Skip to content

resolve scan-build report #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 2 commits into from
Jul 25, 2025
Merged

resolve scan-build report #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cde2d95
resolve scan-build report
JacobBarthelmeh Jul 25, 2025
a194e44
fix return value and handle PKCS7 PEM types correctly
JacobBarthelmeh Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/certgen/clu_certgen_ed25519.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
keyFileSz = (int)XFTELL(keyFile);
keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (keyBuf == NULL) {
XFCLOSE(keyFile);
return MEMORY_E;
}
if (XFSEEK(keyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyFile) != keyFileSz) {
Expand Down
10 changes: 8 additions & 2 deletions src/client/client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,9 @@ static WC_INLINE void clu_tcp_connect(SOCKET_T* sockfd, const char* ip,
clu_build_addr(NULL, &ipv6, ip, port, udp, sctp);
clu_tcp_socket(sockfd, udp, sctp, isIpv6);
if (!udp) {
if (*sockfd < 0)
err_sys_with_errno("tcp bad socket");

if (connect(*sockfd, (const struct sockaddr*)&ipv6, sizeof(ipv6))
!= 0)
err_sys_with_errno("ipv6 tcp connect failed");
Expand All @@ -367,6 +370,9 @@ static WC_INLINE void clu_tcp_connect(SOCKET_T* sockfd, const char* ip,
clu_tcp_socket(sockfd, udp, sctp, isIpv6);

if (!udp) {
if (*sockfd < 0)
err_sys_with_errno("tcp bad socket");

if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr))
!= 0)
err_sys_with_errno("tcp connect failed");
Expand Down Expand Up @@ -3355,8 +3361,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)

#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load trusted peer cert file");
}
Expand Down
22 changes: 16 additions & 6 deletions src/crypto/clu_decrypt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,16 +145,26 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
*/
while (length > 0 && ret == 0) {
/* Read in 1kB */
if (ret == 0 &&
(ret = (int)XFREAD(input, 1, MAX_LEN, inFile)) != MAX_LEN) {
if (ret == 0) {
if (feof(inFile)) {
tempMax = ret;
ret = 0; /* success */
wolfCLU_LogError("Unexpected end of the file.");
ret = FREAD_ERROR;
}
else {
wolfCLU_LogError("Input file does not exist.");
else if (ferror(inFile)) {
wolfCLU_LogError("File stream in error state");
ret = FREAD_ERROR;
}
else {
ret = (int)XFREAD(input, 1, MAX_LEN, inFile);
if ((ret > 0 && ret != MAX_LEN) || feof(inFile)) {
tempMax = ret;
ret = 0; /* success */
}
else {
wolfCLU_LogError("Input file does not exist.");
ret = FREAD_ERROR;
}
}
}

#ifdef HAVE_CAMELLIA
Expand Down
47 changes: 40 additions & 7 deletions src/crypto/clu_encrypt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,15 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,

/* open the file to write */
tempInFile = XFOPEN(in, "wb");
XFWRITE(userInputBuffer, 1, inputLength, tempInFile);
XFCLOSE(tempInFile);
if (tempInFile == NULL) {
wolfCLU_LogError("unable to open file %s", in);
XFREE(userInputBuffer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG;
}
else {
XFWRITE(userInputBuffer, 1, inputLength, tempInFile);
XFCLOSE(tempInFile);
}

/* free buffer */
XFREE(userInputBuffer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down Expand Up @@ -121,13 +128,15 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
ret = wc_RNG_GenerateBlock(&rng, iv, block);

if (ret != 0) {
XFCLOSE(inFile);
return ret;
}

/* stretches pwdKey to fit size based on wolfCLU_getAlgo() */
ret = wolfCLU_genKey_PWDBASED(&rng, pwdKey, size, salt, padCounter);
if (ret != WOLFCLU_SUCCESS) {
wolfCLU_LogError("failed to set pwdKey.");
XFCLOSE(inFile);
return ret;
}
/* move the generated pwdKey to "key" for encrypting */
Expand All @@ -140,6 +149,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
outFile = XFOPEN(out, "wb");
if (outFile == NULL) {
wolfCLU_LogError("unable to open output file %s", out);
XFCLOSE(inFile);
return WOLFCLU_FATAL_ERROR;
}
XFWRITE(salt, 1, SALT_SIZE, outFile);
Expand All @@ -148,21 +158,29 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,

