Conversation
…yptUpdate EVP_CIPHER_CTX_ctrl EVP_EncryptUpdate
Add the warning when using clang. This error is also set by default when build building ios so add a ci build.
Add checks before casting.
| debug_print(srtp_mod_aes_gcm, "setting AAD: %s", | ||
| srtp_octet_string_hex_string(aad, aad_len)); | ||
|
|
||
| if (aad_len > INT_MAX) { |
There was a problem hiding this comment.
Might want to move this check up a few lines since it's printed above before it's checked here.
There was a problem hiding this comment.
The check is only mean to protect from the casting, using it in the print statement as a szie_t should be no problem or ?
There was a problem hiding this comment.
I just think that if the parameter is considered bad, we ought to return that error before using it. If aad_len is bad, then I would guess aad is also bad. The printed result might be wrong. I'm just overly cautious.
| return srtp_err_status_buffer_small; | ||
| } | ||
|
|
||
| if (src_len > INT_MAX) { |
There was a problem hiding this comment.
Might want to move this up a few lines, as there is a comparison against it just above before this check.
There was a problem hiding this comment.
That comparison should be fine as they are all size_t, this is check was only to protect from casting.
There was a problem hiding this comment.
Yeah, this will not break since it is the same type. I just prefer to check values before using them. But, your call.
| return srtp_err_status_buffer_small; | ||
| } | ||
|
|
||
| if (src_len > INT_MAX) { |
There was a problem hiding this comment.
Same here. Used a couple of times above before this check.
| memcpy(c->aad + c->aad_size, aad, aad_len); | ||
| c->aad_size += aad_len; | ||
| #else | ||
| if (aad_len > INT_MAX) { |
There was a problem hiding this comment.
Seems like this should be moved just above the log statement, as I assume this should run regardless of the conditional compilation statements.
| return srtp_err_status_buffer_small; | ||
| } | ||
|
|
||
| if (src_len > INT_MAX) { |
There was a problem hiding this comment.
This one should be moved up a bit, since the value is compared just before this check.
| } | ||
|
|
||
| if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) { | ||
| if (msg_octets > UINT_MAX) { |
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| } | ||
| #else | ||
| if (HMAC_Init_ex(hmac->ctx, key, key_len, EVP_sha1(), NULL) == 0) { | ||
| if (key_len > INT_MAX) { |
There was a problem hiding this comment.
Should this be moved above the #ifdef, since it is used in that code, too (line 238).
There was a problem hiding this comment.
The keyLen param of EVP_MAC_init is of type size_t so cast and check is not required.
There was a problem hiding this comment.
It's ok if the #ifdef SRTP_OSSL_USE_EVP_MAC block if this key_len > INT_MAX? If so, fine. Seems like it would matter both places.
| srtp_octet_string_hex_string(message, msg_octets)); | ||
|
|
||
| err = wc_HmacUpdate(state, message, msg_octets); | ||
| if (msg_octets > INT_MAX) { |
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| return srtp_err_status_bad_param; | ||
| } | ||
|
|
||
| if (msg_octets > INT_MAX) { |
There was a problem hiding this comment.
You might want to move this above the debug print above that uses msg_octets.
| } | ||
| octet_string_set_to_zero(key, length); | ||
|
|
||
| if (length > INT_MAX) { |
There was a problem hiding this comment.
Could add this to line 845, which checks for a zero length.
There was a problem hiding this comment.
It could but it is here only to verify it wont be shortened when calling wc_SRTP_KDF_label() not if the value is other wise valid.
There was a problem hiding this comment.
Same issue. No problem if you don't mind printing a wrong value (and it doesn't cause issues)
2 participants
This takes the changes proposed in #742 and adds a ci build as well as fixing these warnings for all backends.