From 1d02943658ff5a5f59c81f2eaca775913e14a9fc Mon Sep 17 00:00:00 2001
From: Carie Pointer <carie@wolfssl.com>
Date: Fri, 8 Nov 2019 09:40:07 -0700
Subject: [PATCH 1/3] Sanity check in wc_scrypt for invalid params <= 0

---
 wolfcrypt/src/pwdbased.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index dfc4db50d..571c91483 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -708,7 +708,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
     if (blockSize > 8)
         return BAD_FUNC_ARG;
 
-    if (cost < 1 || cost >= 128 * blockSize / 8)
+    if (cost < 1 || cost >= 128 * blockSize / 8 || parallel < 1 || dkLen < 1)
         return BAD_FUNC_ARG;
 
     bSz = 128 * blockSize;

From a2cdb870679deae34c1ff36dda5930cb9888bf45 Mon Sep 17 00:00:00 2001
From: Carie Pointer <carie@wolfssl.com>
Date: Fri, 8 Nov 2019 14:54:39 -0700
Subject: [PATCH 2/3] Add check for if length is <= 0 in wc_Arc4SetKey

---
 tests/api.c          | 15 +++++++--------
 wolfcrypt/src/arc4.c |  2 +-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 275f2bf10..ae60089d9 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -11262,15 +11262,14 @@ static int test_wc_Arc4SetKey (void)
     /* Test bad args. */
     if (ret == 0) {
         ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
-        if (ret == BAD_FUNC_ARG) {
-            ret = wc_Arc4SetKey(&arc, NULL, keyLen);
-        }
-        if (ret == BAD_FUNC_ARG) {
-            /* Exits normally if keyLen is incorrect. */
-            ret = wc_Arc4SetKey(&arc, (byte*)key, 0);
-        } else {
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
+        if (ret == BAD_FUNC_ARG)
+            ret = WOLFSSL_ERROR_NONE;
+        else
             ret = WOLFSSL_FATAL_ERROR;
-        }
     } /* END test bad args. */
 
     printf(resultFmt, ret == 0 ? passed : failed);
diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index ac849a908..a9c476b33 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -38,7 +38,7 @@ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
     word32 i;
     word32 keyIndex = 0, stateIndex = 0;
 
-    if (arc4 == NULL || key == NULL) {
+    if (arc4 == NULL || key == NULL || length <= 0) {
         return BAD_FUNC_ARG;
     }
 

From cfd91fb0b8813740e775f88a3b37d3c9b0da21bd Mon Sep 17 00:00:00 2001
From: Carie Pointer <carie@wolfssl.com>
Date: Tue, 17 Dec 2019 13:28:50 -0700
Subject: [PATCH 3/3] Add check for length == 0 in wc_Arc4SetKey

---
 wolfcrypt/src/arc4.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index a9c476b33..9fcd71d86 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -38,7 +38,7 @@ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
     word32 i;
     word32 keyIndex = 0, stateIndex = 0;
 
-    if (arc4 == NULL || key == NULL || length <= 0) {
+    if (arc4 == NULL || key == NULL || length == 0) {
         return BAD_FUNC_ARG;
     }