diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs index 53f96039e9..d5275c01c1 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs @@ -44,8 +44,10 @@ use cipher::typenum::consts::U24; use cipher::{ BlockModeDecBackend, BlockModeDecClosure, BlockModeDecrypt, BlockModeEncBackend, BlockModeEncClosure, BlockModeEncrypt, - IvSizeUser, KeyIvInit, ParBlocksSizeUser, StreamCipher, StreamCipherError, + IvSizeUser, KeyIvInit, ParBlocksSizeUser, }; +#[cfg(all(any(aes_ctr, aes_ofb), feature = "cipher"))] +use cipher::{StreamCipher,StreamCipherError}; #[cfg(aes_wc_block_size)] pub const AES_BLOCK_SIZE: usize = sys::WC_AES_BLOCK_SIZE as usize; @@ -114,7 +116,7 @@ impl CBC { } fn init(&mut self, key: &[u8], iv: &[u8], dir: i32) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; if iv.len() != AES_BLOCK_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -183,9 +185,9 @@ impl CBC { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -215,9 +217,9 @@ impl CBC { /// library return code on failure. pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -331,7 +333,7 @@ impl CCM { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesCcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size) }; @@ -360,15 +362,15 @@ impl CCM { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &mut [A]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = size_of_val(nonce) as u32; + let nonce_size = crate::buffer_len_to_u32(size_of_val(nonce))?; let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = size_of_val(auth) as u32; + let auth_size = crate::buffer_len_to_u32(size_of_val(auth))?; let auth_tag_ptr = auth_tag.as_mut_ptr() as *mut u8; - let auth_tag_size = size_of_val(auth_tag) as u32; + let auth_tag_size = crate::buffer_len_to_u32(size_of_val(auth_tag))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -402,15 +404,15 @@ impl CCM { /// library return code on failure. pub fn decrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &[A]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = size_of_val(nonce) as u32; + let nonce_size = crate::buffer_len_to_u32(size_of_val(nonce))?; let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = size_of_val(auth) as u32; + let auth_size = crate::buffer_len_to_u32(size_of_val(auth))?; let auth_tag_ptr = auth_tag.as_ptr() as *const u8; - let auth_tag_size = size_of_val(auth_tag) as u32; + let auth_tag_size = crate::buffer_len_to_u32(size_of_val(auth_tag))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -446,6 +448,10 @@ fn ccm_encrypt_in_place( buffer: &mut [u8], tag: &mut [u8], ) -> Result<(), aead::Error> { + if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize + || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize { + return Err(aead::Error); + } let mut ccm = CCM::new().map_err(|_| aead::Error)?; ccm.init(key).map_err(|_| aead::Error)?; // wolfCrypt CCM supports in-place operation (out == in). @@ -475,6 +481,10 @@ fn ccm_decrypt_in_place( buffer: &mut [u8], tag: &[u8], ) -> Result<(), aead::Error> { + if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize + || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize { + return Err(aead::Error); + } let mut ccm = CCM::new().map_err(|_| aead::Error)?; ccm.init(key).map_err(|_| aead::Error)?; let buf_ptr = buffer.as_mut_ptr(); @@ -692,7 +702,7 @@ impl CFB { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; if iv.len() != AES_BLOCK_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -722,9 +732,9 @@ impl CFB { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -753,9 +763,9 @@ impl CFB { /// library return code on failure. pub fn encrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -784,9 +794,9 @@ impl CFB { /// library return code on failure. pub fn encrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -816,9 +826,9 @@ impl CFB { #[cfg(aes_decrypt)] pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -848,9 +858,9 @@ impl CFB { #[cfg(aes_decrypt)] pub fn decrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -880,9 +890,9 @@ impl CFB { #[cfg(aes_decrypt)] pub fn decrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -998,7 +1008,7 @@ impl CTR { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; if iv.len() != AES_BLOCK_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1014,9 +1024,9 @@ impl CTR { fn encrypt_decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1140,13 +1150,13 @@ impl EAX { pub fn encrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let key_size = key.len() as u32; - let nonce_size = nonce.len() as u32; - let auth_size = auth.len() as u32; - let auth_tag_size = auth_tag.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let key_size = crate::buffer_len_to_u32(key.len())?; + let nonce_size = crate::buffer_len_to_u32(nonce.len())?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1181,13 +1191,13 @@ impl EAX { pub fn decrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let key_size = key.len() as u32; - let nonce_size = nonce.len() as u32; - let auth_size = auth.len() as u32; - let auth_tag_size = auth_tag.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let key_size = crate::buffer_len_to_u32(key.len())?; + let nonce_size = crate::buffer_len_to_u32(nonce.len())?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1264,7 +1274,7 @@ impl ECB { } fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size, core::ptr::null(), dir) @@ -1326,9 +1336,9 @@ impl ECB { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1358,9 +1368,9 @@ impl ECB { /// library return code on failure. pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1478,7 +1488,7 @@ impl GCM { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesGcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size) }; @@ -1508,12 +1518,12 @@ impl GCM { pub fn encrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let iv_size = iv.len() as u32; - let auth_size = auth.len() as u32; - let auth_tag_size = auth_tag.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let iv_size = crate::buffer_len_to_u32(iv.len())?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1548,12 +1558,12 @@ impl GCM { pub fn decrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let iv_size = iv.len() as u32; - let auth_size = auth.len() as u32; - let auth_tag_size = auth_tag.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let iv_size = crate::buffer_len_to_u32(iv.len())?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1591,6 +1601,10 @@ fn gcm_encrypt_in_place( buffer: &mut [u8], tag: &mut [u8], ) -> Result<(), aead::Error> { + if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize + || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize { + return Err(aead::Error); + } let mut gcm = GCM::new().map_err(|_| aead::Error)?; gcm.init(key).map_err(|_| aead::Error)?; let buf_ptr = buffer.as_mut_ptr(); @@ -1619,6 +1633,10 @@ fn gcm_decrypt_in_place( buffer: &mut [u8], tag: &[u8], ) -> Result<(), aead::Error> { + if buffer.len() > u32::MAX as usize || nonce.len() > u32::MAX as usize + || tag.len() > u32::MAX as usize || aad.len() > u32::MAX as usize { + return Err(aead::Error); + } let mut gcm = GCM::new().map_err(|_| aead::Error)?; gcm.init(key).map_err(|_| aead::Error)?; let buf_ptr = buffer.as_mut_ptr(); @@ -1867,8 +1885,8 @@ impl GCMStream { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let iv_size = iv.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let iv_size = crate::buffer_len_to_u32(iv.len())?; let rc = unsafe { sys::wc_AesGcmInit(&mut self.ws_aes, key.as_ptr(), key_size, iv.as_ptr(), iv_size) @@ -1903,10 +1921,10 @@ impl GCMStream { pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O], auth: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let auth_size = auth.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1936,7 +1954,7 @@ impl GCMStream { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn encrypt_final(&mut self, auth_tag: &mut [u8]) -> Result<(), i32> { - let auth_tag_size = auth_tag.len() as u32; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; let rc = unsafe { sys::wc_AesGcmEncryptFinal(&mut self.ws_aes, auth_tag.as_mut_ptr(), auth_tag_size) @@ -1971,10 +1989,10 @@ impl GCMStream { pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O], auth: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let auth_size = auth.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let auth_size = crate::buffer_len_to_u32(auth.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2004,7 +2022,7 @@ impl GCMStream { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn decrypt_final(&mut self, auth_tag: &[u8]) -> Result<(), i32> { - let auth_tag_size = auth_tag.len() as u32; + let auth_tag_size = crate::buffer_len_to_u32(auth_tag.len())?; let rc = unsafe { sys::wc_AesGcmDecryptFinal(&mut self.ws_aes, auth_tag.as_ptr(), auth_tag_size) @@ -2119,7 +2137,7 @@ impl OFB { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; if iv.len() != AES_BLOCK_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2149,9 +2167,9 @@ impl OFB { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2181,9 +2199,9 @@ impl OFB { #[cfg(aes_decrypt)] pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2298,7 +2316,7 @@ impl XTS { } fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key.as_ptr(), key_size, dir) @@ -2360,10 +2378,10 @@ impl XTS { /// library return code on failure. pub fn encrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let tweak_size = tweak.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let tweak_size = crate::buffer_len_to_u32(tweak.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2399,9 +2417,9 @@ impl XTS { /// library return code on failure. pub fn encrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2439,9 +2457,9 @@ impl XTS { pub fn encrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], sector: u64, sector_size: u32) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2472,10 +2490,10 @@ impl XTS { /// library return code on failure. pub fn decrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; - let tweak_size = tweak.len() as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; + let tweak_size = crate::buffer_len_to_u32(tweak.len())?