diff --git a/configure.ac b/configure.ac index 8d5e0c8f68..8f1f085910 100644 --- a/configure.ac +++ b/configure.ac @@ -4103,18 +4103,6 @@ AC_ARG_ENABLE([ed448-stream], [ ENABLED_ED448_STREAM=no ] ) -if test "$ENABLED_ED448_STREAM" != "no" -then - if test "$ENABLED_ED448" = "no" - then - AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled]) - else - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" - fi -fi - - # FP ECC, Fixed Point cache ECC AC_ARG_ENABLE([fpecc], [AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])], @@ -5614,6 +5602,18 @@ then ENABLED_CERTS=yes fi +if test "$ENABLED_ED448_STREAM" != "no" +then + if test "$ENABLED_ED448" = "no" + then + AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled]) + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" + fi +fi + + # SRTP-KDF if test "$ENABLED_SRTP" = "yes" then diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 7edf08f9f3..a4e4b4a367 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10761,6 +10761,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, authTagSz > AES_BLOCK_SIZE) return BAD_FUNC_ARG; + /* Sanity check on authIn to prevent segfault in xorbuf() where + * variable 'in' is dereferenced as the mask 'm' in misc.c */ + if (authIn == NULL && authInSz > 0) + return BAD_FUNC_ARG; + /* sanity check on tag size */ if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG; @@ -10903,6 +10908,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, authTagSz > AES_BLOCK_SIZE) return BAD_FUNC_ARG; + /* Sanity check on authIn to prevent segfault in xorbuf() where + * variable 'in' is dereferenced as the mask 'm' in misc.c */ + if (authIn == NULL && authInSz > 0) + return BAD_FUNC_ARG; + /* sanity check on tag size */ if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG;