From dc7beab78454b065a8191f8fcd555c1a8d92656b Mon Sep 17 00:00:00 2001 From: Elms Date: Wed, 26 May 2021 11:33:33 -0700 Subject: [PATCH 1/5] address errors with `-fsanitize=undefined` - fix null dereferences or undefined `memcpy` calls - fix alignment in `myCryptoDevCb` - fix default dtls context assignment - add align configure option to force data alignment TESTED: `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all` --- configure.ac | 11 +++++++++++ src/internal.c | 9 ++++++++- src/ssl.c | 21 +++++++++++++++++---- wolfcrypt/src/aes.c | 4 ++++ wolfcrypt/src/eccsi.c | 8 ++++++-- wolfcrypt/src/evp.c | 4 +++- wolfcrypt/src/hc128.c | 4 ++-- wolfcrypt/src/pkcs7.c | 8 +++++--- wolfcrypt/src/rabbit.c | 8 ++++---- wolfcrypt/test/test.c | 2 +- wolfssl/wolfcrypt/blake2-impl.h | 2 +- wolfssl/wolfcrypt/types.h | 8 +++++++- 12 files changed, 69 insertions(+), 20 deletions(-) diff --git a/configure.ac b/configure.ac index 46d8dd5f5..9c0a33e57 100644 --- a/configure.ac +++ b/configure.ac @@ -1523,6 +1523,17 @@ then fi fi +AC_ARG_ENABLE([aligndata], + [AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])], + [ ENABLED_ALIGN_DATA=$enableval ], + [ ENABLED_ALIGN_DATA=yes ] + ) + +if test "$ENABLED_ALIGN_DATA" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN -DXSTREAM_ALIGN" +fi + # INTEL RDRAND AC_ARG_ENABLE([intelrand], [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])], diff --git a/src/internal.c b/src/internal.c index af6d4cab3..e5a620057 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5927,8 +5927,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; ssl->dtls_timeout = ssl->dtls_timeout_init; + ssl->buffers.dtlsCtx.rfd = -1; ssl->buffers.dtlsCtx.wfd = -1; + + ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */ + ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */ + #endif #ifndef WOLFSSL_AEAD_ONLY @@ -10008,7 +10013,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen); #ifdef WOLFSSL_CERT_EXT x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw)); - XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen); + if (x509->issuer.rawLen) { + XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen); + } #endif #endif diff --git a/src/ssl.c b/src/ssl.c index 6d31307fe..f7e46a66d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16173,6 +16173,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->IOCB_ReadCtx = &ssl->rfd; + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; + ssl->buffers.dtlsCtx.rfd = rfd; + } + #endif + return WOLFSSL_SUCCESS; } @@ -40624,7 +40631,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #ifdef WOLFSSL_CERT_EXT if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) { - XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); + if (x509->subjKeyId) { + XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); + } cert->skidSz = (int)x509->subjKeyIdSz; } else { @@ -40633,7 +40642,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) { - XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); + if (x509->authKeyId) { + XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); + } cert->akidSz = (int)x509->authKeyIdSz; } else { @@ -43021,8 +43032,10 @@ err: objBuf[0] = ASN_OBJECT_ID; objSz++; objSz += SetLength(oidSz, objBuf + 1); - XMEMCPY(objBuf + objSz, oid, oidSz); - objSz += oidSz; + if (oidSz) { + XMEMCPY(objBuf + objSz, oid, oidSz); + objSz += oidSz; + } if (obj->objSz == 0 || objSz != obj->objSz) { obj->objSz = objSz; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2065f26ba..1b2be4a6d 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -9292,6 +9292,10 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz) { + if (gmac == NULL) { + return BAD_FUNC_ARG; + } + return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); } diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 4b29dead1..52aa8a579 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -1476,18 +1476,21 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType, mp_int* hs = NULL; mp_digit mp = 0; byte hashSz = 0; - EccsiKeyParams* params = &key->params; + EccsiKeyParams* params = NULL; if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) || (valid == NULL)) { err = BAD_FUNC_ARG; } + if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) && (key->ecc.type != ECC_PUBLICKEY)) { err = BAD_STATE_E; } if (err == 0) { + params = &key->params; + hs = &key->tmp; res = &key->pubkey.pubkey; @@ -2146,7 +2149,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, ecc_point* y = NULL; ecc_point* j = NULL; mp_digit mp = 0; - EccsiKeyParams* params = &key->params; + EccsiKeyParams* params = NULL; if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) { err = BAD_FUNC_ARG; @@ -2174,6 +2177,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, err = eccsi_load_ecc_params(key); } if (err == 0) { + params = &key->params; err = mp_montgomery_setup(¶ms->prime, &mp); } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 4b952292c..82dba34c1 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2506,7 +2506,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, pkey = NULL; } else { - XMEMCPY(pkey->pkey.ptr, key, keylen); + if (keylen) { + XMEMCPY(pkey->pkey.ptr, key, keylen); + } pkey->pkey_sz = keylen; pkey->type = pkey->save_type = type; } diff --git a/wolfcrypt/src/hc128.c b/wolfcrypt/src/hc128.c index f1f223ce9..6bbb1c377 100644 --- a/wolfcrypt/src/hc128.c +++ b/wolfcrypt/src/hc128.c @@ -271,13 +271,13 @@ static void Hc128_SetIV(HC128* ctx, const byte* inIv) for (i = 0; i < 64; i++) setup_update(ctx); } - +#define HC128_KEY_NUMBYTES (128 >> 5) static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv) { word32 i; /* Key size in bits 128 */ - for (i = 0; i < (128 >> 5); i++) + for (i = 0; i < HC128_KEY_NUMBYTES; i++) ctx->key[i] = LITTLE32(((word32*)key)[i]); for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4]; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 840271dc3..e5ef7e478 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -217,12 +217,14 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7) static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz) { byte* pt; - pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pt == NULL) { return MEMORY_E; } - XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz); + + if (pkcs7->stream->buffer != NULL && pkcs7->stream->bufferSz > 0) { + XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz); + } #ifdef WC_PKCS7_STREAM_DEBUG printf("PKCS7 increasing internal stream buffer %d -> %d\n", @@ -2641,7 +2643,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, idx = 0; } else { - if (!pkcs7->detached) { + if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) { XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); idx += pkcs7->contentSz; } diff --git a/wolfcrypt/src/rabbit.c b/wolfcrypt/src/rabbit.c index c84bcd89e..03ffe0a12 100644 --- a/wolfcrypt/src/rabbit.c +++ b/wolfcrypt/src/rabbit.c @@ -151,10 +151,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv) word32 k0, k1, k2, k3, i; /* Generate four subkeys */ - k0 = LITTLE32(*(word32*)(key+ 0)); - k1 = LITTLE32(*(word32*)(key+ 4)); - k2 = LITTLE32(*(word32*)(key+ 8)); - k3 = LITTLE32(*(word32*)(key+12)); + k0 = LITTLE32(((word32*)key)[0]); + k1 = LITTLE32(((word32*)key)[1]); + k2 = LITTLE32(((word32*)key)[2]); + k3 = LITTLE32(((word32*)key)[3]); /* Generate initial state variables */ ctx->masterCtx.x[0] = k0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c7c3febd5..aebd59594 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -36872,7 +36872,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } else if (info->algo_type == WC_ALGO_TYPE_SEED) { #ifndef WC_NO_RNG - static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; + ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; word32* seedWord32 = (word32*)seed; word32 len; diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h index 9806e44de..c6a4becd2 100644 --- a/wolfssl/wolfcrypt/blake2-impl.h +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -85,7 +85,7 @@ static WC_INLINE void store32( void *dst, word32 w ) static WC_INLINE void store64( void *dst, word64 w ) { -#if defined(LITTLE_ENDIAN_ORDER) +#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) *( word64 * )( dst ) = w; #else byte *p = ( byte * )dst; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 8265b62c6..f887e56c7 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -953,6 +953,12 @@ decouple library dependencies with standard string, memory and so on. * Xilinx RSA operations require alignment */ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) + #ifndef WOLFSSL_USE_ALIGN + #define