From b17ec3b4bcdc369824fadc5ad010b360fad79a9c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 28 Dec 2023 16:38:47 -0600 Subject: [PATCH] cppcheck-2.13.0 mitigations peer review: * add explanation in DoSessionTicket() re autoVariables. * re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK(). * in rsip_vprintf() use XVSNPRINTF() not vsnprintf(). * in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE. --- src/internal.c | 5 +++ wolfcrypt/src/ecc.c | 92 +++++++++++++++++++++------------------ wolfcrypt/test/test.c | 2 +- wolfssl/wolfcrypt/types.h | 2 +- 4 files changed, 57 insertions(+), 44 deletions(-) diff --git a/src/internal.c b/src/internal.c index fd19b2ee1..01e9de704 100644 --- a/src/internal.c +++ b/src/internal.c @@ -35832,6 +35832,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef OPENSSL_EXTRA ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables + * + * (suppress warning that ssl, a persistent + * non-local allocation, has its ->clSuites + * set to clSuites, a local stack allocation. + * we clear this assignment before returning.) */ /* Give user last chance to provide a cert for cipher selection */ if (ret == 0 && ssl->ctx->certSetupCb != NULL) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 0d0f7064a..72ab563bf 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -252,19 +252,27 @@ ECC Curve Sizes: #define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED #endif -static WC_MAYBE_UNUSED WC_INLINE word32 ECC_KEY_MAX_BITS(const ecc_key *key) { - if (((key) == NULL) || ((key)->dp == NULL)) - return MAX_ECC_BITS_USE; - else { - #if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \ - (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224)) - return (word32)((key)->dp->size * 8); - #else - /* Add one bit for cases when order is a bit greater than prime. */ - return (word32)((key)->dp->size * 8 + 1); - #endif - } -} +#if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \ + (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224)) + +#define ECC_KEY_MAX_BITS(key) \ + ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE : \ + ((unsigned)((key)->dp->size * 8))) +#define ECC_KEY_MAX_BITS_NONULLCHECK(key) \ + (((key)->dp == NULL) ? MAX_ECC_BITS_USE : \ + ((unsigned)((key)->dp->size * 8))) + +#else + +/* Add one bit for cases when order is a bit greater than prime. */ +#define ECC_KEY_MAX_BITS(key) \ + ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE : \ + ((unsigned)((key)->dp->size * 8 + 1))) +#define ECC_KEY_MAX_BITS_NONULLCHECK(key) \ + (((key)->dp == NULL) ? MAX_ECC_BITS_USE : \ + ((unsigned)((key)->dp->size * 8 + 1))) + +#endif /* forward declarations */ static int wc_ecc_new_point_ex(ecc_point** point, void* heap); @@ -3482,12 +3490,12 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) XMEMSET(key, 0, sizeof(*key)); #if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK) - NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC); #ifdef ALT_ECC_SIZE - NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC); #endif if (key->t1 == NULL || key->t2 == NULL #ifdef ALT_ECC_SIZE @@ -3497,20 +3505,20 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) err = MEMORY_E; } if (err == 0) { - err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } if (err == 0) { - err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } #ifdef ALT_ECC_SIZE if (err == 0) { - err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } if (err == 0) { - err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } if (err == 0) { - err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } #endif #else @@ -6578,12 +6586,12 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, err = wc_ecc_sign_hash_async(in, inlen, out, outlen, rng, key); #else - NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; #endif - NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); @@ -6591,13 +6599,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, } #endif - err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return err; } - err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); @@ -6722,16 +6730,16 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, { int err = MP_OKAY; int loop_check = 0; - DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE); - NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (b == NULL) err = MEMORY_E; #endif if (err == MP_OKAY) { - err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } #ifdef WOLFSSL_CUSTOM_CURVES @@ -7125,7 +7133,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, } e = key->e; #else - NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (e_lcl == NULL) { return MEMORY_E; @@ -7136,7 +7144,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* get the hash and load it as a bignum into 'e' */ /* init the bignums */ - if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key))) != MP_OKAY) { + if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key))) != MP_OKAY) { FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC); return err; } @@ -8302,25 +8310,25 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, r = key->r; s = key->s; #else - NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; #endif - NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } #endif - err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return err; } - err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); @@ -8621,9 +8629,9 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, ecc_point lcl_mG; ecc_point lcl_mQ; #endif - DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE); #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) - DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE); #endif mp_int* e; mp_int* v = NULL; /* Will be w. */ @@ -8639,7 +8647,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, err = mp_init(e); #else - NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (e_lcl == NULL) { return MEMORY_E; @@ -8647,7 +8655,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, #endif e = e_lcl; - err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key)); #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM_V */ if (err != MP_OKAY) { #ifdef WOLFSSL_SMALL_STACK @@ -8709,7 +8717,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ - NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); #ifdef MP_INT_SIZE_CHECK_NULL if (w == NULL) { err = MEMORY_E; @@ -8722,7 +8730,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, v = w; } if (err == MP_OKAY) { - err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key)); + err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } /* allocate points */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e5ad00575..f8bab002b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -212,7 +212,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; int ret; char tmpBuf[80]; - ret = vsnprintf(tmpBuf, sizeof(tmpBuf), format, args); + ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args); printf(tmpBuf); return ret; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 0d3468a5f..972066998 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -356,7 +356,7 @@ typedef struct w64wrapper { #define WC_INLINE inline #endif #else - #define WC_INLINE + #define WC_INLINE WC_MAYBE_UNUSED #endif #else #define WC_INLINE WC_MAYBE_UNUSED