Skip to content

Commit 685938c

Browse files
cconloncconlon
authored
Merge pull request #212 from rlm2002/fenrir
Fenrir fixes
2 parents 8c7a972 + 7cd266b commit 685938c

23 files changed

Lines changed: 386 additions & 196 deletions

jni/jni_aes.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
193193
if (!aes || !input || !output) {
194194
ret = BAD_FUNC_ARG; /* NULL sanitizers */
195195
}
196-
else if (offset < 0 || length < 0) {
196+
else if (offset < 0 || length < 0 || outputOffset < 0) {
197197
ret = BAD_FUNC_ARG; /* signed sanizizers */
198198
}
199199
else if (((jlong)offset + (jlong)length) >
@@ -205,11 +205,13 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
205205
ret = BUFFER_E; /* buffer overflow check */
206206
}
207207
else if (opmode == AES_ENCRYPTION) {
208-
ret = wc_AesCbcEncrypt(aes, output, input + offset, length);
208+
ret = wc_AesCbcEncrypt(aes, output + outputOffset,
209+
input + offset, length);
209210
LogStr("wc_AesCbcEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
210211
}
211212
else {
212-
ret = wc_AesCbcDecrypt(aes, output, input + offset, length);
213+
ret = wc_AesCbcDecrypt(aes, output + outputOffset,
214+
input + offset, length);
213215
LogStr("wc_AesCbcDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
214216
}
215217

@@ -223,8 +225,8 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
223225

224226
LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
225227
LogHex((byte*) input, offset, length);
226-
LogStr("output[%u]: [%p]\n", (word32)length, output);
227-
LogHex((byte*) output, 0, length);
228+
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
229+
LogHex((byte*) output, outputOffset, length);
228230
#else
229231
throwNotCompiledInException(env);
230232
ret = NOT_COMPILED_IN;

jni/jni_aesccm.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -383,7 +383,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmDecrypt
383383
}
384384

385385
if (out != NULL) {
386+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
387+
!defined(WOLFSSL_NO_FORCE_ZERO)
388+
wc_ForceZero(out, inLen);
389+
#else
386390
XMEMSET(out, 0, inLen);
391+
#endif
387392
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
388393
}
389394

jni/jni_aesctr.c

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal__Ljava_nio_ByteBuffer
193193
if (aes == NULL || input == NULL || output == NULL) {
194194
ret = BAD_FUNC_ARG;
195195
}
196-
else if (offset < 0 || length < 0) {
196+
else if (offset < 0 || length < 0 || outputOffset < 0) {
197197
ret = BAD_FUNC_ARG;
198198
}
199199
else if (((jlong)offset + (jlong)length) >
@@ -205,7 +205,8 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal__Ljava_nio_ByteBuffer
205205
ret = BUFFER_E; /* buffer overflow check */
206206
}
207207
else {
208-
ret = wc_AesCtrEncrypt(aes, output, input + offset, length);
208+
ret = wc_AesCtrEncrypt(aes, output + outputOffset,
209+
input + offset, length);
209210
LogStr("wc_AesCtrEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
210211
}
211212

jni/jni_aesecb.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -199,7 +199,7 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
199199
if (aes == NULL || input == NULL || output == NULL) {
200200
ret = BAD_FUNC_ARG;
201201
}
202-
else if (offset < 0 || length < 0) {
202+
else if (offset < 0 || length < 0 || outputOffset < 0) {
203203
ret = BAD_FUNC_ARG;
204204
}
205205
else if ((length % AES_BLOCK_SIZE) != 0) {
@@ -214,11 +214,13 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
214214
ret = BUFFER_E; /* buffer overflow check */
215215
}
216216
else if (opmode == AES_ENCRYPTION) {
217-
ret = wc_AesEcbEncrypt(aes, output, input + offset, length);
217+
ret = wc_AesEcbEncrypt(aes, output + outputOffset,
218+
input + offset, length);
218219
LogStr("wc_AesEcbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
219220
}
220221
else {
221-
ret = wc_AesEcbDecrypt(aes, output, input + offset, length);
222+
ret = wc_AesEcbDecrypt(aes, output + outputOffset,
223+
input + offset, length);
222224
LogStr("wc_AesEcbDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
223225
}
224226

