Improve the TLS v1.3 expand key label warning for possible use of uninitialized "hash".

2023-12-27 09:52:56 -08:00 · 2023-12-27 09:52:56 -08:00 · b86dfffdbe
commit b86dfffdbe
parent d9ac8b5422
2 changed files with 27 additions and 19 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -266,10 +266,6 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
        return ret;
 #endif

-    /* Hash buffer may not be fully initialized, but the sending length won't
-     * extend beyond the initialized span. */
-PRAGMA_GCC_DIAG_PUSH
-PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
 #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
    ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
@ -288,7 +284,6 @@ PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
                                      label, labelLen,
                                      info, infoLen, digest);
 #endif
-PRAGMA_GCC_DIAG_POP
    (void)ssl;
    (void)side;
    return ret;
@ -490,14 +485,21 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
    }
 #endif /* WOLFSSL_DTLS13 */

-    if (outputLen == -1)
+    if (outputLen == -1) {
        outputLen = hashSz;
-    if (includeMsgs)
+    }
+    if (includeMsgs) {
        hashOutSz = hashSz;
+    }
+    else {
+        /* Appease static analyzers by making sure hash is cleared, since it is
+         * passed into expand key label where older wc_Tls13_HKDF_Expand_Label
+         * will unconditionally try to call a memcpy on it, however length will
+         * always be 0. */
+        XMEMSET(hash, 0, sizeof(hash));
+        hashOutSz = 0;
+    }

-    /* hash buffer may not be fully initialized, but the sending length won't
-     * extend beyond the initialized span.
-     */
    PRIVATE_KEY_UNLOCK();
    ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
                                  protocol, protocolLen, label, labelLen,
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@ -485,17 +485,23 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
        data[idx++] = (byte)okmLen;
        /* Length of protocol | label. */
        data[idx++] = (byte)(protocolLen + labelLen);
-        /* Protocol */
-        XMEMCPY(&data[idx], protocol, protocolLen);
-        idx += protocolLen;
-        /* Label */
-        XMEMCPY(&data[idx], label, labelLen);
-        idx += labelLen;
+        if (protocolLen > 0) {
+            /* Protocol */
+            XMEMCPY(&data[idx], protocol, protocolLen);
+            idx += protocolLen;
+        }
+        if (labelLen > 0) {
+            /* Label */
+            XMEMCPY(&data[idx], label, labelLen);
+            idx += labelLen;
+        }
        /* Length of hash of messages */
        data[idx++] = (byte)infoLen;
-        /* Hash of messages */
-        XMEMCPY(&data[idx], info, infoLen);
-        idx += infoLen;
+        if (infoLen > 0) {
+            /* Hash of messages */
+            XMEMCPY(&data[idx], info, infoLen);
+            idx += infoLen;
+        }

    #ifdef WOLFSSL_CHECK_MEM_ZERO
        wc_MemZero_Add("wc_Tls13_HKDF_Expand_Label data", data, idx);