Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Coverity issues reported #7714

Merged
merged 6 commits into from
Jul 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/ssl_load.c
Original file line number Diff line number Diff line change
Expand Up @@ -5264,7 +5264,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz);
}

if (ret != 1) {
if (ret != 1 && ssl != NULL) {
/* Free the allocated buffers if not assigned into SSL. */
XFREE(pAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(gAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
Expand Down Expand Up @@ -5496,7 +5496,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz);
}

if (ret != 1) {
if (ret != 1 && ssl != NULL) {
/* Free the allocated buffers if not assigned into SSL. */
XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
Expand Down Expand Up @@ -5563,7 +5563,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz);
}

if (ret != 1) {
if (ret != 1 && ctx != NULL) {
/* Free the allocated buffers if not assigned into SSL. */
XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
Expand Down
8 changes: 8 additions & 0 deletions wolfcrypt/src/dh.c
Original file line number Diff line number Diff line change
Expand Up @@ -2940,6 +2940,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
if (ret == 0) {
/* modulus size in bytes */
modSz /= WOLFSSL_BIT_SIZE;

if ((word32)modSz < groupSz) {
WOLFSSL_MSG("DH modSz was too small");
ret = BAD_FUNC_ARG;
}
}

if (ret == 0) {
bufSz = (word32)modSz - groupSz;

/* allocate ram */
Expand Down
2 changes: 2 additions & 0 deletions wolfcrypt/src/pkcs7.c
Original file line number Diff line number Diff line change
Expand Up @@ -8634,6 +8634,8 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
return BAD_FUNC_ARG;

padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
if (padSz < 0)
return padSz;

if (outSz < (inSz + padSz))
return BAD_FUNC_ARG;
Expand Down
11 changes: 5 additions & 6 deletions wolfcrypt/src/rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -673,13 +673,17 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)

int wc_CheckRsaKey(RsaKey* key)
{
DECL_MP_INT_SIZE_DYN(tmp, mp_bitsused(&key->n), RSA_MAX_SIZE);
#ifdef WOLFSSL_SMALL_STACK
WC_RNG *rng = NULL;
#else
WC_RNG rng[1];
#endif
int ret = 0;
DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE);

if (key == NULL) {
return BAD_FUNC_ARG;
}

#ifdef WOLFSSL_CAAM
/* can not perform these checks on an encrypted key */
Expand Down Expand Up @@ -711,11 +715,6 @@ int wc_CheckRsaKey(RsaKey* key)
ret = MP_INIT_E;
}

if (ret == 0) {
if (key == NULL)
ret = BAD_FUNC_ARG;
}

if (ret == 0)
ret = _ifc_pairwise_consistency_test(key, rng);

Expand Down
10 changes: 10 additions & 0 deletions wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -22272,6 +22272,11 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);

/* should fail since modSz is 16 and group size is 20 */
ret = wc_DhGenerateParams(rng, 128, smallKey);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);

ret = wc_DhGenerateParams(rng, 2056, smallKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
Expand Down Expand Up @@ -49466,6 +49471,11 @@ static wc_test_ret_t pkcs7signed_run_vectors(

XMEMSET(out, 0, outSz);

/* test inner pad size error with block size being 0 */
ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0);
if (ret > 0)
ERROR_OUT(-1, out);

ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
Expand Down
6 changes: 4 additions & 2 deletions wolfssl/wolfcrypt/sp_int.h
Original file line number Diff line number Diff line change
Expand Up @@ -695,9 +695,11 @@ typedef struct sp_ecc_ctx {
#define sp_clamp(a) \
do { \
int ii; \
for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
if ((a)->used > 0) { \
for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
} \
(a)->used = (unsigned int)ii + 1; \
} \
(a)->used = (unsigned int)ii + 1; \
} while (0)

/* Check the compiled and linked math implementation are the same.
Expand Down