mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 09:14:14 +01:00
Address user reported coverity issues.
This commit is contained in:
parent
f991128d40
commit
98e28a74e3
@ -57,6 +57,7 @@
|
|||||||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||||
|
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
|
||||||
|
|
||||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
|
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
|
||||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
|
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
|
||||||
|
@ -97,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||||||
|
|
||||||
n *= 4;
|
n *= 4;
|
||||||
|
|
||||||
if( dlen < n + 1 )
|
if( ( dlen < n + 1 ) || ( NULL == dst ) )
|
||||||
{
|
{
|
||||||
*olen = n + 1;
|
*olen = n + 1;
|
||||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||||
|
@ -252,6 +252,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
size_t ilen, unsigned char *output, size_t *olen )
|
size_t ilen, unsigned char *output, size_t *olen )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
size_t block_size = 0;
|
||||||
|
|
||||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
||||||
{
|
{
|
||||||
@ -259,10 +260,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
}
|
}
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
block_size = mbedtls_cipher_get_block_size( ctx );
|
||||||
|
|
||||||
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
||||||
{
|
{
|
||||||
if( ilen != mbedtls_cipher_get_block_size( ctx ) )
|
if( ilen != block_size )
|
||||||
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
|
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
|
||||||
|
|
||||||
*olen = ilen;
|
*olen = ilen;
|
||||||
@ -285,8 +287,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if ( 0 == block_size )
|
||||||
|
{
|
||||||
|
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||||
|
}
|
||||||
|
|
||||||
if( input == output &&
|
if( input == output &&
|
||||||
( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
|
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
@ -300,9 +307,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
* If there is not enough data for a full block, cache it.
|
* If there is not enough data for a full block, cache it.
|
||||||
*/
|
*/
|
||||||
if( ( ctx->operation == MBEDTLS_DECRYPT &&
|
if( ( ctx->operation == MBEDTLS_DECRYPT &&
|
||||||
ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) ||
|
ilen + ctx->unprocessed_len <= block_size ) ||
|
||||||
( ctx->operation == MBEDTLS_ENCRYPT &&
|
( ctx->operation == MBEDTLS_ENCRYPT &&
|
||||||
ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) )
|
ilen + ctx->unprocessed_len < block_size ) )
|
||||||
{
|
{
|
||||||
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
||||||
ilen );
|
ilen );
|
||||||
@ -314,22 +321,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
/*
|
/*
|
||||||
* Process cached data first
|
* Process cached data first
|
||||||
*/
|
*/
|
||||||
if( ctx->unprocessed_len != 0 )
|
if( 0 != ctx->unprocessed_len )
|
||||||
{
|
{
|
||||||
copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len;
|
copy_len = block_size - ctx->unprocessed_len;
|
||||||
|
|
||||||
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
||||||
copy_len );
|
copy_len );
|
||||||
|
|
||||||
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
|
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
|
||||||
ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
|
ctx->operation, block_size, ctx->iv,
|
||||||
ctx->unprocessed_data, output ) ) )
|
ctx->unprocessed_data, output ) ) )
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
*olen += mbedtls_cipher_get_block_size( ctx );
|
*olen += block_size;
|
||||||
output += mbedtls_cipher_get_block_size( ctx );
|
output += block_size;
|
||||||
ctx->unprocessed_len = 0;
|
ctx->unprocessed_len = 0;
|
||||||
|
|
||||||
input += copy_len;
|
input += copy_len;
|
||||||
@ -341,9 +348,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||||||
*/
|
*/
|
||||||
if( 0 != ilen )
|
if( 0 != ilen )
|
||||||
{
|
{
|
||||||
copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
|
if( 0 == block_size )
|
||||||
|
{
|
||||||
|
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||||
|
}
|
||||||
|
|
||||||
|
copy_len = ilen % block_size;
|
||||||
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
|
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
|
||||||
copy_len = mbedtls_cipher_get_block_size( ctx );
|
copy_len = block_size;
|
||||||
|
|
||||||
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
|
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
|
||||||
copy_len );
|
copy_len );
|
||||||
|
@ -1827,7 +1827,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||||||
/* [M225] page 5 */
|
/* [M225] page 5 */
|
||||||
size_t b;
|
size_t b;
|
||||||
|
|
||||||
|
do {
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||||
|
} while( mbedtls_mpi_bitlen( d ) == 0);
|
||||||
|
|
||||||
/* Make sure the most significant bit is nbits */
|
/* Make sure the most significant bit is nbits */
|
||||||
