Skip to content

Commit

Permalink
Attempt to squash mesons can build finding
Browse files Browse the repository at this point in the history
This is a false positive but the scan is can't tell that this value
cannot change becasue it is not local. If this works will squash this
commit in the previous one.

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
simo5 committed May 31, 2024
1 parent bf59ce4 commit c608ab5
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/asymmetric_cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,7 @@ static int p11prov_rsaenc_decrypt(void *ctx, unsigned char *out, size_t *outlen,
CK_ULONG out_size = *outlen;
int result = RET_OSSL_ERR;
bool always_auth = false;
bool tls_padding = encctx->tls_passing.mode;
CK_RV ret;

P11PROV_debug("decrypt (ctx=%p)", ctx);
Expand All @@ -328,7 +329,7 @@ static int p11prov_rsaenc_decrypt(void *ctx, unsigned char *out, size_t *outlen,
}

if (outsize < key_size) {
if (encctx->tls_padding.mode) {
if (tls_padding) {
if (outsize < SSL_MAX_MASTER_KEY_LENGTH) {
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
return RET_OSSL_ERR;
Expand All @@ -339,7 +340,7 @@ static int p11prov_rsaenc_decrypt(void *ctx, unsigned char *out, size_t *outlen,
}
}

if (encctx->tls_padding.mode) {
if (tls_padding) {
tmpbuf = OPENSSL_zalloc(key_size);
if (!tmpbuf) {
return RET_OSSL_ERR;
Expand Down Expand Up @@ -412,7 +413,7 @@ static int p11prov_rsaenc_decrypt(void *ctx, unsigned char *out, size_t *outlen,

/* this conditional is ok because it is not dependent on the
* decryption computation or any private data */
if (encctx->tls_padding.mode) {
if (tls_padding) {
CK_ULONG tls_cond = 0;

result = p11prov_tls_constant_time_depadding(encctx, out, tmpbuf,
Expand Down

0 comments on commit c608ab5

Please sign in to comment.