Skip to content

Xilinx/AMD port fixes for sanity checks on return values and psoc6 sanity check on input arg #10467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JacobBarthelmeh wants to merge 4 commits into
base: master
Choose a base branch
from
+51 −9
Open

Xilinx/AMD port fixes for sanity checks on return values and psoc6 sanity check on input arg #10467

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7596de1
add NULL sanity check for SHA512 init with psoc6 port
JacobBarthelmeh May 11, 2026
495f2f8
sanity check on return value of SHA3 call with Xilinx port
JacobBarthelmeh May 12, 2026
e3afeee
check return value of XSecure_Sha3_ReadHash() call
JacobBarthelmeh May 12, 2026
e32d5ad
adding return value check on XSecure_AesInitialize() call
JacobBarthelmeh May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions wolfcrypt/src/port/cypress/psoc6_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,9 @@ int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devid)
int ret;
(void)heap;
(void)devid;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(sha, 0, sizeof(wc_Sha512));
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
Expand Down
21 changes: 17 additions & 4 deletions wolfcrypt/src/port/xilinx/xil-aesgcm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -558,9 +558,18 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
tmp = out;
#endif

XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
aes->keyInit);
XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
ret = XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
(word32*)iv, aes->keyInit);
if (ret == XST_SUCCESS) {
ret = XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
}
if (ret != XST_SUCCESS) {
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Xilinx AES-GCM encrypt failed");
return WC_HW_E;
}
XMEMCPY(authTag, tmp + sz, authTagSz);
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
XMEMCPY(out, tmp, sz);
Expand Down Expand Up @@ -624,8 +633,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
}

/* calls to hardened crypto */
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
ret = XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
(word32*)iv, aes->keyInit);
if (ret != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_AesInitialize failed");
return WC_HW_E;
}
ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);

/* account for additional data */
Expand Down
36 changes: 31 additions & 5 deletions wolfcrypt/src/port/xilinx/xil-sha3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,16 @@ int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId)
*/
int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
{
int status;
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
WOLFSSL_XIL_DCACHE_FLUSH_RANGE((UINTPTR)data, len);
XSecure_Sha3Update(&(sha->xSec.cinst), XIL_CAST_U64(data), len);
status = XSecure_Sha3Update(&(sha->xSec.cinst), XIL_CAST_U64(data), len);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Update failed");
return WC_HW_E;
}

return 0;
}
Expand All @@ -88,11 +93,16 @@ int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
*/
int wc_Sha3_384_Final(wc_Sha3* sha, byte* out)
{
int status;
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
WOLFSSL_XIL_DCACHE_FLUSH_RANGE((UINTPTR)out, WC_SHA3_384_DIGEST_SIZE);
XSecure_Sha3Finish(&(sha->xSec.cinst), XIL_CAST_U64(out));
status = XSecure_Sha3Finish(&(sha->xSec.cinst), XIL_CAST_U64(out));
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Finish failed");
return WC_HW_E;
}

return wc_InitSha3_384(sha, NULL, INVALID_DEVID);
}
Expand Down Expand Up @@ -159,10 +169,15 @@ int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId)
*/
int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
{
int status;
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
XSecure_Sha3Update(&(sha->hw), (byte*)data, len);
status = XSecure_Sha3Update(&(sha->hw), (byte*)data, len);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Update failed");
return WC_HW_E;
}

return 0;
}
Expand All @@ -175,10 +190,15 @@ int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
*/
int wc_Sha3_384_Final(wc_Sha3* sha, byte* out)
{
int status;
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
XSecure_Sha3Finish(&(sha->hw), out);
status = XSecure_Sha3Finish(&(sha->hw), out);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Finish failed");
return WC_HW_E;
}

return wc_InitSha3_384(sha, NULL, INVALID_DEVID);
}
Expand All @@ -204,6 +224,8 @@ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)
{
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
wc_Sha3 s;
#else
int status;
#endif

if (sha == NULL || out == NULL) {
Expand All @@ -217,7 +239,11 @@ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)

return wc_Sha3_384_Final(&s, out);
#else
XSecure_Sha3_ReadHash(&(sha->hw), out);
status = XSecure_Sha3_ReadHash(&(sha->hw), out);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3_ReadHash failed");
return WC_HW_E;
}
return 0;
#endif
}
Expand Down
Loading