yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 18:25:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Address user reported coverity issues.

Browse Source
This commit is contained in:
Janos Follath 2016-05-31 14:03:54 +01:00 committed by Simon Butcher
parent f991128d40
commit 98e28a74e3
17 changed files with 81 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/mbedtls/cipher.h
View File

@ -57,6 +57,7 @@
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */

2
library/base64.c
View File

@ -97,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
n *= 4; n *= 4;
if( dlen < n + 1 ) if( ( dlen < n + 1 ) || ( NULL == dst ) )
{ {
*olen = n + 1; *olen = n + 1;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );

50
library/camellia.c
View File

@ -963,38 +963,38 @@ int mbedtls_camellia_self_test( int verbose )
mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
memcpy( src, camellia_test_cbc_iv, 16 ); memcpy( src, camellia_test_cbc_iv, 16 );
memcpy( dst, camellia_test_cbc_iv, 16 ); memcpy( dst, camellia_test_cbc_iv, 16 );
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
} else {
mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
}
for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
if( v == MBEDTLS_CAMELLIA_DECRYPT ) { if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
memcpy( iv , src, 16 ); mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); } else {
memcpy( dst, camellia_test_cbc_plain[i], 16 ); mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
memcpy( iv , dst, 16 );
memcpy( src, camellia_test_cbc_plain[i], 16 );
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
} }
mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
if( memcmp( buf, dst, 16 ) != 0 ) if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
{ memcpy( iv , src, 16 );
if( verbose != 0 ) memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
mbedtls_printf( "failed\n" ); memcpy( dst, camellia_test_cbc_plain[i], 16 );
} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
memcpy( iv , dst, 16 );
memcpy( src, camellia_test_cbc_plain[i], 16 );
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
}
return( 1 ); mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
} }
}
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( "passed\n" ); mbedtls_printf( "passed\n" );

34
library/cipher.c
View File

@ -252,6 +252,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
size_t ilen, unsigned char *output, size_t *olen ) size_t ilen, unsigned char *output, size_t *olen )
{ {
int ret; int ret;
size_t block_size = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
{ {
@ -259,10 +260,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
} }
*olen = 0; *olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx );
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{ {
if( ilen != mbedtls_cipher_get_block_size( ctx ) ) if( ilen != block_size )
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
*olen = ilen; *olen = ilen;
@ -285,8 +287,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
} }
#endif #endif
if ( 0 == block_size )
{
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
}
if( input == output && if( input == output &&
( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) ) ( ctx->unprocessed_len != 0 || ilen % block_size ) )
{ {
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
} }
@ -300,9 +307,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
* If there is not enough data for a full block, cache it. * If there is not enough data for a full block, cache it.
*/ */
if( ( ctx->operation == MBEDTLS_DECRYPT && if( ( ctx->operation == MBEDTLS_DECRYPT &&
ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || ilen + ctx->unprocessed_len <= block_size ) ||
( ctx->operation == MBEDTLS_ENCRYPT && ( ctx->operation == MBEDTLS_ENCRYPT &&
ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) ilen + ctx->unprocessed_len < block_size ) )
{ {
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen ); ilen );
@ -314,22 +321,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/* /*
* Process cached data first * Process cached data first
*/ */
if( ctx->unprocessed_len != 0 ) if( 0 != ctx->unprocessed_len )
{ {
copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len; copy_len = block_size - ctx->unprocessed_len;
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
copy_len ); copy_len );
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, ctx->operation, block_size, ctx->iv,
ctx->unprocessed_data, output ) ) ) ctx->unprocessed_data, output ) ) )
{ {
return( ret ); return( ret );
} }
*olen += mbedtls_cipher_get_block_size( ctx ); *olen += block_size;
output += mbedtls_cipher_get_block_size( ctx ); output += block_size;
ctx->unprocessed_len = 0; ctx->unprocessed_len = 0;
input += copy_len; input += copy_len;
@ -341,9 +348,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*/ */
if( 0 != ilen ) if( 0 != ilen )
{ {
copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); if( 0 == block_size )
{
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
}
copy_len = ilen % block_size;
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
copy_len = mbedtls_cipher_get_block_size( ctx ); copy_len = block_size;
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len ); copy_len );

