feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fixes for non-portable (endian-sensitive) code patterns around word16 in TLS layer.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-04-05 10:42:05 -05:00
parent 8b587b563c
commit cdf2504612
4 changed files with 41 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal.c
View File

@ -27682,7 +27682,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
* length The length of a signature. * length The length of a signature.
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
int DecodePrivateKey(WOLFSSL *ssl, word16* length) int DecodePrivateKey(WOLFSSL *ssl, word32* length)
{ {
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
int keySz; int keySz;
@ -27697,7 +27697,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
#endif #endif
) { ) {
*length = (word16)GetPrivateKeySigSize(ssl); *length = GetPrivateKeySigSize(ssl);
return 0; return 0;
} }
else else
@ -27747,7 +27747,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)ssl->buffers.keySz; *length = ssl->buffers.keySz;
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -27773,7 +27773,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz); *length = wc_ecc_sig_size_calc(ssl->buffers.keySz);
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -27808,7 +27808,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_falcon_sig_size((falcon_key*)ssl->hsKey); *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey);
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -27847,7 +27847,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_dilithium_sig_size( *length = wc_dilithium_sig_size(
(dilithium_key*)ssl->hsKey); (dilithium_key*)ssl->hsKey);
} }
#else #else
@ -27901,7 +27901,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)keySz; *length = keySz;
goto exit_dpk; goto exit_dpk;
} }
@ -27961,7 +27961,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); *length = wc_ecc_sig_size((ecc_key*)ssl->hsKey);
goto exit_dpk; goto exit_dpk;
} }
@ -28238,7 +28238,7 @@ exit_dpk:
/* This is just like the above, but only consider RSA, ECC, Falcon and /* This is just like the above, but only consider RSA, ECC, Falcon and
* Dilthium; Furthermore, use the alternative key, not the native key. * Dilthium; Furthermore, use the alternative key, not the native key.
*/ */
int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length) int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
{ {
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
int keySz; int keySz;
@ -28289,7 +28289,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)ssl->buffers.altKeySz; *length = ssl->buffers.altKeySz;
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -28315,7 +28315,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.altKeySz); *length = wc_ecc_sig_size_calc(ssl->buffers.altKeySz);
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -28350,8 +28350,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16) *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
} }
#else #else
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@ -28393,7 +28392,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_dilithium_sig_size( *length = wc_dilithium_sig_size(
(dilithium_key*)ssl->hsAltKey); (dilithium_key*)ssl->hsAltKey);
} }
#else #else
@ -28448,7 +28447,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)keySz; *length = keySz;
goto exit_dapk; goto exit_dapk;
} }
@ -28509,7 +28508,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
} }
/* Return the maximum signature length. */ /* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsAltKey); *length = wc_ecc_sig_size((ecc_key*)ssl->hsAltKey);
goto exit_dapk; goto exit_dapk;
} }
@ -28828,7 +28827,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
int sendSz; int sendSz;
int idSz; int idSz;
int ret; int ret;
word16 extSz = 0; word32 extSz = 0;
const Suites* suites; const Suites* suites;
if (ssl == NULL) { if (ssl == NULL) {
@ -32636,7 +32635,7 @@ typedef struct ScvArgs {
word32 sigSz; word32 sigSz;
int sendSz; int sendSz;
int inputSz; int inputSz;
word16 length; word32 length;
byte sigAlgo; byte sigAlgo;
} ScvArgs; } ScvArgs;
@ -32855,7 +32854,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
} }
/* prepend hdr */ /* prepend hdr */
c16toa(args->length, args->verify + args->extraSz); c16toa((word16)args->length, args->verify + args->extraSz);
} }
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
else if (args->sigAlgo == rsa_pss_sa_algo) { else if (args->sigAlgo == rsa_pss_sa_algo) {
@ -32865,7 +32864,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
args->sigSz = ENCRYPT_LEN; args->sigSz = ENCRYPT_LEN;
/* prepend hdr */ /* prepend hdr */
c16toa(args->length, args->verify + args->extraSz); c16toa((word16)args->length, args->verify + args->extraSz);
} }
#endif #endif
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -33044,7 +33043,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
#endif #endif
args->length = (word16)ssl->buffers.sig.length; args->length = (word16)ssl->buffers.sig.length;
/* prepend hdr */ /* prepend hdr */
c16toa(args->length, args->verify + args->extraSz); c16toa((word16)args->length, args->verify + args->extraSz);
XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER, XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
ssl->buffers.sig.buffer, ssl->buffers.sig.length); ssl->buffers.sig.buffer, ssl->buffers.sig.length);
break; break;
@ -34462,7 +34461,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
case rsa_sa_algo: case rsa_sa_algo:
{ {
word16 keySz; word32 keySz;
ssl->buffers.keyType = rsa_sa_algo; ssl->buffers.keyType = rsa_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);
@ -34480,7 +34479,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
case ecc_dsa_sa_algo: case ecc_dsa_sa_algo:
{ {
word16 keySz; word32 keySz;
ssl->buffers.keyType = ecc_dsa_sa_algo; ssl->buffers.keyType = ecc_dsa_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);
@ -34495,7 +34494,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
case ed25519_sa_algo: case ed25519_sa_algo:
{ {
word16 keySz; word32 keySz;
ssl->buffers.keyType = ed25519_sa_algo; ssl->buffers.keyType = ed25519_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);
@ -34511,7 +34510,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_ED448 #ifdef HAVE_ED448
case ed448_sa_algo: case ed448_sa_algo:
{ {
word16 keySz; word32 keySz;
ssl->buffers.keyType = ed448_sa_algo; ssl->buffers.keyType = ed448_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);
@ -34714,7 +34713,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
preSigSz = args->length; preSigSz = args->length;
if (!ssl->options.usingAnon_cipher) { if (!ssl->options.usingAnon_cipher) {
word16 keySz = 0; word32 keySz = 0;
/* sig length */ /* sig length */
args->length += LENGTH_SZ; args->length += LENGTH_SZ;
@ -38962,7 +38961,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
#ifndef NO_RSA #ifndef NO_RSA
case rsa_kea: case rsa_kea:
{ {
word16 keySz; word32 keySz;
ssl->buffers.keyType = rsa_sa_algo; ssl->buffers.keyType = rsa_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);
@ -39082,7 +39081,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
if (ssl->specs.static_ecdh && if (ssl->specs.static_ecdh &&
ssl->ecdhCurveOID != ECC_X25519_OID && ssl->ecdhCurveOID != ECC_X25519_OID &&
ssl->ecdhCurveOID != ECC_X448_OID) { ssl->ecdhCurveOID != ECC_X448_OID) {
word16 keySz; word32 keySz;
ssl->buffers.keyType = ecc_dsa_sa_algo; ssl->buffers.keyType = ecc_dsa_sa_algo;
ret = DecodePrivateKey(ssl, &keySz); ret = DecodePrivateKey(ssl, &keySz);

