From 3d16ec8dc11c614c622ccce301a152913522f9fd Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Apr 2023 00:29:01 -0500 Subject: [PATCH 01/11] wolfssl/wolfcrypt/asn_public.h: fix version threshold for wc_RsaPrivateKeyValidate() prototype. --- wolfssl/wolfcrypt/asn_public.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 91b64323f..cbe60b8f0 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -695,7 +695,7 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); /* For FIPS v1/v2 and selftest rsa.h is replaced. */ #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION <= 5))) + (!defined(HAVE_FIPS_VERSION) || (FIPS_VERSION_LE(5,2)))) WOLFSSL_API int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz, word32 inSz); #endif From d91f0f82d8313f5d9b662ffe7dc4250d14d5b53a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Apr 2023 00:31:17 -0500 Subject: [PATCH 02/11] wolfssl/wolfcrypt/misc.h: add missing argument names in NO_INLINE path. --- wolfssl/wolfcrypt/misc.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index f39352826..418246787 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -42,48 +42,48 @@ masking and clearing memory logic. #define WC_MISC_STATIC WOLFSSL_LOCAL -word32 rotlFixed(word32, word32); +word32 rotlFixed(word32 x, word32 y); WOLFSSL_LOCAL -word32 rotrFixed(word32, word32); +word32 rotrFixed(word32 x, word32 y); #ifdef WC_RC2 WOLFSSL_LOCAL -word16 rotlFixed16(word16, word16); +word16 rotlFixed16(word16 x, word16 y); WOLFSSL_LOCAL -word16 rotrFixed16(word16, word16); +word16 rotrFixed16(word16 x, word16 y); #endif WOLFSSL_LOCAL -word32 ByteReverseWord32(word32); +word32 ByteReverseWord32(word32 value); WOLFSSL_LOCAL -void ByteReverseWords(word32*, const word32*, word32); +void ByteReverseWords(word32* out, const word32* in, word32 byteCount); WOLFSSL_LOCAL void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b, word32 n); WOLFSSL_LOCAL -void xorbufout(void*, const void*, const void*, word32); +void xorbufout(void* out, const void* buf, const void* mask, word32 count); WOLFSSL_LOCAL -void XorWords(wolfssl_word*, const wolfssl_word*, word32); +void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n); WOLFSSL_LOCAL -void xorbuf(void*, const void*, word32); +void xorbuf(void* buf, const void* mask, word32 count); WOLFSSL_LOCAL -void ForceZero(void*, word32); +void ForceZero(void* mem, word32 len); WOLFSSL_LOCAL -int ConstantCompare(const byte*, const byte*, int); +int ConstantCompare(const byte* a, const byte* b, int length); #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL -word64 rotlFixed64(word64, word64); +word64 rotlFixed64(word64 x, word64 y); WOLFSSL_LOCAL -word64 rotrFixed64(word64, word64); +word64 rotrFixed64(word64 x, word64 y); WOLFSSL_LOCAL -word64 ByteReverseWord64(word64); +word64 ByteReverseWord64(word64 value); WOLFSSL_LOCAL -void ByteReverseWords64(word64*, const word64*, word32); +void ByteReverseWords64(word64* out, const word64* in, word32 byteCount); #endif /* WORD64_AVAILABLE */ #ifndef WOLFSSL_HAVE_MIN From 730890b8cc19c1f924adb834558950d86604ab4d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Apr 2023 00:33:15 -0500 Subject: [PATCH 03/11] wolfssl/wolfcrypt/sp_int.h: fix a missed bugprone-macro-parentheses in the C89 path. --- wolfssl/wolfcrypt/sp_int.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 5eb845f89..57fb901e6 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -815,7 +815,7 @@ while (0) /* Declare a dynamically allocated mp_int. */ #define DECL_MP_INT_SIZE_DYN(name, bits, max) \ unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(max))]; \ - sp_int* name = (sp_int*)name##d + sp_int* (name) = (sp_int*)name##d #endif /* Declare a statically allocated mp_int. */ #define DECL_MP_INT_SIZE(name, bits) \ From 42bea705d9d0e3f3faf114ca726a4334fc55fee3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Apr 2023 00:36:22 -0500 Subject: [PATCH 04/11] fix several more C89 "comma at end of enumerator list" spots in 64-bit-only headers, missed in earlier passes; in tests/unit.h, add a WOLF_C89 definition of AssertPtr() without pragmas, to avoid a -Wdeclaration-after-statement. --- tests/unit.h | 12 ++++++++++++ wolfssl/wolfcrypt/ed25519.h | 4 ++-- wolfssl/wolfcrypt/ed448.h | 2 +- wolfssl/wolfcrypt/sha3.h | 2 ++ wolfssl/wolfcrypt/sha512.h | 2 +- 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/tests/unit.h b/tests/unit.h index 24e439771..1801df4dd 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -88,6 +88,16 @@ #define AssertStrGE(x, y) AssertStr(x, y, >=, <) #define AssertStrLE(x, y) AssertStr(x, y, <=, >) +#ifdef WOLF_C89 + +#define AssertPtr(x, y, op, er) do { \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y)); \ +} while(0) + +#else + #define AssertPtr(x, y, op, er) do { \ PRAGMA_GCC_DIAG_PUSH; \ /* remarkably, without this inhibition, */ \ @@ -102,6 +112,8 @@ PRAGMA_GCC_DIAG_POP; \ } while(0) +#endif + #define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=) #define AssertPtrNE(x, y) AssertPtr(x, y, !