Fenrir fixes

wolfcrypt/src/camellia.c

@@ -64,8 +64,7 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-/* u32 must be 32bit word */
-typedef unsigned int u32;
+typedef word32 u32;
 typedef unsigned char u8;
 
 /* key constants */
@@ -1591,6 +1590,9 @@ int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
+    if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
+        return BAD_LENGTH_E;
+    }
     blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {
@@ -1613,6 +1615,9 @@ int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
+    if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
+        return BAD_LENGTH_E;
+    }
     blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {

wolfcrypt/src/coding.c

@@ -174,6 +174,9 @@ int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
     int ret;
     const byte maxIdx = BASE64DECODE_TABLE_SZ + BASE64_MIN - 1;
 
+    if ((in == NULL && inLen > 0) || out == NULL || outLen == NULL)
+        return BAD_FUNC_ARG;
+
     while (inLen > 3) {
         int pad3 = 0;
         int pad4 = 0;
@@ -273,6 +276,9 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     word32 j = 0;
     int ret;
 
+    if ((in == NULL && inLen > 0) || out == NULL || outLen == NULL)
+        return BAD_FUNC_ARG;
+
     while (inLen > 3) {
         int pad3 = 0;
         int pad4 = 0;
@@ -474,6 +480,9 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     word32 addSz = (outSz + BASE64_LINE_SZ - 1) / BASE64_LINE_SZ;  /* new lines */
 
+    if (in == NULL && inLen > 0)
+        return BAD_FUNC_ARG;
+
     if (escaped == WC_ESC_NL_ENC)
         addSz *= 3;   /* instead of just \n, we're doing %0A triplet */
     else if (escaped == WC_NO_NL_ENC)

wolfcrypt/src/des3.c

@@ -1234,49 +1234,49 @@
 
     int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
-
         if (des == NULL || out == NULL || in == NULL)
             return BAD_FUNC_ARG;
+        if (sz % DES_BLOCK_SIZE != 0)
+            return BAD_LENGTH_E;
 
         return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
-            out, in, (blocks * DES_BLOCK_SIZE),
+            out, in, sz,
             PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
     }
 
     int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
-
         if (des == NULL || out == NULL || in == NULL)
             return BAD_FUNC_ARG;
+        if (sz % DES_BLOCK_SIZE != 0)
+            return BAD_LENGTH_E;
 
         return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
-            out, in, (blocks * DES_BLOCK_SIZE),
+            out, in, sz,
             PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
     }
 
     int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
-
         if (des == NULL || out == NULL || in == NULL)
             return BAD_FUNC_ARG;
+        if (sz % DES_BLOCK_SIZE != 0)
+            return BAD_LENGTH_E;
 
         return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
-            out, in, (blocks * DES_BLOCK_SIZE),
+            out, in, sz,
             PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
     }
 
     int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
-
         if (des == NULL || out == NULL || in == NULL)
             return BAD_FUNC_ARG;
+        if (sz % DES_BLOCK_SIZE != 0)
+            return BAD_LENGTH_E;
 
         return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
-            out, in, (blocks * DES_BLOCK_SIZE),
+            out, in, sz,
             PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
     }
 
@@ -1734,12 +1734,17 @@
 
     int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
+        word32 blocks;
 
         if (des == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
         }
 
+        if (sz % DES_BLOCK_SIZE != 0) {
+            return BAD_LENGTH_E;
+        }
+
+        blocks = sz / DES_BLOCK_SIZE;
         while (blocks--) {
             xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
             DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
@@ -1753,12 +1758,17 @@
 
     int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        word32 blocks = sz / DES_BLOCK_SIZE;
+        word32 blocks;
 
         if (des == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
         }
 
+        if (sz % DES_BLOCK_SIZE != 0) {
+            return BAD_LENGTH_E;
+        }
+
+        blocks = sz / DES_BLOCK_SIZE;
         while (blocks--) {
             XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
             DesProcessBlock(des, (byte*)des->tmp, out);
@@ -1809,6 +1819,10 @@
         }
     #endif /* WOLFSSL_ASYNC_CRYPT */
 
+        if (sz % DES_BLOCK_SIZE != 0) {
+            return BAD_LENGTH_E;
+        }
+
         blocks = sz / DES_BLOCK_SIZE;
         while (blocks--) {
             xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
@@ -1860,6 +1874,10 @@
         }
     #endif /* WOLFSSL_ASYNC_CRYPT */
 
+        if (sz % DES_BLOCK_SIZE != 0) {
+            return BAD_LENGTH_E;
+        }
+
         blocks = sz / DES_BLOCK_SIZE;
         while (blocks--) {
             XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);

wolfcrypt/src/random.c

@@ -496,8 +496,8 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
             /* using RDRAND not DRBG, so return success */
             return 0;
         }
-        return BAD_FUNC_ARG;
     #endif
+        return BAD_FUNC_ARG;
     }
 
     return Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, seed, seedSz);

wolfcrypt/src/rc2.c

@@ -279,7 +279,7 @@ int wc_Rc2EcbDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
 int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
 {
     int ret;
-    word32 blocks = (sz / RC2_BLOCK_SIZE);
+    word32 blocks;
 
     if (rc2 == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -289,6 +289,12 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
         return 0;
     }
 
+    if (sz % RC2_BLOCK_SIZE != 0) {
+        return BAD_LENGTH_E;
+    }
+
+    blocks = sz / RC2_BLOCK_SIZE;
+
     while (blocks--) {
         xorbuf((byte*)rc2->reg, in, RC2_BLOCK_SIZE);
         ret = wc_Rc2EcbEncrypt(rc2, (byte*)rc2->reg, (byte*)rc2->reg,
@@ -308,7 +314,7 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
 int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
 {
     int ret;
-    word32 blocks = (sz / RC2_BLOCK_SIZE);
+    word32 blocks;
 
     if (rc2 == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -318,6 +324,12 @@ int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
         return 0;
     }
 
+    if (sz % RC2_BLOCK_SIZE != 0) {
+        return BAD_LENGTH_E;
+    }
+
+    blocks = sz / RC2_BLOCK_SIZE;
+
     while (blocks--) {
         XMEMCPY(rc2->tmp, in, RC2_BLOCK_SIZE);
         ret = wc_Rc2EcbDecrypt(rc2, out, (byte*)rc2->tmp, RC2_BLOCK_SIZE);

wolfcrypt/src/rsa.c

@@ -207,10 +207,12 @@ RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code)
 
 int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
 {
+    void* heap;
     if (key == NULL)
         return BAD_FUNC_ARG;
+    heap = key->heap;
     wc_FreeRsaKey(key);
-    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    XFREE(key, heap, DYNAMIC_TYPE_RSA);
     if (key_p != NULL)
         *key_p = NULL;
     return 0;