Skip to content

Commit 3908bc3

Browse files
anhuanhu
authored
Merge pull request #7399 from douzzer/20240405-tls-endian-fixes
20240405-tls-endian-fixes
2 parents 9d56484 + cdf2504 commit 3908bc3

4 files changed

Lines changed: 41 additions & 42 deletions

File tree

src/internal.c

Lines changed: 27 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -27682,7 +27682,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
2768227682
* length The length of a signature.
2768327683
* returns 0 on success, otherwise failure.
2768427684
*/
27685-
int DecodePrivateKey(WOLFSSL *ssl, word16* length)
27685+
int DecodePrivateKey(WOLFSSL *ssl, word32* length)
2768627686
{
2768727687
int ret = BAD_FUNC_ARG;
2768827688
int keySz;
@@ -27697,7 +27697,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2769727697
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
2769827698
#endif
2769927699
) {
27700-
*length = (word16)GetPrivateKeySigSize(ssl);
27700+
*length = GetPrivateKeySigSize(ssl);
2770127701
return 0;
2770227702
}
2770327703
else
@@ -27747,7 +27747,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2774727747
}
2774827748

2774927749
/* Return the maximum signature length. */
27750-
*length = (word16)ssl->buffers.keySz;
27750+
*length = ssl->buffers.keySz;
2775127751
}
2775227752
#else
2775327753
ret = NOT_COMPILED_IN;
@@ -27773,7 +27773,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2777327773
}
2777427774

2777527775
/* Return the maximum signature length. */
27776-
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz);
27776+
*length = wc_ecc_sig_size_calc(ssl->buffers.keySz);
2777727777
}
2777827778
#else
2777927779
ret = NOT_COMPILED_IN;
@@ -27808,7 +27808,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2780827808
}
2780927809

2781027810
/* Return the maximum signature length. */
27811-
*length = (word16)wc_falcon_sig_size((falcon_key*)ssl->hsKey);
27811+
*length = wc_falcon_sig_size((falcon_key*)ssl->hsKey);
2781227812
}
2781327813
#else
2781427814
ret = NOT_COMPILED_IN;
@@ -27847,7 +27847,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2784727847
}
2784827848

2784927849
/* Return the maximum signature length. */
27850-
*length = (word16)wc_dilithium_sig_size(
27850+
*length = wc_dilithium_sig_size(
2785127851
(dilithium_key*)ssl->hsKey);
2785227852
}
2785327853
#else
@@ -27901,7 +27901,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2790127901
}
2790227902

2790327903
/* Return the maximum signature length. */
27904-
*length = (word16)keySz;
27904+
*length = keySz;
2790527905

2790627906
goto exit_dpk;
2790727907
}
@@ -27961,7 +27961,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2796127961
}
2796227962

2796327963
/* Return the maximum signature length. */
27964-
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
27964+
*length = wc_ecc_sig_size((ecc_key*)ssl->hsKey);
2796527965

2796627966
goto exit_dpk;
2796727967
}
@@ -28238,7 +28238,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
2823828238
/* This is just like the above, but only consider RSA, ECC, Falcon and
2823928239
* Dilthium; Furthermore, use the alternative key, not the native key.
2824028240
*/
28241-
int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
28241+
int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
2824228242
{
2824328243
int ret = BAD_FUNC_ARG;
2824428244
int keySz;
@@ -28289,7 +28289,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2828928289
}
2829028290

2829128291
/* Return the maximum signature length. */
28292-
*length = (word16)ssl->buffers.altKeySz;
28292+
*length = ssl->buffers.altKeySz;
2829328293
}
2829428294
#else
2829528295
ret = NOT_COMPILED_IN;
@@ -28315,7 +28315,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2831528315
}
2831628316

2831728317
/* Return the maximum signature length. */
28318-
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.altKeySz);
28318+
*length = wc_ecc_sig_size_calc(ssl->buffers.altKeySz);
2831928319
}
2832028320
#else
2832128321
ret = NOT_COMPILED_IN;
@@ -28350,8 +28350,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2835028350
}
2835128351

2835228352
/* Return the maximum signature length. */
28353-
*length = (word16)
28354-
wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
28353+
*length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
2835528354
}
2835628355
#else
2835728356
ret = NOT_COMPILED_IN;
@@ -28393,7 +28392,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2839328392
}
2839428393

2839528394
/* Return the maximum signature length. */
28396-
*length = (word16)wc_dilithium_sig_size(
28395+
*length = wc_dilithium_sig_size(
2839728396
(dilithium_key*)ssl->hsAltKey);
2839828397
}
2839928398
#else
@@ -28448,7 +28447,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2844828447
}
2844928448

