Fix prefix matches, sizeof errors in string ops

JeremiahM37 · JeremiahM37 · commit 3ec0431352fe · 2026-04-06T14:51:29.000Z
diff --git a/src/wp_internal.c b/src/wp_internal.c
@@ -793,23 +793,23 @@ static int wp_EncryptedInfoGet(wp_EncryptedInfo* info, const char* cipherInfo)
 
     /* determine cipher information */
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
-    if (XSTRNCMP(cipherInfo, kEncTypeAesCbc128, XSTRLEN(kEncTypeAesCbc128)) == 0) {
+    if (XSTRCMP(cipherInfo, kEncTypeAesCbc128) == 0) {
         info->cipherType = WC_CIPHER_AES_CBC;
         info->keySz = AES_128_KEY_SIZE;
         if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
     }
     else
 #endif
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
-    if (XSTRNCMP(cipherInfo, kEncTypeAesCbc192, XSTRLEN(kEncTypeAesCbc192)) == 0) {
+    if (XSTRCMP(cipherInfo, kEncTypeAesCbc192) == 0) {
         info->cipherType = WC_CIPHER_AES_CBC;
         info->keySz = AES_192_KEY_SIZE;
         if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
     }
     else
 #endif
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
-    if (XSTRNCMP(cipherInfo, kEncTypeAesCbc256, XSTRLEN(kEncTypeAesCbc256)) == 0) {
+    if (XSTRCMP(cipherInfo, kEncTypeAesCbc256) == 0) {
         info->cipherType = WC_CIPHER_AES_CBC;
         info->keySz = AES_256_KEY_SIZE;
         if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
@@ -1113,7 +1113,7 @@ int wp_read_pem_bio(WOLFPROV_CTX *provctx, OSSL_CORE_BIO *coreBio,
             *len += readLen;
         }
         /* Last line should have footer. */
-        if (XMEMCMP(buf, "-----END ", 8) == 0) {
+        if (XMEMCMP(buf, "-----END ", 9) == 0) {
             break;
         }
     }
diff --git a/src/wp_rsa_asym.c b/src/wp_rsa_asym.c
@@ -466,28 +466,44 @@ static int wp_rsaa_decrypt(wp_RsaAsymCtx* ctx, unsigned char* out,
             if (ok) {
                 byte mask;
                 byte negMask;
-
-                XMEMSET(out, 0, outSize);
-                PRIVATE_KEY_UNLOCK();
-                rc = wc_RsaPrivateDecrypt(in, (word32)inLen, out,
-                    (word32)outSize, wp_rsa_get_key(ctx->rsa));
-                PRIVATE_KEY_LOCK();
-
-                /* Constant time checking of master secret. */
-                mask  = wp_ct_byte_mask_eq(out[0], ctx->clientVersion >> 8);
-                mask &= wp_ct_byte_mask_eq(out[1], ctx->clientVersion);
-                if (ctx->negVersion > 0) {
-                    /* Check for negotiated version as well. */
-                    negMask  = wp_ct_byte_mask_eq(out[0], ctx->negVersion >> 8);
-                    negMask &= wp_ct_byte_mask_eq(out[1], ctx->negVersion);
-                    mask |= negMask;
-                }
-                rc &= (int)(char)mask;
-
-                if (rc <= 0) {
-                    WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_RsaPrivateDecrypt TLS padding", rc);
+                byte rand[WOLFSSL_MAX_MASTER_KEY_LENGTH];
+                int i;
+
+                /* Implicit rejection: always generate random fallback
+                 * to prevent Bleichenbacher-style oracle attacks. */
+                rc = wc_RNG_GenerateBlock(&ctx->rng, rand,
+                    WOLFSSL_MAX_MASTER_KEY_LENGTH);
+                if (rc != 0) {
                     ok = 0;
                 }
+                if (ok) {
+                    XMEMSET(out, 0, outSize);
+                    PRIVATE_KEY_UNLOCK();
+                    rc = wc_RsaPrivateDecrypt(in, (word32)inLen, out,
+                        (word32)outSize, wp_rsa_get_key(ctx->rsa));
+                    PRIVATE_KEY_LOCK();
+
+                    /* Constant time checking of master secret. */
+                    mask  = wp_ct_byte_mask_eq(out[0],
