mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-26 23:02:22 +01:00
Merge pull request #9298 from douzzer/20251014-WC_SAFE_SUM
20251014-WC_SAFE_SUM
This commit is contained in:
Eric Blankenhorn
GitHub
@@ -10613,8 +10613,11 @@ static void AddHandShakeHeader(byte* output, word32 length,
|
||||
if (hs == NULL)
|
||||
return;
|
||||
|
||||
PRAGMA_GCC_DIAG_PUSH;
|
||||
PRAGMA_GCC("GCC diagnostic ignored \"-Wnull-dereference\"");
|
||||
hs->type = type;
|
||||
c32to24(length, hs->length); /* type and length same for each */
|
||||
PRAGMA_GCC_DIAG_POP;
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
DtlsHandShakeHeader* dtls;
|
||||
@@ -14705,7 +14708,10 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
|
||||
if (idx >= 0) {
|
||||
WOLFSSL_MSG("find hashed CRL in list");
|
||||
ph = wolfSSL_sk_BY_DIR_HASH_value(entry->hashes, idx);
|
||||
suffix = ph->last_suffix;
|
||||
if (ph)
|
||||
suffix = ph->last_suffix;
|
||||
else
|
||||
suffix = 0;
|
||||
} else {
|
||||
ph = NULL;
|
||||
suffix = 0;
|
||||
@@ -23309,6 +23315,8 @@ int SendChangeCipher(WOLFSSL* ssl)
|
||||
|
||||
/* get output buffer */
|
||||
output = GetOutputBuffer(ssl);
|
||||
if (output == NULL)
|
||||
return BUFFER_E;
|
||||
|
||||
AddRecordHeader(output, 1, change_cipher_spec, ssl, CUR_ORDER);
|
||||
|
||||
|
||||
@@ -11549,15 +11549,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
#endif
|
||||
byte* myBuffer = staticBuffer;
|
||||
int dynamic = 0;
|
||||
word32 sending = 0;
|
||||
int idx = 0;
|
||||
size_t sending = 0;
|
||||
size_t idx = 0;
|
||||
int i;
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_writev");
|
||||
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
sending += iov[i].iov_len;
|
||||
if (! WC_SAFE_SUM_UNSIGNED(size_t, sending, iov[i].iov_len,
|
||||
sending))
|
||||
return BUFFER_E;
|
||||
|
||||
if (sending > sizeof(staticBuffer)) {
|
||||
myBuffer = (byte*)XMALLOC(sending, ssl->heap,
|
||||
|
||||
@@ -13706,8 +13706,12 @@ static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s
|
||||
}
|
||||
|
||||
#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
|
||||
(void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
|
||||
stream->bytes_crypted_with_this_tweak);
|
||||
if (! WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
|
||||
stream->bytes_crypted_with_this_tweak))
|
||||
{
|
||||
WOLFSSL_MSG("Overflow of stream->bytes_crypted_with_this_tweak "
|
||||
"in AesXtsEncryptUpdate().");
|
||||
}
|
||||
#endif
|
||||
#if FIPS_VERSION3_GE(6,0,0)
|
||||
/* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
|
||||
@@ -14144,15 +14148,20 @@ static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))
|
||||
if (stream->bytes_crypted_with_this_tweak &
|
||||
((word32)WC_AES_BLOCK_SIZE - 1U))
|
||||
{
|
||||
WOLFSSL_MSG("Call to AesXtsDecryptUpdate after previous finalizing call");
|
||||
WOLFSSL_MSG("AesXtsDecryptUpdate after previous finalizing call");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
|
||||
(void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
|
||||
stream->bytes_crypted_with_this_tweak);
|
||||
if (! WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
|
||||
stream->bytes_crypted_with_this_tweak))
|
||||
{
|
||||
WOLFSSL_MSG("Overflow of stream->bytes_crypted_with_this_tweak "
|
||||
"in AesXtsDecryptUpdate().");
|
||||
}
|
||||
#endif
|
||||
|
||||
{
|
||||
|
||||
@@ -29915,19 +29915,18 @@ static int EncodeName(EncodedName* name, const char* nameStr,
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_OID
|
||||
if (ret == 0 && type == ASN_CUSTOM_NAME) {
|
||||
if (cname == NULL || cname->custom.oidSz == 0) {
|
||||
