scan-build warnings

pull/1898/head
Jacob Barthelmeh 2018-10-24 17:20:00 -06:00 committed by David Garske
parent b3506c836c
commit 5a59fdd6fd
2 changed files with 35 additions and 31 deletions

View File

@ -4980,6 +4980,10 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len)
} else if (ts->tm_year >= 100 && ts->tm_year < 150) { } else if (ts->tm_year >= 100 && ts->tm_year < 150) {
year = ts->tm_year - 100; year = ts->tm_year - 100;
} }
else {
WOLFSSL_MSG("unsupported year range");
return BAD_FUNC_ARG;
}
mon = ts->tm_mon + 1; mon = ts->tm_mon + 1;
day = ts->tm_mday; day = ts->tm_mday;
hour = ts->tm_hour; hour = ts->tm_hour;

View File

@ -3414,6 +3414,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
DYNAMIC_TYPE_PKCS7); DYNAMIC_TYPE_PKCS7);
if (pkcs7->stream->nonce == NULL) { if (pkcs7->stream->nonce == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
break;
} }
else { else {
pkcs7->stream->nonceSz = contentTypeSz; pkcs7->stream->nonceSz = contentTypeSz;
@ -3560,6 +3561,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
DYNAMIC_TYPE_PKCS7); DYNAMIC_TYPE_PKCS7);
if (pkcs7->stream->content == NULL) { if (pkcs7->stream->content == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
break;
} }
else { else {
XMEMCPY(pkcs7->stream->content, content, contentSz); XMEMCPY(pkcs7->stream->content, content, contentSz);
@ -3595,7 +3597,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length); wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) { if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg; pkiMsg2 = pkiMsg;
@ -3721,7 +3722,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length); wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) { if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg; pkiMsg2 = pkiMsg;
@ -3780,7 +3780,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length); wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) { if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg; pkiMsg2 = pkiMsg;
@ -6746,7 +6745,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
word32* idx, byte* decryptedKey, word32* idx, byte* decryptedKey,
word32* decryptedKeySz, int* recipFound) word32* decryptedKeySz, int* recipFound)
{ {
int length, encryptedKeySz, ret = 0; int length, encryptedKeySz = 0, ret = 0;
int keySz, version, sidType = 0; int keySz, version, sidType = 0;
word32 encOID; word32 encOID;
word32 keyIdx; word32 keyIdx;
@ -6937,8 +6936,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->expected, &pkiMsg, idx)) != 0) { pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
encryptedKeySz = pkcs7->stream->expected;
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
#endif #endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -7702,12 +7700,12 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
/* mark recipFound, since we only support one RecipientInfo for now */ /* mark recipFound, since we only support one RecipientInfo for now */
*recipFound = 1; *recipFound = 1;
*idx += length; *idx += length;
ret = 0; /* success */
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
break; break;
} }
#endif #endif
ret = 0; /* success */
break; break;
default: default:
@ -8249,7 +8247,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
word32 inSz, word32* idx, word32 inSz, word32* idx,
int type) int type)
{ {
int version, length, ret = 0; int version = 0, length, ret = 0;
word32 contentType; word32 contentType;
byte* pkiMsg = in; byte* pkiMsg = in;
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
@ -8374,6 +8372,9 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
if (ret == 0 && GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0) if (ret == 0 && GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (ret < 0)
break;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
break; break;
@ -8398,6 +8399,9 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
if (ret == 0 && GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0) if (ret == 0 && GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (ret < 0)
break;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
break; break;
@ -8443,14 +8447,18 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
if (ret == 0 && GetSet(pkiMsg, idx, &length, pkiMsgSz) < 0) if (ret == 0 && GetSet(pkiMsg, idx, &length, pkiMsgSz) < 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (ret == 0) if (ret < 0)
ret = length; break;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
break; break;
} }
#endif #endif
if (ret == 0)
ret = length;
break; break;
default: default:
@ -8485,9 +8493,9 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
word32 outputSz) word32 outputSz)
{ {
int recipFound = 0; int recipFound = 0;
int ret, length; int ret, length = 0;
word32 idx = 0, tmpIdx = 0; word32 idx = 0, tmpIdx = 0;
word32 contentType, encOID; word32 contentType, encOID = 0;
word32 decryptedKeySz; word32 decryptedKeySz;
int expBlockSz = 0, blockKeySz = 0; int expBlockSz = 0, blockKeySz = 0;
@ -8510,6 +8518,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
(void)tmpIv; /* help out static analysis */
if (pkcs7->stream == NULL) { if (pkcs7->stream == NULL) {
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) { if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
return ret; return ret;
@ -8559,8 +8568,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
case WC_PKCS7_DECRYPT_PWRI: case WC_PKCS7_DECRYPT_PWRI:
case WC_PKCS7_DECRYPT_ORI: case WC_PKCS7_DECRYPT_ORI:
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
decryptedKey = pkcs7->stream->aad; decryptedKey = pkcs7->stream->aad;
decryptedKeySz = MAX_ENCRYPTED_KEY_SZ; decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
#endif #endif
@ -8715,7 +8722,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz);
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz,
&encryptedContentSz); &encryptedContentSz);
tmpIv = pkcs7->stream->tmpIv; tmpIv = pkcs7->stream->tmpIv;
@ -9234,15 +9240,15 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
int recipFound = 0; int recipFound = 0;
int ret, length; int ret, length;
word32 idx = 0, tmpIdx = 0; word32 idx = 0, tmpIdx = 0;
word32 contentType, encOID; word32 contentType, encOID = 0;
word32 decryptedKeySz; word32 decryptedKeySz = 0;
byte* pkiMsg = in; byte* pkiMsg = in;
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
int expBlockSz, blockKeySz = 0; int expBlockSz = 0, blockKeySz = 0;
byte authTag[AES_BLOCK_SIZE]; byte authTag[AES_BLOCK_SIZE];
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */ byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
int nonceSz, authTagSz, macSz; int nonceSz = 0, authTagSz = 0, macSz = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* decryptedKey = NULL; byte* decryptedKey = NULL;
@ -9296,8 +9302,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
MAX_VERSION_SZ + ASN_TAG_SZ, &pkiMsg, &idx)) != 0) { MAX_VERSION_SZ + ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
#endif #endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
@ -9538,7 +9542,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
return ret; return ret;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
length = pkcs7->stream->expected; length = pkcs7->stream->expected;
encodedAttribs = pkcs7->stream->aad; encodedAttribs = pkcs7->stream->aad;
#endif #endif
@ -9549,7 +9552,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) { if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) {
WOLFSSL_MSG("Error parsing authenticated attributes"); WOLFSSL_MSG("Error parsing authenticated attributes");
ret = ASN_PARSE_E; return ASN_PARSE_E;
} }
idx += length; idx += length;
@ -9676,7 +9679,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
encodedAttribs = pkcs7->stream->aad; encodedAttribs = pkcs7->stream->aad;
} }
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz);
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz); wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz);
encryptedContent = pkcs7->stream->bufferPt; encryptedContent = pkcs7->stream->bufferPt;
#endif #endif
@ -9703,9 +9705,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
/* free memory, zero out keys */ /* free memory, zero out keys */
ForceZero(encryptedContent, encryptedContentSz); ForceZero(encryptedContent, encryptedContentSz);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (decryptedKey != NULL) {
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
decryptedKey = NULL; decryptedKey = NULL;
@ -10027,7 +10027,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
byte tmpIvBuf[MAX_CONTENT_IV_SIZE]; byte tmpIvBuf[MAX_CONTENT_IV_SIZE];
byte *tmpIv = tmpIvBuf; byte *tmpIv = tmpIvBuf;
int encryptedContentSz; int encryptedContentSz = 0;
byte padLen; byte padLen;
byte* encryptedContent = NULL; byte* encryptedContent = NULL;
@ -10043,6 +10043,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
(void)tmpIv; /* help out static analysis */
if (pkcs7->stream == NULL) { if (pkcs7->stream == NULL) {
if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) { if ((ret = wc_PKCS7_CreateStream(pkcs7)) != 0) {
return ret; return ret;
@ -10208,9 +10209,6 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz); pkiMsgSz = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz);
/* restore saved variables */
expBlockSz = pkcs7->stream->varOne;
/* use IV buffer from stream structure */ /* use IV buffer from stream structure */
tmpIv = pkcs7->stream->tmpIv; tmpIv = pkcs7->stream->tmpIv;
length = pkcs7->stream->expected; length = pkcs7->stream->expected;
@ -10225,6 +10223,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
pkiMsgSz) <= 0) pkiMsgSz) <= 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (ret < 0)
break;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
/* next chunk of data should contain encrypted content */ /* next chunk of data should contain encrypted content */
pkcs7->stream->varThree = encryptedContentSz; pkcs7->stream->varThree = encryptedContentSz;