wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

wolfssl/wolfcrypt/types.h: add PRAGMA_DIAG_PUSH, PRAGMA(), and PRAGMA_DIAG_POP(), using the gcc or clang variants as applicable, to facilitate pragmas to be used on both gcc and clang;

Browse Source 
tests/unit.h: fix ExpectPtr() to inhibit pedantic warnings on both gcc and clang;

wolfssl/test.h: in myVerify(), explicitly check for nullness when printing issuer/subject, to avoid cppcheck null-deref warning;

tests/api.c: fixes for:

* myriad "embedding a directive within macro arguments is not portable"
* an "ISO C forbids conversion of object pointer to function pointer type"
* some "stringop-overflow"s
* a clang-analyzer-core.uninitialized.Assign
* a clang-analyzer-core.CallAndMessage "2nd function call argument is an uninitialized value"
* a nullPointerRedundantCheck
* several clang-diagnostic-declaration-after-statement
* a spurious gcc sanitizer maybe-uninitialized in test_wolfSSL_CheckOCSPResponse()
This commit is contained in:
Daniel Pouzzner
2023-05-31 15:19:15 -05:00
parent 109a17f3bd
commit 64c9026c77
4 changed files with 53 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
tests/api.c
View File

@@ -1861,7 +1861,9 @@ static int test_wolfSSL_CheckOCSPResponse(void)
OcspResponse* res = NULL; OcspResponse* res = NULL;
byte data[4096]; byte data[4096];
const unsigned char* pt; const unsigned char* pt;
int dataSz; int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from
* gcc sanitizer with --enable-heapmath.
*/
XFILE f = XBADFILE; XFILE f = XBADFILE;
WOLFSSL_OCSP_BASICRESP* bs = NULL; WOLFSSL_OCSP_BASICRESP* bs = NULL;
WOLFSSL_X509_STORE* st = NULL; WOLFSSL_X509_STORE* st = NULL;
@@ -2128,16 +2130,15 @@ static int test_wolfSSL_CertManagerGetCerts(void)
ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm));
ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1),
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
* and full OpenSSL compatibility */ * and full OpenSSL compatibility */
ASN_SELF_SIGNED_E ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
#else #else
ASN_NO_SIGNER_E ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
#endif #endif
);
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL)); "./certs/ca-cert.pem", NULL));
@@ -2186,13 +2187,12 @@ static int test_wolfSSL_CertManagerSetVerify(void)
wolfSSL_CertManagerSetVerify(cm, myVerify); wolfSSL_CertManagerSetVerify(cm, myVerify);
ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-1 ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1);
#else #else
WOLFSSL_SUCCESS ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
WOLFSSL_SUCCESS);
#endif #endif
);
/* Use the test CB that always accepts certs */ /* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR; myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2284,7 +2284,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1)); WOLFSSL_FILETYPE_ASN1));
ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
if (der != NULL) { if (EXPECT_SUCCESS() && (der != NULL)) {
XMEMCPY(der, pt, derSz); XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */ /* find the name constraint extension and alter it */
@@ -3376,7 +3376,7 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
WOLFSSL* ssl = NULL;; WOLFSSL* ssl = NULL;
const char *certChain[] = { const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem", "./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem", "./certs/intermediate/ca-int2-cert.pem",
@@ -6135,7 +6135,8 @@ void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT) !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
void* server_args)
{ {
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
callback_functions* cbf; callback_functions* cbf;
@@ -6262,7 +6263,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
} }
/* Build first session */ /* Build first session */
if (cb != NULL) if (cb != NULL)
((cbType)cb)(ctx, ssl); cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/ /*err_sys("SSL_write failed");*/
@@ -6326,7 +6327,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args
} }
/* Build first session */ /* Build first session */
if (cb != NULL) if (cb != NULL)
((cbType)cb)(ctx, ssl); cb(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/ /*err_sys("SSL_write failed");*/
@@ -9275,14 +9276,16 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length)); 0, result, &length));
result[length] = 0; if (EXPECT_RESULT() == TEST_SUCCESS)
result[length] = 0;
ExpectStrEQ("www.paypal.com", (const char*) result); ExpectStrEQ("www.paypal.com", (const char*) result);
length = 32; length = 32;
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length)); 0, result, &length));
result[length] = 0; if (EXPECT_RESULT() == TEST_SUCCESS)
result[length] = 0;
ExpectStrEQ("api.textmate.org", (const char*) result); ExpectStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */ /* SSL v2.0 tests */
@@ -11430,14 +11433,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP, ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
1 ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else #else
BAD_FUNC_ARG ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif #endif
);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@@ -11479,14 +11481,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP, ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE),
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
1 ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
#else #else
BAD_FUNC_ARG ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
#endif #endif
);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@@ -34870,7 +34871,8 @@ static int test_wc_KeyPemToDer(void)
/* Test NULL for DER buffer to return needed DER buffer size */ /* Test NULL for DER buffer to return needed DER buffer size */
ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0); ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0);
ExpectIntLE(ret, cert_sz); ExpectIntLE(ret, cert_sz);
cert_dersz = ret; if (EXPECT_RESULT() == TEST_SUCCESS)
cert_dersz = ret;
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
cert_pw), 0); cert_pw), 0);

