From 2e487a2463a0b0aac9876f09fe2471e638ba6828 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 27 Nov 2019 07:40:39 -0800 Subject: [PATCH 1/2] Init uninitialised values --- src/tls13.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index f98b157ca..19cd385f4 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2344,10 +2344,10 @@ static int FindSuiteSSL(WOLFSSL* ssl, byte* suite) static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) { int ret; - byte mac[WC_MAX_DIGEST_SIZE]; + byte mac[WC_MAX_DIGEST_SIZE] = {0}; Hmac cookieHmac; - byte cookieType; - byte macSz; + byte cookieType = 0; + byte macSz = 0; #if !defined(NO_SHA) && defined(NO_SHA256) cookieType = SHA; @@ -2357,6 +2357,7 @@ static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) cookieType = WC_SHA256; macSz = WC_SHA256_DIGEST_SIZE; #endif /* NO_SHA256 */ + XMEMSET(&cookieHmac, 0, sizeof(Hmac)); ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -2382,7 +2383,7 @@ static int RestartHandshakeHash(WOLFSSL* ssl) { int ret; Hashes hashes; - byte header[HANDSHAKE_HEADER_SZ]; + byte header[HANDSHAKE_HEADER_SZ] = {0}; byte* hash = NULL; byte hashSz = 0; @@ -3764,10 +3765,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) { int ret; - byte mac[WC_MAX_DIGEST_SIZE]; + byte mac[WC_MAX_DIGEST_SIZE] = {0}; Hmac cookieHmac; - byte cookieType; - byte macSz; + byte cookieType = 0; + byte macSz = 0; #if !defined(NO_SHA) && defined(NO_SHA256) cookieType = SHA; @@ -3781,6 +3782,7 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) if (cookieSz < ssl->specs.hash_size + macSz) return HRR_COOKIE_ERROR; cookieSz -= macSz; + XMEMSET(&cookieHmac, 0, sizeof(Hmac)); ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -3831,8 +3833,8 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) */ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) { - byte header[HANDSHAKE_HEADER_SZ]; - byte hrr[MAX_HRR_SZ]; + byte header[HANDSHAKE_HEADER_SZ] = {0}; + byte hrr[MAX_HRR_SZ] = {0}; int hrrIdx; word32 idx; byte hashSz; @@ -4038,19 +4040,21 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz) { int ret = VERSION_ERROR; - byte b; - ProtocolVersion pv; + byte b = 0; + ProtocolVersion pv = {0}; Suites clSuites; word32 i = *inOutIdx; word32 begin = i; word16 totalExtSz = 0; int usingPSK = 0; - byte sessIdSz; + byte sessIdSz = 0; int wantDowngrade = 0; WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_ENTER("DoTls13ClientHello"); + XMEMSET(&clSuites, 0, sizeof(Suites)); + #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello"); if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); From acdfc514b392ec829d0683e1fb7cd18265a12114 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 27 Nov 2019 11:09:57 -0800 Subject: [PATCH 2/2] Use memset initialize --- src/tls13.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 19cd385f4..2cd37050f 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4041,7 +4041,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret = VERSION_ERROR; byte b = 0; - ProtocolVersion pv = {0}; + ProtocolVersion pv; Suites clSuites; word32 i = *inOutIdx; word32 begin = i; @@ -4053,6 +4053,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_ENTER("DoTls13ClientHello"); + XMEMSET(&pv, 0, sizeof(ProtocolVersion)); XMEMSET(&clSuites, 0, sizeof(Suites)); #ifdef WOLFSSL_CALLBACKS