From 7c7c33ecbd411971f5450a531e70661c90c99dc5 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 20 May 2024 13:49:31 +0530 Subject: [PATCH] fix(mbedtls/port): Fix some divide-by-zero and deadcode coverity checks --- components/mbedtls/port/aes/dma/esp_aes_dma_core.c | 4 ++-- components/mbedtls/port/bignum/esp_bignum.c | 10 +++++----- components/mbedtls/port/sha/dma/sha.c | 10 +++++++++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/components/mbedtls/port/aes/dma/esp_aes_dma_core.c b/components/mbedtls/port/aes/dma/esp_aes_dma_core.c index 5788b0c2f8..1808abe9d6 100644 --- a/components/mbedtls/port/aes/dma/esp_aes_dma_core.c +++ b/components/mbedtls/port/aes/dma/esp_aes_dma_core.c @@ -452,7 +452,7 @@ static esp_err_t generate_descriptor_list(const uint8_t *buffer, const size_t le // add start alignment node to the DMA linked list dma_desc_populate(dma_descriptors, start_alignment_stream_buffer, unaligned_start_bytes, max_desc_size, populated_dma_descs); - populated_dma_descs += (unaligned_start_bytes ? 1 : 0); + populated_dma_descs += 1; } if (aligned_block_bytes) { @@ -474,7 +474,7 @@ static esp_err_t generate_descriptor_list(const uint8_t *buffer, const size_t le // add end alignment node to the DMA linked list dma_desc_populate(dma_descriptors, end_alignment_stream_buffer, unaligned_end_bytes, max_desc_size, populated_dma_descs); - populated_dma_descs += (unaligned_end_bytes ? 1 : 0); + populated_dma_descs += 1; } if (dma_desc_link(dma_descriptors, dma_descs_needed, cache_line_size) != ESP_OK) { diff --git a/components/mbedtls/port/bignum/esp_bignum.c b/components/mbedtls/port/bignum/esp_bignum.c index bda0baf8c0..1c799b3c2a 100644 --- a/components/mbedtls/port/bignum/esp_bignum.c +++ b/components/mbedtls/port/bignum/esp_bignum.c @@ -6,7 +6,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -41,7 +41,7 @@ * bignum. This number may be less than the size of the bignum * * - Naming convention hw_words for the hardware length of the operation. This number maybe be rounded up - * for targets that requres this (e.g. ESP32), and may be larger than any of the numbers + * for targets that requires this (e.g. ESP32), and may be larger than any of the numbers * involved in the calculation. * * - Timing behaviour of these functions will depend on the length of the inputs. This is fundamentally @@ -359,7 +359,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_ int ret = 0; mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */ - mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) othwerwise &RR_new */ + mbedtls_mpi *Rinv; /* points to _Rinv (if not NULL) otherwise &RR_new */ mbedtls_mpi_uint Mprime; size_t x_words = mpi_words(X); @@ -502,8 +502,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi argument is zero or one. */ if (x_bits == 0 || y_bits == 0) { - mbedtls_mpi_lset(Z, 0); - return 0; + ret = mbedtls_mpi_lset(Z, 0); + return ret; } if (x_bits == 1) { ret = mbedtls_mpi_copy(Z, Y); diff --git a/components/mbedtls/port/sha/dma/sha.c b/components/mbedtls/port/sha/dma/sha.c index 7963818d49..14c352a6de 100644 --- a/components/mbedtls/port/sha/dma/sha.c +++ b/components/mbedtls/port/sha/dma/sha.c @@ -156,6 +156,8 @@ static void esp_sha_block_mode(esp_sha_type sha_type, const uint8_t *input, uint int num_block = 0; blk_len = block_length(sha_type); + assert(blk_len != 0); + blk_word_len = blk_len / 4; num_block = ilen / blk_len; @@ -236,7 +238,13 @@ static esp_err_t esp_sha_dma_process(esp_sha_type sha_type, const void *input, u { int ret = 0; crypto_dma_desc_t *dma_descr_head = NULL; - size_t num_blks = (ilen + buf_len) / block_length(sha_type); + + size_t blk_len = block_length(sha_type); + if (blk_len == 0) { + ESP_LOGE(TAG, "Unsupported SHA type"); + return ESP_FAIL; + } + size_t num_blks = (ilen + buf_len) / blk_len; memset(&s_dma_descr_input, 0, sizeof(crypto_dma_desc_t)); memset(&s_dma_descr_buf, 0, sizeof(crypto_dma_desc_t));