Merge pull request #8272 from daverodgman/iar-warnings

Fix IAR warnings
2025-07-29 11:41:15 +03:00 · 2023-09-29 13:11:03 +00:00
parent f7baf7bfb3 9ac0e72386
commit 16e9256fe8
7 changed files with 24 additions and 40 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@ -131,15 +131,17 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,

    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));

-    mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign);
+    {
+        mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign);

-    X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s);
+        X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s);

-    mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign);
+        mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign);

-    mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign);
-    for (size_t i = Y->n; i < X->n; i++) {
-        X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]);
+        mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign);
+        for (size_t i = Y->n; i < X->n; i++) {
+            X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]);
+        }
    }

 cleanup:
@ -386,7 +388,7 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z)

 /* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative.
 * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */
-#define TO_SIGN(x) ((((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1)
+#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1)

 /*
 * Set value from integer
--- a/library/pk.c
+++ b/library/pk.c
@ -514,9 +514,11 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    const mbedtls_pk_rsassa_pss_options *pss_opts;

+#if SIZE_MAX > UINT_MAX
    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }
+#endif

    if (options == NULL) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -262,9 +262,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
    size_t rsa_len = mbedtls_rsa_get_len(rsa);

+#if SIZE_MAX > UINT_MAX
    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }
+#endif

    if (sig_len < rsa_len) {
        return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@ -382,9 +384,11 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
 {
    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;

+#if SIZE_MAX > UINT_MAX
    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }
+#endif

    *sig_len = mbedtls_rsa_get_len(rsa);
    if (sig_size < *sig_len) {
@ -1565,9 +1569,11 @@ static int rsa_alt_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
 {
    mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;

+#if SIZE_MAX > UINT_MAX
    if (UINT_MAX < hash_len) {
        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
    }
+#endif

    *sig_len = rsa_alt->key_len_func(rsa_alt->key);
    if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@ -328,9 +328,11 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg,
    /* The Mbed TLS RSA module uses an unsigned int for hash length
     * parameters. Validate that it fits so that we don't risk an
     * overflow later. */
+#if SIZE_MAX > UINT_MAX
    if (hash_length > UINT_MAX) {
        return PSA_ERROR_INVALID_ARGUMENT;
    }
+#endif

    /* For signatures using a hash, the hash length must be correct. */
    if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
--- a/library/sha256.c
+++ b/library/sha256.c
@ -681,6 +681,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    uint32_t used;
    uint32_t high, low;
+    int truncated = 0;

    /*
     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
@ -728,7 +729,6 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
    MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
    MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);

-    int truncated = 0;
 #if defined(MBEDTLS_SHA224_C)
    truncated = ctx->is224;
 #endif
--- a/library/sha512.c
+++ b/library/sha512.c
@ -828,6 +828,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned used;
    uint64_t high, low;
+    int truncated = 0;

    /*
     * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
@ -874,7 +875,6 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
    sha512_put_uint64_be(ctx->state[4], output, 32);
    sha512_put_uint64_be(ctx->state[5], output, 40);

-    int truncated = 0;
 #if defined(MBEDTLS_SHA384_C)
    truncated = ctx->is384;
 #endif