feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

wolfssl/wolfcrypt/types.h: add PRAGMA_DIAG_PUSH, PRAGMA(), and PRAGMA_DIAG_POP(), using the gcc or clang variants as applicable, to facilitate pragmas to be used on both gcc and clang;

Browse Source 
tests/unit.h: fix ExpectPtr() to inhibit pedantic warnings on both gcc and clang;

wolfssl/test.h: in myVerify(), explicitly check for nullness when printing issuer/subject, to avoid cppcheck null-deref warning;

tests/api.c: fixes for:

* myriad "embedding a directive within macro arguments is not portable"
* an "ISO C forbids conversion of object pointer to function pointer type"
* some "stringop-overflow"s
* a clang-analyzer-core.uninitialized.Assign
* a clang-analyzer-core.CallAndMessage "2nd function call argument is an uninitialized value"
* a nullPointerRedundantCheck
* several clang-diagnostic-declaration-after-statement
* a spurious gcc sanitizer maybe-uninitialized in test_wolfSSL_CheckOCSPResponse()
This commit is contained in:
Daniel Pouzzner
2023-05-31 15:19:15 -05:00
parent 109a17f3bd
commit 64c9026c77
4 changed files with 53 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
tests/api.c
View File

@@ -1861,7 +1861,9 @@ static int test_wolfSSL_CheckOCSPResponse(void)
OcspResponse* res = NULL;
byte data[4096];
const unsigned char* pt;
int dataSz;
int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from
* gcc sanitizer with --enable-heapmath.
*/
XFILE f = XBADFILE;
WOLFSSL_OCSP_BASICRESP* bs = NULL;
WOLFSSL_X509_STORE* st = NULL;
@@ -2128,16 +2130,15 @@ static int test_wolfSSL_CertManagerGetCerts(void)
ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm));
ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1),
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
* and full OpenSSL compatibility */
ASN_SELF_SIGNED_E
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
#else
ASN_NO_SIGNER_E
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
#endif
);
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
@@ -2186,13 +2187,12 @@ static int test_wolfSSL_CertManagerSetVerify(void)
wolfSSL_CertManagerSetVerify(cm, myVerify);
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-1
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1);
#else
WOLFSSL_SUCCESS
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
WOLFSSL_SUCCESS);
#endif
);
/* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2284,7 +2284,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
if (der != NULL) {
if (EXPECT_SUCCESS() && (der != NULL)) {
XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */
@@ -3376,7 +3376,7 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
EXPECT_DECLS;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl = NULL;;
WOLFSSL* ssl = NULL;
const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem",
@@ -6135,7 +6135,8 @@ void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
void* server_args)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
@@ -6262,7 +6263,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
@@ -6326,7 +6327,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
@@ -9275,14 +9276,16 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
result[length] = 0;
if (EXPECT_RESULT() == TEST_SUCCESS)
result[length] = 0;
ExpectStrEQ("www.paypal.com", (const char*) result);
length = 32;
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length));
result[length] = 0;
if (EXPECT_RESULT() == TEST_SUCCESS)
result[length] = 0;
ExpectStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */
@@ -11430,14 +11433,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT
1
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else
BAD_FUNC_ARG
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif
);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
@@ -11479,14 +11481,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT
1
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else
BAD_FUNC_ARG
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif
);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
@@ -34870,7 +34871,8 @@ static int test_wc_KeyPemToDer(void)
/* Test NULL for DER buffer to return needed DER buffer size */
ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0);
ExpectIntLE(ret, cert_sz);
cert_dersz = ret;
if (EXPECT_RESULT() == TEST_SUCCESS)
cert_dersz = ret;
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
cert_pw), 0);

8
tests/unit.h
View File

@@ -187,17 +187,17 @@
#define ExpectPtr(x, y, op, er) do { \
if (_ret == 0) { \
PRAGMA_GCC_DIAG_PUSH; \
PRAGMA_DIAG_PUSH; \
/* remarkably, without this inhibition, */ \
/* the _Pragma()s make the declarations warn. */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"");\
PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\""); \
/* inhibit "ISO C forbids conversion of function pointer */ \
/* to object pointer type [-Werror=pedantic]" */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\""); \
PRAGMA("GCC diagnostic ignored \"-Wpedantic\""); \
void* _x = (void*)(x); \
void* _y = (void*)(y); \
Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\
PRAGMA_GCC_DIAG_POP; \
PRAGMA_DIAG_POP; \
} \
} while(0)

5
wolfssl/test.h
View File

@@ -2928,8 +2928,9 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(peer), 0, 0);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
subject);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n",
issuer ? issuer : "[none]",
subject ? subject : "[none]");
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
if (issuer != NULL && subject != NULL) {
/* preverify needs to be self-signer error for Qt compat.

16
wolfssl/wolfcrypt/types.h
View File

@@ -1379,6 +1379,9 @@ typedef struct w64wrapper {
#define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push")
#define PRAGMA_GCC(str) _Pragma(str)
#define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH
#define PRAGMA(str) PRAGMA_GCC(str)
#define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP
#else
#define PRAGMA_GCC_DIAG_PUSH
#define PRAGMA_GCC(str)
@@ -1389,12 +1392,25 @@ typedef struct w64wrapper {
#define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push")
#define PRAGMA_CLANG(str) _Pragma(str)
#define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA(str) PRAGMA_CLANG(str)
#define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP
#else
#define PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA_CLANG(str)
#define PRAGMA_CLANG_DIAG_POP
#endif
#ifndef PRAGMA_DIAG_PUSH
#define PRAGMA_DIAG_PUSH
#endif
#ifndef PRAGMA
#define PRAGMA(str)
#endif
#ifndef PRAGMA_DIAG_POP
#define PRAGMA_DIAG_POP
#endif
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;