Fix integer overflow in _wc_Hash_Grow and TI hashUpdate

[Scottcjn]

Summary

Fix integer overflow in hash buffer size computation that could lead to heap buffer overflow.

Problem

Both _wc_Hash_Grow() (hash.c) and hashUpdate() (ti-hash.c) compute the new buffer size as used + inSz without overflow checking. If used is near UINT32_MAX, the addition wraps to a small value, causing:

1. Small allocation (XMALLOC with wrapped size)
2. Large write (XMEMCPY with original inSz) → heap overflow

Same pattern as the SE050 fix in #9954.

Fix

Use WC_SAFE_SUM_WORD32() to detect overflow before the addition:

word32 newSz;
if (!WC_SAFE_SUM_WORD32(*used, (word32)inSz, newSz)) {
    return BUFFER_E;  // overflow detected
}

Then use newSz for all allocation and length comparisons.

Files Changed

• wolfcrypt/src/hash.c — _wc_Hash_Grow() (requires WOLFSSL_HASH_KEEP)
• wolfcrypt/src/port/ti/ti-hash.c — hashUpdate() (requires WOLFSSL_TI_HASH)

Severity

Low — requires ~4GB of hash input to trigger, which will OOM on most systems first. But defense-in-depth is the right call, and this keeps the codebase consistent with the SE050 fix.

Fixes #9955

CLA: Previously signed (on file from PR #9932).

[wolfSSL-Bot]

Can one of the admins verify this patch?

[dgarske]

Fixed in https://github.com/wolfSSL/wolfssl/pull/9954/changes#diff-1b674ef4a0dfb6975bdc0ddf9dcddb9961e8f5c43e6111fedfb7b3fad8387ec4

[Scottcjn]

Thanks @dgarske — confirmed #9954 covers the same overflow in hash.c and ti-hash.c with WC_SAFE_SUM_WORD32. Same bug, your preferred fix style. Glad the pattern got caught across all three paths.

Our other PR #9932 (POWER8 AES vcipher pipeline) is independent — still hoping that makes a future release.