Merge pull request #206 from cconlon/fenrir323

Fenrir fixes

Author: rlm2002

IDE/Android/app/src/main/cpp/CMakeLists.txt

@@ -279,6 +279,7 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
         list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/evp.c)
         list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/evp_pk.c)
         list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/misc.c)
+        list(REMOVE_ITEM CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/asn_orig.c)
 
 elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
         # FIPS Ready needs to explicitly order files for in-core integrity check to work properly.

IDE/WIN/wolfcryptjni.vcxproj

@@ -71,6 +71,7 @@
     <ClInclude Include="..\..\jni\include\wolfcrypt_jni_debug.h" />
     <ClInclude Include="..\..\jni\include\wolfcrypt_jni_error.h" />
     <ClInclude Include="..\..\jni\include\wolfcrypt_jni_NativeStruct.h" />
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_util.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\..\jni\jni_aes.c" />

IDE/WIN/wolfcryptjni.vcxproj.filters

@@ -120,6 +120,9 @@
     <ClInclude Include="..\..\jni\include\wolfcrypt_jni_NativeStruct.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\jni\include\wolfcrypt_jni_util.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\..\jni\jni_aes.c">

jni/include/com_wolfssl_wolfcrypt_Rsa.h

@@ -0,0 +1,48 @@
+/* wolfcrypt_jni_util.h
+ *
+ * Copyright (C) 2006-2026 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _Included_wolfcrypt_jni_util
+#define _Included_wolfcrypt_jni_util
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* check all length bytes for equality, return 0 on success */
+static WC_INLINE int JNIConstantCompare(const byte* a, const byte* b,
+    int length)
+{
+    int i;
+    int compareSum = 0;
+
+    for (i = 0; i < length; i++) {
+        compareSum |= a[i] ^ b[i];
+    }
+
+    return compareSum;
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif

jni/include/wolfcrypt_jni_util.h

@@ -128,11 +128,11 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__I_3BII_3BI(
     }
     else if (length == 0) {
         ret = 0;
-    } else if ((word32)(offset + length) >
+    } else if (((jlong)offset + (jlong)length) >
              getByteArrayLength(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getByteArrayLength(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
@@ -196,11 +196,11 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
     else if (offset < 0 || length < 0) {
         ret = BAD_FUNC_ARG; /* signed sanizizers */
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
              getDirectBufferLimit(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getDirectBufferLimit(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }

jni/jni_aes.c

@@ -183,7 +183,7 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_AesCmac_wc_1CmacUpdate___3BII(
 
     /* Validate bounds to prevent buffer overflow */
     if (!cmac || !data || offset < 0 || length < 0 ||
-        (word32)(offset + length) > dataSz) {
+        ((jlong)offset + (jlong)length) > dataSz) {
         ret = BAD_FUNC_ARG;
     } else {
         ret = wc_CmacUpdate(cmac, data + offset, length);
@@ -222,7 +222,7 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_AesCmac_wc_1CmacUpdate__Ljava_
 
     /* Validate bounds to prevent buffer overflow */
     if (!cmac || !data || offset < 0 || length < 0 ||
-        (word32)(offset + length) > bufferLimit) {
+        ((jlong)offset + (jlong)length) > bufferLimit) {
         ret = BAD_FUNC_ARG;
     } else {
         ret = wc_CmacUpdate(cmac, data + offset, length);

jni/jni_aescmac.c

@@ -133,11 +133,11 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal___3BII_3BI(
     else if (length == 0) {
         ret = 0;
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
              getByteArrayLength(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getByteArrayLength(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
@@ -196,11 +196,11 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal__Ljava_nio_ByteBuffer
     else if (offset < 0 || length < 0) {
         ret = BAD_FUNC_ARG;
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
              getDirectBufferLimit(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getDirectBufferLimit(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }

jni/jni_aesctr.c

@@ -161,11 +161,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_AesCts_native_1update_1interna
         /* CTS requires at least one block of input */
         ret = BUFFER_E;
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
         getByteArrayLength(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
         getByteArrayLength(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
@@ -273,11 +273,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_AesCts_native_1update_1interna
         /* CTS requires at least one block of input */
         ret = BUFFER_E;
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
         getDirectBufferLimit(env, input_object)) {
         ret = BUFFER_E;
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
         getDirectBufferLimit(env, output_object)) {
         ret = BUFFER_E;
     }

jni/jni_aescts.c

@@ -134,11 +134,11 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__I_3BII_3BI(
     else if ((length % AES_BLOCK_SIZE) != 0) {
         ret = BAD_FUNC_ARG; /* ECB requires block-aligned data */
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
              getByteArrayLength(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getByteArrayLength(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
@@ -205,11 +205,11 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
     else if ((length % AES_BLOCK_SIZE) != 0) {
         ret = BAD_FUNC_ARG; /* ECB requires block-aligned data */
     }
-    else if ((word32)(offset + length) >
+    else if (((jlong)offset + (jlong)length) >
              getDirectBufferLimit(env, input_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }
-    else if ((word32)(outputOffset + length) >
+    else if (((jlong)outputOffset + (jlong)length) >
              getDirectBufferLimit(env, output_object)) {
         ret = BUFFER_E; /* buffer overflow check */
     }