feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

address errors with -fsanitize=undefined

Browse Source 
- fix null dereferences or undefined `memcpy` calls
 - fix alignment in `myCryptoDevCb`
 - fix default dtls context assignment
 - add align configure option to force data alignment

TESTED:
 `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
This commit is contained in:
Elms
2021-05-26 11:33:33 -07:00
parent c820b5679a
commit dc7beab784
12 changed files with 69 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@@ -1523,6 +1523,17 @@ then
fi fi
fi fi
AC_ARG_ENABLE([aligndata],
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
[ ENABLED_ALIGN_DATA=$enableval ],
[ ENABLED_ALIGN_DATA=yes ]
)
if test "$ENABLED_ALIGN_DATA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN -DXSTREAM_ALIGN"
fi
# INTEL RDRAND # INTEL RDRAND
AC_ARG_ENABLE([intelrand], AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])], [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],

9
src/internal.c
View File

@@ -5927,8 +5927,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init; ssl->dtls_timeout = ssl->dtls_timeout_init;
ssl->buffers.dtlsCtx.rfd = -1; ssl->buffers.dtlsCtx.rfd = -1;
ssl->buffers.dtlsCtx.wfd = -1; ssl->buffers.dtlsCtx.wfd = -1;
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */
#endif #endif
#ifndef WOLFSSL_AEAD_ONLY #ifndef WOLFSSL_AEAD_ONLY
@@ -10008,7 +10013,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen); XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw)); x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen); if (x509->issuer.rawLen) {
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
}
#endif #endif
#endif #endif

21
src/ssl.c
View File

@@ -16173,6 +16173,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->IOCB_ReadCtx = &ssl->rfd; ssl->IOCB_ReadCtx = &ssl->rfd;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
ssl->buffers.dtlsCtx.rfd = rfd;
}
#endif
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@@ -40624,7 +40631,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) { if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); if (x509->subjKeyId) {
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
}
cert->skidSz = (int)x509->subjKeyIdSz; cert->skidSz = (int)x509->subjKeyIdSz;
} }
else { else {
@@ -40633,7 +40642,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} }
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) { if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
}
cert->akidSz = (int)x509->authKeyIdSz; cert->akidSz = (int)x509->authKeyIdSz;
} }
else { else {
@@ -43021,8 +43032,10 @@ err:
objBuf[0] = ASN_OBJECT_ID; objSz++; objBuf[0] = ASN_OBJECT_ID; objSz++;
objSz += SetLength(oidSz, objBuf + 1); objSz += SetLength(oidSz, objBuf + 1);
XMEMCPY(objBuf + objSz, oid, oidSz); if (oidSz) {
objSz += oidSz; XMEMCPY(objBuf + objSz, oid, oidSz);
objSz += oidSz;
}
if (obj->objSz == 0 || objSz != obj->objSz) { if (obj->objSz == 0 || objSz != obj->objSz) {
obj->objSz = objSz; obj->objSz = objSz;

4
wolfcrypt/src/aes.c
View File

@@ -9292,6 +9292,10 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz, const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz) byte* authTag, word32 authTagSz)
{ {
if (gmac == NULL) {
return BAD_FUNC_ARG;
}
return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz); authTag, authTagSz, authIn, authInSz);
} }

8
wolfcrypt/src/eccsi.c
View File

@@ -1476,18 +1476,21 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
mp_int* hs = NULL; mp_int* hs = NULL;
mp_digit mp = 0; mp_digit mp = 0;
byte hashSz = 0; byte hashSz = 0;
EccsiKeyParams* params = &key->params; EccsiKeyParams* params = NULL;
if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) || if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) ||
(valid == NULL)) { (valid == NULL)) {
err = BAD_FUNC_ARG; err = BAD_FUNC_ARG;
} }
if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) && if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) &&
(key->ecc.type != ECC_PUBLICKEY)) { (key->ecc.type != ECC_PUBLICKEY)) {
err = BAD_STATE_E; err = BAD_STATE_E;
} }
if (err == 0) { if (err == 0) {
params = &key->params;
hs = &key->tmp; hs = &key->tmp;
res = &key->pubkey.pubkey; res = &key->pubkey.pubkey;
@@ -2146,7 +2149,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
ecc_point* y = NULL; ecc_point* y = NULL;
ecc_point* j = NULL; ecc_point* j = NULL;
mp_digit mp = 0; mp_digit mp = 0;
EccsiKeyParams* params = &key->params; EccsiKeyParams* params = NULL;
if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) { if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) {
err = BAD_FUNC_ARG; err = BAD_FUNC_ARG;
@@ -2174,6 +2177,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
err = eccsi_load_ecc_params(key); err = eccsi_load_ecc_params(key);
} }
if (err == 0) { if (err == 0) {
params = &key->params;
err = mp_montgomery_setup(&params->prime, &mp); err = mp_montgomery_setup(&params->prime, &mp);
} }

