From 56fc5bbf879dc21e60c3366ea69268e46005b60f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 21 Jul 2023 14:48:28 +0200 Subject: [PATCH] Dtls13GetRnMask: Correctly get chacha counter on BE systems The issue was that BIG_ENDIAN is defined in endian.h (on linux). Our define is BIG_ENDIAN_ORDER. --- src/dtls13.c | 8 +------- wolfcrypt/src/misc.c | 9 +++++++++ wolfssl/wolfcrypt/misc.h | 13 +++++++------ 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/dtls13.c b/src/dtls13.c index b5fecafd7..e8a2947d8 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -274,13 +274,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, if (c->chacha == NULL) return BAD_STATE_E; - /* assuming CIPHER[0..3] should be interpreted as little endian 32-bits - integer. The draft rfc isn't really clear on that. See sec 4.2.3 of - the draft. See also Section 2.3 of the Chacha RFC. */ - XMEMCPY(&counter, ciphertext, sizeof(counter)); -#ifdef BIG_ENDIAN - counter = ByteReverseWord32(counter); -#endif /* BIG_ENDIAN */ + ato32le(ciphertext, &counter); ret = wc_Chacha_SetIV(c->chacha, &ciphertext[4], counter); if (ret != 0) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 8ccf766ba..bc1ea8fa9 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -472,6 +472,15 @@ WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32) (word32)c[3]; } +/* convert opaque to 32 bit integer. Interpret as little endian. */ +WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32) +{ + *wc_u32 = (word32)c[0] | + ((word32)c[1] << 8) | + ((word32)c[2] << 16) | + ((word32)c[3] << 24); +} + WC_MISC_STATIC WC_INLINE word32 btoi(byte b) { diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index e433a1a3c..45dfb7621 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -102,12 +102,13 @@ void ByteReverseWords64(word64* out, const word64* in, word32 byteCount); void c32to24(word32 in, word24 out); -void c16toa(word16 u16, byte* c); -void c32toa(word32 u32, byte* c); -void c24to32(const word24 u24, word32* u32); -void ato16(const byte* c, word16* u16); -void ato24(const byte* c, word32* u24); -void ato32(const byte* c, word32* u32); +void c16toa(word16 wc_u16, byte* c); +void c32toa(word32 wc_u32, byte* c); +void c24to32(const word24 wc_u24, word32* wc_u32); +void ato16(const byte* c, word16* wc_u16); +void ato24(const byte* c, word32* wc_u24); +void ato32(const byte* c, word32* wc_u32); +void ato32le(const byte* c, word32* wc_u32); word32 btoi(byte b); WOLFSSL_LOCAL signed char HexCharToByte(char ch);