wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4070 from elms/fsanitize/undefined_fixes

Browse Source 
address errors with `-fsanitize=undefined`
This commit is contained in:
Daniel Pouzzner
2021-07-01 13:00:06 -05:00
committed by GitHub
parent 45486ac904 75e807abc6
commit e9e41d3344
14 changed files with 127 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@@ -1523,6 +1523,17 @@ then
fi fi
fi fi
AC_ARG_ENABLE([aligndata],
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
[ ENABLED_ALIGN_DATA=$enableval ],
[ ENABLED_ALIGN_DATA=yes ]
)
if test "$ENABLED_ALIGN_DATA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN"
fi
# INTEL RDRAND # INTEL RDRAND
AC_ARG_ENABLE([intelrand], AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])], [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],

13
src/internal.c
View File

@@ -5927,8 +5927,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init; ssl->dtls_timeout = ssl->dtls_timeout_init;
ssl->buffers.dtlsCtx.rfd = -1; ssl->buffers.dtlsCtx.rfd = -1;
ssl->buffers.dtlsCtx.wfd = -1; ssl->buffers.dtlsCtx.wfd = -1;
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */
#endif #endif
#ifndef WOLFSSL_AEAD_ONLY #ifndef WOLFSSL_AEAD_ONLY
@@ -10008,7 +10013,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen); XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw)); x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
if (x509->issuer.rawLen) {
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen); XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
}
#endif #endif
#endif #endif
@@ -18520,7 +18527,8 @@ int SendCertificateStatus(WOLFSSL* ssl)
chain = ssl->buffers.certificate; chain = ssl->buffers.certificate;
} }
while (chain && idx + OPAQUE24_LEN < chain->length) { if (chain && chain->buffer) {
while (idx + OPAQUE24_LEN < chain->length) {
c24to32(chain->buffer + idx, &der.length); c24to32(chain->buffer + idx, &der.length);
idx += OPAQUE24_LEN; idx += OPAQUE24_LEN;
@@ -18549,6 +18557,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
FreeOcspRequest(request); FreeOcspRequest(request);
} }
} }
}
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -20461,7 +20470,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
word32 length; word32 length;
next = XSTRSTR(next, ":"); next = XSTRSTR(next, ":");
length = MAX_SUITE_NAME + 1; length = MAX_SUITE_NAME;
if (next != NULL) { if (next != NULL) {
word32 currLen = (word32)(next - current); word32 currLen = (word32)(next - current);
if (length > currLen) { if (length > currLen) {

13
src/ssl.c
View File

@@ -16173,6 +16173,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->IOCB_ReadCtx = &ssl->rfd; ssl->IOCB_ReadCtx = &ssl->rfd;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
ssl->buffers.dtlsCtx.rfd = rfd;
}
#endif
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@@ -40624,7 +40631,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) { if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
if (x509->subjKeyId) {
XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
}
cert->skidSz = (int)x509->subjKeyIdSz; cert->skidSz = (int)x509->subjKeyIdSz;
} }
else { else {
@@ -40633,7 +40642,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} }
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) { if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
}
cert->akidSz = (int)x509->authKeyIdSz; cert->akidSz = (int)x509->authKeyIdSz;
} }
else { else {
@@ -43021,8 +43032,10 @@ err:
objBuf[0] = ASN_OBJECT_ID; objSz++; objBuf[0] = ASN_OBJECT_ID; objSz++;
objSz += SetLength(oidSz, objBuf + 1); objSz += SetLength(oidSz, objBuf + 1);
if (oidSz) {
XMEMCPY(objBuf + objSz, oid, oidSz); XMEMCPY(objBuf + objSz, oid, oidSz);
objSz += oidSz; objSz += oidSz;
}
if (obj->objSz == 0 || objSz != obj->objSz) { if (obj->objSz == 0 || objSz != obj->objSz) {
obj->objSz = objSz; obj->objSz = objSz;

5
wolfcrypt/benchmark/benchmark.c
View File

@@ -4911,8 +4911,9 @@ void bench_rsa(int doAsync)
/* init keys */ /* init keys */
for (i = 0; i < BENCH_MAX_PENDING; i++) { for (i = 0; i < BENCH_MAX_PENDING; i++) {
/* setup an async context for each key */ /* setup an async context for each key */
if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
doAsync ? devId : INVALID_DEVID)) < 0) { doAsync ? devId : INVALID_DEVID);
if (ret < 0) {
goto exit_bench_rsa; goto exit_bench_rsa;
} }

4
wolfcrypt/src/aes.c
View File

@@ -9292,6 +9292,10 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz, const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz) byte* authTag, word32 authTagSz)
{ {
if (gmac == NULL) {
return BAD_FUNC_ARG;
}
return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, return wc_AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz); authTag, authTagSz, authIn, authInSz);
} }