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2511,9 +2529,9 @@ impl XTS { /// library return code on failure. pub fn decrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2551,9 +2569,9 @@ impl XTS { pub fn decrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], sector: u64, sector_size: u32) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_mut_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2676,7 +2694,7 @@ impl XTSStream { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init_encrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key.as_ptr(), key_size, sys::AES_ENCRYPTION as i32) @@ -2684,7 +2702,7 @@ impl XTSStream { if rc != 0 { return Err(rc); } - let tweak_size = tweak.len() as u32; + let tweak_size = crate::buffer_len_to_u32(tweak.len())?; let rc = unsafe { sys::wc_AesXtsEncryptInit(&mut self.ws_xtsaes, tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata) @@ -2710,7 +2728,7 @@ impl XTSStream { /// A Result which is Ok(()) on success or an Err containing the wolfSSL /// library return code on failure. pub fn init_decrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let rc = unsafe { sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key.as_ptr(), key_size, sys::AES_DECRYPTION as i32) @@ -2718,7 +2736,7 @@ impl XTSStream { if rc != 0 { return Err(rc); } - let tweak_size = tweak.len() as u32; + let tweak_size = crate::buffer_len_to_u32(tweak.len())?; let rc = unsafe { sys::wc_AesXtsDecryptInit(&mut self.ws_xtsaes, tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata) @@ -2749,9 +2767,9 @@ impl XTSStream { /// library return code on failure. pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2784,9 +2802,9 @@ impl XTSStream { /// library return code on failure. pub fn encrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2820,9 +2838,9 @@ impl XTSStream { /// library return code on failure. pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -2855,9 +2873,9 @@ impl XTSStream { /// library return code on failure. pub fn decrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { let in_ptr = din.as_ptr() as *const u8; - let in_size = size_of_val(din) as u32; + let in_size = crate::buffer_len_to_u32(size_of_val(din))?; let out_ptr = dout.as_ptr() as *mut u8; - let out_size = size_of_val(dout) as u32; + let out_size = crate::buffer_len_to_u32(size_of_val(dout))?; if in_size != out_size { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -3254,6 +3272,7 @@ impl StreamCipher for Aes128Ctr { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt"); // wolfCrypt AES-CTR supports in-place operation (out == in). let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); @@ -3303,6 +3322,7 @@ impl StreamCipher for Aes192Ctr { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt"); let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); // SAFETY: CTR in-place is valid; C function called directly to avoid @@ -3351,6 +3371,7 @@ impl StreamCipher for Aes256Ctr { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesCtrEncrypt"); let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); // SAFETY: CTR in-place is valid; C function called directly to avoid @@ -3407,6 +3428,7 @@ impl StreamCipher for Aes128Ofb { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt"); // wolfCrypt AES-OFB supports in-place operation (out == in). let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); @@ -3456,6 +3478,7 @@ impl StreamCipher for Aes192Ofb { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt"); let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); // SAFETY: OFB in-place is valid; C function called directly to avoid @@ -3504,6 +3527,7 @@ impl StreamCipher for Aes256Ofb { fn unchecked_apply_keystream_inout(&mut self, mut buf: cipher::InOutBuf<'_, '_, u8>) { let len = buf.len(); if len == 0 { return; } + assert!(len <= u32::MAX as usize, "buffer too large for wc_AesOfbEncrypt"); let in_ptr = buf.get_in().as_ptr(); let out_ptr = buf.get_out().as_mut_ptr(); // SAFETY: OFB in-place is valid; C function called directly to avoid diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs b/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs index c4b54cb081..06021de68c 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs @@ -87,9 +87,9 @@ impl BLAKE2b { /// let blake2b = BLAKE2b::new_with_key(64, &key).expect("Error with new()"); /// ``` pub fn new_with_key(digest_size: usize, key: &[u8]) -> Result { + let key_size = crate::buffer_len_to_u32(key.len())?; let digest_size = digest_size as u32; let mut wc_blake2b: MaybeUninit = MaybeUninit::uninit(); - let key_size = key.len() as u32; let rc = unsafe { sys::wc_InitBlake2b_WithKey(wc_blake2b.as_mut_ptr(), digest_size, key.as_ptr(), key_size) @@ -124,7 +124,7 @@ impl BLAKE2b { /// blake2b.update(&[0u8; 16]).expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Blake2bUpdate(&mut self.wc_blake2b, data.as_ptr(), data_size) }; @@ -156,7 +156,7 @@ impl BLAKE2b { /// blake2b.finalize(&mut hash).expect("Error with finalize()"); /// ``` pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; if hash_size == 0 { // The C function uses the internal state configured digest size // if hash_size is passed in as 0. We do not want to allow a @@ -370,9 +370,9 @@ impl BLAKE2s { /// let blake2s = BLAKE2s::new_with_key(32, &key).expect("Error with new()"); /// ``` pub fn new_with_key(digest_size: usize, key: &[u8]) -> Result { + let key_size = crate::buffer_len_to_u32(key.len())?; let digest_size = digest_size as u32; let mut wc_blake2s: MaybeUninit = MaybeUninit::uninit(); - let key_size = key.len() as u32; let rc = unsafe { sys::wc_InitBlake2s_WithKey(wc_blake2s.as_mut_ptr(), digest_size, key.as_ptr(), key_size) @@ -407,7 +407,7 @@ impl BLAKE2s { /// blake2s.update(&[0u8; 16]).expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Blake2sUpdate(&mut self.wc_blake2s, data.as_ptr(), data_size) }; @@ -439,7 +439,7 @@ impl BLAKE2s { /// blake2s.finalize(&mut hash).expect("Error with finalize()"); /// ``` pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; if hash_size == 0 { // The C function uses the internal state configured digest size // if hash_size is passed in as 0. We do not want to allow a diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs b/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs index a7002eef0e..61f4135786 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs @@ -73,8 +73,8 @@ impl ChaCha20Poly1305 { if auth_tag.len() != Self::AUTH_TAG_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let aad_size = aad.len() as u32; - let ciphertext_size = ciphertext.len() as u32; + let aad_size = crate::buffer_len_to_u32(aad.len())?; + let ciphertext_size = crate::buffer_len_to_u32(ciphertext.len())?; let rc = unsafe { sys::wc_ChaCha20Poly1305_Decrypt(key.as_ptr(), iv.as_ptr(), aad.as_ptr(), aad_size, ciphertext.as_ptr(), @@ -115,8 +115,8 @@ impl ChaCha20Poly1305 { if auth_tag.len() != Self::AUTH_TAG_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let aad_size = aad.len() as u32; - let plaintext_size = plaintext.len() as u32; + let aad_size = crate::buffer_len_to_u32(aad.len())?; + let plaintext_size = crate::buffer_len_to_u32(plaintext.len())?; let rc = unsafe { sys::wc_ChaCha20Poly1305_Encrypt(key.as_ptr(), iv.as_ptr(), aad.as_ptr(), aad_size, plaintext.as_ptr(), plaintext_size, @@ -171,7 +171,7 @@ impl ChaCha20Poly1305 { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn update_aad(&mut self, aad: &[u8]) -> Result<(), i32> { - let aad_size = aad.len() as u32; + let aad_size = crate::buffer_len_to_u32(aad.len())?; let rc = unsafe { sys::wc_ChaCha20Poly1305_UpdateAad(&mut self.wc_ccp, aad.as_ptr(), aad_size) @@ -203,7 +203,7 @@ impl ChaCha20Poly1305 { if din.len() != dout.len() { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let rc = unsafe { sys::wc_ChaCha20Poly1305_UpdateData(&mut self.wc_ccp, din.as_ptr(), dout.as_mut_ptr(), din_size) @@ -283,6 +283,9 @@ impl aead::AeadInPlace for ChaCha20Poly1305Aead { associated_data: &[u8], buffer: &mut [u8], ) -> Result, aead::Error> { + if associated_data.len() > u32::MAX as usize || buffer.len() > u32::MAX as usize { + return Err(aead::Error); + } let mut tag = aead::Tag::::default(); // wc_ChaCha20Poly1305_Encrypt supports in-place (out == in). let buf_ptr = buffer.as_mut_ptr(); @@ -310,6 +313,9 @@ impl aead::AeadInPlace for ChaCha20Poly1305Aead { buffer: &mut [u8], tag: &aead::Tag, ) -> Result<(), aead::Error> { + if associated_data.len() > u32::MAX as usize || buffer.len() > u32::MAX as usize { + return Err(aead::Error); + } let buf_ptr = buffer.as_mut_ptr(); let in_ptr = buf_ptr as *const u8; let nonce_bytes: &[u8] = nonce; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs b/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs index 6261f01eb2..fa3ebebfd0 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs @@ -70,9 +70,9 @@ impl CMAC { /// ``` #[cfg(aes)] pub fn generate(key: &[u8], data: &[u8], dout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let mut dout_size = dout.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let data_size = crate::buffer_len_to_u32(data.len())?; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_AesCmacGenerate(dout.as_mut_ptr(), &mut dout_size, data.as_ptr(), data_size, @@ -134,7 +134,7 @@ impl CMAC { /// let mut cmac = CMAC::new_ex(&key, None, None).expect("Error with new_ex()"); /// ``` pub fn new_ex(key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let mut ws_cmac: MaybeUninit = MaybeUninit::uninit(); let typ = sys::CmacType_WC_CMAC_AES as i32; let heap = match heap { @@ -193,9 +193,9 @@ impl CMAC { /// ``` #[cfg(aes)] pub fn verify(key: &[u8], data: &[u8], check: &[u8]) -> Result { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let check_size = check.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let data_size = crate::buffer_len_to_u32(data.len())?; + let check_size = crate::buffer_len_to_u32(check.len())?; let rc = unsafe { sys::wc_AesCmacVerify(check.as_ptr(), check_size, data.as_ptr(), data_size, @@ -243,9 +243,9 @@ impl CMAC { /// ``` #[cfg(aes)] pub fn generate_ex(&mut self, key: &[u8], data: &[u8], dout: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let mut dout_size = dout.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let data_size = crate::buffer_len_to_u32(data.len())?; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -293,7 +293,7 @@ impl CMAC { /// cmac.update(&message).expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_CmacUpdate(&mut self.ws_cmac, data.as_ptr(), data_size) }; @@ -335,7 +335,7 @@ impl CMAC { /// cmac.finalize(&mut finalize_out).expect("Error with finalize()"); /// ``` pub fn finalize(mut self, dout: &mut [u8]) -> Result<(), i32> { - let mut dout_size = dout.len() as u32; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_CmacFinalNoFree(&mut self.ws_cmac, dout.as_mut_ptr(), &mut dout_size) @@ -385,9 +385,9 @@ impl CMAC { /// ``` #[cfg(aes)] pub fn verify_ex(&mut self, key: &[u8], data: &[u8], check: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let check_size = check.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let data_size = crate::buffer_len_to_u32(data.len())?; + let check_size = crate::buffer_len_to_u32(check.