Various fixes reported from analyzer

.github/workflows/macos-build.yml

@@ -56,6 +56,6 @@ jobs:
       - name: Run clippy
         run: |
           cd wolfcrypt-rs
-          cargo clippy -- -D warnings
+          cargo clippy -- -D warnings -A unnecessary-transmutes
           cd ../rustls-wolfcrypt-provider
           cargo clippy -- -D warnings

rustls-wolfcrypt-provider/Cargo.toml

@@ -31,6 +31,7 @@ anyhow = "1.0.95"
 num_cpus = "1.16.0"
 lazy_static = "1.5.0"
 hex-literal = "0.4.1"
+zeroize = { version = "1", default-features = false, features = ["alloc", "derive"] }
 
 
 [dev-dependencies]

rustls-wolfcrypt-provider/src/aead/aes128gcm.rs

@@ -11,6 +11,7 @@ use rustls::crypto::cipher::{
     UnsupportedOperationError,
 };
 use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion};
+use zeroize::Zeroizing;
 
 use alloc::vec::Vec;
 use core::ptr;
@@ -30,7 +31,7 @@ impl Tls12AeadAlgorithm for Aes128Gcm {
 
         Box::new(WCTls12Encrypter {
             iv: iv_as_array.into(),
-            key: key_as_slice.to_vec(),
+            key: Zeroizing::new(key_as_slice.to_vec()),
         })
     }
 
@@ -45,7 +46,7 @@ impl Tls12AeadAlgorithm for Aes128Gcm {
 
         Box::new(WCTls12Decrypter {
             implicit_iv: iv_implicit_as_array,
-            key: key_as_slice.to_vec(),
+            key: Zeroizing::new(key_as_slice.to_vec()),
         })
     }
 
@@ -65,8 +66,8 @@ impl Tls12AeadAlgorithm for Aes128Gcm {
     ) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError> {
         let mut iv_as_vec = vec![0u8; GCM_NONCE_LENGTH];
 
-        iv_as_vec.copy_from_slice(iv);
-        iv_as_vec.copy_from_slice(explicit);
+        iv_as_vec[..4].copy_from_slice(iv);
+        iv_as_vec[4..].copy_from_slice(explicit);
 
         Ok(ConnectionTrafficSecrets::Aes128Gcm {
             key,
@@ -80,12 +81,12 @@ impl Tls12AeadAlgorithm for Aes128Gcm {
 // We separate the structs for the implementation.
 pub struct WCTls12Encrypter {
     iv: Iv,
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
 }
 
 pub struct WCTls12Decrypter {
     implicit_iv: [u8; 4],
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
 }
 
 impl MessageEncrypter for WCTls12Encrypter {
@@ -237,14 +238,14 @@ impl MessageDecrypter for WCTls12Decrypter {
 impl Tls13AeadAlgorithm for Aes128Gcm {
     fn encrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageEncrypter> {
         Box::new(WCTls13Cipher {
-            key: key.as_ref().into(),
+            key: Zeroizing::new(key.as_ref().into()),
             iv,
         })
     }
 
     fn decrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageDecrypter> {
         Box::new(WCTls13Cipher {
-            key: key.as_ref().into(),
+            key: Zeroizing::new(key.as_ref().into()),
             iv,
         })
     }
@@ -263,7 +264,7 @@ impl Tls13AeadAlgorithm for Aes128Gcm {
 }
 
 pub struct WCTls13Cipher {
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
     iv: Iv,
 }
 

rustls-wolfcrypt-provider/src/aead/aes256gcm.rs

@@ -11,6 +11,7 @@ use rustls::crypto::cipher::{
     UnsupportedOperationError,
 };
 use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion};
+use zeroize::Zeroizing;
 
 use alloc::vec::Vec;
 use core::ptr;
@@ -30,7 +31,7 @@ impl Tls12AeadAlgorithm for Aes256Gcm {
 
         Box::new(WCTls12Encrypter {
             iv: iv_as_array.into(),
-            key: key_as_slice.to_vec(),
+            key: Zeroizing::new(key_as_slice.to_vec()),
         })
     }
 
@@ -45,7 +46,7 @@ impl Tls12AeadAlgorithm for Aes256Gcm {
 
         Box::new(WCTls12Decrypter {
             implicit_iv: iv_implicit_as_array,
-            key: key_as_slice.to_vec(),
+            key: Zeroizing::new(key_as_slice.to_vec()),
         })
     }
 
@@ -65,8 +66,8 @@ impl Tls12AeadAlgorithm for Aes256Gcm {
     ) -> Result<ConnectionTrafficSecrets, UnsupportedOperationError> {
         let mut iv_as_vec = vec![0u8; GCM_NONCE_LENGTH];
 