name->used = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#else
|
||||
(void)cname;
|
||||
#endif
|
||||
|
||||
CALLOC_ASNSETDATA(dataASN, rdnASN_Length, ret, NULL);
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_CUSTOM_OID
|
||||
if (type == ASN_CUSTOM_NAME) {
|
||||
if (cname == NULL || cname->custom.oidSz == 0) {
|
||||
name->used = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#else
|
||||
(void)cname;
|
||||
#endif
|
||||
CALLOC_ASNSETDATA(dataASN, rdnASN_Length, ret, NULL);
|
||||
nameSz = (word32)XSTRLEN(nameStr);
|
||||
/* Copy the RDN encoding template. ASN.1 tag for the name string is set
|
||||
* based on type. */
|
||||
|
||||
@@ -462,8 +462,75 @@ enum {
|
||||
|
||||
#define XELEM_CNT(x) (sizeof((x))/sizeof(*(x)))
|
||||
|
||||
#define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \
|
||||
((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0))
|
||||
#ifdef NO_INLINE
|
||||
#define WC_WUR_INT(x) (x)
|
||||
#else
|
||||
static WC_INLINE WARN_UNUSED_RESULT int WC_WUR_INT(int x) { return x; }
|
||||
#endif
|
||||
|
||||
#ifdef WORD64_AVAILABLE
|
||||
#define WC_MAX_UINT_OF(x) \
|
||||
((((word64)1 << ((sizeof(x) * (word64)CHAR_BIT) - \
|
||||
(word64)1)) - (word64)1) \
|
||||
| \
|
||||
((word64)1 << ((sizeof(x) * (word64)CHAR_BIT) - (word64)1)))
|
||||
#define WC_MAX_SINT_OF(x) \
|
||||
((sword64)((((word64)1 << ((sizeof(x) * (word64)CHAR_BIT) - \
|
||||
(word64)2)) - (word64)1) \
|
||||
| \
|
||||
((word64)1 << ((sizeof(x) * (word64)CHAR_BIT) - \
|
||||
(word64)2))))
|
||||
#define WC_MIN_SINT_OF(x) \
|
||||
((sword64)((word64)1 << ((sizeof(x) * (word64)CHAR_BIT) - \
|
||||
(word64)1)))
|
||||
#else
|
||||
#define WC_MAX_UINT_OF(x) \
|
||||
((((word32)1 << ((sizeof(x) * (word32)CHAR_BIT) - \
|
||||
(word32)1)) - (word32)1) \
|
||||
| \
|
||||
((word32)1 << ((sizeof(x) * (word32)CHAR_BIT) - (word32)1)))
|
||||
#define WC_MAX_SINT_OF(x) \
|
||||
((sword32)((((word32)1 << ((sizeof(x) * (word32)CHAR_BIT) - \
|
||||
(word32)2)) - (word32)1) \
|
||||
| \
|
||||
((word32)1 << ((sizeof(x) * (word32)CHAR_BIT) - \
|
||||
(word32)2))))
|
||||
#define WC_MIN_SINT_OF(x) \
|
||||
((sword32)((word32)1 << ((sizeof(x) * (word32)CHAR_BIT) - \
|
||||
(word32)1)))
|
||||
#endif
|
||||
|
||||
#define WC_SAFE_SUM_UNSIGNED_NO_WUR(type, in1, in2, out) \
|
||||
((in2) <= (WC_MAX_UINT_OF(type) - (in1)) ? \
|
||||
((out) = (in1) + (in2), 1) : \
|
||||
((out) = WC_MAX_UINT_OF(type), 0))
|
||||
|
||||
#define WC_SAFE_SUM_UNSIGNED(type, in1, in2, out) \
|
||||
WC_WUR_INT(WC_SAFE_SUM_UNSIGNED_NO_WUR(type, in1, in2, out))
|
||||
|
||||
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0))
|
||||
#define WC_SAFE_SUM_WORD32(in1, in2, out) \
|
||||
WC_SAFE_SUM_UNSIGNED_NO_WUR(word32, in1, in2, out)
|
||||
#else
|
||||
#define WC_SAFE_SUM_WORD32(in1, in2, out) \
|
||||
WC_SAFE_SUM_UNSIGNED(word32, in1, in2, out)
|
||||
#endif
|
||||
|
||||
#define WC_SAFE_SUM_SIGNED_NO_WUR(type, in1, in2, out) \
|
||||
((((in1) > 0) && ((in2) > 0)) ? \
|
||||
((in2) <= WC_MAX_SINT_OF(type) - (in1) ? \
|
||||
((out) = (in1) + (in2), 1) : \
|
||||
((out) = (type)WC_MAX_SINT_OF(type), 0)) \
|
||||
: \
|
||||
((((in1) < 0) && ((in2) < 0)) ? \
|
||||
((in2) >= WC_MIN_SINT_OF(type) - (in1) ? \
|
||||
((out) = (in1) + (in2), 1) : \
|
||||
((out) = (type)WC_MIN_SINT_OF(type), 0)) \
|
||||
: \
|
||||
((out) = (in1) + (in2), 1)))
|
||||
|
||||
#define WC_SAFE_SUM_SIGNED(type, in1, in2, out) \
|
||||
WC_WUR_INT(WC_SAFE_SUM_SIGNED_NO_WUR(type, in1, in2, out))
|
||||
|
||||
#if defined(HAVE_IO_POOL)
|
||||
WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
|
||||
|
||||
Reference in New Issue
Block a user