mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 10:47:28 +02:00
Sean Parkinson
GitHub
@ -259,7 +259,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
|
|||||||
#ifdef HAVE_CHACHA
|
#ifdef HAVE_CHACHA
|
||||||
if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {
|
if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {
|
||||||
word32 counter;
|
word32 counter;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (c->chacha == NULL)
|
if (c->chacha == NULL)
|
||||||
return BAD_STATE_E;
|
return BAD_STATE_E;
|
||||||
|
|||||||
@ -8152,10 +8152,12 @@ DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap)
|
|||||||
DtlsMsg* msg;
|
DtlsMsg* msg;
|
||||||
WOLFSSL_ENTER("DtlsMsgNew()");
|
WOLFSSL_ENTER("DtlsMsgNew()");
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_ASYNC_CRYPT
|
||||||
if (sz == 0) {
|
if (sz == 0) {
|
||||||
WOLFSSL_MSG("DtlsMsgNew: sz == 0 not allowed");
|
WOLFSSL_MSG("DtlsMsgNew: sz == 0 not allowed");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
(void)heap;
|
(void)heap;
|
||||||
msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
|
msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
|
||||||
@ -8386,8 +8388,18 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
|
|||||||
|
|
||||||
/* frag->padding makes sure we can fit the entire DTLS handshake header
|
/* frag->padding makes sure we can fit the entire DTLS handshake header
|
||||||
* before frag->buf */
|
* before frag->buf */
|
||||||
dtls = (DtlsHandShakeHeader*)(msg->fragBucketList->buf -
|
|
||||||
DTLS_HANDSHAKE_HEADER_SZ);
|
/* note the dtls pointer needs to be computed from msg->fragBucketList, not
|
||||||
|
* from msg->fragBucketList->buf, to avoid a pointerOutOfBounds access
|
||||||
|
* detected by cppcheck.
|
||||||
|
*
|
||||||
|
* also note, the (void *) intermediate cast is necessary to avoid a
|
||||||
|
* potential -Wcast-align around alignment of DtlsHandShakeHeader exceeding
|
||||||
|
* alignment of char.
|
||||||
|
*/
|
||||||
|
dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
|
||||||
|
+ OFFSETOF(DtlsFragBucket,buf)
|
||||||
|
- DTLS_HANDSHAKE_HEADER_SZ);
|
||||||
|
|
||||||
msg->fragBucketList = NULL;
|
msg->fragBucketList = NULL;
|
||||||
msg->fragBucketListCount = 0;
|
msg->fragBucketListCount = 0;
|
||||||
@ -19839,6 +19851,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
ssl->keys.padSz, &processedSize);
|
ssl->keys.padSz, &processedSize);
|
||||||
ssl->buffers.inputBuffer.idx += processedSize;
|
ssl->buffers.inputBuffer.idx += processedSize;
|
||||||
ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
|
ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
@ -20694,7 +20708,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
|||||||
if (sizeOnly)
|
if (sizeOnly)
|
||||||
goto exit_buildmsg;
|
goto exit_buildmsg;
|
||||||
|
|
||||||
{
|
{
|
||||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
|
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
|
||||||
/* If we want the PREV_ORDER then modify CUR_ORDER sequence number
|
/* If we want the PREV_ORDER then modify CUR_ORDER sequence number
|
||||||
* for all encryption algos that use it for encryption parameters */
|
* for all encryption algos that use it for encryption parameters */
|
||||||
@ -20735,7 +20749,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
|||||||
ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
|
ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
goto exit_buildmsg;
|
goto exit_buildmsg;
|
||||||
|
|||||||
13
src/tls13.c
13
src/tls13.c
@ -518,7 +518,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
|
|||||||
if (ssl == NULL || ssl->arrays == NULL) {
|
if (ssl == NULL || ssl->arrays == NULL) {
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
||||||
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
|
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
|
||||||
ssl->specs.mac_algorithm, 1);
|
ssl->specs.mac_algorithm, 1);
|
||||||
@ -6169,9 +6169,10 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
|
|||||||
{
|
{
|
||||||
#ifdef WOLFSSL_DTLS13
|
#ifdef WOLFSSL_DTLS13
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
ret = Dtls13HashHandshake(ssl,
|
ret = Dtls13HashHandshake(
|
||||||
output + Dtls13GetRlHeaderLength(ssl, 0) ,
|
ssl,
|
||||||
(word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0));
|
output + Dtls13GetRlHeaderLength(ssl, 0) ,
|
||||||
|
(word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS13 */
|
||||||
@ -6452,7 +6453,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
|
|||||||
ssl->options.buildingMsg = 0;
|
ssl->options.buildingMsg = 0;
|
||||||
ret =
|
ret =
|
||||||
Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
|
Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
|
||||||
certificate_request, 1);
|
certificate_request, 1);
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SendTls13CertificateRequest", ret);
|
WOLFSSL_LEAVE("SendTls13CertificateRequest", ret);
|
||||||
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
|
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
|
||||||
@ -7263,7 +7264,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
|||||||
ssl->options.buildingMsg = 0;
|
ssl->options.buildingMsg = 0;
|
||||||
ssl->fragOffset = 0;
|
ssl->fragOffset = 0;
|
||||||
ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
|
ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
|
||||||
certificate, 1);
|
certificate, 1);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS13 */
|
||||||
|
|||||||
@ -240,7 +240,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_LIBOQS
|
#ifdef HAVE_LIBOQS
|
||||||
/* NOTE: SHAKE and AES variants have the same length ciphertext. */
|
/* NOTE: SHAKE and AES variants have the same length ciphertext. */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
switch (key->type) {
|
switch (key->type) {
|
||||||
case KYBER_LEVEL1:
|
case KYBER_LEVEL1:
|
||||||
@ -534,7 +534,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Decode the private key.
