From 5276f783fc78c11b9871593a4a2c27b1be170c33 Mon Sep 17 00:00:00 2001 From: Justin W Smith <103147162+justsmth@users.noreply.github.com> Date: Wed, 15 Jan 2025 18:02:25 -0500 Subject: [PATCH] Address Scrutinice findings (#2121) ### Issues: Addresses P188794065 ### Description of changes: * Cleanup a few issues identified through static anaylsis By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. --- crypto/evp_extra/p_pqdsa.c | 7 +++---- crypto/pkcs8/pkcs8_x509.c | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/evp_extra/p_pqdsa.c b/crypto/evp_extra/p_pqdsa.c index 331c819337..4318cdf7d3 100644 --- a/crypto/evp_extra/p_pqdsa.c +++ b/crypto/evp_extra/p_pqdsa.c @@ -59,6 +59,7 @@ static int pkey_pqdsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { static int pkey_pqdsa_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len, const uint8_t *message, size_t message_len) { + GUARD_PTR(sig_len); PQDSA_PKEY_CTX *dctx = ctx->data; const PQDSA *pqdsa = dctx->pqdsa; if (pqdsa == NULL) { @@ -71,10 +72,8 @@ static int pkey_pqdsa_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig, // Caller is getting parameter values. if (sig == NULL) { - if (sig_len != NULL) { - *sig_len = pqdsa->signature_len; - return 1; - } + *sig_len = pqdsa->signature_len; + return 1; } if (*sig_len != pqdsa->signature_len) { diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c index 86148739c6..2e7148c45e 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.c @@ -188,7 +188,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int pass_len_in, const uint8_t *salt, size_t salt_len, int iterations, PKCS8_PRIV_KEY_INFO *p8inf) { size_t pass_len; - if (pass_len_in == -1 && pass != NULL) { + if (pass_len_in < 0 && pass != NULL) { pass_len = strlen(pass); } else { pass_len = (size_t)pass_len_in;