=, ==) #define AssertPtrGT(x, y) AssertPtr(x, y, >, <=) diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 298e876be..8306f44b1 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -69,7 +69,7 @@ enum { Ed25519 = -1, Ed25519ctx = 0, - Ed25519ph = 1, + Ed25519ph = 1 }; #ifndef WC_ED25519KEY_TYPE_DEFINED @@ -80,7 +80,7 @@ enum { /* ED25519 Flags */ enum { WC_ED25519_FLAG_NONE = 0x00, - WC_ED25519_FLAG_DEC_SIGN = 0x01, + WC_ED25519_FLAG_DEC_SIGN = 0x01 }; /* An ED25519 Key */ diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index b9fa35f61..a5845fbe3 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -69,7 +69,7 @@ enum { Ed448 = 0, - Ed448ph = 1, + Ed448ph = 1 }; #ifndef WC_ED448KEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 571aaa069..2b9283a03 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -78,6 +78,8 @@ enum { WC_SHA3_384_BLOCK_SIZE = 104, WC_SHA3_512_BLOCK_SIZE = 72, #endif + + WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_SHA3) }; #ifndef NO_OLD_WC_NAMES diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 4011c7df5..6338700d2 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -140,7 +140,7 @@ enum { WC_SHA512_256_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, WC_SHA512_256_DIGEST_SIZE = 32, - WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE, + WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE }; From 4b9302cdb30ec8e4ced6096794c63f1dc3a657fb Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Apr 2023 02:12:25 -0500 Subject: [PATCH 05/11] another batch of -Wconversion fixes. --- wolfcrypt/src/aes.c | 94 +++++++++++++++++++------------------- wolfcrypt/src/asn.c | 21 +++++---- wolfcrypt/src/cmac.c | 2 +- wolfcrypt/src/des3.c | 2 +- wolfcrypt/src/dh.c | 45 +++++++++--------- wolfcrypt/src/poly1305.c | 18 ++++---- wolfcrypt/src/sha3.c | 4 +- wolfcrypt/src/sha512.c | 4 +- wolfcrypt/src/siphash.c | 4 +- wolfcrypt/src/wc_encrypt.c | 29 ++++++------ wolfcrypt/src/wc_port.c | 17 ++++--- wolfssl/wolfcrypt/sp_int.h | 5 ++ 12 files changed, 131 insertions(+), 114 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 0aebd3bab..c40e49bec 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4483,7 +4483,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ !defined(XTRANSFORM_AESCTRBLOCK) if (in != out && sz >= AES_BLOCK_SIZE) { - int blocks = sz / AES_BLOCK_SIZE; + word32 blocks = sz / AES_BLOCK_SIZE; byte* counter = (byte*)aes->reg; byte* c = out; while (blocks--) { @@ -4646,14 +4646,14 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz) sz <<= 3; /* copy over the words of the sz into the destination buffer */ - buf[0] = (szHi >> 24) & 0xff; - buf[1] = (szHi >> 16) & 0xff; - buf[2] = (szHi >> 8) & 0xff; - buf[3] = szHi & 0xff; - buf[4] = (sz >> 24) & 0xff; - buf[5] = (sz >> 16) & 0xff; - buf[6] = (sz >> 8) & 0xff; - buf[7] = sz & 0xff; + buf[0] = (byte)(szHi >> 24); + buf[1] = (byte)(szHi >> 16); + buf[2] = (byte)(szHi >> 8); + buf[3] = (byte)szHi; + buf[4] = (byte)(sz >> 24); + buf[5] = (byte)(sz >> 16); + buf[6] = (byte)(sz >> 8); + buf[7] = (byte)sz; } @@ -5386,7 +5386,7 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) z8[1] ^= m8[1]; /* Cache top byte for remainder calculations - lost in rotate. */ - a = z8[1] >> 56; + a = (byte)(z8[1] >> 56); /* Rotate Z by 8-bits */ z8[1] = (z8[0] >> 56) | (z8[1] << 8); @@ -8555,7 +8555,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz) ret = AesGcmFinal_C(aes, calcTag, authTagSz); if (ret == 0) { /* Check calculated tag matches the one passed in. */ - if (ConstantCompare(authTag, calcTag, authTagSz) != 0) { + if (ConstantCompare(authTag, calcTag, (int)authTagSz) != 0) { ret = AES_GCM_AUTH_E; } } @@ -8988,22 +8988,22 @@ static WARN_UNUSED_RESULT int roll_auth( /* encode the length in */ if (inSz <= 0xFEFF) { authLenSz = 2; - out[0] ^= ((inSz & 0xFF00) >> 8); - out[1] ^= (inSz & 0x00FF); + out[0] ^= (byte)(inSz >> 8); + out[1] ^= (byte)inSz; } - else if (inSz <= 0xFFFFFFFF) { + else { authLenSz = 6; - out[0] ^= 0xFF; out[1] ^= 0xFE; - out[2] ^= ((inSz & 0xFF000000) >> 24); - out[3] ^= ((inSz & 0x00FF0000) >> 16); - out[4] ^= ((inSz & 0x0000FF00) >> 8); - out[5] ^= (inSz & 0x000000FF); + out[0] ^= 0xFF; + out[1] ^= 0xFE; + out[2] ^= (byte)(inSz >> 24); + out[3] ^= (byte)(inSz >> 16); + out[4] ^= (byte)(inSz >> 8); + out[5] ^= (byte)inSz; } /* Note, the protocol handles auth data up to 2^64, but we are * using 32-bit sizes right now, so the bigger data isn't handled - * else if (inSz <= 0xFFFFFFFFFFFFFFFF) {} */ - else - return BAD_LENGTH_E; + * else {} + */ /* start fill out the rest of the first block */ remainder = AES_BLOCK_SIZE - authLenSz; @@ -9104,7 +9104,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return BAD_FUNC_ARG; /* sanity check on tag size */ - if (wc_AesCcmCheckTagSize(authTagSz) != 0) { + if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG; } @@ -9122,13 +9122,13 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, XMEMSET(A, 0, sizeof(A)); XMEMCPY(B+1, nonce, nonceSz); lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; - B[0] = (authInSz > 0 ? 64 : 0) - + (8 * (((byte)authTagSz - 2) / 2)) - + (lenSz - 1); + B[0] = (byte)((authInSz > 0 ? 