kopia lustrzana https://github.com/espressif/esp-idf
fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports
- Also fixed a tcp_transport and https_server reportpull/13306/head
harshal.patil
rodzic
4ee54026e3
commit
343a6f47ab
|
|
@ -327,6 +327,7 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
|
||||||
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk = config->ecdsa_key_efuse_blk;
|
(*ssl_ctx)->tls_cfg->ecdsa_key_efuse_blk = config->ecdsa_key_efuse_blk;
|
||||||
#else
|
#else
|
||||||
ESP_LOGE(TAG, "Please enable the support for signing using ECDSA peripheral in menuconfig.");
|
ESP_LOGE(TAG, "Please enable the support for signing using ECDSA peripheral in menuconfig.");
|
||||||
|
ret = ESP_ERR_NOT_SUPPORTED;
|
||||||
goto exit;
|
goto exit;
|
||||||
#endif
|
#endif
|
||||||
} else if (config->prvtkey_pem != NULL && config->prvtkey_len > 0) {
|
} else if (config->prvtkey_pem != NULL && config->prvtkey_len > 0) {
|
||||||
|
|
|
||||||
|
|
@ -370,11 +370,17 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
|
||||||
const unsigned char *iv,
|
const unsigned char *iv,
|
||||||
size_t iv_len )
|
size_t iv_len )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
|
return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* IV is limited to 2^32 bits, so 2^29 bytes */
|
/* IV is limited to 2^32 bits, so 2^29 bytes */
|
||||||
/* IV is not allowed to be zero length */
|
/* IV is not allowed to be zero length */
|
||||||
if ( iv_len == 0 ||
|
if ( iv_len == 0 ||
|
||||||
|
|
@ -382,11 +388,6 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
|
||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!iv) {
|
if (!iv) {
|
||||||
ESP_LOGE(TAG, "No IV supplied");
|
ESP_LOGE(TAG, "No IV supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
|
@ -441,21 +442,22 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
|
||||||
const unsigned char *aad,
|
const unsigned char *aad,
|
||||||
size_t aad_len )
|
size_t aad_len )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
|
return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* AD are limited to 2^32 bits, so 2^29 bytes */
|
/* AD are limited to 2^32 bits, so 2^29 bytes */
|
||||||
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
|
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
|
||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( (aad_len > 0) && !aad) {
|
if ( (aad_len > 0) && !aad) {
|
||||||
ESP_LOGE(TAG, "No aad supplied");
|
ESP_LOGE(TAG, "No aad supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
|
@ -481,11 +483,17 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
|
||||||
unsigned char *output, size_t output_size,
|
unsigned char *output, size_t output_size,
|
||||||
size_t *output_length )
|
size_t *output_length )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No GCM context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
|
return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
size_t nc_off = 0;
|
size_t nc_off = 0;
|
||||||
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
|
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
|
||||||
uint8_t stream[AES_BLOCK_BYTES] = {0};
|
uint8_t stream[AES_BLOCK_BYTES] = {0};
|
||||||
|
|
@ -496,10 +504,6 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
|
||||||
}
|
}
|
||||||
*output_length = input_length;
|
*output_length = input_length;
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No GCM context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
if (!input) {
|
if (!input) {
|
||||||
ESP_LOGE(TAG, "No input supplied");
|
ESP_LOGE(TAG, "No input supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
|
@ -656,6 +660,11 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
|
||||||
size_t tag_len,
|
size_t tag_len,
|
||||||
unsigned char *tag )
|
unsigned char *tag )
|
||||||
{
|
{
|
||||||
|
if (!ctx) {
|
||||||
|
ESP_LOGE(TAG, "No AES context supplied");
|
||||||
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
|
||||||
if (ctx->ctx_soft != NULL) {
|
if (ctx->ctx_soft != NULL) {
|
||||||
return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
|
return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
|
||||||
|
|
@ -689,11 +698,6 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
|
||||||
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctx) {
|
|
||||||
ESP_LOGE(TAG, "No AES context supplied");
|
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!iv) {
|
if (!iv) {
|
||||||
ESP_LOGE(TAG, "No IV supplied");
|
ESP_LOGE(TAG, "No IV supplied");
|
||||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
|
|
@ -114,8 +114,11 @@ static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int
|
||||||
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
|
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
|
||||||
ESP_LOGE(TAG, "Failed to open a new connection");
|
ESP_LOGE(TAG, "Failed to open a new connection");
|
||||||
esp_tls_error_handle_t esp_tls_error_handle;
|
esp_tls_error_handle_t esp_tls_error_handle;
|
||||||
esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle);
|
if (esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle) == ESP_OK) {
|
||||||
esp_transport_set_errors(t, esp_tls_error_handle);
|
esp_transport_set_errors(t, esp_tls_error_handle);
|
||||||
|
} else {
|
||||||
|
ESP_LOGE(TAG, "Error in obtaining the error handle");
|
||||||
|
}
|
||||||
goto exit_failure;
|
goto exit_failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue