From 8f7e36fc983b6e111bd1e04b93c2868af1f25469 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Teppo=20J=C3=A4rvelin?= Date: Thu, 2 Jan 2020 10:40:19 +0200 Subject: [PATCH 1/2] Coverity fixes, check hmac return values --- library/ssl_tls.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 19bdc9079..d396e840a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -791,8 +791,8 @@ int tls_prf_generic( mbedtls_md_type_t md_type, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); nb = strlen( label ); - mbedtls_platform_memcpy( tmp + md_len, label, nb ); - mbedtls_platform_memcpy( tmp + md_len + nb, random, rlen ); + (void)mbedtls_platform_memcpy( tmp + md_len, label, nb ); + (void)mbedtls_platform_memcpy( tmp + md_len + nb, random, rlen ); nb += rlen; /* @@ -801,19 +801,28 @@ int tls_prf_generic( mbedtls_md_type_t md_type, if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) return( ret ); - mbedtls_md_hmac_starts( &md_ctx, secret, slen ); - mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + if ( ( ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_finish( &md_ctx, tmp ) ) != 0 ) + return( ret ); for( i = 0; i < dlen; i += md_len ) { - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); - mbedtls_md_hmac_finish( &md_ctx, h_i ); + if ( ( ret = mbedtls_md_hmac_reset ( &md_ctx ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_finish( &md_ctx, h_i ) ) != 0 ) + return( ret ); - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + if ( ( ret = mbedtls_md_hmac_reset ( &md_ctx ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len ) ) != 0 ) + return( ret ); + if ( ( ret = mbedtls_md_hmac_finish( &md_ctx, tmp ) ) != 0 ) + return( ret ); k = ( i + md_len > dlen ) ? dlen % md_len : md_len; @@ -823,8 +832,8 @@ int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_free( &md_ctx ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + (void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + (void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } From c2fa3eaa81b813ced19b4affaf786cce0a8abf33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Teppo=20J=C3=A4rvelin?= Date: Thu, 2 Jan 2020 12:06:58 +0200 Subject: [PATCH 2/2] Removed dead code after optimization in tinycrypt --- tinycrypt/ecc_dsa.c | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index ca071f814..8fa850944 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -72,10 +72,6 @@ static void bits2int(uECC_word_t *native, const uint8_t *bits, unsigned bits_size) { unsigned num_n_bytes = BITS_TO_BYTES(NUM_ECC_BITS); - unsigned num_n_words = BITS_TO_WORDS(NUM_ECC_BITS); - int shift; - uECC_word_t carry; - uECC_word_t *ptr; if (bits_size > num_n_bytes) { bits_size = num_n_bytes; @@ -83,22 +79,6 @@ static void bits2int(uECC_word_t *native, const uint8_t *bits, uECC_vli_clear(native); uECC_vli_bytesToNative(native, bits, bits_size); - if (bits_size * 8 <= (unsigned)NUM_ECC_BITS) { - return; - } - shift = bits_size * 8 - NUM_ECC_BITS; - carry = 0; - ptr = native + num_n_words; - while (ptr-- > native) { - uECC_word_t temp = *ptr; - *ptr = (temp >> shift) | carry; - carry = temp << (uECC_WORD_BITS - shift); - } - - /* Reduce mod curve_n */ - if (uECC_vli_cmp_unsafe(curve_n, native) != 1) { - uECC_vli_sub(native, native, curve_n); - } } int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,