4
wolfcrypt/src/evp.c
View File

@@ -2506,7 +2506,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
pkey = NULL; pkey = NULL;
} }
else { else {
XMEMCPY(pkey->pkey.ptr, key, keylen); if (keylen) {
XMEMCPY(pkey->pkey.ptr, key, keylen);
}
pkey->pkey_sz = keylen; pkey->pkey_sz = keylen;
pkey->type = pkey->save_type = type; pkey->type = pkey->save_type = type;
} }

4
wolfcrypt/src/hc128.c
View File

@@ -271,13 +271,13 @@ static void Hc128_SetIV(HC128* ctx, const byte* inIv)
for (i = 0; i < 64; i++) setup_update(ctx); for (i = 0; i < 64; i++) setup_update(ctx);
} }
#define HC128_KEY_NUMBYTES (128 >> 5)
static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv) static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
{ {
word32 i; word32 i;
/* Key size in bits 128 */ /* Key size in bits 128 */
for (i = 0; i < (128 >> 5); i++) for (i = 0; i < HC128_KEY_NUMBYTES; i++)
ctx->key[i] = LITTLE32(((word32*)key)[i]); ctx->key[i] = LITTLE32(((word32*)key)[i]);
for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4]; for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];

8
wolfcrypt/src/pkcs7.c
View File

@@ -217,12 +217,14 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz) static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
{ {
byte* pt; byte* pt;
pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (pt == NULL) { if (pt == NULL) {
return MEMORY_E; return MEMORY_E;
} }
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
if (pkcs7->stream->buffer != NULL && pkcs7->stream->bufferSz > 0) {
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
}
#ifdef WC_PKCS7_STREAM_DEBUG #ifdef WC_PKCS7_STREAM_DEBUG
printf("PKCS7 increasing internal stream buffer %d -> %d\n", printf("PKCS7 increasing internal stream buffer %d -> %d\n",
@@ -2641,7 +2643,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx = 0; idx = 0;
} }
else { else {
if (!pkcs7->detached) { if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
idx += pkcs7->contentSz; idx += pkcs7->contentSz;
} }

8
wolfcrypt/src/rabbit.c
View File

@@ -151,10 +151,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
word32 k0, k1, k2, k3, i; word32 k0, k1, k2, k3, i;
/* Generate four subkeys */ /* Generate four subkeys */
k0 = LITTLE32(*(word32*)(key+ 0)); k0 = LITTLE32(((word32*)key)[0]);
k1 = LITTLE32(*(word32*)(key+ 4)); k1 = LITTLE32(((word32*)key)[1]);
k2 = LITTLE32(*(word32*)(key+ 8)); k2 = LITTLE32(((word32*)key)[2]);
k3 = LITTLE32(*(word32*)(key+12)); k3 = LITTLE32(((word32*)key)[3]);
/* Generate initial state variables */ /* Generate initial state variables */
ctx->masterCtx.x[0] = k0; ctx->masterCtx.x[0] = k0;

2
wolfcrypt/test/test.c
View File

@@ -36872,7 +36872,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
else if (info->algo_type == WC_ALGO_TYPE_SEED) { else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
word32* seedWord32 = (word32*)seed; word32* seedWord32 = (word32*)seed;
word32 len; word32 len;

2
wolfssl/wolfcrypt/blake2-impl.h
View File

@@ -85,7 +85,7 @@ static WC_INLINE void store32( void *dst, word32 w )
static WC_INLINE void store64( void *dst, word64 w ) static WC_INLINE void store64( void *dst, word64 w )
{ {
#if defined(LITTLE_ENDIAN_ORDER) #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT)
*( word64 * )( dst ) = w; *( word64 * )( dst ) = w;
#else #else
byte *p = ( byte * )dst; byte *p = ( byte * )dst;

8
wolfssl/wolfcrypt/types.h
View File

@@ -953,6 +953,12 @@ decouple library dependencies with standard string, memory and so on.
* Xilinx RSA operations require alignment */ * Xilinx RSA operations require alignment */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX)
#ifndef WOLFSSL_USE_ALIGN
#define WOLFSSL_USE_ALIGN
#endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
#ifdef WOLFSSL_USE_ALIGN
#if !defined(ALIGN16) #if !defined(ALIGN16)
#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16))) #define ALIGN16 __attribute__ ( (aligned (16)))
@@ -1025,7 +1031,7 @@ decouple library dependencies with standard string, memory and so on.
#ifndef ALIGN256 #ifndef ALIGN256
#define ALIGN256 #define ALIGN256
#endif #endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */ #endif /* WOLFSSL_USE_ALIGN */
#if !defined(PEDANTIC_EXTENSION) #if !defined(PEDANTIC_EXTENSION)
#if defined(__GNUC__) #if defined(__GNUC__)