mirror of https://github.com/wolfSSL/wolfssl.git
scan-build warnings
parent
b3506c836c
commit
5a59fdd6fd
|
@ -4980,6 +4980,10 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len)
|
||||||
} else if (ts->tm_year >= 100 && ts->tm_year < 150) {
|
} else if (ts->tm_year >= 100 && ts->tm_year < 150) {
|
||||||
year = ts->tm_year - 100;
|
year = ts->tm_year - 100;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
WOLFSSL_MSG("unsupported year range");
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
mon = ts->tm_mon + 1;
|
mon = ts->tm_mon + 1;
|
||||||
day = ts->tm_mday;
|
day = ts->tm_mday;
|
||||||
hour = ts->tm_hour;
|
hour = ts->tm_hour;
|
||||||
|
|
|
@ -3414,6 +3414,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
DYNAMIC_TYPE_PKCS7);
|
DYNAMIC_TYPE_PKCS7);
|
||||||
if (pkcs7->stream->nonce == NULL) {
|
if (pkcs7->stream->nonce == NULL) {
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
pkcs7->stream->nonceSz = contentTypeSz;
|
pkcs7->stream->nonceSz = contentTypeSz;
|
||||||
|
@ -3560,6 +3561,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
DYNAMIC_TYPE_PKCS7);
|
DYNAMIC_TYPE_PKCS7);
|
||||||
if (pkcs7->stream->content == NULL) {
|
if (pkcs7->stream->content == NULL) {
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XMEMCPY(pkcs7->stream->content, content, contentSz);
|
XMEMCPY(pkcs7->stream->content, content, contentSz);
|
||||||
|
@ -3595,7 +3597,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
||||||
if (pkcs7->stream->flagOne) {
|
if (pkcs7->stream->flagOne) {
|
||||||
pkiMsg2 = pkiMsg;
|
pkiMsg2 = pkiMsg;
|
||||||
|
@ -3721,7 +3722,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
&pkiMsg, &idx)) != 0) {
|
&pkiMsg, &idx)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
||||||
if (pkcs7->stream->flagOne) {
|
if (pkcs7->stream->flagOne) {
|
||||||
pkiMsg2 = pkiMsg;
|
pkiMsg2 = pkiMsg;
|
||||||
|
@ -3780,7 +3780,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
||||||
if (pkcs7->stream->flagOne) {
|
if (pkcs7->stream->flagOne) {
|
||||||
pkiMsg2 = pkiMsg;
|
pkiMsg2 = pkiMsg;
|
||||||
|
@ -6746,7 +6745,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
word32* idx, byte* decryptedKey,
|
word32* idx, byte* decryptedKey,
|
||||||
word32* decryptedKeySz, int* recipFound)
|
word32* decryptedKeySz, int* recipFound)
|
||||||
{
|
{
|
||||||
int length, encryptedKeySz, ret = 0;
|
int length, encryptedKeySz = 0, ret = 0;
|
||||||
int keySz, version, sidType = 0;
|
int keySz, version, sidType = 0;
|
||||||
word32 encOID;
|
word32 encOID;
|
||||||
word32 keyIdx;
|
word32 keyIdx;
|
||||||
|
@ -6937,8 +6936,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
|
pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
encryptedKeySz = pkcs7->stream->expected;
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
@ -7702,12 +7700,12 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
/* mark recipFound, since we only support one RecipientInfo for now */
|
/* mark recipFound, since we only support one RecipientInfo for now */
|
||||||
*recipFound = 1;
|
*recipFound = 1;
|
||||||
*idx += length;
|
*idx += length;
|
||||||
ret = 0; /* success */
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
ret = 0; /* success */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -8249,7 +8247,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
|
||||||
word32 inSz, word32* idx,
|
word32 inSz, word32* idx,
|
||||||
int type)
|
int type)
|
||||||
{
|
{
|
||||||
int version, length, ret = 0;
|
int version = 0, length, ret = 0;
|
||||||
word32 contentType;
|
word32 contentType;
|
||||||
byte* pkiMsg = in;
|
byte* pkiMsg = in;
|
||||||
word32 pkiMsgSz = inSz;
|
word32 pkiMsgSz = inSz;
|
||||||
|
@ -8374,6 +8372,9 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
|
||||||
if (ret == 0 && GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
|
if (ret == 0 && GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
|
||||||
|
if (ret < 0)
|
||||||
|
break;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
|
@ -8398,6 +8399,9 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
|
||||||
if (ret == 0 && GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0)
|
if (ret == 0 && GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
|
||||||
|
if (ret < 0)
|
||||||
|
break;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
|
@ -8443,14 +8447,18 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
|
||||||
if (ret == 0 && GetSet(pkiMsg, idx, &length, pkiMsgSz) < 0)
|
if (ret == 0 && GetSet(pkiMsg, idx, &length, pkiMsgSz) < 0)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
|
||||||
if (ret == 0)
|
if (ret < 0)
|
||||||
ret = length;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (ret == 0)
|
||||||
|
ret = length;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -8485,9 +8493,9 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
word32 outputSz)
|
word32 outputSz)
|
||||||
{
|
{
|
||||||
int recipFound = 0;
|
int recipFound = 0;
|
||||||
int ret, length;
|
int ret, length = 0;
|
||||||
word32 idx = 0, tmpIdx = 0;
|
word32 idx = 0, tmpIdx = 0;
|
||||||
word32 contentType, encOID;
|
word32 contentType, encOID = 0;
|
||||||
word32 decryptedKeySz;
|
word32 decryptedKeySz;
|
||||||
|
|
||||||
int expBlockSz = 0, blockKeySz = 0;
|
int expBlockSz = 0, blockKeySz = 0;
|
||||||
|
@ -8510,6 +8518,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
(void)tmpIv; /* help out static analysis */
|
||||||
if (pkcs7->stream == NULL) {
|
if (pkcs7->stream == NULL) {
|
||||||
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