64 : 0) + + (8 * (((byte)authTagSz - 2) / 2)) + + (lenSz - 1)); for (i = 0; i < lenSz; i++) { if (mask && i >= wordSz) mask = 0x00; - B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask; + B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); } #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -9283,7 +9283,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return BAD_FUNC_ARG; /* sanity check on tag size */ - if (wc_AesCcmCheckTagSize(authTagSz) != 0) { + if (wc_AesCcmCheckTagSize((int)authTagSz) != 0) { return BAD_FUNC_ARG; } @@ -9385,13 +9385,13 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, o = out; oSz = inSz; - B[0] = (authInSz > 0 ? 64 : 0) - + (8 * (((byte)authTagSz - 2) / 2)) - + (lenSz - 1); + B[0] = (byte)((authInSz > 0 ? 64 : 0) + + (8 * (((byte)authTagSz - 2) / 2)) + + (lenSz - 1)); for (i = 0; i < lenSz; i++) { if (mask && i >= wordSz) mask = 0x00; - B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask; + B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); } ret = wc_AesEncrypt(aes, B, A); @@ -9445,7 +9445,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } xorbuf(A, B, authTagSz); - if (ConstantCompare(A, authTag, authTagSz) != 0) { + if (ConstantCompare(A, authTag, (int)authTagSz) != 0) { /* If the authTag check fails, don't keep the decrypted data. * Unfortunately, you need the decrypted data to calculate the * check value. */ @@ -9626,7 +9626,7 @@ int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, int devId) if (ret == 0) ret = wc_AesInit(aes, heap, devId); if (ret == 0) { - XMEMCPY(aes->id, id, len); + XMEMCPY(aes->id, id, (size_t)len); aes->idLen = len; aes->labelLen = 0; } @@ -9637,12 +9637,12 @@ int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, int devId) int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) { int ret = 0; - int labelLen = 0; + size_t labelLen = 0; if (aes == NULL || label == NULL) ret = BAD_FUNC_ARG; if (ret == 0) { - labelLen = (int)XSTRLEN(label); + labelLen = XSTRLEN(label); if (labelLen == 0 || labelLen > AES_MAX_LABEL_LEN) ret = BUFFER_E; } @@ -9651,7 +9651,7 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) ret = wc_AesInit(aes, heap, devId); if (ret == 0) { XMEMCPY(aes->label, label, labelLen); - aes->labelLen = labelLen; + aes->labelLen = (int)labelLen; aes->idLen = 0; } @@ -10032,7 +10032,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( #ifdef WOLFSSL_AES_CFB /* check if more input needs copied over to aes->reg */ if (aes->left && sz && mode == AES_CFB_MODE) { - int size = min(aes->left, sz); + word32 size = min(aes->left, sz); XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size); } #endif @@ -10155,7 +10155,7 @@ static void shiftLeftArray(byte* ary, byte shift) for (i = 0; i < AES_BLOCK_SIZE - 1; i++) { byte carry = ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift)); carry >>= (WOLFSSL_BIT_SIZE - shift); - ary[i] = (ary[i] << shift) + carry; + ary[i] = (byte)((ary[i] << shift) + carry); } ary[i] = ary[i] << shift; } @@ -10400,11 +10400,11 @@ int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* Initialize key wrap counter with value */ static WC_INLINE void InitKeyWrapCounter(byte* inOutCtr, word32 value) { - int i; + word32 i; word32 bytes; bytes = sizeof(word32); - for (i = 0; i < (int)sizeof(word32); i++) { + for (i = 0; i < sizeof(word32); i++) { inOutCtr[i+sizeof(word32)] = (value >> ((bytes - 1) * 8)) & 0xFF; bytes--; } @@ -10495,7 +10495,7 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, /* C[0] = A */ XMEMCPY(out, tmp, KEYWRAP_BLOCK_SIZE); - return inSz + KEYWRAP_BLOCK_SIZE; + return (int)(inSz + KEYWRAP_BLOCK_SIZE); } /* perform AES key wrap (RFC3394), return out sz on success, negative on err */ @@ -10611,7 +10611,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) return BAD_KEYWRAP_IV_E; - return inSz - KEYWRAP_BLOCK_SIZE; + return (int)(inSz - KEYWRAP_BLOCK_SIZE); } int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, @@ -10809,7 +10809,7 @@ static WARN_UNUSED_RESULT int _AesXtsHelper( byte tmpC; tmpC = (pt[j] >> 7) & 0x01; - pt[j+AES_BLOCK_SIZE] = ((pt[j] << 1) + carry) & 0xFF; + pt[j+AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry); carry = tmpC; } if (carry) { @@ -10912,7 +10912,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte tmpC; tmpC = (tmp[j] >> 7) & 0x01; - tmp[j] = ((tmp[j] << 1) + carry) & 0xFF; + tmp[j] = (byte)((tmp[j] << 1) + carry); carry = tmpC; } if (carry) { @@ -11049,7 +11049,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte tmpC; tmpC = (tmp[j] >> 7) & 0x01; - tmp[j] = ((tmp[j] << 1) + carry) & 0xFF; + tmp[j] = (byte)((tmp[j] << 1) + carry); carry = tmpC; } if (carry) { @@ -11073,7 +11073,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte tmpC; tmpC = (tmp[j] >> 7) & 0x01; - tmp2[j] = ((tmp[j] << 1) + carry) & 0xFF; + tmp2[j] = (byte)((tmp[j] << 1) + carry); carry = tmpC; } if (carry) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7d60e5bb0..02920090a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -11302,21 +11302,23 @@ static int StoreKey(DecodedCert* cert, const byte* source, word32* srcIdx, ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL); if (ret == 0) { #ifdef HAVE_OCSP - ret = CalcHashId(source + *srcIdx, length, cert->subjectKeyHash); + ret = CalcHashId(source + *srcIdx, (word32)length, + cert->subjectKeyHash); } if (ret == 0) { #endif - publicKey = (byte*)XMALLOC(length, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + publicKey = (byte*)XMALLOC((size_t)length, cert->heap, + DYNAMIC_TYPE_PUBLIC_KEY); if (publicKey == NULL) { ret = MEMORY_E; } else { - XMEMCPY(publicKey, &source[*srcIdx], length); + XMEMCPY(publicKey, &source[*srcIdx], (size_t)length); cert->publicKey = publicKey; cert->pubKeyStored = 1; - cert->pubKeySize = length; + cert->pubKeySize = (word32)length; - *srcIdx += length; + *srcIdx += (word32)length; } } @@ -26692,7 +26694,8 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 case ED25519_KEY: - ret = wc_Ed25519PublicKeyToDer(ed25519Key, output, outLen, 1); + ret = wc_Ed25519PublicKeyToDer(ed25519Key, output, + (word32)outLen, 1); if (ret <= 0) { ret = PUBLIC_KEY_E; } @@ -26700,7 +26703,7 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, #endif #ifdef HAVE_ED448 case ED448_KEY: - ret = wc_Ed448PublicKeyToDer(ed448Key, output, outLen, 1); + ret = wc_Ed448PublicKeyToDer(ed448Key, output, (word32)outLen, 1); if (ret <= 0) { ret = PUBLIC_KEY_E; } @@ -27940,7 +27943,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key); if (ret == 0) - ret = outSz; + ret = (int)outSz; } #endif /* HAVE_ED25519 && HAVE_ED25519_SIGN */ @@ -27950,7 +27953,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, ret = wc_ed448_sign_msg(buf, sz, sig, &outSz, ed448Key, NULL, 0); if (ret == 0) - ret = outSz; + ret = (int)outSz; } #endif /* HAVE_ED448 && HAVE_ED448_SIGN */ diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index db0906c99..2ceefd7ac 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -342,7 +342,7 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, XMEMSET(a, 0, aSz); ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz); - compareRet = ConstantCompare(check, a, min(checkSz, aSz)); + compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz)); if (ret == 0) ret = compareRet ? 1 : 0; diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 3699fbe4c..02cc76112 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1486,7 +1486,7 @@ for (j = 0; j < 48; j++) { /* select bits individually */ if (pcr[pc2[j] - 1]) { /* check bit that goes to ks[j] */ l= j % 6; /* mask it in if it's there */ - ks[j/6] |= bytebit[l] >> 2; + ks[j/6] |= (byte)(bytebit[l] >> 2); } } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index adb133721..4dda56728 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1039,7 +1039,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key, * modLen - represents L, the size of p in bits * divLen - represents N, the size of q in bits * return 0 on success, -1 on error */ -static int CheckDhLN(int modLen, int divLen) +static int CheckDhLN(word32 modLen, word32 divLen) { int ret = -1; @@ -1076,7 +1076,8 @@ static int CheckDhLN(int modLen, int divLen) static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz) { - int qSz, pSz, cSz, err; + word32 qSz, pSz, cSz; + int err; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) mp_int* tmpQ = NULL; mp_int* tmpX = NULL; @@ -1093,8 +1094,8 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, return BAD_FUNC_ARG; } - qSz = mp_unsigned_bin_size(&key->q); - pSz = mp_unsigned_bin_size(&key->p); + qSz = (word32)mp_unsigned_bin_size(&key->q); + pSz = (word32)mp_unsigned_bin_size(&key->p); /* verify (L,N) pair bit lengths */ /* Trusted primes don't need to be checked. */ @@ -1167,7 +1168,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, /* tmpQ: M = min(2^N,q) - 1 */ if (err == MP_OKAY) - err = mp_2expt(tmpQ, *privSz * 8); + err = mp_2expt(tmpQ, (int)*privSz * 8); if (err == MP_OKAY) { if (mp_cmp(tmpQ, &key->q) == MP_GT) { @@ -1188,8 +1189,8 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, /* copy tmpX into priv */ if (err == MP_OKAY) { - pSz = mp_unsigned_bin_size(tmpX); - if (pSz > (int)*privSz) { + pSz = (word32)mp_unsigned_bin_size(tmpX); + if (pSz > *privSz) { WOLFSSL_MSG("DH private key output buffer too small"); err = BAD_FUNC_ARG; } else { @@ -1235,7 +1236,7 @@ static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, #endif { - sz = mp_unsigned_bin_size(&key->p); + sz = (word32)mp_unsigned_bin_size(&key->p); /* Table of predetermined values from the operation 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / @@ -1348,7 +1349,7 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz, ret = MP_TO_E; if (ret == 0) - *pubSz = mp_unsigned_bin_size(y); + *pubSz = (word32)mp_unsigned_bin_size(y); mp_clear(y); mp_clear(x); @@ -2157,7 +2158,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, ret = MP_TO_E; if (ret == 0) - *agreeSz = mp_unsigned_bin_size(z); + *agreeSz = (word32)mp_unsigned_bin_size(z); mp_forcezero(z); mp_clear(y); @@ -2381,7 +2382,7 