2845028449
/* Return the maximum signature length. */
28451-
*length = (word16)keySz;
28450+
*length = keySz;
2845228451

2845328452
goto exit_dapk;
2845428453
}
@@ -28509,7 +28508,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
2850928508
}
2851028509

2851128510
/* Return the maximum signature length. */
28512-
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsAltKey);
28511+
*length = wc_ecc_sig_size((ecc_key*)ssl->hsAltKey);
2851328512

2851428513
goto exit_dapk;
2851528514
}
@@ -28828,7 +28827,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
2882828827
int sendSz;
2882928828
int idSz;
2883028829
int ret;
28831-
word16 extSz = 0;
28830+
word32 extSz = 0;
2883228831
const Suites* suites;
2883328832

2883428833
if (ssl == NULL) {
@@ -32636,7 +32635,7 @@ typedef struct ScvArgs {
3263632635
word32 sigSz;
3263732636
int sendSz;
3263832637
int inputSz;
32639-
word16 length;
32638+
word32 length;
3264032639
byte sigAlgo;
3264132640
} ScvArgs;
3264232641

@@ -32855,7 +32854,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
3285532854
}
3285632855

3285732856
/* prepend hdr */
32858-
c16toa(args->length, args->verify + args->extraSz);
32857+
c16toa((word16)args->length, args->verify + args->extraSz);
3285932858
}
3286032859
#ifdef WC_RSA_PSS
3286132860
else if (args->sigAlgo == rsa_pss_sa_algo) {
@@ -32865,7 +32864,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
3286532864
args->sigSz = ENCRYPT_LEN;
3286632865

3286732866
/* prepend hdr */
32868-
c16toa(args->length, args->verify + args->extraSz);
32867+
c16toa((word16)args->length, args->verify + args->extraSz);
3286932868
}
3287032869
#endif
3287132870
#endif /* !NO_RSA */
@@ -33044,7 +33043,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
3304433043
#endif
3304533044
args->length = (word16)ssl->buffers.sig.length;
3304633045
/* prepend hdr */
33047-
c16toa(args->length, args->verify + args->extraSz);
33046+
c16toa((word16)args->length, args->verify + args->extraSz);
3304833047
XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
3304933048
ssl->buffers.sig.buffer, ssl->buffers.sig.length);
3305033049
break;
@@ -34462,7 +34461,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3446234461
#endif
3446334462
case rsa_sa_algo:
3446434463
{
34465-
word16 keySz;
34464+
word32 keySz;
3446634465

3446734466
ssl->buffers.keyType = rsa_sa_algo;
3446834467
ret = DecodePrivateKey(ssl, &keySz);
@@ -34480,7 +34479,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3448034479
#endif
3448134480
case ecc_dsa_sa_algo:
3448234481
{
34483-
word16 keySz;
34482+
word32 keySz;
3448434483

3448534484
ssl->buffers.keyType = ecc_dsa_sa_algo;
3448634485
ret = DecodePrivateKey(ssl, &keySz);
@@ -34495,7 +34494,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3449534494
#ifdef HAVE_ED25519
3449634495
case ed25519_sa_algo:
3449734496
{
34498-
word16 keySz;
34497+
word32 keySz;
3449934498

3450034499
ssl->buffers.keyType = ed25519_sa_algo;
3450134500
ret = DecodePrivateKey(ssl, &keySz);
@@ -34511,7 +34510,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3451134510
#ifdef HAVE_ED448
3451234511
case ed448_sa_algo:
3451334512
{
34514-
word16 keySz;
34513+
word32 keySz;
3451534514

3451634515
ssl->buffers.keyType = ed448_sa_algo;
3451734516
ret = DecodePrivateKey(ssl, &keySz);
@@ -34714,7 +34713,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3471434713
preSigSz = args->length;
3471534714

3471634715
if (!ssl->options.usingAnon_cipher) {
34717-
word16 keySz = 0;
34716+
word32 keySz = 0;
3471834717

3471934718
/* sig length */
3472034719
args->length += LENGTH_SZ;
@@ -38962,7 +38961,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
3896238961
#ifndef NO_RSA
3896338962
case rsa_kea:
3896438963
{
38965-
word16 keySz;
38964+
word32 keySz;
3896638965