@@ -232,8 +234,8 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
232234

233235
LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
234236
LogHex((byte*) input, offset, length);
235-
LogStr("output[%u]: [%p]\n", (word32)length, output);
236-
LogHex((byte*) output, 0, length);
237+
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
238+
LogHex((byte*) output, outputOffset, length);
237239
#else
238240
throwNotCompiledInException(env);
239241
ret = NOT_COMPILED_IN;

jni/jni_aesgcm.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -385,7 +385,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmDecrypt
385385
}
386386

387387
if (out != NULL) {
388+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
389+
!defined(WOLFSSL_NO_FORCE_ZERO)
390+
wc_ForceZero(out, inLen);
391+
#else
388392
XMEMSET(out, 0, inLen);
393+
#endif
389394
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
390395
}
391396

jni/jni_aesofb.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe
207207
if (aes == NULL || input == NULL || output == NULL) {
208208
ret = BAD_FUNC_ARG;
209209
}
210-
else if (offset < 0 || length < 0) {
210+
else if (offset < 0 || length < 0 || outputOffset < 0) {
211211
ret = BAD_FUNC_ARG;
212212
}
213213
else if (((jlong)offset + (jlong)length) >
@@ -219,17 +219,20 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe
219219
ret = BUFFER_E; /* buffer overflow check */
220220
}
221221
else if (opmode == AES_ENCRYPTION) {
222-
ret = wc_AesOfbEncrypt(aes, output, input + offset, length);
222+
ret = wc_AesOfbEncrypt(aes, output + outputOffset,
223+
input + offset, length);
223224
LogStr("wc_AesOfbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
224225
}
225226
else {
226227
#ifdef HAVE_AES_DECRYPT
227-
ret = wc_AesOfbDecrypt(aes, output, input + offset, length);
228+
ret = wc_AesOfbDecrypt(aes, output + outputOffset,
229+
input + offset, length);
228230
LogStr("wc_AesOfbDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
229231
#else
230232
/* If HAVE_AES_DECRYPT not defined, fall back to encrypt
231233
* (OFB mode uses same operation for both) */
232-
ret = wc_AesOfbEncrypt(aes, output, input + offset, length);
234+
ret = wc_AesOfbEncrypt(aes, output + outputOffset,
235+
input + offset, length);
233236
LogStr("wc_AesOfbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
234237
#endif
235238
}
@@ -244,8 +247,8 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe
244247

245248
LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
246249
LogHex((byte*) input, offset, length);
247-
LogStr("output[%u]: [%p]\n", (word32)length, output);
248-
LogHex((byte*) output, 0, length);
250+
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
251+
LogHex((byte*) output, outputOffset, length);
249252
#else
250253
throwNotCompiledInException(env);
251254
ret = NOT_COMPILED_IN;

jni/jni_asn.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,12 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Asn_getPkcs8AlgoID
147147
}
148148

149149
if (p8Copy != NULL) {
150+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
151+
!defined(WOLFSSL_NO_FORCE_ZERO)
152+
wc_ForceZero(p8Copy, p8Len);
153+
#else
150154
XMEMSET(p8Copy, 0, p8Len);
155+
#endif
151156
XFREE(p8Copy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
152157
}
153158

@@ -158,14 +163,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Asn_getPkcs8AlgoID
158163
if (ret == 0) {
159164
ret = (int)algoId;
160165
}
166+
else {
167+
throwWolfCryptExceptionFromError(env, ret);
168+
}
161169