+                        ctx->clientVersion >> 8);
+                    mask &= wp_ct_byte_mask_eq(out[1], ctx->clientVersion);
+                    if (ctx->negVersion > 0) {
+                        negMask  = wp_ct_byte_mask_eq(out[0],
+                            ctx->negVersion >> 8);
+                        negMask &= wp_ct_byte_mask_eq(out[1],
+                            ctx->negVersion);
+                        mask |= negMask;
+                    }
+                    /* Combine decrypt success with version check. */
+                    mask &= wp_ct_int_mask_gte(rc, 1);
+
+                    /* Constant-time select: real result or random fallback. */
+                    for (i = 0; i < WOLFSSL_MAX_MASTER_KEY_LENGTH; i++) {
+                        out[i] = wp_ct_byte_mask_sel(mask, out[i], rand[i]);
+                    }
+                    OPENSSL_cleanse(rand, sizeof(rand));
+                    rc = WOLFSSL_MAX_MASTER_KEY_LENGTH;
+                }
             }
         }
         else if (ctx->padMode == RSA_NO_PADDING) {
@@ -551,7 +567,7 @@ static int wp_rsaa_setup_md(wp_RsaAsymCtx* ctx, const char* mdName,
             }
             else {
                 OPENSSL_strlcpy(ctx->mgf1MdName, mdName,
-                    sizeof(ctx->oaepMdName));
+                    sizeof(ctx->mgf1MdName));
             }
         }
     }
diff --git a/src/wp_rsa_kem.c b/src/wp_rsa_kem.c
@@ -539,8 +539,7 @@ static int wp_rsakem_set_ctx_params(wp_RsaKemCtx* ctx,
         ok = 0;
     }
     if (ok && (op != NULL)) {
-        if (XSTRNCMP(OSSL_KEM_PARAM_OPERATION_RSASVE, op,
-                sizeof(OSSL_KEM_PARAM_OPERATION_RSASVE) - 1) == 0) {
+        if (XSTRCMP(OSSL_KEM_PARAM_OPERATION_RSASVE, op) == 0) {
             ctx->op = WP_RSA_KEM_OP_RSASVE;
         }
         else {
diff --git a/src/wp_rsa_sig.c b/src/wp_rsa_sig.c
@@ -130,7 +130,7 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName,
     if (ctx->padMode == RSA_PKCS1_PSS_PADDING && ctx->minSaltLen != -1) {
         wp_rsa_get_pss_mds(ctx->rsa, &localMdName, NULL);
         if (mdName != NULL &&
-            XSTRNCASECMP(localMdName, mdName, XSTRLEN(localMdName)) != 0) {
+            XSTRCASECMP(localMdName, mdName) != 0) {
             ok = 0;
         }
     }
@@ -197,7 +197,7 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName,
                 }
             }
             else {
-                OPENSSL_strlcpy(ctx->mgf1MdName, mdName, sizeof(ctx->mdName));
+                OPENSSL_strlcpy(ctx->mgf1MdName, mdName, sizeof(ctx->mgf1MdName));
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -539,8 +539,7 @@ static int wp_rsakem_set_ctx_params(wp_RsaKemCtx* ctx,`
`539`	`539`	`ok = 0;`
`540`	`540`	`}`
`541`	`541`	`if (ok && (op != NULL)) {`
`542`		`- if (XSTRNCMP(OSSL_KEM_PARAM_OPERATION_RSASVE, op,`
`543`		`- sizeof(OSSL_KEM_PARAM_OPERATION_RSASVE) - 1) == 0) {`
	`542`	`+ if (XSTRCMP(OSSL_KEM_PARAM_OPERATION_RSASVE, op) == 0) {`
`544`	`543`	`ctx->op = WP_RSA_KEM_OP_RSASVE;`
`545`	`544`	`}`
`546`	`545`	`else {`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName,`
`130`	`130`	`if (ctx->padMode == RSA_PKCS1_PSS_PADDING && ctx->minSaltLen != -1) {`
`131`	`131`	`wp_rsa_get_pss_mds(ctx->rsa, &localMdName, NULL);`
`132`	`132`	`if (mdName != NULL &&`
`133`		`- XSTRNCASECMP(localMdName, mdName, XSTRLEN(localMdName)) != 0) {`
	`133`	`+ XSTRCASECMP(localMdName, mdName) != 0) {`
`134`	`134`	`ok = 0;`
`135`	`135`	`}`
`136`	`136`	`}`
`@@ -197,7 +197,7 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName,`
`197`	`197`	`}`
`198`	`198`	`}`
`199`	`199`	`else {`
`200`		`- OPENSSL_strlcpy(ctx->mgf1MdName, mdName, sizeof(ctx->mdName));`
	`200`	`+ OPENSSL_strlcpy(ctx->mgf1MdName, mdName, sizeof(ctx->mgf1MdName));`
`201`	`201`	`}`
`202`	`202`	`}`
`203`	`203`	`}`