First pass Fenrir fixes

jni/jni_chacha.c

@@ -162,6 +162,7 @@ Java_com_wolfssl_wolfcrypt_Chacha_wc_1Chacha_1process(
     if (ret == 0) {
         output = (byte*)XMALLOC(inputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (output == NULL) {
+            releaseByteArray(env, input_obj, input, JNI_ABORT);
             throwOutOfMemoryException(env, "Failed to allocate key buffer");
             return result;
         }
@@ -188,6 +189,7 @@ Java_com_wolfssl_wolfcrypt_Chacha_wc_1Chacha_1process(
     }
 
     LogStr("wc_Chacha_Process(): output = %p, ret = %d\n", output, ret);
+    releaseByteArray(env, input_obj, input, JNI_ABORT);
     XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     throwNotCompiledInException(env);

jni/jni_curve25519.c

@@ -278,6 +278,11 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1private(
         return NULL;
     }
 
+    if (curve25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -287,9 +292,7 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1private(
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_export_private_raw(curve25519, output, &outputSz);
+    ret = wc_curve25519_export_private_raw(curve25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -334,6 +337,11 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1public (
         return NULL;
     }
 
+    if (curve25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -343,9 +351,7 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1public (
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_export_public(curve25519, output, &outputSz);
+    ret = wc_curve25519_export_public(curve25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -397,18 +403,21 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1make_1shared_1secret(
         return NULL;
     }
 
+    if (curve25519 == NULL || pub == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (output == NULL) {
         throwOutOfMemoryException(env,
-                                     "Failed to allocate shared secret buffer");
+            "Failed to allocate shared secret buffer");
         return result;
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519 || !pub)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_shared_secret(curve25519, pub, output, &outputSz);
+    ret = wc_curve25519_shared_secret(curve25519, pub, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);

jni/jni_ecc.c

@@ -1181,6 +1181,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1get_1curve_1id_1f
     }
 
     LogStr("wc_ecc_get_curve_id_from_params() = %d\n", ret);
+
+    releaseByteArray(env, prime_object, prime, JNI_ABORT);
+    releaseByteArray(env, af_object, Af, JNI_ABORT);
+    releaseByteArray(env, bf_object, Bf, JNI_ABORT);
+    releaseByteArray(env, order_object, order, JNI_ABORT);
+    releaseByteArray(env, gx_object, Gx, JNI_ABORT);
+    releaseByteArray(env, gy_object, Gy, JNI_ABORT);
 #else
     throwNotCompiledInException(env);
 #endif

jni/jni_ed25519.c

@@ -303,6 +303,11 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1private(
         return NULL;
     }
 
+    if (ed25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = 2 * wc_ed25519_priv_size(ed25519); /* Export private + public */
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -312,9 +317,7 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1private(
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!ed25519)
-        ? BAD_FUNC_ARG
-        : wc_ed25519_export_private(ed25519, output, &outputSz);
+    ret = wc_ed25519_export_private(ed25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -359,6 +362,11 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1private_1only(
         return NULL;
     }
 
+    if (ed25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_ed25519_size(ed25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -368,9 +376,7 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1private_1only(
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!ed25519)
-        ? BAD_FUNC_ARG
-        : wc_ed25519_export_private_only(ed25519, output, &outputSz);
+    ret = wc_ed25519_export_private_only(ed25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -415,6 +421,11 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1public(
         return NULL;
     }
 
+    if (ed25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_ed25519_size(ed25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -424,9 +435,7 @@ Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1export_1public(
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!ed25519)
-        ? BAD_FUNC_ARG
-        : wc_ed25519_export_public(ed25519, output, &outputSz);
+    ret = wc_ed25519_export_public(ed25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -504,7 +513,6 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1sig
     }
 
     LogStr("wc_ed25519_sign_msg(ed25519=%p) = %d\n", ed25519, ret);
-    printf("wc_ed25519_sign_msg(ed25519=%p) = %d\n", ed25519, ret);
     XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     releaseByteArray(env, msg_in, msg, JNI_ABORT);
@@ -535,7 +543,7 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_wolfcrypt_Ed25519_wc_1ed25519_1verif
     sig = getByteArray(env, sig_in);
     msg = getByteArray(env, msg_in);
     msglen = getByteArrayLength(env, msg_in);
-    siglen = getByteArrayLength(env, msg_in);
+    siglen = getByteArrayLength(env, sig_in);
 
     if (!ed25519) {
         ret = BAD_FUNC_ARG;

jni/jni_fips.c

@@ -588,6 +588,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_wc_1AesGcmSetExtIV_1fips_
     iv = getByteArray(env, iv_buffer);
 
     if (aes == NULL || iv == NULL || size < 0) {
+        releaseByteArray(env, iv_buffer, iv, JNI_ABORT);
         return BAD_FUNC_ARG;
     }
 

jni/jni_hmac.c

@@ -211,18 +211,24 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_Hmac_wc_1HmacUpdate___3BII
     int ret = 0;
     Hmac* hmac = NULL;
     byte* data = NULL;
+    word32 dataSz = 0;
 
     hmac = (Hmac*) getNativeStruct(env, this);
     if ((*env)->ExceptionOccurred(env)) {
         /* getNativeStruct may throw exception, prevent throwing another */
         return;
     }
 
-    data = getByteArray(env, data_object);
+    data   = getByteArray(env, data_object);
+    dataSz = getByteArrayLength(env, data_object);
 
-    ret = (!hmac || !data)
-        ? BAD_FUNC_ARG
-        : wc_HmacUpdate(hmac, data + offset, length);
+    if (!hmac || !data || offset < 0 || length < 0 ||
+        ((word32)offset + (word32)length) > dataSz) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = wc_HmacUpdate(hmac, data + offset, length);
+    }
 
     if (ret != 0)
         throwWolfCryptExceptionFromError(env, ret);
@@ -244,6 +250,7 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_Hmac_wc_1HmacUpdate__Ljava_nio
     int ret = 0;
     Hmac* hmac = NULL;
     byte* data = NULL;
+    jlong dataSz = 0;
 
     hmac = (Hmac*) getNativeStruct(env, this);
     if ((*env)->ExceptionOccurred(env)) {
@@ -252,10 +259,15 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_Hmac_wc_1HmacUpdate__Ljava_nio
     }
 
     data = getDirectBufferAddress(env, data_object);
+    dataSz = (*env)->GetDirectBufferCapacity(env, data_object);
 
-    ret = (!hmac || !data)
-        ? BAD_FUNC_ARG
-        : wc_HmacUpdate(hmac, data + offset, length);
+    if (!hmac || !data || offset < 0 || length < 0 ||
+        ((jlong)offset + (jlong)length) > dataSz) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = wc_HmacUpdate(hmac, data + offset, length);
+    }
 
     if (ret != 0)
         throwWolfCryptExceptionFromError(env, ret);
@@ -284,17 +296,20 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Hmac_wc_1HmacFinal
         /* getNativeStruct may throw exception, prevent throwing another */
         return NULL;
     }
+
+    if (!hmac) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return result;
+    }
+
     hmacSz = GetHashSizeByType(hmac->macType);
 
     if (hmacSz < 0) {
-        throwWolfCryptExceptionFromError(env, ret);
+        throwWolfCryptExceptionFromError(env, hmacSz);
         return result;
     }
 
-    ret = (!hmac)
-        ? BAD_FUNC_ARG
-        : wc_HmacFinal(hmac, tmp);
-
+    ret = wc_HmacFinal(hmac, tmp);
     if (ret == 0) {
         result = (*env)->NewByteArray(env, hmacSz);
 

jni/jni_pwdbased.c

@@ -59,8 +59,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Pwdbased_wc_1PKCS12_1PBK
     }
     XMEMSET(outKey, 0, kLen);
 
-    pass = (byte*)(*env)->GetByteArrayElements(env, passBuf, NULL);
-    salt = (byte*)(*env)->GetByteArrayElements(env, saltBuf, NULL);
+    if (passBuf != NULL) {
+        pass = (byte*)(*env)->GetByteArrayElements(env, passBuf, NULL);
+    }
+    if (saltBuf != NULL) {
+        salt = (byte*)(*env)->GetByteArrayElements(env, saltBuf, NULL);
+    }
 
     ret = wc_PKCS12_PBKDF(outKey, pass, passBufLen, salt, sBufLen,
                           iterations, kLen, typeH, id);
@@ -80,8 +84,12 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Pwdbased_wc_1PKCS12_1PBK
         XFREE(outKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
-    (*env)->ReleaseByteArrayElements(env, passBuf, (jbyte*)pass, JNI_ABORT);
-    (*env)->ReleaseByteArrayElements(env, saltBuf, (jbyte*)salt, JNI_ABORT);
+    if (pass != NULL) {
+        (*env)->ReleaseByteArrayElements(env, passBuf, (jbyte*)pass, JNI_ABORT);
+    }
+    if (salt != NULL) {
+        (*env)->ReleaseByteArrayElements(env, saltBuf, (jbyte*)salt, JNI_ABORT);
+    }
 
     if (ret != 0) {
         throwWolfCryptExceptionFromError(env, ret);
@@ -133,7 +141,9 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Pwdbased_wc_1PBKDF2
         pass = (byte*)(*env)->GetByteArrayElements(env, passBuf, NULL);
     }
 
-    salt = (byte*)(*env)->GetByteArrayElements(env, saltBuf, NULL);
+    if (saltBuf != NULL) {
+        salt = (byte*)(*env)->GetByteArrayElements(env, saltBuf, NULL);
+    }
 
     ret = wc_PBKDF2(outKey, pass, passBufLen, salt, sBufLen,
                     iterations, kLen, hashType);
@@ -156,8 +166,9 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Pwdbased_wc_1PBKDF2
     if (pass != NULL) {
         (*env)->ReleaseByteArrayElements(env, passBuf, (jbyte*)pass, JNI_ABORT);
     }
-
-    (*env)->ReleaseByteArrayElements(env, saltBuf, (jbyte*)salt, JNI_ABORT);
+    if (salt != NULL) {
+        (*env)->ReleaseByteArrayElements(env, saltBuf, (jbyte*)salt, JNI_ABORT);
+    }
 
     if (ret != 0) {
         throwWolfCryptExceptionFromError(env, ret);