|
* Decode the private key.
|
||||||
*
|
*
|
||||||
* We store the whole thing in the private key buffer. Note this means we cannot
|
* We store the whole thing in the private key buffer. Note this means we cannot
|
||||||
* do the encapsulation operation with the private key. But generally speaking
|
* do the encapsulation operation with the private key. But generally speaking
|
||||||
* this is never done.
|
* this is never done.
|
||||||
@ -614,7 +614,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len)
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Encode the private key.
|
* Encode the private key.
|
||||||
*
|
*
|
||||||
* We stored it as a blob so we can just copy it over.
|
* We stored it as a blob so we can just copy it over.
|
||||||
*
|
*
|
||||||
* @param [in] key Kyber key object.
|
* @param [in] key Kyber key object.
|
||||||
@ -664,7 +664,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
|
|||||||
*/
|
*/
|
||||||
int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
|
int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
unsigned int pubLen = 0;
|
unsigned int pubLen = 0;
|
||||||
|
|
||||||
if ((key == NULL) || (out == NULL)) {
|
if ((key == NULL) || (out == NULL)) {
|
||||||
|
|||||||
@ -10600,11 +10600,16 @@ int sp_invmod(sp_int* a, sp_int* m, sp_int* r)
|
|||||||
else if (err != MP_OKAY) {
|
else if (err != MP_OKAY) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
sp_init_size(u, m->used + 1);
|
err = sp_init_size(u, m->used + 1);
|
||||||
sp_init_size(v, m->used + 1);
|
if (err == MP_OKAY)
|
||||||
sp_init_size(b, m->used + 1);
|
err = sp_init_size(v, m->used + 1);
|
||||||
sp_init_size(c, 2 * m->used + 1);
|
if (err == MP_OKAY)
|
||||||
|
err = sp_init_size(b, m->used + 1);
|
||||||
|
if (err == MP_OKAY)
|
||||||
|
err = sp_init_size(c, 2 * m->used + 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((err == MP_OKAY) && !sp_isone(a)) {
|
||||||
if (sp_iseven(m)) {
|
if (sp_iseven(m)) {
|
||||||
/* a^-1 mod m = m + ((1 - m*(m^-1 % a)) / a) */
|
/* a^-1 mod m = m + ((1 - m*(m^-1 % a)) / a) */
|
||||||
mm = a;
|
mm = a;
|
||||||
@ -16363,10 +16368,14 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
|
|||||||
u = d[0];
|
u = d[0];
|
||||||
v = d[1];
|
v = d[1];
|
||||||
t = d[2];
|
t = d[2];
|
||||||
sp_init_size(u, used);
|
err = sp_init_size(u, used);
|
||||||
sp_init_size(v, used);
|
}
|
||||||
sp_init_size(t, used);
|
if (err == MP_OKAY)
|
||||||
|
err = sp_init_size(v, used);
|
||||||
|
if (err == MP_OKAY)
|
||||||
|
err = sp_init_size(t, used);
|
||||||
|
|
||||||
|
if (err == MP_OKAY) {
|
||||||
if (_sp_cmp(a, b) != MP_LT) {
|
if (_sp_cmp(a, b) != MP_LT) {
|
||||||
sp_copy(b, u);
|
sp_copy(b, u);
|
||||||
/* First iteration - u = a, v = b */
|
/* First iteration - u = a, v = b */
|
||||||
|
|||||||
Reference in New Issue
Block a user