Cppcheck: Fix warnings with updated tf-m-ci-scripts
Several cppcheck warnings are fixed in the following modules:
- Interface
- Partitions: Crypto/ITS/PS/Platform
- SPRTL headers
- Various headers
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I08c9fa10895c0b723a2d8b3cdcd386b1752facaa
diff --git a/bl2/src/flash_map.c b/bl2/src/flash_map.c
index 252bfe5..366606c 100644
--- a/bl2/src/flash_map.c
+++ b/bl2/src/flash_map.c
@@ -97,7 +97,7 @@
int ret = 0;
/* Valid entries for data item width */
- uint32_t data_width_byte[] = {
+ const uint32_t data_width_byte[] = {
sizeof(uint8_t),
sizeof(uint16_t),
sizeof(uint32_t),
@@ -175,7 +175,7 @@
uint32_t src_written_idx = 0;
uint32_t add_padding_size, len_padding_size;
uint32_t write_size;
- uint32_t last_unit_start_off = 0;
+ uint32_t last_unit_start_off;
/*
* aligned_off off last_unit_start_off
* | | |
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index 64d56db..2b033d4 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -772,7 +772,7 @@
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
.key_id = key,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -781,7 +781,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = plaintext, .len = plaintext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -797,8 +797,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
status = API_DISPATCH(tfm_crypto_aead_encrypt,
TFM_CRYPTO_AEAD_ENCRYPT);
@@ -824,7 +828,7 @@
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
.key_id = key,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -833,7 +837,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = ciphertext, .len = ciphertext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -849,8 +853,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
status = API_DISPATCH(tfm_crypto_aead_decrypt,
TFM_CRYPTO_AEAD_DECRYPT);
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index fbb69d3..67842ac 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -778,7 +778,7 @@
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
.key_id = key,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -787,7 +787,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = plaintext, .len = plaintext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -803,8 +803,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
@@ -834,7 +838,7 @@
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
.key_id = key,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -843,7 +847,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = ciphertext, .len = ciphertext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -859,8 +863,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 28c787c..d11ea84 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -211,7 +211,7 @@
static void tfm_crypto_ipc_handler(void)
{
- psa_signal_t signals = 0;
+ psa_signal_t signals;
psa_msg_t msg;
psa_status_t status = PSA_SUCCESS;
uint32_t sfn_id = TFM_CRYPTO_SID_INVALID;
@@ -222,10 +222,7 @@
if (signals & TFM_CRYPTO_SIGNAL) {
/* Extract the message */
if (psa_get(TFM_CRYPTO_SIGNAL, &msg) != PSA_SUCCESS) {
- /* FIXME: Should be replaced by TF-M error handling */
- while (1) {
- ;
- }
+ psa_panic();
}
/* Process the message type */
@@ -234,24 +231,16 @@
/* Parse the message */
status = tfm_crypto_parse_msg(&msg, &iov, &sfn_id);
/* Call the dispatcher based on the SID passed as type */
- if (sfn_id != TFM_CRYPTO_SID_INVALID) {
+ if (status == PSA_SUCCESS) {
status = tfm_crypto_call_sfn(&msg, &iov, sfn_id);
- } else {
- status = PSA_ERROR_GENERIC_ERROR;
}
psa_reply(msg.handle, status);
break;
default:
- /* FIXME: Should be replaced by TF-M error handling */
- while (1) {
- ;
- }
+ psa_panic();
}
} else {
- /* FIXME: Should be replaced by TF-M error handling */
- while (1) {
- ;
- }
+ psa_panic();
}
}
diff --git a/secure_fw/partitions/crypto/tfm_crypto_private.h b/secure_fw/partitions/crypto/tfm_crypto_private.h
index e3ec377..b28224a 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_private.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_private.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,6 +13,25 @@
#endif
#ifdef TFM_PSA_API
+
+#include <stdbool.h>
+
+/* \brief Verifies that in_len is in the [in_min, in_max] range
+ * AND out_len is in the [out_min, out_max] range. In
+ * case any of the two in_len or out_len is out of range,
+ * returns false. Returns true in case of success.
