wolfcrypt/src/pwdbased.c:

* fix typography of wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() (peer review).
* refactor overflow prevention in wc_PKCS12_PBKDF_ex() to use WC_SAFE_SUM_UNSIGNED().

wolfcrypt/test/test.c: in pwdbased_test(), omit "INT_MAX MAC iterations" test if WOLFSSL_NO_MALLOC (uses wc_PKCS12_new_ex()).

Author: douzzer

wolfcrypt/src/pwdbased.c

@@ -56,7 +56,8 @@
 
 static int current_wc_pbkdf_max_iterations = WC_PBKDF_DEFAULT_MAX_ITERATIONS;
 
-int wc_PBKDF_max_iterations_set(int iters) {
+int wc_PBKDF_max_iterations_set(int iters)
+{
     if (iters <= 0)
         return BAD_FUNC_ARG;
     else {
@@ -66,7 +67,8 @@ int wc_PBKDF_max_iterations_set(int iters) {
     }
 }
 
-int wc_PBKDF_max_iterations_get(void) {
+int wc_PBKDF_max_iterations_get(void)
+{
     return current_wc_pbkdf_max_iterations;
 }
 
@@ -475,22 +477,17 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
      * must be 1 or greater here and is always 'true' */
     pLen = v * (((word32)passLen + v - 1) / v);
 
-    /* Guard against overflow in iLen = sLen + pLen and totalLen = dLen + iLen.
-     * Individual sLen/pLen values fit in word32 (max 0x80000000 for INT_MAX
-     * inputs), but their sum can overflow. */
-    if (sLen > 0xFFFFFFFFU - pLen) {
+    if (! WC_SAFE_SUM_UNSIGNED(word32, sLen, pLen, iLen)) {
         WC_FREE_VAR_EX(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
         WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
         return BAD_FUNC_ARG;
     }
-    iLen = sLen + pLen;
 
-    if (iLen > 0xFFFFFFFFU - dLen) {
+    if (! WC_SAFE_SUM_UNSIGNED(word32, dLen, sLen, totalLen)) {
         WC_FREE_VAR_EX(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
         WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
         return BAD_FUNC_ARG;
     }
-    totalLen = dLen + sLen + pLen;
 
     if (totalLen > sizeof(staticBuffer)) {
         buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY);
@@ -694,19 +691,14 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
     /* RFC 7292 B.2 step 3: P = password repeated to ceil(passLen/v)*v bytes */
     pLen = v * (((word32)passLen + v - 1) / v);
 
-    /* Guard against overflow in iLen = sLen + pLen and totalLen = v + iLen.
-     * Individual sLen/pLen values fit in word32 (max 0x80000000 for INT_MAX
-     * inputs), but their sum can overflow. */
-    if (sLen > 0xFFFFFFFFU - pLen) {
+    /* RFC 7292 B.2 step 4: I = S || P */
+    if (! WC_SAFE_SUM_UNSIGNED(word32, sLen, pLen, iLen)) {
         return BAD_FUNC_ARG;
     }
-    /* RFC 7292 B.2 step 4: I = S || P */
-    iLen = sLen + pLen;
 
-    if (iLen > 0xFFFFFFFFU - v) {
+    if (! WC_SAFE_SUM_UNSIGNED(word32, v, iLen, totalLen)) {
         return BAD_FUNC_ARG;
     }
-    totalLen = v + iLen;
 
     nwc     = v / (word32)sizeof(PKCS12_WORD);
     nBlocks = iLen / v;

wolfcrypt/test/test.c

@@ -31964,7 +31964,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
         return ret;
 #endif
 #if defined(HAVE_PKCS12) && !defined(NO_ASN) && !defined(NO_PWDBASED) && \
-    !defined(NO_HMAC) && !defined(NO_CERTS)
+    !defined(NO_HMAC) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_MALLOC)
     /* Test that a crafted PKCS#12 with INT_MAX MAC iterations is rejected
      * immediately rather than hanging in DoPKCS12Hash(). */
     {
@@ -32009,7 +32009,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
         }
         ret = 0;
     }
-#endif /* HAVE_PKCS12 && !NO_ASN && !NO_PWDBASED && !NO_HMAC && !NO_CERTS */
+#endif /* HAVE_PKCS12 && !NO_ASN && !NO_PWDBASED && !NO_HMAC && !NO_CERTS && */
+       /* !WOLFSSL_NO_MALLOC                                                 */
 #ifdef HAVE_SCRYPT
     ret = scrypt_test();
     if (ret != 0)