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs b/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs index 6a472e2c78..9a80fb573e 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs @@ -50,7 +50,7 @@ impl Curve25519Key { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn check_public(public: &[u8], big_endian: bool) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_check_public(public.as_ptr(), public_size, @@ -128,6 +128,7 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_private(private: &[u8]) -> Result { + let private_size = crate::buffer_len_to_u32(private.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -137,7 +138,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let private_size = private.len() as u32; let rc = unsafe { sys::wc_curve25519_import_private(private.as_ptr(), private_size, &mut curve25519key.wc_key) @@ -160,6 +160,7 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_private_ex(private: &[u8], big_endian: bool) -> Result { + let private_size = crate::buffer_len_to_u32(private.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -169,7 +170,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let private_size = private.len() as u32; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_import_private_ex(private.as_ptr(), @@ -193,6 +193,8 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_private_raw(private: &[u8], public: &[u8]) -> Result { + let private_size = crate::buffer_len_to_u32(private.len())?; + let public_size = crate::buffer_len_to_u32(public.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -202,8 +204,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let private_size = private.len() as u32; - let public_size = public.len() as u32; let rc = unsafe { sys::wc_curve25519_import_private_raw(private.as_ptr(), private_size, public.as_ptr(), public_size, @@ -228,6 +228,8 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_private_raw_ex(private: &[u8], public: &[u8], big_endian: bool) -> Result { + let private_size = crate::buffer_len_to_u32(private.len())?; + let public_size = crate::buffer_len_to_u32(public.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -237,8 +239,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let private_size = private.len() as u32; - let public_size = public.len() as u32; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_import_private_raw_ex(private.as_ptr(), @@ -262,6 +262,7 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_public(public: &[u8]) -> Result { + let public_size = crate::buffer_len_to_u32(public.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -271,7 +272,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let public_size = public.len() as u32; let rc = unsafe { sys::wc_curve25519_import_public(public.as_ptr(), public_size, &mut curve25519key.wc_key) @@ -294,6 +294,7 @@ impl Curve25519Key { /// Returns either Ok(curve25519key) on success or Err(e) containing the /// wolfSSL library error code value. pub fn import_public_ex(public: &[u8], big_endian: bool) -> Result { + let public_size = crate::buffer_len_to_u32(public.len())?; let mut wc_key: MaybeUninit = MaybeUninit::uninit(); let rc = unsafe { sys::wc_curve25519_init(wc_key.as_mut_ptr()) @@ -303,7 +304,6 @@ impl Curve25519Key { } let wc_key = unsafe { wc_key.assume_init() }; let mut curve25519key = Curve25519Key { wc_key }; - let public_size = public.len() as u32; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_import_public_ex(public.as_ptr(), public_size, @@ -327,8 +327,8 @@ impl Curve25519Key { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn make_pub(private: &[u8], public: &mut [u8]) -> Result<(), i32> { - let private_size = private.len() as i32; - let public_size = public.len() as i32; + let private_size = crate::buffer_len_to_i32(private.len())?; + let public_size = crate::buffer_len_to_i32(public.len())?; let rc = unsafe { sys::wc_curve25519_make_pub(public_size, public.as_mut_ptr(), private_size, private.as_ptr()) @@ -354,8 +354,8 @@ impl Curve25519Key { /// library error code value. #[cfg(all(curve25519_blinding, random))] pub fn make_pub_blind(private: &[u8], public: &mut [u8], rng: &mut RNG) -> Result<(), i32> { - let private_size = private.len() as i32; - let public_size = public.len() as i32; + let private_size = crate::buffer_len_to_i32(private.len())?; + let public_size = crate::buffer_len_to_i32(public.len())?; let rc = unsafe { sys::wc_curve25519_make_pub_blind(public_size, public.as_mut_ptr(), private_size, private.as_ptr(), &mut rng.wc_rng) @@ -380,9 +380,9 @@ impl Curve25519Key { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn make_pub_generic(private: &[u8], public: &mut [u8], basepoint: &[u8]) -> Result<(), i32> { - let private_size = private.len() as i32; - let public_size = public.len() as i32; - let basepoint_size = basepoint.len() as i32; + let private_size = crate::buffer_len_to_i32(private.len())?; + let public_size = crate::buffer_len_to_i32(public.len())?; + let basepoint_size = crate::buffer_len_to_i32(basepoint.len())?; let rc = unsafe { sys::wc_curve25519_generic(public_size, public.as_mut_ptr(), private_size, private.as_ptr(), basepoint_size, basepoint.as_ptr()) @@ -409,9 +409,9 @@ impl Curve25519Key { /// library error code value. #[cfg(all(curve25519_blinding, random))] pub fn make_pub_generic_blind(private: &[u8], public: &mut [u8], basepoint: &[u8], rng: &mut RNG) -> Result<(), i32> { - let private_size = private.len() as i32; - let public_size = public.len() as i32; - let basepoint_size = basepoint.len() as i32; + let private_size = crate::buffer_len_to_i32(private.len())?; + let public_size = crate::buffer_len_to_i32(public.len())?; + let basepoint_size = crate::buffer_len_to_i32(basepoint.len())?; let rc = unsafe { sys::wc_curve25519_generic_blind(public_size, public.as_mut_ptr(), private_size, private.as_ptr(), basepoint_size, basepoint.as_ptr(), @@ -438,7 +438,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn shared_secret(private_key: &mut Curve25519Key, public_key: &mut Curve25519Key, out: &mut [u8]) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { sys::wc_curve25519_shared_secret(&mut private_key.wc_key, &mut public_key.wc_key, out.as_mut_ptr(), &mut outlen) @@ -491,7 +491,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn shared_secret_ex(private_key: &mut Curve25519Key, public_key: &mut Curve25519Key, out: &mut [u8], big_endian: bool) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_shared_secret_ex(&mut private_key.wc_key, @@ -516,8 +516,8 @@ impl Curve25519Key { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn export_key_raw(&mut self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_curve25519_export_key_raw(&mut self.wc_key, private.as_mut_ptr(), &mut private_size, @@ -543,8 +543,8 @@ impl Curve25519Key { /// Returns either Ok(()) on success or Err(e) containing the wolfSSL /// library error code value. pub fn export_key_raw_ex(&mut self, private: &mut [u8], public: &mut [u8], big_endian: bool) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_export_key_raw_ex(&mut self.wc_key, @@ -569,7 +569,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn export_private_raw(&mut self, out: &mut [u8]) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { sys::wc_curve25519_export_private_raw(&mut self.wc_key, out.as_mut_ptr(), &mut outlen) @@ -593,7 +593,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn export_private_raw_ex(&mut self, out: &mut [u8], big_endian: bool) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_export_private_raw_ex(&mut self.wc_key, @@ -617,7 +617,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn export_public(&mut self, out: &mut [u8]) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { sys::wc_curve25519_export_public(&mut self.wc_key, out.as_mut_ptr(), &mut outlen) @@ -641,7 +641,7 @@ impl Curve25519Key { /// Returns either Ok(size) containing the number of bytes written to `out` /// on success or Err(e) containing the wolfSSL library error code value. pub fn export_public_ex(&mut self, out: &mut [u8], big_endian: bool) -> Result { - let mut outlen = out.len() as u32; + let mut outlen = crate::buffer_len_to_u32(out.len())?; let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; let rc = unsafe { sys::wc_curve25519_export_public_ex(&mut self.wc_key, diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs b/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs index 022bd7a755..ffb31fd223 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs @@ -98,8 +98,8 @@ impl DH { /// } /// ``` pub fn check_pub_value(prime: &[u8], public: &[u8]) -> Result<(), i32> { - let prime_size = prime.len() as u32; - let public_size = public.len() as u32; + let prime_size = crate::buffer_len_to_u32(prime.len())?; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_DhCheckPubValue(prime.as_ptr(), prime_size, public.as_ptr(), public_size) @@ -144,6 +144,13 @@ impl DH { /// } /// ``` pub fn compare_named_key(name: i32, p: &[u8], g: &[u8], q: Option<&[u8]>) -> bool { + if p.len() > u32::MAX as usize || g.len() > u32::MAX as usize { + return false; + } + if let Some(qv) = q + && qv.len() > u32::MAX as usize { + return false; + } let p_size = p.len() as u32; let g_size = g.len() as u32; let mut no_q = 1i32; @@ -556,8 +563,8 @@ impl DH { /// } /// ``` pub fn new_from_pg_ex(p: &[u8], g: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; + let p_size = crate::buffer_len_to_u32(p.len())?; + let g_size = crate::buffer_len_to_u32(g.len())?; let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -784,9 +791,9 @@ impl DH { /// } /// ``` pub fn new_from_pgq_ex(p: &[u8], g: &[u8], q: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let q_size = q.len() as u32; + let p_size = crate::buffer_len_to_u32(p.len())?; + let g_size = crate::buffer_len_to_u32(g.len())?; + let q_size = crate::buffer_len_to_u32(q.len())?; let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -1024,9 +1031,9 @@ impl DH { /// ``` #[cfg(random)] pub fn new_from_pgq_with_check_ex(p: &[u8], g: &[u8], q: &[u8], trusted: i32, rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let q_size = q.len() as u32; + let p_size = crate::buffer_len_to_u32(p.len())?; + let g_size = crate::buffer_len_to_u32(g.len())?; + let q_size = crate::buffer_len_to_u32(q.len())?; let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -1084,8 +1091,8 @@ impl DH { /// } /// ``` pub fn check_key_pair(&mut self, public: &[u8], private: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let private_size = private.