mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3919 from JacobBarthelmeh/StaticAnalysisTests_2

Browse Source 
Static analysis tests 2
This commit is contained in:
toddouska 2021-04-07 16:18:37 -07:00 committed by GitHub
commit 9e9506c260
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 202 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/ssl.c
View File

@ -3888,8 +3888,10 @@ error:
if (sk)
wolfSSL_sk_X509_free(sk);
for (i = 0; i < numCerts && certBuffers[i] != NULL; ++i) {
FreeDer(&certBuffers[i]);
if (certBuffers != NULL) {
for (i = 0; i < numCerts && certBuffers[i] != NULL; ++i) {
FreeDer(&certBuffers[i]);
}
}
if (certBuffers)
@ -26570,16 +26572,20 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
int ret = WOLFSSL_FAILURE;
int count = 0;
WOLFSSL_BIO *bio = NULL;
WOLFSSL_X509_CRL *crl =NULL;
WOLFSSL_X509_CRL *crl = NULL;
WOLFSSL_ENTER("wolfSSL_X509_load_crl_file");
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if ((bio == NULL) || (wolfSSL_BIO_read_filename(bio, file) <= 0)) {
if (bio == NULL) {
return ret;
}
if (wolfSSL_BIO_read_filename(bio, file) <= 0) {
wolfSSL_BIO_free(bio);
return ret;
}
if (type == WOLFSSL_FILETYPE_PEM) {
do {
crl = wolfSSL_PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
@ -26589,7 +26595,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
}
break;
}
ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
if (ret == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Adding crl failed");
@ -26599,7 +26605,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
wolfSSL_X509_CRL_free(crl);
crl = NULL;
} while(crl == NULL);
ret = count;
} else if (type == WOLFSSL_FILETYPE_ASN1) {
crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL);
@ -26616,10 +26622,10 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
} else {
WOLFSSL_MSG("Invalid file type");
}
wolfSSL_X509_CRL_free(crl);
wolfSSL_BIO_free(bio);
WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret);
return ret;
}
@ -32089,6 +32095,7 @@ int wolfSSL_RAND_egd(const char* nm)
}
#endif
XMEMSET(&rem, 0, sizeof(struct sockaddr_un));
if (nm == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -41265,9 +41272,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
WOLFSSL_MSG("Serial size error");
return WOLFSSL_FAILURE;
}
if ((int)sizeof(cert->serial) < serialSz) {
WOLFSSL_MSG("Serial buffer too small");
return BUFFER_E;
if (serialSz > EXTERNAL_SERIAL_SIZE ||
serialSz > CTC_SERIAL_SIZE) {
WOLFSSL_MSG("Serial size too large error");
return WOLFSSL_FAILURE;
}
XMEMCPY(cert->serial, serial, serialSz);
cert->serialSz = serialSz;
@ -52566,7 +52575,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t,
ts = (struct tm *)XGMTIME(&t_adj, tmpTime);
if (ts == NULL){
WOLFSSL_MSG("failed to get time data.");
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL_ASN1_TIME_free(s);
return NULL;
}
@ -52589,8 +52598,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t,
XSNPRINTF((char *)utc_str, sizeof(utc_str),
"%02d%02d%02d%02d%02d%02dZ",
utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec);
if (wolfSSL_ASN1_TIME_set_string(s, utc_str) != WOLFSSL_SUCCESS)
if (wolfSSL_ASN1_TIME_set_string(s, utc_str) != WOLFSSL_SUCCESS) {
wolfSSL_ASN1_TIME_free(s);
return NULL;
}
/* GeneralizedTime */
} else {
char gt_str[ASN_GENERALIZED_TIME_MAX];
@ -52605,8 +52616,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t,
XSNPRINTF((char *)gt_str, sizeof(gt_str),
"%4d%02d%02d%02d%02d%02dZ",
gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec);
if (wolfSSL_ASN1_TIME_set_string(s, gt_str) != WOLFSSL_SUCCESS)
if (wolfSSL_ASN1_TIME_set_string(s, gt_str) != WOLFSSL_SUCCESS) {
wolfSSL_ASN1_TIME_free(s);
return NULL;
}
}
return s;
@ -53376,6 +53389,7 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
pkcs7->len = ret;
if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) != 0) {
wolfSSL_PKCS7_free((PKCS7*)pkcs7);
return NULL;
}

