Merge pull request #6641 from julek-wolfssl/gh/6555

Dtls13GetRnMask: Correctly get chacha counter on BE systems

.github/workflows/async.yml

@@ -15,6 +15,8 @@ jobs:
         ]
     name: make check
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
     steps:
       - uses: actions/checkout@v3
         name: Checkout wolfSSL

.github/workflows/curl.yml

@@ -5,36 +5,26 @@ on:
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 14
     steps:
-    - uses: actions/checkout@master
+    - name: Install test dependencies
-    - name: autogen
+      run: |
-      run: ./autogen.sh
+        sudo apt-get update
-    - name: configure
+        sudo apt-get install nghttp2
-      run: ./configure --enable-all
+
-    - name: make
+    - name: Build wolfSSL
-      run: make
+      uses: wolfSSL/actions-build-autotools-project@v1
-    - name: install
+      with:
-      run: sudo make install
+        path: wolfssl
-    - uses: actions/checkout@master
+        configure: --enable-curl
+        install: true
+
+    - name: Build and test stunnel
+      uses: wolfSSL/actions-build-autotools-project@v1
       with:
         repository: curl/curl
         path: curl
-    - name: Install test dependency
+        configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
-      working-directory: ./curl
+        check: true
-      run: sudo apt-get install nghttp2
-    - name: curl buildconf
-      working-directory: ./curl
-      run: ./buildconf
-    - name: curl configure
-      working-directory: ./curl
-      run: ./configure --with-wolfssl
-    - name: curl make
-      working-directory: ./curl
-      run: make
-    - name: curl unit tests
-      working-directory: ./curl
-      run: make test
-

.github/workflows/docker-Espressif.yml

@@ -6,6 +6,8 @@ jobs:
   espressif_latest:
     name: latest Docker container
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
     container:
       image: espressif/idf:latest
     steps:

.github/workflows/docker-OpenWrt.yml

@@ -9,6 +9,8 @@ jobs:
     build_library:
         name: Compile libwolfssl.so
         runs-on: ubuntu-latest
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 4
         container:
             image: alpine:latest
         steps:
@@ -26,6 +28,8 @@ jobs:
     compile_container:
         name: Compile container
         runs-on: ubuntu-latest
+        # This should be a safe limit for the tests to run.
+        timeout-minutes: 2
         needs: build_library
         strategy:
             fail-fast: false

.github/workflows/hitch.yml

@@ -8,6 +8,8 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -34,6 +36,8 @@ jobs:
               test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     needs: build_wolfssl
     steps:
       - name: Download lib

.github/workflows/hostap.yml

@@ -15,6 +15,8 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
         # No way to view the full strategy in the browser (really weird)
       - name: Print strategy
@@ -90,6 +92,8 @@ jobs:
     name: hwsim test
     # For openssl 1.1
     runs-on: ubuntu-20.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
     needs: build_wolfssl
     steps:
         # No way to view the full strategy in the browser (really weird)

.github/workflows/multi-compiler.yml

@@ -25,6 +25,8 @@ jobs:
           - CC: clang-14
             CXX: clang++-14
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 2
     steps:
       - uses: actions/checkout@v3
       - name: Build

.github/workflows/nginx.yml

@@ -8,6 +8,8 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - if: ${{ runner.debug }}
         name: Enable wolfSSL debug logging
@@ -65,6 +67,8 @@ jobs:
               stream_proxy_ssl_verify.t stream_ssl_alpn.t
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
     needs: build_wolfssl
     steps:
       - name: Download lib

.github/workflows/openvpn.yml

@@ -8,6 +8,8 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -31,6 +33,8 @@ jobs:
         ref: [ master, release/2.6, v2.6.0 ]
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
     needs: build_wolfssl
     steps:
       - name: Download lib

.github/workflows/os-check.yml

@@ -22,6 +22,8 @@ jobs:
         ]
     name: make check
     runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
     steps:
       - name: Build and test wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -40,6 +42,8 @@ jobs:
         ]
     name: make user_setting.h
     runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
     steps:
       - name: Build and test wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -61,6 +65,8 @@ jobs:
         ]
     name: make user_setting.h (testwolfcrypt only)
     runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - name: Build and test wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -80,6 +86,8 @@ jobs:
         os: [ ubuntu-latest, macos-latest ]
     name: make user_setting.h (with sed)
     runs-on: ${{ matrix.os }}
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
     steps:
     - uses: actions/checkout@v3
     - if: ${{ matrix.os == 'macos-latest' }}
@@ -96,6 +104,8 @@ jobs:
   windows_build:
     name: Windows Build Test
     runs-on: windows-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
     env:
       # Path to the solution file relative to the root of the project.
       SOLUTION_FILE_PATH: wolfssl64.sln

.github/workflows/stunnel.yml

@@ -8,6 +8,8 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -31,6 +33,8 @@ jobs:
         ref: [ 5.67 ]
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     needs: build_wolfssl
     steps:
       - name: Download lib

.github/workflows/zephyr.yml

@@ -7,7 +7,8 @@ jobs:
   run_test:
     name: Build and run
     runs-on: ubuntu-latest
-    timeout-minutes: 20
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
     steps:
       - name: Install dependencies
         run: |

src/dtls13.c

@@ -277,10 +277,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         /* assuming CIPHER[0..3] should be interpreted as little endian 32-bits
            integer. The draft rfc isn't really clear on that. See sec 4.2.3 of
            the draft. See also Section 2.3 of the Chacha RFC. */
-        XMEMCPY(&counter, ciphertext, sizeof(counter));
+        ato32le(ciphertext, &counter);
-#ifdef BIG_ENDIAN
-        counter = ByteReverseWord32(counter);
-#endif /* BIG_ENDIAN */
 
         ret = wc_Chacha_SetIV(c->chacha, &ciphertext[4], counter);
         if (ret != 0)

wolfcrypt/src/misc.c

@@ -472,6 +472,15 @@ WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
                (word32)c[3];
 }
 
+/* convert opaque to 32 bit integer. Interpret as little endian. */
+WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
+{
+    *wc_u32 =  (word32)c[0] |
+              ((word32)c[1] << 8) |
+              ((word32)c[2] << 16) |
+              ((word32)c[3] << 24);
+}
+
 
 WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
 {

wolfssl/wolfcrypt/misc.h

@@ -102,12 +102,13 @@ void   ByteReverseWords64(word64* out, const word64* in, word32 byteCount);
 
 
 void c32to24(word32 in, word24 out);
-void c16toa(word16 u16, byte* c);
+void c16toa(word16 wc_u16, byte* c);
-void c32toa(word32 u32, byte* c);
+void c32toa(word32 wc_u32, byte* c);
-void c24to32(const word24 u24, word32* u32);
+void c24to32(const word24 wc_u24, word32* wc_u32);
-void ato16(const byte* c, word16* u16);
+void ato16(const byte* c, word16* wc_u16);
-void ato24(const byte* c, word32* u24);
+void ato24(const byte* c, word32* wc_u24);
-void ato32(const byte* c, word32* u32);
+void ato32(const byte* c, word32* wc_u32);
+void ato32le(const byte* c, word32* wc_u32);
 word32 btoi(byte b);
 
 WOLFSSL_LOCAL signed char HexCharToByte(char ch);