From 5e852dc1a14542731770e31e45bc6a9a71d5a66c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 23 Sep 2016 23:22:58 -0700 Subject: [PATCH] Fixes for building the library with a C++ compiler with TLSX enabled 1. Add many typecasts for malloc() data to proper pointer type. 2. Add many typecasts for constants in tertiary operators. 3. ECC to use local copy of wc_off_on_addr instead of extern copy. --- src/internal.c | 19 +++++++++--------- src/tls.c | 47 +++++++++++++++++++++++++-------------------- wolfcrypt/src/ecc.c | 3 ++- 3 files changed, 38 insertions(+), 31 deletions(-) diff --git a/src/internal.c b/src/internal.c index 00dae569d..e1dd193d8 100755 --- a/src/internal.c +++ b/src/internal.c @@ -8576,7 +8576,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) { #ifdef HAVE_TRUNCATED_HMAC - word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ + word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ : ssl->specs.hash_size; #else word32 minLength = ssl->specs.hash_size; /* covers stream */ @@ -9041,7 +9041,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, word32 pad = 0; word32 padByte = 0; #ifdef HAVE_TRUNCATED_HMAC - word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ + word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ : ssl->specs.hash_size; #else word32 digestSz = ssl->specs.hash_size; @@ -9819,13 +9819,8 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly) { -#ifdef HAVE_TRUNCATED_HMAC - word32 digestSz = min(ssl->specs.hash_size, - ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size); -#else - word32 digestSz = ssl->specs.hash_size; -#endif - word32 sz = RECORD_HEADER_SZ + inSz + digestSz; + word32 digestSz; + word32 sz = RECORD_HEADER_SZ + inSz; word32 pad = 0, i; word32 idx = RECORD_HEADER_SZ; word32 ivSz = 0; /* TLSv1.1 IV */ @@ -9849,6 +9844,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, return BAD_FUNC_ARG; } + digestSz = ssl->specs.hash_size; +#ifdef HAVE_TRUNCATED_HMAC + if (ssl->truncated_hmac) + digestSz = min(TRUNCATED_HMAC_SZ, digestSz); +#endif + sz += digestSz; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { diff --git a/src/tls.c b/src/tls.c index 9a32e55a7..df9ed15d7 100644 --- a/src/tls.c +++ b/src/tls.c @@ -930,7 +930,8 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz, alpn->negotiated = 0; alpn->options = 0; - alpn->protocol_name = XMALLOC(protocol_nameSz + 1, heap, DYNAMIC_TYPE_TLSX); + alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1, + heap, DYNAMIC_TYPE_TLSX); if (alpn->protocol_name == NULL) { WOLFSSL_MSG("Memory failure"); XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); @@ -1241,7 +1242,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) } *data = alpn->protocol_name; - *dataSz = (word16)XSTRLEN(*data); + *dataSz = (word16)XSTRLEN((char*)*data); return SSL_SUCCESS; } @@ -1282,8 +1283,8 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap) switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: - sni->data.host_name = XMALLOC(size+1, heap, DYNAMIC_TYPE_TLSX); - + sni->data.host_name = (char*)XMALLOC(size + 1, heap, + DYNAMIC_TYPE_TLSX); if (sni->data.host_name) { XSTRNCPY(sni->data.host_name, (const char*)data, size); sni->data.host_name[size] = 0; @@ -1398,7 +1399,7 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type) static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) { TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); - SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); + SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); if (sni) sni->status = status; @@ -1408,7 +1409,7 @@ static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) byte TLSX_SNI_Status(TLSX* extensions, byte type) { TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); - SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); + SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); if (sni) return sni->status; @@ -1535,8 +1536,8 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) #ifndef NO_WOLFSSL_SERVER TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); - SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL; - SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL; + SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL; + SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL; SNI* sni = NULL; for (; ctx_sni; ctx_sni = ctx_sni->next) { @@ -1620,13 +1621,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) { TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); - SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); + SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: *data = sni->data.host_name; - return XSTRLEN(*data); + return XSTRLEN((char*)*data); } } @@ -1637,7 +1638,7 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) { TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); - SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); + SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); if (sni) sni->options = options; @@ -1870,7 +1871,7 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap) if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) return BAD_FUNC_ARG; - if ((data = XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) + if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) return MEMORY_E; data[0] = mfl; @@ -2831,7 +2832,10 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { if (!extension) return 1; /* no suite restriction */ - for (curve = extension->data; curve && !(sig && key); curve = curve->next) { + for (curve = (EllipticCurve*)extension->data; + curve && !(sig && key); + curve = curve->next) { + /* find supported curve */ switch (curve->name) { #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) @@ -3982,7 +3986,7 @@ void TLSX_FreeAll(TLSX* list, void* heap) break; case TLSX_SUPPORTED_GROUPS: - EC_FREE_ALL(extension->data, heap); + EC_FREE_ALL((EllipticCurve*)extension->data, heap); break; case TLSX_STATUS_REQUEST: @@ -4047,7 +4051,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) case TLSX_SERVER_NAME: /* SNI only sends the name on the request. */ if (isRequest) - length += SNI_GET_SIZE(extension->data); + length += SNI_GET_SIZE((SNI*)extension->data); break; case TLSX_MAX_FRAGMENT_LENGTH: @@ -4059,7 +4063,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) break; case TLSX_SUPPORTED_GROUPS: - length += EC_GET_SIZE(extension->data); + length += EC_GET_SIZE((EllipticCurve*)extension->data); break; case TLSX_STATUS_REQUEST: @@ -4083,7 +4087,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) break; case TLSX_APPLICATION_LAYER_PROTOCOL: - length += ALPN_GET_SIZE(extension->data); + length += ALPN_GET_SIZE((ALPN*)extension->data); break; } @@ -4124,11 +4128,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, switch (extension->type) { case TLSX_SERVER_NAME: if (isRequest) - offset += SNI_WRITE(extension->data, output + offset); + offset += SNI_WRITE((SNI*)extension->data, output + offset); break; case TLSX_MAX_FRAGMENT_LENGTH: - offset += MFL_WRITE(extension->data, output + offset); + offset += MFL_WRITE((byte*)extension->data, output + offset); break; case TLSX_TRUNCATED_HMAC: @@ -4136,7 +4140,8 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; case TLSX_SUPPORTED_GROUPS: - offset += EC_WRITE(extension->data, output + offset); + offset += EC_WRITE((EllipticCurve*)extension->data, + output + offset); break; case TLSX_STATUS_REQUEST: @@ -4168,7 +4173,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; case TLSX_APPLICATION_LAYER_PROTOCOL: - offset += ALPN_WRITE(extension->data, output + offset); + offset += ALPN_WRITE((ALPN*)extension->data, output + offset); break; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 19aeb2de0..c7337610e 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1878,7 +1878,8 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #ifndef WC_NO_CACHE_RESISTANT -#if defined(TFM_TIMING_RESISTANT) && defined(USE_FAST_MATH) +#if defined(TFM_TIMING_RESISTANT) && defined(USE_FAST_MATH) && \ + !defined(__cplusplus) /* let's use the one we already have */ extern const wolfssl_word wc_off_on_addr[2]; #else