From 52b66edf72a48dad0f307fff2aec9dc6181b69e1 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 16 May 2018 13:27:13 -0700
Subject: [PATCH] Fixes for a few more fsanitize issues. Added alignment for
 ForceZero. Added word32 aligned acceleration for ForceZeero. Added
 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero
 acceleration. We cast the 24 left-shifts to word32 because compiler assumes
 signed int type, and a runtime value with MSB set results into runtime
 fsanitize error.

---
 src/ssl.c                |  6 ++----
 wolfcrypt/src/misc.c     | 25 ++++++++++++++++++++++++-
 wolfcrypt/src/pwdbased.c |  2 +-
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 4f22b68ca..2a38aaa2a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3612,10 +3612,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
 /* Make a work from the front of random hash */
 static INLINE word32 MakeWordFromHash(const byte* hashID)
 {
-    return (((word32)hashID[0] << 24) |
-            ((word32)hashID[1] << 16) |
-            ((word32)hashID[2] <<  8) |
-            ((word32)hashID[3]));
+    return ((word32)hashID[0] << 24) | (hashID[1] << 16) |
+        (hashID[2] <<  8) | hashID[3];
 }
 
 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 484ffd501..b56d16e48 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -199,13 +199,36 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
 STATIC INLINE void ForceZero(const void* mem, word32 len)
 {
     volatile byte* z = (volatile byte*)mem;
+
+#ifndef NO_ALIGNED_FORCEZERO
 #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE)
     volatile word64* w;
 
+    /* align buffer */
+    while (len && ((word64)z % sizeof(word64)) != 0) {
+        *z++ = 0; len--;
+    }
+
+    /* do aligned force zero */
     for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w))
         *w++ = 0;
     z = (volatile byte*)w;
+#else
+    volatile word32* w;
+
+    /* align buffer */
+    while (len && ((word32)z % sizeof(word32)) != 0) {
+        *z++ = 0; len--;
+    }
+
+    /* do aligned force zero */
+    for (w = (volatile word32*)z; len >= sizeof(*w); len -= sizeof(*w))
+        *w++ = 0;
+    z = (volatile byte*)w;
 #endif
+#endif /* NO_ALIGNED_FORCEZERO */
+
+    /* do byte by byte force zero */
     while (len--) *z++ = 0;
 }
 
@@ -292,7 +315,7 @@ STATIC INLINE void ato16(const byte* c, word16* wc_u16)
 /* convert opaque to 32 bit integer */
 STATIC INLINE void ato32(const byte* c, word32* wc_u32)
 {
-    *wc_u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
+    *wc_u32 = ((word32)c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
 }
 
 
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index f29665a7f..cadd1c892 100755
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -645,7 +645,7 @@ static void scryptROMix(byte* x, byte* v, byte* y, int r, word32 n)
 #endif
 #else
         byte* t = x + (2*r - 1) * 64;
-        j = (t[0] | (t[1] << 8) | (t[2] << 16) | (t[3] << 24)) & (n-1);
+        j = (t[0] | (t[1] << 8) | (t[2] << 16) | ((word32)t[3] << 24)) & (n-1);
 #endif
 #ifdef WORD64_AVAILABLE
         for (k = 0; k < bSz / 8; k++)