blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

Merge branch 'fix/coverity_reports_security' into 'master'

Browse Source 
fix(security): Fixed coverity warnings from `nvs_sec_provider` and `esp_tee` components

Closes IDF-12190, IDF-12194, and IDF-12197

See merge request espressif/esp-idf!36721
This commit is contained in:
Mahavir Jain 2025-02-12 12:34:19 +08:00
commit 4e072b3f8a
3 changed files with 19 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
components/esp_tee/subproject/main/common/panic/panic_helper_riscv.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -113,34 +113,26 @@ void panic_print_isrcause(const void *f, int core)
{ {
RvExcFrame *regs = (RvExcFrame *) f; RvExcFrame *regs = (RvExcFrame *) f;
/* Please keep in sync with PANIC_RSN_* defines */
static const char *pseudo_reason[] = {
"Unknown reason",
"Interrupt wdt timeout on CPU0",
"Interrupt wdt timeout on CPU1",
"Cache error",
};
const void *addr = (void *) regs->mepc; const void *addr = (void *) regs->mepc;
const char *rsn = pseudo_reason[0]; const char *rsn = "Unknown reason";
/* The mcause has been set by the CPU when the panic occurred. /* The mcause has been set by the CPU when the panic occurred.
* All SoC-level panic will call this function, thus, this register * All SoC-level panic will call this function, thus, this register
* lets us know which error was triggered. */ * lets us know which error was triggered. */
if (regs->mcause == ETS_CACHEERR_INUM) { switch (regs->mcause) {
/* Panic due to a cache error, multiple cache error are possible, case ETS_CACHEERR_INUM:
* assign function print_cache_err_details to our structure's rsn = "Cache error";
* details field. As its name states, it will give more details break;
* about why the error happened. */ case PANIC_RSN_INTWDT_CPU0:
rsn = pseudo_reason[PANIC_RSN_CACHEERR]; rsn = "Interrupt wdt timeout on CPU0";
} else if (regs->mcause == ETS_INT_WDT_INUM) { break;
/* Watchdog interrupt occurred, get the core on which it happened #if SOC_CPU_CORES_NUM > 1
* and update the reason/message accordingly. */ case PANIC_RSN_INTWDT_CPU1:
#if SOC_CPU_NUM > 1 rsn = "Interrupt wdt timeout on CPU1";
_Static_assert(PANIC_RSN_INTWDT_CPU0 + 1 == PANIC_RSN_INTWDT_CPU1, break;
"PANIC_RSN_INTWDT_CPU1 must be equal to PANIC_RSN_INTWDT_CPU0 + 1");
#endif #endif
rsn = pseudo_reason[PANIC_RSN_INTWDT_CPU0 + core]; default:
break;
} }
const char *desc = "Exception was unhandled."; const char *desc = "Exception was unhandled.";

11
examples/security/nvs_encryption_hmac/main/main.c
View File

@ -1,7 +1,7 @@
/* /*
* NVS Encryption with HMAC-based encryption key protection scheme example * NVS Encryption with HMAC-based encryption key protection scheme example
* *
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Unlicense OR CC0-1.0 * SPDX-License-Identifier: Unlicense OR CC0-1.0
*/ */
@ -39,14 +39,7 @@ static esp_err_t example_custom_nvs_part_init(const char *label)
esp_err_t ret = ESP_FAIL; esp_err_t ret = ESP_FAIL;
#if defined(CONFIG_NVS_ENCRYPTION) && defined(CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC) #if defined(CONFIG_NVS_ENCRYPTION) && defined(CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC)
nvs_sec_cfg_t cfg = {}; nvs_sec_cfg_t cfg = {};
nvs_sec_scheme_t *sec_scheme_handle = NULL; nvs_sec_scheme_t *sec_scheme_handle = nvs_flash_get_default_security_scheme();
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
ret = nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle);
if (ret != ESP_OK) {
return ret;
}
ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg); ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg);
if (ret != ESP_OK) { if (ret != ESP_OK) {

9
examples/security/security_features_app/main/security_features_app_main.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Unlicense OR CC0-1.0 * SPDX-License-Identifier: Unlicense OR CC0-1.0
*/ */
@ -72,12 +72,7 @@ static esp_err_t example_custom_nvs_part_init(const char *name)
#if CONFIG_NVS_ENCRYPTION #if CONFIG_NVS_ENCRYPTION
esp_err_t ret = ESP_FAIL; esp_err_t ret = ESP_FAIL;
nvs_sec_cfg_t cfg = {}; nvs_sec_cfg_t cfg = {};
nvs_sec_scheme_t *sec_scheme_handle = NULL; nvs_sec_scheme_t *sec_scheme_handle = nvs_flash_get_default_security_scheme();
nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
ret = nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle);
if (ret != ESP_OK) {
return ret;
}
ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg); ret = nvs_flash_read_security_cfg_v2(sec_scheme_handle, &cfg);
if (ret != ESP_OK) { if (ret != ESP_OK) {