feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4070 from elms/fsanitize/undefined_fixes

Browse Source 
address errors with `-fsanitize=undefined`
This commit is contained in:
Daniel Pouzzner
2021-07-01 13:00:06 -05:00
committed by GitHub
parent 45486ac904 75e807abc6
commit e9e41d3344
14 changed files with 127 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@ -1523,6 +1523,17 @@ then
fi
fi
AC_ARG_ENABLE([aligndata],
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
[ ENABLED_ALIGN_DATA=$enableval ],
[ ENABLED_ALIGN_DATA=yes ]
)
if test "$ENABLED_ALIGN_DATA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN"
fi
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],

57
src/internal.c
View File

@ -5927,8 +5927,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init;
ssl->buffers.dtlsCtx.rfd = -1;
ssl->buffers.dtlsCtx.wfd = -1;
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */
#endif
#ifndef WOLFSSL_AEAD_ONLY
@ -10008,7 +10013,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
#ifdef WOLFSSL_CERT_EXT
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
if (x509->issuer.rawLen) {
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
}
#endif
#endif
@ -18520,34 +18527,36 @@ int SendCertificateStatus(WOLFSSL* ssl)
chain = ssl->buffers.certificate;
}
while (chain && idx + OPAQUE24_LEN < chain->length) {
c24to32(chain->buffer + idx, &der.length);
idx += OPAQUE24_LEN;
if (chain && chain->buffer) {
while (idx + OPAQUE24_LEN < chain->length) {
c24to32(chain->buffer + idx, &der.length);
idx += OPAQUE24_LEN;
der.buffer = chain->buffer + idx;
idx += der.length;
der.buffer = chain->buffer + idx;
idx += der.length;
if (idx > chain->length)
break;
if (idx > chain->length)
break;
ret = CreateOcspRequest(ssl, request, cert, der.buffer,
der.length);
if (ret == 0) {
request->ssl = ssl;
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
request, &responses[i + 1]);
ret = CreateOcspRequest(ssl, request, cert, der.buffer,
der.length);
if (ret == 0) {
request->ssl = ssl;
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
request, &responses[i + 1]);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
i++;
FreeOcspRequest(request);
}
i++;
FreeOcspRequest(request);
}
}
}
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
@ -20461,7 +20470,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
word32 length;
next = XSTRSTR(next, ":");
length = MAX_SUITE_NAME + 1;
length = MAX_SUITE_NAME;
if (next != NULL) {
word32 currLen = (word32)(next - current);
if (length > currLen) {

23
src/ssl.c
View File

@ -16173,6 +16173,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->IOCB_ReadCtx = &ssl->rfd;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
ssl->buffers.dtlsCtx.rfd = rfd;
}
#endif
return WOLFSSL_SUCCESS;
}
@ -26305,7 +26312,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
param->ipasc[0] = '\0';
}
else {
XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR-1);
XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR - 1);
param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0';
}
ret = WOLFSSL_SUCCESS;
@ -40624,7 +40631,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#ifdef WOLFSSL_CERT_EXT
if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
if (x509->subjKeyId) {
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
}
cert->skidSz = (int)x509->subjKeyIdSz;
}
else {
@ -40633,7 +40642,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
}
cert->akidSz = (int)x509->authKeyIdSz;
}
else {
@ -43021,8 +43032,10 @@ err:
objBuf[0] = ASN_OBJECT_ID; objSz++;
objSz += SetLength(oidSz, objBuf + 1);
XMEMCPY(objBuf + objSz, oid, oidSz);
objSz += oidSz;
if (oidSz) {
XMEMCPY(objBuf + objSz, oid, oidSz);
objSz += oidSz;
}
if (obj->objSz == 0 || objSz != obj->objSz) {
obj->objSz = objSz;

5
wolfcrypt/benchmark/benchmark.c
View File

@ -4911,8 +4911,9 @@ void bench_rsa(int doAsync)
/* init keys */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
/* setup an async context for each key */
if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
doAsync ? devId : INVALID_DEVID)) < 0) {
ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
doAsync ? devId : INVALID_DEVID);
if (ret < 0) {
goto exit_bench_rsa;
}

4
wolfcrypt/src/aes.c
View File

@ -9292,6 +9292,10 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz)
{
if (gmac == NULL) {
return BAD_FUNC_ARG;
}
return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}

8
wolfcrypt/src/eccsi.c
View File

@ -1476,18 +1476,21 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
mp_int* hs = NULL;
mp_digit mp = 0;
byte hashSz = 0;
EccsiKeyParams* params = &key->params;
EccsiKeyParams* params = NULL;
if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) ||
(valid == NULL)) {
err = BAD_FUNC_ARG;
}
if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) &&
(key->ecc.type != ECC_PUBLICKEY)) {
err = BAD_STATE_E;
}
if (err == 0) {
params = &key->params;
hs = &key->tmp;
res = &key->pubkey.pubkey;
@ -2146,7 +2149,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
ecc_point* y = NULL;
ecc_point* j = NULL;
mp_digit mp = 0;
EccsiKeyParams* params = &key->params;
EccsiKeyParams* params = NULL;
if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) {
err = BAD_FUNC_ARG;
@ -2174,6 +2177,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
err = eccsi_load_ecc_params(key);
}
if (err == 0) {
params = &key->params;
err = mp_montgomery_setup(&params->prime, &mp);
}

4
wolfcrypt/src/evp.c
View File

@ -2506,7 +2506,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
pkey = NULL;
}
else {
XMEMCPY(pkey->pkey.ptr, key, keylen);
if (keylen) {
XMEMCPY(pkey->pkey.ptr, key, keylen);
}
pkey->pkey_sz = keylen;
pkey->type = pkey->save_type = type;
}

