lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-10 05:03:02 +03:00
Code Activity

Fix control bypass warnings

Browse Source 
Declarations have been moved to the top of functions to fix this

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
This commit is contained in:
Agathiyan Bragadeesh
2023-07-27 15:51:46 +01:00
parent ae68c09a69
commit 7b0ee1e655
3 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
library/ecp.c
View File

@@ -2593,6 +2593,7 @@ static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
void *p_rng) void *p_rng)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int have_rng;
size_t i; size_t i;
unsigned char b; unsigned char b;
mbedtls_ecp_point RP; mbedtls_ecp_point RP;
@@ -2626,7 +2627,7 @@ static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MOD_ADD(RP.X); MOD_ADD(RP.X);
/* Randomize coordinates of the starting point */ /* Randomize coordinates of the starting point */
int have_rng = 1; have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if (f_rng == NULL) { if (f_rng == NULL) {
have_rng = 0; have_rng = 0;

34
library/psa_crypto.c
View File

@@ -1472,6 +1472,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot; psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a /* Reject a zero-length output buffer now, since this can never be a
@@ -1498,7 +1499,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
status = psa_driver_wrapper_export_public_key( status = psa_driver_wrapper_export_public_key(
@@ -2406,6 +2407,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */ /* A context must be freshly initialized before it can be set up. */
@@ -2423,7 +2425,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -2594,6 +2596,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot; psa_key_slot_t *slot;
uint8_t operation_mac_size = 0; uint8_t operation_mac_size = 0;
@@ -2606,7 +2609,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -2732,6 +2735,7 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot; psa_key_slot_t *slot;
*signature_length = 0; *signature_length = 0;
@@ -2764,7 +2768,7 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -3303,6 +3307,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ? psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_ENCRYPT :
@@ -3338,7 +3343,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
} }
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -3561,6 +3566,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0; size_t default_iv_length = 0;
@@ -3577,7 +3583,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -3633,6 +3639,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
if (!PSA_ALG_IS_CIPHER(alg)) { if (!PSA_ALG_IS_CIPHER(alg)) {
@@ -3647,7 +3654,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -4251,6 +4258,7 @@ static psa_status_t psa_generate_derived_key_internal(
uint8_t *data = NULL; uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES(bits); size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status; psa_status_t status;
psa_key_attributes_t attributes;
if (!key_type_is_raw_bytes(slot->attr.type)) { if (!key_type_is_raw_bytes(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
@@ -4279,7 +4287,7 @@ static psa_status_t psa_generate_derived_key_internal(
} }
slot->attr.bits = (psa_key_bits_t) bits; slot->attr.bits = (psa_key_bits_t) bits;
psa_key_attributes_t attributes = { attributes = (psa_key_attributes_t) {
.core = slot->attr .core = slot->attr
}; };
@@ -4891,14 +4899,15 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
size_t shared_secret_size, size_t shared_secret_size,
size_t *shared_secret_length) size_t *shared_secret_length)
{ {
mbedtls_ecp_keypair *ecp = NULL;
psa_status_t status;
switch (alg) { switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH: case PSA_ALG_ECDH:
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) { if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT; return PSA_ERROR_INVALID_ARGUMENT;
} }
mbedtls_ecp_keypair *ecp = NULL; status = mbedtls_psa_ecp_load_representation(
psa_status_t status = mbedtls_psa_ecp_load_representation(
private_key->attr.type, private_key->attr.type,
private_key->attr.bits, private_key->attr.bits,
private_key->key.data, private_key->key.data,
@@ -4916,6 +4925,8 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
return status; return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default: default:
(void) ecp;
(void) status;
(void) private_key; (void) private_key;
(void) peer_key; (void) peer_key;
(void) peer_key_length; (void) peer_key_length;
@@ -5011,6 +5022,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL; psa_key_slot_t *slot = NULL;
size_t expected_length;
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5030,7 +5042,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot. * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */ * be exact for it as well. */
size_t expected_length = expected_length =
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits); PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
if (output_size < expected_length) { if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL; status = PSA_ERROR_BUFFER_TOO_SMALL;

6
tests/src/test_helpers/ssl_helpers.c
View File

@@ -806,13 +806,14 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl,
int *written, int *written,
const int expected_fragments) const int expected_fragments)
{ {
int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */ * a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
} }
int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
if (ret > 0) { if (ret > 0) {
*written += ret; *written += ret;
} }
@@ -852,13 +853,14 @@ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl,
int *read, int *fragments, int *read, int *fragments,
const int expected_fragments) const int expected_fragments)
{ {
int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */ * a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
} }
int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
if (ret > 0) { if (ret > 0) {
(*fragments)++; (*fragments)++;
*read += ret; *read += ret;