fixes/workarounds for -Wnull-dereferences, some true positive, some false

positive:
* src/pk.c:wolfSSL_RSA_meth_new()
* tests/api.c:test_wolfSSL_PKCS7_certs()
* tests/api.c:test_wolfSSL_X509V3_EXT_get()
* wolfcrypt/src/asn.c:EncodeName()
* wolfcrypt/src/pkcs12.c:wc_i2d_PKCS12()
* wolfcrypt/src/port/af_alg/afalg_aes.c

Author: douzzer

src/pk.c

@@ -970,23 +970,23 @@ WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags)
     int err;
 
     /* Validate name is not NULL. */
-    err = (name == NULL);
-    if (!err) {
-        /* Allocate an RSA METHOD to return. */
-        meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-        err = (meth == NULL);
-    }
-    if (!err) {
-        XMEMSET(meth, 0, sizeof(*meth));
-        meth->flags = flags;
-        meth->dynamic = 1;
+    if (name == NULL)
+        return NULL;
+    /* Allocate an RSA METHOD to return. */
+    meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
+                                        DYNAMIC_TYPE_OPENSSL);
+    if (meth == NULL)
+        return NULL;
+
+    XMEMSET(meth, 0, sizeof(*meth));
+    meth->flags = flags;
+    meth->dynamic = 1;
+
+    name_len = (int)XSTRLEN(name);
+    meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL,
+        DYNAMIC_TYPE_OPENSSL);
+    err = (meth->name == NULL);
 
-        name_len = (int)XSTRLEN(name);
-        meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-        err = (meth->name == NULL);
-    }
     if (!err) {
         XMEMCPY(meth->name, name, (size_t)(name_len + 1));
     }

tests/api.c

@@ -20116,8 +20116,8 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            ExpectIntGT(sk_X509_push(sk, info->x509), 0);
-            if (EXPECT_SUCCESS() && (info != NULL)) {
+            if (info != NULL) {
+                ExpectIntGT(sk_X509_push(sk, info->x509), 0);
                 info->x509 = NULL;
             }
             X509_INFO_free(info);
@@ -32422,8 +32422,10 @@ static int test_wolfSSL_X509V3_EXT_get(void)
         ExpectIntNE((extNid = ext->obj->nid), NID_undef);
         ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
         ExpectIntEQ(method->ext_nid, extNid);
-        if (method->ext_nid == NID_subject_key_identifier) {
-            ExpectNotNull(method->i2s);
+        if (EXPECT_SUCCESS()) {
+            if (method->ext_nid == NID_subject_key_identifier) {
+                ExpectNotNull(method->i2s);
+            }
         }
     }
 

wolfcrypt/src/asn.c

@@ -29922,6 +29922,9 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 name->used = 0;
                 return 0;
             }
+            nameSz = (word32)cname->custom.valSz;
+            oid = cname->custom.oid;
+            oidSz = (word32)cname->custom.oidSz;
         }
     #else
         (void)cname;
@@ -29961,9 +29964,9 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 break;
         #ifdef WOLFSSL_CUSTOM_OID
             case ASN_CUSTOM_NAME:
-                nameSz = (word32)cname->custom.valSz;
-                oid = cname->custom.oid;
-                oidSz = (word32)cname->custom.oidSz;
+                /* oid setup is above (mitigating false positive
+                 * -Wnull-dereference).
+                 */
                 break;
         #endif
         #ifdef WOLFSSL_CERT_REQ

wolfcrypt/src/pkcs12.c

@@ -977,8 +977,10 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
             totalSz += seqSz;
 
             /* check if getting length only */
-            if (der == NULL && derSz != NULL) {
-                *derSz = (int)totalSz;
+            if (der == NULL) {
+                /* repeat nullness check locally to mollify -Wnull-dereference. */
+                if (derSz != NULL)
+                    *derSz = (int)totalSz;
                 XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
                 return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }

wolfcrypt/src/port/af_alg/afalg_aes.c

@@ -186,6 +186,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
+            if (cmsg == NULL) {
+                WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCbcEncrypt() returned NULL unexpectedly.");
+                return SYSLIB_FAILED_E;
+            }
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                     (byte*)(aes->reg), AES_IV_SIZE);
             if (ret < 0) {
@@ -245,6 +249,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
+            if (cmsg == NULL) {
+                WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCbcDecrypt() returned NULL unexpectedly.");
+                return SYSLIB_FAILED_E;
+            }
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                     (byte*)(aes->reg), AES_IV_SIZE);
             if (ret != 0) {
@@ -397,6 +405,10 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 /* update IV */
                 cmsg = CMSG_FIRSTHDR(&(aes->msg));
+                if (cmsg == NULL) {
+                    WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCtrEncrypt() returned NULL unexpectedly.");
+                    return SYSLIB_FAILED_E;
+                }
                 ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                         (byte*)(aes->reg), AES_IV_SIZE);
                 if (ret < 0) {
@@ -613,7 +625,15 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     msg = &(aes->msg);
     cmsg = CMSG_FIRSTHDR(msg);
+    if (cmsg == NULL) {
+        WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesGcmEncrypt() returned NULL unexpectedly.");
+        return SYSLIB_FAILED_E;
+    }
     cmsg = CMSG_NXTHDR(msg, cmsg);
+    if (cmsg == NULL) {
+        WOLFSSL_MSG("CMSG_NEXTHDR() in wc_AesGcmEncrypt() returned NULL unexpectedly.");
+        return SYSLIB_FAILED_E;
+    }
 
     /* set IV and AAD size */
     ret = wc_Afalg_SetIv(cmsg, (byte*)iv, ivSz);