162170
return (jint)ret;
163171

164172
#else
165173
(void)env;
166174
(void)class;
167175
(void)pkcs8Der;
168-
return (jint)NOT_COMPILED_IN;
176+
throwNotCompiledInException(env);
177+
return 0;
169178
#endif
170179
}
171180

jni/jni_des3.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_
187187
if (!des || !input || !output) {
188188
ret = BAD_FUNC_ARG; /* NULL sanitizers */
189189
}
190-
else if (offset < 0 || length < 0) {
190+
else if (offset < 0 || length < 0 || outputOffset < 0) {
191191
ret = BAD_FUNC_ARG; /* signed sanizizers */
192192
}
193193
else if (((jlong)offset + (jlong)length) >
@@ -199,11 +199,13 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_
199199
ret = BUFFER_E; /* buffer overflow check */
200200
}
201201
else if (opmode == DES_ENCRYPTION) {
202-
ret = wc_Des3_CbcEncrypt(des, output, input + offset, length);
202+
ret = wc_Des3_CbcEncrypt(des, output + outputOffset,
203+
input + offset, length);
203204
LogStr("wc_Des3CbcEncrypt(des=%p, out, in, inSz) = %d\n", des, ret);
204205
}
205206
else {
206-
ret = wc_Des3_CbcDecrypt(des, output, input + offset, length);
207+
ret = wc_Des3_CbcDecrypt(des, output + outputOffset,
208+
input + offset, length);
207209
LogStr("wc_Des3CbcDecrypt(des=%p, out, in, inSz) = %d\n", des, ret);
208210
}
209211

@@ -217,8 +219,8 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_
217219

218220
LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
219221
LogHex((byte*) input, offset, length);
220-
LogStr("output[%u]: [%p]\n", (word32)length, output);
221-
LogHex((byte*) output, 0, length);
222+
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
223+
LogHex((byte*) output, outputOffset, length);
222224
#else
223225
throwNotCompiledInException(env);
224226
#endif

jni/jni_dh.c

Lines changed: 64 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,6 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
190190
word32 pubSz = size;
191191
int lBitPriv = 0, lBitPub = 0;
192192
byte lBit[1] = { 0x00 };
193-
int exceptionThrown = 0;
194193

195194
key = (DhKey*) getNativeStruct(env, this);
196195
if ((*env)->ExceptionOccurred(env)) {
@@ -245,44 +244,47 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
245244
}
246245

247246
jbyteArray privateKey = (*env)->NewByteArray(env, lBitPriv + privSz);
248-
jbyteArray publicKey = (*env)->NewByteArray(env, lBitPub + pubSz);
247+
jbyteArray publicKey = NULL;
248+
if (!privateKey) {
249+
(*env)->ExceptionClear(env);
250+
throwOutOfMemoryException(env, "Failed to allocate privateKey");
251+
}
252+
253+
if (!(*env)->ExceptionOccurred(env)) {
254+
publicKey = (*env)->NewByteArray(env, lBitPub + pubSz);
255+
if (!publicKey) {
256+
(*env)->ExceptionClear(env);
257+
throwOutOfMemoryException(env, "Failed to allocate publicKey");
258+
}
259+
}
249260

250-
if (privateKey) {
261+
if (!(*env)->ExceptionOccurred(env)) {
251262
if (lBitPriv) {
252263
(*env)->SetByteArrayRegion(env, privateKey, 0, 1,
253-
(const jbyte*)lBit);
264+
(const jbyte*)lBit);
254265
(*env)->SetByteArrayRegion(env, privateKey, 1, privSz,
255-
(const jbyte*)priv);
256-
} else {
266+
(const jbyte*)priv);
267+
}
268+
else {
257269
(*env)->SetByteArrayRegion(env, privateKey, 0, privSz,
258-
(const jbyte*)priv);
270+
(const jbyte*)priv);
259271
}
260-
261272
setByteArrayMember(env, this, "privateKey", privateKey);
262-
if ((*env)->ExceptionOccurred(env)) {
263-
/* if exception raised, skip any additional JNI functions */
264-
exceptionThrown = 1;
265-
}
266-
267-
} else {
268-
throwWolfCryptException(env, "Failed to allocate privateKey");
269-
exceptionThrown = 1;
270273
}
271274

