wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8719 from philljj/coverity_april_2025

Browse Source 
Fix coverity warnings
This commit is contained in:
Sean Parkinson
2025-05-06 10:11:27 +10:00
committed by GitHub
parent dfec168402 baa7efa8af
commit 428915e492
7 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@@ -20968,6 +20968,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
byte good; byte good;
int ret = 0; int ret = 0;
XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE);
good = MaskPadding(input, pLen, macSz); good = MaskPadding(input, pLen, macSz);
/* 4th argument has potential to underflow, ssl->hmac function should /* 4th argument has potential to underflow, ssl->hmac function should
* either increment the size by (macSz + padLen + 1) before use or check on * either increment the size by (macSz + padLen + 1) before use or check on
@@ -21601,6 +21602,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
byte verify[WC_MAX_DIGEST_SIZE]; byte verify[WC_MAX_DIGEST_SIZE];
XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE); XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE);
if (ssl->specs.cipher_type == block) { if (ssl->specs.cipher_type == block) {
pad = input[msgSz - 1]; pad = input[msgSz - 1];
padByte = 1; padByte = 1;

2
src/ssl.c
View File

@@ -20538,6 +20538,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
unsigned int sum = 0; unsigned int sum = 0;
unsigned int outSz = MAX_OID_SZ; unsigned int outSz = MAX_OID_SZ;
unsigned char out[MAX_OID_SZ]; unsigned char out[MAX_OID_SZ];
XMEMSET(out, 0, sizeof(out));
#endif #endif
WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");

10
src/tls.c
View File

@@ -7746,8 +7746,11 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
if (ret != 0) { if (ret != 0) {
/* Cleanup on error, otherwise data owned by key share entry */ /* Cleanup on error, otherwise data owned by key share entry */
if (kse->privKey) {
ForceZero(kse->privKey, pvtSz);
XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
kse->privKey = NULL; kse->privKey = NULL;
}
XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
kse->pubKey = NULL; kse->pubKey = NULL;
} }
@@ -8338,7 +8341,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
kse->pubKey = NULL; kse->pubKey = NULL;
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
if (privKey) {
ForceZero(privKey, privSz);
XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
privKey = NULL;
}
#else #else
XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
kse->key = NULL; kse->key = NULL;
@@ -8807,8 +8814,11 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wc_FreeDhKey(dhKey); wc_FreeDhKey(dhKey);
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH);
keyShareEntry->key = NULL; keyShareEntry->key = NULL;
if (keyShareEntry->privKey) {
ForceZero(keyShareEntry->privKey, keyShareEntry->keyLen);
XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->privKey = NULL; keyShareEntry->privKey = NULL;
}
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = NULL; keyShareEntry->pubKey = NULL;
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);

2
src/tls13.c
View File

@@ -5966,6 +5966,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
WOLFSSL_ENTER("FindPsk"); WOLFSSL_ENTER("FindPsk");
XMEMSET(foundSuite, 0, sizeof(foundSuite));
ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz, ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
suite, &found, foundSuite); suite, &found, foundSuite);
if (ret == 0 && found) { if (ret == 0 && found) {

4
wolfcrypt/src/asn.c
View File

@@ -33849,6 +33849,8 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
byte oid[CTC_MAX_EKU_OID_SZ]; byte oid[CTC_MAX_EKU_OID_SZ];
word32 oidSz = CTC_MAX_EKU_OID_SZ; word32 oidSz = CTC_MAX_EKU_OID_SZ;
XMEMSET(oid, 0, sizeof(oid));
if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) { if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) {
WOLFSSL_MSG("Either idx or sz was too large"); WOLFSSL_MSG("Either idx or sz was too large");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -33876,6 +33878,8 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
word32 encodedOidSz = MAX_OID_SZ; word32 encodedOidSz = MAX_OID_SZ;
int ret; int ret;
XMEMSET(encodedOid, 0, sizeof(encodedOid));
if (cert == NULL || oid == NULL || der == NULL || derSz == 0) { if (cert == NULL || oid == NULL || der == NULL || derSz == 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }

1
wolfcrypt/src/sha.c
View File

@@ -780,6 +780,7 @@ int wc_ShaFinalRaw(wc_Sha* sha, byte* hash)
{ {
#ifdef LITTLE_ENDIAN_ORDER #ifdef LITTLE_ENDIAN_ORDER
word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
XMEMSET(digest, 0, sizeof(digest));
#endif #endif
if (sha == NULL || hash == NULL) { if (sha == NULL || hash == NULL) {

1
wolfcrypt/src/sha256.c
View File

@@ -1683,6 +1683,7 @@ static int InitSha256(wc_Sha256* sha256)
{ {
#ifdef LITTLE_ENDIAN_ORDER #ifdef LITTLE_ENDIAN_ORDER
word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
XMEMSET(digest, 0, sizeof(digest));
#endif #endif
if (sha256 == NULL || hash == NULL) { if (sha256 == NULL || hash == NULL) {