Riscv port bug fixes#10864
Merged
Merged
Conversation
Align the RISC-V AES port's argument validation with the generic aes.c implementations (and with the port's own vector/scalar-crypto siblings): * wc_AesSetKey (base assembly variant, i.e. neither WOLFSSL_RISCV_VECTOR_CRYPTO_ASM nor WOLFSSL_RISCV_SCALAR_CRYPTO_ASM): reject key == NULL. The vector and scalar-crypto variants of the same function already check it; the base variant passed NULL through to the key expansion and wc_AesGcmSetKey then dereferenced the uninitialized schedule, crashing on e.g. wc_AesGcmSetKey(aes, NULL, 16). * wc_AesCcmEncrypt / wc_AesCcmDecrypt: reject authIn == NULL when authInSz > 0, as the generic implementation does. The port otherwise walks the NULL authIn buffer while computing the CBC-MAC. Found by the ISO 26262 per-module MC/DC campaign's argument-matrix tests (test_wc_AesGcmSetKey, test_wc_AesCcmArgMcdc) running the RISC-V port under qemu-riscv64: upstream CI only exercises this port with the KAT suite, which never passes invalid arguments.
The generic wc_AesEncrypt/wc_AesDecrypt (aes.c) reject an AES object whose key schedule was never set (rounds outside 1..7 after halving) with KEYUSAGE_E, and every mode inherits that through their int return. The RISC-V port's block helpers are void, so nothing reported unkeyed use: wc_AesEncryptDirect and wc_AesCcmEncrypt/Decrypt silently processed with a garbage schedule, and wc_AesCtrEncrypt classified it as BAD_FUNC_ARG instead of KEYUSAGE_E. Align the port with the generic error contract: * wc_AesEncryptDirect / wc_AesDecryptDirect: add the generic rounds check (also fixes wc_CmacUpdate error reporting, which goes through wc_AesEncryptDirect on this port) * wc_AesCcmEncrypt / wc_AesCcmDecrypt: same check after the argument sanity block * wc_AesCtrEncrypt (both variants): the existing rounds switch now returns KEYUSAGE_E instead of BAD_FUNC_ARG Found by the ISO 26262 MC/DC campaign argument-matrix tests (test_wc_AesSetKeyArgMcdc, test_wc_AesModesArgMcdc, test_wc_AesCcmArgMcdc, test_wc_CmacArgMcdc) under qemu-riscv64.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes RISC-V AES port behavior to align with the generic wolfcrypt/src/aes.c error/argument-validation contract, ensuring invalid key schedule usage and missing argument checks are surfaced consistently instead of silently producing incorrect results or crashes.
Changes:
- Return
KEYUSAGE_E(notBAD_FUNC_ARG) from RISC-V AES-CTR when the AES object has an unusable/unset key schedule (aes->roundsinvalid). - Add missing
key == NULLvalidation in the basewc_AesSetKey()implementation. - Add argument validation for CCM AAD (
authIn == NULLwhenauthInSz > 0) and add key-schedule usability checks to direct encrypt/decrypt and CCM paths.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
douzzer
approved these changes
Jul 8, 2026
douzzer
left a comment
Contributor
There was a problem hiding this comment.
tested with
wolfssl-multi-test.sh ...
cross-riscv64-all-asm
cross-riscv32-all-asm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Two bug fixes for RiscV
riscv: return KEYUSAGE_E for AES use without a key schedule (fc1bb63)
The generic wc_AesEncrypt/wc_AesDecrypt (aes.c) reject an AES object
whose key schedule was never set (rounds outside 1..7 after halving)
with KEYUSAGE_E, and every mode inherits that through their int return.
The RISC-V port's block helpers are void, so nothing reported unkeyed
use: wc_AesEncryptDirect and wc_AesCcmEncrypt/Decrypt silently
processed with a garbage schedule, and wc_AesCtrEncrypt classified it
as BAD_FUNC_ARG instead of KEYUSAGE_E.
Align the port with the generic error contract:
check (also fixes wc_CmacUpdate error reporting, which goes through
wc_AesEncryptDirect on this port)
sanity block
returns KEYUSAGE_E instead of BAD_FUNC_ARG
riscv: add missing argument checks in AES port (7b72cf6)
Align the RISC-V AES port's argument validation with the generic aes.c
implementations (and with the port's own vector/scalar-crypto siblings):
wc_AesSetKey (base assembly variant, i.e. neither
WOLFSSL_RISCV_VECTOR_CRYPTO_ASM nor WOLFSSL_RISCV_SCALAR_CRYPTO_ASM):
reject key == NULL. The vector and scalar-crypto variants of the same
function already check it; the base variant passed NULL through to the
key expansion and wc_AesGcmSetKey then dereferenced the uninitialized
schedule, crashing on e.g. wc_AesGcmSetKey(aes, NULL, 16).
wc_AesCcmEncrypt / wc_AesCcmDecrypt: reject authIn == NULL when
authInSz > 0, as the generic implementation does. The port otherwise
walks the NULL authIn buffer while computing the CBC-MAC.
Testing
Found by the ISO 26262 per-module MC/DC campaign's argument-matrix tests (test_wc_AesGcmSetKey, test_wc_AesCcmArgMcdc) running the RISC-V port under qemu-riscv64: upstream CI only exercises this port with the KAT suite, which never passes invalid arguments.