Skip to content

Fenrir fixes #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cconlon merged 14 commits into from
Apr 29, 2026
Merged

Fenrir fixes #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
bfaa5eb
JNI: zero with wc_ForceZero() when possible on sensitive heap buffers
rlm2002 Apr 23, 2026
504d499
JNI: reference saltBuf rather than salt in #else (void) call
rlm2002 Apr 24, 2026
e10a7d8
JNI: release name string on error before returning NULL
rlm2002 Apr 24, 2026
596fa9f
JCE: zero WolfCryptCipher encodedKey buffers after use
rlm2002 Apr 24, 2026
2e51748
JCE: zero WolfCryptMac.engineInit encodedKey buffer after use
rlm2002 Apr 24, 2026
570faa4
JCE: zero WolfCryptSignature PKCS8 private key buffer after use
rlm2002 Apr 24, 2026
dc3d7a6
JCE: zero WolfSSLKeyStore PKCS8 private key buffer after native check
rlm2002 Apr 24, 2026
dae76c5
JCE: zero encodedKey buffer in DH/EC/RSA Key Factories before returning
rlm2002 Apr 24, 2026
bbc9478
JNI: clarify exception thrown when privateKey handling fails in DhGen…
rlm2002 Apr 24, 2026
a034cf7
JNI: utilize outputOffset when writing data to output buffer
rlm2002 Apr 27, 2026
90cc4ca
JNI: throw Exception instead of error value when error encountered
rlm2002 Apr 27, 2026
aef00fa
JCE: catch WolfCryptException, throw new UnrecoverableKeyException
rlm2002 Apr 27, 2026
ae161c7
JCE: zero privKeyBytes buffer before leaking wolfCryptInitPrivateKey
rlm2002 Apr 27, 2026
7cd266b
JCE: Zero copy of buffers before returning
rlm2002 Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 7 additions & 5 deletions jni/jni_aes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
if (!aes || !input || !output) {
ret = BAD_FUNC_ARG; /* NULL sanitizers */
}
else if (offset < 0 || length < 0) {
else if (offset < 0 || length < 0 || outputOffset < 0) {
ret = BAD_FUNC_ARG; /* signed sanizizers */
}
else if (((jlong)offset + (jlong)length) >
Expand All @@ -205,11 +205,13 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2
ret = BUFFER_E; /* buffer overflow check */
}
else if (opmode == AES_ENCRYPTION) {
ret = wc_AesCbcEncrypt(aes, output, input + offset, length);
ret = wc_AesCbcEncrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesCbcEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}
else {
ret = wc_AesCbcDecrypt(aes, output, input + offset, length);
ret = wc_AesCbcDecrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesCbcDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}

Expand All @@ -223,8 +225,8 @@ Java_com_wolfssl_wolfcrypt_Aes_native_1update_1internal__ILjava_nio_ByteBuffer_2

LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
LogHex((byte*) input, offset, length);
LogStr("output[%u]: [%p]\n", (word32)length, output);
LogHex((byte*) output, 0, length);
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
LogHex((byte*) output, outputOffset, length);
#else
throwNotCompiledInException(env);
ret = NOT_COMPILED_IN;
Expand Down
5 changes: 5 additions & 0 deletions jni/jni_aesccm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmDecrypt
}

if (out != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(out, inLen);
#else
XMEMSET(out, 0, inLen);
#endif
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand Down
5 changes: 3 additions & 2 deletions jni/jni_aesctr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal__Ljava_nio_ByteBuffer
if (aes == NULL || input == NULL || output == NULL) {
ret = BAD_FUNC_ARG;
}
else if (offset < 0 || length < 0) {
else if (offset < 0 || length < 0 || outputOffset < 0) {
ret = BAD_FUNC_ARG;
}
else if (((jlong)offset + (jlong)length) >
Expand All @@ -205,7 +205,8 @@ Java_com_wolfssl_wolfcrypt_AesCtr_native_1update_1internal__Ljava_nio_ByteBuffer
ret = BUFFER_E; /* buffer overflow check */
}
else {
ret = wc_AesCtrEncrypt(aes, output, input + offset, length);
ret = wc_AesCtrEncrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesCtrEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}

Expand Down
12 changes: 7 additions & 5 deletions jni/jni_aesecb.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
if (aes == NULL || input == NULL || output == NULL) {
ret = BAD_FUNC_ARG;
}
else if (offset < 0 || length < 0) {
else if (offset < 0 || length < 0 || outputOffset < 0) {
ret = BAD_FUNC_ARG;
}
else if ((length % AES_BLOCK_SIZE) != 0) {
Expand All @@ -214,11 +214,13 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe
ret = BUFFER_E; /* buffer overflow check */
}
else if (opmode == AES_ENCRYPTION) {
ret = wc_AesEcbEncrypt(aes, output, input + offset, length);
ret = wc_AesEcbEncrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesEcbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}
else {
ret = wc_AesEcbDecrypt(aes, output, input + offset, length);
ret = wc_AesEcbDecrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesEcbDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}