|
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -8559,8 +8568,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
case WC_PKCS7_DECRYPT_PWRI:
|
case WC_PKCS7_DECRYPT_PWRI:
|
||||||
case WC_PKCS7_DECRYPT_ORI:
|
case WC_PKCS7_DECRYPT_ORI:
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
|
|
||||||
inSz);
|
|
||||||
decryptedKey = pkcs7->stream->aad;
|
decryptedKey = pkcs7->stream->aad;
|
||||||
decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
|
decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
|
||||||
#endif
|
#endif
|
||||||
|
@ -8715,7 +8722,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz);
|
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz,
|
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz,
|
||||||
&encryptedContentSz);
|
&encryptedContentSz);
|
||||||
tmpIv = pkcs7->stream->tmpIv;
|
tmpIv = pkcs7->stream->tmpIv;
|
||||||
|
@ -9234,15 +9240,15 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
int recipFound = 0;
|
int recipFound = 0;
|
||||||
int ret, length;
|
int ret, length;
|
||||||
word32 idx = 0, tmpIdx = 0;
|
word32 idx = 0, tmpIdx = 0;
|
||||||
word32 contentType, encOID;
|
word32 contentType, encOID = 0;
|
||||||
word32 decryptedKeySz;
|
word32 decryptedKeySz = 0;
|
||||||
byte* pkiMsg = in;
|
byte* pkiMsg = in;
|
||||||
word32 pkiMsgSz = inSz;
|
word32 pkiMsgSz = inSz;
|
||||||
|
|
||||||
int expBlockSz, blockKeySz = 0;
|
int expBlockSz = 0, blockKeySz = 0;
|
||||||
byte authTag[AES_BLOCK_SIZE];
|
byte authTag[AES_BLOCK_SIZE];
|
||||||
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
|
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
|
||||||
int nonceSz, authTagSz, macSz;
|
int nonceSz = 0, authTagSz = 0, macSz = 0;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
byte* decryptedKey = NULL;
|
byte* decryptedKey = NULL;
|
||||||
|
@ -9296,8 +9302,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
MAX_VERSION_SZ + ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
|
MAX_VERSION_SZ + ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
|
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
|
||||||
|
@ -9538,7 +9542,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
|
||||||
length = pkcs7->stream->expected;
|
length = pkcs7->stream->expected;
|
||||||
encodedAttribs = pkcs7->stream->aad;
|
encodedAttribs = pkcs7->stream->aad;
|
||||||
#endif
|
#endif
|
||||||
|
@ -9549,7 +9552,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
|
|
||||||
if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) {
|
if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) {
|
||||||
WOLFSSL_MSG("Error parsing authenticated attributes");
|
WOLFSSL_MSG("Error parsing authenticated attributes");
|
||||||
ret = ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
idx += length;
|
idx += length;
|
||||||
|
@ -9676,7 +9679,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
encodedAttribs = pkcs7->stream->aad;
|
encodedAttribs = pkcs7->stream->aad;
|
||||||
}
|
}
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz);
|
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz);
|
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz);
|
||||||
encryptedContent = pkcs7->stream->bufferPt;
|
encryptedContent = pkcs7->stream->bufferPt;
|
||||||
#endif
|
#endif
|
||||||
|
@ -9703,9 +9705,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
|
||||||
/* free memory, zero out keys */
|
/* free memory, zero out keys */
|
||||||
ForceZero(encryptedContent, encryptedContentSz);
|
ForceZero(encryptedContent, encryptedContentSz);
|
||||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
if (decryptedKey != NULL) {
|
|
||||||
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
||||||
}
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
decryptedKey = NULL;
|
decryptedKey = NULL;
|
||||||
|
@ -10027,7 +10027,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
byte tmpIvBuf[MAX_CONTENT_IV_SIZE];
|
byte tmpIvBuf[MAX_CONTENT_IV_SIZE];
|
||||||
byte *tmpIv = tmpIvBuf;
|
byte *tmpIv = tmpIvBuf;
|
||||||
|
|
||||||
int encryptedContentSz;
|
int encryptedContentSz = 0;
|
||||||
byte padLen;
|
byte padLen;
|
||||||
byte* encryptedContent = NULL;
|
byte* encryptedContent = NULL;
|
||||||
|
|
||||||
|
@ -10043,6 +10043,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
(void)tmpIv; /* help out static analysis */
|
||||||
if (pkcs7->stream == NULL) {
|
if (pkcs7->stream == NULL) {
|
||||||
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
|
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -10208,9 +10209,6 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
|
|
||||||
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
|
||||||
|
|
||||||
/* restore saved variables */
|
|
||||||
expBlockSz = pkcs7->stream->varOne;
|
|
||||||
|
|
||||||
/* use IV buffer from stream structure */
|
/* use IV buffer from stream structure */
|
||||||
tmpIv = pkcs7->stream->tmpIv;
|
tmpIv = pkcs7->stream->tmpIv;
|
||||||
length = pkcs7->stream->expected;
|
length = pkcs7->stream->expected;
|
||||||
|
@ -10225,6 +10223,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||||
pkiMsgSz) <= 0)
|
pkiMsgSz) <= 0)
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
|
||||||
|
if (ret < 0)
|
||||||
|
break;
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
/* next chunk of data should contain encrypted content */
|
/* next chunk of data should contain encrypted content */
|
||||||
pkcs7->stream->varThree = encryptedContentSz;
|
pkcs7->stream->varThree = encryptedContentSz;
|
||||||
|
|
Loading…
Reference in New Issue