4
src/tls.c
View File

@ -13570,7 +13570,7 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType,
#endif #endif
/** Tells the buffered size of extensions to be sent into the client hello. */ /** Tells the buffered size of extensions to be sent into the client hello. */
int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
{ {
int ret = 0; int ret = 0;
word16 length = 0; word16 length = 0;
@ -13800,7 +13800,7 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore,
#endif #endif
/** Writes the extensions to be sent into the client hello. */ /** Writes the extensions to be sent into the client hello. */
int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
{ {
int ret = 0; int ret = 0;
word16 offset = 0; word16 offset = 0;

16
src/tls13.c
View File

@ -4238,7 +4238,7 @@ typedef struct Sch13Args {
byte* output; byte* output;
word32 idx; word32 idx;
int sendSz; int sendSz;
word16 length; word32 length;
#if defined(HAVE_ECH) #if defined(HAVE_ECH)
int clientRandomOffset; int clientRandomOffset;
int preXLength; int preXLength;
@ -7626,7 +7626,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
int ret; int ret;
int sendSz; int sendSz;
word32 i; word32 i;
word16 reqSz; word32 reqSz;
word16 hashSigAlgoSz = 0; word16 hashSigAlgoSz = 0;
SignatureAlgorithms* sa; SignatureAlgorithms* sa;
int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM; int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM;
@ -8922,7 +8922,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey; ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey;
} }
#endif /* WOLFSSL_DUAL_ALG_CERTS */ #endif /* WOLFSSL_DUAL_ALG_CERTS */
ret = DecodePrivateKey(ssl, (word16*)&args->sigLen); ret = DecodePrivateKey(ssl, &args->sigLen);
if (ret != 0) if (ret != 0)
goto exit_scv; goto exit_scv;
} }
@ -9024,7 +9024,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
/* After this call, args->altSigLen has the length we need for /* After this call, args->altSigLen has the length we need for
* the alternative signature. */ * the alternative signature. */
ret = DecodeAltPrivateKey(ssl, (word16*)&args->altSigLen); ret = DecodeAltPrivateKey(ssl, &args->altSigLen);
if (ret != 0) if (ret != 0)
goto exit_scv; goto exit_scv;
@ -9639,8 +9639,8 @@ typedef struct Dcv13Args {
#ifdef WOLFSSL_DUAL_ALG_CERTS #ifdef WOLFSSL_DUAL_ALG_CERTS
byte altSigAlgo; byte altSigAlgo;
byte* altSigData; byte* altSigData;
word16 altSigDataSz; word32 altSigDataSz;
word16 altSignatureSz; word32 altSignatureSz;
byte altPeerAuthGood; byte altPeerAuthGood;
#endif #endif
} Dcv13Args; } Dcv13Args;
@ -10065,10 +10065,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
* with their size as 16-bit integeter prior in memory. Hence, * with their size as 16-bit integeter prior in memory. Hence,
* we can decode both lengths here now. */ * we can decode both lengths here now. */
word32 tmpIdx = args->idx; word32 tmpIdx = args->idx;
ato16(input + tmpIdx, (word16*)&args->sigSz); ato32(input + tmpIdx, &args->sigSz);
tmpIdx += OPAQUE16_LEN + args->sigSz; tmpIdx += OPAQUE16_LEN + args->sigSz;
ato16(input + tmpIdx, (word16*)&args->altSignatureSz); ato32(input + tmpIdx, &args->altSignatureSz);
if (args->sz != (args->sigSz + args->altSignatureSz + if (args->sz != (args->sigSz + args->altSignatureSz +
OPAQUE16_LEN + OPAQUE16_LEN)) { OPAQUE16_LEN + OPAQUE16_LEN)) {

8
wolfssl/internal.h
View File

@ -2175,9 +2175,9 @@ WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length,
int hsType, int label, int id, int hsType, int label, int id,
void* heap, int devId); void* heap, int devId);
#endif #endif
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length);
#ifdef WOLFSSL_DUAL_ALG_CERTS #ifdef WOLFSSL_DUAL_ALG_CERTS
WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length); WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length);
#endif #endif
#ifdef WOLF_PRIVATE_KEY_ID #ifdef WOLF_PRIVATE_KEY_ID
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
@ -2988,9 +2988,9 @@ WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
word16* pLength); word32* pLength);
WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
byte msgType, word16* pOffset); byte msgType, word32* pOffset);
#endif #endif
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)