8
tests/unit.h
View File

@@ -187,17 +187,17 @@
#define ExpectPtr(x, y, op, er) do { \ #define ExpectPtr(x, y, op, er) do { \
if (_ret == 0) { \ if (_ret == 0) { \
PRAGMA_GCC_DIAG_PUSH; \ PRAGMA_DIAG_PUSH; \
/* remarkably, without this inhibition, */ \ /* remarkably, without this inhibition, */ \
/* the _Pragma()s make the declarations warn. */ \ /* the _Pragma()s make the declarations warn. */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"");\ PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\""); \
/* inhibit "ISO C forbids conversion of function pointer */ \ /* inhibit "ISO C forbids conversion of function pointer */ \
/* to object pointer type [-Werror=pedantic]" */ \ /* to object pointer type [-Werror=pedantic]" */ \
PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\""); \ PRAGMA("GCC diagnostic ignored \"-Wpedantic\""); \
void* _x = (void*)(x); \ void* _x = (void*)(x); \
void* _y = (void*)(y); \ void* _y = (void*)(y); \
Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\ Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\
PRAGMA_GCC_DIAG_POP; \ PRAGMA_DIAG_POP; \
} \ } \
} while(0) } while(0)

5
wolfssl/test.h
View File

@@ -2928,8 +2928,9 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL_X509_get_issuer_name(peer), 0, 0); wolfSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline( char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(peer), 0, 0); wolfSSL_X509_get_subject_name(peer), 0, 0);
printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n",
subject); issuer ? issuer : "[none]",
subject ? subject : "[none]");
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
if (issuer != NULL && subject != NULL) { if (issuer != NULL && subject != NULL) {
/* preverify needs to be self-signer error for Qt compat. /* preverify needs to be self-signer error for Qt compat.

16
wolfssl/wolfcrypt/types.h
View File

@@ -1379,6 +1379,9 @@ typedef struct w64wrapper {
#define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push") #define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push")
#define PRAGMA_GCC(str) _Pragma(str) #define PRAGMA_GCC(str) _Pragma(str)
#define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop") #define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH
#define PRAGMA(str) PRAGMA_GCC(str)
#define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP
#else #else
#define PRAGMA_GCC_DIAG_PUSH #define PRAGMA_GCC_DIAG_PUSH
#define PRAGMA_GCC(str) #define PRAGMA_GCC(str)
@@ -1389,12 +1392,25 @@ typedef struct w64wrapper {
#define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push") #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push")
#define PRAGMA_CLANG(str) _Pragma(str) #define PRAGMA_CLANG(str) _Pragma(str)
#define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop") #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop")
#define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA(str) PRAGMA_CLANG(str)
#define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP
#else #else
#define PRAGMA_CLANG_DIAG_PUSH #define PRAGMA_CLANG_DIAG_PUSH
#define PRAGMA_CLANG(str) #define PRAGMA_CLANG(str)
#define PRAGMA_CLANG_DIAG_POP #define PRAGMA_CLANG_DIAG_POP
#endif #endif
#ifndef PRAGMA_DIAG_PUSH
#define PRAGMA_DIAG_PUSH
#endif
#ifndef PRAGMA
#define PRAGMA(str)
#endif
#ifndef PRAGMA_DIAG_POP
#define PRAGMA_DIAG_POP
#endif
#ifdef DEBUG_VECTOR_REGISTER_ACCESS #ifdef DEBUG_VECTOR_REGISTER_ACCESS
WOLFSSL_API extern THREAD_LS_T int wc_svr_count; WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file; WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;