WOLFSSL_USE_ALIGN + #endif + #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */ + + #ifdef WOLFSSL_USE_ALIGN #if !defined(ALIGN16) #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) #define ALIGN16 __attribute__ ( (aligned (16))) @@ -1025,7 +1031,7 @@ decouple library dependencies with standard string, memory and so on. #ifndef ALIGN256 #define ALIGN256 #endif - #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */ + #endif /* WOLFSSL_USE_ALIGN */ #if !defined(PEDANTIC_EXTENSION) #if defined(__GNUC__) From c9597ea7350979813ca6fa31d3655746ec8029f4 Mon Sep 17 00:00:00 2001 From: Elms Date: Fri, 25 Jun 2021 08:50:20 -0700 Subject: [PATCH 2/5] sha3: align data for `Sha3Update` --- wolfcrypt/src/sha3.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 7382ba55b..824fc916f 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -538,6 +538,18 @@ static void BlockSha3(word64 *s) } #endif /* WOLFSSL_SHA3_SMALL */ +static WC_INLINE word64 Load64Unaligned(const unsigned char *a) +{ + return ((word64)a[0] << 0) | + ((word64)a[1] << 8) | + ((word64)a[2] << 16) | + ((word64)a[3] << 24) | + ((word64)a[4] << 32) | + ((word64)a[5] << 40) | + ((word64)a[6] << 48) | + ((word64)a[7] << 56); +} + /* Convert the array of bytes, in little-endian order, to a 64-bit integer. * * a Array of bytes. @@ -632,7 +644,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) while (len >= ((word32)(p * 8))) { for (i = 0; i < p; i++) - sha3->s[i] ^= Load64BitBigEndian(data + 8 * i); + sha3->s[i] ^= Load64Unaligned(data + 8 * i); BlockSha3(sha3->s); len -= p * 8; data += p * 8; From 56d879f4224b6d9c414a566a009cf566ddd8d7e6 Mon Sep 17 00:00:00 2001 From: Elms Date: Fri, 25 Jun 2021 11:27:36 -0700 Subject: [PATCH 3/5] address scan-build issues for clang 6 and 10 --- src/internal.c | 46 +++++++++++++++++---------------- wolfcrypt/benchmark/benchmark.c | 5 ++-- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/src/internal.c b/src/internal.c index e5a620057..03a61f728 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18527,34 +18527,36 @@ int SendCertificateStatus(WOLFSSL* ssl) chain = ssl->buffers.certificate; } - while (chain && idx + OPAQUE24_LEN < chain->length) { - c24to32(chain->buffer + idx, &der.length); - idx += OPAQUE24_LEN; + if (chain && chain->buffer) { + while (idx + OPAQUE24_LEN < chain->length) { + c24to32(chain->buffer + idx, &der.length); + idx += OPAQUE24_LEN; - der.buffer = chain->buffer + idx; - idx += der.length; + der.buffer = chain->buffer + idx; + idx += der.length; - if (idx > chain->length) - break; + if (idx > chain->length) + break; - ret = CreateOcspRequest(ssl, request, cert, der.buffer, - der.length); - if (ret == 0) { - request->ssl = ssl; - ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, - request, &responses[i + 1]); + ret = CreateOcspRequest(ssl, request, cert, der.buffer, + der.length); + if (ret == 0) { + request->ssl = ssl; + ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, + request, &responses[i + 1]); - /* Suppressing, not critical */ - if (ret == OCSP_CERT_REVOKED || - ret == OCSP_CERT_UNKNOWN || - ret == OCSP_LOOKUP_FAIL) { - ret = 0; - } + /* Suppressing, not critical */ + if (ret == OCSP_CERT_REVOKED || + ret == OCSP_CERT_UNKNOWN || + ret == OCSP_LOOKUP_FAIL) { + ret = 0; + } - i++; - FreeOcspRequest(request); - } + i++; + FreeOcspRequest(request); + } + } } XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c2dd1ffcb..cc5a01e13 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4911,8 +4911,9 @@ void bench_rsa(int doAsync) /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { /* setup an async context for each key */ - if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) < 0) { + ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, + doAsync ? devId : INVALID_DEVID); + if (ret < 0) { goto exit_bench_rsa; } From 6694775d4b8c22e7411ec69e8a2b516f107b97ef Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 30 Jun 2021 09:45:19 +1000 Subject: [PATCH 4/5] Changes to compile without XTREAM_ALIGN Use macro to load 32 bits from input parameters key in hc128.c and input in rabbit.c Also fix warning about string copy. --- configure.ac | 2 +- src/ssl.c | 2 +- wolfcrypt/src/hc128.c | 8 +++++++- wolfcrypt/src/rabbit.