From 9f980c80ab2c50fc4d16153c55012c25af42a8e7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 18 Sep 2024 21:01:30 -0500 Subject: [PATCH] wolfssl/wolfcrypt/types.h: add static_assert() definitions; wolfssl/internal.h: add DTLS13_HANDSHAKE_HEADER_SZ; src/tls13.c: in EchHashHelloInner(), use falseHeader[DTLS13_HANDSHAKE_HEADER_SZ] to fix buffer overrun; src/dtls13.c: add static assert for DTLS13_HANDSHAKE_HEADER_SZ. --- src/dtls13.c | 2 ++ src/tls13.c | 4 ++++ wolfssl/internal.h | 1 + wolfssl/wolfcrypt/types.h | 15 +++++++++++++++ 4 files changed, 22 insertions(+) diff --git a/src/dtls13.c b/src/dtls13.c index 6430600f5c..c661dc94cc 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader { byte fragmentLength[3]; } Dtls13HandshakeHeader; +static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); + /** * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3 * record diff --git a/src/tls13.c b/src/tls13.c index 0d35d9bc42..d40a74f72a 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) { int ret; HS_Hashes* tmpHashes; +#ifdef WOLFSSL_DTLS13 + byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ]; +#else byte falseHeader[HANDSHAKE_HEADER_SZ]; +#endif if (ssl == NULL || ech == NULL) return BAD_FUNC_ARG; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 37cf731ae2..7ce0436355 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1637,6 +1637,7 @@ enum Misc { #endif HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + DTLS13_HANDSHAKE_HEADER_SZ = 12, /* sizeof(Dtls13HandshakeHeader) */ RECORD_HEADER_SZ = 5, /* type + version + len(2) */ CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e7edbc5b36..eb6ecfa4ab 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1694,6 +1694,21 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif + #define WC_CPP_CAT_(a, b) a ## b + #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) + #ifndef static_assert + #if !defined(__cplusplus) && !defined(__STRICT_ANSI__) && \ + !defined(WOLF_C89) && ((defined(__GNUC__) && \ + __GNUC__ >= 5) || defined(__clang__)) + #define __static_assert(expr, msg, ...) _Static_assert(expr, msg) + #define static_assert(expr, ...) \ + __static_assert(expr, ##__VA_ARGS__, #expr); + #else + #define static_assert(...) \ + struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__) + #endif + #endif + #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING #endif