forked from wolfSSL/wolfssl
address errors with -fsanitize=undefined
- fix null dereferences or undefined `memcpy` calls - fix alignment in `myCryptoDevCb` - fix default dtls context assignment - add align configure option to force data alignment TESTED: `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
This commit is contained in:
Elms
11
configure.ac
11
configure.ac
@@ -1523,6 +1523,17 @@ then
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([aligndata],
|
||||
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
|
||||
[ ENABLED_ALIGN_DATA=$enableval ],
|
||||
[ ENABLED_ALIGN_DATA=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_ALIGN_DATA" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN -DXSTREAM_ALIGN"
|
||||
fi
|
||||
|
||||
# INTEL RDRAND
|
||||
AC_ARG_ENABLE([intelrand],
|
||||
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
|
||||
|
||||
@@ -5927,8 +5927,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
|
||||
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
|
||||
ssl->dtls_timeout = ssl->dtls_timeout_init;
|
||||
|
||||
ssl->buffers.dtlsCtx.rfd = -1;
|
||||
ssl->buffers.dtlsCtx.wfd = -1;
|
||||
|
||||
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */
|
||||
ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_AEAD_ONLY
|
||||
@@ -10008,7 +10013,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
|
||||
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
|
||||
if (x509->issuer.rawLen) {
|
||||
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
21
src/ssl.c
21
src/ssl.c
@@ -16173,6 +16173,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
|
||||
ssl->IOCB_ReadCtx = &ssl->rfd;
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
|
||||
ssl->buffers.dtlsCtx.rfd = rfd;
|
||||
}
|
||||
#endif
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -40624,7 +40631,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
|
||||
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
|
||||
if (x509->subjKeyId) {
|
||||
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
|
||||
}
|
||||
cert->skidSz = (int)x509->subjKeyIdSz;
|
||||
}
|
||||
else {
|
||||
@@ -40633,7 +40642,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
|
||||
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
|
||||
if (x509->authKeyId) {
|
||||
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
|
||||
}
|
||||
cert->akidSz = (int)x509->authKeyIdSz;
|
||||
}
|
||||
else {
|
||||
@@ -43021,8 +43032,10 @@ err:
|
||||
|
||||
objBuf[0] = ASN_OBJECT_ID; objSz++;
|
||||
objSz += SetLength(oidSz, objBuf + 1);
|
||||
XMEMCPY(objBuf + objSz, oid, oidSz);
|
||||
objSz += oidSz;
|
||||
if (oidSz) {
|
||||
XMEMCPY(objBuf + objSz, oid, oidSz);
|
||||
objSz += oidSz;
|
||||
}
|
||||
|
||||
if (obj->objSz == 0 || objSz != obj->objSz) {
|
||||
obj->objSz = objSz;
|
||||
|
||||
@@ -9292,6 +9292,10 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
|
||||
const byte* authIn, word32 authInSz,
|
||||
byte* authTag, word32 authTagSz)
|
||||
{
|
||||
if (gmac == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
|
||||
authTag, authTagSz, authIn, authInSz);
|
||||
}
|
||||
|
||||
@@ -1476,18 +1476,21 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
|
||||
mp_int* hs = NULL;
|
||||
mp_digit mp = 0;
|
||||
byte hashSz = 0;
|
||||
EccsiKeyParams* params = &key->params;
|
||||
EccsiKeyParams* params = NULL;
|
||||
|
||||
if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) ||
|
||||
(valid == NULL)) {
|
||||
err = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) &&
|
||||
(key->ecc.type != ECC_PUBLICKEY)) {
|
||||
err = BAD_STATE_E;
|
||||
}
|
||||
|
||||
if (err == 0) {
|
||||
params = &key->params;
|
||||
|
||||
hs = &key->tmp;
|
||||
res = &key->pubkey.pubkey;
|
||||
|
||||
@@ -2146,7 +2149,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
|
||||
ecc_point* y = NULL;
|
||||
ecc_point* j = NULL;
|
||||
mp_digit mp = 0;
|
||||
EccsiKeyParams* params = &key->params;
|
||||
EccsiKeyParams* params = NULL;
|
||||
|
||||
if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) {
|
||||
err = BAD_FUNC_ARG;
|
||||
@@ -2174,6 +2177,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