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, } if (priv) { - word32 privSz = mp_unsigned_bin_size(&key->priv); + word32 privSz = (word32)mp_unsigned_bin_size(&key->priv); if (privSz > *pPrivSz) { return BUFFER_E; } @@ -2390,7 +2391,7 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, } if (pub) { - word32 pubSz = mp_unsigned_bin_size(&key->pub); + word32 pubSz = (word32)mp_unsigned_bin_size(&key->pub); if (pubSz > *pPubSz) { return BUFFER_E; } @@ -2591,7 +2592,7 @@ int wc_DhSetNamedKey(DhKey* key, int name) word32 wc_DhGetNamedKeyMinSize(int name) { - int size; + word32 size; switch (name) { #ifdef HAVE_FFDHE_2048 @@ -2877,9 +2878,9 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) #else mp_int tmp[1], tmp2[2]; #endif - int groupSz = 0, bufSz = 0, - primeCheckCount = 0, - primeCheck = MP_NO, + word32 groupSz = 0, bufSz = 0, + primeCheckCount = 0; + int primeCheck = MP_NO, ret = 0; unsigned char *buf = NULL; @@ -2916,7 +2917,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { /* modulus size in bytes */ modSz /= WOLFSSL_BIT_SIZE; - bufSz = modSz - groupSz; + bufSz = (word32)modSz - groupSz; /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, @@ -2943,7 +2944,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) /* force magnitude */ buf[0] |= 0xC0; /* force even */ - buf[bufSz - 1] &= ~1; + buf[bufSz - 1] &= (byte)~1U; if (mp_init_multi(tmp, tmp2, &dh->p, &dh->q, &dh->g, 0) != MP_OKAY) { @@ -2958,7 +2959,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) /* make our prime q */ if (ret == 0) { - if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY) + if (mp_rand_prime(&dh->q, (int)groupSz, rng, NULL) != MP_OKAY) ret = PRIME_GEN_E; } @@ -3088,9 +3089,9 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, /* get required output buffer sizes */ if (ret == 0) { - pLen = mp_unsigned_bin_size(&dh->p); - qLen = mp_unsigned_bin_size(&dh->q); - gLen = mp_unsigned_bin_size(&dh->g); + pLen = (word32)mp_unsigned_bin_size(&dh->p); + qLen = (word32)mp_unsigned_bin_size(&dh->q); + gLen = (word32)mp_unsigned_bin_size(&dh->g); /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */ if (p == NULL && q == NULL && g == NULL) { diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index f138b60c1..f56b3fdad 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -211,14 +211,14 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac); } static void U64TO8(byte* p, word64 v) { - p[0] = (v ) & 0xff; - p[1] = (v >> 8) & 0xff; - p[2] = (v >> 16) & 0xff; - p[3] = (v >> 24) & 0xff; - p[4] = (v >> 32) & 0xff; - p[5] = (v >> 40) & 0xff; - p[6] = (v >> 48) & 0xff; - p[7] = (v >> 56) & 0xff; + p[0] = (byte)v; + p[1] = (byte)(v >> 8); + p[2] = (byte)(v >> 16); + p[3] = (byte)(v >> 24); + p[4] = (byte)(v >> 32); + p[5] = (byte)(v >> 40); + p[6] = (byte)(v >> 48); + p[7] = (byte)(v >> 56); } #endif/* WOLFSSL_ARMASM */ #else /* if not 64 bit then use 32 bit */ @@ -778,7 +778,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) /* process full blocks */ if (bytes >= POLY1305_BLOCK_SIZE) { - size_t want = ((size_t)bytes & ~(POLY1305_BLOCK_SIZE - 1)); + size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1)); #if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) int ret; ret = poly1305_blocks(ctx, m, want); diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 2710f203b..2baea7654 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -645,7 +645,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) if (sha3->i > 0) { byte *t; - byte l = p * 8 - sha3->i; + byte l = (byte)(p * 8 - sha3->i); if (l > len) { l = (byte)len; } @@ -692,7 +692,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) data += p * 8; } XMEMCPY(sha3->t, data, len); - sha3->i += len; + sha3->i += (byte)len; return 0; } diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index bffa98501..ad2a24941 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -1073,7 +1073,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #else -static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int digestSz) +static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) { #ifdef LITTLE_ENDIAN_ORDER word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; @@ -1099,7 +1099,7 @@ int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE); } -static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz, +static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz, int (*initfp)(wc_Sha512*)) { int ret; diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c index a2b031da8..7e93b0b5a 100644 --- a/wolfcrypt/src/siphash.c +++ b/wolfcrypt/src/siphash.c @@ -258,7 +258,7 @@ int wc_SipHashUpdate(SipHash* sipHash, const unsigned char* in, word32 inSz) if (sipHash->cacheCnt > 0) { byte len = SIPHASH_BLOCK_SIZE - sipHash->cacheCnt; if (len > inSz) { - len = inSz; + len = (byte)inSz; } XMEMCPY(sipHash->cache + sipHash->cacheCnt, in, len); in += len; @@ -285,7 +285,7 @@ int wc_SipHashUpdate(SipHash* sipHash, const unsigned char* in, word32 inSz) if (inSz > 0) { /* Cache remaining message bytes less than a block. */ XMEMCPY(sipHash->cache, in, inSz); - sipHash->cacheCnt = inSz; + sipHash->cacheCnt = (byte)inSz; } } diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 2d36f2a82..e5be5d60b 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -283,7 +283,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, #ifndef NO_PWDBASED if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, - info->keySz, hashType)) != 0) { + (int)info->keySz, hashType)) != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); #elif defined(WOLFSSL_CHECK_MEM_ZERO) @@ -349,7 +349,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, #ifndef NO_PWDBASED if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, PKCS5_SALT_SZ, 1, - info->keySz, hashType)) != 0) { + (int)info->keySz, hashType)) != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); #elif defined(WOLFSSL_CHECK_MEM_ZERO) @@ -396,7 +396,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, int length, int version, byte* cbcIv, int enc, int shaOid) { int typeH = WC_HASH_TYPE_NONE; - int derivedLen = 0; + word32 derivedLen = 0; int ret = 0; #ifdef WOLFSSL_SMALL_STACK byte* key = NULL; @@ -410,6 +410,9 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, WOLFSSL_ENTER("wc_CryptKey"); + if (length < 0) + ret = BAD_LENGTH_E; + switch (id) { #ifndef NO_DES3 #ifndef NO_MD5 @@ -512,13 +515,13 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #ifndef NO_HMAC case PKCS5v2: ret = wc_PBKDF2(key, (byte*)password, passwordSz, - salt, saltSz, iterations, derivedLen, typeH); + salt, saltSz, iterations, (int)derivedLen, typeH); break; #endif #ifndef NO_SHA case PKCS5: ret = wc_PBKDF1(key, (byte*)password, passwordSz, - salt, saltSz, iterations, derivedLen, typeH); + salt, saltSz, iterations, (int)derivedLen, typeH); break; #endif #ifdef HAVE_PKCS12 @@ -541,7 +544,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, unicodePasswd[idx++] = 0x00; ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, - iterations, derivedLen, typeH, 1); + iterations, (int)derivedLen, typeH, 1); if (id != PBE_SHA1_RC4_128) { ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); @@ -577,10 +580,10 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, } if (ret == 0) { if (enc) { - wc_Des_CbcEncrypt(&des, input, input, length); + wc_Des_CbcEncrypt(&des, input, input, (word32)length); } else { - wc_Des_CbcDecrypt(&des, input, input, length); + wc_Des_CbcDecrypt(&des, input, input, (word32)length); } } break; @@ -608,10 +611,10 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, } if (ret == 0) { if (enc) { - ret = wc_Des3_CbcEncrypt(&des, input, input, length); + ret = wc_Des3_CbcEncrypt(&des, input, input, (word32)length); } else { - ret = wc_Des3_CbcDecrypt(&des, input, input, length); + ret = wc_Des3_CbcDecrypt(&des, input, input, (word32)length); } } wc_Des3Free(&des); @@ -625,7 +628,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, Arc4 dec; wc_Arc4SetKey(&dec, key, derivedLen); - wc_Arc4Process(&dec, input, input, length); + wc_Arc4Process(&dec, input, input, (word32)length); break; } #endif @@ -661,9 +664,9 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, } if (ret == 0) { if (enc) - ret = wc_AesCbcEncrypt(aes, input, input, length); + ret = wc_AesCbcEncrypt(aes, input, input, (word32)length); else - ret = wc_AesCbcDecrypt(aes, input, input, length); + ret = wc_AesCbcDecrypt(aes, input, input, (word32)length); } if (free_aes) wc_AesFree(aes); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index c81272ef4..1a1bcfa34 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -488,7 +488,7 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, void* heap) { int ret; - size_t fileSz; + long int fileSz; XFILE f; if (fname == NULL || buf == NULL || bufLen == NULL) { @@ -512,13 +512,18 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, return BAD_PATH_ERROR; } fileSz = XFTELL(f); + if (fileSz < 0) { + WOLFSSL_MSG("wc_LoadFile ftell error"); + XFCLOSE(f); + return BAD_PATH_ERROR; + } if (XFSEEK(f, 0, XSEEK_SET) != 0) { WOLFSSL_MSG("wc_LoadFile file seek error"); XFCLOSE(f); return BAD_PATH_ERROR; } if (fileSz > 0) { - *bufLen = fileSz; + *bufLen = (size_t)fileSz; *buf = (byte*)XMALLOC(*bufLen, heap, DYNAMIC_TYPE_TMP_BUFFER); if (*buf == NULL) { WOLFSSL_MSG("wc_LoadFile memory error"); @@ -727,13 +732,13 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) ret = BAD_PATH_ERROR; break; } - XSTRNCPY(ctx->name, path, pathLen + 1); + XSTRNCPY(ctx->name, path, (size_t)pathLen + 1); ctx->name[pathLen] = '/'; /* Use dnameLen + 1 for GCC 8 warnings of truncating d_name. Because * of earlier check it is known that dnameLen is less than * MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */ - XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); + XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, (size_t)dnameLen + 1); if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; @@ -852,12 +857,12 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) ret = BAD_PATH_ERROR; break; } - XSTRNCPY(ctx->name, path, pathLen + 1); + XSTRNCPY(ctx->name, path, (size_t)pathLen + 1); ctx->name[pathLen] = '/'; /* Use