Conversation
|
|
||
| /* free temporary buffer */ | ||
| XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); | ||
| buf = NULL; |
There was a problem hiding this comment.
Clang-tidy is very unhappy with this change. Please find a better way to fix:
[clang-tidy-defaults] [7 of 7] [wolfssl]
configure... real 0m5.920s user 0m4.165s sys 0m2.072s
build.../tmp/workspace/PRB-multi-test-script/wolfssl/wolfcrypt/src/pkcs12.c:1718:9: warning: Attempt to free released memory [clang-analyzer-unix.Malloc]
XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
^```
wolfcrypt/src/hmac.c
Outdated
| int ret = 0; | ||
|
|
||
| switch (type) { | ||
| switch ((int)type) { |
There was a problem hiding this comment.
type is already an int, so this change isn't doing anything. Please revert.
There was a problem hiding this comment.
Coverity is giving this warning due to inferred misuse of enums. I brough up potential solutions with Kareem, either changing the function declaration from (int type) to (enum wc_HashType type) or just casting type to int, and he suggested that simply casting to int would likely work and be the easier solution. Should I go try converting them all to enum wc_hashType and change WC_MD5 to WC_HASH_TYPE_MD5 in the function declaration or try to find a different solution entirely?
There was a problem hiding this comment.
The fix is to cast to enum wc_HashType
wolfcrypt/src/hmac.c
Outdated
| switch ((enum wc_HashType)type) { | ||
| #ifndef WOLFSSL_NO_SHA224 | ||
| case WC_HASH_TYPE_SHA224: | ||
| switch (type) { |
There was a problem hiding this comment.
The old code was fine. I think you'll have issues with some of the older FIPS using this technique. The warnings reported are harmless and have to do with a mix of us passing int type and wc_HashType type. The important thing to identify is if you are actually comparing the same types, since we also have OID's and NID's.
Use sb instruction instead of isb if available.
…RBG per core, to relieve contention.
…lied seed with the CPU ID of each DRBG, to avoid duplicate states; wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes); configure.ac: default smallstackcache on when linuxkm-defaults.
…km_drbg_seed(), check retval from wc_LockMutex(). wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
JeremiahM37
force-pushed
the
coverityTest
branch
from
9d70ad4 to
4254c4c
Compare
8 participants
Description
Potential fixes for the Coverity warnings addressed in the support ticket. So far, I think I have fixes for the mixed Enums issue in hmac.c as well as the unused value warnings. The undefined min warning can be ignored since there is a fallback it.
Fixes zd#20029
Testing
How did you test?
Checklist