Add new make cppcheck option. Fixes for cppcheck. Added missing wolfssl-v4.7.0.patch

Author: dgarske

.github/workflows/wolfssl-v4.7.0.patch

@@ -0,0 +1,19 @@
+diff --git a/src/tls13.c b/src/tls13.c
+index b2fd50f2f..bcc912890 100644
+--- a/src/tls13.c
++++ b/src/tls13.c
+@@ -421,6 +421,14 @@ static int DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
+         outputLen = hashSz;
+     if (includeMsgs)
+         hashOutSz = hashSz;
++    else {
++        /* Appease static analyzers by making sure hash is cleared, since it is
++         * passed into expand key label where older wc_Tls13_HKDF_Expand_Label
++         * will unconditionally try to call a memcpy on it, however length will
++         * always be 0. */
++        XMEMSET(hash, 0, sizeof(hash));
++        hashOutSz = 0;
++    }
+ 
+     return HKDF_Expand_Label(output, outputLen, secret, hashSz,
+                              protocol, protocolLen, label, labelLen,

Makefile.am

@@ -116,3 +116,14 @@ merge-clean:
 	@find ./ | $(GREP) \.OTHER | xargs rm -f
 	@find ./ | $(GREP) \.BASE | xargs rm -f
 	@find ./ | $(GREP) \~$$ | xargs rm -f
+
+cppcheck:
+	@if test "x@CPPCHECK@" = "xno"; then \
+		echo "Error: cppcheck not found. Please install cppcheck."; \
+		exit 1; \
+	fi
+	@CPPCHECK@ -f --enable=warning \
+		--enable=portability --check-level=exhaustive \
+		--suppress=invalidPrintfArgType_sint \
+		--error-exitcode=89 --std=c89 \
+		-I wolftpm src/ hal/ examples

configure.ac

@@ -466,6 +466,10 @@ fi
 # HARDEN FLAGS
 AX_HARDEN_CC_COMPILER_FLAGS
 
+# Check for cppcheck (optional, for make cppcheck target)
+AC_CHECK_PROG([CPPCHECK], [cppcheck], [cppcheck], [no])
+AM_CONDITIONAL([HAVE_CPPCHECK], [test "x$CPPCHECK" != "xno"])
+
 OPTION_FLAGS="$CFLAGS $CPPFLAGS $AM_CFLAGS"
 
 
@@ -494,6 +498,7 @@ CREATE_HEX_VERSION
 AC_SUBST([AM_CPPFLAGS])
 AC_SUBST([AM_CFLAGS])
 AC_SUBST([AM_LDFLAGS])
+AC_SUBST([CPPCHECK])
 
 # FINAL
 AC_CONFIG_FILES([Makefile])

examples/keygen/keyimport.c

@@ -149,7 +149,9 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
     printf("\tAlgorithm: %s\n", TPM2_GetAlgName(alg));
     printf("\tSRK: %s\n", TPM2_GetAlgName(srkAlg));
     printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
-    printf("\tpassword: %s\n", password);
+    if (password != NULL) {
+        printf("\tpassword: %s\n", password);
+    }
 
     rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
     if (rc != TPM_RC_SUCCESS) {

examples/pcr/extend.c

@@ -149,10 +149,8 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[])
     /* Prepare the hash from user file or predefined value */
 #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) && \
     !defined(WOLFTPM2_NO_WOLFCRYPT)
-    if (filename) {
-        fp = XFOPEN(filename, "rb");
-    }
-    if (filename && fp != XBADFILE) {
+    fp = XFOPEN(filename, "rb");
+    if (fp != XBADFILE) {
         rc = TPM2_GetHashType(alg);
         hashType = (enum wc_HashType)rc;
         wc_HashInit(&dig, hashType);

src/tpm2_wrap.c

@@ -2167,6 +2167,7 @@ int wolfTPM2_ComputeName(const TPM2B_PUBLIC* pub, TPM2B_NAME* out)
 #ifndef WOLFTPM2_NO_WOLFCRYPT
     /* Encode public into buffer */
     XMEMSET(&packet, 0, sizeof(packet));
+    XMEMSET(&data, 0, sizeof(data));
     packet.buf = data.buffer;
     packet.size = sizeof(data.buffer);
     TPM2_Packet_AppendPublicArea(&packet, (TPMT_PUBLIC*)&pub->publicArea);
@@ -7551,12 +7552,10 @@ int wolfTPM2_CSR_SetKeyUsage(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
         rc = wc_SetKeyUsage(&csr->req, keyUsage);
     }
 #else
-    if (keyUsage != NULL) {
-    #ifdef DEBUG_WOLFTPM
-        printf("CSR_Generate key usage supplied, but not available\n");
-    #endif
-        rc = NOT_COMPILED_IN;
-    }
+#ifdef DEBUG_WOLFTPM
+    printf("CSR_Generate key usage supplied, but not available\n");
+#endif
+    rc = NOT_COMPILED_IN;
 #endif
     (void)dev; /* not used */
     return rc;