diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index e82c6f6ac32..61f7aacd632 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1954,12 +1954,17 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) int _wc_Hash_Grow(byte** msg, word32* used, word32* len, const byte* in, int inSz, void* heap) { - if (*len < *used + inSz) { + word32 usedSz = 0; + + if (inSz <= 0 || !WC_SAFE_SUM_WORD32(*used, (word32)inSz, usedSz)) + return BAD_FUNC_ARG; + + if (*len < usedSz) { if (*msg == NULL) { - *msg = (byte*)XMALLOC(*used + inSz, heap, DYNAMIC_TYPE_TMP_BUFFER); + *msg = (byte*)XMALLOC(usedSz, heap, DYNAMIC_TYPE_TMP_BUFFER); } else { - byte* pt = (byte*)XREALLOC(*msg, *used + inSz, heap, + byte* pt = (byte*)XREALLOC(*msg, usedSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt == NULL) { return MEMORY_E; @@ -1969,7 +1974,7 @@ int _wc_Hash_Grow(byte** msg, word32* used, word32* len, const byte* in, if (*msg == NULL) { return MEMORY_E; } - *len = *used + inSz; + *len = usedSz; } XMEMCPY(*msg + *used, in, inSz); *used += inSz; diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index 2532dd5fb2c..e244ea35a95 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -266,25 +266,30 @@ int se050_hash_copy(SE050_HASH_Context* src, SE050_HASH_Context* dst) int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len) { - byte* tmp = NULL; + byte* tmp = NULL; + word32 usedSz = 0; - if (se050Ctx == NULL || (len > 0 && data == NULL)) { + if (se050Ctx == NULL || (len > 0 && data == NULL) || (len == 0) || + !WC_SAFE_SUM_WORD32(se050Ctx->used, len, usedSz)) { return BAD_FUNC_ARG; } - if (se050Ctx->len < se050Ctx->used + len) { + if (se050Ctx->len < usedSz) { if (se050Ctx->msg == NULL) { - se050Ctx->msg = (byte*)XMALLOC(se050Ctx->used + len, + se050Ctx->msg = (byte*)XMALLOC(usedSz, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XMEMSET(se050Ctx->msg, 0, se050Ctx->used + len); + if (se050Ctx->msg == NULL) { + return MEMORY_E; + } + XMEMSET(se050Ctx->msg, 0, usedSz); } else { - tmp = (byte*)XMALLOC(se050Ctx->used + len, se050Ctx->heap, + tmp = (byte*)XMALLOC(usedSz, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return MEMORY_E; } - XMEMSET(tmp, 0, se050Ctx->used + len); + XMEMSET(tmp, 0, usedSz); XMEMCPY(tmp, se050Ctx->msg, se050Ctx->used); XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); se050Ctx->msg = tmp; @@ -292,7 +297,7 @@ int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len if (se050Ctx->msg == NULL) { return MEMORY_E; } - se050Ctx->len = se050Ctx->used + len; + se050Ctx->len = usedSz; } XMEMCPY(se050Ctx->msg + se050Ctx->used, data, len); diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c index 4cd18440bf3..739f3f5a71c 100644 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -75,18 +75,22 @@ static int hashInit(wolfssl_TI_Hash *hash) static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len) { void *p; + word32 usedSz = 0; - if ((hash== NULL) || (data == NULL))return BAD_FUNC_ARG; + if ((hash == NULL) || (data == NULL) || (len == 0) || + !WC_SAFE_SUM_WORD32(hash->used, len, usedSz)) + return BAD_FUNC_ARG; - if (hash->len < hash->used+len) { + if (hash->len < usedSz) { if (hash->msg == NULL) { - p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = XMALLOC(usedSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); } else { - p = XREALLOC(hash->msg, hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = XREALLOC(hash->msg, usedSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (p == 0)return 1; + if (p == 0) + return MEMORY_E; hash->msg = p; - hash->len = hash->used+len; + hash->len = usedSz; } XMEMCPY(hash->msg+hash->used, data, len); hash->used += len;