Skip to content

Commit e932119

Browse files
JeremiahM37JeremiahM37
committed
Fix low severity static analysis issues
1 parent a8ee34c commit e932119

4 files changed

Lines changed: 154 additions & 60 deletions

File tree

scripts/build_ffi.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -496,6 +496,7 @@ def build_ffi(local_wolfssl, features):
496496
int ML_KEM_ENABLED = """ + str(features["ML_KEM"]) + """;
497497
int ML_DSA_ENABLED = """ + str(features["ML_DSA"]) + """;
498498
int HKDF_ENABLED = """ + str(features["HKDF"]) + """;
499+
int ERROR_STRINGS_ENABLED = """ + str(features["ERROR_STRINGS"]) + """;
499500
"""
500501

501502
ffibuilder.set_source( "wolfcrypt._ffi", init_source_string,
@@ -535,6 +536,7 @@ def build_ffi(local_wolfssl, features):
535536
extern int ML_KEM_ENABLED;
536537
extern int ML_DSA_ENABLED;
537538
extern int HKDF_ENABLED;
539+
extern int ERROR_STRINGS_ENABLED;
538540
539541
typedef unsigned char byte;
540542
typedef unsigned int word32;
@@ -558,6 +560,7 @@ def build_ffi(local_wolfssl, features):
558560
typedef struct { ...; } mp_int;
559561
560562
int mp_init (mp_int * a);
563+
void mp_clear (mp_int * a);
561564
int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
562565
int mp_to_unsigned_bin_len (mp_int * a, unsigned char *b, int c);
563566
int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
@@ -569,6 +572,7 @@ def build_ffi(local_wolfssl, features):
569572
int wc_InitSha(wc_Sha*);
570573
int wc_ShaUpdate(wc_Sha*, const byte*, word32);
571574
int wc_ShaFinal(wc_Sha*, byte*);
575+
void wc_ShaFree(wc_Sha*);
572576
"""
573577

574578
if features["SHA256"]:
@@ -577,6 +581,7 @@ def build_ffi(local_wolfssl, features):
577581
int wc_InitSha256(wc_Sha256*);
578582
int wc_Sha256Update(wc_Sha256*, const byte*, word32);
579583
int wc_Sha256Final(wc_Sha256*, byte*);
584+
void wc_Sha256Free(wc_Sha256*);
580585
"""
581586

582587
if features["SHA384"]:
@@ -585,6 +590,7 @@ def build_ffi(local_wolfssl, features):
585590
int wc_InitSha384(wc_Sha384*);
586591
int wc_Sha384Update(wc_Sha384*, const byte*, word32);
587592
int wc_Sha384Final(wc_Sha384*, byte*);
593+
void wc_Sha384Free(wc_Sha384*);
588594
"""
589595

590596
if features["SHA512"]:
@@ -594,6 +600,7 @@ def build_ffi(local_wolfssl, features):
594600
int wc_InitSha512(wc_Sha512*);
595601
int wc_Sha512Update(wc_Sha512*, const byte*, word32);
596602
int wc_Sha512Final(wc_Sha512*, byte*);
603+
void wc_Sha512Free(wc_Sha512*);
597604
"""
598605
if features["SHA3"]:
599606
cdef += """
@@ -610,6 +617,10 @@ def build_ffi(local_wolfssl, features):
610617
int wc_Sha3_256_Final(wc_Sha3*, byte*);
611618
int wc_Sha3_384_Final(wc_Sha3*, byte*);
612619
int wc_Sha3_512_Final(wc_Sha3*, byte*);
620+
int wc_Sha3_224_Free(wc_Sha3*);
621+
int wc_Sha3_256_Free(wc_Sha3*);
622+
int wc_Sha3_384_Free(wc_Sha3*);
623+
int wc_Sha3_512_Free(wc_Sha3*);
613624
"""
614625

615626
if features["DES3"]:
@@ -706,6 +717,7 @@ def build_ffi(local_wolfssl, features):
706717
int wc_HmacSetKey(Hmac*, int, const byte*, word32);
707718
int wc_HmacUpdate(Hmac*, const byte*, word32);
708719
int wc_HmacFinal(Hmac*, byte*);
720+
void wc_HmacFree(Hmac*);
709721
"""
710722

711723
if features["RSA"]:
@@ -990,6 +1002,11 @@ def build_ffi(local_wolfssl, features):
9901002
int wolfCrypt_GetPrivateKeyReadEnable_fips(enum wc_KeyType);
9911003
"""
9921004

1005+
if features["ERROR_STRINGS"]:
1006+
cdef += """
1007+
const char* wc_GetErrorString(int error);
1008+
"""
1009+
9931010
if features["ML_KEM"] or features["ML_DSA"]:
9941011
cdef += """
9951012
static const int INVALID_DEVID;

wolfcrypt/asn.py

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020

2121
# pylint: disable=no-member,no-name-in-module
2222

23+
import hmac as _hmac
24+
2325
from wolfcrypt._ffi import ffi as _ffi
2426
from wolfcrypt._ffi import lib as _lib
2527
from wolfcrypt.exceptions import WolfCryptError
@@ -63,13 +65,13 @@ def der_to_pem(der, pem_type):
6365
return _ffi.buffer(pem, pem_length)[:]
6466

6567
def hash_oid_from_class(hash_cls):
66-
if hash_cls == Sha:
68+
if _lib.SHA_ENABLED and hash_cls == Sha:
6769
return _lib.SHAh
68-
elif hash_cls == Sha256:
70+
elif _lib.SHA256_ENABLED and hash_cls == Sha256:
6971
return _lib.SHA256h
70-
elif hash_cls == Sha384:
72+
elif _lib.SHA384_ENABLED and hash_cls == Sha384:
7173
return _lib.SHA384h
72-
elif hash_cls == Sha512:
74+
elif _lib.SHA512_ENABLED and hash_cls == Sha512:
7375
return _lib.SHA512h
7476
else:
7577
err = "Unknown hash class {}.".format(hash_cls.__name__)
@@ -97,4 +99,4 @@ def make_signature(data, hash_cls, key=None):
9799
def check_signature(signature, data, hash_cls, pub_key):
98100
computed_signature = make_signature(data, hash_cls)
99101
decrypted_signature = pub_key.verify(signature)
100-
return computed_signature == decrypted_signature
102+
return _hmac.compare_digest(computed_signature, decrypted_signature)

0 commit comments

Comments
 (0)