Fix control bypass warnings
Declarations have been moved to the top of functions to fix this
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
diff --git a/library/ecp.c b/library/ecp.c
index 2d80b6f..1cf242a 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2593,6 +2593,7 @@
void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int have_rng;
size_t i;
unsigned char b;
mbedtls_ecp_point RP;
@@ -2626,7 +2627,7 @@
MOD_ADD(RP.X);
/* Randomize coordinates of the starting point */
- int have_rng = 1;
+ have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if (f_rng == NULL) {
have_rng = 0;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fdcdd43..d1e6b5c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1472,6 +1472,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
@@ -1498,7 +1499,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
@@ -2406,6 +2407,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
@@ -2423,7 +2425,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2594,6 +2596,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
@@ -2606,7 +2609,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2732,6 +2735,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
*signature_length = 0;
@@ -2764,7 +2768,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3303,6 +3307,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
@@ -3338,7 +3343,7 @@
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3561,6 +3566,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
@@ -3577,7 +3583,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3633,6 +3639,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
if (!PSA_ALG_IS_CIPHER(alg)) {
@@ -3647,7 +3654,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4251,6 +4258,7 @@
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status;
+ psa_key_attributes_t attributes;
if (!key_type_is_raw_bytes(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -4279,7 +4287,7 @@
}
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4891,14 +4899,15 @@
size_t shared_secret_size,
size_t *shared_secret_length)
{
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status;
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
+ status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
@@ -4916,6 +4925,8 @@
return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
+ (void) ecp;
+ (void) status;
(void) private_key;
(void) peer_key;
(void) peer_key_length;
@@ -5011,6 +5022,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ size_t expected_length;
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5030,7 +5042,7 @@
* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */
- size_t expected_length =
+ expected_length =
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index bc9a204..52759aa 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -806,13 +806,14 @@
int *written,
const int expected_fragments)
{
+ int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
+ ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
if (ret > 0) {
*written += ret;
}
@@ -852,13 +853,14 @@
int *read, int *fragments,
const int expected_fragments)
{
+ int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
+ ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
if (ret > 0) {
(*fragments)++;
*read += ret;