WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

cppcheck-2.13.0 mitigations peer review: 

* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
pull/7104/head
Daniel Pouzzner 2023-12-28 16:38:47 -06:00
parent 44b18de704
commit b17ec3b4bc
4 changed files with 57 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -35832,6 +35832,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables
*
* (suppress warning that ssl, a persistent
* non-local allocation, has its ->clSuites
* set to clSuites, a local stack allocation.
* we clear this assignment before returning.)
*/ */
/* Give user last chance to provide a cert for cipher selection */ /* Give user last chance to provide a cert for cipher selection */
if (ret == 0 && ssl->ctx->certSetupCb != NULL) if (ret == 0 && ssl->ctx->certSetupCb != NULL)

82
wolfcrypt/src/ecc.c
View File

@ -252,19 +252,27 @@ ECC Curve Sizes:
#define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED #define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED
#endif #endif
static WC_MAYBE_UNUSED WC_INLINE word32 ECC_KEY_MAX_BITS(const ecc_key *key) {
if (((key) == NULL) || ((key)->dp == NULL))
return MAX_ECC_BITS_USE;
else {
#if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \ #if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \
(!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224)) (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224))
return (word32)((key)->dp->size * 8);
#define ECC_KEY_MAX_BITS(key) \
((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE : \
((unsigned)((key)->dp->size * 8)))
#define ECC_KEY_MAX_BITS_NONULLCHECK(key) \
(((key)->dp == NULL) ? MAX_ECC_BITS_USE : \
((unsigned)((key)->dp->size * 8)))
#else #else
/* Add one bit for cases when order is a bit greater than prime. */ /* Add one bit for cases when order is a bit greater than prime. */
return (word32)((key)->dp->size * 8 + 1); #define ECC_KEY_MAX_BITS(key) \
((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE : \
((unsigned)((key)->dp->size * 8 + 1)))
#define ECC_KEY_MAX_BITS_NONULLCHECK(key) \
(((key)->dp == NULL) ? MAX_ECC_BITS_USE : \
((unsigned)((key)->dp->size * 8 + 1)))
#endif #endif
}
}
/* forward declarations */ /* forward declarations */
static int wc_ecc_new_point_ex(ecc_point** point, void* heap); static int wc_ecc_new_point_ex(ecc_point** point, void* heap);
@ -3482,12 +3490,12 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap)
XMEMSET(key, 0, sizeof(*key)); XMEMSET(key, 0, sizeof(*key));
#if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK) #if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK)
NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
#ifdef ALT_ECC_SIZE #ifdef ALT_ECC_SIZE
NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
#endif #endif
if (key->t1 == NULL || key->t2 == NULL if (key->t1 == NULL || key->t2 == NULL
#ifdef ALT_ECC_SIZE #ifdef ALT_ECC_SIZE
@ -3497,20 +3505,20 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap)
err = MEMORY_E; err = MEMORY_E;
} }
if (err == 0) { if (err == 0) {
err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
if (err == 0) { if (err == 0) {
err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
#ifdef ALT_ECC_SIZE #ifdef ALT_ECC_SIZE
if (err == 0) { if (err == 0) {
err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
if (err == 0) { if (err == 0) {
err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
if (err == 0) { if (err == 0) {
err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
#endif #endif
#else #else
@ -6578,12 +6586,12 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
err = wc_ecc_sign_hash_async(in, inlen, out, outlen, rng, key); err = wc_ecc_sign_hash_async(in, inlen, out, outlen, rng, key);
#else #else
NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (r == NULL) if (r == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (s == NULL) { if (s == NULL) {
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@ -6591,13 +6599,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
} }
#endif #endif
err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) { if (err != 0) {
FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
return err; return err;
} }
err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) { if (err != 0) {
FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@ -6722,16 +6730,16 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
{ {
int err = MP_OKAY; int err = MP_OKAY;
int loop_check = 0; int loop_check = 0;
DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (b == NULL) if (b == NULL)
err = MEMORY_E; err = MEMORY_E;
#endif #endif
if (err == MP_OKAY) { if (err == MP_OKAY) {
err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
#ifdef WOLFSSL_CUSTOM_CURVES #ifdef WOLFSSL_CUSTOM_CURVES
@ -7125,7 +7133,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
} }
e = key->e; e = key->e;
#else #else
NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (e_lcl == NULL) { if (e_lcl == NULL) {
return MEMORY_E; return MEMORY_E;
@ -7136,7 +7144,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
/* get the hash and load it as a bignum into 'e' */ /* get the hash and load it as a bignum into 'e' */
/* init the bignums */ /* init the bignums */
if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key))) != MP_OKAY) { if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key))) != MP_OKAY) {
FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC);
return err; return err;
} }
@ -8302,25 +8310,25 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
r = key->r; r = key->r;
s = key->s; s = key->s;
#else #else
NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (r == NULL) if (r == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (s == NULL) { if (s == NULL) {
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
return MEMORY_E; return MEMORY_E;
} }
#endif #endif
err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) { if (err != 0) {
FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
return err; return err;
} }
err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) { if (err != 0) {
FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@ -8621,9 +8629,9 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
ecc_point lcl_mG; ecc_point lcl_mG;
ecc_point lcl_mQ; ecc_point lcl_mQ;
#endif #endif
DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
#endif #endif
mp_int* e; mp_int* e;
mp_int* v = NULL; /* Will be w. */ mp_int* v = NULL; /* Will be w. */
@ -8639,7 +8647,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
err = mp_init(e); err = mp_init(e);
#else #else
NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (e_lcl == NULL) { if (e_lcl == NULL) {
return MEMORY_E; return MEMORY_E;
@ -8647,7 +8655,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
#endif #endif
e = e_lcl; e = e_lcl;
err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key));
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM_V */ #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM_V */
if (err != MP_OKAY) { if (err != MP_OKAY) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -8709,7 +8717,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
} }
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (w == NULL) { if (w == NULL) {
err = MEMORY_E; err = MEMORY_E;
@ -8722,7 +8730,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
v = w; v = w;
} }
if (err == MP_OKAY) { if (err == MP_OKAY) {
err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key));
} }
/* allocate points */ /* allocate points */

2
wolfcrypt/test/test.c
View File

@ -212,7 +212,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
int ret; int ret;
char tmpBuf[80]; char tmpBuf[80];
ret = vsnprintf(tmpBuf, sizeof(tmpBuf), format, args); ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
printf(tmpBuf); printf(tmpBuf);
return ret; return ret;

2
wolfssl/wolfcrypt/types.h
View File

@ -356,7 +356,7 @@ typedef struct w64wrapper {
#define WC_INLINE inline #define WC_INLINE inline
#endif #endif
#else #else
#define WC_INLINE #define WC_INLINE WC_MAYBE_UNUSED
#endif #endif
#else #else
#define WC_INLINE WC_MAYBE_UNUSED #define WC_INLINE WC_MAYBE_UNUSED