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; + let private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_DhCheckKeyPair(&mut self.wc_dhkey, public.as_ptr(), public_size, @@ -1129,7 +1136,7 @@ impl DH { /// } /// ``` pub fn check_priv_key(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_DhCheckPrivKey(&mut self.wc_dhkey, private.as_ptr(), private_size) @@ -1249,12 +1256,12 @@ impl DH { /// } /// ``` pub fn check_priv_key_ex(&mut self, private: &[u8], prime: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let mut prime_ptr: *const u8 = core::ptr::null(); let mut prime_size = 0u32; if let Some(prime) = prime { prime_ptr = prime.as_ptr(); - prime_size = prime.len() as u32; + prime_size = crate::buffer_len_to_u32(prime.len())?; } let rc = unsafe { sys::wc_DhCheckPrivKey_ex(&mut self.wc_dhkey, @@ -1299,7 +1306,7 @@ impl DH { /// } /// ``` pub fn check_pub_key(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_DhCheckPubKey(&mut self.wc_dhkey, public.as_ptr(), public_size) }; @@ -1423,8 +1430,8 @@ impl DH { /// } /// ``` pub fn check_pub_key_ex(&mut self, public: &[u8], prime: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let prime_size = prime.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; + let prime_size = crate::buffer_len_to_u32(prime.len())?; let rc = unsafe { sys::wc_DhCheckPubKey_ex(&mut self.wc_dhkey, public.as_ptr(), public_size, @@ -1455,9 +1462,9 @@ impl DH { p: &mut [u8], p_size: &mut u32, q: &mut [u8], q_size: &mut u32, g: &mut [u8], g_size: &mut u32) -> Result<(), i32> { - *p_size = p.len() as u32; - *q_size = q.len() as u32; - *g_size = g.len() as u32; + *p_size = crate::buffer_len_to_u32(p.len())?; + *q_size = crate::buffer_len_to_u32(q.len())?; + *g_size = crate::buffer_len_to_u32(g.len())?; let rc = unsafe { sys::wc_DhExportParamsRaw(&mut self.wc_dhkey, p.as_mut_ptr(), p_size, @@ -1505,8 +1512,8 @@ impl DH { pub fn generate_key_pair(&mut self, rng: &mut RNG, private: &mut [u8], private_size: &mut u32, public: &mut [u8], public_size: &mut u32) -> Result<(), i32> { - *private_size = private.len() as u32; - *public_size = public.len() as u32; + *private_size = crate::buffer_len_to_u32(private.len())?; + *public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_DhGenerateKeyPair(&mut self.wc_dhkey, &mut rng.wc_rng, private.as_mut_ptr(), private_size, @@ -1556,9 +1563,9 @@ impl DH { /// } /// ``` pub fn shared_secret(&mut self, dout: &mut [u8], private: &[u8], other_pub: &[u8]) -> Result { - let mut dout_size = dout.len() as u32; - let private_size = private.len() as u32; - let other_pub_size = other_pub.len() as u32; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; + let private_size = crate::buffer_len_to_u32(private.len())?; + let other_pub_size = crate::buffer_len_to_u32(other_pub.len())?; let rc = unsafe { sys::wc_DhAgree(&mut self.wc_dhkey, dout.as_mut_ptr(), &mut dout_size, diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs b/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs index cef8c44877..54fbd177c5 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs @@ -595,7 +595,7 @@ impl Dilithium { /// ``` #[cfg(dilithium_import)] pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_dilithium_import_public(public.as_ptr(), public_size, &mut self.ws_key) }; @@ -638,7 +638,7 @@ impl Dilithium { /// ``` #[cfg(dilithium_import)] pub fn import_private(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_dilithium_import_private(private.as_ptr(), private_size, &mut self.ws_key) }; @@ -680,8 +680,8 @@ impl Dilithium { /// ``` #[cfg(dilithium_import)] pub fn import_key(&mut self, private: &[u8], public: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; - let public_size = public.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_dilithium_import_key( private.as_ptr(), private_size, @@ -724,7 +724,7 @@ impl Dilithium { /// ``` #[cfg(dilithium_export)] pub fn export_public(&mut self, public: &mut [u8]) -> Result { - let mut public_size = public.len() as u32; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_dilithium_export_public(&mut self.ws_key, public.as_mut_ptr(), &mut public_size) }; @@ -763,7 +763,7 @@ impl Dilithium { /// ``` #[cfg(dilithium_export)] pub fn export_private(&mut self, private: &mut [u8]) -> Result { - let mut private_size = private.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_dilithium_export_private( &mut self.ws_key, private.as_mut_ptr(), &mut private_size, @@ -807,8 +807,8 @@ impl Dilithium { /// ``` #[cfg(dilithium_export)] pub fn export_key(&mut self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_dilithium_export_key( &mut self.ws_key, @@ -861,8 +861,8 @@ impl Dilithium { sig: &mut [u8], rng: &mut RNG, ) -> Result { - let msg_len = msg.len() as u32; - let mut sig_len = sig.len() as u32; + let msg_len = crate::buffer_len_to_u32(msg.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_msg( core::ptr::null(), 0, @@ -923,8 +923,8 @@ impl Dilithium { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } let ctx_len = ctx.len() as u8; - let msg_len = msg.len() as u32; - let mut sig_len = sig.len() as u32; + let msg_len = crate::buffer_len_to_u32(msg.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_msg( ctx.as_ptr(), ctx_len, @@ -972,8 +972,8 @@ impl Dilithium { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } let ctx_len = ctx.len() as u8; - let hash_len = hash.len() as u32; - let mut sig_len = sig.len() as u32; + let hash_len = crate::buffer_len_to_u32(hash.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_hash( ctx.as_ptr(), ctx_len, @@ -1032,8 +1032,8 @@ impl Dilithium { if seed.len() != sys::DILITHIUM_RND_SZ as usize { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let msg_len = msg.len() as u32; - let mut sig_len = sig.len() as u32; + let msg_len = crate::buffer_len_to_u32(msg.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_msg_with_seed( core::ptr::null(), 0, @@ -1077,8 +1077,8 @@ impl Dilithium { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } let ctx_len = ctx.len() as u8; - let msg_len = msg.len() as u32; - let mut sig_len = sig.len() as u32; + let msg_len = crate::buffer_len_to_u32(msg.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_msg_with_seed( ctx.as_ptr(), ctx_len, @@ -1125,8 +1125,8 @@ impl Dilithium { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } let ctx_len = ctx.len() as u8; - let hash_len = hash.len() as u32; - let mut sig_len = sig.len() as u32; + let hash_len = crate::buffer_len_to_u32(hash.len())?; + let mut sig_len = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_dilithium_sign_ctx_hash_with_seed( ctx.as_ptr(), ctx_len, @@ -1176,8 +1176,8 @@ impl Dilithium { /// ``` #[cfg(dilithium_verify)] pub fn verify_msg(&mut self, sig: &[u8], msg: &[u8]) -> Result { - let sig_len = sig.len() as u32; - let msg_len = msg.len() as u32; + let sig_len = crate::buffer_len_to_u32(sig.len())?; + let msg_len = crate::buffer_len_to_u32(msg.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_dilithium_verify_ctx_msg( @@ -1232,9 +1232,9 @@ impl Dilithium { if ctx.len() > 255 { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let sig_len = sig.len() as u32; + let sig_len = crate::buffer_len_to_u32(sig.len())?; let ctx_len = ctx.len() as u8; - let msg_len = msg.len() as u32; + let msg_len = crate::buffer_len_to_u32(msg.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_dilithium_verify_ctx_msg( @@ -1278,9 +1278,9 @@ impl Dilithium { if ctx.len() > 255 { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let sig_len = sig.len() as u32; + let sig_len = crate::buffer_len_to_u32(sig.len())?; let ctx_len = ctx.len() as u8; - let hash_len = hash.len() as u32; + let hash_len = crate::buffer_len_to_u32(hash.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_dilithium_verify_ctx_hash( diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs index 5e6d09bd3d..4dd639a1c0 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs @@ -85,7 +85,7 @@ impl ECCPoint { return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); } let eccpoint = ECCPoint { wc_ecc_point, heap }; - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let rc = unsafe { sys::wc_ecc_import_point_der(din.as_ptr(), din_size, curve_idx, eccpoint.wc_ecc_point) @@ -143,7 +143,7 @@ impl ECCPoint { return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); } let eccpoint = ECCPoint { wc_ecc_point, heap }; - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let rc = unsafe { sys::wc_ecc_import_point_der_ex(din.as_ptr(), din_size, curve_idx, wc_ecc_point, short_key_size) @@ -190,7 +190,7 @@ impl ECCPoint { if curve_idx < 0 { return Err(curve_idx); } - let mut dout_size = dout.len() as u32; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_export_point_der(curve_idx, self.wc_ecc_point, dout.as_mut_ptr(), &mut dout_size) @@ -235,7 +235,7 @@ impl ECCPoint { if curve_idx < 0 { return Err(curve_idx); } - let mut dout_size = dout.len() as u32; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_export_point_der_ex(curve_idx, self.wc_ecc_point, dout.as_mut_ptr(), &mut dout_size, 1) @@ -632,7 +632,7 @@ impl ECC { let wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let mut ecc = ECC { wc_ecc_key }; let mut idx = 0u32; - let der_size = der.len() as u32; + let der_size = crate::buffer_len_to_u32(der.len())?; let rc = unsafe { sys::wc_EccPrivateKeyDecode(der.as_ptr(), &mut idx, &mut ecc.wc_ecc_key, der_size) }; @@ -695,7 +695,7 @@ impl ECC { let wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let mut ecc = ECC { wc_ecc_key }; let mut idx = 0u32; - let der_size = der.len() as u32; + let der_size = crate::buffer_len_to_u32(der.len())?; let rc = unsafe { sys::wc_EccPublicKeyDecode(der.as_ptr(), &mut idx, &mut ecc.wc_ecc_key, der_size) }; @@ -763,9 +763,9 @@ impl ECC { } let wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let mut ecc = ECC { wc_ecc_key }; - let priv_size = priv_buf.len() as u32; + let priv_size = crate::buffer_len_to_u32(priv_buf.len())?; let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; - let pub_size = pub_buf.len() as u32; + let pub_size = crate::buffer_len_to_u32(pub_buf.len())?; let rc = unsafe { sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size, pub_ptr, pub_size, &mut ecc.wc_ecc_key) @@ -837,9 +837,9 @@ impl ECC { } let wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let mut ecc = ECC { wc_ecc_key }; - let priv_size = priv_buf.len() as u32; + let priv_size = crate::buffer_len_to_u32(priv_buf.len())?; let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; - let pub_size = pub_buf.len() as u32; + let pub_size = crate::buffer_len_to_u32(pub_buf.len())?; let rc = unsafe { sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size, pub_ptr, pub_size, &mut ecc.wc_ecc_key, curve_id) @@ -1067,7 +1067,7 @@ impl ECC { /// ``` #[cfg(ecc_import)] pub fn import_x963(din: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -1130,7 +1130,7 @@ impl ECC { /// ``` #[cfg(ecc_import)] pub fn import_x963_ex(din: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -1211,7 +1211,7 @@ impl ECC { /// } /// ``` pub fn rs_hex_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { - let mut dout_size = dout.len() as u32; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let r_ptr = r.as_ptr() as *const core::ffi::c_char; let s_ptr = s.as_ptr() as *const core::ffi::c_char; let rc = unsafe { @@ -1268,9 +1268,9 @@ impl ECC { /// } /// ``` pub fn rs_bin_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { - let r_size = r.len() as u32; - let s_size = s.len() as u32; - let mut dout_size = dout.len() as u32; + let r_size = crate::buffer_len_to_u32(r.len())?; + let s_size = crate::buffer_len_to_u32(s.len())?; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_rs_raw_to_sig(r.as_ptr(), r_size, s.as_ptr(), s_size, dout.as_mut_ptr(), &mut dout_size) @@ -1321,9 +1321,9 @@ impl ECC { /// } /// ``` pub fn sig_to_rs(sig: &[u8], r: &mut [u8], r_size: &mut u32, s: &mut [u8], s_size: &mut u32) -> Result<(), i32> { - let sig_len = sig.len() as u32; - *r_size = r.len() as u32; - *s_size = s.len() as u32; + let sig_len = crate::buffer_len_to_u32(sig.len())?; + *r_size = crate::buffer_len_to_u32(r.len())?; + *s_size = crate::buffer_len_to_u32(s.len())?; let rc = unsafe { sys::wc_ecc_sig_to_rs(sig.as_ptr(), sig_len, r.as_mut_ptr(), r_size, s.as_mut_ptr(), s_size) @@ -1399,9 +1399,9 @@ impl ECC { #[cfg(ecc_import)] pub fn export(&mut self, qx: &mut [u8], qx_len: &mut u32, qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; - *d_len = d.len() as u32; + *qx_len = crate::buffer_len_to_u32(qx.len())?; + *qy_len = crate::buffer_len_to_u32(qy.len())?; + *d_len = crate::buffer_len_to_u32(d.len())?; let rc = unsafe { sys::wc_ecc_export_private_raw(&mut self.wc_ecc_key, qx.as_mut_ptr(), qx_len, @@ -1456,9 +1456,9 @@ impl ECC { pub fn export_ex(&mut self, qx: &mut [u8], qx_len: &mut u32, qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32, hex: bool) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; - *d_len = d.len() as u32; + *qx_len = crate::buffer_len_to_u32(qx.len())?; + *qy_len = crate::buffer_len_to_u32(qy.len())?; + *d_len = crate::buffer_len_to_u32(d.len())?; let enc_type = if hex { sys::WC_TYPE_HEX_STR as i32 @@ -1505,7 +1505,7 @@ impl ECC { /// ``` #[cfg(ecc_export)] pub fn export_private(&mut self, d: &mut [u8]) -> Result { - let mut d_size = d.len() as u32; + let mut d_size = crate::buffer_len_to_u32(d.len())?; let rc = unsafe { sys::wc_ecc_export_private_only(&mut self.wc_ecc_key, d.as_mut_ptr(), &mut d_size) @@ -1549,8 +1549,8 @@ impl ECC { #[cfg(ecc_export)] pub fn export_public(&mut self, qx: &mut [u8], qx_len: &mut u32, qy: &mut [u8], qy_len: &mut u32) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; + *qx_len = crate::buffer_len_to_u32(qx.len())?; + *qy_len = crate::buffer_len_to_u32(qy.len())?; let rc = unsafe { sys::wc_ecc_export_public_raw(&mut self.wc_ecc_key, qx.as_mut_ptr(), qx_len, @@ -1588,7 +1588,7 @@ impl ECC { /// ``` #[cfg(ecc_export)] pub fn export_x963(&mut self, dout: &mut [u8]) -> Result { - let mut out_len: u32 = dout.len() as u32; + let mut out_len = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_export_x963(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) }; @@ -1624,7 +1624,7 @@ impl ECC { /// ``` #[cfg(all(ecc_export, ecc_comp_key))] pub fn export_x963_compressed(&mut self, dout: &mut [u8]) -> Result { - let mut out_len: u32 = dout.len() as u32; + let mut out_len = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_export_x963_ex(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len, 1) }; @@ -1807,7 +1807,7 @@ impl ECC { /// ``` #[cfg(ecc_dh)] pub fn shared_secret(&mut self, peer_key: &mut ECC, dout: &mut [u8]) -> Result { - let mut out_len = dout.len() as u32; + let mut out_len = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_shared_secret(&mut self.wc_ecc_key, &mut peer_key.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) @@ -1857,7 +1857,7 @@ impl ECC { /// ``` #[cfg(ecc_dh)] pub fn shared_secret_ex(&mut self, peer: &ECCPoint, dout: &mut [u8]) -> Result { - let mut out_len = dout.len() as u32; + let mut out_len = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_shared_secret_ex(&mut self.wc_ecc_key, peer.wc_ecc_point, dout.as_mut_ptr(), &mut out_len) @@ -1900,8 +1900,8 @@ impl ECC { /// ``` #[cfg(all(ecc_sign, random))] pub fn sign_hash(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let mut dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_ecc_sign_hash(din.as_ptr(), din_size, dout.as_mut_ptr(), &mut dout_size, &mut rng.wc_rng, &mut self.wc_ecc_key) @@ -1944,8 +1944,8 @@ impl ECC { #[cfg(ecc_verify)] pub fn verify_hash(&mut self, sig: &[u8], hash: &[u8]) -> Result { let mut res: i32 = 0; - let sig_len = sig.len() as u32; - let hash_len = hash.len() as u32; + let sig_len = crate::buffer_len_to_u32(sig.len())?; + let hash_len = crate::buffer_len_to_u32(hash.len())?; let rc = unsafe { sys::wc_ecc_verify_hash(sig.as_ptr(), sig_len, hash.as_ptr(), hash_len, &mut res, &mut self.wc_ecc_key) diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs index 21f30f6e5c..e6af212e4d 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs @@ -242,8 +242,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_export)] pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed25519_export_key(&self.ws_key, private.as_mut_ptr(), &mut private_size, @@ -283,7 +283,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_export)] pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { - let mut public_size = public.len() as u32; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed25519_export_public(&self.ws_key, public.as_mut_ptr(), &mut public_size) @@ -322,7 +322,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_export)] pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { - let mut keyout_size = keyout.len() as u32; + let mut keyout_size = crate::buffer_len_to_u32(keyout.len())?; let rc = unsafe { sys::wc_ed25519_export_private(&self.ws_key, keyout.as_mut_ptr(), &mut keyout_size) @@ -361,7 +361,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_export)] pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_ed25519_export_private_only(&self.ws_key, private.as_mut_ptr(), &mut private_size) @@ -405,7 +405,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_import)] pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed25519_import_public(public.as_ptr(), public_size, &mut self.ws_key) }; @@ -449,7 +449,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_import)] pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed25519_import_public_ex(public.as_ptr(), public_size, &mut self.ws_key, if trusted {1} else {0}) @@ -488,7 +488,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_import)] pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_ed25519_import_private_only(private.as_ptr(), private_size, &mut self.ws_key) @@ -533,12 +533,12 @@ impl Ed25519 { /// ``` #[cfg(ed25519_import)] pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let mut public_ptr: *const u8 = core::ptr::null(); let mut public_size = 0u32; if let Some(public) = public { public_ptr = public.as_ptr(); - public_size = public.len() as u32; + public_size = crate::buffer_len_to_u32(public.len())?; } let rc = unsafe { sys::wc_ed25519_import_private_key(private.as_ptr(), private_size, @@ -584,12 +584,12 @@ impl Ed25519 { /// ``` #[cfg(ed25519_import)] pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let mut public_ptr: *const u8 = core::ptr::null(); let mut public_size = 0u32; if let Some(public) = public { public_ptr = public.as_ptr(); - public_size = public.len() as u32; + public_size = crate::buffer_len_to_u32(public.len())?; } let rc = unsafe { sys::wc_ed25519_import_private_key_ex(private.as_ptr(), private_size, @@ -630,7 +630,7 @@ impl Ed25519 { /// ed.make_public(&mut public).expect("Error with make_public()"); /// ``` pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { - let pubkey_size = pubkey.len() as u32; + let pubkey_size = crate::buffer_len_to_u32(pubkey.len())?; let rc = unsafe { sys::wc_ed25519_make_public(&mut self.ws_key, pubkey.as_mut_ptr(), pubkey_size) @@ -670,8 +670,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_sign)] pub fn sign_msg(&mut self, message: &[u8], signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let mut signature_size = signature.len() as u32; + let message_size = crate::buffer_len_to_u32(message.len())?; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed25519_sign_msg(message.as_ptr(), message_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key) @@ -715,12 +715,12 @@ impl Ed25519 { /// ``` #[cfg(ed25519_sign)] pub fn sign_msg_ctx(&mut self, message: &[u8], context: &[u8], signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; + let message_size = crate::buffer_len_to_u32(message.len())?; if context.len() > 255 { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } let context_size = context.len() as u8; - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed25519ctx_sign_msg(message.as_ptr(), message_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -775,7 +775,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_sign)] pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -785,7 +785,7 @@ impl Ed25519 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed25519ph_sign_hash(hash.as_ptr(), hash_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -831,7 +831,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_sign)] pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -841,7 +841,7 @@ impl Ed25519 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed25519ph_sign_msg(message.as_ptr(), message_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -887,7 +887,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_sign)] pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -897,7 +897,7 @@ impl Ed25519 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed25519_sign_msg_ex(din.as_ptr(), din_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -939,8 +939,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_verify)] pub fn verify_msg(&mut self, signature: &[u8], message: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_ed25519_verify_msg(signature.as_ptr(), signature_size, @@ -986,8 +986,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_verify)] pub fn verify_msg_ctx(&mut self, signature: &[u8], message: &[u8], context: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let message_size = crate::buffer_len_to_u32(message.len())?; if context.len() > 255 { return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } @@ -1049,8 +1049,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_verify)] pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let hash_size = hash.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1107,8 +1107,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_verify)] pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1165,8 +1165,8 @@ impl Ed25519 { /// ``` #[cfg(ed25519_verify)] pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { - let signature_size = signature.len() as u32; - let din_size = din.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1222,7 +1222,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_streaming_verify)] pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { - let signature_size = signature.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1274,7 +1274,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_streaming_verify)] pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let rc = unsafe { sys::wc_ed25519_verify_msg_update(din.as_ptr(), din_size, &mut self.ws_key) @@ -1317,7 +1317,7 @@ impl Ed25519 { /// ``` #[cfg(ed25519_streaming_verify)] pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { - let signature_size = signature.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_ed25519_verify_msg_final(signature.as_ptr(), signature_size, diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs index a4425bb945..851f963f08 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs @@ -241,8 +241,8 @@ impl Ed448 { /// ``` #[cfg(ed448_export)] pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed448_export_key(&self.ws_key, private.as_mut_ptr(), &mut private_size, @@ -281,7 +281,7 @@ impl Ed448 { /// ``` #[cfg(ed448_export)] pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { - let mut public_size = public.len() as u32; + let mut public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed448_export_public(&self.ws_key, public.as_mut_ptr(), &mut public_size) @@ -319,7 +319,7 @@ impl Ed448 { /// ``` #[cfg(ed448_export)] pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { - let mut keyout_size = keyout.len() as u32; + let mut keyout_size = crate::buffer_len_to_u32(keyout.len())?; let rc = unsafe { sys::wc_ed448_export_private(&self.ws_key, keyout.as_mut_ptr(), &mut keyout_size) @@ -357,7 +357,7 @@ impl Ed448 { /// ``` #[cfg(ed448_export)] pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; + let mut private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_ed448_export_private_only(&self.ws_key, private.as_mut_ptr(), &mut private_size) @@ -401,7 +401,7 @@ impl Ed448 { /// ``` #[cfg(ed448_import)] pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed448_import_public(public.as_ptr(), public_size, &mut self.ws_key) }; @@ -445,7 +445,7 @@ impl Ed448 { /// ``` #[cfg(ed448_import)] pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { - let public_size = public.len() as u32; + let public_size = crate::buffer_len_to_u32(public.len())?; let rc = unsafe { sys::wc_ed448_import_public_ex(public.as_ptr(), public_size, &mut self.ws_key, if trusted {1} else {0}) @@ -484,7 +484,7 @@ impl Ed448 { /// ``` #[cfg(ed448_import)] pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let rc = unsafe { sys::wc_ed448_import_private_only(private.as_ptr(), private_size, &mut self.ws_key) @@ -529,12 +529,12 @@ impl Ed448 { /// ``` #[cfg(ed448_import)] pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let mut public_ptr: *const u8 = core::ptr::null(); let mut public_size = 0u32; if let Some(public) = public { public_ptr = public.as_ptr(); - public_size = public.len() as u32; + public_size = crate::buffer_len_to_u32(public.len())?; } let rc = unsafe { sys::wc_ed448_import_private_key(private.as_ptr(), private_size, @@ -580,12 +580,12 @@ impl Ed448 { /// ``` #[cfg(ed448_import)] pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { - let private_size = private.len() as u32; + let private_size = crate::buffer_len_to_u32(private.len())?; let mut public_ptr: *const u8 = core::ptr::null(); let mut public_size = 0u32; if let Some(public) = public { public_ptr = public.as_ptr(); - public_size = public.len() as u32; + public_size = crate::buffer_len_to_u32(public.len())?; } let rc = unsafe { sys::wc_ed448_import_private_key_ex(private.as_ptr(), private_size, @@ -626,7 +626,7 @@ impl Ed448 { /// ed.make_public(&mut public).expect("Error with make_public()"); /// ``` pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { - let pubkey_size = pubkey.len() as u32; + let pubkey_size = crate::buffer_len_to_u32(pubkey.len())?; let rc = unsafe { sys::wc_ed448_make_public(&mut self.ws_key, pubkey.as_mut_ptr(), pubkey_size) @@ -670,7 +670,7 @@ impl Ed448 { /// ``` #[cfg(ed448_sign)] pub fn sign_msg(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -680,7 +680,7 @@ impl Ed448 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed448_sign_msg(message.as_ptr(), message_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -735,7 +735,7 @@ impl Ed448 { /// ``` #[cfg(ed448_sign)] pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -745,7 +745,7 @@ impl Ed448 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed448ph_sign_hash(hash.as_ptr(), hash_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -791,7 +791,7 @@ impl Ed448 { /// ``` #[cfg(ed448_sign)] pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -801,7 +801,7 @@ impl Ed448 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed448ph_sign_msg(message.as_ptr(), message_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -847,7 +847,7 @@ impl Ed448 { /// ``` #[cfg(ed448_sign)] pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -857,7 +857,7 @@ impl Ed448 { } context_size = context.len() as u8; } - let mut signature_size = signature.len() as u32; + let mut signature_size = crate::buffer_len_to_u32(signature.len())?; let rc = unsafe { sys::wc_ed448_sign_msg_ex(din.as_ptr(), din_size, signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, @@ -903,8 +903,8 @@ impl Ed448 { /// ``` #[cfg(ed448_verify)] pub fn verify_msg(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -971,8 +971,8 @@ impl Ed448 { /// ``` #[cfg(ed448_verify)] pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let hash_size = hash.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1029,8 +1029,8 @@ impl Ed448 { /// ``` #[cfg(ed448_verify)] pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let message_size = crate::buffer_len_to_u32(message.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1087,8 +1087,8 @@ impl Ed448 { /// ``` #[cfg(ed448_verify)] pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { - let signature_size = signature.len() as u32; - let din_size = din.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; + let din_size = crate::buffer_len_to_u32(din.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1145,7 +1145,7 @@ impl Ed448 { /// ``` #[cfg(ed448_streaming_verify)] pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { - let signature_size = signature.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; let mut context_ptr: *const u8 = core::ptr::null(); let mut context_size = 0u8; if let Some(context) = context { @@ -1198,7 +1198,7 @@ impl Ed448 { /// ``` #[cfg(ed448_streaming_verify)] pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { - let din_size = din.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; let rc = unsafe { sys::wc_ed448_verify_msg_update(din.as_ptr(), din_size, &mut self.ws_key) @@ -1242,7 +1242,7 @@ impl Ed448 { /// ``` #[cfg(ed448_streaming_verify)] pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { - let signature_size = signature.len() as u32; + let signature_size = crate::buffer_len_to_u32(signature.len())?; let mut res = 0i32; let rc = unsafe { sys::wc_ed448_verify_msg_final(signature.as_ptr(), signature_size, diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs b/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs index b1d26ec255..ecccbf0f65 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs @@ -97,9 +97,9 @@ pub fn hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: &[u8], out: &mut [u8] let mut salt_size = 0u32; if let Some(salt) = salt { salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; + salt_size = crate::buffer_len_to_u32(salt.len())?; } - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; if out.len() != HMAC::get_hmac_size_by_type(typ)? { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } @@ -192,14 +192,14 @@ pub fn hkdf_expand(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8]) -> /// hkdf_expand_ex(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out, None, None).expect("Error with hkdf_expand_ex()"); /// ``` pub fn hkdf_expand_ex(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let mut info_ptr = core::ptr::null(); let mut info_size = 0u32; if let Some(info) = info { info_ptr = info.as_ptr(); - info_size = info.len() as u32; + info_size = crate::buffer_len_to_u32(info.len())?; } - let out_size = out.len() as u32; + let out_size = crate::buffer_len_to_u32(out.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -250,20 +250,20 @@ pub fn hkdf_expand_ex(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8], /// hkdf(HMAC::TYPE_SHA256, ikm, Some(salt), Some(info), &mut out).expect("Error with hkdf()"); /// ``` pub fn hkdf(typ: i32, key: &[u8], salt: Option<&[u8]>, info: Option<&[u8]>, out: &mut[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let mut salt_ptr = core::ptr::null(); let mut salt_size = 0u32; if let Some(salt) = salt { salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; + salt_size = crate::buffer_len_to_u32(salt.len())?; } let mut info_ptr = core::ptr::null(); let mut info_size = 0u32; if let Some(info) = info { info_ptr = info.as_ptr(); - info_size = info.len() as u32; + info_size = crate::buffer_len_to_u32(info.len())?; } - let out_size = out.len() as u32; + let out_size = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { sys::wc_HKDF(typ, key.as_ptr(), key_size, salt_ptr, salt_size, info_ptr, info_size, out.as_mut_ptr(), out_size) diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs b/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs index 24e53089fe..62e75d047e 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs @@ -113,7 +113,7 @@ impl HMAC { /// let mut hmac = HMAC::new_ex(HMAC::TYPE_SHA256, &key, None, None).expect("Error with new_ex()"); /// ``` pub fn new_ex(typ: i32, key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -191,7 +191,7 @@ impl HMAC { /// ``` #[cfg(hmac_setkey_ex)] pub fn new_allow_short_key_ex(typ: i32, key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -241,7 +241,7 @@ impl HMAC { /// hmac.