From 4df6fb74b0cf043b7b9ecbd54562643ddf7d9ace Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 19 Jul 2021 16:29:43 -0500 Subject: [PATCH 1/4] fix sanitizer-detected uninitialized/null data accesses: wc_SrpComputeKey(), XChaCha20Poly1305_test(). --- wolfcrypt/src/srp.c | 3 +-- wolfcrypt/test/test.c | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index b30f415bf..95d927b75 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -654,8 +654,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, if (!srp || !clientPubKey || clientPubKeySz == 0 || !serverPubKey || serverPubKeySz == 0) { - r = BAD_FUNC_ARG; - goto out; + return BAD_FUNC_ARG; } #ifdef WOLFSSL_SMALL_STACK diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e11194245..aa86dc7ad 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11467,6 +11467,9 @@ WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((buf1 == NULL) || (buf2 == NULL)) + ERROR_OUT(-6480, out); #else byte buf1[sizeof Ciphertext + sizeof Tag]; byte buf2[sizeof Plaintext]; @@ -11479,31 +11482,33 @@ WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) { Key, sizeof Key); if (ret < 0) - ERROR_OUT(-6840, out); - - if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext)) ERROR_OUT(-6841, out); - if (XMEMCMP(buf1 + sizeof Plaintext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE)) + if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext)) ERROR_OUT(-6842, out); + if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE)) + ERROR_OUT(-6843, out); + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, - buf1, sizeof Plaintext + sizeof Tag, + buf1, sizeof Ciphertext + sizeof Tag, AAD, sizeof AAD, IV, sizeof IV, Key, sizeof Key); if (ret < 0) - ERROR_OUT(-6843, out); + ERROR_OUT(-6844, out); if (XMEMCMP(buf2, Plaintext, sizeof Plaintext)) - ERROR_OUT(-6844, out); + ERROR_OUT(-6845, out); out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (buf1 != NULL) + XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (buf2 != NULL) + XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; From f8d1befdfff165af9a0a216b72f039abe11e3385 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 19 Jul 2021 16:31:22 -0500 Subject: [PATCH 2/4] autogen.sh: leave .git/hooks/pre-{commit,push} alone unless they don't exist, to allow for local ecosystem-dependent customizations of the hooks. --- autogen.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/autogen.sh b/autogen.sh index aba57d715..1dc3ba1fb 100755 --- a/autogen.sh +++ b/autogen.sh @@ -8,8 +8,12 @@ if test -d .git; then if ! test -d .git/hooks; then mkdir .git/hooks fi - ln -s -f ../../pre-commit.sh .git/hooks/pre-commit - ln -s -f ../../pre-push.sh .git/hooks/pre-push + if [ ! -e .git/hooks/pre-commit ]; then + ln -s ../../pre-commit.sh .git/hooks/pre-commit + fi + if [ ! -e .git/hooks/pre-push ]; then + ln -s ../../pre-push.sh .git/hooks/pre-push + fi fi # touch options.h (make sure it exists) From fe94c36a7b64581adf250835b5d59d580dbee85c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 19 Jul 2021 18:31:13 -0500 Subject: [PATCH 3/4] configure.ac: fix wrong constructions in environment setup for ENABLED_REPRODUCIBLE_BUILD. --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 0caa104dd..195cc8226 100644 --- a/configure.ac +++ b/configure.ac @@ -95,16 +95,16 @@ AC_ARG_ENABLE([reproducible-build], xxx_ar_flags=$(ar --help 2>&1) if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes" then - AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[: ${AR_FLAGS="Dcr"}]) + AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr"]) else - AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) + AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[AR_FLAGS="Ucru"]) fi xxx_ranlib_flags=$(ranlib --help 2>&1) if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes" then - AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[: ${RANLIB="ranlib -D"}]) + AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="ranlib -D"]) else - AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[: ${RANLIB="ranlib -U"}]) + AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[RANLIB="ranlib -U"]) fi From a43cc4ebfae9847376e5b437fc8fe19e82c865d0 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 19 Jul 2021 21:41:15 -0500 Subject: [PATCH 4/4] openssl/sha.h: enlarge WOLFSSL_SHA384_CTX.holder to accommodate wc_Sha512.{devId,devCtx}. --- wolfssl/openssl/sha.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 7120ecb17..d7078d4f8 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -158,7 +158,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; typedef struct WOLFSSL_SHA384_CTX { /* big enough to hold wolfCrypt Sha384, but check on init */ - void* holder[(256 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; + void* holder[(268 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; } WOLFSSL_SHA384_CTX; WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);