3
tests/api.c
View File

@ -2748,6 +2748,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
}
ctx = wolfSSL_CTX_new(method);
}
if (ctx == NULL) {
goto done;
}
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))

10
wolfcrypt/benchmark/benchmark.c
View File

@ -6188,7 +6188,7 @@ void bench_eccsiPairGen(void)
byte id[] = { 0x01, 0x23, 0x34, 0x45 };
int ret;
mp_init(&ssk);
(void)mp_init(&ssk);
pvt = wc_ecc_new_point();
wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
(void)wc_MakeEccsiKey(&genKey, &gRng);
@ -6227,7 +6227,7 @@ void bench_eccsiValidate(void)
int valid;
int ret;
mp_init(&ssk);
(void)mp_init(&ssk);
pvt = wc_ecc_new_point();
wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
(void)wc_MakeEccsiKey(&genKey, &gRng);
@ -6272,7 +6272,7 @@ void bench_eccsi(void)
int ret;
int verified;
mp_init(&ssk);
(void)mp_init(&ssk);
pvt = wc_ecc_new_point();
(void)wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
(void)wc_MakeEccsiKey(&genKey, &gRng);
@ -6518,10 +6518,10 @@ void bench_sakke(void)
bench_stats_asym_finish("SAKKE", 1024, desc[10], 0, count, start, 0);
len = 0;
wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len);
(void)wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len);
if (len > 0) {
table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_GenerateSakkeRskTable(&genKey, rsk, table, &len);
(void)wc_GenerateSakkeRskTable(&genKey, rsk, table, &len);
}
(void)wc_SetSakkeRsk(&genKey, rsk, table, len);

9
wolfcrypt/src/eccsi.c
View File

@ -1666,6 +1666,7 @@ int wc_SetEccsiHash(EccsiKey* key, const byte* hash, byte hashSz)
* @param [in] pvt Public Validation Token (PVT) as an ECC point.
* @return 0 on success.
* @return BAD_FUNC_ARG when key, ssk or pvt is NULL.
* @return MP math errors when copy fails
*/
int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk, const ecc_point* pvt)
{
@ -1674,9 +1675,13 @@ int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk, const ecc_point* pvt)
if ((key == NULL) || (ssk == NULL) || (pvt == NULL)) {
err = BAD_FUNC_ARG;
}
if (err == 0) {
mp_copy(ssk, &key->ssk);
wc_ecc_copy_point(pvt, key->pvt);
err = mp_copy(ssk, &key->ssk);
}
if (err == 0) {
err = wc_ecc_copy_point(pvt, key->pvt);
}
return err;

8
wolfcrypt/src/pwdbased.c
View File

@ -415,10 +415,10 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
dLen = v;
sLen = v * ((saltLen + v - 1) / v);
if (passLen)
pLen = v * ((passLen + v - 1) / v);
else
pLen = 0;
/* with passLen checked at the top of the function for >= 0 then passLen
* must be 1 or greater here and is always 'true' */
pLen = v * ((passLen + v - 1) / v);
iLen = sLen + pLen;
totalLen = dLen + sLen + pLen;

13
wolfcrypt/src/sakke.c
View File

@ -6120,7 +6120,7 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
int err = 0;
byte h[WC_MAX_DIGEST_SIZE];
byte v[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
word32 hashSz = 0;
word32 i;
/* Step 1: A = hashfn( s ), where s = data | extra
@ -6128,7 +6128,16 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
*/
/* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */
XMEMSET(h, 0, hashSz);
err = wc_HashGetDigestSize(hashType);
if (err > 0) {
hashSz = (word32)err;
XMEMSET(h, 0, hashSz);
err = 0; /* reset err value after getting digest size */
}
else if (err == 0) {
/* invalid hash digest size */
err = BAD_FUNC_ARG;
}
/* Step 3: l = Ceiling(lg(n)/hashlen) */
/* Step 4: For each i in 1 to l, do */