-        iv_as_vec.copy_from_slice(iv);
-        iv_as_vec.copy_from_slice(explicit);
+        iv_as_vec[..4].copy_from_slice(iv);
+        iv_as_vec[4..].copy_from_slice(explicit);
 
         Ok(ConnectionTrafficSecrets::Aes256Gcm {
             key,
@@ -80,12 +81,12 @@ impl Tls12AeadAlgorithm for Aes256Gcm {
 // We separate the structs for the implementation.
 pub struct WCTls12Encrypter {
     iv: Iv,
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
 }
 
 pub struct WCTls12Decrypter {
     implicit_iv: [u8; 4],
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
 }
 
 impl MessageEncrypter for WCTls12Encrypter {
@@ -237,14 +238,14 @@ impl MessageDecrypter for WCTls12Decrypter {
 impl Tls13AeadAlgorithm for Aes256Gcm {
     fn encrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageEncrypter> {
         Box::new(WCTls13Cipher {
-            key: key.as_ref().into(),
+            key: Zeroizing::new(key.as_ref().into()),
             iv,
         })
     }
 
     fn decrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageDecrypter> {
         Box::new(WCTls13Cipher {
-            key: key.as_ref().into(),
+            key: Zeroizing::new(key.as_ref().into()),
             iv,
         })
     }
@@ -263,7 +264,7 @@ impl Tls13AeadAlgorithm for Aes256Gcm {
 }
 
 pub struct WCTls13Cipher {
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
     iv: Iv,
 }
 

rustls-wolfcrypt-provider/src/aead/chacha20.rs

@@ -13,14 +13,15 @@ use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion};
 use wolfcrypt_rs::*;
 
 use crate::error::check_if_zero;
+use zeroize::Zeroizing;
 
 const CHACHAPOLY1305_OVERHEAD: usize = 16;
 
 pub struct Chacha20Poly1305;
 
 impl Tls12AeadAlgorithm for Chacha20Poly1305 {
     fn encrypter(&self, key: AeadKey, iv: &[u8], _: &[u8]) -> Box<dyn MessageEncrypter> {
-        let mut key_as_vec = vec![0u8; 32];
+        let mut key_as_vec = Zeroizing::new(vec![0u8; 32]);
         key_as_vec.copy_from_slice(key.as_ref());
 
         Box::new(WCTls12Cipher {
@@ -30,7 +31,7 @@ impl Tls12AeadAlgorithm for Chacha20Poly1305 {
     }
 
     fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box<dyn MessageDecrypter> {
-        let mut key_as_vec = vec![0u8; 32];
+        let mut key_as_vec = Zeroizing::new(vec![0u8; 32]);
         key_as_vec.copy_from_slice(key.as_ref());
 
         Box::new(WCTls12Cipher {
@@ -63,7 +64,7 @@ impl Tls12AeadAlgorithm for Chacha20Poly1305 {
 }
 
 pub struct WCTls12Cipher {
-    key: Vec<u8>,
+    key: Zeroizing<Vec<u8>>,
     iv: Iv,
 }
 
@@ -175,7 +176,7 @@ impl MessageDecrypter for WCTls12Cipher {
 
 impl Tls13AeadAlgorithm for Chacha20Poly1305 {
     fn encrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageEncrypter> {
-        let mut key_as_array = [0u8; 32];
+        let mut key_as_array = Zeroizing::new([0u8; 32]);
         key_as_array[..32].copy_from_slice(key.as_ref());
 
         Box::new(WCTls13Cipher {
@@ -185,7 +186,7 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305 {
     }
 
     fn decrypter(&self, key: AeadKey, iv: Iv) -> Box<dyn MessageDecrypter> {
-        let mut key_as_array = [0u8; 32];
+        let mut key_as_array = Zeroizing::new([0u8; 32]);
         key_as_array[..32].copy_from_slice(key.as_ref());
 
         Box::new(WCTls13Cipher {
@@ -208,7 +209,7 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305 {
 }
 
 pub struct WCTls13Cipher {
-    key: [u8; 32],
+    key: Zeroizing<[u8; 32]>,
     iv: Iv,
 }
 

rustls-wolfcrypt-provider/src/hash/sha256.rs

@@ -91,13 +91,21 @@ impl hash::Context for WCSha256Context {
 unsafe impl Sync for WCHasher256 {}
 unsafe impl Send for WCHasher256 {}
 impl Clone for WCHasher256 {
-    // Clone implementation.
-    // Returns a copy of the WCHasher256 struct.
     fn clone(&self) -> WCHasher256 {
-        WCHasher256 {
-            sha256_c_type: self.sha256_c_type,
+        let mut new_hasher = WCHasher256 {
+            sha256_c_type: unsafe { mem::zeroed() },
             hash: self.hash,
-        }
+        };
+        let ret = unsafe { wc_InitSha256(&mut new_hasher.sha256_c_type) };
+        check_if_zero(ret).unwrap();
+        let ret = unsafe {
+            wc_Sha256Copy(
+                &self.sha256_c_type as *const wc_Sha256 as *mut wc_Sha256,
+                &mut new_hasher.sha256_c_type,
+            )
+        };
+        check_if_zero(ret).unwrap();
+        new_hasher
     }
 }
 

