From 700eca45664bf06310a155012e8f4d853d744aef Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 11 Mar 2019 19:34:07 -0700
Subject: [PATCH] Fixes from peer review. Improved compatibility of API's.
 Clarification on integer.h mp_digit sizes.

---
 src/internal.c              | 21 +++++++++++++++------
 src/tls13.c                 | 11 ++++++-----
 wolfssl/ssl.h               |  2 +-
 wolfssl/wolfcrypt/integer.h |  5 +++--
 wolfssl/wolfcrypt/types.h   |  2 +-
 5 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 457dfed97..b0ea2bfec 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -19810,6 +19810,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             #ifndef NO_DH
                 case diffie_hellman_kea:
                 {
+                    word32 sigLen;
                     ssl->buffers.sig.length = ENCRYPT_LEN;
                     ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
                                             ssl->heap, DYNAMIC_TYPE_SIGNATURE);
@@ -19853,11 +19854,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     }
 
                     /* for DH, encSecret is Yc, agree is pre-master */
+                    sigLen = ssl->buffers.sig.length;
                     ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
-                        ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
+                        ssl->buffers.sig.buffer, &sigLen,
                         args->encSecret, &args->encSz);
 
                     /* set the max agree result size */
+                    ssl->buffers.sig.length = (unsigned int)sigLen;
                     ssl->arrays->preMasterSz = ENCRYPT_LEN;
                     break;
                 }
@@ -20875,10 +20878,11 @@ int SendCertificateVerify(WOLFSSL* ssl)
         #ifdef HAVE_ECC
            if (ssl->hsType == DYNAMIC_TYPE_ECC) {
                 ecc_key* key = (ecc_key*)ssl->hsKey;
+                word32 sigLen = ssl->buffers.sig.length;
 
                 ret = EccSign(ssl,
                     ssl->buffers.digest.buffer, ssl->buffers.digest.length,
-                    ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
+                    ssl->buffers.sig.buffer, &sigLen,
                     key,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
@@ -20886,6 +20890,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     NULL
             #endif
                 );
+                ssl->buffers.sig.length = (unsigned int)sigLen;
             }
         #endif /* HAVE_ECC */
         #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
@@ -21681,6 +21686,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     case diffie_hellman_kea:
                 #endif
                     {
+                        word32 dhPrivLen, dhPubLen;
+
                         /* Allocate DH key buffers and generate key */
                         if (ssl->buffers.serverDH_P.buffer == NULL ||
                             ssl->buffers.serverDH_G.buffer == NULL) {
@@ -21747,11 +21754,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             }
                         }
 
+                        dhPrivLen = ssl->buffers.serverDH_Priv.length;
+                        dhPubLen = ssl->buffers.serverDH_Pub.length;
                         ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
-                            ssl->buffers.serverDH_Priv.buffer,
-                            &ssl->buffers.serverDH_Priv.length,
-                            ssl->buffers.serverDH_Pub.buffer,
-                            &ssl->buffers.serverDH_Pub.length);
+                            ssl->buffers.serverDH_Priv.buffer, &dhPrivLen,
+                            ssl->buffers.serverDH_Pub.buffer, &dhPubLen);
+                        ssl->buffers.serverDH_Priv.length = (unsigned int)dhPrivLen;
+                        ssl->buffers.serverDH_Pub.length = (unsigned int)dhPubLen;
                         break;
                     }
                 #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */
diff --git a/src/tls13.c b/src/tls13.c
index 9af834428..185c824e2 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5395,15 +5395,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         {
         #ifdef HAVE_ECC
            if (ssl->hsType == DYNAMIC_TYPE_ECC) {
+                word32 sigLen = sig->length;
                 ret = EccSign(ssl, args->sigData, args->sigDataSz,
                     args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                    &sig->length, (ecc_key*)ssl->hsKey,
+                    &sigLen, (ecc_key*)ssl->hsKey,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
             #else
                     NULL
             #endif
                 );
+                sig->length = (unsigned int)sigLen;
                 args->length = (word16)sig->length;
             }
         #endif /* HAVE_ECC */
@@ -5423,8 +5425,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-
-                ret = RsaSign(ssl, sig->buffer, sig->length,
+                ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
                     args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen,
                     args->sigAlgo, ssl->suites->hashAlgo,
                     (RsaKey*)ssl->hsKey,
@@ -5459,7 +5460,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 /* check for signature faults */
                 ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
-                    sig->buffer, sig->length, args->sigAlgo,
+                    sig->buffer, (word32)sig->length, args->sigAlgo,
                     ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
                     ssl->buffers.key
                 );
@@ -5777,7 +5778,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
                 WOLFSSL_MSG("Doing RSA peer cert verify");
 
-                ret = RsaVerify(ssl, sig->buffer, sig->length, &args->output,
+                ret = RsaVerify(ssl, sig->buffer, (word32)sig->length, &args->output,
                     args->sigAlgo, args->hashAlgo, ssl->peerRsaKey,
                 #ifdef HAVE_PK_CALLBACKS
                     &ssl->buffers.peerRsaKey
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 7d3c0b205..068e4b0ff 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -347,7 +347,7 @@ typedef struct WOLFSSL_X509_OBJECT {
 
 typedef struct WOLFSSL_BUFFER_INFO {
     unsigned char* buffer;
-    word32 length;
+    unsigned int length;
 } WOLFSSL_BUFFER_INFO;
 
 typedef struct WOLFSSL_X509_STORE_CTX {
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 8da458df7..e0be1a402 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -118,17 +118,18 @@ extern "C" {
    typedef unsigned long      mp_word;
    /* don't define DIGIT_BIT, so its calculated below */
 #elif defined(NO_64BIT)
-   /* 32-bit */
+   /* 32-bit forced to 16-bit */
    typedef unsigned short     mp_digit;
    typedef unsigned int       mp_word;
    #define DIGIT_BIT          12
 #elif defined(MP_64BIT)
+   /* 64-bit */
    /* for GCC only on supported platforms */
    typedef unsigned long long mp_digit;  /* 64 bit type, 128 uses mode(TI) */
    typedef unsigned long      mp_word __attribute__ ((mode(TI)));
    #define DIGIT_BIT          60
 #else
-   /* this is the default case, 28-bit digits */
+   /* 32-bit default case */
 
    #if defined(_MSC_VER) || defined(__BORLANDC__)
       typedef unsigned __int64   ulong64;
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index f1a434367..a05ad67be 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -120,7 +120,7 @@
 
 #elif defined(WC_16BIT_CPU)
         #undef WORD64_AVAILABLE
-        typedef unsigned short wolfssl_word;
+        typedef word16 wolfssl_word;
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as
                              mp_digit, no 64 bit type so make mp_digit 16 bit */