+ */
+static inline bool tfm_crypto_private_check_length(
+ size_t in_len, size_t in_min, size_t in_max,
+ size_t out_len, size_t out_min, size_t out_max)
+{
+ if ((in_len >= in_min) && (in_len <= in_max) &&
+ (out_len >= out_min) && (out_len <= out_max)) {
+ return true;
+ }
+ return false;
+}
+
/*
* Validate the IOVEC[] lengths for IPC model. The tfm_crypto_call_sfn()
* reduces the entries in IOVEC[] which are empty from `in_len` and `out_len`.
@@ -25,9 +44,9 @@
* and `out_len`.
*/
#define CRYPTO_IN_OUT_LEN_VALIDATE(in_len, in_min, in_max, out_len, out_min, out_max) \
- if (!(((in_len) >= (in_min)) && ((in_len) <= (in_max))) || \
- !(((out_len) >= (out_min)) && ((out_len) <= (out_max)))) { \
- return PSA_ERROR_PROGRAMMER_ERROR; \
+ if (!tfm_crypto_private_check_length( \
+ in_len, in_min, in_max, out_len, out_min, out_max)) { \
+ return PSA_ERROR_PROGRAMMER_ERROR; \
}
#else
/*
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index d2160c1..b2e55d3 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -926,7 +926,7 @@
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
.key_id = key_id,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -935,7 +935,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = plaintext, .len = plaintext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -951,8 +951,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (additional_data == NULL) {
@@ -991,7 +995,7 @@
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
.key_id = key_id,
.alg = alg,
- .aead_in = {.nonce = {0}, .nonce_length = nonce_length}
+ .aead_in = {.nonce = {0}, .nonce_length = 0}
};
/* Sanitize the optional input */
@@ -1000,7 +1004,7 @@
}
psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = NULL, .len = 0},
{.base = ciphertext, .len = ciphertext_length},
{.base = additional_data, .len = additional_data_length},
};
@@ -1016,8 +1020,12 @@
for (size_t idx = 0; idx < nonce_length; idx++) {
iov.aead_in.nonce[idx] = nonce[idx];
}
+ iov.aead_in.nonce_length = nonce_length;
}
+ in_vec[0].base = &iov;
+ in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
+
#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (additional_data == NULL) {
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index 1c05331..db6d512 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -320,7 +320,7 @@
psa_status_t tfm_its_req_mngr_init(void)
{
#ifdef TFM_PSA_API
- psa_signal_t signals = 0;
+ psa_signal_t signals;
if (tfm_its_init() != PSA_SUCCESS) {
psa_panic();
diff --git a/secure_fw/partitions/lib/sprt/include/tfm_sp_log.h b/secure_fw/partitions/lib/sprt/include/tfm_sp_log.h
index d4e2579..576c0e8 100644
--- a/secure_fw/partitions/lib/sprt/include/tfm_sp_log.h
+++ b/secure_fw/partitions/lib/sprt/include/tfm_sp_log.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -29,7 +29,7 @@
#if (TFM_PARTITION_LOG_LEVEL > TFM_PARTITION_LOG_LEVEL_DEBUG || \
TFM_PARTITION_LOG_LEVEL < TFM_PARTITION_LOG_LEVEL_SILENCE)
-#error "Incorrect TFM_PARTITION_LOG_LEVEL value!"
+#error "Incorrect TFM_PARTITION_LOG_LEVEL value!"
#endif
#if (TFM_PARTITION_LOG_LEVEL == TFM_PARTITION_LOG_LEVEL_DEBUG)
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index 12c04cd..673cb0e 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -42,7 +42,7 @@
#define OUTPUT_BUFFER_SIZE 64
typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg);
-#endif
+#endif /* TFM_PSA_API */
/*
* \brief Verifies ownership of a nv_counter resource to a partition id.
@@ -58,8 +58,12 @@
int32_t req_id;
/* Boundary check the input argument */
- if (nv_counter_no >= NV_COUNTER_MAP_SIZE ||
- (int32_t)nv_counter_no < 0 || nv_counter_no >= PLAT_NV_COUNTER_MAX) {
+ const uint32_t bounds[] = {PLAT_NV_COUNTER_MAX, NV_COUNTER_MAP_SIZE};
+ const uint32_t lower_bound_check = bounds[0] < bounds[1] ?
