From 37e8163823d163528c5b6c0424c5d6faab9b09f9 Mon Sep 17 00:00:00 2001
From: Basil Hess <bhe@zurich.ibm.com>
Date: Thu, 14 Dec 2023 09:51:47 +0100
Subject: [PATCH] Updates for scan-build

---
 tests/vector_test.sh     |  2 +-
 tests/vector_test_kem.sh |  2 +-
 tests/vector_test_sig.sh |  2 +-
 tests/vectors_kem.c      | 33 ++++++++++++++++++++++++++-------
 tests/vectors_sig.c      | 17 ++++++++++-------
 5 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/tests/vector_test.sh b/tests/vector_test.sh
index 25d5e0d501..06816bcb7d 100755
--- a/tests/vector_test.sh
+++ b/tests/vector_test.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # SPDX-License-Identifier: MIT
 
 if [[ -z "${OQS_BUILD_DIR}" ]]; then
diff --git a/tests/vector_test_kem.sh b/tests/vector_test_kem.sh
index de06413dd2..df45739af2 100644
--- a/tests/vector_test_kem.sh
+++ b/tests/vector_test_kem.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # SPDX-License-Identifier: MIT
 
 file_keygen=$2
diff --git a/tests/vector_test_sig.sh b/tests/vector_test_sig.sh
index fcde299c2f..278348a5cf 100644
--- a/tests/vector_test_sig.sh
+++ b/tests/vector_test_sig.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # SPDX-License-Identifier: MIT
 
 file_keygen=$2
diff --git a/tests/vectors_kem.c b/tests/vectors_kem.c
index f74398f45e..21097de00b 100644
--- a/tests/vectors_kem.c
+++ b/tests/vectors_kem.c
@@ -150,6 +150,11 @@ OQS_STATUS kem_vector(const char *method_name,
 		goto err;
 	}
 
+	if ((prng_output_stream == NULL) || (encaps_pk == NULL) || (encaps_K == NULL) || (decaps_sk == NULL) || (decaps_ciphertext == NULL) || (decaps_kprime == NULL)) {
+		fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name);
+		goto err;
+	}
+
 	rc = OQS_KEM_keypair(kem, public_key, secret_key);
 	if (rc != OQS_SUCCESS) {
 		fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_keypair failed!\n", method_name);
@@ -197,12 +202,18 @@ OQS_STATUS kem_vector(const char *method_name,
 		OQS_MEM_secure_free(ss_encaps, kem->length_shared_secret);
 		OQS_MEM_secure_free(ss_decaps, kem->length_shared_secret);
 	}
+	if (randombytes_free != NULL) {
+        randombytes_free();
+    }
 	OQS_MEM_insecure_free(public_key);
 	OQS_MEM_insecure_free(ct_encaps);
+	OQS_KEM_free(kem);
 	return ret;
 }
 
 int main(int argc, char **argv) {
+	OQS_STATUS rc;
+
 	OQS_init();
 
 	if (argc != 8) {
@@ -241,13 +252,19 @@ int main(int argc, char **argv) {
 		return EXIT_FAILURE;
 	}
 
-	uint8_t *prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2);
+	uint8_t *prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2); // TODO: allocate real sizes and check before to real sizes!
 	uint8_t *encaps_pk_bytes = malloc(strlen(encaps_pk) / 2);
 	uint8_t *encaps_K_bytes = malloc(strlen(encaps_K) / 2);
 	uint8_t *decaps_sk_bytes = malloc(strlen(decaps_sk) / 2);
 	uint8_t *decaps_ciphertext_bytes = malloc(strlen(decaps_ciphertext) / 2);
 	uint8_t *decaps_kprime_bytes = malloc(strlen(decaps_kprime) / 2);
 
+	if ((prng_output_stream_bytes == NULL) || (encaps_pk_bytes == NULL) || (encaps_K_bytes == NULL) || (decaps_sk_bytes == NULL) || (decaps_ciphertext_bytes == NULL) || (decaps_kprime_bytes == NULL)) {
+		fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n");
+		rc = OQS_ERROR;
+		goto err;
+	}
+
 	hexStringToByteArray(prng_output_stream, prng_output_stream_bytes);
 	hexStringToByteArray(encaps_pk, encaps_pk_bytes);
 	hexStringToByteArray(encaps_K, encaps_K_bytes);
@@ -255,12 +272,9 @@ int main(int argc, char **argv) {
 	hexStringToByteArray(decaps_ciphertext, decaps_ciphertext_bytes);
 	hexStringToByteArray(decaps_kprime, decaps_kprime_bytes);
 
-	OQS_STATUS rc = kem_vector(alg_name, prng_output_stream_bytes, encaps_pk_bytes, encaps_K_bytes, decaps_sk_bytes, decaps_ciphertext_bytes, decaps_kprime_bytes);
-	if (rc != OQS_SUCCESS) {
-		OQS_destroy();
-		return EXIT_FAILURE;
-	}
+	rc = kem_vector(alg_name, prng_output_stream_bytes, encaps_pk_bytes, encaps_K_bytes, decaps_sk_bytes, decaps_ciphertext_bytes, decaps_kprime_bytes);
 
+err:
 	OQS_MEM_insecure_free(prng_output_stream_bytes);
 	OQS_MEM_insecure_free(encaps_pk_bytes);
 	OQS_MEM_insecure_free(encaps_K_bytes);
@@ -269,5 +283,10 @@ int main(int argc, char **argv) {
 	OQS_MEM_insecure_free(decaps_kprime_bytes);
 
 	OQS_destroy();
-	return EXIT_SUCCESS;
+	
+	if (rc != OQS_SUCCESS) {
+		return EXIT_FAILURE;
+	} else {
+		return EXIT_SUCCESS;
+	}	
 }
diff --git a/tests/vectors_sig.c b/tests/vectors_sig.c
index 11fa9d9797..19bfe3eda4 100644
--- a/tests/vectors_sig.c
+++ b/tests/vectors_sig.c
@@ -185,6 +185,9 @@ OQS_STATUS sig_vector(const char *method_name,
 		OQS_MEM_secure_free(secret_key, sig->length_secret_key);
 		OQS_MEM_secure_free(signed_msg, signed_msg_len);
 	}
+	if (randombytes_free != NULL) {
+        randombytes_free();
+    }
 	OQS_MEM_insecure_free(public_key);
 	OQS_MEM_insecure_free(signature);
 	OQS_MEM_insecure_free(msg);
@@ -245,18 +248,18 @@ int main(int argc, char **argv) {
 	hexStringToByteArray(verif_msg, verif_msg_bytes);
 
 	OQS_STATUS rc = sig_vector(alg_name, prng_output_stream_bytes, sig_msg_bytes, sig_msg_len, sig_sk_bytes, verif_sig_bytes, verif_pk_bytes, verif_msg_bytes, verif_msg_len);
-	if (rc != OQS_SUCCESS) {
-		OQS_destroy();
-		return EXIT_FAILURE;
-	}
-
 	OQS_MEM_insecure_free(prng_output_stream_bytes);
 	OQS_MEM_insecure_free(sig_msg_bytes);
 	OQS_MEM_insecure_free(sig_sk_bytes);
 	OQS_MEM_insecure_free(verif_sig_bytes);
 	OQS_MEM_insecure_free(verif_pk_bytes);
 	OQS_MEM_insecure_free(verif_msg_bytes);
-
+	
 	OQS_destroy();
-	return EXIT_SUCCESS;
+	
+	if (rc != OQS_SUCCESS) {
+		return EXIT_FAILURE;
+	} else {
+		return EXIT_SUCCESS;
+	}
 }