From 07baa27b20ceee7ee22032b34688f9101d52858f Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Tue, 19 Feb 2013 12:53:58 -0800
Subject: [PATCH] fix scan build for fastmath, dtls, ecc, psk, sha512

---
 ctaocrypt/benchmark/benchmark.c | 19 +++++++++++++++----
 ctaocrypt/src/pwdbased.c        |  6 +++++-
 cyassl/error.h                  |  1 +
 src/internal.c                  |  9 ++++++++-
 src/io.c                        | 23 ++++++++++++++++-------
 5 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c
index 021f4d5f0..bc29ccb39 100644
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@@ -852,15 +852,26 @@ void bench_eccKeyAgree(void)
 {
     ecc_key genKey, genKey2;
     double start, total, each, milliEach;
-    int    i;
+    int    i, ret;
     const int agreeTimes = 5;
     byte   shared[1024];
     byte   sig[1024];
     byte   digest[32];
     word32 x;
-  
-    ecc_make_key(&rng, 32, &genKey);
-    ecc_make_key(&rng, 32, &genKey2);
+ 
+    ecc_init(&genKey);
+    ecc_init(&genKey2);
+
+    ret = ecc_make_key(&rng, 32, &genKey);
+    if (ret != 0) {
+        printf("ecc_make_key failed\n");
+        return;
+    }
+    ret = ecc_make_key(&rng, 32, &genKey2);
+    if (ret != 0) {
+        printf("ecc_make_key failed\n");
+        return;
+    }
 
     /* 256 bit */ 
     start = current_time(1);
diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c
index b16638efc..4a791ed14 100644
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@@ -103,7 +103,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
     int    hLen;
     int    j;
     Hmac   hmac;
-    byte   buffer[INNER_HASH_SIZE];  /* max size */
+#ifdef CYASSL_SHA512
+    byte   buffer[SHA512_DIGEST_SIZE];
+#else
+    byte   buffer[INNER_HASH_SIZE];  /* max size, doesn't handle 512 yet */
+#endif
 
     if (hashType == MD5) {
         hLen = MD5_DIGEST_SIZE;
diff --git a/cyassl/error.h b/cyassl/error.h
index e7c4007d5..7ad273910 100644
--- a/cyassl/error.h
+++ b/cyassl/error.h
@@ -109,6 +109,7 @@ enum CyaSSL_ErrorCodes {
     BAD_KEA_TYPE_E         = -274,            /* bad KEA type found */
     SANITY_CIPHER_E        = -275,            /* sanity check on cipher error */
     RECV_OVERFLOW_E        = -276,            /* RXCB returned more than rqed */
+    GEN_COOKIE_E           = -277,            /* Generate Cookie Error */
     /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */
diff --git a/src/internal.c b/src/internal.c
index b25578126..f1f300b5c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5267,6 +5267,10 @@ void SetErrorString(int error, char* str)
         XSTRNCPY(str, "Receive callback returned more than requested", max);
         break;
 
+    case GEN_COOKIE_E:
+        XSTRNCPY(str, "Generate Cookie Error", max);
+        break;
+
     default :
         XSTRNCPY(str, "unknown error number", max);
     }
@@ -8897,7 +8901,10 @@ int SetCipherList(Suites* s, const char* list)
 
                 XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz);
                 *inOutIdx += ci_sz;
-                ssl->arrays->client_identity[ci_sz] = 0;
+                if (ci_sz < MAX_PSK_ID_LEN)
+                    ssl->arrays->client_identity[ci_sz] = 0;
+                else
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0;
 
                 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
                     ssl->arrays->client_identity, ssl->arrays->psk_key,
diff --git a/src/io.c b/src/io.c
index 8e22d5979..b55e60fb5 100644
--- a/src/io.c
+++ b/src/io.c
@@ -29,6 +29,7 @@
 #endif
 
 #include <cyassl/internal.h>
+#include <cyassl/error.h>
 
 /* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove
    automatic setting of default I/O functions EmbedSend() and EmbedReceive()
@@ -199,8 +200,10 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
             #else
                 struct timeval timeout = {dtls_timeout, 0};
             #endif
-            setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO,
-                                            (char*)&timeout, TIMEVAL_BYTES);
+            if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
+                           TIMEVAL_BYTES) != 0) {
+                CYASSL_MSG("setsockopt rcvtimeo failed");
+            }
         }
     }
 #endif
@@ -318,14 +321,17 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
     XSOCKLENT peerSz = sizeof(peer);
 
     CYASSL_ENTER("EmbedReceiveFrom()");
+
     if (!CyaSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
         #ifdef USE_WINDOWS_API
             DWORD timeout = dtls_timeout * 1000;
         #else
             struct timeval timeout = { dtls_timeout, 0 };
         #endif
-        setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO,
-                                            (char*)&timeout, TIMEVAL_BYTES);
+        if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
+                       TIMEVAL_BYTES) != 0) {
+                CYASSL_MSG("setsockopt rcvtimeo failed");
+        }
     }
 
     recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
@@ -365,8 +371,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
         }
     }
     else {
-        if (dtlsCtx != NULL
-                && dtlsCtx->peer.sz > 0
+        if (dtlsCtx->peer.sz > 0
                 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
                 && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
             CYASSL_MSG("    Ignored packet from invalid peer");
@@ -390,6 +395,7 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx)
     int err;
 
     CYASSL_ENTER("EmbedSendTo()");
+
     sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
                                 dtlsCtx->peer.sa, dtlsCtx->peer.sz);
     if (sent < 0) {
@@ -435,7 +441,10 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
     int cookieSrcSz = 0;
     Sha sha;
 
-    getpeername(sd, (struct sockaddr*)&peer, &peerSz);
+    if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
+        CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
+        return GEN_COOKIE_E;
+    }
     
     if (peer.sin_family == AF_INET) {
         struct sockaddr_in *s = (struct sockaddr_in*)&peer;