wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve the TLS v1.3 expand key label warning for possible use of uninitialized "hash".

Browse Source
This commit is contained in:
David Garske
2023-12-27 09:52:56 -08:00
parent d9ac8b5422
commit b86dfffdbe
2 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/tls13.c
View File

@ -266,10 +266,6 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
return ret; return ret;
#endif #endif
/* Hash buffer may not be fully initialized, but the sending length won't
* extend beyond the initialized span. */
PRAGMA_GCC_DIAG_PUSH
PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
protocol, protocolLen, protocol, protocolLen,
@ -288,7 +284,6 @@ PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
label, labelLen, label, labelLen,
info, infoLen, digest); info, infoLen, digest);
#endif #endif
PRAGMA_GCC_DIAG_POP
(void)ssl; (void)ssl;
(void)side; (void)side;
return ret; return ret;
@ -490,14 +485,21 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
} }
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
if (outputLen == -1) if (outputLen == -1) {
outputLen = hashSz; outputLen = hashSz;
if (includeMsgs) }
if (includeMsgs) {
hashOutSz = hashSz; hashOutSz = hashSz;
}
else {
/* Appease static analyzers by making sure hash is cleared, since it is
* passed into expand key label where older wc_Tls13_HKDF_Expand_Label
* will unconditionally try to call a memcpy on it, however length will
* always be 0. */
XMEMSET(hash, 0, sizeof(hash));
hashOutSz = 0;
}
/* hash buffer may not be fully initialized, but the sending length won't
* extend beyond the initialized span.
*/
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz, ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
protocol, protocolLen, label, labelLen, protocol, protocolLen, label, labelLen,

24
wolfcrypt/src/kdf.c
View File

@ -485,17 +485,23 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
data[idx++] = (byte)okmLen; data[idx++] = (byte)okmLen;
/* Length of protocol | label. */ /* Length of protocol | label. */
data[idx++] = (byte)(protocolLen + labelLen); data[idx++] = (byte)(protocolLen + labelLen);
/* Protocol */ if (protocolLen > 0) {
XMEMCPY(&data[idx], protocol, protocolLen); /* Protocol */
idx += protocolLen; XMEMCPY(&data[idx], protocol, protocolLen);
/* Label */ idx += protocolLen;
XMEMCPY(&data[idx], label, labelLen); }
idx += labelLen; if (labelLen > 0) {
/* Label */
XMEMCPY(&data[idx], label, labelLen);
idx += labelLen;
}
/* Length of hash of messages */ /* Length of hash of messages */
data[idx++] = (byte)infoLen; data[idx++] = (byte)infoLen;
/* Hash of messages */ if (infoLen > 0) {
XMEMCPY(&data[idx], info, infoLen); /* Hash of messages */
idx += infoLen; XMEMCPY(&data[idx], info, infoLen);
idx += infoLen;
}
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_Tls13_HKDF_Expand_Label data", data, idx); wc_MemZero_Add("wc_Tls13_HKDF_Expand_Label data", data, idx);