wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6459 from douzzer/20230531-analyzer-guided-fixes

Browse Source 
20230531-analyzer-guided-fixes
This commit is contained in:
Sean Parkinson
2023-06-01 10:55:48 +10:00
committed by GitHub
parent 42a5d0320b c45efd79af
commit 5ffee2dbe1
8 changed files with 76 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
tests/api.c
View File

@@ -1861,7 +1861,9 @@ static int test_wolfSSL_CheckOCSPResponse(void)
OcspResponse* res = NULL; OcspResponse* res = NULL;
byte data[4096]; byte data[4096];
const unsigned char* pt; const unsigned char* pt;
int dataSz; int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from
* gcc sanitizer with --enable-heapmath.
*/
XFILE f = XBADFILE; XFILE f = XBADFILE;
WOLFSSL_OCSP_BASICRESP* bs = NULL; WOLFSSL_OCSP_BASICRESP* bs = NULL;
WOLFSSL_X509_STORE* st = NULL; WOLFSSL_X509_STORE* st = NULL;
@@ -2128,16 +2130,15 @@ static int test_wolfSSL_CertManagerGetCerts(void)
ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm));
ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1),
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
* and full OpenSSL compatibility */ * and full OpenSSL compatibility */
ASN_SELF_SIGNED_E ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
#else #else
ASN_NO_SIGNER_E ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
#endif #endif
);
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL)); "./certs/ca-cert.pem", NULL));
@@ -2186,13 +2187,12 @@ static int test_wolfSSL_CertManagerSetVerify(void)
wolfSSL_CertManagerSetVerify(cm, myVerify); wolfSSL_CertManagerSetVerify(cm, myVerify);
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-1 ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1);
#else #else
WOLFSSL_SUCCESS ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
WOLFSSL_SUCCESS);
#endif #endif
);
/* Use the test CB that always accepts certs */ /* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR; myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2284,7 +2284,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1)); WOLFSSL_FILETYPE_ASN1));
ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
if (der != NULL) { if (EXPECT_SUCCESS() && (der != NULL)) {
XMEMCPY(der, pt, derSz); XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */ /* find the name constraint extension and alter it */
@@ -3376,7 +3376,7 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
WOLFSSL* ssl = NULL;; WOLFSSL* ssl = NULL;
const char *certChain[] = { const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem", "./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem", "./certs/intermediate/ca-int2-cert.pem",
@@ -6135,7 +6135,8 @@ void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT) !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
void* server_args)
{ {
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
callback_functions* cbf; callback_functions* cbf;
@@ -6262,7 +6263,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
} }
/* Build first session */ /* Build first session */
if (cb != NULL) if (cb != NULL)
((cbType)cb)(ctx, ssl); cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/ /*err_sys("SSL_write failed");*/
@@ -6326,7 +6327,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
} }
/* Build first session */ /* Build first session */
if (cb != NULL) if (cb != NULL)
((cbType)cb)(ctx, ssl); cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/ /*err_sys("SSL_write failed");*/
@@ -9275,14 +9276,16 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length)); 0, result, &length));
result[length] = 0; if (EXPECT_SUCCESS())
result[length] = 0;
ExpectStrEQ("www.paypal.com", (const char*) result); ExpectStrEQ("www.paypal.com", (const char*) result);
length = 32; length = 32;
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length)); 0, result, &length));
result[length] = 0; if (EXPECT_SUCCESS())
result[length] = 0;
ExpectStrEQ("api.textmate.org", (const char*) result); ExpectStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */ /* SSL v2.0 tests */
@@ -11430,14 +11433,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP, ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
1 ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else #else
BAD_FUNC_ARG ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif #endif
);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@@ -11479,14 +11481,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP, ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
1 ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else #else
BAD_FUNC_ARG ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif #endif
);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@@ -34870,7 +34871,8 @@ static int test_wc_KeyPemToDer(void)
/* Test NULL for DER buffer to return needed DER buffer size */ /* Test NULL for DER buffer to return needed DER buffer size */
ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0); ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0);
ExpectIntLE(ret, cert_sz); ExpectIntLE(ret, cert_sz);
cert_dersz = ret; if (EXPECT_SUCCESS())
cert_dersz = ret;
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
cert_pw), 0); cert_pw), 0);

8
tests/unit.h
View File

@@ -187,17 +187,17 @@
#define ExpectPtr(x, y, op, er) do { \ #define ExpectPtr(x, y, op, er) do { \
if (_ret == 0) { \ if (_ret == 0) { \
PRAGMA_GCC_DIAG_PUSH; \ PRAGMA_DIAG_PUSH; \
/* remarkably, without this inhibition, */ \ /* remarkably, without this inhibition, */ \
/* the _Pragma()s make the declarations warn. */ \ /* the _Pragma()s make the declarations warn. */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"");\ PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\""); \
/* inhibit "ISO C forbids conversion of function pointer */ \ /* inhibit "ISO C forbids conversion of function pointer */ \
/* to object pointer type [-Werror=pedantic]" */ \ /* to object pointer type [-Werror=pedantic]" */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\""); \ PRAGMA("GCC diagnostic ignored \"-Wpedantic\""); \
void* _x = (void*)(x); \ void* _x = (void*)(x); \
void* _y = (void*)(y); \ void* _y = (void*)(y); \
Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\ Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\
PRAGMA_GCC_DIAG_POP; \ PRAGMA_DIAG_POP; \
} \ } \
} while(0) } while(0)

8
wolfcrypt/src/aes.c
View File

@@ -709,14 +709,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#define AESNI_ALIGN 16 #define AESNI_ALIGN 16
#endif #endif
#ifdef _MSC_VER
#define XASM_LINK(f)
#elif defined(__APPLE__)
#define XASM_LINK(f) asm("_" f)
#else
#define XASM_LINK(f) asm(f)
#endif /* _MSC_VER */
static int checkAESNI = 0; static int checkAESNI = 0;
static int haveAESNI = 0; static int haveAESNI = 0;
static word32 intel_flags = 0; static word32 intel_flags = 0;

6
wolfcrypt/src/asm.c
View File

@@ -46,15 +46,9 @@
__asm__ __volatile__ ("cpuid":\ __asm__ __volatile__ ("cpuid":\
"=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\ "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
"a" (leaf), "c"(sub)); "a" (leaf), "c"(sub));
#define XASM_LINK(f) asm(f)
#else #else
#include <intrin.h> #include <intrin.h>
#define cpuid(a,b,c) __cpuidex((int*)a,b,c) #define cpuid(a,b,c) __cpuidex((int*)a,b,c)
#define XASM_LINK(f)
#endif /* _MSC_VER */ #endif /* _MSC_VER */
#define EAX 0 #define EAX 0

4
wolfcrypt/src/cpuid.c
View File

@@ -43,14 +43,10 @@
__asm__ __volatile__ ("cpuid":\ __asm__ __volatile__ ("cpuid":\
"=a" ((reg)[0]), "=b" ((reg)[1]), "=c" ((reg)[2]), "=d" ((reg)[3]) :\ "=a" ((reg)[0]), "=b" ((reg)[1]), "=c" ((reg)[2]), "=d" ((reg)[3]) :\
"a" (leaf), "c"(sub)); "a" (leaf), "c"(sub));
#define XASM_LINK(f) asm(f)
#else #else
#include <intrin.h> #include <intrin.h>
#define cpuid(a,b,c) __cpuidex((int*)a,b,c) #define cpuid(a,b,c) __cpuidex((int*)a,b,c)
#define XASM_LINK(f)
#endif /* _MSC_VER */ #endif /* _MSC_VER */
#define EAX 0 #define EAX 0

7
wolfcrypt/src/memory.c
View File

@@ -24,6 +24,13 @@
#include <config.h> #include <config.h>
#endif #endif
#ifdef WOLFSSL_LINUXKM
/* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h,
* because needed in linuxkm_memory.c, included below.
*/
#define WOLFSSL_NEED_LINUX_CURRENT
#endif
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
/* check old macros @wc_fips */ /* check old macros @wc_fips */

5
wolfssl/test.h
View File

@@ -2928,8 +2928,9 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL_X509_get_issuer_name(peer), 0, 0); wolfSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline( char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(peer), 0, 0); wolfSSL_X509_get_subject_name(peer), 0, 0);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n",
subject); issuer ? issuer : "[none]",
subject ? subject : "[none]");
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
if (issuer != NULL && subject != NULL) { if (issuer != NULL && subject != NULL) {
/* preverify needs to be self-signer error for Qt compat. /* preverify needs to be self-signer error for Qt compat.

34
wolfssl/wolfcrypt/types.h
View File

@@ -1180,8 +1180,22 @@ typedef struct w64wrapper {
/* invalid device id */ /* invalid device id */
#define INVALID_DEVID (-2) #define INVALID_DEVID (-2)
/* AESNI requires alignment and ARMASM gains some performance from it #ifdef XASM_LINK
* Xilinx RSA operations require alignment */ /* keep user-supplied definition */
#elif defined(_MSC_VER)
#define XASM_LINK(f)
#elif defined(__APPLE__)
#define XASM_LINK(f) asm("_" f)
#elif defined(__GNUC__)
/* use alternate keyword for compatibility with -std=c99 */
#define XASM_LINK(f) __asm__(f)
#else
#define XASM_LINK(f) asm(f)
#endif
/* AESNI requires alignment and ARMASM gains some performance from it.
* Xilinx RSA operations require alignment.
*/
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \ defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \
defined(WOLFSSL_XILINX) defined(WOLFSSL_XILINX)
@@ -1379,6 +1393,9 @@ typedef struct w64wrapper {
#define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push") #define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push")
#define PRAGMA_GCC(str) _Pragma(str) #define PRAGMA_GCC(str) _Pragma(str)
#define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop") #define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH
#define PRAGMA(str) PRAGMA_GCC(str)
#define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP
#else #else
#define PRAGMA_GCC_DIAG_PUSH #define PRAGMA_GCC_DIAG_PUSH
#define PRAGMA_GCC(str) #define PRAGMA_GCC(str)
@@ -1389,12 +1406,25 @@ typedef struct w64wrapper {
#define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push") #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push")
#define PRAGMA_CLANG(str) _Pragma(str) #define PRAGMA_CLANG(str) _Pragma(str)
#define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop") #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA(str) PRAGMA_CLANG(str)
#define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP
#else #else
#define PRAGMA_CLANG_DIAG_PUSH #define PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA_CLANG(str) #define PRAGMA_CLANG(str)
#define PRAGMA_CLANG_DIAG_POP #define PRAGMA_CLANG_DIAG_POP
#endif #endif
#ifndef PRAGMA_DIAG_PUSH
#define PRAGMA_DIAG_PUSH
#endif
#ifndef PRAGMA
#define PRAGMA(str)
#endif
#ifndef PRAGMA_DIAG_POP
#define PRAGMA_DIAG_POP
#endif
#ifdef DEBUG_VECTOR_REGISTER_ACCESS #ifdef DEBUG_VECTOR_REGISTER_ACCESS
WOLFSSL_API extern THREAD_LS_T int wc_svr_count; WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file; WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;