From de20bb7ba9947147944fbfa71cc7ffa1e9390410 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 5 Jul 2024 15:13:28 -0600 Subject: [PATCH 1/3] fix for coverity issue 394677 --- wolfcrypt/src/evp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8add13fad0..42949fc432 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -3283,6 +3283,8 @@ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) if (pkey == NULL) return 0; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; + if (bytes < 0) + return 0; return bytes*8; } From b948f6797c0f7a25927b46f61b64003b927c54be Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 5 Jul 2024 15:34:28 -0600 Subject: [PATCH 2/3] account for negative return value, fixes coverity issue 394678 --- src/ssl_asn1.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 9e9ef2d094..b93d8d5b0b 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -247,6 +247,11 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf) len = 0; } + if (len < 0) { + len = 0; /* wolfSSL_i2d_ASN1_INTEGER can return a value less than 0 + * on error */ + } + return len; } From fee9788bb06aae40ce9a8a5cbf5d8bf3dae8239c Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 5 Jul 2024 15:40:47 -0600 Subject: [PATCH 3/3] fix for coverity report 394710 --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index e7083fa657..2e23ea1fb1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -65656,7 +65656,7 @@ static int test_EccSigFailure_cm(void) size_t cert_sz = 0; ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0); - if (cert_buf != NULL) { + if (cert_buf != NULL && cert_sz > 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];