rustls-wolfcrypt-provider/src/hash/sha384.rs

@@ -109,12 +109,20 @@ mod tests {
 unsafe impl Sync for WCHasher384 {}
 unsafe impl Send for WCHasher384 {}
 impl Clone for WCHasher384 {
-    // Clone implementation.
-    // Returns a copy of the WCHasher256 struct.
     fn clone(&self) -> WCHasher384 {
-        WCHasher384 {
-            sha384_c_type: self.sha384_c_type,
+        let mut new_hasher = WCHasher384 {
+            sha384_c_type: unsafe { mem::zeroed() },
             hash: self.hash,
-        }
+        };
+        let ret = unsafe { wc_InitSha384(&mut new_hasher.sha384_c_type) };
+        check_if_zero(ret).unwrap();
+        let ret = unsafe {
+            wc_Sha384Copy(
+                &self.sha384_c_type as *const wc_Sha384 as *mut wc_Sha384,
+                &mut new_hasher.sha384_c_type,
+            )
+        };
+        check_if_zero(ret).unwrap();
+        new_hasher
     }
 }

rustls-wolfcrypt-provider/src/hkdf.rs

@@ -7,6 +7,7 @@ use wolfcrypt_rs::*;
 
 use crate::error::check_if_zero;
 use crate::hmac::WCShaHmac;
+use zeroize::Zeroizing;
 
 pub struct WCHkdfUsingHmac(pub WCShaHmac);
 
@@ -43,7 +44,7 @@ impl RustlsHkdf for WCHkdfUsingHmac {
         check_if_zero(ret).unwrap();
 
         Box::new(WolfHkdfExpander::new(
-            extracted_key,
+            Zeroizing::new(extracted_key),
             self.0.hash_type().try_into().unwrap(),
             self.0.hash_len(),
         ))
@@ -54,7 +55,7 @@ impl RustlsHkdf for WCHkdfUsingHmac {
         okm: &rustls::crypto::tls13::OkmBlock,
     ) -> Box<dyn rustls::crypto::tls13::HkdfExpander> {
         Box::new(WolfHkdfExpander {
-            extracted_key: okm.as_ref().to_vec(),
+            extracted_key: Zeroizing::new(okm.as_ref().to_vec()),
             hash_type: self.0.hash_type().try_into().unwrap(),
             hash_len: self.0.hash_len(),
         })
@@ -85,21 +86,20 @@ impl RustlsHkdf for WCHkdfUsingHmac {
         check_if_zero(ret).unwrap();
 
         unsafe { wc_HmacFree(&mut hmac_ctx) };
-        check_if_zero(ret).unwrap();
 
         rustls::crypto::hmac::Tag::new(&hmac)
     }
 }
 
 /// Expander implementation that holds the extracted key material from HKDF extract phase
 struct WolfHkdfExpander {
-    extracted_key: Vec<u8>, // The pseudorandom key (PRK) output from HKDF-Extract
-    hash_type: i32,         // The wolfSSL hash algorithm identifier
-    hash_len: usize,        // Length of the hash function output
+    extracted_key: Zeroizing<Vec<u8>>, // The pseudorandom key (PRK) output from HKDF-Extract
+    hash_type: i32,                    // The wolfSSL hash algorithm identifier
+    hash_len: usize,                   // Length of the hash function output
 }
 
 impl WolfHkdfExpander {
-    fn new(extracted_key: Vec<u8>, hash_type: i32, hash_len: usize) -> Self {
+    fn new(extracted_key: Zeroizing<Vec<u8>>, hash_type: i32, hash_len: usize) -> Self {
         Self {
             extracted_key,
             hash_type,
@@ -120,7 +120,7 @@ impl tls13::HkdfExpander for WolfHkdfExpander {
             return Err(tls13::OutputLengthError);
         }
 
-        unsafe {
+        let ret = unsafe {
             wc_HKDF_Expand(
                 self.hash_type,
                 self.extracted_key.as_ptr(),
@@ -129,8 +129,9 @@ impl tls13::HkdfExpander for WolfHkdfExpander {
                 info_concat.len() as u32,
                 output.as_mut_ptr(),
                 output.len() as u32,
-            );
-        }
+            )
+        };
+        check_if_zero(ret).map_err(|_| tls13::OutputLengthError)?;
 
         Ok(())
     }