Merge pull request #9681 from tmael/wfb1_

Fix cert SW issues in Aes and rng

Author: dgarske

wolfcrypt/src/aes.c

@@ -4101,10 +4101,16 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         const byte* iv, int dir)
     {
+        if (aes == NULL || userKey == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (keylen > sizeof(aes->key)) {
+            return BAD_FUNC_ARG;
+        }
+
         return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1);
     }
 
-
     int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
                         const byte* iv, int dir)
     {
@@ -5282,7 +5288,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         {
             int ret;
 
-            if (aes == NULL)
+            if (aes == NULL || out == NULL || in == NULL)
                 return BAD_FUNC_ARG;
             VECTOR_REGISTERS_PUSH;
             ret = wc_AesEncrypt(aes, in, out);

wolfcrypt/src/random.c

@@ -752,12 +752,18 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
 
     /* Check the seed for duplicate words. */
     word32 seedIdx = 0;
-    word32 scratchSz = min(SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ);
+    word32 scratchSz = 0;
+
+    if (seed == NULL || seedSz < SEED_BLOCK_SZ)
+        return BAD_FUNC_ARG;
+
+    scratchSz = min(SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ);
 
     while (seedIdx < seedSz - SEED_BLOCK_SZ) {
         if (ConstantCompare(seed + seedIdx,
                             seed + seedIdx + scratchSz,
                             (int)scratchSz) == 0) {
+
             ret = DRBG_CONT_FAILURE;
         }
         seedIdx += SEED_BLOCK_SZ;