mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 05:50:51 +02:00
Merge pull request #10773 from rlm2002/coverity
24062026 Coverity fixes
This commit is contained in:
@@ -1188,10 +1188,6 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
|
||||
if (data == NULL || *data == NULL || len <= 0)
|
||||
return NULL;
|
||||
if (*data == NULL)
|
||||
return NULL;
|
||||
if (len <= 0)
|
||||
return NULL;
|
||||
|
||||
if (response != NULL)
|
||||
resp = *response;
|
||||
|
||||
+27
-7
@@ -15245,18 +15245,26 @@ static int ech_seek_extensions(byte* buf, word16* innerExtLen)
|
||||
word16 cipherSuitesLen;
|
||||
byte compressionLen;
|
||||
|
||||
*innerExtLen = 0;
|
||||
|
||||
idx = OPAQUE16_LEN + RAN_LEN;
|
||||
|
||||
sessionIdLen = buf[idx++];
|
||||
idx += sessionIdLen;
|
||||
|
||||
ato16(buf + idx, &cipherSuitesLen);
|
||||
if (cipherSuitesLen > MAX_RECORD_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
idx += OPAQUE16_LEN + cipherSuitesLen;
|
||||
|
||||
compressionLen = buf[idx++];
|
||||
idx += compressionLen;
|
||||
|
||||
ato16(buf + idx, innerExtLen);
|
||||
if (*innerExtLen > MAX_RECORD_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
idx += OPAQUE16_LEN;
|
||||
|
||||
return idx;
|
||||
@@ -15267,8 +15275,13 @@ static int ech_find_extension(byte* buf, word16* idx_p, word16 extType)
|
||||
word16 idx;
|
||||
word16 innerExtIdx;
|
||||
word16 innerExtLen;
|
||||
int seekRet;
|
||||
|
||||
innerExtIdx = ech_seek_extensions(buf + *idx_p, &innerExtLen) + *idx_p;
|
||||
seekRet = ech_seek_extensions(buf + *idx_p, &innerExtLen);
|
||||
if (seekRet < 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
innerExtIdx = (word16)seekRet + *idx_p;
|
||||
idx = innerExtIdx;
|
||||
|
||||
while (idx - innerExtIdx < innerExtLen) {
|
||||
@@ -15283,6 +15296,10 @@ static int ech_find_extension(byte* buf, word16* idx_p, word16 extType)
|
||||
|
||||
idx += OPAQUE16_LEN;
|
||||
ato16(buf + idx, &len);
|
||||
if (len > MAX_RECORD_SIZE ||
|
||||
(word16)(idx + OPAQUE16_LEN + len) < idx) {
|
||||
break;
|
||||
}
|
||||
idx += OPAQUE16_LEN + len;
|
||||
}
|
||||
|
||||
@@ -15691,20 +15708,23 @@ static int ech_tamper_padding(byte* innerCh, word32 innerChLen)
|
||||
{
|
||||
word16 idx;
|
||||
word16 innerExtLen;
|
||||
int seekRet;
|
||||
|
||||
/* get the unpadded length */
|
||||
idx = ech_seek_extensions(innerCh, &innerExtLen);
|
||||
seekRet = ech_seek_extensions(innerCh, &innerExtLen);
|
||||
if (seekRet < 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
idx = (word16)seekRet;
|
||||
idx += innerExtLen;
|
||||
|
||||
/* no padding, but the test would fail if the message is not incorrect...
