Fixes Applied

aidangarske · aidangarske · commit 0880f9e83a8a · 2026-02-24T14:11:08.000-08:00
1. Sign conversion warning fix (pwdbased.c)

  - Cast hLen to (word32) for ForceZero call

  2. NULL checks before ForceZero (Copilot feedback)

  hpke.c (6 locations):
  - wc_HpkeEncap: NULL checks for dh and kemContext
  - wc_HpkeSetupBaseSender: NULL check for sharedSecret
  - wc_HpkeSealBase: NULL check for context
  - wc_HpkeDecap: NULL check for dh
  - wc_HpkeSetupBaseReceiver: NULL check for sharedSecret
  - wc_HpkeOpenBase: NULL check for context

  ecc.c (2 locations):
  - wc_ecc_encrypt_ex: NULL checks for sharedSecret and keys
  - wc_ecc_decrypt: NULL checks for sharedSecret and keys

  pwdbased.c (1 location):
  - wc_PBKDF2_ex: NULL check for buffer

  Not addressed (not real issues):

  - The INT_MAX overflow comments for evp.c and pkcs12.c are theoretical - digest sizes are always small (32-64 bytes), never close to INT_MAX

  Arduino CI failure:

  - Not related to this PR - it's a pre-existing issue with the external WiFiNINA library
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
@@ -14484,8 +14484,12 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 
     RESTORE_VECTOR_REGISTERS();
 
-    ForceZero(sharedSecret, sharedSz);
-    ForceZero(keys, (word32)keysLen);
+    if (sharedSecret != NULL) {
+        ForceZero(sharedSecret, sharedSz);
+    }
+    if (keys != NULL) {
+        ForceZero(keys, (word32)keysLen);
+    }
     WC_FREE_VAR_EX(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
     WC_FREE_VAR_EX(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
 
@@ -14884,8 +14888,12 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     if (pubKey == peerKey)
         wc_ecc_free(peerKey);
 #endif
-    ForceZero(sharedSecret, sharedSz);
-    ForceZero(keys, (word32)keysLen);
+    if (sharedSecret != NULL) {
+        ForceZero(sharedSecret, sharedSz);
+    }
+    if (keys != NULL) {
+        ForceZero(keys, (word32)keysLen);
+    }
 #ifdef WOLFSSL_SMALL_STACK
 #ifndef WOLFSSL_ECIES_OLD
     XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c
@@ -796,8 +796,12 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey,
             hpke->Npk * 2, sharedSecret);
     }
 
-    ForceZero(dh, hpke->Ndh);
-    ForceZero(kemContext, hpke->Npk * 2);
+    if (dh != NULL) {
+        ForceZero(dh, hpke->Ndh);
+    }
+    if (kemContext != NULL) {
+        ForceZero(kemContext, hpke->Npk * 2);
+    }
     WC_FREE_VAR_EX(dh, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
     WC_FREE_VAR_EX(kemContext, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
@@ -829,7 +833,9 @@ static int wc_HpkeSetupBaseSender(Hpke* hpke, HpkeBaseContext* context,
             infoSz);
     }
 
-    ForceZero(sharedSecret, hpke->Nsecret);
+    if (sharedSecret != NULL) {
+        ForceZero(sharedSecret, hpke->Nsecret);
+    }
     WC_FREE_VAR_EX(sharedSecret, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
@@ -917,7 +923,9 @@ int wc_HpkeSealBase(Hpke* hpke, void* ephemeralKey, void* receiverKey,
 
     PRIVATE_KEY_LOCK();
 
-    ForceZero(context, sizeof(HpkeBaseContext));
+    if (context != NULL) {
+        ForceZero(context, sizeof(HpkeBaseContext));
+    }
     WC_FREE_VAR_EX(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
@@ -1036,7 +1044,9 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey,
             hpke->Npk * 2, sharedSecret);
     }
 
-    ForceZero(dh, hpke->Ndh);
+    if (dh != NULL) {
+        ForceZero(dh, hpke->Ndh);
+    }
     WC_FREE_VAR_EX(dh, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
     WC_FREE_VAR_EX(kemContext, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
@@ -1063,7 +1073,9 @@ static int wc_HpkeSetupBaseReceiver(Hpke* hpke, HpkeBaseContext* context,
             infoSz);
     }
 
-    ForceZero(sharedSecret, hpke->Nsecret);
+    if (sharedSecret != NULL) {
+        ForceZero(sharedSecret, hpke->Nsecret);
+    }
     WC_FREE_VAR_EX(sharedSecret, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
@@ -1150,7 +1162,9 @@ int wc_HpkeOpenBase(Hpke* hpke, void* receiverKey, const byte* pubKey,
 
     PRIVATE_KEY_LOCK();
 
-    ForceZero(context, sizeof(HpkeBaseContext));
+    if (context != NULL) {
+        ForceZero(context, sizeof(HpkeBaseContext));
+    }
     WC_FREE_VAR_EX(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
@@ -296,7 +296,9 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
         wc_HmacFree(hmac);
     }
 
-    ForceZero(buffer, hLen);
+    if (buffer != NULL) {
+        ForceZero(buffer, (word32)hLen);
+    }
     WC_FREE_VAR_EX(buffer, heap, DYNAMIC_TYPE_TMP_BUFFER);
     WC_FREE_VAR_EX(hmac, heap, DYNAMIC_TYPE_HMAC);
 

Original file line number	Diff line number	Diff line change
`@@ -296,7 +296,9 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,`
`296`	`296`	`wc_HmacFree(hmac);`
`297`	`297`	`}`
`298`	`298`
`299`		`- ForceZero(buffer, hLen);`
	`299`	`+ if (buffer != NULL) {`
	`300`	`+ ForceZero(buffer, (word32)hLen);`
	`301`	`+ }`
`300`	`302`	`WC_FREE_VAR_EX(buffer, heap, DYNAMIC_TYPE_TMP_BUFFER);`
`301`	`303`	`WC_FREE_VAR_EX(hmac, heap, DYNAMIC_TYPE_HMAC);`
`302`	`304`