/* MALLOC 1kB buffers */
input = (byte*) XMALLOC(MAX_LEN, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (input == NULL)
if (input == NULL) {
XFCLOSE(inFile);
return MEMORY_E;
}
output = (byte*) XMALLOC(MAX_LEN, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (output == NULL) {
XFCLOSE(inFile);
wolfCLU_freeBins(input, NULL, NULL, NULL, NULL);
return MEMORY_E;
}

/* loop, encrypt 1kB at a time till length <= 0 */
while (length > 0) {
/* Read in 1kB to input[] */
if (inputHex == 1)
ret = (int) fread(inputString, 1, MAX_LEN, inFile);
else
ret = (int) fread(input, 1, MAX_LEN, inFile);
if (feof(inFile)) {
ret = 0;
}
else {
if (inputHex == 1)
ret = (int) fread(inputString, 1, MAX_LEN, inFile);
else
ret = (int) fread(input, 1, MAX_LEN, inFile);
}

if (ret != MAX_LEN) {
/* check for end of file */
Expand All @@ -178,6 +196,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
if (hexRet != WOLFCLU_SUCCESS) {
wolfCLU_LogError("failed during conversion of input,"
" ret = %d", hexRet);
XFCLOSE(inFile);
return hexRet;
}
}/* end hex or ascii */
Expand All @@ -191,6 +210,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
}
else { /* otherwise we got a file read error */
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
XFCLOSE(inFile);
return FREAD_ERROR;
}/* End feof check */
}/* End fread check */
Expand All @@ -200,6 +220,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
alg == WOLFCLU_CAMELLIA256CBC) {
ret = wc_CamelliaSetKey(&camellia, key, block, iv);
if (ret != 0) {
XFCLOSE(inFile);
wolfCLU_LogError("CamelliaSetKey failed.");
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
return ret;
Expand All @@ -208,6 +229,7 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
wc_CamelliaCbcEncrypt(&camellia, output, input, tempMax);
}
else {
XFCLOSE(inFile);
wolfCLU_LogError("Incompatible mode while using Camellia.");
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
return FATAL_ERROR;
Expand All @@ -233,14 +255,25 @@ int wolfCLU_encrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,

/* Open the outFile in append mode */
outFile = XFOPEN(out, "ab");
if (outFile == NULL) {
XFCLOSE(inFile);
wolfCLU_LogError("failed to open file.");
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
return FWRITE_ERROR;
}

ret = (int)XFWRITE(output, 1, tempMax, outFile);

if (ferror(outFile)) {
XFCLOSE(outFile);
XFCLOSE(inFile);
wolfCLU_LogError("failed to write to file.");
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
return FWRITE_ERROR;
}
if (ret > MAX_LEN) {
XFCLOSE(outFile);
XFCLOSE(inFile);
wolfCLU_LogError("Wrote too much to file.");
wolfCLU_freeBins(input, output, NULL, NULL, NULL);
return FWRITE_ERROR;
Expand Down
3 changes: 2 additions & 1 deletion src/genkey/clu_genkey.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format)
ret = WC_KEY_SIZE_E;

/* export keys to buffers */
ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz,
if (ret == 0)
ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz,
pubKeyBuf, &pubKeySz);
}

Expand Down
42 changes: 33 additions & 9 deletions src/sign-verify/clu_sign.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,16 +263,24 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey,
if (ret >= 0) {
XFILE s;
s = XFOPEN(out, "wb");
XFWRITE(outBuf, 1, outBufSz, s);
XFCLOSE(s);
if (s == NULL) {
wolfCLU_LogError("Failed to open output file");
ret = BAD_FUNC_ARG;
}
else {
XFWRITE(outBuf, 1, outBufSz, s);
XFCLOSE(s);
}
}
else {
wolfCLU_LogError("Failed to sign data with RSA private key.\nRET: %d", ret);
}
}

/* cleanup allocated resources */
XFCLOSE(privKeyFile);
if (privKeyFile != NULL) {
XFCLOSE(privKeyFile);
}

if (keyBuf!= NULL) {
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down Expand Up @@ -388,16 +396,24 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey,
if (ret >= 0) {
XFILE s;
s = XFOPEN(out, "wb");
XFWRITE(outBuf, 1, outLen, s);
XFCLOSE(s);
if (s == NULL) {
wolfCLU_LogError("Failed to open file");
ret = BAD_FUNC_ARG;
}
else {
XFWRITE(outBuf, 1, outLen, s);
XFCLOSE(s);
}
}
else {
wolfCLU_LogError("Failed to sign data with Ecc private key.\nRET: %d", ret);
}
}

