feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

wolfcrypt/src/wc_xmss_impl.c: guided by clang-tidy 20.0.0_pre20250104, add some error-checking to wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), but ultimately, suppress a pair of stubborn apparently-false "function call argument is an uninitialized value" warnings, one in wc_xmss_bds_state_store() and one in wc_xmss_sign().

Browse Source
This commit is contained in:
Daniel Pouzzner
2025-01-07 14:04:01 -06:00
parent 78c4a04cac
commit 8c32238733
1 changed files with 32 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
wolfcrypt/src/wc_xmss_impl.c
View File

@@ -2675,7 +2675,7 @@ static void wc_xmss_bds_state_free(BdsState* bds)
* @param [out] bds BDS states. * @param [out] bds BDS states.
* @param [out] wots_sigs WOTS signatures when XMSS^MT. * @param [out] wots_sigs WOTS signatures when XMSS^MT.
*/ */
static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
BdsState* bds, byte** wots_sigs) BdsState* bds, byte** wots_sigs)
{ {
const XmssParams* params = state->params; const XmssParams* params = state->params;
@@ -2689,6 +2689,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
/* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */ /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
sk += params->idx_len + 4 * n; sk += params->idx_len + 4 * n;
if (2 * (int)params->d - 1 < 0)
return WC_FAILURE;
for (i = 0; i < 2 * (int)params->d - 1; i++) { for (i = 0; i < 2 * (int)params->d - 1; i++) {
/* Set pointers into SK. */ /* Set pointers into SK. */
bds[i].stack = sk; bds[i].stack = sk;
@@ -2715,6 +2718,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
if (wots_sigs != NULL) { if (wots_sigs != NULL) {
*wots_sigs = sk; *wots_sigs = sk;
} }
return 0;
} }
/* Store the BDS state into the secret/private key. /* Store the BDS state into the secret/private key.
@@ -2723,7 +2728,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
* @param [in, out] sk Secret/private key. * @param [in, out] sk Secret/private key.
* @param [in] bds BDS states. * @param [in] bds BDS states.
*/ */
static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
BdsState* bds) BdsState* bds)
{ {
int i; int i;
@@ -2743,15 +2748,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
/* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */ /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
sk += params->idx_len + 4 * n; sk += params->idx_len + 4 * n;
if (2 * (int)params->d - 1 < 0)
return WC_FAILURE;
for (i = 0; i < 2 * (int)params->d - 1; i++) { for (i = 0; i < 2 * (int)params->d - 1; i++) {
/* Skip pointers into sk. */ /* Skip pointers into sk. */
sk += skip; sk += skip;
/* Save values - big-endian encoded. */ /* Save values - big-endian encoded. */
c32to24(bds[i].next, sk); c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */
sk += 3; sk += 3;
sk[0] = bds[i].offset; sk[0] = bds[i].offset;
sk += 1; sk += 1;
} }
return 0;
} }
/******************************************** /********************************************
@@ -3297,6 +3307,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
if (ret == 0) if (ret == 0)
#endif #endif
{ {
/* Setup pointers into sk - assumes sk is initialized to zeros. */
ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
}
if (ret == 0) {
/* Offsets into seed. */ /* Offsets into seed. */
const byte* seed_priv = seed; const byte* seed_priv = seed;
const byte* seed_pub = seed + 2 * n; const byte* seed_pub = seed + 2 * n;
@@ -3306,9 +3320,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
/* Offsets into public key. */ /* Offsets into public key. */
byte* pk_seed = pk + n; byte* pk_seed = pk + n;
/* Setup pointers into sk - assumes sk is initialized to zeros. */
wc_xmss_bds_state_load(state, sk, bds, NULL);
/* Set first index to 0 in private key. idx_len always 4. */ /* Set first index to 0 in private key. idx_len always 4. */
*sk_idx = 0; *sk_idx = 0;
/* Set private key seed and private key for PRF in to private key. */ /* Set private key seed and private key for PRF in to private key. */
@@ -3333,7 +3344,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
XMEMCPY(sk_root, pk_root, 2 * n); XMEMCPY(sk_root, pk_root, 2 * n);
/* Store BDS state back into secret/private key. */ /* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds); ret = wc_xmss_bds_state_store(state, sk, bds);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -3412,8 +3423,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
#endif #endif
{ {
/* Load the BDS state from secret/private key. */ /* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, NULL); ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
}
if (ret == 0) {
/* Copy the index into the signature data: Sig = idx_sig || ... */ /* Copy the index into the signature data: Sig = idx_sig || ... */
*((word32*)sig) = *((word32*)sk); *((word32*)sig) = *((word32*)sk);
/* Read index from the secret key. */ /* Read index from the secret key. */
@@ -3468,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
if (ret == 0) { if (ret == 0) {
sig += params->wots_sig_len; sig += params->wots_sig_len;
/* Add authentication path (auth) and calc new root. */ /* Add authentication path (auth) and calc new root. */
XMEMCPY(sig, bds->authPath, h * n); XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */
ret = state->ret; ret = state->ret;
} }
@@ -3490,7 +3502,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
} }
if (ret == 0) { if (ret == 0) {
/* Store BDS state back into secret/private key. */ /* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds); ret = wc_xmss_bds_state_store(state, sk, bds);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -3580,14 +3592,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
/* Allocate memory for BDS states and tree hash instances. */ /* Allocate memory for BDS states and tree hash instances. */
ret = wc_xmss_bds_state_alloc(params, &bds); ret = wc_xmss_bds_state_alloc(params, &bds);
if (ret == 0) {
/* Load the BDS state from secret/private key. */
ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
}
if (ret == 0) { if (ret == 0) {
/* Offsets into seed. */ /* Offsets into seed. */
const byte* seed_priv = seed; const byte* seed_priv = seed;
const byte* seed_pub = seed + 2 * params->n; const byte* seed_pub = seed + 2 * params->n;
/* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
/* Set first index to 0 in private key. */ /* Set first index to 0 in private key. */
XMEMSET(sk, 0, params->idx_len); XMEMSET(sk, 0, params->idx_len);
/* Set private key seed and private key for PRF in to private key. */ /* Set private key seed and private key for PRF in to private key. */
@@ -3630,7 +3643,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
XMEMCPY(sk_root, pk_root, 2 * n); XMEMCPY(sk_root, pk_root, 2 * n);
/* Store BDS state back into secret/private key. */ /* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds); ret = wc_xmss_bds_state_store(state, sk, bds);
} }
/* Dispose of allocated data of BDS states. */ /* Dispose of allocated data of BDS states. */
@@ -4000,8 +4013,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
ret = wc_xmss_bds_state_alloc(params, &bds); ret = wc_xmss_bds_state_alloc(params, &bds);
if (ret == 0) { if (ret == 0) {
/* Load the BDS state from secret/private key. */ /* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
}
if (ret == 0) {
/* Copy the index into the signature data: Sig_MT = idx_sig. */ /* Copy the index into the signature data: Sig_MT = idx_sig. */
XMEMCPY(sig_mt, sk, idx_len); XMEMCPY(sig_mt, sk, idx_len);
@@ -4032,7 +4046,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
if (ret == 0) { if (ret == 0) {
/* Store BDS state back into secret/private key. */ /* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds); ret = wc_xmss_bds_state_store(state, sk, bds);
} }
/* Dispose of allocated data of BDS states. */ /* Dispose of allocated data of BDS states. */