mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
wolfcrypt/src/wc_xmss_impl.c: guided by clang-tidy 20.0.0_pre20250104, add some error-checking to wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), but ultimately, suppress a pair of stubborn apparently-false "function call argument is an uninitialized value" warnings, one in wc_xmss_bds_state_store() and one in wc_xmss_sign().
This commit is contained in:
Daniel Pouzzner
@@ -2675,7 +2675,7 @@ static void wc_xmss_bds_state_free(BdsState* bds)
|
||||
* @param [out] bds BDS states.
|
||||
* @param [out] wots_sigs WOTS signatures when XMSS^MT.
|
||||
*/
|
||||
static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
|
||||
static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
|
||||
BdsState* bds, byte** wots_sigs)
|
||||
{
|
||||
const XmssParams* params = state->params;
|
||||
@@ -2689,6 +2689,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
|
||||
/* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
|
||||
sk += params->idx_len + 4 * n;
|
||||
|
||||
if (2 * (int)params->d - 1 < 0)
|
||||
return WC_FAILURE;
|
||||
|
||||
for (i = 0; i < 2 * (int)params->d - 1; i++) {
|
||||
/* Set pointers into SK. */
|
||||
bds[i].stack = sk;
|
||||
@@ -2715,6 +2718,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
|
||||
if (wots_sigs != NULL) {
|
||||
*wots_sigs = sk;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Store the BDS state into the secret/private key.
|
||||
@@ -2723,7 +2728,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
|
||||
* @param [in, out] sk Secret/private key.
|
||||
* @param [in] bds BDS states.
|
||||
*/
|
||||
static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
|
||||
static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
|
||||
BdsState* bds)
|
||||
{
|
||||
int i;
|
||||
@@ -2743,15 +2748,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
|
||||
/* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
|
||||
sk += params->idx_len + 4 * n;
|
||||
|
||||
if (2 * (int)params->d - 1 < 0)
|
||||
return WC_FAILURE;
|
||||
|
||||
for (i = 0; i < 2 * (int)params->d - 1; i++) {
|
||||
/* Skip pointers into sk. */
|
||||
sk += skip;
|
||||
/* Save values - big-endian encoded. */
|
||||
c32to24(bds[i].next, sk);
|
||||
c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */
|
||||
sk += 3;
|
||||
sk[0] = bds[i].offset;
|
||||
sk += 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/********************************************
|
||||
@@ -3297,6 +3307,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
|
||||
if (ret == 0)
|
||||
#endif
|
||||
{
|
||||
/* Setup pointers into sk - assumes sk is initialized to zeros. */
|
||||
ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Offsets into seed. */
|
||||
const byte* seed_priv = seed;
|
||||
const byte* seed_pub = seed + 2 * n;
|
||||
@@ -3306,9 +3320,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
|
||||
/* Offsets into public key. */
|
||||
byte* pk_seed = pk + n;
|
||||
|
||||
/* Setup pointers into sk - assumes sk is initialized to zeros. */
|
||||
wc_xmss_bds_state_load(state, sk, bds, NULL);
|
||||
|
||||
/* Set first index to 0 in private key. idx_len always 4. */
|
||||
*sk_idx = 0;
|
||||
/* Set private key seed and private key for PRF in to private key. */
|
||||
@@ -3333,7 +3344,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
|
||||
XMEMCPY(sk_root, pk_root, 2 * n);
|
||||
|
||||
/* Store BDS state back into secret/private key. */
|
||||
wc_xmss_bds_state_store(state, sk, bds);
|
||||
ret = wc_xmss_bds_state_store(state, sk, bds);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -3412,8 +3423,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
|
||||
#endif
|
||||
{
|
||||
/* Load the BDS state from secret/private key. */
|
||||
wc_xmss_bds_state_load(state, sk, bds, NULL);
|
||||
|
||||
ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Copy the index into the signature data: Sig = idx_sig || ... */
|
||||
*((word32*)sig) = *((word32*)sk);
|
||||
/* Read index from the secret key. */
|
||||
@@ -3468,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
|
||||
if (ret == 0) {
|
||||
sig += params->wots_sig_len;
|
||||
/* Add authentication path (auth) and calc new root. */
|
||||
XMEMCPY(sig, bds->authPath, h * n);
|
||||
XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */
|
||||
ret = state->ret;
|
||||
}
|
||||
|
||||
@@ -3490,7 +3502,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Store BDS state back into secret/private key. */
|
||||
wc_xmss_bds_state_store(state, sk, bds);
|
||||
ret = wc_xmss_bds_state_store(state, sk, bds);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -3580,14 +3592,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
|
||||
|
||||
/* Allocate memory for BDS states and tree hash instances. */
|
||||
ret = wc_xmss_bds_state_alloc(params, &bds);
|
||||
if (ret == 0) {
|
||||
/* Load the BDS state from secret/private key. */
|
||||
ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Offsets into seed. */
|
||||
const byte* seed_priv = seed;
|
||||
const byte* seed_pub = seed + 2 * params->n;
|
||||
|
||||
/* Load the BDS state from secret/private key. */
|
||||
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
|
||||
|
||||
/* Set first index to 0 in private key. */
|
||||
XMEMSET(sk, 0, params->idx_len);
|
||||
/* Set private key seed and private key for PRF in to private key. */
|
||||
@@ -3630,7 +3643,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
|
||||
XMEMCPY(sk_root, pk_root, 2 * n);
|
||||
|
||||
/* Store BDS state back into secret/private key. */
|
||||
wc_xmss_bds_state_store(state, sk, bds);
|
||||
ret = wc_xmss_bds_state_store(state, sk, bds);
|
||||
}
|
||||
|
||||
/* Dispose of allocated data of BDS states. */
|
||||
@@ -4000,8 +4013,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
|
||||
ret = wc_xmss_bds_state_alloc(params, &bds);
|
||||
if (ret == 0) {
|
||||
/* Load the BDS state from secret/private key. */
|
||||
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
|
||||
|
||||
ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Copy the index into the signature data: Sig_MT = idx_sig. */
|
||||
XMEMCPY(sig_mt, sk, idx_len);
|
||||
|
||||
@@ -4032,7 +4046,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
|
||||
|
||||
if (ret == 0) {
|
||||
/* Store BDS state back into secret/private key. */
|
||||
wc_xmss_bds_state_store(state, sk, bds);
|
||||
ret = wc_xmss_bds_state_store(state, sk, bds);
|
||||
}
|
||||
|
||||
/* Dispose of allocated data of BDS states. */
|
||||
|
||||
Reference in New Issue
Block a user