From edf1439151c765a6e6b3518939b6116401f72a33 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 13 May 2026 16:55:02 -0700 Subject: [PATCH 1/8] Properly set ret and error out when tsip_RsakeyImport fails. Fixes F-3772. --- wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index 732120be2c1..eb1ca93d868 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -260,7 +260,9 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc) return BAD_FUNC_ARG; } - if (tsip_RsakeyImport(tuc) == 0) { + ret = tsip_RsakeyImport(tuc); + + if (ret == 0) { type = info->pk.rsa.type; keySize = (int)tuc->wrappedKeyType; @@ -364,7 +366,10 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = CRYPTOCB_UNAVAILABLE; } - if (tsip_RsakeyImport(tuc) == 0) { + if (ret == 0) + ret = tsip_RsakeyImport(tuc); + + if (ret == 0) { hashData.pdata = (uint8_t*)info->pk.rsa.out; hashData.data_length = *(info->pk.rsa.outLen); hashData.data_type = From 8c4ad8d573433b2bc4fcc08ef3f87338220edd49 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 16:40:51 -0700 Subject: [PATCH 2/8] Confirm rng pointer is not NULL before dereferencing it in wc_rng_new_ex. Fixes F-3979. --- wolfcrypt/src/random.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 8635354550f..a75d3400e70 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -2175,6 +2175,10 @@ int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz, { int ret; + if (rng == NULL) { + return BAD_FUNC_ARG; + } + *rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG); if (*rng == NULL) { return MEMORY_E; From 47bebc64417f8f3ff3fc82c20486f3716b336778 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 16:51:14 -0700 Subject: [PATCH 3/8] Fix wc_tsip_MakeRsaKey ignoring errors and not freeing buffers in some error cases. Fixes F-4005. --- wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index eb1ca93d868..309b375c4ce 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -55,6 +55,7 @@ This code assumes at least one is enabled int wc_tsip_MakeRsaKey(int size, void* ctx) { e_tsip_err_t ret; + int wcRet = WC_HW_E; TsipUserCtx *info = (TsipUserCtx*)ctx; #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL; @@ -148,6 +149,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024; + wcRet = 0; #endif } else if (size == 2048) { @@ -191,13 +193,31 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048; + wcRet = 0; #endif } } + else { + /* hardware key generation failed; free the key pair buffer that + * was allocated above so it does not leak, and report the error */ + WOLFSSL_MSG_EX("TSIP RSA key generation failed: %d", ret); +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 + XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 + XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); +#endif + wcRet = WC_HW_E; + } tsip_hw_unlock(); } + else { + /* could not obtain the TSIP hardware lock */ + WOLFSSL_MSG_EX("TSIP hardware lock failed: %d", ret); + wcRet = WC_HW_E; + } - return 0; + return wcRet; } /* Generate TSIP key index if needed From 00c84ced250ef9dc0a8b415453638b1ac7bf2457 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 17:02:10 -0700 Subject: [PATCH 4/8] Confirm keys-params is not NULL before dereferencing in wc_XmssKey_GetPubLen. Fixes F-3980. --- wolfcrypt/src/wc_xmss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c index 576e109e701..9ad311d0bab 100644 --- a/wolfcrypt/src/wc_xmss.c +++ b/wolfcrypt/src/wc_xmss.c @@ -1575,7 +1575,7 @@ int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len) int ret = 0; /* Validate parameters. */ - if ((key == NULL) || (len == NULL)) { + if ((key == NULL) || (key->params == NULL) || (len == NULL)) { ret = BAD_FUNC_ARG; } else { From b2d5cbf6f1053fce167504c875430e6f3c5ba2d7 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 17:06:54 -0700 Subject: [PATCH 5/8] Reject auth tags below WOLFSSL_MIN_AUTH_TAG_SZ in the AES-EAX encrypt path. This matches AES-EAX decrypt behavior as well as other AES modes. Fixes F-3759. --- wolfcrypt/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index dccab8ff785..021b5f84c31 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -17556,7 +17556,7 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz) word32 i; if (eax == NULL || authTag == NULL || authTagSz == 0 || - authTagSz > WC_AES_BLOCK_SIZE) { + authTagSz > WC_AES_BLOCK_SIZE || authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { return BAD_FUNC_ARG; } From 8e268dee1311d009bfe14c7a40daa382f2b46fd6 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 17:12:49 -0700 Subject: [PATCH 6/8] Avoid suppressing error from Cy_Crypto_Core_Sha_Finish in wc_Sha512_224Final. Fixes F-4002. --- wolfcrypt/src/port/cypress/psoc6_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c index 325eeb42202..655e4c2be4e 100644 --- a/wolfcrypt/src/port/cypress/psoc6_crypto.c +++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c @@ -644,6 +644,9 @@ int wc_Sha512_224Final(wc_Sha512* sha, byte* hash) wolfSSL_CryptHwMutexUnLock(); } + if (ret != 0) + return ret; + /* Reset state */ return wc_InitSha512_224(sha); } From 147c8085626544ba285ac201215f83d499616fac Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 17:15:06 -0700 Subject: [PATCH 7/8] Change no_renegotiation alert to warning level to match RFC 5246 7.2.2. Fixes F-4113. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index a3be7ee4484..7b989d5da4a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18819,7 +18819,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.handShakeState == HANDSHAKE_DONE && type == client_hello && ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("Renegotiation request rejected"); - SendAlert(ssl, alert_fatal, no_renegotiation); + SendAlert(ssl, alert_warning, no_renegotiation); WOLFSSL_ERROR_VERBOSE(SECURE_RENEGOTIATION_E); return SECURE_RENEGOTIATION_E; } From 4a854b0a711b72561d625a1da2ed45f065781cca Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 8 Jun 2026 10:29:01 -0700 Subject: [PATCH 8/8] Add unit test for wc_AesEaxEncryptFinal authTagSz below minimum. --- tests/api/test_aes.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index b5f90a89ccc..65769d27db4 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -7730,6 +7730,15 @@ int test_wc_AesEaxStream(void) ExpectIntEQ(wc_AesEaxEncryptFinal(NULL, tagBuf, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* wc_AesEaxEncryptFinal authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ must be + * rejected, even on an otherwise valid context */ + ExpectIntEQ(wc_AesEaxInit(&eax, key1, sizeof(key1), + nonce1, sizeof(nonce1), NULL, 0), 0); + ExpectIntEQ(wc_AesEaxEncryptFinal(&eax, tagBuf, + WOLFSSL_MIN_AUTH_TAG_SZ - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxFree(&eax), 0); + /* wc_AesEaxDecryptFinal NULL eax */ ExpectIntEQ(wc_AesEaxDecryptFinal(NULL, tag1, sizeof(tag1)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));