
* check. */
if ((ret == 0) &&
(((aes->rounds >> 1) > 7) || ((aes->rounds >> 1) == 0))) {
ret = KEYUSAGE_E;
}
if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) {
ret = BAD_FUNC_ARG;
@@ -9194,6 +9217,13 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
(nonceSz > 13)) {
ret = BAD_FUNC_ARG;
}
/* The block cipher helpers are void here so they cannot report an
* unusable key schedule; match the generic wc_AesEncrypt (aes.c)
* check. */
if ((ret == 0) &&
(((aes->rounds >> 1) > 7) || ((aes->rounds >> 1) == 0))) {
ret = KEYUSAGE_E;
}
if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) {
ret = BAD_FUNC_ARG;