fix(mbedtls/aes-gcm): Fix null pointer derefernce coverity reports

- Also fixed a tcp_transport report
2024-10-05 20:47:46 -04:00 · 2024-03-12 11:54:21 +05:30 · 2024-03-12 11:54:21 +05:30 · c97d3aed45
commit c97d3aed45
parent f18329b15f
2 changed files with 29 additions and 22 deletions
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@ -370,11 +370,17 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
                        const unsigned char *iv,
                        size_t iv_len )
 {
+    if (!ctx) {
+        ESP_LOGE(TAG, "No AES context supplied");
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+
 #if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
    if (ctx->ctx_soft != NULL) {
        return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len);
    }
 #endif
+
    /* IV is limited to 2^32 bits, so 2^29 bytes */
    /* IV is not allowed to be zero length */
    if ( iv_len == 0 ||
@ -382,11 +388,6 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
        return ( MBEDTLS_ERR_GCM_BAD_INPUT );
    }

-    if (!ctx) {
-        ESP_LOGE(TAG, "No AES context supplied");
-        return MBEDTLS_ERR_GCM_BAD_INPUT;
-    }
-
    if (!iv) {
        ESP_LOGE(TAG, "No IV supplied");
        return MBEDTLS_ERR_GCM_BAD_INPUT;
@ -441,21 +442,22 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
                           const unsigned char *aad,
                           size_t aad_len )
 {
+    if (!ctx) {
+        ESP_LOGE(TAG, "No AES context supplied");
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+
 #if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
    if (ctx->ctx_soft != NULL) {
        return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len);
    }
 #endif
+
    /* AD are limited to 2^32 bits, so 2^29 bytes */
    if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
        return ( MBEDTLS_ERR_GCM_BAD_INPUT );
    }

-    if (!ctx) {
-        ESP_LOGE(TAG, "No AES context supplied");
-        return MBEDTLS_ERR_GCM_BAD_INPUT;
-    }
-
    if ( (aad_len > 0) && !aad) {
        ESP_LOGE(TAG, "No aad supplied");
        return MBEDTLS_ERR_GCM_BAD_INPUT;
@ -481,11 +483,17 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
                        unsigned char *output, size_t output_size,
                        size_t *output_length )
 {
+    if (!ctx) {
+        ESP_LOGE(TAG, "No GCM context supplied");
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+
 #if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
    if (ctx->ctx_soft != NULL) {
        return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length);
    }
 #endif
+
    size_t nc_off = 0;
    uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
    uint8_t stream[AES_BLOCK_BYTES] = {0};
@ -496,10 +504,6 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
    }
    *output_length = input_length;

-    if (!ctx) {
-        ESP_LOGE(TAG, "No GCM context supplied");
-        return MBEDTLS_ERR_GCM_BAD_INPUT;
-    }
    if (!input) {
        ESP_LOGE(TAG, "No input supplied");
        return MBEDTLS_ERR_GCM_BAD_INPUT;
@ -656,6 +660,11 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
                               size_t tag_len,
                               unsigned char *tag )
 {
+    if (!ctx) {
+        ESP_LOGE(TAG, "No AES context supplied");
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+
 #if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK)
    if (ctx->ctx_soft != NULL) {
        return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
@ -689,11 +698,6 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
        return ( MBEDTLS_ERR_GCM_BAD_INPUT );
    }

-    if (!ctx) {
-        ESP_LOGE(TAG, "No AES context supplied");
-        return MBEDTLS_ERR_GCM_BAD_INPUT;
-    }
-
    if (!iv) {
        ESP_LOGE(TAG, "No IV supplied");
        return MBEDTLS_ERR_GCM_BAD_INPUT;
--- a/components/tcp_transport/transport_ssl.c
+++ b/components/tcp_transport/transport_ssl.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -111,8 +111,11 @@ static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int
    if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
        ESP_LOGE(TAG, "Failed to open a new connection");
        esp_tls_error_handle_t esp_tls_error_handle;
-        esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle);
-        esp_transport_set_errors(t, esp_tls_error_handle);
+        if (esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle) == ESP_OK) {
+            esp_transport_set_errors(t, esp_tls_error_handle);
+        } else {
+            ESP_LOGE(TAG, "Error in obtaining the error handle");
+        }
        goto exit_failure;
    }