From fbbb2b876b99111c9c26c65ba667ec88febf0625 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 19 Sep 2024 01:15:42 -0500
Subject: [PATCH] wolfssl/wolfcrypt/types.h: add static_assert() definitions;

wolfssl/internal.h: add DTLS13_HANDSHAKE_HEADER_SZ;

src/tls13.c: in EchHashHelloInner(), use falseHeader[DTLS13_HANDSHAKE_HEADER_SZ] to fix buffer overrun;

src/dtls13.c: add static assert for DTLS13_HANDSHAKE_HEADER_SZ.
---
 src/dtls13.c              |  2 ++
 src/tls13.c               |  4 ++++
 wolfssl/internal.h        |  1 +
 wolfssl/wolfcrypt/types.h | 18 ++++++++++++++++++
 4 files changed, 25 insertions(+)

diff --git a/src/dtls13.c b/src/dtls13.c
index 6430600f5c..c661dc94cc 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
     byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
+static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
  * record
diff --git a/src/tls13.c b/src/tls13.c
index 0d35d9bc42..d40a74f72a 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
 {
     int ret;
     HS_Hashes* tmpHashes;
+#ifdef WOLFSSL_DTLS13
+    byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
+#else
     byte falseHeader[HANDSHAKE_HEADER_SZ];
+#endif
 
     if (ssl == NULL || ech == NULL)
         return BAD_FUNC_ARG;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 37cf731ae2..7ce0436355 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1637,6 +1637,7 @@ enum Misc {
 #endif
 
     HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
+    DTLS13_HANDSHAKE_HEADER_SZ   = 12, /* sizeof(Dtls13HandshakeHeader) */
     RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
     CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
     REQ_HEADER_SZ         = 2,  /* cert request header sz  */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index e7edbc5b36..2a468c42ff 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1694,6 +1694,24 @@ typedef struct w64wrapper {
         #define PRAGMA_DIAG_POP /* null expansion */
     #endif
 
+    #define WC_CPP_CAT_(a, b) a ## b
+    #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b)
+    #ifndef static_assert
+        #if !defined(__cplusplus) && !defined(__STRICT_ANSI__) && \
+                !defined(WOLF_C89) && ((defined(__GNUC__) &&      \
+                __GNUC__ >= 5) || defined(__clang__))
+            #define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+            #define static_assert(expr, ...) \
+                __static_assert(expr, ##__VA_ARGS__, #expr)
+        #elif defined(__STRICT_ANSI__) || defined(WOLF_C89)
+            #define static_assert(expr) \
+                struct WC_CPP_CAT(dummy_struct_, __LINE__)
+        #else
+            #define static_assert(...) \
+                struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__)
+        #endif
+    #endif
+
     #ifndef SAVE_VECTOR_REGISTERS
         #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
     #endif