diff --git a/src/bio.c b/src/bio.c index d32ee46e91..de2325f63b 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1378,8 +1378,13 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) if (closeFlag == BIO_CLOSE) wolfSSL_BUF_MEM_free(bio->mem_buf); + if ((closeFlag != WOLFSSL_BIO_NOCLOSE ) && \ + (closeFlag != WOLFSSL_BIO_CLOSE)) { + return BAD_FUNC_ARG; + } + bio->mem_buf = bufMem; - bio->shutdown = closeFlag; + bio->shutdown = (byte)closeFlag; bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; diff --git a/src/dtls.c b/src/dtls.c index 5b2356a922..d2c1d4c03e 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -716,9 +716,14 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) * and if they don't match we will error out there anyway. */ byte modes; + /* TLSX_PreSharedKey_Parse_ClientHello uses word16 length */ + if (tlsx.size > WOLFSSL_MAX_16BIT) { + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + } + /* Ask the user for the ciphersuite matching this identity */ if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts, - tlsx.elements, tlsx.size, ssl->heap) == 0) + tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites); /* Revert to full handshake if PSK parsing failed */ @@ -729,8 +734,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) goto dtls13_cleanup; if (!tlsxFound) ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); - ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, tlsx.size, - client_hello, &modes); + ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, (word16)tlsx.size, + client_hello, &modes); if (ret != 0) goto dtls13_cleanup; if ((modes & (1 << PSK_DHE_KE)) && diff --git a/src/pk.c b/src/pk.c index 2510c32a02..1d5da37e40 100644 --- a/src/pk.c +++ b/src/pk.c @@ -3562,7 +3562,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; - enum wc_HashType hashType; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; int hashLen = 0; int emLen = 0; int mgf = 0; @@ -7876,7 +7876,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int err = 0; byte* der = NULL; - word32 derSz; + word32 derSz = 0; DhKey* key = NULL; (void)heap; @@ -7933,7 +7933,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) { int ret = 1; - int derSz; + int derSz = 0; byte* derBuf = NULL; void* heap = NULL; @@ -16501,7 +16501,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; int algId = 0; - const byte* curveOid; + const byte* curveOid = 0; word32 oidSz = 0; /* Get the details of the private key. */ @@ -16587,7 +16587,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, int ret = 0; char password[NAME_SZ]; byte* key = NULL; - word32 keySz; + word32 keySz = 0; int type = PKCS8_PRIVATEKEY_TYPE; /* Validate parameters. */ diff --git a/src/ssl.c b/src/ssl.c index ded632e4f6..5fd75844bd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2171,7 +2171,7 @@ int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, word16 id) WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id"); - if (ctx == NULL || id > 255) + if (ctx == NULL || id > WOLFSSL_MAX_8BIT) ret = BAD_FUNC_ARG; if (ret == 0) { @@ -2306,7 +2306,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub) int i; WOLFSSL_ENTER("wolfSSL_mcast_peer_add"); - if (ssl == NULL || peerId > 255) + if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) return BAD_FUNC_ARG; if (!sub) { @@ -2362,7 +2362,7 @@ int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId) WOLFSSL_ENTER("wolfSSL_mcast_peer_known"); - if (ssl == NULL || peerId > 255) { + if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) { return BAD_FUNC_ARG; } diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 0a852f0589..5609ea4b40 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -46,6 +46,8 @@ #ifdef OPENSSL_ALL +#define ASN_IMPLICIT_TAG_MASK 0x000000FF + /* Provides access to the member of the obj offset by offset */ #define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset))) #define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset))) @@ -282,10 +284,14 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, len = 0; break; } + + /* SetImplicit allows only 8-bit mem->tag value */ if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) { - /* Encode the implicit tag */ + /* Encode the implicit tag; There's other stuff in the upper bits + * of the integer tag, so strip out everything else for value. */ byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ]; - SetImplicit(tmp[0], mem->tag, 0, imp, 0); + SetImplicit(tmp[0], (byte)(mem->tag & ASN_IMPLICIT_TAG_MASK), + 0, imp, 0); tmp[0] = imp[0]; } len += ret; diff --git a/src/ssl_load.c b/src/ssl_load.c index a15274b23f..c0be0d2330 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5023,7 +5023,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) { int ret = 1; - int derSize; + int derSize = 0; unsigned char* der = NULL; unsigned char* p; diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c index 9f51fa84f5..12ef33c527 100644 --- a/src/ssl_p7p12.c +++ b/src/ssl_p7p12.c @@ -948,7 +948,7 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7) int pemSz = -1; enum wc_HashType hashType; byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = -1; + word32 hashSz = 0; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7"); diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 91f2c8473f..89d3897e40 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -3748,7 +3748,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, byte* ticketNonceLen, byte* preallocUsed) { #ifdef HAVE_SESSION_TICKET - int ticLenAlloc = 0; + word16 ticLenAlloc = 0; byte *ticBuff = NULL; #endif const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + @@ -4164,7 +4164,8 @@ int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, if (sid_len > ID_LEN) { return WOLFSSL_FAILURE; } - s->sessionIDSz = sid_len; + + s->sessionIDSz = (byte)sid_len; if (sid != s->sessionID) { XMEMCPY(s->sessionID, sid, sid_len); } @@ -4180,7 +4181,7 @@ int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, if (sid_ctx_len > ID_LEN) { return WOLFSSL_FAILURE; } - s->sessionCtxSz = sid_ctx_len; + s->sessionCtxSz = (byte)sid_ctx_len; if (sid_ctx != s->sessionCtx) { XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len); } diff --git a/src/tls13.c b/src/tls13.c index 