12
wolfcrypt/src/hc128.c
View File

@ -40,6 +40,12 @@
#endif
#define LOAD_LE32(a) \
(((word32)(a)[0] << 0) | \
((word32)(a)[1] << 8) | \
((word32)(a)[2] << 16) | \
((word32)(a)[3] << 24))
#ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x)
#else
@ -271,14 +277,14 @@ static void Hc128_SetIV(HC128* ctx, const byte* inIv)
for (i = 0; i < 64; i++) setup_update(ctx);
}
#define HC128_KEY_NUMBYTES (128 >> 5)
static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
{
word32 i;
/* Key size in bits 128 */
for (i = 0; i < (128 >> 5); i++)
ctx->key[i] = LITTLE32(((word32*)key)[i]);
for (i = 0; i < HC128_KEY_NUMBYTES; i++)
ctx->key[i] = LOAD_LE32(key + i * 4);
for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];

8
wolfcrypt/src/pkcs7.c
View File

@ -217,12 +217,14 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
{
byte* pt;
pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (pt == NULL) {
return MEMORY_E;
}
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
if (pkcs7->stream->buffer != NULL && pkcs7->stream->bufferSz > 0) {
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
}
#ifdef WC_PKCS7_STREAM_DEBUG
printf("PKCS7 increasing internal stream buffer %d -> %d\n",
@ -2641,7 +2643,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx = 0;
}
else {
if (!pkcs7->detached) {
if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
idx += pkcs7->contentSz;
}

21
wolfcrypt/src/rabbit.c
View File

@ -38,6 +38,11 @@
#include <wolfcrypt/src/misc.c>
#endif
#define LOAD_LE32(a) \
(((word32)(a)[0] << 0) | \
((word32)(a)[1] << 8) | \
((word32)(a)[2] << 16) | \
((word32)(a)[3] << 24))
#ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x)
@ -151,10 +156,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
word32 k0, k1, k2, k3, i;
/* Generate four subkeys */
k0 = LITTLE32(*(word32*)(key+ 0));
k1 = LITTLE32(*(word32*)(key+ 4));
k2 = LITTLE32(*(word32*)(key+ 8));
k3 = LITTLE32(*(word32*)(key+12));
k0 = LOAD_LE32(key + 0);
k1 = LOAD_LE32(key + 4);
k2 = LOAD_LE32(key + 8);
k3 = LOAD_LE32(key + 12);
/* Generate initial state variables */
ctx->masterCtx.x[0] = k0;
@ -256,16 +261,16 @@ static WC_INLINE int DoProcess(Rabbit* ctx, byte* output, const byte* input,
RABBIT_next_state(&(ctx->workCtx));
/* Encrypt/decrypt 16 bytes of data */
*(word32*)(output+ 0) = *(word32*)(input+ 0) ^
*(word32*)(output+ 0) = LOAD_LE32(input+ 0) ^
LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^
U32V(ctx->workCtx.x[3]<<16));
*(word32*)(output+ 4) = *(word32*)(input+ 4) ^
*(word32*)(output+ 4) = LOAD_LE32(input+ 4) ^
LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^
U32V(ctx->workCtx.x[5]<<16));
*(word32*)(output+ 8) = *(word32*)(input+ 8) ^
*(word32*)(output+ 8) = LOAD_LE32(input+ 8) ^
LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^
U32V(ctx->workCtx.x[7]<<16));
*(word32*)(output+12) = *(word32*)(input+12) ^
*(word32*)(output+12) = LOAD_LE32(input+12) ^
LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^
U32V(ctx->workCtx.x[1]<<16));

14
wolfcrypt/src/sha3.c
View File

@ -538,6 +538,18 @@ static void BlockSha3(word64 *s)
}
#endif /* WOLFSSL_SHA3_SMALL */
static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
{
return ((word64)a[0] << 0) |
((word64)a[1] << 8) |
((word64)a[2] << 16) |
((word64)a[3] << 24) |
((word64)a[4] << 32) |
((word64)a[5] << 40) |
((word64)a[6] << 48) |
((word64)a[7] << 56);
}
/* Convert the array of bytes, in little-endian order, to a 64-bit integer.
*
* a Array of bytes.
@ -632,7 +644,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
while (len >= ((word32)(p * 8)))
{
for (i = 0; i < p; i++)
sha3->s[i] ^= Load64BitBigEndian(data + 8 * i);
sha3->s[i] ^= Load64Unaligned(data + 8 * i);
BlockSha3(sha3->s);
len -= p * 8;
data += p * 8;

2
wolfcrypt/test/test.c
View File

@ -36872,7 +36872,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
word32* seedWord32 = (word32*)seed;
word32 len;

2
wolfssl/wolfcrypt/blake2-impl.h
View File

@ -85,7 +85,7 @@ static WC_INLINE void store32( void *dst, word32 w )
static WC_INLINE void store64( void *dst, word64 w )
{
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT)
*( word64 * )( dst ) = w;
#else
byte *p = ( byte * )dst;

8
wolfssl/wolfcrypt/types.h
View File

@ -953,6 +953,12 @@ decouple library dependencies with standard string, memory and so on.
* Xilinx RSA operations require alignment */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX)
#ifndef WOLFSSL_USE_ALIGN
#define WOLFSSL_USE_ALIGN
#endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
#ifdef WOLFSSL_USE_ALIGN
#if !defined(ALIGN16)
#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16)))
@ -1025,7 +1031,7 @@ decouple library dependencies with standard string, memory and so on.
#ifndef ALIGN256
#define ALIGN256
#endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */
#endif /* WOLFSSL_USE_ALIGN */
#if !defined(PEDANTIC_EXTENSION)
#if defined(__GNUC__)