|
||||
* so fail the callback */
|
||||
if (idx == innerChLen) {
|
||||
if (idx >= innerChLen) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
else {
|
||||
innerCh[idx] = '\x01';
|
||||
return 0;
|
||||
}
|
||||
innerCh[idx] = '\x01';
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ech_tamper_type(byte* innerCh, word32 innerChLen)
|
||||
|
||||
@@ -5499,7 +5499,9 @@ int test_wolfSSL_dtls_create_free_peer(void)
|
||||
ExpectIntEQ(wolfSSL_dtls_free_peer(peer), WOLFSSL_SUCCESS);
|
||||
|
||||
/* Invalid address string returns NULL. */
|
||||
ExpectNull(wolfSSL_dtls_create_peer(11111, (char*)"not-an-ip-address"));
|
||||
ExpectNull(peer = wolfSSL_dtls_create_peer(11111,
|
||||
(char*)"not-an-ip-address"));
|
||||
wolfSSL_dtls_free_peer(peer);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -1079,7 +1079,7 @@ int test_dtls13_epochs(void) {
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_3_client_method()));
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
/* Some manual setup to enter the epoch check */
|
||||
ExpectTrue(ssl->options.tls1_3 = 1);
|
||||
if (ssl != NULL) ssl->options.tls1_3 = 1;
|
||||
|
||||
inOutIdx = 0;
|
||||
if (ssl != NULL) ssl->keys.curEpoch64 = w64From32(0x0, 0x0);
|
||||
|
||||
+16
-16
@@ -122,7 +122,7 @@ int test_wc_LmsKey_sign_verify(void)
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
@@ -134,7 +134,7 @@ int test_wc_LmsKey_sign_verify(void)
|
||||
|
||||
wc_LmsKey_Free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
@@ -180,7 +180,7 @@ int test_wc_LmsKey_reload_cache(void)
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
/* Phase 1: Generate key and sign past cache window */
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(test_lms_init_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
@@ -214,7 +214,7 @@ int test_wc_LmsKey_reload_cache(void)
|
||||
wc_LmsKey_Free(&vkey);
|
||||
wc_LmsKey_Free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
@@ -975,7 +975,7 @@ int test_rfc9802_lms_x509_gen(void)
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
/* Single-level LMS (L1-H5-W8). */
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_lms_init(&key, 1, 5, 8), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ(rfc9802_gen_roundtrip(&key, LMS_TYPE, CTC_HSS_LMS, &rng, 8192),
|
||||
@@ -1012,31 +1012,31 @@ int test_rfc9802_lms_x509_gen(void)
|
||||
#endif
|
||||
|
||||
wc_LmsKey_Free(&key);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
|
||||
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 2)
|
||||
/* Multi-level HSS (L2-H5-W8): the signature embeds a lower-level LMS
|
||||
* public key + signature, exercising the larger, multi-level encoding. */
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_lms_init(&key, 2, 5, 8), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ(rfc9802_gen_roundtrip(&key, LMS_TYPE, CTC_HSS_LMS, &rng, 8192),
|
||||
TEST_SUCCESS);
|
||||
wc_LmsKey_Free(&key);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_LMS_MAX_LEVELS) || (WOLFSSL_LMS_MAX_LEVELS >= 3)
|
||||
/* Three-level HSS with Winternitz 4 (L3-H5-W4): exercises the deepest
|
||||
* multi-level encoding and a different Winternitz parameter than the
|
||||
* W8 cases above. */
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_lms_init(&key, 3, 5, 4), 0);
|
||||
ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ(rfc9802_gen_roundtrip(&key, LMS_TYPE, CTC_HSS_LMS, &rng, 8192),
|
||||
TEST_SUCCESS);
|
||||
wc_LmsKey_Free(&key);
|
||||
remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(LMS_TEST_PRIV_KEY_FILE);
|
||||
#endif
|
||||
|
||||
wc_FreeRng(&rng);
|
||||
@@ -1180,7 +1180,7 @@ int test_rfc9802_xmss_x509_gen(void)
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
/* Single-tree XMSS. */
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_xmss_init(&key, "XMSS-SHA2_10_256"), 0);
|
||||
ExpectIntEQ(wc_XmssKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ((int)key.is_xmssmt, 0);
|
||||
@@ -1224,11 +1224,11 @@ int test_rfc9802_xmss_x509_gen(void)
|
||||
/* XMSS */ 0x22, /* swap */ 0x23), TEST_SUCCESS);
|
||||
|
||||
wc_XmssKey_Free(&key);
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
|