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 9c0a33e57..f752b42d6 100644 --- a/configure.ac +++ b/configure.ac @@ -1531,7 +1531,7 @@ AC_ARG_ENABLE([aligndata], if test "$ENABLED_ALIGN_DATA" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN -DXSTREAM_ALIGN" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN" fi # INTEL RDRAND diff --git a/src/ssl.c b/src/ssl.c index f7e46a66d..98de82ae8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26312,7 +26312,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, param->ipasc[0] = '\0'; } else { - XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR-1); + XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR); param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0'; } ret = WOLFSSL_SUCCESS; diff --git a/wolfcrypt/src/hc128.c b/wolfcrypt/src/hc128.c index 6bbb1c377..d2bdeb522 100644 --- a/wolfcrypt/src/hc128.c +++ b/wolfcrypt/src/hc128.c @@ -40,6 +40,12 @@ #endif +#define LOAD_LE32(a) \ + (((word32)(a)[0] << 0) | \ + ((word32)(a)[1] << 8) | \ + ((word32)(a)[2] << 16) | \ + ((word32)(a)[3] << 24)) + #ifdef BIG_ENDIAN_ORDER #define LITTLE32(x) ByteReverseWord32(x) #else @@ -278,7 +284,7 @@ static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv) /* Key size in bits 128 */ for (i = 0; i < HC128_KEY_NUMBYTES; i++) - ctx->key[i] = LITTLE32(((word32*)key)[i]); + ctx->key[i] = LOAD_LE32(key + i * 4); for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4]; diff --git a/wolfcrypt/src/rabbit.c b/wolfcrypt/src/rabbit.c index 03ffe0a12..54e9f55d9 100644 --- a/wolfcrypt/src/rabbit.c +++ b/wolfcrypt/src/rabbit.c @@ -38,6 +38,11 @@ #include #endif +#define LOAD_LE32(a) \ + (((word32)(a)[0] << 0) | \ + ((word32)(a)[1] << 8) | \ + ((word32)(a)[2] << 16) | \ + ((word32)(a)[3] << 24)) #ifdef BIG_ENDIAN_ORDER #define LITTLE32(x) ByteReverseWord32(x) @@ -256,16 +261,16 @@ static WC_INLINE int DoProcess(Rabbit* ctx, byte* output, const byte* input, RABBIT_next_state(&(ctx->workCtx)); /* Encrypt/decrypt 16 bytes of data */ - *(word32*)(output+ 0) = *(word32*)(input+ 0) ^ + *(word32*)(output+ 0) = LOAD_LE32(input+ 0) ^ LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16)); - *(word32*)(output+ 4) = *(word32*)(input+ 4) ^ + *(word32*)(output+ 4) = LOAD_LE32(input+ 4) ^ LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16)); - *(word32*)(output+ 8) = *(word32*)(input+ 8) ^ + *(word32*)(output+ 8) = LOAD_LE32(input+ 8) ^ LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16)); - *(word32*)(output+12) = *(word32*)(input+12) ^ + *(word32*)(output+12) = LOAD_LE32(input+12) ^ LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16)); From 75e807abc6bcc73ebb655bac5c42b0b521bc4e0f Mon Sep 17 00:00:00 2001 From: Elms Date: Wed, 30 Jun 2021 22:08:29 -0700 Subject: [PATCH 5/5] Fixes for gcc-10 and `-fsanitize=undefined` for rabbit.c * One introduced in #4156 * One from previous commit in this PR --- src/internal.c | 2 +- src/ssl.c | 2 +- wolfcrypt/src/rabbit.c | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/internal.c b/src/internal.c index 03a61f728..2d9877e7e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -20470,7 +20470,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) word32 length; next = XSTRSTR(next, ":"); - length = MAX_SUITE_NAME + 1; + length = MAX_SUITE_NAME; if (next != NULL) { word32 currLen = (word32)(next - current); if (length > currLen) { diff --git a/src/ssl.c b/src/ssl.c index 98de82ae8..de5fc28ab 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26312,7 +26312,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, param->ipasc[0] = '\0'; } else { - XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR); + XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR - 1); param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0'; } ret = WOLFSSL_SUCCESS; diff --git a/wolfcrypt/src/rabbit.c b/wolfcrypt/src/rabbit.c index 54e9f55d9..c79155f84 100644 --- a/wolfcrypt/src/rabbit.c +++ b/wolfcrypt/src/rabbit.c @@ -156,10 +156,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv) word32 k0, k1, k2, k3, i; /* Generate four subkeys */ - k0 = LITTLE32(((word32*)key)[0]); - k1 = LITTLE32(((word32*)key)[1]); - k2 = LITTLE32(((word32*)key)[2]); - k3 = LITTLE32(((word32*)key)[3]); + k0 = LOAD_LE32(key + 0); + k1 = LOAD_LE32(key + 4); + k2 = LOAD_LE32(key + 8); + k3 = LOAD_LE32(key + 12); /* Generate initial state variables */ ctx->masterCtx.x[0] = k0;