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_HmacUpdate(&mut self.wc_hmac, data.as_ptr(), data_size) }; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs b/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs index 4fdecb7e6b..9d2ae3c53a 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs @@ -126,9 +126,9 @@ pub fn pbkdf2(password: &[u8], salt: &[u8], iterations: i32, typ: i32, out: &mut /// ``` #[cfg(kdf_pbkdf2)] pub fn pbkdf2_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option, out: &mut [u8]) -> Result<(), i32> { - let password_size = password.len() as i32; - let salt_size = salt.len() as i32; - let out_size = out.len() as i32; + let password_size = crate::buffer_len_to_i32(password.len())?; + let salt_size = crate::buffer_len_to_i32(salt.len())?; + let out_size = crate::buffer_len_to_i32(out.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -248,9 +248,9 @@ pub fn pkcs12_pbkdf(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: /// ``` #[cfg(kdf_pkcs12)] pub fn pkcs12_pbkdf_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: i32, heap: Option<*mut core::ffi::c_void>, out: &mut [u8]) -> Result<(), i32> { - let password_size = password.len() as i32; - let salt_size = salt.len() as i32; - let out_size = out.len() as i32; + let password_size = crate::buffer_len_to_i32(password.len())?; + let salt_size = crate::buffer_len_to_i32(salt.len())?; + let out_size = crate::buffer_len_to_i32(out.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -335,14 +335,14 @@ pub fn tls13_hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: Option<&mut [u8 let mut salt_size = 0u32; if let Some(salt) = salt { salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; + salt_size = crate::buffer_len_to_u32(salt.len())?; } let mut ikm_buf = [0u8; sys::WC_MAX_DIGEST_SIZE as usize]; let mut ikm_ptr = ikm_buf.as_mut_ptr(); let mut ikm_size = 0u32; if let Some(key) = key && !key.is_empty() { ikm_ptr = key.as_mut_ptr(); - ikm_size = key.len() as u32; + ikm_size = crate::buffer_len_to_u32(key.len())?; } if out.len() != HMAC::get_hmac_size_by_type(typ)? { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); @@ -474,11 +474,11 @@ pub fn tls13_hkdf_expand_label(typ: i32, key: &[u8], protocol: &[u8], label: &[u #[cfg(all(hmac, kdf_tls13))] #[allow(clippy::too_many_arguments)] pub fn tls13_hkdf_expand_label_ex(typ: i32, key: &[u8], protocol: &[u8], label: &[u8], info: &[u8], out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; - let protocol_size = protocol.len() as u32; - let label_size = label.len() as u32; - let info_size = info.len() as u32; - let out_size = out.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let protocol_size = crate::buffer_len_to_u32(protocol.len())?; + let label_size = crate::buffer_len_to_u32(label.len())?; + let info_size = crate::buffer_len_to_u32(info.len())?; + let out_size = crate::buffer_len_to_u32(out.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -531,10 +531,10 @@ pub fn tls13_hkdf_expand_label_ex(typ: i32, key: &[u8], protocol: &[u8], label: /// ``` #[cfg(kdf_ssh)] pub fn ssh_kdf(typ: i32, key_id: u8, k: &[u8], h: &[u8], session_id: &[u8], key: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let k_size = k.len() as u32; - let h_size = h.len() as u32; - let session_size = session_id.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let k_size = crate::buffer_len_to_u32(k.len())?; + let h_size = crate::buffer_len_to_u32(h.len())?; + let session_size = crate::buffer_len_to_u32(session_id.len())?; let rc = unsafe { sys::wc_SSH_KDF(typ as u8, key_id, key.as_mut_ptr(), key_size, @@ -589,11 +589,11 @@ pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], // will be read from the idx slice. return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let key1_size = key1.len() as u32; - let key2_size = key2.len() as u32; - let key3_size = key3.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let salt_size = crate::buffer_len_to_u32(salt.len())?; + let key1_size = crate::buffer_len_to_u32(key1.len())?; + let key2_size = crate::buffer_len_to_u32(key2.len())?; + let key3_size = crate::buffer_len_to_u32(key3.len())?; let rc = unsafe { sys::wc_SRTP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, @@ -639,9 +639,9 @@ pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], #[cfg(kdf_srtp)] pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], label: u8, keyout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let keyout_size = keyout.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let salt_size = crate::buffer_len_to_u32(salt.len())?; + let keyout_size = crate::buffer_len_to_u32(keyout.len())?; let rc = unsafe { sys::wc_SRTP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) @@ -694,11 +694,11 @@ pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], // will be read from the idx slice. return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); } - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let key1_size = key1.len() as u32; - let key2_size = key2.len() as u32; - let key3_size = key3.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let salt_size = crate::buffer_len_to_u32(salt.len())?; + let key1_size = crate::buffer_len_to_u32(key1.len())?; + let key2_size = crate::buffer_len_to_u32(key2.len())?; + let key3_size = crate::buffer_len_to_u32(key3.len())?; let rc = unsafe { sys::wc_SRTCP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, @@ -744,9 +744,9 @@ pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], #[cfg(kdf_srtp)] pub fn srtcp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], label: u8, keyout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let keyout_size = keyout.len() as u32; + let key_size = crate::buffer_len_to_u32(key.len())?; + let salt_size = crate::buffer_len_to_u32(salt.len())?; + let keyout_size = crate::buffer_len_to_u32(keyout.len())?; let rc = unsafe { sys::wc_SRTCP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs index 7f1d1e3f96..fff3be2e14 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs @@ -44,6 +44,16 @@ pub mod random; pub mod rsa; pub mod sha; +/// Convert a buffer length to `u32`, returning `BUFFER_E` if it overflows. +pub(crate) fn buffer_len_to_u32(len: usize) -> Result { + u32::try_from(len).map_err(|_| sys::wolfCrypt_ErrorCodes_BUFFER_E) +} + +/// Convert a buffer length to `i32`, returning `BUFFER_E` if it overflows. +pub(crate) fn buffer_len_to_i32(len: usize) -> Result { + i32::try_from(len).map_err(|_| sys::wolfCrypt_ErrorCodes_BUFFER_E) +} + /// Initialize resources used by wolfCrypt. /// /// # Returns diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs b/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs index dd12c2409e..61665079c6 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs @@ -528,14 +528,15 @@ impl Lms { if sig.len() < expected_sig_len { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } - let mut sig_sz = sig.len() as u32; + let mut sig_sz = crate::buffer_len_to_u32(sig.len())?; + let msg_sz = crate::buffer_len_to_i32(msg.len())?; let rc = unsafe { sys::wc_LmsKey_Sign( &mut self.ws_key, sig.as_mut_ptr(), &mut sig_sz, msg.as_ptr(), - msg.len() as core::ffi::c_int, + msg_sz, ) }; if rc != 0 { @@ -670,7 +671,7 @@ impl Lms { /// } /// ``` pub fn export_pub_raw(&self, out: &mut [u8]) -> Result { - let mut out_len = out.len() as u32; + let mut out_len = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { sys::wc_LmsKey_ExportPubRaw(&self.ws_key, out.as_mut_ptr(), &mut out_len) }; @@ -704,8 +705,9 @@ impl Lms { /// key.import_pub_raw(&pub_buf).expect("Error with import_pub_raw()"); /// ``` pub fn import_pub_raw(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { - sys::wc_LmsKey_ImportPubRaw(&mut self.ws_key, data.as_ptr(), data.len() as u32) + sys::wc_LmsKey_ImportPubRaw(&mut self.ws_key, data.as_ptr(), data_size) }; if rc != 0 { return Err(rc); @@ -735,13 +737,15 @@ impl Lms { if sig.len() != expected_sig_len { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } + let sig_sz = crate::buffer_len_to_u32(sig.len())?; + let msg_sz = crate::buffer_len_to_i32(msg.len())?; let rc = unsafe { sys::wc_LmsKey_Verify( &mut self.ws_key, sig.as_ptr(), - sig.len() as u32, + sig_sz, msg.as_ptr(), - msg.len() as core::ffi::c_int, + msg_sz, ) }; if rc != 0 { diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs b/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs index c2615dffb0..f07f55f7a1 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs @@ -608,12 +608,13 @@ impl MlKem { if ss.len() != Self::SHARED_SECRET_SIZE { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } + let ct_size = crate::buffer_len_to_u32(ct.len())?; let rc = unsafe { sys::wc_MlKemKey_Decapsulate( self.ws_key, ss.as_mut_ptr(), ct.as_ptr(), - ct.len() as u32, + ct_size, ) }; if rc != 0 { @@ -653,8 +654,9 @@ impl MlKem { /// } /// ``` pub fn encode_public_key(&self, out: &mut [u8]) -> Result { + let out_size = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { - sys::wc_MlKemKey_EncodePublicKey(self.ws_key, out.as_mut_ptr(), out.len() as u32) + sys::wc_MlKemKey_EncodePublicKey(self.ws_key, out.as_mut_ptr(), out_size) }; if rc != 0 { return Err(rc); @@ -693,8 +695,9 @@ impl MlKem { /// } /// ``` pub fn encode_private_key(&self, out: &mut [u8]) -> Result { + let out_size = crate::buffer_len_to_u32(out.len())?; let rc = unsafe { - sys::wc_MlKemKey_EncodePrivateKey(self.ws_key, out.as_mut_ptr(), out.len() as u32) + sys::wc_MlKemKey_EncodePrivateKey(self.ws_key, out.as_mut_ptr(), out_size) }; if rc != 0 { return Err(rc); @@ -731,8 +734,9 @@ impl MlKem { /// } /// ``` pub fn decode_public_key(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { - sys::wc_MlKemKey_DecodePublicKey(self.ws_key, data.as_ptr(), data.len() as u32) + sys::wc_MlKemKey_DecodePublicKey(self.ws_key, data.as_ptr(), data_size) }; if rc != 0 { return Err(rc); @@ -769,8 +773,9 @@ impl MlKem { /// } /// ``` pub fn decode_private_key(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { - sys::wc_MlKemKey_DecodePrivateKey(self.ws_key, data.as_ptr(), data.len() as u32) + sys::wc_MlKemKey_DecodePrivateKey(self.ws_key, data.as_ptr(), data_size) }; if rc != 0 { return Err(rc); diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs b/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs index a4deadc428..2358c28f47 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs @@ -120,9 +120,9 @@ pub fn prf(secret: &[u8], seed: &[u8], hash_type: i32, dout: &mut [u8]) -> Resul /// } /// ``` pub fn prf_ex(secret: &[u8], seed: &[u8], hash_type: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option, dout: &mut [u8]) -> Result<(), i32> { - let secret_size = secret.len() as u32; - let seed_size = seed.len() as u32; - let dout_size = dout.len() as u32; + let secret_size = crate::buffer_len_to_u32(secret.len())?; + let seed_size = crate::buffer_len_to_u32(seed.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/random.rs b/wrapper/rust/wolfssl-wolfcrypt/src/random.rs index aca81f4603..798ecc1825 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/random.