From 632d1c7adabbd938f7626db38d204471c9efdb73 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 7 Jan 2025 17:37:11 -0600 Subject: [PATCH] wolfcrypt/src/wc_xmss_impl.c: fix error-checking comparisons in wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), and remove no-longer-needed suppression in wc_xmss_sign(). .wolfssl_known_macro_extras: remove unneeded WOLFSSL_GAISLER_BCC and WOLFSSL_NO_AES_CFB_1_8. wolfcrypt/src/dh.c: reformat overlong lines. --- .wolfssl_known_macro_extras | 2 -- wolfcrypt/src/dh.c | 20 +++++++++++++++----- wolfcrypt/src/wc_xmss_impl.c | 6 +++--- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 5611220e5f..1c526de904 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -638,7 +638,6 @@ WOLFSSL_FRDM_K64 WOLFSSL_FRDM_K64_JENKINS WOLFSSL_FUNC_TIME WOLFSSL_FUNC_TIME_LOG -WOLFSSL_GAISLER_BCC WOLFSSL_GEN_CERT WOLFSSL_GETRANDOM WOLFSSL_GNRC @@ -682,7 +681,6 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API -WOLFSSL_NO_AES_CFB_1_8 WOLFSSL_NO_BIO_ADDR_IN WOLFSSL_NO_CLIENT WOLFSSL_NO_CLIENT_CERT_ERROR diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 9fd37bc9e6..5940286fc2 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2549,31 +2549,41 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, * public moduli (known primes) from RFC 7919. */ #ifdef HAVE_FFDHE_2048 - if ((pSz == sizeof(dh_ffdhe2048_p)) && (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0)) { + if ((pSz == sizeof(dh_ffdhe2048_p)) && + (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0)) + { isPrime = 1; } else #endif #ifdef HAVE_FFDHE_3072 - if ((pSz == sizeof(dh_ffdhe3072_p)) && (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0)) { + if ((pSz == sizeof(dh_ffdhe3072_p)) && + (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0)) + { isPrime = 1; } else #endif #ifdef HAVE_FFDHE_4096 - if ((pSz == sizeof(dh_ffdhe4096_p)) && (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0)) { + if ((pSz == sizeof(dh_ffdhe4096_p)) && + (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0)) + { isPrime = 1; } else #endif #ifdef HAVE_FFDHE_6144 - if ((pSz == sizeof(dh_ffdhe6144_p)) && (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0)) { + if ((pSz == sizeof(dh_ffdhe6144_p)) && + (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0)) + { isPrime = 1; } else #endif #ifdef HAVE_FFDHE_8192 - if ((pSz == sizeof(dh_ffdhe8192_p)) && (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0)) { + if ((pSz == sizeof(dh_ffdhe8192_p)) && + (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0)) + { isPrime = 1; } else diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c index 3ca62fcea9..6a5a8cfd69 100644 --- a/wolfcrypt/src/wc_xmss_impl.c +++ b/wolfcrypt/src/wc_xmss_impl.c @@ -2689,7 +2689,7 @@ static int wc_xmss_bds_state_load(const XmssState* state, byte* sk, /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; - if (2 * (int)params->d - 1 < 0) + if (2 * (int)params->d - 1 <= 0) return WC_FAILURE; for (i = 0; i < 2 * (int)params->d - 1; i++) { @@ -2748,7 +2748,7 @@ static int wc_xmss_bds_state_store(const XmssState* state, byte* sk, /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; - if (2 * (int)params->d - 1 < 0) + if (2 * (int)params->d - 1 <= 0) return WC_FAILURE; for (i = 0; i < 2 * (int)params->d - 1; i++) { @@ -3480,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, if (ret == 0) { sig += params->wots_sig_len; /* Add authentication path (auth) and calc new root. */ - XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */ + XMEMCPY(sig, bds->authPath, h * n); ret = state->ret; }