fixes from CI testing and peer review:

wolfcrypt/src/tfm.c and wolfssl/wolfcrypt/tfm.h: fix for -Wdiscarded-qualifiers in ecc_check_order_minus_1().

wolfssl/wolfcrypt/types.h: in WC_BARRIER(), use XFENCE() too, for best possible barrier.  fixes an ARM32 -Ofast -Wmaybe-uninitialized in blake2s_init_key().

wolfcrypt/src/asn_orig.c: set Stored flag after each allocation of a member that needs it.

wolfcrypt/src/signature.c: in wc_SignatureGetSize(), provide for legacy FIPS non-const-arg wc_ecc_sig_size() and wc_RsaEncryptSize().
This commit is contained in:
Daniel Pouzzner
2026-04-01 15:28:35 -05:00
parent 21c6568883
commit e6713372ee
5 changed files with 23 additions and 7 deletions
+7 -3
View File
@@ -3182,6 +3182,7 @@ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input,
ret = MEMORY_E;
}
else {
dnsEntry->nameStored = 1;
XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[*idx],
(size_t)strLen);
((char *)(wc_ptr_t)dnsEntry->name)[strLen] = '\0';
@@ -3272,6 +3273,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
dnsEntry->nameStored = 1;
dnsEntry->len = strLen;
XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[idx],
(size_t)strLen);
@@ -3317,6 +3319,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
dirEntry->nameStored = 1;
dirEntry->len = strLen;
XMEMCPY((void *)(wc_ptr_t)dirEntry->name, &input[idx],
(size_t)strLen);
@@ -3346,7 +3349,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
emailEntry->nameStored = 1;
emailEntry->type = ASN_RFC822_TYPE;
emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
@@ -3430,7 +3433,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
uriEntry->nameStored = 1;
uriEntry->type = ASN_URI_TYPE;
uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
@@ -3474,7 +3477,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
ipAddr->nameStored = 1;
ipAddr->type = ASN_IP_TYPE;
ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
@@ -3534,6 +3537,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
rid->nameStored = 1;
rid->len = strLen;
XMEMCPY((void *)(wc_ptr_t)rid->name, &input[idx], strLen);
((char *)(wc_ptr_t)rid->name)[strLen] = '\0';
+8
View File
@@ -95,7 +95,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
#ifdef HAVE_ECC
/* Sanity check that void* key is at least ecc_key in size */
if (key_len >= sizeof(ecc_key)) {
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
sig_len = wc_ecc_sig_size((ecc_key*)(wc_ptr_t)key);
#else
sig_len = wc_ecc_sig_size((const ecc_key*)key);
#endif
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size");
@@ -110,7 +114,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
#ifndef NO_RSA
/* Sanity check that void* key is at least RsaKey in size */
if (key_len >= sizeof(RsaKey)) {
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
sig_len = wc_RsaEncryptSize((RsaKey*)(wc_ptr_t)key);
#else
sig_len = wc_RsaEncryptSize((const RsaKey*)key);
#endif
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size");
+2 -2
View File
@@ -4540,9 +4540,9 @@ int mp_exptmod_nct (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
/* compare two ints (signed)*/
int mp_cmp (mp_int * a, mp_int * b)
int mp_cmp (const mp_int * a, const mp_int * b)
{
return fp_cmp(a, b);
return fp_cmp((mp_int *)a, (mp_int *)b);
}
/* compare a digit */
+1 -1
View File
@@ -843,7 +843,7 @@ MP_API int mp_2expt(mp_int* a, int b);
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_cmp(mp_int *a, mp_int *b);
MP_API int mp_cmp(const mp_int *a, const mp_int *b);
#define mp_cmp_ct(a, b, n) mp_cmp(a, b)
MP_API int mp_cmp_d(mp_int *a, mp_digit b);
+5 -1
View File
@@ -489,7 +489,11 @@ enum {
static WC_INLINE WARN_UNUSED_RESULT int WC_WUR_INT(int x) { return x; }
#endif
#define WC_BARRIER() do { volatile byte _xfence = 0; (void)_xfence; } while(0)
/* XFENCE() is a no-op on some targets. WC_BARRIER() uses C89 intrinsics as an
* additional portable barrier.
*/
#define WC_BARRIER() do { volatile byte _xfence = 0; (void)_xfence; XFENCE(); \
} while(0)
#ifdef WORD64_AVAILABLE
#define WC_MAX_UINT_OF(x) \