Expand All @@ -232,8 +234,8 @@ Java_com_wolfssl_wolfcrypt_AesEcb_native_1update_1internal__ILjava_nio_ByteBuffe

LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
LogHex((byte*) input, offset, length);
LogStr("output[%u]: [%p]\n", (word32)length, output);
LogHex((byte*) output, 0, length);
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
LogHex((byte*) output, outputOffset, length);
#else
throwNotCompiledInException(env);
ret = NOT_COMPILED_IN;
Expand Down
5 changes: 5 additions & 0 deletions jni/jni_aesgcm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -385,7 +385,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmDecrypt
}

if (out != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(out, inLen);
#else
XMEMSET(out, 0, inLen);
#endif
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand Down
15 changes: 9 additions & 6 deletions jni/jni_aesofb.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe
if (aes == NULL || input == NULL || output == NULL) {
ret = BAD_FUNC_ARG;
}
else if (offset < 0 || length < 0) {
else if (offset < 0 || length < 0 || outputOffset < 0) {
ret = BAD_FUNC_ARG;
}
else if (((jlong)offset + (jlong)length) >
Expand All @@ -219,17 +219,20 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe
ret = BUFFER_E; /* buffer overflow check */
}
else if (opmode == AES_ENCRYPTION) {
ret = wc_AesOfbEncrypt(aes, output, input + offset, length);
ret = wc_AesOfbEncrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesOfbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
}
else {
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(aes, output, input + offset, length);
ret = wc_AesOfbDecrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesOfbDecrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
#else
/* If HAVE_AES_DECRYPT not defined, fall back to encrypt
* (OFB mode uses same operation for both) */
ret = wc_AesOfbEncrypt(aes, output, input + offset, length);
ret = wc_AesOfbEncrypt(aes, output + outputOffset,
input + offset, length);
LogStr("wc_AesOfbEncrypt(aes=%p, out, in, inSz) = %d\n", aes, ret);
#endif
}
Expand All @@ -244,8 +247,8 @@ Java_com_wolfssl_wolfcrypt_AesOfb_native_1update_1internal__ILjava_nio_ByteBuffe

LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
LogHex((byte*) input, offset, length);
LogStr("output[%u]: [%p]\n", (word32)length, output);
LogHex((byte*) output, 0, length);
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
LogHex((byte*) output, outputOffset, length);
#else
throwNotCompiledInException(env);
ret = NOT_COMPILED_IN;
Expand Down
11 changes: 10 additions & 1 deletion jni/jni_asn.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,12 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Asn_getPkcs8AlgoID
}

if (p8Copy != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(p8Copy, p8Len);
#else
XMEMSET(p8Copy, 0, p8Len);
#endif
XFREE(p8Copy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand All @@ -158,14 +163,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Asn_getPkcs8AlgoID
if (ret == 0) {
ret = (int)algoId;
}
else {
throwWolfCryptExceptionFromError(env, ret);
}

return (jint)ret;

#else
(void)env;
(void)class;
(void)pkcs8Der;
return (jint)NOT_COMPILED_IN;
throwNotCompiledInException(env);
return 0;
#endif
}

Expand Down
12 changes: 7 additions & 5 deletions jni/jni_des3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_
if (!des || !input || !output) {
ret = BAD_FUNC_ARG; /* NULL sanitizers */
}
else if (offset < 0 || length < 0) {
else if (offset < 0 || length < 0 || outputOffset < 0) {
ret = BAD_FUNC_ARG; /* signed sanizizers */
}
else if (((jlong)offset + (jlong)length) >
Expand All @@ -199,11 +199,13 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_
ret = BUFFER_E; /* buffer overflow check */
}
else if (opmode == DES_ENCRYPTION) {
ret = wc_Des3_CbcEncrypt(des, output, input + offset, length);
ret = wc_Des3_CbcEncrypt(des, output + outputOffset,
input + offset, length);
LogStr("wc_Des3CbcEncrypt(des=%p, out, in, inSz) = %d\n", des, ret);
}
else {
ret = wc_Des3_CbcDecrypt(des, output, input + offset, length);
ret = wc_Des3_CbcDecrypt(des, output + outputOffset,
input + offset, length);
LogStr("wc_Des3CbcDecrypt(des=%p, out, in, inSz) = %d\n", des, ret);
}

Expand All @@ -217,8 +219,8 @@ Java_com_wolfssl_wolfcrypt_Des3_native_1update_1internal__ILjava_nio_ByteBuffer_