4
library/ecp.c
View File

@ -1827,7 +1827,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
/* [M225] page 5 */ /* [M225] page 5 */
size_t b; size_t b;
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); do {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
} while( mbedtls_mpi_bitlen( d ) == 0);
/* Make sure the most significant bit is nbits */ /* Make sure the most significant bit is nbits */
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */

2
library/error.c
View File

@ -183,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
#endif /* MBEDTLS_CIPHER_C */ #endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)

16
library/x509_crt.c
View File

@ -970,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
{ {
int success = 0, first_error = 0, total_failed = 0; int success = 0, first_error = 0, total_failed = 0;
#if defined(MBEDTLS_PEM_PARSE_C)
int buf_format = MBEDTLS_X509_FORMAT_DER; int buf_format = MBEDTLS_X509_FORMAT_DER;
#endif
/* /*
* Check for valid input * Check for valid input
@ -988,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
{ {
buf_format = MBEDTLS_X509_FORMAT_PEM; buf_format = MBEDTLS_X509_FORMAT_PEM;
} }
#endif
if( buf_format == MBEDTLS_X509_FORMAT_DER ) if( buf_format == MBEDTLS_X509_FORMAT_DER )
return mbedtls_x509_crt_parse_der( chain, buf, buflen ); return mbedtls_x509_crt_parse_der( chain, buf, buflen );
#else
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
#endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
if( buf_format == MBEDTLS_X509_FORMAT_PEM ) if( buf_format == MBEDTLS_X509_FORMAT_PEM )
@ -1064,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
success = 1; success = 1;
} }
} }
#endif /* MBEDTLS_PEM_PARSE_C */
if( success ) if( success )
return( total_failed ); return( total_failed );
@ -1072,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
return( first_error ); return( first_error );
else else
return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
#endif /* MBEDTLS_PEM_PARSE_C */
} }
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
@ -1353,6 +1357,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
p = buf; p = buf;
n = size; n = size;
if( NULL == crt )
{
ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
MBEDTLS_X509_SAFE_SNPRINTF;
return( (int) ( size - n ) );
}
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
prefix, crt->version ); prefix, crt->version );
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;

1
programs/pkey/dh_client.c
View File

@ -125,6 +125,7 @@ int main( void )
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/dh_genprime.c
View File

@ -172,6 +172,7 @@ int main( int argc, char **argv )
( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
fclose( fout );
goto exit; goto exit;
} }

2
programs/pkey/dh_server.c
View File

@ -132,6 +132,7 @@ int main( void )
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }
@ -157,6 +158,7 @@ int main( void )
mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
{ {
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/pk_sign.c
View File

@ -142,6 +142,7 @@ int main( int argc, char *argv[] )
if( fwrite( buf, 1, olen, f ) != olen ) if( fwrite( buf, 1, olen, f ) != olen )
{ {
mbedtls_printf( "failed\n ! fwrite failed\n\n" ); mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/rsa_decrypt.c
View File

@ -116,6 +116,7 @@ int main( int argc, char *argv[] )
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/rsa_encrypt.c
View File

@ -110,6 +110,7 @@ int main( int argc, char *argv[] )
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/rsa_sign.c
View File

@ -98,6 +98,7 @@ int main( int argc, char *argv[] )
( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/rsa_sign_pss.c
View File

@ -153,6 +153,7 @@ int main( int argc, char *argv[] )
if( fwrite( buf, 1, olen, f ) != olen ) if( fwrite( buf, 1, olen, f ) != olen )
{ {
mbedtls_printf( "failed\n ! fwrite failed\n\n" ); mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit; goto exit;
} }

1
programs/pkey/rsa_verify.c
View File

@ -89,6 +89,7 @@ int main( int argc, char *argv[] )
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit; goto exit;
} }

3
programs/test/selftest.c
View File

@ -397,6 +397,7 @@ int main( int argc, char *argv[] )
if( suites_failed > 0) if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); mbedtls_exit( MBEDTLS_EXIT_FAILURE );
mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); /* return() is here to prevent compiler warnings */
return( 0 );
} }