||||
/* Multi-tree XMSS^MT: exercises the XMSSMT_TYPE selector, the
|
||||
* XMSSMTk public-key OID branch and the CTC_XMSSMT signature OID. */
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_xmss_init(&key, "XMSSMT-SHA2_20/2_256"), 0);
|
||||
ExpectIntEQ(wc_XmssKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ((int)key.is_xmssmt, 1);
|
||||
@@ -1241,19 +1241,19 @@ int test_rfc9802_xmss_x509_gen(void)
|
||||
ExpectIntEQ(rfc9802_gen_xmss_oid_tamper(&key, XMSSMT_TYPE, CTC_XMSSMT, &rng,
|
||||
/* XMSS^MT */ 0x23, /* swap */ 0x22), TEST_SUCCESS);
|
||||
wc_XmssKey_Free(&key);
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
|
||||
/* A second XMSS^MT parameter set (different embedded param-set OID and a
|
||||
* larger signature) to keep the encoder/auto-derive decoder exercised
|
||||
* across sizes now that the committed multi-size fixtures are gone. */
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
ExpectIntEQ(rfc9802_gen_xmss_init(&key, "XMSSMT-SHA2_20/4_256"), 0);
|
||||
ExpectIntEQ(wc_XmssKey_MakeKey(&key, &rng), 0);
|
||||
ExpectIntEQ((int)key.is_xmssmt, 1);
|
||||
ExpectIntEQ(rfc9802_gen_roundtrip(&key, XMSSMT_TYPE, CTC_XMSSMT, &rng,
|
||||
16384), TEST_SUCCESS);
|
||||
wc_XmssKey_Free(&key);
|
||||
remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
(void)remove(XMSS_GEN_TEST_PRIV_KEY_FILE);
|
||||
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
|
||||
@@ -768,8 +768,6 @@ int test_wolfSSL_PEM_write_PrivateKey(void)
|
||||
EVP_PKEY* readPriv = NULL;
|
||||
XFILE fp = XBADFILE;
|
||||
|
||||
remove(privFile);
|
||||
|
||||
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
|
||||
(long)sizeof_server_key_der_2048));
|
||||
|
||||
@@ -804,10 +802,7 @@ int test_wolfSSL_PEM_write_PrivateKey(void)
|
||||
|
||||
EVP_PKEY_free(readPriv);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (fp != XBADFILE) {
|
||||
XFCLOSE(fp);
|
||||
}
|
||||
remove(privFile);
|
||||
(void)remove(privFile);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
@@ -829,8 +824,6 @@ int test_wolfSSL_PEM_write_PUBKEY(void)
|
||||
int pubDerSz = 0;
|
||||
int readPubDerSz = 0;
|
||||
|
||||
remove(pubFile);
|
||||
|
||||
ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &serverKey,
|
||||
(long)sizeof_server_key_der_2048));
|
||||
|
||||
@@ -867,10 +860,7 @@ int test_wolfSSL_PEM_write_PUBKEY(void)
|
||||
XFREE(pubDer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
EVP_PKEY_free(readPub);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (fp != XBADFILE) {
|
||||
XFCLOSE(fp);
|
||||
}
|
||||
remove(pubFile);
|
||||
(void)remove(pubFile);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -574,6 +574,7 @@ int test_wolfSSL_ALPN_GetPeerProtocol_inval_ext(void)
|
||||
ExpectIntEQ(wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz),
|
||||
WC_NO_ERR_TRACE(BUFFER_ERROR));
|
||||
|
||||
wolfSSL_ALPN_FreePeerProtocol(ssl, &list);
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
#endif
|
||||
|
||||
+11
-5
@@ -1635,8 +1635,14 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
|
||||
PKCS7Attrib* attribs, int attribsSz)
|
||||
{
|
||||
int i;
|
||||
int maxSz = (int)min((word32)eaSz, (word32)attribsSz);
|
||||
int allAttribsSz = 0;
|
||||
int maxSz;
|
||||
word32 allAttribsSz = 0;
|
||||
|
||||
if (eaSz < 0 || attribsSz < 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
maxSz = (int)min((word32)eaSz, (word32)attribsSz);
|
||||
|
||||
for (i = 0; i < maxSz; i++)
|
||||
{
|
||||
@@ -1675,13 +1681,13 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
|
||||
* against the build's actual int maximum rather than assuming 32-bit
|
||||
* int, so the (int) cast below cannot overflow on narrow-int targets. */
|
||||
if (attribSz > (word32)WC_MAX_SINT_OF(int) ||
|
||||
(word32)allAttribsSz > (word32)WC_MAX_SINT_OF(int) - attribSz) {
|
||||
allAttribsSz > (word32)WC_MAX_SINT_OF(int) - attribSz) {
|
||||
WOLFSSL_MSG("PKCS7 attributes total size overflow");
|
||||
return BUFFER_E;
|
||||
}
|
||||
allAttribsSz += (int)attribSz;
|
||||
allAttribsSz += attribSz;
|
||||
}
|
||||
return allAttribsSz;
|
||||
return (int)allAttribsSz;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user