LogStr("input[%u]: [%p]\n", (word32)length, input + offset);
LogHex((byte*) input, offset, length);
LogStr("output[%u]: [%p]\n", (word32)length, output);
LogHex((byte*) output, 0, length);
LogStr("output[%u]: [%p]\n", (word32)length, output + outputOffset);
LogHex((byte*) output, outputOffset, length);
#else
throwNotCompiledInException(env);
#endif
Expand Down
91 changes: 64 additions & 27 deletions jni/jni_dh.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,6 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
word32 pubSz = size;
int lBitPriv = 0, lBitPub = 0;
byte lBit[1] = { 0x00 };
int exceptionThrown = 0;

key = (DhKey*) getNativeStruct(env, this);
if ((*env)->ExceptionOccurred(env)) {
Expand Down Expand Up @@ -245,44 +244,47 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
}

jbyteArray privateKey = (*env)->NewByteArray(env, lBitPriv + privSz);
jbyteArray publicKey = (*env)->NewByteArray(env, lBitPub + pubSz);
jbyteArray publicKey = NULL;
if (!privateKey) {
(*env)->ExceptionClear(env);
throwOutOfMemoryException(env, "Failed to allocate privateKey");
}

if (!(*env)->ExceptionOccurred(env)) {
publicKey = (*env)->NewByteArray(env, lBitPub + pubSz);
if (!publicKey) {
(*env)->ExceptionClear(env);
throwOutOfMemoryException(env, "Failed to allocate publicKey");
}
}
Comment thread
rlm2002 marked this conversation as resolved.

if (privateKey) {
if (!(*env)->ExceptionOccurred(env)) {
if (lBitPriv) {
(*env)->SetByteArrayRegion(env, privateKey, 0, 1,
(const jbyte*)lBit);
(const jbyte*)lBit);
(*env)->SetByteArrayRegion(env, privateKey, 1, privSz,
(const jbyte*)priv);
} else {
(const jbyte*)priv);
}
else {
(*env)->SetByteArrayRegion(env, privateKey, 0, privSz,
(const jbyte*)priv);
(const jbyte*)priv);
}

setByteArrayMember(env, this, "privateKey", privateKey);
if ((*env)->ExceptionOccurred(env)) {
/* if exception raised, skip any additional JNI functions */
exceptionThrown = 1;
}

} else {
throwWolfCryptException(env, "Failed to allocate privateKey");
exceptionThrown = 1;
}

if (publicKey && (exceptionThrown == 0)) {
/* if exception raised, skip any additional JNI functions */
if (!(*env)->ExceptionOccurred(env)) {
if (lBitPub) {
(*env)->SetByteArrayRegion(env, publicKey, 0, 1,
(const jbyte*)lBit);
(*env)->SetByteArrayRegion(env, publicKey, 1, pubSz,
(const jbyte*)pub);
} else {
(*env)->SetByteArrayRegion(env, publicKey, 0, pubSz,
(const jbyte*)pub);
(*env)->SetByteArrayRegion(env, publicKey, 0,
1, (const jbyte*)lBit);
(*env)->SetByteArrayRegion(env, publicKey, 1,
pubSz, (const jbyte*)pub);
}
else {
(*env)->SetByteArrayRegion(env, publicKey, 0,
pubSz, (const jbyte*)pub);
}

setByteArrayMember(env, this, "publicKey", publicKey);
} else {
throwWolfCryptException(env, "Failed to allocate publicKey");
}
} else {
throwWolfCryptExceptionFromError(env, ret);
Expand All @@ -296,11 +298,21 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhGenerateKeyPair(
LogHex(pub, 0, pubSz);

if (priv != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(priv, privSz);
#else
XMEMSET(priv, 0, privSz);
#endif
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pub != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(pub, pubSz);
#else
XMEMSET(pub, 0, pubSz);
#endif
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
Expand Down Expand Up @@ -417,7 +429,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhAgree(
LogHex(secret, 0, secretSz);

if (secret != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(secret, secretSz);
#else
XMEMSET(secret, 0, secretSz);
#endif
XFREE(secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand Down Expand Up @@ -856,7 +873,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhExportKeyPair(

pub = (byte*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(priv, privSz);
#else
XMEMSET(priv, 0, privSz);
#endif
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
throwOutOfMemoryException(env, "Failed to allocate public key buffer");
return NULL;
Expand Down Expand Up @@ -902,11 +924,21 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhExportKeyPair(

/* Clean up */
if (priv != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(priv, privSz);
#else
XMEMSET(priv, 0, privSz);
#endif
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pub != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(pub, pubSz);
#else
XMEMSET(pub, 0, pubSz);
#endif
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand Down Expand Up @@ -1187,7 +1219,12 @@ Java_com_wolfssl_wolfcrypt_Dh_wc_1DhPrivateKeyEncode(

/* Clean up */
if (der != NULL) {
#if (LIBWOLFSSL_VERSION_HEX >= 0x05008004) && \
!defined(WOLFSSL_NO_FORCE_ZERO)
wc_ForceZero(der, derSz);
#else
XMEMSET(der, 0, derSz);
#endif
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

Expand Down
Loading
Loading