Merge pull request #9646 from rlm2002/coverity

20260112 Coverity: update macros and add length checks

src/tls.c

@@ -6972,8 +6972,10 @@ int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, const byte* input,
         int set = 0;
 
         /* Must contain a length and at least one version. */
-        if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1)
+        if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1
+            || length > MAX_SV_EXT_LEN) {
             return BUFFER_ERROR;
+        }
 
         len = *input;
 
@@ -9963,10 +9965,13 @@ int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
     if (length < OPAQUE16_LEN)
         return BUFFER_ERROR;
 
-    /* ClientHello contains zero or more key share entries. */
+    /* ClientHello contains zero or more key share entries. Limits extension
+     * length to 2^16-1 and subtracting 4 bytes for header size per RFC 8446 */
     ato16(input, &len);
-    if (len != length - OPAQUE16_LEN)
+    if ((len != length - OPAQUE16_LEN) ||
+         length > (MAX_EXT_DATA_LEN - HELLO_EXT_SZ)) {
         return BUFFER_ERROR;
+    }
     offset += OPAQUE16_LEN;
 
     while (offset < (int)length) {

wolfcrypt/test/test.c

@@ -20187,10 +20187,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void)
     byte outbuf1[16], outbuf2[16];
     int i;
 
-    WC_ALLOC_VAR_EX(bank, struct wc_rng_bank, 1, HEAP_HINT,
+    WC_CALLOC_VAR_EX(bank, struct wc_rng_bank, 1, HEAP_HINT,
                     DYNAMIC_TYPE_TMP_BUFFER,
                     return WC_TEST_RET_ENC_EC(MEMORY_E));
-    XMEMSET(bank, 0, sizeof(*bank));
 
 #ifdef WC_DRBG_BANKREF
     WC_ALLOC_VAR_EX(rng, WC_RNG, 1, HEAP_HINT,
@@ -52298,44 +52297,67 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        if (iTable == NULL)
-            return WC_TEST_RET_ENC_ERRNO;
+        if (iTable == NULL) {
+            ret = WC_TEST_RET_ENC_ERRNO;
+            goto out;
+        }
         ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
-        if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+        if (ret != 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+            goto out;
+        }
     }
     len = 0;
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto out;
+    }
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        if (table == NULL)
-            return WC_TEST_RET_ENC_ERRNO;
+        if (table == NULL) {
+            ret = WC_TEST_RET_ENC_ERRNO;
+            goto out;
+        }
         ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
-        if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+        if (ret != 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+            goto out;
+        }
     }
 
     ret = wc_SetSakkeRsk(key, rsk, table, len);
-    if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto out;
+    }
 
     XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
             auth, sizeof(auth));
-    if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
-        return WC_TEST_RET_ENC_NC;
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto out;
+    }
+    if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto out;
+    }
 
     /* Don't reference table that is about to be freed. */
     ret = wc_ClearSakkePointITable(key);
-    if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+    }
+
+out:
     /* Dispose of tables */
     XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    /* return error code if encountered */
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Make sure the key public key is exportable - convert to Montgomery form
      * in Validation.

wolfssl/internal.h

@@ -1668,6 +1668,12 @@ enum Misc {
     MAX_REQUEST_SZ      = 256, /* Maximum cert req len (no auth yet */
     SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
     TLS_MAX_PAD_SZ      = 255, /* Max padding in TLS */
+    MAX_EXT_DATA_LEN    = 65535,
+                          /* Max extension data length <0..2^16-1> RFC 8446
+                           * Section 4.2 */
+    MAX_SV_EXT_LEN      = 255,
+                          /* Max supported_versions extension length
+                           * <2..254> RFC 8446 Section 4.2.1.*/
 
 #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
     #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48

wolfssl/wolfcrypt/types.h

@@ -912,9 +912,9 @@ enum {
         WC_DO_NOTHING
     #define WC_VAR_OK(VAR_NAME) 1
     #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
-        XMEMSET(VAR_NAME, 0, sizeof(var))
+        XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE))
     #define WC_CALLOC_VAR_EX(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP, TY, ONFAIL)\
-        WC_DO_NOTHING
+        XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE))
     #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING \
         /* nothing to free, its stack */
     #define WC_FREE_VAR_EX(VAR_NAME, HEAP, TYPE) WC_DO_NOTHING