Fix shorten-64-to-32 #743
Fix shorten-64-to-32 #743
Conversation
…yptUpdate EVP_CIPHER_CTX_ctrl EVP_EncryptUpdate
Add the warning when using clang. This error is also set by default when build building ios so add a ci build.
Add checks before casting.
| @@ -258,12 +258,16 @@ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv, | |||
| debug_print(srtp_mod_aes_gcm, "setting AAD: %s", | |||
| srtp_octet_string_hex_string(aad, aad_len)); | |||
|
|
|||
| if (aad_len > INT_MAX) { | |||
There was a problem hiding this comment.
Might want to move this check up a few lines since it's printed above before it's checked here.
There was a problem hiding this comment.
The check is only mean to protect from the casting, using it in the print statement as a szie_t should be no problem or ?
There was a problem hiding this comment.
I just think that if the parameter is considered bad, we ought to return that error before using it. If aad_len is bad, then I would guess aad is also bad. The printed result might be wrong. I'm just overly cautious.
| @@ -300,10 +304,14 @@ static srtp_err_status_t srtp_aes_gcm_openssl_encrypt(void *cv, | |||
| return srtp_err_status_buffer_small; | |||
| } | |||
|
|
|||
| if (src_len > INT_MAX) { | |||
There was a problem hiding this comment.
Might want to move this up a few lines, as there is a comparison against it just above before this check.
There was a problem hiding this comment.
That comparison should be fine as they are all size_t, this is check was only to protect from casting.
There was a problem hiding this comment.
Yeah, this will not break since it is the same type. I just prefer to check values before using them. But, your call.
| @@ -357,10 +365,15 @@ static srtp_err_status_t srtp_aes_gcm_openssl_decrypt(void *cv, | |||
| return srtp_err_status_buffer_small; | |||
| } | |||
|
|
|||
| if (src_len > INT_MAX) { | |||
There was a problem hiding this comment.
Same here. Used a couple of times above before this check.
| @@ -298,10 +300,16 @@ static srtp_err_status_t srtp_aes_gcm_wolfssl_set_aad(void *cv, | |||
| memcpy(c->aad + c->aad_size, aad, aad_len); | |||
| c->aad_size += aad_len; | |||
| #else | |||
| if (aad_len > INT_MAX) { | |||
There was a problem hiding this comment.
Seems like this should be moved just above the log statement, as I assume this should run regardless of the conditional compilation statements.
| @@ -338,6 +346,10 @@ static srtp_err_status_t srtp_aes_gcm_wolfssl_encrypt(void *cv, | |||
| return srtp_err_status_buffer_small; | |||
| } | |||
|
|
|||
| if (src_len > INT_MAX) { | |||
There was a problem hiding this comment.
This one should be moved up a bit, since the value is compared just before this check.
| @@ -247,7 +259,12 @@ static srtp_err_status_t srtp_hmac_compute(void *statev, | |||
| return srtp_err_status_bad_param; | |||
| } | |||
|
|
|||
| if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) { | |||
| if (msg_octets > UINT_MAX) { | |||
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| @@ -240,7 +240,11 @@ static srtp_err_status_t srtp_hmac_init(void *statev, | |||
| return srtp_err_status_auth_fail; | |||
| } | |||
| #else | |||
| if (HMAC_Init_ex(hmac->ctx, key, key_len, EVP_sha1(), NULL) == 0) { | |||
| if (key_len > INT_MAX) { | |||
There was a problem hiding this comment.
Should this be moved above the #ifdef, since it is used in that code, too (line 238).
There was a problem hiding this comment.
The keyLen param of EVP_MAC_init is of type size_t so cast and check is not required.
There was a problem hiding this comment.
It's ok if the #ifdef SRTP_OSSL_USE_EVP_MAC block if this key_len > INT_MAX? If so, fine. Seems like it would matter both places.
| @@ -154,7 +159,11 @@ static srtp_err_status_t srtp_hmac_wolfssl_update(void *statev, | |||
| debug_print(srtp_mod_hmac, "input: %s", | |||
| srtp_octet_string_hex_string(message, msg_octets)); | |||
|
|
|||
| err = wc_HmacUpdate(state, message, msg_octets); | |||
| if (msg_octets > INT_MAX) { | |||
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| @@ -182,8 +191,12 @@ static srtp_err_status_t srtp_hmac_wolfssl_compute(void *statev, | |||
| return srtp_err_status_bad_param; | |||
| } | |||
|
|
|||
| if (msg_octets > INT_MAX) { | |||
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| @@ -850,10 +850,14 @@ static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, | |||
| } | |||
| octet_string_set_to_zero(key, length); | |||
|
|
|||
| if (length > INT_MAX) { | |||
There was a problem hiding this comment.
Could add this to line 845, which checks for a zero length.
There was a problem hiding this comment.
It could but it is here only to verify it wont be shortened when calling wc_SRTP_KDF_label() not if the value is other wise valid.
There was a problem hiding this comment.
Same issue. No problem if you don't mind printing a wrong value (and it doesn't cause issues)
This takes the changes proposed in #742 and adds a ci build as well as fixing these warnings for all backends.