Merge pull request #10467 from JacobBarthelmeh/static_analysis_2

Xilinx/AMD port fixes for sanity checks on return values and psoc6 sanity check on input arg
This commit is contained in:
David Garske
2026-05-17 22:22:12 -07:00
committed by GitHub
3 changed files with 51 additions and 9 deletions
@@ -527,6 +527,9 @@ int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devid)
int ret;
(void)heap;
(void)devid;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(sha, 0, sizeof(wc_Sha512));
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
+17 -4
View File
@@ -558,9 +558,18 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
tmp = out;
#endif
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
aes->keyInit);
XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
ret = XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
(word32*)iv, aes->keyInit);
if (ret == XST_SUCCESS) {
ret = XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
}
if (ret != XST_SUCCESS) {
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Xilinx AES-GCM encrypt failed");
return WC_HW_E;
}
XMEMCPY(authTag, tmp + sz, authTagSz);
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
XMEMCPY(out, tmp, sz);
@@ -624,8 +633,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
}
/* calls to hardened crypto */
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
ret = XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
(word32*)iv, aes->keyInit);
if (ret != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_AesInitialize failed");
return WC_HW_E;
}
ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
/* account for additional data */
+31 -5
View File
@@ -71,11 +71,16 @@ int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId)
*/
int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
{
int status;
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
WOLFSSL_XIL_DCACHE_FLUSH_RANGE((UINTPTR)data, len);
XSecure_Sha3Update(&(sha->xSec.cinst), XIL_CAST_U64(data), len);
status = XSecure_Sha3Update(&(sha->xSec.cinst), XIL_CAST_U64(data), len);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Update failed");
return WC_HW_E;
}
return 0;
}
@@ -88,11 +93,16 @@ int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
*/
int wc_Sha3_384_Final(wc_Sha3* sha, byte* out)
{
int status;
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
WOLFSSL_XIL_DCACHE_FLUSH_RANGE((UINTPTR)out, WC_SHA3_384_DIGEST_SIZE);
XSecure_Sha3Finish(&(sha->xSec.cinst), XIL_CAST_U64(out));
status = XSecure_Sha3Finish(&(sha->xSec.cinst), XIL_CAST_U64(out));
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Finish failed");
return WC_HW_E;
}
return wc_InitSha3_384(sha, NULL, INVALID_DEVID);
}
@@ -159,10 +169,15 @@ int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId)
*/
int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
{
int status;
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
XSecure_Sha3Update(&(sha->hw), (byte*)data, len);
status = XSecure_Sha3Update(&(sha->hw), (byte*)data, len);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Update failed");
return WC_HW_E;
}
return 0;
}
@@ -175,10 +190,15 @@ int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
*/
int wc_Sha3_384_Final(wc_Sha3* sha, byte* out)
{
int status;
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
XSecure_Sha3Finish(&(sha->hw), out);
status = XSecure_Sha3Finish(&(sha->hw), out);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3Finish failed");
return WC_HW_E;
}
return wc_InitSha3_384(sha, NULL, INVALID_DEVID);
}
@@ -204,6 +224,8 @@ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)
{
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
wc_Sha3 s;
#else
int status;
#endif
if (sha == NULL || out == NULL) {
@@ -217,7 +239,11 @@ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)
return wc_Sha3_384_Final(&s, out);
#else
XSecure_Sha3_ReadHash(&(sha->hw), out);
status = XSecure_Sha3_ReadHash(&(sha->hw), out);
if (status != XST_SUCCESS) {
WOLFSSL_MSG("XSecure_Sha3_ReadHash failed");
return WC_HW_E;
}
return 0;
#endif
}