wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6459 from douzzer/20230531-analyzer-guided-fixes

Browse Source 
20230531-analyzer-guided-fixes
This commit is contained in:
Sean Parkinson
2023-06-01 10:55:48 +10:00
committed by GitHub
parent 42a5d0320b c45efd79af
commit 5ffee2dbe1
8 changed files with 76 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
tests/api.c
View File

@@ -1861,7 +1861,9 @@ static int test_wolfSSL_CheckOCSPResponse(void)
OcspResponse* res = NULL;
byte data[4096];
const unsigned char* pt;
int dataSz;
int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from
* gcc sanitizer with --enable-heapmath.
*/
XFILE f = XBADFILE;
WOLFSSL_OCSP_BASICRESP* bs = NULL;
WOLFSSL_X509_STORE* st = NULL;
@@ -2128,16 +2130,15 @@ static int test_wolfSSL_CertManagerGetCerts(void)
ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm));
ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1),
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
* and full OpenSSL compatibility */
ASN_SELF_SIGNED_E
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
#else
ASN_NO_SIGNER_E
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
#endif
);
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
@@ -2186,13 +2187,12 @@ static int test_wolfSSL_CertManagerSetVerify(void)
wolfSSL_CertManagerSetVerify(cm, myVerify);
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-1
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1);
#else
WOLFSSL_SUCCESS
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
WOLFSSL_SUCCESS);
#endif
);
/* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2284,7 +2284,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
if (der != NULL) {
if (EXPECT_SUCCESS() && (der != NULL)) {
XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */
@@ -3376,7 +3376,7 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
EXPECT_DECLS;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl = NULL;;
WOLFSSL* ssl = NULL;
const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem",
@@ -6135,7 +6135,8 @@ void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
void* server_args)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
@@ -6262,7 +6263,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
@@ -6326,7 +6327,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
@@ -9275,14 +9276,16 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
result[length] = 0;
if (EXPECT_SUCCESS())
result[length] = 0;
ExpectStrEQ("www.paypal.com", (const char*) result);
length = 32;
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length));
result[length] = 0;
if (EXPECT_SUCCESS())
result[length] = 0;
ExpectStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */
@@ -11430,14 +11433,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT
1
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else
BAD_FUNC_ARG
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif
);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
@@ -11479,14 +11481,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT
1
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else
BAD_FUNC_ARG
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif
);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
@@ -34870,7 +34871,8 @@ static int test_wc_KeyPemToDer(void)
/* Test NULL for DER buffer to return needed DER buffer size */
ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0);
ExpectIntLE(ret, cert_sz);
cert_dersz = ret;
if (EXPECT_SUCCESS())
cert_dersz = ret;
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
cert_pw), 0);

8
tests/unit.h
View File

@@ -187,17 +187,17 @@
#define ExpectPtr(x, y, op, er) do { \
if (_ret == 0) { \
PRAGMA_GCC_DIAG_PUSH; \
PRAGMA_DIAG_PUSH; \
/* remarkably, without this inhibition, */ \
/* the _Pragma()s make the declarations warn. */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"");\
PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\""); \
/* inhibit "ISO C forbids conversion of function pointer */ \
/* to object pointer type [-Werror=pedantic]" */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\""); \
PRAGMA("GCC diagnostic ignored \"-Wpedantic\""); \
void* _x = (void*)(x); \
void* _y = (void*)(y); \
Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\
PRAGMA_GCC_DIAG_POP; \
PRAGMA_DIAG_POP; \
} \
} while(0)

8
wolfcrypt/src/aes.c
View File

@@ -709,14 +709,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#define AESNI_ALIGN 16
#endif
#ifdef _MSC_VER
#define XASM_LINK(f)
#elif defined(__APPLE__)
#define XASM_LINK(f) asm("_" f)
#else
#define XASM_LINK(f) asm(f)
#endif /* _MSC_VER */
static int checkAESNI = 0;
static int haveAESNI = 0;
static word32 intel_flags = 0;

6
wolfcrypt/src/asm.c
View File

@@ -46,15 +46,9 @@
__asm__ __volatile__ ("cpuid":\
"=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
"a" (leaf), "c"(sub));
#define XASM_LINK(f) asm(f)
#else
#include <intrin.h>
#define cpuid(a,b,c) __cpuidex((int*)a,b,c)
#define XASM_LINK(f)
#endif /* _MSC_VER */
#define EAX 0

4
wolfcrypt/src/cpuid.c
View File

@@ -43,14 +43,10 @@
__asm__ __volatile__ ("cpuid":\
"=a" ((reg)[0]), "=b" ((reg)[1]), "=c" ((reg)[2]), "=d" ((reg)[3]) :\
"a" (leaf), "c"(sub));
#define XASM_LINK(f) asm(f)
#else
#include <intrin.h>
#define cpuid(a,b,c) __cpuidex((int*)a,b,c)
#define XASM_LINK(f)
#endif /* _MSC_VER */
#define EAX 0

7
wolfcrypt/src/memory.c
View File

@@ -24,6 +24,13 @@
#include <config.h>
#endif
#ifdef WOLFSSL_LINUXKM
/* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h,
* because needed in linuxkm_memory.c, included below.
*/
#define WOLFSSL_NEED_LINUX_CURRENT
#endif
#include <wolfssl/wolfcrypt/settings.h>
/* check old macros @wc_fips */

5
wolfssl/test.h
View File

@@ -2928,8 +2928,9 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(peer), 0, 0);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
subject);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n",
issuer ? issuer : "[none]",
subject ? subject : "[none]");
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
if (issuer != NULL && subject != NULL) {
/* preverify needs to be self-signer error for Qt compat.

34
wolfssl/wolfcrypt/types.h
View File

@@ -1180,8 +1180,22 @@ typedef struct w64wrapper {
/* invalid device id */
#define INVALID_DEVID (-2)
/* AESNI requires alignment and ARMASM gains some performance from it
* Xilinx RSA operations require alignment */
#ifdef XASM_LINK
/* keep user-supplied definition */
#elif defined(_MSC_VER)
#define XASM_LINK(f)
#elif defined(__APPLE__)
#define XASM_LINK(f) asm("_" f)
#elif defined(__GNUC__)
/* use alternate keyword for compatibility with -std=c99 */
#define XASM_LINK(f) __asm__(f)
#else
#define XASM_LINK(f) asm(f)
#endif
/* AESNI requires alignment and ARMASM gains some performance from it.
* Xilinx RSA operations require alignment.
*/
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \
defined(WOLFSSL_XILINX)
@@ -1379,6 +1393,9 @@ typedef struct w64wrapper {
#define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push")
#define PRAGMA_GCC(str) _Pragma(str)
#define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH
#define PRAGMA(str) PRAGMA_GCC(str)
#define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP
#else
#define PRAGMA_GCC_DIAG_PUSH
#define PRAGMA_GCC(str)
@@ -1389,12 +1406,25 @@ typedef struct w64wrapper {
#define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push")
#define PRAGMA_CLANG(str) _Pragma(str)
#define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA(str) PRAGMA_CLANG(str)
#define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP
#else
#define PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA_CLANG(str)
#define PRAGMA_CLANG_DIAG_POP
#endif
#ifndef PRAGMA_DIAG_PUSH
#define PRAGMA_DIAG_PUSH
#endif
#ifndef PRAGMA
#define PRAGMA(str)
#endif
#ifndef PRAGMA_DIAG_POP
#define PRAGMA_DIAG_POP
#endif
#ifdef DEBUG_VECTOR_REGISTER_ACCESS
WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;