/* cleanup allocated resources */
XFCLOSE(privKeyFile);
if (privKeyFile != NULL) {
XFCLOSE(privKeyFile);
}

if (keyBuf!= NULL) {
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down Expand Up @@ -530,16 +546,24 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey,
if (ret >= 0) {
XFILE s;
s = XFOPEN(out, "wb");
XFWRITE(outBuf, 1, outBufSz, s);
XFCLOSE(s);
if (s == NULL) {
wolfCLU_LogError("Failed to open file");
ret = BAD_FUNC_ARG;
}
else {
XFWRITE(outBuf, 1, outBufSz, s);
XFCLOSE(s);
}
}
else {
wolfCLU_LogError("Failed to sign data with ED25519 private key.\nRET: %d", ret);
}
}

/* cleanup allocated resources */
XFCLOSE(privKeyFile);
if (privKeyFile != NULL) {
XFCLOSE(privKeyFile);
}

if (keyBuf!= NULL) {
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down
12 changes: 9 additions & 3 deletions src/sign-verify/clu_verify.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,9 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath,
}

/* Cleanup allocated resources */
XFCLOSE(keyPathFile);
if (keyPathFile != NULL) {
XFCLOSE(keyPathFile);
}

if (outBuf != NULL) {
XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down Expand Up @@ -578,7 +580,9 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz,
}

/* cleanup allocated resources */
XFCLOSE(keyPathFile);
if (keyPathFile != NULL) {
XFCLOSE(keyPathFile);
}

if (outBuf != NULL) {
XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down Expand Up @@ -711,7 +715,9 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz,
}

/* cleanup allocated resources */
XFCLOSE(keyPathFile);
if (keyPathFile != NULL) {
XFCLOSE(keyPathFile);
}

if (keyBuf != NULL) {
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down
29 changes: 20 additions & 9 deletions src/tools/clu_base64.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,15 +163,17 @@ int wolfCLU_Base64Setup(int argc, char** argv)
/* Try other types if PRIVATEKEY_TYPE fails */
ret = wc_PemToDer(input, (long)inputSz, CERT_TYPE,
&der, NULL, NULL, NULL);
if (ret < 0) {
ret = wc_PemToDer(input, (long)inputSz, CERTREQ_TYPE,
}

if (ret < 0) {
ret = wc_PemToDer(input, (long)inputSz, PKCS7_TYPE,
&der, NULL, NULL, NULL);
if (ret < 0) {
wolfCLU_LogError("PEM to DER conversion failed: %d",
ret);
ret = WOLFCLU_FATAL_ERROR;
}
}
}

/* If all PEM to DER attempts failed then set error */
if (ret < 0) {
wolfCLU_LogError("PEM to DER conversion failed: %d", ret);
ret = WOLFCLU_FATAL_ERROR;
}

if (ret == 0) {
Expand Down Expand Up @@ -247,6 +249,9 @@ int wolfCLU_Base64Setup(int argc, char** argv)
wolfCLU_LogError("Base64 encode failed: %d", ret);
ret = WOLFCLU_FATAL_ERROR;
}
else {
ret = WOLFCLU_SUCCESS;
}
}
}

Expand All @@ -257,6 +262,9 @@ int wolfCLU_Base64Setup(int argc, char** argv)
wolfCLU_LogError("Failed to write output data: %d", ret);
ret = WOLFCLU_FATAL_ERROR;
}
else {
ret = WOLFCLU_SUCCESS;
}
}
else if (ret == WOLFCLU_SUCCESS) {
/* Write to stdout */
Expand All @@ -268,6 +276,9 @@ int wolfCLU_Base64Setup(int argc, char** argv)
wolfCLU_LogError("Failed to write to stdout: %d", ret);
ret = WOLFCLU_FATAL_ERROR;
}
else {
ret = WOLFCLU_SUCCESS;
}
}
else {
wolfCLU_LogError("Failed to create stdout BIO");
Expand All @@ -294,7 +305,7 @@ int wolfCLU_Base64Setup(int argc, char** argv)
wolfSSL_BIO_free(bioOut);
}

return WOLFCLU_SUCCESS;
return ret;
#else
(void)argc;
(void)argv;
Expand Down
Loading