blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

Merge branch 'fix/coverity_reports_security' into 'master'

Browse Source 
fix(security): Fixed coverity warnings from `nvs_sec_provider` and `esp_tee` components

Closes IDF-12190, IDF-12194, and IDF-12197

See merge request espressif/esp-idf!36721
This commit is contained in:
Mahavir Jain 2025-02-12 12:34:19 +08:00
commit 4e072b3f8a
3 changed files with 19 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
components/esp_tee/subproject/main/common/panic/panic_helper_riscv.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -113,34 +113,26 @@ void panic_print_isrcause(const void *f, int core)
{
RvExcFrame *regs = (RvExcFrame *) f;
/* Please keep in sync with PANIC_RSN_* defines */
static const char *pseudo_reason[] = {
"Unknown reason",
"Interrupt wdt timeout on CPU0",
"Interrupt wdt timeout on CPU1",
"Cache error",
};
const void *addr = (void *) regs->mepc;
const char *rsn = pseudo_reason[0];
const char *rsn = "Unknown reason";
/* The mcause has been set by the CPU when the panic occurred.
* All SoC-level panic will call this function, thus, this register
* lets us know which error was triggered. */
if (regs->mcause == ETS_CACHEERR_INUM) {
/* Panic due to a cache error, multiple cache error are possible,
* assign function print_cache_err_details to our structure's
* details field. As its name states, it will give more details
* about why the error happened. */
rsn = pseudo_reason[PANIC_RSN_CACHEERR];
} else if (regs->mcause == ETS_INT_WDT_INUM) {
/* Watchdog interrupt occurred, get the core on which it happened
* and update the reason/message accordingly. */
#if SOC_CPU_NUM > 1
_Static_assert(PANIC_RSN_INTWDT_CPU0 + 1 == PANIC_RSN_INTWDT_CPU1,
"PANIC_RSN_INTWDT_CPU1 must be equal to PANIC_RSN_INTWDT_CPU0 + 1");
switch (regs->mcause) {
case ETS_CACHEERR_INUM:
rsn = "Cache error";
break;
case PANIC_RSN_INTWDT_CPU0:
rsn = "Interrupt wdt timeout on CPU0";
break;
#if SOC_CPU_CORES_NUM > 1
case PANIC_RSN_INTWDT_CPU1:
rsn = "Interrupt wdt timeout on CPU1";
break;
#endif
rsn = pseudo_reason[PANIC_RSN_INTWDT_CPU0 + core];
default:
break;
}
const char *desc = "Exception was unhandled.";

11
examples/security/nvs_encryption_hmac/main/main.c
View File

@ -1,7 +1,7 @@
/*
* NVS Encryption with HMAC-based encryption key protection scheme example
*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@ -39,14 +39,7 @@ static esp_err_t example_custom_nvs_part_init(const char *label)
esp_err_t ret = ESP_FAIL;
#if defined(CONFIG_NVS_ENCRYPTION) && defined(CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC)
nvs_sec_cfg_t cfg = {};
nvs_sec_scheme_t *sec_scheme_handle = NULL;
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
ret = nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle);
if (ret != ESP_OK) {
return ret;
}
nvs_sec_scheme_t *sec_scheme_handle = nvs_flash_get_default_security_scheme();
ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg);
if (ret != ESP_OK) {

9
examples/security/security_features_app/main/security_features_app_main.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@ -72,12 +72,7 @@ static esp_err_t example_custom_nvs_part_init(const char *name)
#if CONFIG_NVS_ENCRYPTION
esp_err_t ret = ESP_FAIL;
nvs_sec_cfg_t cfg = {};
nvs_sec_scheme_t *sec_scheme_handle = NULL;
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
ret = nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle);
if (ret != ESP_OK) {
return ret;
}
nvs_sec_scheme_t *sec_scheme_handle = nvs_flash_get_default_security_scheme();
ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg);
if (ret != ESP_OK) {