Adding Null Checks, and RNG Health Test for HW

wolfSSL · Aug 5, 2024 · d35b054 · d35b054
1 parent 2b77227
commit d35b054
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 13 deletions.
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
@@ -5408,16 +5408,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         int status;
         byte *iv;
 
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
         if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
         }
-#endif
-        if (sz == 0)
+        #endif
+        if (sz == 0) {
             return 0;
+        }
 
         iv = (byte*)aes->reg;
-
         status = wc_AesGetKeySize(aes, &keySize);
         if (status != 0) {
             return status;
@@ -5426,12 +5433,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key,
                                         MXC_TPU_MODE_CBC, sz, out,
                                         (unsigned int)keySize);
-
         /* store iv for next call */
         if (status == 0) {
             XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
         }
-
         return (status == 0) ? 0 : -1;
     }
 
@@ -5443,34 +5448,38 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         byte *iv;
         byte temp_block[AES_BLOCK_SIZE];
 
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
         if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
         }
-#endif
-        if (sz == 0)
+        #endif
+        if (sz == 0) {
             return 0;
+        }
 
         iv = (byte*)aes->reg;
-
         status = wc_AesGetKeySize(aes, &keySize);
         if (status != 0) {
             return status;
         }
 
         /* get IV for next call */
         XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
         status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key,
                                         MXC_TPU_MODE_CBC, sz, out,
                                         keySize);
 
-
         /* store iv for next call */
         if (status == 0) {
             XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
         }
-
         return (status == 0) ? 0 : -1;
     }
     #endif /* HAVE_AES_DECRYPT */

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
@@ -3839,7 +3839,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 #elif defined(MAX3266X_RNG)
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
+        static int initDone = 0;
         (void)os;
+        if (initDone == 0) {
+            if(MXC_TRNG_HealthTest() != 0) {
+                return WC_HW_E;
+            }
+            initDone = 1;
+        }
         return wc_MXC_TRNG_Random(output, sz);
     }