mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-01 19:54:32 +02:00
Merge branch 'fix/aes_gcm_coverity_reports_v5.2' into 'release/v5.2'
fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports (v5.2) See merge request espressif/esp-idf!29577
This commit is contained in:
Mahavir Jain
@@ -370,11 +370,17 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
|
|||||||
const unsigned char *iv,
|
const unsigned char *iv,
|
||||||
size_t iv_len )
|
size_t iv_len )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
|
return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* IV is limited to 2^32 bits, so 2^29 bytes */
|
/* IV is limited to 2^32 bits, so 2^29 bytes */
|
||||||
/* IV is not allowed to be zero length */
|
/* IV is not allowed to be zero length */
|
||||||
if ( iv_len == 0 ||
|
if ( iv_len == 0 ||
|
||||||
@@ -382,11 +388,6 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
|
|||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!iv) {
|
if (!iv) {
|
||||||
ESP_LOGE(TAG, "No IV supplied");
|
ESP_LOGE(TAG, "No IV supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
@@ -441,21 +442,22 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
|
|||||||
const unsigned char *aad,
|
const unsigned char *aad,
|
||||||
size_t aad_len )
|
size_t aad_len )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
|
return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* AD are limited to 2^32 bits, so 2^29 bytes */
|
/* AD are limited to 2^32 bits, so 2^29 bytes */
|
||||||
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
|
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
|
||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( (aad_len > 0) && !aad) {
|
if ( (aad_len > 0) && !aad) {
|
||||||
ESP_LOGE(TAG, "No aad supplied");
|
ESP_LOGE(TAG, "No aad supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
@@ -481,11 +483,17 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
|
|||||||
unsigned char *output, size_t output_size,
|
unsigned char *output, size_t output_size,
|
||||||
size_t *output_length )
|
size_t *output_length )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No GCM context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
|
return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
size_t nc_off = 0;
|
size_t nc_off = 0;
|
||||||
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
|
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
|
||||||
uint8_t stream[AES_BLOCK_BYTES] = {0};
|
uint8_t stream[AES_BLOCK_BYTES] = {0};
|
||||||
@@ -496,10 +504,6 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
|
|||||||
}
|
}
|
||||||
*output_length = input_length;
|
*output_length = input_length;
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No GCM context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
if (!input) {
|
if (!input) {
|
||||||
ESP_LOGE(TAG, "No input supplied");
|
ESP_LOGE(TAG, "No input supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
@@ -656,6 +660,11 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
|
|||||||
size_t tag_len,
|
size_t tag_len,
|
||||||
unsigned char *tag )
|
unsigned char *tag )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
|
return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
|
||||||
@@ -689,11 +698,6 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
|
|||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!iv) {
|
if (!iv) {
|
||||||
ESP_LOGE(TAG, "No IV supplied");
|
ESP_LOGE(TAG, "No IV supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -111,8 +111,11 @@ static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int
|
|||||||
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
|
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
|
||||||
ESP_LOGE(TAG, "Failed to open a new connection");
|
ESP_LOGE(TAG, "Failed to open a new connection");
|
||||||
esp_tls_error_handle_t esp_tls_error_handle;
|
esp_tls_error_handle_t esp_tls_error_handle;
|
||||||
esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle);
|
if (esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle) == ESP_OK) {
|
||||||
esp_transport_set_errors(t, esp_tls_error_handle);
|
esp_transport_set_errors(t, esp_tls_error_handle);
|
||||||
|
} else {
|
||||||
|
ESP_LOGE(TAG, "Error in obtaining the error handle");
|
||||||
|
}
|
||||||
goto exit_failure;
|
goto exit_failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user