Merge pull request #2578 from cariepointer/ZD-9478-and-9479

Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
2019-12-19 10:59:05 -08:00 · 2019-12-19 10:59:05 -08:00 · 3342a19e29
parent 2aa8fa2de6 cfd91fb0b8
commit 3342a19e29
3 changed files with 9 additions and 10 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -11428,15 +11428,14 @@ static int test_wc_Arc4SetKey (void)
    /* Test bad args. */
    if (ret == 0) {
        ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
-        if (ret == BAD_FUNC_ARG) {
-            ret = wc_Arc4SetKey(&arc, NULL, keyLen);
-        }
-        if (ret == BAD_FUNC_ARG) {
-            /* Exits normally if keyLen is incorrect. */
-            ret = wc_Arc4SetKey(&arc, (byte*)key, 0);
-        } else {
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
+        if (ret == BAD_FUNC_ARG)
+            ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
+        if (ret == BAD_FUNC_ARG)
+            ret = WOLFSSL_ERROR_NONE;
+        else
            ret = WOLFSSL_FATAL_ERROR;
-        }
    } /* END test bad args. */

    printf(resultFmt, ret == 0 ? passed : failed);
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@ -38,7 +38,7 @@ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
    word32 i;
    word32 keyIndex = 0, stateIndex = 0;

-    if (arc4 == NULL || key == NULL) {
+    if (arc4 == NULL || key == NULL || length == 0) {
        return BAD_FUNC_ARG;
    }

--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@ -715,7 +715,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
    if (blockSize > 8)
        return BAD_FUNC_ARG;

-    if (cost < 1 || cost >= 128 * blockSize / 8)
+    if (cost < 1 || cost >= 128 * blockSize / 8 || parallel < 1 || dkLen < 1)
        return BAD_FUNC_ARG;

    bSz = 128 * blockSize;