Hello Tom,
could you, please, have a look at the problems reported by Coverity
concerning code introduced by you into U-Boot.
For SHA256_Update_recycle() I guess you just have to change the
signature of the function to
SHA256_Update_recycled (SHA256_CTX *ctx,
unsigned char *block, size_t len)
Looking at
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355364
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355365
and
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355366
I think the issues are false positives:
Coverity ignores that if the sha256_update() is called will length < 64
sha256_process() will be called with blocks = 0 and will not access the
buffer.
Best regards
Heinrich
-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for Das U-Boot
Date: Tue, 26 Jul 2022 00:49:17 +0000 (UTC)
From: scan-ad...@coverity.com
To: xypron.g...@gmx.de
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.
3 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 355366: (OVERRUN)
________________________________________________________________________________________________________
*** CID 355366: (OVERRUN)
/lib/crypt/crypt-sha256.c: 104 in SHA256_Update_recycled()
98 SHA256_Update_recycled (SHA256_CTX *ctx,
99 unsigned char block[32], size_t len)
100 {
101 size_t cnt;
102 for (cnt = len; cnt >= 32; cnt -= 32)
103 SHA256_Update (ctx, block, 32);
CID 355366: (OVERRUN)
Overrunning buffer pointed to by "(void const *)block" of 32 bytes by
passing it to a function which accesses it at byte offset 63.
104 SHA256_Update (ctx, block, cnt);
105 }
106 107 void
108 crypt_sha256crypt_rn (const char *phrase, size_t phr_size,
109 const char *setting, size_t ARG_UNUSED
(set_size),
/lib/crypt/crypt-sha256.c: 103 in SHA256_Update_recycled()
97 static void
98 SHA256_Update_recycled (SHA256_CTX *ctx,
99 unsigned char block[32], size_t len)
100 {
101 size_t cnt;
102 for (cnt = len; cnt >= 32; cnt -= 32)
CID 355366: (OVERRUN)
Overrunning buffer pointed to by "(void const *)block" of 32 bytes by
passing it to a function which accesses it at byte offset 63.
103 SHA256_Update (ctx, block, 32);
104 SHA256_Update (ctx, block, cnt);
105 }
106 107 void
108 crypt_sha256crypt_rn (const char *phrase, size_t phr_size,
** CID 355365: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 355365: Memory - corruptions (OVERRUN)
/lib/crypt/crypt-sha256.c: 212 in crypt_sha256crypt_rn()
206 characters and it ends at the first `$' character (for
207 compatibility with existing implementations). */
208 SHA256_Update (ctx, salt, salt_size);
209 210 /* Add for any character in the phrase one byte of the
alternate sum. */
211 for (cnt = phr_size; cnt > 32; cnt -= 32)
CID 355365: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "(void const *)result" of 32 bytes by
passing it to a function which accesses it at byte offset 63.
212 SHA256_Update (ctx, result, 32);
213 SHA256_Update (ctx, result, cnt);
214 215 /* Take the binary representation of the length of the
phrase and for every
216 1 add the alternate sum, for every 0 the phrase. */
217 for (cnt = phr_size; cnt > 0; cnt >>= 1)
** CID 355364: (OVERRUN)
________________________________________________________________________________________________________
*** CID 355364: (OVERRUN)
/lib/sha256.c: 259 in sha256_finish()
253 PUT_UINT32_BE(low, msglen, 4);
254 255 last = ctx->total[0] & 0x3F;
256 padn = (last < 56) ? (56 - last) : (120 - last);
257 258 sha256_update(ctx, sha256_padding, padn);
CID 355364: (OVERRUN)
Overrunning array "msglen" of 8 bytes by passing it to a function which
accesses it at byte offset 63.
259 sha256_update(ctx, msglen, 8);
260 261 PUT_UINT32_BE(ctx->state[0], digest, 0);
262 PUT_UINT32_BE(ctx->state[1], digest, 4);
263 PUT_UINT32_BE(ctx->state[2], digest, 8);
264 PUT_UINT32_BE(ctx->state[3], digest, 12);
/lib/sha256.c: 259 in sha256_finish()
253 PUT_UINT32_BE(low, msglen, 4);
254 255 last = ctx->total[0] & 0x3F;
256 padn = (last < 56) ? (56 - last) : (120 - last);
257 258 sha256_update(ctx, sha256_padding, padn);
CID 355364: (OVERRUN)
Overrunning array "msglen" of 8 bytes by passing it to a function which
accesses it at byte offset 63.
259 sha256_update(ctx, msglen, 8);
260 261 PUT_UINT32_BE(ctx->state[0], digest, 0);
262 PUT_UINT32_BE(ctx->state[1], digest, 4);
263 PUT_UINT32_BE(ctx->state[2], digest, 8);
264 PUT_UINT32_BE(ctx->state[3], digest, 12);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3D2T0s_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2XoD3RFHsuIXMFMppPhcX3i-2BylqPVMQRSkcH-2F8FH0yrtiNsTyqrACwgwKzcFMo110d4rbYxVU-2B6HUewkm6-2BnWaHjEY6qmqSh3JibC9pdT8olo3BdbSy-2BWanWn1DBtOw1z1cdAbywwX9dt2U78a3fVdmOhb2POgsi0MvPp4Pxgp4Cg-3D-3D
To manage Coverity Scan email notifications for "xypron.g...@gmx.de",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx4Y-2F1WK-2FIlbEOzfoxXLI-2FdwA0wwGn90rGGrBgiHW-2ByLDLbUOEV7XOvtc9zJmj9LPyrT06WSaMnNrm6wfrUN-2BXuWoaHdqOoEyL7CQlGSiE-2BfE-3D_9qC_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2XoD3RFHsuIXMFMppPhcX3iF6KnEIxQAjMHO-2BlD-2FPGZz4TDSk0BBoeIgWfCDpuLTBt0y-2B4v9hleXOTCQWQXpAtOvLz9f5xcEFBHkc8v8-2FEgrl-2B-2FxBUaiZwIAadIw6kkwIOi1-2BjFknesS-2FQN5pLywQA-2FRiTVFu8P4KaYNq7QGyQkrQ-3D-3D
