search

guanzhi / GmSSL

支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱
http://gmssl.org
Apache License 2.0
5.05k stars 1.65k forks source link

使用cppcheck检查代码发现一些问题 #1720

Open hanlinbao opened 1 month ago

hanlinbao commented 1 month ago 
 static int sdf_cbc_decrypt_blocks(SDF_KEY *key, uint8_t iv[16], const uint8_t *in, size_t nblocks, uint8_t *out)
{
    unsigned int inlen = (unsigned int)(nblocks * 16);
    unsigned int outlen = 0;

    if (SDF_Decrypt(key->session, key->handle, SGD_SM4_CBC,
        iv, (unsigned char *)in, inlen, out, &outlen) != SDR_OK) {
        error_print();
        return -1;
    }
    if (outlen != inlen) {
        error_print();
        return -1;
    }
    if (inlen) {
        if (memcmp(iv, in + inlen - 16, 16) != 0) {
            memcmp(iv, in + inlen - 16, 16);<--- Return value of function memcmp() is not used.
        }
    }
    return 1;
}

这里按我的理解是不是应该使用memcpy来传出最后data当下一组iv,反正不该是在这里连续调两遍memcmp什么都没干

hanlinbao commented 1 month ago

逻辑上的矛盾死代码:

int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen)
    if (!a) {<--- outer condition: !a
        if (a) {<--- opposite inner condition: a
            error_print();
            return -1;
        }
        return 0;
    }