0d5a8b9365..3af7fa261b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4018,6 +4018,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) WOLFSSL_ENTER("WritePSKBinders"); + if (idx > WOLFSSL_MAX_16BIT) { + return INPUT_SIZE_E; + } + ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (ext == NULL) return SANITY_MSG_E; @@ -4033,7 +4037,7 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) ret = Dtls13HashHandshake(ssl, output + Dtls13GetRlHeaderLength(ssl, 0), - idx - Dtls13GetRlHeaderLength(ssl, 0)); + (word16)idx - Dtls13GetRlHeaderLength(ssl, 0)); else #endif /* WOLFSSL_DTLS13 */ ret = HashOutput(ssl, output, (int)idx, 0); @@ -6270,7 +6274,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, return ret; if (*usingPSK != 0) { - word16 modes; + word32 modes; #ifdef WOLFSSL_EARLY_DATA TLSX* extEarlyData; @@ -10856,14 +10860,18 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (sniff == NO_SNIFF) { ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz); + + if (finishedSz > WOLFSSL_MAX_8BIT) { + return BUFFER_ERROR; + } #ifdef WOLFSSL_HAVE_TLS_UNIQUE if (ssl->options.side == WOLFSSL_CLIENT_END) { XMEMCPY(ssl->serverFinished, mac, finishedSz); - ssl->serverFinished_len = finishedSz; + ssl->serverFinished_len = (byte)finishedSz; } else { XMEMCPY(ssl->clientFinished, mac, finishedSz); - ssl->clientFinished_len = finishedSz; + ssl->clientFinished_len = (byte)finishedSz; } #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ if (ret != 0) @@ -10945,7 +10953,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, */ static int SendTls13Finished(WOLFSSL* ssl) { - int finishedSz = ssl->specs.hash_size; + byte finishedSz = ssl->specs.hash_size; byte* input; byte* output; int ret; @@ -11805,10 +11813,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) { byte* output; int ret; + word32 length; int sendSz; word16 extSz; - word32 length; - word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word16 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_SEND); WOLFSSL_ENTER("SendTls13NewSessionTicket"); @@ -11878,7 +11886,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) /* Nonce */ length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ; - sendSz = (int)(idx + length + MAX_MSG_EXTRA); + sendSz = (word16)(idx + length + MAX_MSG_EXTRA); /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -11946,11 +11954,13 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) - return Dtls13HandshakeSend(ssl, output, sendSz, idx, session_ticket, 0); + return Dtls13HandshakeSend(ssl, output, (word16)sendSz, + idx, session_ticket, 0); #endif /* WOLFSSL_DTLS13 */ /* This message is always encrypted. */ - sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, + sendSz = BuildTls13Message(ssl, output, sendSz, + output + RECORD_HEADER_SZ, idx - RECORD_HEADER_SZ, handshake, 0, 0, 0); if (sendSz < 0) return sendSz; diff --git a/src/x509.c b/src/x509.c index 0f39c21f66..b08b919055 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1471,9 +1471,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo return WOLFSSL_FAILURE; } + /* ext->crit is WOLFSSL_ASN1_BOOLEAN */ + if (ext->crit != 0 && ext->crit != -1) { + return WOLFSSL_FAILURE; + } + /* x509->custom_exts now owns the buffers and they must be managed. */ x509->custom_exts[x509->customExtCount].oid = oid; - x509->custom_exts[x509->customExtCount].crit = ext->crit; + x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit; x509->custom_exts[x509->customExtCount].val = val; x509->custom_exts[x509->customExtCount].valSz = ext->value.length; x509->customExtCount++; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 59e34e12ff..ec6ad658d7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13544,7 +13544,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { int i, j, ret = 0; - int nameSz = 0; + word16 nameSz = 0; #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) int nid = 0; #endif @@ -13553,7 +13553,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) word32 idx = 0; word16 tmpName[MAX_OID_SZ]; char oidName[MAX_OID_SZ]; - char* finalName; + char* finalName = NULL; if (entry == NULL || entry->type != ASN_RID_TYPE) { return BAD_FUNC_ARG; @@ -13611,7 +13611,10 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } if (ret == 0) { - nameSz = (int)XSTRLEN((const char*)finalName); + nameSz = (word16)XSTRLEN((const char*)finalName); + if (nameSz > MAX_OID_SZ) { + return BUFFER_E; + } entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap, DYNAMIC_TYPE_ALTNAME); diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 1be1450a8d..def858fe43 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -173,7 +173,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) return MEMORY_E; } - SAVE_VECTOR_REGISTERS(); + SAVE_VECTOR_REGISTERS(;); #ifdef WOLFSSL_SMALL_STACK if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 5476e1494d..fa33a2cebd 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -12593,20 +12593,22 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, /* make all single bit entries */ for (x = 1; x < FP_LUT; x++) { - if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x, - fp_cache[idx].LUT[1<x) != MP_OKAY) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y, - fp_cache[idx].LUT[1<y) != MP_OKAY) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z, - fp_cache[idx].LUT[1<z) != MP_OKAY)){ + if ((mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->x, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->x) != MP_OKAY) || + (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->y, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->y) != MP_OKAY) || + (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->z, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->z) != MP_OKAY)) { err = MP_INIT_E; goto errout; } else { /* now double it bitlen/FP_LUT times */ for (y = 0; y < lut_gap; y++) { - if ((err = ecc_projective_dbl_point_safe(fp_cache[idx].LUT[1<encryptionKey == NULL || pkcs7->encryptionKeySz == 0) && diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e2dd969d8a..f21317db30 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -315,6 +315,7 @@ typedef struct w64wrapper { WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE }; + #define WOLFSSL_MAX_8BIT 0xffU #define WOLFSSL_MAX_16BIT 0xffffU #define WOLFSSL_MAX_32BIT 0xffffffffU