3896738966
ssl->buffers.keyType = rsa_sa_algo;
3896838967
ret = DecodePrivateKey(ssl, &keySz);
@@ -39082,7 +39081,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
3908239081
if (ssl->specs.static_ecdh &&
3908339082
ssl->ecdhCurveOID != ECC_X25519_OID &&
3908439083
ssl->ecdhCurveOID != ECC_X448_OID) {
39085-
word16 keySz;
39084+
word32 keySz;
3908639085

3908739086
ssl->buffers.keyType = ecc_dsa_sa_algo;
3908839087
ret = DecodePrivateKey(ssl, &keySz);

src/tls.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13570,7 +13570,7 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType,
1357013570
#endif
1357113571

1357213572
/** Tells the buffered size of extensions to be sent into the client hello. */
13573-
int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
13573+
int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
1357413574
{
1357513575
int ret = 0;
1357613576
word16 length = 0;
@@ -13800,7 +13800,7 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore,
1380013800
#endif
1380113801

1380213802
/** Writes the extensions to be sent into the client hello. */
13803-
int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
13803+
int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
1380413804
{
1380513805
int ret = 0;
1380613806
word16 offset = 0;

src/tls13.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4238,7 +4238,7 @@ typedef struct Sch13Args {
42384238
byte* output;
42394239
word32 idx;
42404240
int sendSz;
4241-
word16 length;
4241+
word32 length;
42424242
#if defined(HAVE_ECH)
42434243
int clientRandomOffset;
42444244
int preXLength;
@@ -7626,7 +7626,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
76267626
int ret;
76277627
int sendSz;
76287628
word32 i;
7629-
word16 reqSz;
7629+
word32 reqSz;
76307630
word16 hashSigAlgoSz = 0;
76317631
SignatureAlgorithms* sa;
76327632
int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM;
@@ -8922,7 +8922,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
89228922
ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey;
89238923
}
89248924
#endif /* WOLFSSL_DUAL_ALG_CERTS */
8925-
ret = DecodePrivateKey(ssl, (word16*)&args->sigLen);
8925+
ret = DecodePrivateKey(ssl, &args->sigLen);
89268926
if (ret != 0)
89278927
goto exit_scv;
89288928
}
@@ -9024,7 +9024,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
90249024

90259025
/* After this call, args->altSigLen has the length we need for
90269026
* the alternative signature. */
9027-
ret = DecodeAltPrivateKey(ssl, (word16*)&args->altSigLen);
9027+
ret = DecodeAltPrivateKey(ssl, &args->altSigLen);
90289028
if (ret != 0)
90299029
goto exit_scv;
90309030

@@ -9639,8 +9639,8 @@ typedef struct Dcv13Args {
96399639
#ifdef WOLFSSL_DUAL_ALG_CERTS
96409640
byte altSigAlgo;
96419641
byte* altSigData;
9642-
word16 altSigDataSz;
9643-
word16 altSignatureSz;
9642+
word32 altSigDataSz;
9643+
word32 altSignatureSz;
96449644
byte altPeerAuthGood;
96459645
#endif
96469646
} Dcv13Args;
@@ -10065,10 +10065,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
1006510065
* with their size as 16-bit integeter prior in memory. Hence,
1006610066
* we can decode both lengths here now. */
1006710067
word32 tmpIdx = args->idx;
10068-
ato16(input + tmpIdx, (word16*)&args->sigSz);
10068+
ato32(input + tmpIdx, &args->sigSz);
1006910069

1007010070
tmpIdx += OPAQUE16_LEN + args->sigSz;
10071-
ato16(input + tmpIdx, (word16*)&args->altSignatureSz);
10071+
ato32(input + tmpIdx, &args->altSignatureSz);
1007210072

1007310073
if (args->sz != (args->sigSz + args->altSignatureSz +
1007410074
OPAQUE16_LEN + OPAQUE16_LEN)) {

wolfssl/internal.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2175,9 +2175,9 @@ WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length,
21752175
int hsType, int label, int id,
21762176
void* heap, int devId);
21772177
#endif
2178-
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
2178+
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length);
21792179
#ifdef WOLFSSL_DUAL_ALG_CERTS
2180-
WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length);
2180+
WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length);
21812181
#endif
21822182
#ifdef WOLF_PRIVATE_KEY_ID
21832183
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
@@ -2988,9 +2988,9 @@ WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
29882988

29892989
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
29902990
WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
2991-
word16* pLength);
2991+
word32* pLength);
29922992
WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
2993-
byte msgType, word16* pOffset);
2993+
byte msgType, word32* pOffset);
29942994
#endif
29952995

29962996
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)

0 commit comments

Comments
 (0)