Coverity fixes (#1509)

* Coverity fixes 3
2025-08-01 19:54:40 +02:00 · 2018-04-23 11:20:28 -05:00
parent 7d425a5ce6
commit 568d24c63c
4 changed files with 170 additions and 157 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -18594,9 +18594,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                        input + args->begin, verifySz); /* message */

                    if (args->sigAlgo != ed25519_sa_algo) {
+                        int digest_sz = wc_HashGetDigestSize(hashType);
+                        if (digest_sz <= 0) {
+                            ERROR_OUT(BUFFER_ERROR, exit_dske);
+                        }
+                        ssl->buffers.digest.length = (unsigned int)digest_sz;
+
                        /* buffer for hash */
-                        ssl->buffers.digest.length =
-                                                 wc_HashGetDigestSize(hashType);
                        ssl->buffers.digest.buffer = (byte*)XMALLOC(
                            ssl->buffers.digest.length, ssl->heap,
                            DYNAMIC_TYPE_DIGEST);
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -19041,6 +19041,9 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
        }
    }

+    if (protocol == UNKNOWN)
+        return NULL;
+    else
        return OUTPUT_STR[state][protocol][cbmode];
 }

@@ -31519,14 +31522,23 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
        *encLen = encTicketLen;

        /* HMAC the encrypted data into the parameter 'mac'. */
-        wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen);
-        wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz);
+        if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen))
+            goto end;
+#ifdef WOLFSSL_SHA512
+        /* Check for SHA512, which would overrun the mac buffer */
+        if (hmacCtx.hmac.macType == WC_SHA512)
+            goto end;
+#endif
+        if (!wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz))
+            goto end;
    }
    else
    {
        /* HMAC the encrypted data and compare it to the passed in data. */
-        wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen);
-        wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz);
+        if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen))
+            goto end;
+        if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz))
+            goto end;
        if (XMEMCMP(mac, digest, mdSz) != 0)
            goto end;

--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -3903,15 +3903,15 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
   #endif /* WOLFSSL_ASYNC_CRYPT */

       /* don't use async for key, since we don't support async return here */
-       if (wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID) == MP_OKAY) {
+       if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) {
       #ifdef WOLFSSL_CUSTOM_CURVES
           /* if custom curve, apply params to pubkey */
           if (key->idx == ECC_CUSTOM_IDX) {
-               wc_ecc_set_custom_curve(&pubkey, key->dp);
+               err = wc_ecc_set_custom_curve(&pubkey, key->dp);
           }
       #endif

-           for (;;) {
+           for (; err == MP_OKAY;) {
               if (++loop_check > 64) {
                    err = RNG_FAILURE_E;
                    break;
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -248,9 +248,6 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
        case AES_128_CTR_TYPE:
        case AES_192_CTR_TYPE:
        case AES_256_CTR_TYPE:
-            if (ctx->enc)
-                ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
-            else
            ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
            break;
    #endif