8
wolfcrypt/src/eccsi.c
View File

@@ -1476,18 +1476,21 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType,
mp_int* hs = NULL; mp_int* hs = NULL;
mp_digit mp = 0; mp_digit mp = 0;
byte hashSz = 0; byte hashSz = 0;
EccsiKeyParams* params = &key->params; EccsiKeyParams* params = NULL;
if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) || if ((key == NULL) || (id == NULL) || (ssk == NULL) || (pvt == NULL) ||
(valid == NULL)) { (valid == NULL)) {
err = BAD_FUNC_ARG; err = BAD_FUNC_ARG;
} }
if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) && if ((err == 0) && (key->ecc.type != ECC_PRIVATEKEY) &&
(key->ecc.type != ECC_PUBLICKEY)) { (key->ecc.type != ECC_PUBLICKEY)) {
err = BAD_STATE_E; err = BAD_STATE_E;
} }
if (err == 0) { if (err == 0) {
params = &key->params;
hs = &key->tmp; hs = &key->tmp;
res = &key->pubkey.pubkey; res = &key->pubkey.pubkey;
@@ -2146,7 +2149,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
ecc_point* y = NULL; ecc_point* y = NULL;
ecc_point* j = NULL; ecc_point* j = NULL;
mp_digit mp = 0; mp_digit mp = 0;
EccsiKeyParams* params = &key->params; EccsiKeyParams* params = NULL;
if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) { if ((key == NULL) || (msg == NULL) || (sig == NULL) || (verified == NULL)) {
err = BAD_FUNC_ARG; err = BAD_FUNC_ARG;
@@ -2174,6 +2177,7 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType,
err = eccsi_load_ecc_params(key); err = eccsi_load_ecc_params(key);
} }
if (err == 0) { if (err == 0) {
params = &key->params;
err = mp_montgomery_setup(&params->prime, &mp); err = mp_montgomery_setup(&params->prime, &mp);
} }

2
wolfcrypt/src/evp.c
View File

@@ -2506,7 +2506,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
pkey = NULL; pkey = NULL;
} }
else { else {
if (keylen) {
XMEMCPY(pkey->pkey.ptr, key, keylen); XMEMCPY(pkey->pkey.ptr, key, keylen);
}
pkey->pkey_sz = keylen; pkey->pkey_sz = keylen;
pkey->type = pkey->save_type = type; pkey->type = pkey->save_type = type;
} }

12
wolfcrypt/src/hc128.c
View File

@@ -40,6 +40,12 @@
#endif #endif
#define LOAD_LE32(a) \
(((word32)(a)[0] << 0) | \
((word32)(a)[1] << 8) | \
((word32)(a)[2] << 16) | \
((word32)(a)[3] << 24))
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x) #define LITTLE32(x) ByteReverseWord32(x)
#else #else
@@ -271,14 +277,14 @@ static void Hc128_SetIV(HC128* ctx, const byte* inIv)
for (i = 0; i < 64; i++) setup_update(ctx); for (i = 0; i < 64; i++) setup_update(ctx);
} }
#define HC128_KEY_NUMBYTES (128 >> 5)
static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv) static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
{ {
word32 i; word32 i;
/* Key size in bits 128 */ /* Key size in bits 128 */
for (i = 0; i < (128 >> 5); i++) for (i = 0; i < HC128_KEY_NUMBYTES; i++)
ctx->key[i] = LITTLE32(((word32*)key)[i]); ctx->key[i] = LOAD_LE32(key + i * 4);
for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4]; for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];

6
wolfcrypt/src/pkcs7.c
View File

@@ -217,12 +217,14 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz) static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
{ {
byte* pt; byte* pt;
pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (pt == NULL) { if (pt == NULL) {
return MEMORY_E; return MEMORY_E;
} }
if (pkcs7->stream->buffer != NULL && pkcs7->stream->bufferSz > 0) {
XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz); XMEMCPY(pt, pkcs7->stream->buffer, pkcs7->stream->bufferSz);
}
#ifdef WC_PKCS7_STREAM_DEBUG #ifdef WC_PKCS7_STREAM_DEBUG
printf("PKCS7 increasing internal stream buffer %d -> %d\n", printf("PKCS7 increasing internal stream buffer %d -> %d\n",
@@ -2641,7 +2643,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx = 0; idx = 0;
} }
else { else {
if (!pkcs7->detached) { if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
idx += pkcs7->contentSz; idx += pkcs7->contentSz;
} }

21
wolfcrypt/src/rabbit.c
View File

@@ -38,6 +38,11 @@
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#define LOAD_LE32(a) \
(((word32)(a)[0] << 0) | \
((word32)(a)[1] << 8) | \
((word32)(a)[2] << 16) | \
((word32)(a)[3] << 24))
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x) #define LITTLE32(x) ByteReverseWord32(x)
@@ -151,10 +156,10 @@ static WC_INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
word32 k0, k1, k2, k3, i; word32 k0, k1, k2, k3, i;
/* Generate four subkeys */ /* Generate four subkeys */
k0 = LITTLE32(*(word32*)(key+ 0)); k0 = LOAD_LE32(key + 0);
k1 = LITTLE32(*(word32*)(key+ 4)); k1 = LOAD_LE32(key + 4);
k2 = LITTLE32(*(word32*)(key+ 8)); k2 = LOAD_LE32(key + 8);
k3 = LITTLE32(*(word32*)(key+12)); k3 = LOAD_LE32(key + 12);
/* Generate initial state variables */ /* Generate initial state variables */
ctx->masterCtx.x[0] = k0; ctx->masterCtx.x[0] = k0;
@@ -256,16 +261,16 @@ static WC_INLINE int DoProcess(Rabbit* ctx, byte* output, const byte* input,
RABBIT_next_state(&(ctx->workCtx)); RABBIT_next_state(&(ctx->workCtx));
/* Encrypt/decrypt 16 bytes of data */ /* Encrypt/decrypt 16 bytes of data */
*(word32*)(output+ 0) = *(word32*)(input+ 0) ^ *(word32*)(output+ 0) = LOAD_LE32(input+ 0) ^
LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^ LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^
U32V(ctx->workCtx.x[3]<<16)); U32V(ctx->workCtx.x[3]<<16));
*(word32*)(output+ 4) = *(word32*)(input+ 4) ^ *(word32*)(output+ 4) = LOAD_LE32(input+ 4) ^
LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^ LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^
U32V(ctx->workCtx.x[5]<<16)); U32V(ctx->workCtx.x[5]<<16));
*(word32*)(output+ 8) = *(word32*)(input+ 8) ^ *(word32*)(output+ 8) = LOAD_LE32(input+ 8) ^
LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^ LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^
U32V(ctx->workCtx.x[7]<<16)); U32V(ctx->workCtx.x[7]<<16));
*(word32*)(output+12) = *(word32*)(input+12) ^ *(word32*)(output+12) = LOAD_LE32(input+12) ^
LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^ LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^
U32V(ctx->workCtx.x[1]<<16)); U32V(ctx->workCtx.x[1]<<16));

14
wolfcrypt/src/sha3.c
View File

@@ -538,6 +538,18 @@ static void BlockSha3(word64 *s)
} }
#endif /* WOLFSSL_SHA3_SMALL */ #endif /* WOLFSSL_SHA3_SMALL */
static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
{
return ((word64)a[0] << 0) |
((word64)a[1] << 8) |
((word64)a[2] << 16) |
((word64)a[3] << 24) |
((word64)a[4] << 32) |
((word64)a[5] << 40) |
((word64)a[6] << 48) |
((word64)a[7] << 56);
}
/* Convert the array of bytes, in little-endian order, to a 64-bit integer. /* Convert the array of bytes, in little-endian order, to a 64-bit integer.
* *
* a Array of bytes. * a Array of bytes.
@@ -632,7 +644,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
while (len >= ((word32)(p * 8))) while (len >= ((word32)(p * 8)))
{ {
for (i = 0; i < p; i++) for (i = 0; i < p; i++)
sha3->s[i] ^= Load64BitBigEndian(data + 8 * i); sha3->s[i] ^= Load64Unaligned(data + 8 * i);
BlockSha3(sha3->s); BlockSha3(sha3->s);
len -= p * 8; len -= p * 8;
data += p * 8; data += p * 8;

2
wolfcrypt/test/test.c
View File

@@ -36872,7 +36872,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
} }
else if (info->algo_type == WC_ALGO_TYPE_SEED) { else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
word32* seedWord32 = (word32*)seed; word32* seedWord32 = (word32*)seed;
word32 len; word32 len;

2
wolfssl/wolfcrypt/blake2-impl.h
View File

@@ -85,7 +85,7 @@ static WC_INLINE void store32( void *dst, word32 w )
static WC_INLINE void store64( void *dst, word64 w ) static WC_INLINE void store64( void *dst, word64 w )
{ {
#if defined(LITTLE_ENDIAN_ORDER) #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT)
*( word64 * )( dst ) = w; *( word64 * )( dst ) = w;
#else #else
byte *p = ( byte * )dst; byte *p = ( byte * )dst;

8
wolfssl/wolfcrypt/types.h
View File

@@ -953,6 +953,12 @@ decouple library dependencies with standard string, memory and so on.
* Xilinx RSA operations require alignment */ * Xilinx RSA operations require alignment */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX)
#ifndef WOLFSSL_USE_ALIGN
#define WOLFSSL_USE_ALIGN
#endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
#ifdef WOLFSSL_USE_ALIGN
#if !defined(ALIGN16) #if !defined(ALIGN16)
#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16))) #define ALIGN16 __attribute__ ( (aligned (16)))
@@ -1025,7 +1031,7 @@ decouple library dependencies with standard string, memory and so on.
#ifndef ALIGN256 #ifndef ALIGN256
#define ALIGN256 #define ALIGN256
#endif #endif
#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */ #endif /* WOLFSSL_USE_ALIGN */
#if !defined(PEDANTIC_EXTENSION) #if !defined(PEDANTIC_EXTENSION)
#if defined(__GNUC__) #if defined(__GNUC__)