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/random.rs @@ -157,7 +157,7 @@ impl RNG { } } let ptr = nonce.as_mut_ptr() as *mut u8; - let size: u32 = size_of_val(nonce) as u32; + let size = crate::buffer_len_to_u32(size_of_val(nonce))?; let mut wc_rng: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -244,16 +244,16 @@ impl RNG { let mut nonce_size = 0u32; if let Some(nonce) = nonce { nonce_ptr = nonce.as_ptr(); - nonce_size = nonce.len() as u32; + nonce_size = crate::buffer_len_to_u32(nonce.len())?; } - let seed_a_size = seed_a.len() as u32; + let seed_a_size = crate::buffer_len_to_u32(seed_a.len())?; let mut seed_b_ptr = core::ptr::null(); let mut seed_b_size = 0u32; if let Some(seed_b) = seed_b { seed_b_ptr = seed_b.as_ptr(); - seed_b_size = seed_b.len() as u32; + seed_b_size = crate::buffer_len_to_u32(seed_b.len())?; } - let output_size = output.len() as u32; + let output_size = crate::buffer_len_to_u32(output.len())?; let heap = match heap { Some(heap) => heap, None => core::ptr::null_mut(), @@ -297,7 +297,7 @@ impl RNG { /// ``` #[cfg(random_hashdrbg)] pub fn test_seed(seed: &[u8]) -> Result<(), i32> { - let seed_size = seed.len() as u32; + let seed_size = crate::buffer_len_to_u32(seed.len())?; let rc = unsafe { sys::wc_RNG_TestSeed(seed.as_ptr(), seed_size) }; if rc != 0 { return Err(rc); @@ -340,7 +340,7 @@ impl RNG { /// library return code on failure. pub fn generate_block(&mut self, buf: &mut [T]) -> Result<(), i32> { let ptr = buf.as_mut_ptr() as *mut u8; - let size: u32 = size_of_val(buf) as u32; + let size = crate::buffer_len_to_u32(size_of_val(buf))?; let rc = unsafe { sys::wc_RNG_GenerateBlock(&mut self.wc_rng, ptr, size) }; if rc == 0 { Ok(()) @@ -371,7 +371,7 @@ impl RNG { /// ``` #[cfg(random_hashdrbg)] pub fn reseed(&mut self, seed: &[u8]) -> Result<(), i32> { - let seed_size = seed.len() as u32; + let seed_size = crate::buffer_len_to_u32(seed.len())?; let rc = unsafe { sys::wc_RNG_DRBG_Reseed(&mut self.wc_rng, seed.as_ptr(), seed_size) }; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs b/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs index 74b4d67404..24796e46fa 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs @@ -218,6 +218,7 @@ impl RSA { /// } /// ``` pub fn new_from_der_ex(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let der_size = crate::buffer_len_to_u32(der.len())?; let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -232,7 +233,6 @@ impl RSA { return Err(rc); } let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; - let der_size = der.len() as u32; let mut idx: u32 = 0; let rc = unsafe { sys::wc_RsaPrivateKeyDecode(der.as_ptr(), &mut idx, &mut wc_rsakey, der_size) @@ -335,6 +335,7 @@ impl RSA { /// } /// ``` pub fn new_public_from_der_ex(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let der_size = crate::buffer_len_to_u32(der.len())?; let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -349,7 +350,6 @@ impl RSA { return Err(rc); } let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; - let der_size = der.len() as u32; let mut idx: u32 = 0; let rc = unsafe { sys::wc_RsaPublicKeyDecode(der.as_ptr(), &mut idx, &mut wc_rsakey, der_size) @@ -527,11 +527,11 @@ impl RSA { d: &mut [u8], d_size: &mut u32, p: &mut [u8], p_size: &mut u32, q: &mut [u8], q_size: &mut u32) -> Result<(), i32> { - *e_size = e.len() as u32; - *n_size = n.len() as u32; - *d_size = d.len() as u32; - *p_size = p.len() as u32; - *q_size = q.len() as u32; + *e_size = crate::buffer_len_to_u32(e.len())?; + *n_size = crate::buffer_len_to_u32(n.len())?; + *d_size = crate::buffer_len_to_u32(d.len())?; + *p_size = crate::buffer_len_to_u32(p.len())?; + *q_size = crate::buffer_len_to_u32(q.len())?; #[cfg(rsa_const_api)] let key_ptr = &self.wc_rsakey; #[cfg(not(rsa_const_api))] @@ -584,8 +584,8 @@ impl RSA { pub fn export_public_key(&mut self, e: &mut [u8], e_size: &mut u32, n: &mut [u8], n_size: &mut u32) -> Result<(), i32> { - *e_size = e.len() as u32; - *n_size = n.len() as u32; + *e_size = crate::buffer_len_to_u32(e.len())?; + *n_size = crate::buffer_len_to_u32(n.len())?; #[cfg(rsa_const_api)] let key = &self.wc_rsakey; #[cfg(not(rsa_const_api))] @@ -705,8 +705,8 @@ impl RSA { /// ``` #[cfg(random)] pub fn public_encrypt(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaPublicEncrypt(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey, @@ -763,8 +763,8 @@ impl RSA { /// } /// ``` pub fn private_decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaPrivateDecrypt(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey) @@ -829,8 +829,8 @@ impl RSA { /// ``` #[cfg(all(random, rsa_pss))] pub fn pss_sign(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32, rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaPSS_Sign(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, hash_algo, mgf, &mut self.wc_rsakey, &mut rng.wc_rng) @@ -892,8 +892,8 @@ impl RSA { /// ``` #[cfg(all(rsa_pss, rsa_const_api))] pub fn pss_check_padding(&mut self, din: &[u8], sig: &[u8], hash_algo: u32) -> Result<(), i32> { - let din_size = din.len() as u32; - let sig_size = sig.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let sig_size = crate::buffer_len_to_u32(sig.len())?; let rc = unsafe { sys::wc_RsaPSS_CheckPadding(din.as_ptr(), din_size, sig.as_ptr(), sig_size, hash_algo) @@ -958,8 +958,8 @@ impl RSA { /// ``` #[cfg(all(rsa_pss, rsa_const_api))] pub fn pss_verify(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaPSS_Verify(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, @@ -1029,9 +1029,9 @@ impl RSA { /// ``` #[cfg(all(rsa_pss, rsa_const_api))] pub fn pss_verify_check(&mut self, din: &[u8], dout: &mut [u8], digest: &[u8], hash_algo: u32, mgf: i32) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; - let digest_size = digest.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; + let digest_size = crate::buffer_len_to_u32(digest.len())?; let rc = unsafe { sys::wc_RsaPSS_VerifyCheck(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, digest.as_ptr(), digest_size, @@ -1092,8 +1092,8 @@ impl RSA { /// ``` #[cfg(all(rsa_direct, rsa_const_api))] pub fn rsa_direct(&mut self, din: &[u8], dout: &mut [u8], typ: i32, rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let mut dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let mut dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaDirect(din.as_ptr(), din_size, dout.as_mut_ptr(), &mut dout_size, @@ -1209,8 +1209,8 @@ impl RSA { /// ``` #[cfg(random)] pub fn ssl_sign(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaSSL_Sign(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, @@ -1270,8 +1270,8 @@ impl RSA { /// } /// ``` pub fn ssl_verify(&mut self, din: &[u8], dout: &mut [u8]) -> Result { - let din_size = din.len() as u32; - let dout_size = dout.len() as u32; + let din_size = crate::buffer_len_to_u32(din.len())?; + let dout_size = crate::buffer_len_to_u32(dout.len())?; let rc = unsafe { sys::wc_RsaSSL_Verify(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey) diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs b/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs index e8964a72f8..9cbfcaf24c 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs @@ -170,7 +170,7 @@ impl SHA { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_ShaUpdate(&mut self.wc_sha, data.as_ptr(), data_size) }; @@ -373,7 +373,7 @@ impl SHA224 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha224Update(&mut self.wc_sha224, data.as_ptr(), data_size) }; @@ -576,7 +576,7 @@ impl SHA256 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha256Update(&mut self.wc_sha256, data.as_ptr(), data_size) }; @@ -779,7 +779,7 @@ impl SHA384 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha384Update(&mut self.wc_sha384, data.as_ptr(), data_size) }; @@ -982,7 +982,7 @@ impl SHA512 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha512Update(&mut self.wc_sha512, data.as_ptr(), data_size) }; @@ -1185,7 +1185,7 @@ impl SHA3_224 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha3_224_Update(&mut self.wc_sha3, data.as_ptr(), data_size) }; @@ -1388,7 +1388,7 @@ impl SHA3_256 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha3_256_Update(&mut self.wc_sha3, data.as_ptr(), data_size) }; @@ -1591,7 +1591,7 @@ impl SHA3_384 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha3_384_Update(&mut self.wc_sha3, data.as_ptr(), data_size) }; @@ -1794,7 +1794,7 @@ impl SHA3_512 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Sha3_512_Update(&mut self.wc_sha3, data.as_ptr(), data_size) }; @@ -2001,7 +2001,7 @@ impl SHAKE128 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Shake128_Update(&mut self.wc_shake, data.as_ptr(), data_size) }; @@ -2032,7 +2032,7 @@ impl SHAKE128 { /// sha.finalize(&mut hash).expect("Error with finalize()"); /// ``` pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let rc = unsafe { sys::wc_Shake128_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) }; @@ -2061,7 +2061,7 @@ impl SHAKE128 { /// sha.absorb(b"input").expect("Error with absorb()"); /// ``` pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Shake128_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) }; @@ -2094,7 +2094,7 @@ impl SHAKE128 { /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); /// ``` pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { - let dout_size = dout.len() as u32; + let dout_size = crate::buffer_len_to_u32(dout.len())?; if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); } @@ -2271,7 +2271,7 @@ impl SHAKE256 { /// sha.update(b"input").expect("Error with update()"); /// ``` pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Shake256_Update(&mut self.wc_shake, data.as_ptr(), data_size) }; @@ -2302,7 +2302,7 @@ impl SHAKE256 { /// sha.finalize(&mut hash).expect("Error with finalize()"); /// ``` pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; + let hash_size = crate::buffer_len_to_u32(hash.len())?; let rc = unsafe { sys::wc_Shake256_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) }; @@ -2331,7 +2331,7 @@ impl SHAKE256 { /// sha.absorb(b"input").expect("Error with absorb()"); /// ``` pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; + let data_size = crate::buffer_len_to_u32(data.len())?; let rc = unsafe { sys::wc_Shake256_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) }; @@ -2364,7 +2364,7 @@ impl SHAKE256 { /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); /// ``` pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { - let dout_size = dout.len() as u32; + let dout_size = crate::buffer_len_to_u32(dout.len())?; if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); }