dnameLen + 1 for GCC 8 warnings of truncating d_name. Because * of earlier check it is known that dnameLen is less than * MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */ - XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); + XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, (size_t)dnameLen + 1); if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 57fb901e6..033e85f85 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -811,6 +811,11 @@ while (0) #define DECL_MP_INT_SIZE_DYN(name, bits, max) \ unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(bits))]; \ sp_int* (name) = (sp_int*)name##d +#elif defined(__cplusplus) +/* C++ doesn't tolerate parentheses around "name" (-Wparentheses) */ +#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ + unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(max))]; \ + sp_int* name = (sp_int*)name##d #else /* Declare a dynamically allocated mp_int. */ #define DECL_MP_INT_SIZE_DYN(name, bits, max) \ From 193919a276b8ccb09aa13e6cd2b6ab4f25423329 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 17 Apr 2023 17:43:00 -0500 Subject: [PATCH 06/11] add wc_strcasecmp() and wc_strncasecmp() to wc_port.c, and set up (USE_WOLF_STR[N]CASECMP) in types.h for targets lacking native implementations (including WOLF_C89); define USE_WOLF_STRSEP if defined(WOLF_C89). --- wolfcrypt/src/wc_port.c | 42 +++++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/types.h | 34 +++++++++++++++++++------------ 2 files changed, 63 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 1a1bcfa34..f5bda06ab 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1081,6 +1081,48 @@ size_t wc_strlcat(char *dst, const char *src, size_t dstSize) } #endif /* USE_WOLF_STRLCAT */ +#ifdef USE_WOLF_STRCASECMP +int wc_strcasecmp(const char *s1, const char *s2) +{ + char c1, c2; + for (; + ; + ++s1, ++s2) + { + c1 = *s1; + if ((c1 >= 'a') && (c1 <= 'z')) + c1 -= ('a' - 'A'); + c2 = *s2; + if ((c2 >= 'a') && (c2 <= 'z')) + c2 -= ('a' - 'A'); + if ((c1 != c2) || (c1 == 0)) + break; + } + return (c1 - c2); +} +#endif /* USE_WOLF_STRCASECMP */ + +#ifdef USE_WOLF_STRNCASECMP +int wc_strncasecmp(const char *s1, const char *s2, size_t n) +{ + char c1, c2; + for (c1 = 0, c2 = 0; + n > 0; + --n, ++s1, ++s2) + { + c1 = *s1; + if ((c1 >= 'a') && (c1 <= 'z')) + c1 -= ('a' - 'A'); + c2 = *s2; + if ((c2 >= 'a') && (c2 <= 'z')) + c2 -= ('a' - 'A'); + if ((c1 != c2) || (c1 == 0)) + break; + } + return (c1 - c2); +} +#endif /* USE_WOLF_STRNCASECMP */ + #if !defined(SINGLE_THREADED) && !defined(HAVE_C___ATOMIC) void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err) { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 4fdc88a82..28ab2cbc5 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -640,7 +640,7 @@ typedef struct w64wrapper { defined(WOLFSSL_TIRTOS) || defined(WOLF_C99)) #define USE_WOLF_STRTOK #endif - #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C99)) + #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C89) || defined(WOLF_C99)) #define USE_WOLF_STRSEP #endif #if !defined(XSTRLCPY) && !defined(USE_WOLF_STRLCPY) @@ -684,10 +684,9 @@ typedef struct w64wrapper { #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ defined(WOLFSSL_ZEPHYR) - /* XC32 version < 1.0 does not support strcasecmp, so use - * case sensitive one. - */ - #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + /* XC32 version < 1.0 does not support strcasecmp. */ + #define USE_WOLF_STRCASECMP + #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2)) #else @@ -697,8 +696,10 @@ typedef struct w64wrapper { #endif #if defined(WOLFSSL_DEOS) #define XSTRCASECMP(s1,s2) stricmp((s1),(s2)) - #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) - #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \ + || defined(WOLF_C89) + #define USE_WOLF_STRCASECMP + #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1, s2) #elif defined(WOLF_C89) #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) #else @@ -713,10 +714,9 @@ typedef struct w64wrapper { #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ defined(WOLFSSL_ZEPHYR) - /* XC32 version < 1.0 does not support strncasecmp, so use case - * sensitive one. - */ - #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) + /* XC32 version < 1.0 does not support strncasecmp. */ + #define USE_WOLF_STRNCASECMP + #define XSTRNCASECMP(s1,s2) wc_strncasecmp(s1,s2) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else @@ -726,8 +726,10 @@ typedef struct w64wrapper { #endif #if defined(WOLFSSL_DEOS) #define XSTRNCASECMP(s1,s2,n) strnicmp((s1),(s2),(n)) - #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) - #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) + #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \ + || defined(WOLF_C89) + #define USE_WOLF_STRNCASECMP + #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp(s1, s2 ,n) #elif defined(WOLF_C89) #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) #else @@ -855,6 +857,12 @@ typedef struct w64wrapper { WOLFSSL_API size_t wc_strlcat(char *dst, const char *src, size_t dstSize); #define XSTRLCAT(s1,s2,n) wc_strlcat((s1),(s2),(n)) #endif + #ifdef USE_WOLF_STRCASECMP + WOLFSSL_API int wc_strcasecmp(const char *s1, const char *s2); + #endif + #ifdef USE_WOLF_STRNCASECMP + WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); + #endif #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV From a4aef0e55d41a88e338a059909c1b4b191c04149 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 17 Apr 2023 22:51:55 -0500 Subject: [PATCH 07/11] refinements from peer review for #6303. --- wolfcrypt/src/aes.c | 2 +- wolfcrypt/src/dh.c | 2 +- wolfcrypt/src/wc_encrypt.c | 2 +- wolfcrypt/src/wc_port.c | 10 ++-------- 4 files changed, 5 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c40e49bec..c44f77bb1 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10405,7 +10405,7 @@ static WC_INLINE void InitKeyWrapCounter(byte* inOutCtr, word32 value) bytes = sizeof(word32); for (i = 0; i < sizeof(word32); i++) { - inOutCtr[i+sizeof(word32)] = (value >> ((bytes - 1) * 8)) & 0xFF; + inOutCtr[i+sizeof(word32)] = (byte)(value >> ((bytes - 1) * 8)); bytes--; } } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 4dda56728..4cedcae17 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2944,7 +2944,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) /* force magnitude */ buf[0] |= 0xC0; /* force even */ - buf[bufSz - 1] &= (byte)~1U; + buf[bufSz - 1] &= 0xfe; if (mp_init_multi(tmp, tmp2, &dh->p, &dh->q, &dh->g, 0) != MP_OKAY) { diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index e5be5d60b..506ac11e0 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -411,7 +411,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, WOLFSSL_ENTER("wc_CryptKey"); if (length < 0) - ret = BAD_LENGTH_E; + return BAD_LENGTH_E; switch (id) { #ifndef NO_DES3 diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index f5bda06ab..b6c59123f 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1085,10 +1085,7 @@ size_t wc_strlcat(char *dst, const char *src, size_t dstSize) int wc_strcasecmp(const char *s1, const char *s2) { char c1, c2; - for (; - ; - ++s1, ++s2) - { + for (;;++s1, ++s2) { c1 = *s1; if ((c1 >= 'a') && (c1 <= 'z')) c1 -= ('a' - 'A'); @@ -1106,10 +1103,7 @@ int wc_strcasecmp(const char *s1, const char *s2) int wc_strncasecmp(const char *s1, const char *s2, size_t n) { char c1, c2; - for (c1 = 0, c2 = 0; - n > 0; - --n, ++s1, ++s2) - { + for (c1 = 0, c2 = 0; n > 0; --n, ++s1, ++s2) { c1 = *s1; if ((c1 >= 'a') && (c1 <= 'z')) c1 -= ('a' - 'A'); From 4180a650c82eb3764847f97ab68fa8b3f3795eba Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 18 Apr 2023 14:27:52 -0500 Subject: [PATCH 08/11] fix clang-analyzer-deadcode.DeadStores in wolfcrypt/src/asn.c:SetOthername(). --- wolfcrypt/src/asn.c | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 02920090a..efda8e2e6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -14613,7 +14613,6 @@ word32 SetOthername(void *name, byte *output) output += SetHeader(CTC_UTF8, nameSz, output); XMEMCPY(output, nameStr, nameSz); - output += nameSz; } return len; From b87c2fc6213e7242540ac32fb2cd25a64949fbe3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 18 Apr 2023 14:29:13 -0500 Subject: [PATCH 09/11] fix null pointer deref (found by cppcheck:nullPointerRedundantCheck) in src/x509.c:wolfSSL_X509_EXTENSION_create_by_OBJ(). --- src/x509.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/x509.c b/src/x509.c index c8fcebfb2..ca5ffd5a4 100644 --- a/src/x509.c +++ b/src/x509.c @@ -307,7 +307,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_create_by_OBJ( wolfSSL_ASN1_STRING_free(&ret->value); } - ret->crit = crit; + if (err == 0) { + ret->crit = crit; + } if (err == 0) { ret->obj = wolfSSL_ASN1_OBJECT_dup(obj); From f1a674eec9c2f5b73883974d64f17b3ed139644f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 18 Apr 2023 14:30:38 -0500 Subject: [PATCH 10/11] wolfcrypt/src/wc_port.c: in wc_FileLoad(), use ssize_t for fileSz, not long int, for portability. --- wolfcrypt/src/wc_port.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b6c59123f..8852e639e 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -488,7 +488,7 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, void* heap) { int ret; - long int fileSz; + ssize_t fileSz; XFILE f; if (fname == NULL || buf == NULL || bufLen == NULL) { From fe3099b08ed23146b9098e3504b725ce63bafc13 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 18 Apr 2023 14:43:41 -0500 Subject: [PATCH 11/11] wolfssl/wolfcrypt/settings.h: add #ifdef _MSC_VER clause to define ssize_t, #ifndef HAVE_SSIZE_T. --- wolfssl/wolfcrypt/settings.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2294f7950..0eb3b792b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1877,6 +1877,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +#ifdef _MSC_VER + #ifndef HAVE_SSIZE_T + #include + typedef SSIZE_T ssize_t; + #endif +#endif + /* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */ #if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED) #undef WOLFSSL_CRYPT_HW_MUTEX