Skip to content

Commit c8574cc

Browse files
JeremiahM37JeremiahM37
committed
Fix low severity static analysis issues
1 parent 38b30ef commit c8574cc

4 files changed

Lines changed: 154 additions & 58 deletions

File tree

scripts/build_ffi.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -495,6 +495,7 @@ def build_ffi(local_wolfssl, features):
495495
int ML_KEM_ENABLED = """ + str(features["ML_KEM"]) + """;
496496
int ML_DSA_ENABLED = """ + str(features["ML_DSA"]) + """;
497497
int HKDF_ENABLED = """ + str(features["HKDF"]) + """;
498+
int ERROR_STRINGS_ENABLED = """ + str(features["ERROR_STRINGS"]) + """;
498499
"""
499500

500501
ffibuilder.set_source( "wolfcrypt._ffi", init_source_string,
@@ -534,6 +535,7 @@ def build_ffi(local_wolfssl, features):
534535
extern int ML_KEM_ENABLED;
535536
extern int ML_DSA_ENABLED;
536537
extern int HKDF_ENABLED;
538+
extern int ERROR_STRINGS_ENABLED;
537539
538540
typedef unsigned char byte;
539541
typedef unsigned int word32;
@@ -559,6 +561,7 @@ def build_ffi(local_wolfssl, features):
559561
typedef struct { ...; } mp_int;
560562
561563
int mp_init (mp_int * a);
564+
void mp_clear (mp_int * a);
562565
int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
563566
int mp_to_unsigned_bin_len (mp_int * a, unsigned char *b, int c);
564567
int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
@@ -570,6 +573,7 @@ def build_ffi(local_wolfssl, features):
570573
int wc_InitSha(wc_Sha*);
571574
int wc_ShaUpdate(wc_Sha*, const byte*, word32);
572575
int wc_ShaFinal(wc_Sha*, byte*);
576+
void wc_ShaFree(wc_Sha*);
573577
"""
574578

575579
if features["SHA256"]:
@@ -578,6 +582,7 @@ def build_ffi(local_wolfssl, features):
578582
int wc_InitSha256(wc_Sha256*);
579583
int wc_Sha256Update(wc_Sha256*, const byte*, word32);
580584
int wc_Sha256Final(wc_Sha256*, byte*);
585+
void wc_Sha256Free(wc_Sha256*);
581586
"""
582587

583588
if features["SHA384"]:
@@ -586,6 +591,7 @@ def build_ffi(local_wolfssl, features):
586591
int wc_InitSha384(wc_Sha384*);
587592
int wc_Sha384Update(wc_Sha384*, const byte*, word32);
588593
int wc_Sha384Final(wc_Sha384*, byte*);
594+
void wc_Sha384Free(wc_Sha384*);
589595
"""
590596

591597
if features["SHA512"]:
@@ -595,6 +601,7 @@ def build_ffi(local_wolfssl, features):
595601
int wc_InitSha512(wc_Sha512*);
596602
int wc_Sha512Update(wc_Sha512*, const byte*, word32);
597603
int wc_Sha512Final(wc_Sha512*, byte*);
604+
void wc_Sha512Free(wc_Sha512*);
598605
"""
599606
if features["SHA3"]:
600607
cdef += """
@@ -611,6 +618,10 @@ def build_ffi(local_wolfssl, features):
611618
int wc_Sha3_256_Final(wc_Sha3*, byte*);
612619
int wc_Sha3_384_Final(wc_Sha3*, byte*);
613620
int wc_Sha3_512_Final(wc_Sha3*, byte*);
621+
int wc_Sha3_224_Free(wc_Sha3*);
622+
int wc_Sha3_256_Free(wc_Sha3*);
623+
int wc_Sha3_384_Free(wc_Sha3*);
624+
int wc_Sha3_512_Free(wc_Sha3*);
614625
"""
615626

616627
if features["DES3"]:
@@ -707,6 +718,7 @@ def build_ffi(local_wolfssl, features):
707718
int wc_HmacSetKey(Hmac*, int, const byte*, word32);
708719
int wc_HmacUpdate(Hmac*, const byte*, word32);
709720
int wc_HmacFinal(Hmac*, byte*);
721+
void wc_HmacFree(Hmac*);
710722
"""
711723

712724
if features["RSA"]:
@@ -991,6 +1003,11 @@ def build_ffi(local_wolfssl, features):
9911003
int wolfCrypt_GetPrivateKeyReadEnable_fips(enum wc_KeyType);
9921004
"""
9931005

1006+
if features["ERROR_STRINGS"]:
1007+
cdef += """
1008+
const char* wc_GetErrorString(int error);
1009+
"""
1010+
9941011
if features["ML_KEM"] or features["ML_DSA"]:
9951012
cdef += """
9961013
static const int INVALID_DEVID;

wolfcrypt/asn.py

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020

2121
# pylint: disable=no-member,no-name-in-module
2222

23+
import hmac as _hmac
24+
2325
from wolfcrypt._ffi import ffi as _ffi
2426
from wolfcrypt._ffi import lib as _lib
2527
from wolfcrypt.exceptions import WolfCryptError
@@ -63,13 +65,13 @@ def der_to_pem(der, pem_type):
6365
return _ffi.buffer(pem, pem_length)[:]
6466

6567
def hash_oid_from_class(hash_cls):
66-
if hash_cls == Sha:
68+
if _lib.SHA_ENABLED and hash_cls == Sha:
6769
return _lib.SHAh
68-
elif hash_cls == Sha256:
70+
elif _lib.SHA256_ENABLED and hash_cls == Sha256:
6971
return _lib.SHA256h
70-
elif hash_cls == Sha384:
72+
elif _lib.SHA384_ENABLED and hash_cls == Sha384:
7173
return _lib.SHA384h
72-
elif hash_cls == Sha512:
74+
elif _lib.SHA512_ENABLED and hash_cls == Sha512:
7375
return _lib.SHA512h
7476
else:
7577
err = "Unknown hash class {}.".format(hash_cls.__name__)
@@ -97,4 +99,4 @@ def make_signature(data, hash_cls, key=None):
9799
def check_signature(signature, data, hash_cls, pub_key):
98100
computed_signature = make_signature(data, hash_cls)
99101
decrypted_signature = pub_key.verify(signature)
100-
return computed_signature == decrypted_signature
102+
return _hmac.compare_digest(computed_signature, decrypted_signature)

0 commit comments

Comments
 (0)