Merge pull request wolfSSL#9393 from rlm2002/zd20756

SparkiDev · web-flow · commit 3416a0f70ec1 · 2025-11-07T09:27:05.000+10:00
Integer overflow and dead code removal
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
@@ -4777,18 +4777,17 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
     #endif
 
+    #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE < 256
         if (checkKeyLen) {
-            if (keylen != 16 && keylen != 24 && keylen != 32) {
-                return BAD_FUNC_ARG;
-            }
-        #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE < 256
             /* Check key length only when AES_MAX_KEY_SIZE doesn't allow
              * all key sizes. Otherwise this condition is never true. */
             if (keylen > (AES_MAX_KEY_SIZE / 8)) {
                 return BAD_FUNC_ARG;
             }
-        #endif
         }
+    #else
+        (void) checkKeyLen;
+    #endif
 
     #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
         defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -34201,7 +34201,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
         cert->skidSz = KEYID_SIZE;
     #endif
     }
-    else if (kid_type == AKID_TYPE) {
+    else {
         int hashId = HashIdAlg((word32)cert->sigType);
         ret = CalcHashId_ex(buf, (word32)bufferSz, cert->akid, hashId);
     #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -34210,8 +34210,6 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
         cert->akidSz = KEYID_SIZE;
     #endif
     }
-    else
-        ret = BAD_FUNC_ARG;
 
     XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
@@ -20177,28 +20177,28 @@ static int sp_256_mod_mul_norm_9(sp_digit* r, const sp_digit* a, const sp_digit*
         a32 = t + 8;
 
         a32[0] = a[0];
-        a32[0] |= a[1] << 29U;
+        a32[0] |= (int64_t)a[1] << 29U;
         a32[0] &= 0xffffffffL;
         a32[1] = (a[1] >> 3);
-        a32[1] |= a[2] << 26U;
+        a32[1] |= (int64_t)a[2] << 26U;
         a32[1] &= 0xffffffffL;
         a32[2] = (a[2] >> 6);
-        a32[2] |= a[3] << 23U;
+        a32[2] |= (int64_t)a[3] << 23U;
         a32[2] &= 0xffffffffL;
         a32[3] = (a[3] >> 9);
-        a32[3] |= a[4] << 20U;
+        a32[3] |= (int64_t)a[4] << 20U;
         a32[3] &= 0xffffffffL;
         a32[4] = (a[4] >> 12);
-        a32[4] |= a[5] << 17U;
+        a32[4] |= (int64_t)a[5] << 17U;
         a32[4] &= 0xffffffffL;
         a32[5] = (a[5] >> 15);
-        a32[5] |= a[6] << 14U;
+        a32[5] |= (int64_t)a[6] << 14U;
         a32[5] &= 0xffffffffL;
         a32[6] = (a[6] >> 18);
-        a32[6] |= a[7] << 11U;
+        a32[6] |= (int64_t)a[7] << 11U;
         a32[6] &= 0xffffffffL;
         a32[7] = (a[7] >> 21);
-        a32[7] |= a[8] << 8U;
+        a32[7] |= (int64_t)a[8] << 8U;
         a32[7] &= 0xffffffffL;
 
         /*  1  1  0 -1 -1 -1 -1  0 */
@@ -27177,42 +27177,42 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit
         a32 = t + 12;
 
         a32[0] = a[0];
-        a32[0] |= a[1] << 26U;
+        a32[0] |= (int64_t)a[1] << 26U;
         a32[0] &= 0xffffffffL;
         a32[1] = (a[1] >> 6);
-        a32[1] |= a[2] << 20U;
+        a32[1] |= (int64_t)a[2] << 20U;
         a32[1] &= 0xffffffffL;
         a32[2] = (a[2] >> 12);
-        a32[2] |= a[3] << 14U;
+        a32[2] |= (int64_t)a[3] << 14U;
         a32[2] &= 0xffffffffL;
         a32[3] = (a[3] >> 18);
-        a32[3] |= a[4] << 8U;
+        a32[3] |= (int64_t)a[4] << 8U;
         a32[3] &= 0xffffffffL;
         a32[4] = (a[4] >> 24);
-        a32[4] |= a[5] << 2U;
-        a32[4] |= a[6] << 28U;
+        a32[4] |= (int64_t)a[5] << 2U;
+        a32[4] |= (int64_t)a[6] << 28U;
         a32[4] &= 0xffffffffL;
         a32[5] = (a[6] >> 4);
-        a32[5] |= a[7] << 22U;
+        a32[5] |= (int64_t)a[7] << 22U;
         a32[5] &= 0xffffffffL;
         a32[6] = (a[7] >> 10);
-        a32[6] |= a[8] << 16U;
+        a32[6] |= (int64_t)a[8] << 16U;
         a32[6] &= 0xffffffffL;
         a32[7] = (a[8] >> 16);
-        a32[7] |= a[9] << 10U;
+        a32[7] |= (int64_t)a[9] << 10U;
         a32[7] &= 0xffffffffL;
         a32[8] = (a[9] >> 22);
-        a32[8] |= a[10] << 4U;
-        a32[8] |= a[11] << 30U;
+        a32[8] |= (int64_t)a[10] << 4U;
+        a32[8] |= (int64_t)a[11] << 30U;
         a32[8] &= 0xffffffffL;
         a32[9] = (a[11] >> 2);
-        a32[9] |= a[12] << 24U;
+        a32[9] |= (int64_t)a[12] << 24U;
         a32[9] &= 0xffffffffL;
         a32[10] = (a[12] >> 8);
-        a32[10] |= a[13] << 18U;
+        a32[10] |= (int64_t)a[13] << 18U;
         a32[10] &= 0xffffffffL;
         a32[11] = (a[13] >> 14);
-        a32[11] |= a[14] << 12U;
+        a32[11] |= (int64_t)a[14] << 12U;
         a32[11] &= 0xffffffffL;
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