|
||||
err = eccsi_load_ecc_params(key);
|
||||
}
|
||||
if (err == 0) {
|
||||
params = &key->params;
|
||||
err = mp_montgomery_setup(¶ms->prime, &mp);
|
||||
}
|
||||
|
||||
|
||||
@@ -2506,7 +2506,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
|
||||
pkey = NULL;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(pkey->pkey.ptr, key, keylen);
|
||||
if (keylen) {
|
||||
XMEMCPY(pkey->pkey.ptr, key, keylen);
|
||||
}
|
||||
pkey->pkey_sz = keylen;
|
||||
pkey->type = pkey->save_type = type;
|
||||
}
|
||||
|
||||
@@ -271,13 +271,13 @@ static void Hc128_SetIV(HC128* ctx, const byte* inIv)
|
||||
for (i = 0; i < 64; i++) setup_update(ctx);
|
||||
}
|
||||
|
||||
|
||||
#define HC128_KEY_NUMBYTES (128 >> 5)
|
||||
static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
|
||||
{
|
||||
word32 i;
|
||||
|
||||
/* Key size in bits 128 */
|
||||
for (i = 0; i < (128 >> 5); i++)
|
||||
for (i = 0; i < HC128_KEY_NUMBYTES; i++)
|
||||
ctx->key[i] = LITTLE32(((word32*)key)[i]);
|
||||
|
||||
for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];
|
||||
|
||||
@@ -217,12 +217,14 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
|
||||
static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
|
||||
{
|
||||
byte* pt;
|
||||
|
||||
pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (pt == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
|
||||
|
||||
if (pkcs7->stream->buffer != NULL && pkcs7->stream->bufferSz > 0) {
|
||||
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
|
||||
}
|
||||
|
||||
#ifdef WC_PKCS7_STREAM_DEBUG
|
||||
printf("PKCS7 increasing internal stream buffer %d -> %d\n",
|
||||
@@ -2641,7 +2643,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
|
||||
idx = 0;
|
||||
}
|
||||
else {
|
||||
if (!pkcs7->detached) {
|
||||
if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
|
||||
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
|
||||
idx += pkcs7->contentSz;
|
||||
}
|
||||
|
||||
@@ -151,10 +151,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
|
||||
word32 k0, k1, k2, k3, i;
|
||||
|
||||
/* Generate four subkeys */
|
||||
k0 = LITTLE32(*(word32*)(key+ 0));
|
||||
k1 = LITTLE32(*(word32*)(key+ 4));
|
||||
k2 = LITTLE32(*(word32*)(key+ 8));
|
||||
k3 = LITTLE32(*(word32*)(key+12));
|
||||
k0 = LITTLE32(((word32*)key)[0]);
|
||||
k1 = LITTLE32(((word32*)key)[1]);
|
||||
k2 = LITTLE32(((word32*)key)[2]);
|
||||
k3 = LITTLE32(((word32*)key)[3]);
|
||||
|
||||
/* Generate initial state variables */
|
||||
ctx->masterCtx.x[0] = k0;
|
||||
|
||||
@@ -36872,7 +36872,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
||||
}
|
||||
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
|
||||
#ifndef WC_NO_RNG
|
||||
static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
|
||||
ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
|
||||
word32* seedWord32 = (word32*)seed;
|
||||
word32 len;
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ static WC_INLINE void store32( void *dst, word32 w )
|
||||
|
||||
static WC_INLINE void store64( void *dst, word64 w )
|
||||
{
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT)
|
||||
*( word64 * )( dst ) = w;
|
||||
#else
|
||||
byte *p = ( byte * )dst;
|
||||
|
||||
@@ -953,6 +953,12 @@ decouple library dependencies with standard string, memory and so on.
|
||||
* Xilinx RSA operations require alignment */
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
|
||||
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX)
|
||||
#ifndef WOLFSSL_USE_ALIGN
|
||||
#define WOLFSSL_USE_ALIGN
|
||||
#endif
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
|
||||
|
||||
#ifdef WOLFSSL_USE_ALIGN
|
||||
#if !defined(ALIGN16)
|
||||
#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
|
||||
#define ALIGN16 __attribute__ ( (aligned (16)))
|
||||
@@ -1025,7 +1031,7 @@ decouple library dependencies with standard string, memory and so on.
|
||||
#ifndef ALIGN256
|
||||
#define ALIGN256
|
||||
#endif
|
||||
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_USE_ALIGN */
|
||||
|
||||
#if !defined(PEDANTIC_EXTENSION)
|
||||
#if defined(__GNUC__)
|
||||
|
||||
Reference in New Issue
Block a user