fixes for cppcheck-2.13.0 --force:

* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck). * fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum). * fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint). * add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX). * suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit(). * suppress true-but-benign-positive autoVariables in DoClientHello(). * in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition. * refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
2023-12-28 15:06:21 -06:00
parent 457188f55e
commit 44b18de704
7 changed files with 53 additions and 25 deletions
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -636,11 +636,19 @@
 #ifdef WOLFSSL_TRACK_MEMORY
    #include <wolfssl/wolfcrypt/memory.h>
    #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); wolfSSL_Malloc(s);})
-    #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) wolfSSL_Free(_xp);})
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)       ({(void)(h); (void)(t); wolfSSL_Free(p);})
+    #else
+        #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) wolfSSL_Free(_xp);})
+    #endif
    #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); wolfSSL_Realloc(p, n);})
 #else
    #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); malloc(s);})
-    #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) free(_xp);})
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)       ({(void)(h); (void)(t); free(p);})
+    #else
+        #define XFREE(p, h, t)       ({void* _xp; (void)(h); (void)(t); _xp = (p); if(_xp) free(_xp);})
+    #endif
    #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
 #endif

--- a/src/internal.c
+++ b/src/internal.c
@@ -23944,8 +23944,11 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
                ssl->keys.sequence_number_lo);
    }

-    if (w64GTE(seq, limit))
+    if (w64GTE(seq, limit)) { /* cppcheck-suppress uninitvar
+                               * (false positive from cppcheck-2.13.0)
+                               */
        return Tls13UpdateKeys(ssl); /* Need to generate new keys */
+    }

    return 0;
 }
@@ -35828,7 +35831,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif

 #ifdef OPENSSL_EXTRA
-        ssl->clSuites = clSuites;
+        ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables
+                                   */
        /* Give user last chance to provide a cert for cipher selection */
        if (ret == 0 && ssl->ctx->certSetupCb != NULL)
            ret = CertSetupCbWrapper(ssl);
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -9641,7 +9641,7 @@ static void bench_xmss_sign_verify(const char * params)

    ret = wc_XmssKey_GetPubLen(&key, &pkSz);
    if (pkSz != XMSS_SHA256_PUBLEN) {
-        fprintf(stderr, "error: xmss pub len: got %d, expected %d\n", pkSz,
+        fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz,
                XMSS_SHA256_PUBLEN);
        goto exit_xmss_sign_verify;
    }
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -251,17 +251,20 @@ ECC Curve Sizes:
 #else
 #define MAX_ECC_BITS_USE    MAX_ECC_BITS_NEEDED
 #endif
-#if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \
-    (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224))
-#define ECC_KEY_MAX_BITS(key)                                       \
-    ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE :  \
-        ((unsigned)((key)->dp->size * 8)))
-#else
-/* Add one bit for cases when order is a bit greater than prime. */
-#define ECC_KEY_MAX_BITS(key)                                       \
-    ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE :  \
-        ((unsigned)((key)->dp->size * 8 + 1)))
-#endif
+
+static WC_MAYBE_UNUSED WC_INLINE word32 ECC_KEY_MAX_BITS(const ecc_key *key) {
+    if (((key) == NULL) || ((key)->dp == NULL))
+        return MAX_ECC_BITS_USE;
+    else {
+    #if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \
+            (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224))
+        return (word32)((key)->dp->size * 8);
+    #else
+        /* Add one bit for cases when order is a bit greater than prime. */
+        return (word32)((key)->dp->size * 8 + 1);
+    #endif
+    }
+}

 /* forward declarations */
 static int  wc_ecc_new_point_ex(ecc_point** point, void* heap);
@@ -7263,10 +7266,10 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
       pubkey = (ecc_key*)XMALLOC(sizeof(ecc_key), key->heap, DYNAMIC_TYPE_ECC);
       if (pubkey == NULL)
           err = MEMORY_E;
+       else
   #endif
-
+       {
       /* don't use async for key, since we don't support async return here */
-       if (err == MP_OKAY) {
           err = wc_ecc_init_ex(pubkey, key->heap, INVALID_DEVID);
           if (err == MP_OKAY) {
              err = ecc_sign_hash_sw(key, pubkey, rng, curve, e, r, s);
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -267,8 +267,10 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
        ret = BUFFER_E;

 #if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(RsaKey));
-    key->isPkcs11 = 1;
+    if (ret == 0) {
+        XMEMSET(key, 0, sizeof(RsaKey));
+        key->isPkcs11 = 1;
+    }
 #endif

    if (ret == 0)
@@ -302,8 +304,10 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId)
    }

 #if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(RsaKey));
-    key->isPkcs11 = 1;
+    if (ret == 0) {
+        XMEMSET(key, 0, sizeof(RsaKey));
+        key->isPkcs11 = 1;
+    }
 #endif

    if (ret == 0)
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -212,7 +212,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
        int ret;
        char tmpBuf[80];

-        ret = XSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
+        ret = vsnprintf(tmpBuf, sizeof(tmpBuf), format, args);
        printf(tmpBuf);

    return ret;
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1193,7 +1193,12 @@ extern void uITRON4_free(void *p) ;
    #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
        #define XMALLOC_OVERRIDE
        #define XMALLOC(s, h, t)    ((void)(h), (void)(t), (void *)_mem_alloc_system((s)))
-        #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+        #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+            #define XFREE(p, h, t)      {(void)(h); (void)(t); _mem_free(p);}
+        #else
+            #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+        #endif
+
        /* Note: MQX has no realloc, using fastmath above */
    #endif
    #ifdef USE_FAST_MATH
@@ -1224,7 +1229,11 @@ extern void uITRON4_free(void *p) ;
    #endif

    #define XMALLOC(s, h, t)    ((void)(h), (void)(t), (void *)_mem_alloc_system((s)))
-    #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)      {(void)(h); (void)(t); _mem_free(p);}
+    #else
+        #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+    #endif
    #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */

    #define MQX_FILE_PTR FILE *