243
wolfcrypt/test/test.c
View File

@ -27281,7 +27281,7 @@ static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
return -10117;
decPvt = wc_ecc_new_point();
if (ret != 0)
if (decPvt == NULL)
return -10118;
ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
@ -27645,80 +27645,100 @@ static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
int eccsi_test(void)
{
int ret;
int ret = 0;
WC_RNG rng;
EccsiKey* priv;
EccsiKey* pub;
mp_int* ssk;
ecc_point* pvt;
EccsiKey* priv = NULL;
EccsiKey* pub = NULL;
mp_int* ssk = NULL;
ecc_point* pvt = NULL;
priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10205;
ret = -10205;
}
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
if (ret == 0) {
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10206;
}
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10207;
if (pub == NULL) {
ret = -10206;
}
}
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return -10200;
if (ret == 0) {
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) {
ret = -10207;
}
}
pvt = wc_ecc_new_point();
if (pvt == NULL)
return -10201;
ret = mp_init(ssk);
if (ret != 0)
return -10202;
if (ret == 0) {
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ret = -10200;
}
ret = eccsi_api_test(&rng, priv, ssk, pvt);
if (ret != 0)
return ret;
if (ret == 0) {
pvt = wc_ecc_new_point();
if (pvt == NULL)
ret = -10201;
}
ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
return -10203;
if (ret == 0) {
ret = mp_init(ssk);
if (ret != 0)
ret = -10202;
}
ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
return -10204;
if (ret == 0) {
ret = eccsi_api_test(&rng, priv, ssk, pvt);
}
ret = eccsi_kat_verify_test(pub, pvt);
if (ret != 0)
return ret;
if (ret == 0) {
ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ret = -10203;
}
ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
if (ret != 0)
return ret;
if (ret == 0) {
ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ret = -10204;
}
ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
if (ret != 0)
return ret;
if (ret == 0) {
ret = eccsi_kat_verify_test(pub, pvt);
}
if (ret == 0) {
ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
}
if (ret == 0) {
ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
}
wc_FreeEccsiKey(priv);
wc_FreeEccsiKey(pub);
mp_free(ssk);
wc_ecc_del_point(pvt);
wc_FreeRng(&rng);
XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
if (ret != -10200)
wc_FreeRng(&rng);
if (ssk != NULL)
XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL)
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL)
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WOLFCRYPT_HAVE_ECCSI */
@ -28771,82 +28791,99 @@ static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
int sakke_test(void)
{
int ret;
int ret = 0;
WC_RNG rng;
SakkeKey* priv;
SakkeKey* pub;
SakkeKey* key;
SakkeKey* priv = NULL;
SakkeKey* pub = NULL;
SakkeKey* key = NULL;
ecc_point* rsk = NULL;
priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10404;
ret = -10404;
}
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
if (ret == 0) {
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10405;
if (pub == NULL) {
ret = -10405;
}
}
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
if (ret == 0) {
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10406;
if (key == NULL) {
ret = -10406;
}
}
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return -10400;
if (ret == 0) {
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ret = -10400;
}
rsk = wc_ecc_new_point();
if (rsk == NULL)
return -10401;
if (ret == 0) {
rsk = wc_ecc_new_point();
if (rsk == NULL)
ret = -10401;
}
ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
return -10402;
if (ret == 0) {
ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ret = -10402;
}
ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
return -10403;
if (ret == 0) {
ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ret = -10403;
}
ret = sakke_api_test(&rng, key, rsk);
if (ret != 0)
return ret;
if (ret == 0) {
ret = sakke_api_test(&rng, key, rsk);
}
ret = sakke_kat_derive_test(pub, rsk);
if (ret != 0)
return ret;
if (ret == 0) {
ret = sakke_kat_derive_test(pub, rsk);
}
ret = sakke_kat_encapsulate_test(pub);
if (ret != 0)
return ret;
if (ret == 0) {
ret = sakke_kat_encapsulate_test(pub);
}
ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
if (ret != 0)
return ret;
if (ret == 0) {
ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
}
ret = sakke_op_test(priv, pub, &rng, rsk);
if (ret != 0)
return ret;
if (ret == 0) {
ret = sakke_op_test(priv, pub, &rng, rsk);
}
wc_FreeSakkeKey(priv);
wc_FreeSakkeKey(pub);
wc_ecc_forcezero_point(rsk);
wc_ecc_del_point(rsk);
wc_FreeRng(&rng);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
if (ret != -10400)
wc_FreeRng(&rng);
if (key != NULL)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL)
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL)
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WOLFCRYPT_HAVE_SAKKE */