+ bounds[0] : bounds[1];
+
+ /* Check that nv_counter no is in [0; lower_bound_check-1] */
+ if (!((uint32_t)nv_counter_no < lower_bound_check)) {
return false;
}
@@ -226,6 +230,9 @@
}
num = psa_read(msg->handle, 0, &counter_id, msg->in_size[0]);
+ if (num != msg->in_size[0]) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
if (!nv_counter_access_grant(msg->client_id, counter_id)) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
@@ -353,7 +360,7 @@
#endif
}
#ifdef TFM_PSA_API
- psa_signal_t signals = 0;
+ psa_signal_t signals;
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
diff --git a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
index f5b2031..1bd25da 100644
--- a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
@@ -395,7 +395,7 @@
psa_status_t tfm_ps_req_mngr_init(void)
{
#ifdef TFM_PSA_API
- psa_signal_t signals = 0;
+ psa_signal_t signals;
if (tfm_ps_init() != PSA_SUCCESS) {
psa_panic();
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index a2edf7b..bbb6d6c 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -54,7 +54,7 @@
/* Valid index should be [0, STATIC_HANDLE_NUM_LIMIT-1] */
#define IS_VALID_STATIC_HANDLE_IDX(index) \
- (((index) >= 0) && ((index) < STATIC_HANDLE_NUM_LIMIT))
+ ((uint32_t)(index) < STATIC_HANDLE_NUM_LIMIT)
#define SPM_INVALID_PARTITION_IDX (~0U)
diff --git a/secure_fw/spm/include/tfm_arch_v8m.h b/secure_fw/spm/include/tfm_arch_v8m.h
index e03ae8a..4039561 100644
--- a/secure_fw/spm/include/tfm_arch_v8m.h
+++ b/secure_fw/spm/include/tfm_arch_v8m.h
@@ -14,16 +14,16 @@
#include "tfm_core_trustzone.h"
#include "utilities.h"
-#define EXC_RETURN_INDICATOR (0xFF << 24)
-#define EXC_RETURN_RES1 (0x1FFFF << 7)
-#define EXC_RETURN_SECURE_STACK (1 << 6)
-#define EXC_RETURN_STACK_RULE (1 << 5)
-#define EXC_RETURN_FPU_FRAME_BASIC (1 << 4)
-#define EXC_RETURN_MODE_THREAD (1 << 3)
-#define EXC_RETURN_STACK_PROCESS (1 << 2)
-#define EXC_RETURN_STACK_MAIN (0 << 2)
-#define EXC_RETURN_RES0 (0 << 1)
-#define EXC_RETURN_EXC_SECURE (1)
+#define EXC_RETURN_INDICATOR (0xFFUL << 24)
+#define EXC_RETURN_RES1 (0x1FFFFUL << 7)
+#define EXC_RETURN_SECURE_STACK (1UL << 6)
+#define EXC_RETURN_STACK_RULE (1UL << 5)
+#define EXC_RETURN_FPU_FRAME_BASIC (1UL << 4)
+#define EXC_RETURN_MODE_THREAD (1UL << 3)
+#define EXC_RETURN_STACK_PROCESS (1UL << 2)
+#define EXC_RETURN_STACK_MAIN (0UL << 2)
+#define EXC_RETURN_RES0 (0UL << 1)
+#define EXC_RETURN_EXC_SECURE (1UL)
/* Initial EXC_RETURN value in LR when a thread is loaded at the first time */
#define EXC_RETURN_THREAD_S_PSP \
diff --git a/secure_fw/spm/include/tfm_spm_log.h b/secure_fw/spm/include/tfm_spm_log.h
index 4ad749e..99f9431 100644
--- a/secure_fw/spm/include/tfm_spm_log.h
+++ b/secure_fw/spm/include/tfm_spm_log.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -31,7 +31,7 @@
#if (TFM_SPM_LOG_LEVEL > TFM_SPM_LOG_LEVEL_DEBUG || \
TFM_SPM_LOG_LEVEL < TFM_SPM_LOG_LEVEL_SILENCE)
-#error "Incorrect TFM_SPM_LOG_LEVEL value!"
+#error "Incorrect TFM_SPM_LOG_LEVEL value!"
#endif
#if (TFM_SPM_LOG_LEVEL == TFM_SPM_LOG_LEVEL_DEBUG)