mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2024-10-01 01:45:38 -04:00
Silence splint somewhat
The only real changes are some unitialized variables and that we now make explicit that we don't care about the return value from memset().
This commit is contained in:
parent
b0efcf019e
commit
09c1f3f549
@ -20,8 +20,10 @@ void assert_fail(const char *assertion, const char *file, unsigned int line,
|
||||
htif_puts(function);
|
||||
htif_lf();
|
||||
|
||||
#ifndef S_SPLINT_S
|
||||
// Force illegal instruction to halt CPU
|
||||
asm volatile("unimp");
|
||||
#endif
|
||||
|
||||
// Not reached
|
||||
__builtin_unreachable();
|
||||
|
@ -104,6 +104,7 @@ void *memset(void *dest, int c, unsigned n)
|
||||
for (; n; n--, s++)
|
||||
*s = (uint8_t)c;
|
||||
|
||||
/*@ -temptrans @*/
|
||||
return dest;
|
||||
}
|
||||
|
||||
@ -117,6 +118,11 @@ void memcpy_s(void *dest, size_t destsize, const void *src, size_t n)
|
||||
uint8_t *dest_byte = (uint8_t *)dest;
|
||||
|
||||
for (size_t i = 0; i < n; i++) {
|
||||
/*@ -nullderef @*/
|
||||
/* splint complains that dest_byte and src_byte can be
|
||||
* NULL, but it seems it doesn't understand assert.
|
||||
* See above.
|
||||
*/
|
||||
dest_byte[i] = src_byte[i];
|
||||
}
|
||||
}
|
||||
|
@ -92,8 +92,8 @@ static uint32_t rnd_word(void)
|
||||
static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
|
||||
const uint8_t *uss)
|
||||
{
|
||||
uint32_t local_uds[8];
|
||||
uint32_t local_cdi[8];
|
||||
uint32_t local_uds[8] = {0};
|
||||
uint32_t local_cdi[8] = {0};
|
||||
blake2s_ctx secure_ctx = {0};
|
||||
uint32_t rnd_sleep = 0;
|
||||
int blake2err = 0;
|
||||
@ -115,7 +115,7 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
|
||||
// while on the firmware stack which is in the special fw_ram.
|
||||
wordcpy_s(local_uds, 8, (void *)uds, 8);
|
||||
blake2s_update(&secure_ctx, (const void *)local_uds, 32);
|
||||
memset(local_uds, 0, 32);
|
||||
(void)memset(local_uds, 0, 32);
|
||||
|
||||
// Update with TKey program digest
|
||||
blake2s_update(&secure_ctx, digest, 32);
|
||||
@ -268,7 +268,9 @@ static enum state loading_commands(const struct frame_header *hdr,
|
||||
nbytes = ctx->left;
|
||||
}
|
||||
memcpy_s(ctx->loadaddr, ctx->left, cmd + 1, nbytes);
|
||||
/*@-mustfreeonly@*/
|
||||
ctx->loadaddr += nbytes;
|
||||
/*@+mustfreeonly@*/
|
||||
ctx->left -= nbytes;
|
||||
|
||||
if (ctx->left == 0) {
|
||||
@ -396,7 +398,12 @@ int main(void)
|
||||
// Let the app know the function adddress for blake2s()
|
||||
*fw_blake2s_addr = (uint32_t)blake2s;
|
||||
|
||||
/*@-mustfreeonly@*/
|
||||
/* Yes, splint, this points directly to RAM and we don't care
|
||||
* about freeing anything was pointing to 0x0 before.
|
||||
*/
|
||||
ctx.loadaddr = (uint8_t *)TK1_RAM_BASE;
|
||||
/*@+mustfreeonly@*/
|
||||
ctx.use_uss = FALSE;
|
||||
|
||||
scramble_ram();
|
||||
@ -436,5 +443,7 @@ int main(void)
|
||||
}
|
||||
}
|
||||
|
||||
/*@ -compdestroy @*/
|
||||
/* We don't care about memory leaks here. */
|
||||
return (int)0xcafebabe;
|
||||
}
|
||||
|
@ -167,7 +167,7 @@ static int read(uint8_t *buf, size_t bufsize, size_t nbytes)
|
||||
// bytelen returns the number of bytes a cmdlen takes
|
||||
static int bytelen(enum cmdlen cmdlen)
|
||||
{
|
||||
int len;
|
||||
int len = 0;
|
||||
|
||||
switch (cmdlen) {
|
||||
case LEN_1:
|
||||
|
@ -50,6 +50,7 @@ struct frame_header {
|
||||
enum cmdlen len;
|
||||
};
|
||||
|
||||
/*@ -exportlocal @*/
|
||||
void writebyte(uint8_t b);
|
||||
uint8_t readbyte(void);
|
||||
void fwreply(struct frame_header hdr, enum fwcmd rspcode, uint8_t *buf);
|
||||
|
Loading…
Reference in New Issue
Block a user