Merge pull request wolfSSL#2685 from embhorn/coverity_fixes

Coverity fixes

examples/benchmark/tls_bench.c

@@ -1279,8 +1279,8 @@ int bench_tls(void* args)
     stats_t cli_comb, srv_comb;
     int i;
     char *cipher, *next_cipher, *ciphers = NULL;
-    int     argc = ((func_args*)args)->argc;
-    char**  argv = ((func_args*)args)->argv;
+    int     argc = 0;
+    char**  argv = NULL;
     int    ch;
 
     /* Vars configured by command line arguments */
@@ -1303,8 +1303,11 @@ int bench_tls(void* args)
     int listenFd = -1;
 #endif
 
-    if (args)
+    if (args != NULL) {
+        argc = ((func_args*)args)->argc;
+        argv = ((func_args*)args)->argv;
         ((func_args*)args)->return_code = -1; /* error state */
+    }
 
     /* Initialize wolfSSL */
     wolfSSL_Init();

examples/client/client.c

@@ -231,7 +231,7 @@ static void ShowVersions(void)
 #ifdef WOLFSSL_TLS13
 static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
 {
-    int groups[3];
+    int groups[3] = {0};
     int count = 0;
 
     (void)useX25519;

src/internal.c

@@ -3368,7 +3368,7 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
     x509->dynamicMemory  = (byte)dynamicFlag;
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
         x509->refCount = 1;
-        wc_InitMutex(&x509->refMutex);
+        (void)wc_InitMutex(&x509->refMutex);
     #endif
 }
 

src/tls.c

@@ -2617,7 +2617,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     return BUFFER_ERROR;
                 ato16(input + offset, &idSz);
                 offset += OPAQUE16_LEN;
-                if (offset + idSz > length)
+                if ((offset > length) || (idSz > length - offset))
                     return BUFFER_ERROR;
                 id = input + offset;
                 offset += idSz;

src/tls13.c

@@ -4009,7 +4009,7 @@ static int DoTls13SupportedVersions(WOLFSSL* ssl, const byte* input, word32 i,
             return BUFFER_ERROR;
         ato16(&input[i], &totalExtSz);
         i += OPAQUE16_LEN;
-        if (i + totalExtSz != helloSz)
+        if (totalExtSz != helloSz - i)
             return BUFFER_ERROR;
 
         /* Need to negotiate version first. */

tests/api.c

@@ -21863,7 +21863,7 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     WOLFSSL_ASN1_TIME *asn_time, *s;
     int offset_day;
     long offset_sec;
-    char date_str[CTC_DATE_SIZE];
+    char date_str[CTC_DATE_SIZE + 1];
     time_t t;
 
     printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
@@ -21878,14 +21878,16 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     /* offset_sec = -45 * min;*/
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str));
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
 
     /* negative offset */
     offset_sec = -45 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str));
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
 
     XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -21902,7 +21904,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
         offset_sec = 10 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_gen_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str));
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
 
     XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -21917,13 +21920,15 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     offset_sec = 45 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str));
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
     XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
 
     asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str));
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
     XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
 

wolfcrypt/src/pkcs12.c

@@ -767,7 +767,12 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
                 word32 tmpIdx = 0;
                 byte ar[MAX_LENGTH_SZ + 2];
                 tmpSz = SetShortInt(ar, &tmpIdx, mac->itt, MAX_LENGTH_SZ + 2);
-                XMEMCPY(&sdBuf[idx], ar, tmpSz);
+                if (tmpSz < 0) {
+                    ret = tmpSz;
+                }
+                else {
+                    XMEMCPY(&sdBuf[idx], ar, tmpSz);
+                }
             }
 
             totalSz += sdBufSz;

wolfcrypt/src/pkcs7.c

@@ -3466,8 +3466,8 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
                                                const byte* hashBuf,
                                                word32 hashSz)
 {
-    int ret = 0, innerAttribSz = 0;
-    word32 digestSz = 0, idx = 0;
+    int ret = 0, digestSz = 0, innerAttribSz = 0;
+    word32 idx = 0;
     byte* digestBuf = NULL;
 #ifdef WOLFSSL_SMALL_STACK
     byte* digest = NULL;
@@ -3538,17 +3538,23 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
 
         digestBuf = digest;
         digestSz = wc_HashGetDigestSize(hashType);
-
+        if (digestSz < 0) {
+            WOLFSSL_MSG("Invalid hash type");
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+            return digestSz;
+        }
     } else {
 
         /* user passed in pre-computed hash */
         digestBuf = (byte*)hashBuf;
-        digestSz  = hashSz;
+        digestSz  = (int)hashSz;
     }
 
     /* compare generated to hash in messageDigest attribute */
-    if ((innerAttribSz != (int)digestSz) ||
-        (XMEMCMP(attrib->value + idx, digestBuf, digestSz) != 0)) {
+    if ((innerAttribSz != digestSz) ||
+        (XMEMCMP(attrib->value + idx, digestBuf, (word32)digestSz) != 0)) {
         WOLFSSL_MSG("Content digest does not match messageDigest attrib value");
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4679,7 +4685,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 pkcs7->stream->tmpCert = (byte*)XMALLOC(length,
                         pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                if (pkcs7->stream->tmpCert == NULL) {
+                if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) {
                     ret = MEMORY_E;
                     break;
                 }
@@ -8427,12 +8433,14 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari,
         word32* keyAgreeOID, word32* keyWrapOID)
 {
     int length = 0;
-    word32 localIdx = *idx;
+    word32 localIdx;
 
     if (kari == NULL || pkiMsg == NULL || idx == NULL ||
         keyAgreeOID == NULL || keyWrapOID == NULL)
         return BAD_FUNC_ARG;
 
+    localIdx = *idx;
+
     /* remove KeyEncryptionAlgorithmIdentifier */
     if (GetSequence(pkiMsg, &localIdx, &length, pkiMsgSz) < 0)
         return ASN_PARSE_E;

wolfcrypt/src/rsa.c

@@ -1467,7 +1467,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
 {
     int   ret;
     byte* tmp;
-    int   hLen, i, maskLen;
+    int   hLen, i, maskLen, orig_bits = bits;
 #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
     byte tmp_buf[RSA_MAX_SIZE/8];
     tmp = tmp_buf;
@@ -1498,7 +1498,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
         saltLen = hLen;
         #ifdef WOLFSSL_SHA512
             /* See FIPS 186-4 section 5.5 item (e). */
-            if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE)
+            if (orig_bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE)
                 saltLen = RSA_PSS_SALT_MAX_SZ;
         #endif
     }

wolfcrypt/test/test.c

@@ -7781,7 +7781,7 @@ int gmac_test(void)
     byte tag[16];
 
     XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */
-    wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
+    (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
     XMEMSET(tag, 0, sizeof(tag));
     wc_GmacSetKey(&gmac, k1, sizeof(k1));
     wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
@@ -11550,14 +11550,18 @@ static int rsa_keygen_test(WC_RNG* rng)
         ERROR_OUT(-6968, exit_rsa);
     }
 #endif /* WOLFSSL_CRYPTOCELL */
-    wc_FreeRsaKey(&genKey);
-    XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    pem = NULL;
-    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    der = NULL;
 
 exit_rsa:
     wc_FreeRsaKey(&genKey);
+    if (pem != NULL) {
+        XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        pem = NULL;
+    }
+    if (der != NULL) {
+        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        der = NULL;
+    }
+
     return ret;
 }
 #endif