272-
if (publicKey && (exceptionThrown == 0)) {
275+
/* if exception raised, skip any additional JNI functions */
276+
if (!(*env)->ExceptionOccurred(env)) {
273277
if (lBitPub) {
274-
(*env)->SetByteArrayRegion(env, publicKey, 0, 1,
275-
(const jbyte*)lBit);
276-
(*env)->SetByteArrayRegion(env, publicKey, 1, pubSz,
277-
(const jbyte*)pub);
278-
} else {
279-
(*env)->SetByteArrayRegion(env, publicKey, 0, pubSz,
280-
(const jbyte*)pub);
278+
(*env)->SetByteArrayRegion(env, publicKey, 0,
279+
1, (const jbyte*)lBit);
280+
(*env)->SetByteArrayRegion(env, publicKey, 1,
281+
pubSz, (const jbyte*)pub);
282+
}
283+
else {
284+
(*env)->SetByteArrayRegion(env, publicKey, 0,
285+
pubSz, (const jbyte*)pub);
281286
}
282-
283287
setByteArrayMember(env, this, "publicKey", publicKey);
284-
} else {
285-
throwWolfCryptException(env, "Failed to allocate publicKey");
286288
}
287289
} else {
288290
throwWolfCryptExceptionFromError(env, ret);
@@ -296,11 +298,21 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
296298
LogHex(pub, 0, pubSz);
297299

298300
if (priv != NULL) {
301+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
302+
!defined(WOLFSSL_NO_FORCE_ZERO)
303+
wc_ForceZero(priv, privSz);
304+
#else
299305
XMEMSET(priv, 0, privSz);
306+
#endif
300307
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
301308
}
302309
if (pub != NULL) {
310+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
311+
!defined(WOLFSSL_NO_FORCE_ZERO)
312+
wc_ForceZero(pub, pubSz);
313+
#else
303314
XMEMSET(pub, 0, pubSz);
315+
#endif
304316
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
305317
}
306318
#else
@@ -417,7 +429,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhAgree(
417429
LogHex(secret, 0, secretSz);
418430

419431
if (secret != NULL) {
432+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
433+
!defined(WOLFSSL_NO_FORCE_ZERO)
434+
wc_ForceZero(secret, secretSz);
435+
#else
420436
XMEMSET(secret, 0, secretSz);
437+
#endif
421438
XFREE(secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
422439
}
423440

@@ -856,7 +873,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhExportKeyPair(
856873

857874
pub = (byte*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
858875
if (pub == NULL) {
876+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
877+
!defined(WOLFSSL_NO_FORCE_ZERO)
878+
wc_ForceZero(priv, privSz);
879+
#else
859880
XMEMSET(priv, 0, privSz);
881+
#endif
860882
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
861883
throwOutOfMemoryException(env, "Failed to allocate public key buffer");
862884
return NULL;
@@ -902,11 +924,21 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhExportKeyPair(
902924

903925
/* Clean up */
904926
if (priv != NULL) {
927+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
928+
!defined(WOLFSSL_NO_FORCE_ZERO)
929+
wc_ForceZero(priv, privSz);
930+
#else
905931
XMEMSET(priv, 0, privSz);
932+
#endif
906933
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
907934
}
908935
if (pub != NULL) {
936+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
937+
!defined(WOLFSSL_NO_FORCE_ZERO)
938+
wc_ForceZero(pub, pubSz);
939+
#else
909940
XMEMSET(pub, 0, pubSz);
941+
#endif
910942
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
911943
}
912944

@@ -1187,7 +1219,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhPrivateKeyEncode(
11871219

11881220
/* Clean up */
11891221
if (der != NULL) {
1222+
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
1223+
!defined(WOLFSSL_NO_FORCE_ZERO)
1224+
wc_ForceZero(der, derSz);
1225+
#else
11901226
XMEMSET(der, 0, derSz);
1227+
#endif
11911228
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
11921229
}
11931230

0 commit comments

Comments
 (0)