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
|
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
|
||||||
|
@ -183,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||||||
mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
|
mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
|
||||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
|
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
|
||||||
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
|
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
|
||||||
|
if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
|
||||||
|
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
|
||||||
#endif /* MBEDTLS_CIPHER_C */
|
#endif /* MBEDTLS_CIPHER_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
#if defined(MBEDTLS_DHM_C)
|
||||||
|
@ -970,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
|
|||||||
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
|
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
|
||||||
{
|
{
|
||||||
int success = 0, first_error = 0, total_failed = 0;
|
int success = 0, first_error = 0, total_failed = 0;
|
||||||
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
int buf_format = MBEDTLS_X509_FORMAT_DER;
|
int buf_format = MBEDTLS_X509_FORMAT_DER;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check for valid input
|
* Check for valid input
|
||||||
@ -988,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||||||
{
|
{
|
||||||
buf_format = MBEDTLS_X509_FORMAT_PEM;
|
buf_format = MBEDTLS_X509_FORMAT_PEM;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
if( buf_format == MBEDTLS_X509_FORMAT_DER )
|
if( buf_format == MBEDTLS_X509_FORMAT_DER )
|
||||||
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
||||||
|
#else
|
||||||
|
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
if( buf_format == MBEDTLS_X509_FORMAT_PEM )
|
if( buf_format == MBEDTLS_X509_FORMAT_PEM )
|
||||||
@ -1064,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||||||
success = 1;
|
success = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
|
||||||
|
|
||||||
if( success )
|
if( success )
|
||||||
return( total_failed );
|
return( total_failed );
|
||||||
@ -1072,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||||||
return( first_error );
|
return( first_error );
|
||||||
else
|
else
|
||||||
return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
|
return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
|
||||||
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
@ -1353,6 +1357,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
|||||||
p = buf;
|
p = buf;
|
||||||
n = size;
|
n = size;
|
||||||
|
|
||||||
|
if( NULL == crt )
|
||||||
|
{
|
||||||
|
ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
|
||||||
|
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||||
|
|
||||||
|
return( (int) ( size - n ) );
|
||||||
|
}
|
||||||
|
|
||||||
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
|
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
|
||||||
prefix, crt->version );
|
prefix, crt->version );
|
||||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||||
|
@ -125,6 +125,7 @@ int main( void )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,6 +172,7 @@ int main( int argc, char **argv )
|
|||||||
( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
|
( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
|
||||||
|
fclose( fout );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -132,6 +132,7 @@ int main( void )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -157,6 +158,7 @@ int main( void )
|
|||||||
mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
|
mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
|
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -142,6 +142,7 @@ int main( int argc, char *argv[] )
|
|||||||
if( fwrite( buf, 1, olen, f ) != olen )
|
if( fwrite( buf, 1, olen, f ) != olen )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
|
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,6 +116,7 @@ int main( int argc, char *argv[] )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -110,6 +110,7 @@ int main( int argc, char *argv[] )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,6 +98,7 @@ int main( int argc, char *argv[] )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,6 +153,7 @@ int main( int argc, char *argv[] )
|
|||||||
if( fwrite( buf, 1, olen, f ) != olen )
|
if( fwrite( buf, 1, olen, f ) != olen )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
|
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,6 +89,7 @@ int main( int argc, char *argv[] )
|
|||||||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
|
||||||
|
fclose( f );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -397,6 +397,7 @@ int main( int argc, char *argv[] )
|
|||||||
if( suites_failed > 0)
|
if( suites_failed > 0)
|
||||||
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
|
||||||
|
|
||||||
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
|
/* return() is here to prevent compiler warnings */
|
||||||
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user