avoid callback buffer overwrite with sha512_224 and remove min from wolfcaam_cmac

2023-04-11 09:06:39 -07:00 · 2023-04-11 09:06:39 -07:00 · edad8d1da8
commit edad8d1da8
parent 6a89464176
2 changed files with 7 additions and 3 deletions
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@ -99,7 +99,8 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
                WOLFSSL_MSG("Error with CMAC buffer size");
                return -1;
            }
-            add = min(sz, (int)(AES_BLOCK_SIZE - cmac->bufferSz));
+            add = (sz < ((int)(AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
+                   (int)(AES_BLOCK_SIZE - cmac->bufferSz);
            XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);

            cmac->bufferSz += add;
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@ -1110,9 +1110,12 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,

 #ifdef WOLF_CRYPTO_CB
    if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != CRYPTOCB_UNAVAILABLE) {
+            XMEMCPY(hash, localHash, digestSz);
            return ret;
+        }
        /* fall-through when unavailable */
    }
 #endif