feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fixes for whitespace, C++ warnings, and LLVM 15 clang-tidy defects/carps:

Browse Source 
* whitespace in src/ssl.c, tests/api.c, wolfssl/openssl/fips_rand.h.

* clang-analyzer-core.StackAddressEscape from llvm-15 clang-tidy, in tests/suites.c:execute_test_case().

* bugprone-suspicious-memory-comparison from llvm-15 clang-tidy, in src/internal.c:DoSessionTicket() and src/ssl.c:wolfSSL_sk_push().
This commit is contained in:
Daniel Pouzzner
2022-02-08 15:19:32 -06:00
parent ed1fc9fc51
commit 74408e3ee3
5 changed files with 61 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/internal.c
View File

@ -30516,6 +30516,33 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
} InternalTicket;
static WC_INLINE int compare_InternalTickets(
InternalTicket *a,
InternalTicket *b)
{
if ((a->pv.major == b->pv.major) &&
(a->pv.minor == b->pv.minor) &&
(XMEMCMP(a->suite,b->suite,sizeof a->suite) == 0) &&
(XMEMCMP(a->msecret,b->msecret,sizeof a->msecret) == 0) &&
(a->timestamp == b->timestamp) &&
(a->haveEMS == b->haveEMS)
#ifdef WOLFSSL_TLS13
&&
(a->ageAdd == b->ageAdd) &&
(a->namedGroup == b->namedGroup) &&
(a->ticketNonce.len == b->ticketNonce.len) &&
(XMEMCMP(a->ticketNonce.data, b->ticketNonce.data,
a->ticketNonce.len) == 0)
#ifdef WOLFSSL_EARLY_DATA
&& (a->maxEarlyDataSz == b->maxEarlyDataSz)
#endif
#endif
)
return 0;
else
return -1;
}
/* RFC 5077 defines this for session tickets */
/* fit within SESSION_TICKET_LEN */
typedef struct ExternalTicket {
@ -30601,7 +30628,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* sanity checks on encrypt callback */
/* internal ticket can't be the same if encrypted */
if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
if (compare_InternalTickets((InternalTicket *)et->enc_ticket, &it)
== 0)
{
ForceZero(&it, sizeof(it));
ForceZero(et->enc_ticket, sizeof(it));
WOLFSSL_MSG("User ticket encrypt didn't encrypt");

30
src/ssl.c
View File

@ -20902,13 +20902,13 @@ unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name)
WOLFSSL_MSG("nothing to hash in WOLFSSL_X509_NAME");
return 0;
}
size = wolfSSL_i2d_X509_NAME_canon(name, &canon_name);
if (size <= 0){
WOLFSSL_MSG("wolfSSL_i2d_X509_NAME_canon error");
return 0;
}
}
if (wc_ShaHash((byte*)canon_name, size, digest) != 0) {
WOLFSSL_MSG("wc_ShaHash error");
@ -20916,7 +20916,7 @@ unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name)
}
XFREE(canon_name, NULL, DYNAMIC_TYPE_OPENSSL);
ret = (unsigned long) digest[0];
ret |= ((unsigned long) digest[1]) << 8;
ret |= ((unsigned long) digest[2]) << 16;
@ -21783,6 +21783,25 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in)
return WOLFSSL_SUCCESS;
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
static WC_INLINE int compare_WOLFSSL_CIPHER(
WOLFSSL_CIPHER *a,
WOLFSSL_CIPHER *b)
{
if ((a->cipherSuite0 == b->cipherSuite0) &&
(a->cipherSuite == b->cipherSuite) &&
(a->ssl == b->ssl) &&
(XMEMCMP(a->description, b->description, sizeof a->description) == 0) &&
(a->offset == b->offset) &&
(a->in_stack == b->in_stack) &&
(a->bits == b->bits))
return 0;
else
return -1;
}
#endif /* OPENSSL_ALL || WOLFSSL_QT */
/* return 1 on success 0 on fail */
int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
{
@ -21802,8 +21821,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* check if entire struct is zero */
XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
if (XMEMCMP(&sk->data.cipher, &ciph,
sizeof(WOLFSSL_CIPHER)) == 0) {
if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
sk->data.cipher = *(WOLFSSL_CIPHER*)data;
sk->num = 1;
if (sk->hash_fn) {

4
tests/api.c
View File

@ -25347,7 +25347,8 @@ static int test_wc_ecc_pointFns (void)
if (ret == 0) {
ret = wc_ecc_import_point_der(der, derSz, idx, point);
/* Condition double checks wc_ecc_cmp_point(). */
if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
if (ret == 0 &&
XMEMCMP((void *)&key.pubkey, (void *)point, sizeof(key.pubkey))) {
ret = wc_ecc_cmp_point(&key.pubkey, point);
}
}
@ -52055,7 +52056,6 @@ static void test_openssl_FIPS_drbg(void)
AssertIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0),
WOLFSSL_SUCCESS);
AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);

2
tests/suites.c
View File

@ -321,7 +321,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
size_t added;
static int tests = 1;
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
char portNumber[8];
static char portNumber[8];
#endif
int cliTestShouldFail = 0, svrTestShouldFail = 0;
#ifdef WOLFSSL_NO_CLIENT_AUTH

8
wolfssl/openssl/fips_rand.h
View File

@ -54,11 +54,11 @@ typedef struct WOLFSSL_DRBG_CTX {
void* app_data;
} WOLFSSL_DRBG_CTX;
#define DRBG_FLAG_CTR_USE_DF 0x1
#define DRBG_FLAG_TEST 0x2
#define DRBG_FLAG_CTR_USE_DF 0x1
#define DRBG_FLAG_TEST 0x2
#define DRBG_FLAG_NOERR 0x1
#define DRBG_CUSTOM_RESEED 0x2
#define DRBG_FLAG_NOERR 0x1
#define DRBG_CUSTOM_RESEED 0x2
#define DRBG_STATUS_UNINITIALISED 0
#define DRBG_STATUS_READY 1