Coverity: Untrusted divisor

1. The individual bytes of the value read by ato32() are promoted to
   int values. Added typecasts to word32 for each of the bytes of the
   32-bit value so they are treated as unsigned values like the target
   type. Also shifted each byte separately after masking them and then
   oring them into a temp.
2. To get the e value from the KexDhInit message, use the
   GetStringRef() function.

Fixes CID: 572837

Author: ejohnstown

src/internal.c

@@ -4751,7 +4751,7 @@ static int DoKexDhInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
      * in the message isn't of the DH e value. Treat the Q as e. */
     /* DYNTYPE_DH */
 
-    byte* e;
+    const byte* e;
     word32 eSz;
     word32 begin;
     int ret = WS_SUCCESS;
@@ -4770,24 +4770,12 @@ static int DoKexDhInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
             *idx += len;
             return WS_SUCCESS;
         }
-    }
 
-    if (ret == WS_SUCCESS) {
         begin = *idx;
-        ret = GetUint32(&eSz, buf, len, &begin);
-    }
-
-    if (ret == WS_SUCCESS) {
-        /* Validate eSz */
-        if ((len < begin) || (eSz > len - begin)) {
-            ret = WS_RECV_OVERFLOW_E;
-        }
+        ret = GetStringRef(&eSz, &e, buf, len, &begin);
     }
 
     if (ret == WS_SUCCESS) {
-        e = buf + begin;
-        begin += eSz;
-
         if (eSz <= (word32)sizeof(ssh->handshake->e)) {
             WMEMCPY(ssh->handshake->e, e, eSz);
             ssh->handshake->eSz = eSz;

src/misc.c

@@ -74,7 +74,17 @@ STATIC INLINE word32 min(word32 a, word32 b)
 /* convert opaque to 32 bit integer */
 STATIC INLINE void ato32(const byte* c, word32* u32)
 {
-    *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
+    word32 v = 0;
+
+    v |= (word32)(c[0] & 0xFF);
+    v <<= 8;
+    v |= (word32)(c[1] & 0xFF);
+    v <<= 8;
+    v |= (word32)(c[2] & 0xFF);
+    v <<= 8;
+    v |= (word32)(c[3] & 0xFF);
+
+    *u32 = v;
 }