Stop IAR warning about goto skipping variable definition
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
parent
71f2e398bd
commit
515af1d80d
3 changed files with 53 additions and 48 deletions
|
|
@ -216,21 +216,22 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||||
/* PKCS12 uses CBC with PKCS7 padding */
|
{
|
||||||
|
/* PKCS12 uses CBC with PKCS7 padding */
|
||||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||||
/* For historical reasons, when decrypting, this function works when
|
/* For historical reasons, when decrypting, this function works when
|
||||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||||
* case, it ignores the padding, and so will never report a
|
* case, it ignores the padding, and so will never report a
|
||||||
* password mismatch.
|
* password mismatch.
|
||||||
*/
|
*/
|
||||||
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
||||||
padding = MBEDTLS_PADDING_NONE;
|
padding = MBEDTLS_PADDING_NONE;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||||
goto exit;
|
goto exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -242,23 +242,25 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||||
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
{
|
||||||
* "PKCS5 padding" except that it's typically only called PKCS5
|
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
||||||
* with 64-bit-block ciphers).
|
* "PKCS5 padding" except that it's typically only called PKCS5
|
||||||
*/
|
* with 64-bit-block ciphers).
|
||||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
*/
|
||||||
|
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||||
/* For historical reasons, when decrypting, this function works when
|
/* For historical reasons, when decrypting, this function works when
|
||||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||||
* case, it ignores the padding, and so will never report a
|
* case, it ignores the padding, and so will never report a
|
||||||
* password mismatch.
|
* password mismatch.
|
||||||
*/
|
*/
|
||||||
if (mode == MBEDTLS_DECRYPT) {
|
if (mode == MBEDTLS_DECRYPT) {
|
||||||
padding = MBEDTLS_PADDING_NONE;
|
padding = MBEDTLS_PADDING_NONE;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||||
goto exit;
|
goto exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||||
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
|
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
|
||||||
|
|
|
||||||
|
|
@ -254,31 +254,33 @@ static int parse_attribute_value_hex_der_encoded(const char *s,
|
||||||
/* Step 3: decode the DER. */
|
/* Step 3: decode the DER. */
|
||||||
/* We've checked that der_length >= 1 above. */
|
/* We've checked that der_length >= 1 above. */
|
||||||
*tag = der[0];
|
*tag = der[0];
|
||||||
unsigned char *p = der + 1;
|
{
|
||||||
if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
|
unsigned char *p = der + 1;
|
||||||
goto error;
|
if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
|
||||||
}
|
goto error;
|
||||||
/* Now p points to the first byte of the payload inside der,
|
}
|
||||||
* and *data_len is the length of the payload. */
|
/* Now p points to the first byte of the payload inside der,
|
||||||
|
* and *data_len is the length of the payload. */
|
||||||
|
|
||||||
/* Step 4: payload validation */
|
/* Step 4: payload validation */
|
||||||
if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) {
|
if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
/* Strings must not contain null bytes. */
|
/* Strings must not contain null bytes. */
|
||||||
if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) {
|
if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) {
|
||||||
for (size_t i = 0; i < *data_len; i++) {
|
for (size_t i = 0; i < *data_len; i++) {
|
||||||
if (p[i] == 0) {
|
if (p[i] == 0) {
|
||||||
goto error;
|
goto error;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* Step 5: output the payload. */
|
/* Step 5: output the payload. */
|
||||||
if (*data_len > data_size) {
|
if (*data_len > data_size) {
|
||||||
goto error;
|
goto error;
|
||||||
|
}
|
||||||
|
memcpy(data, p, *data_len);
|
||||||
}
|
}
|
||||||
memcpy(data, p, *data_len);
|
|
||||||
mbedtls_free(der);
|
mbedtls_free(der);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue