From dbb67d858263f053c79a4ecacb62a47d64fe7dc7 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 2 May 2017 14:29:53 -0600 Subject: [PATCH 1/3] warnings for builds of haproxy, nginx, and leanpsk --- src/ssl.c | 26 ++++++++++++++------------ wolfcrypt/benchmark/benchmark.c | 7 ++++++- wolfcrypt/test/test.c | 4 ++++ wolfssl/ssl.h | 2 +- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e1dd61518..ab30d3599 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -23146,18 +23146,6 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) } -const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) -{ - WOLFSSL_ENTER("wolfSSL_SESSION_get_id"); - WOLFSSL_STUB("wolfSSL_SESSION_get_id"); - if(!sess || !idLen) { - WOLFSSL_MSG("Bad func args. Please provide idLen"); - return NULL; - } - *idLen = sess->sessionIDSz; - return sess->sessionID; -} - #ifdef HAVE_SNI int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) { @@ -23270,8 +23258,22 @@ void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*) } #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ +#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX))\ + || defined(WOLFSSL_HAPROXY) +const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_id"); + if(!sess || !idLen) { + WOLFSSL_MSG("Bad func args. Please provide idLen"); + return NULL; + } + *idLen = sess->sessionIDSz; + return sess->sessionID; +} +#endif + #if (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index e3fe4593e..dd2f56cc2 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -621,7 +621,12 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, dou #endif } -static void bench_stats_asym_finish(const char* algo, int strength, +/* declare here rather than creating a static function to avoid warning of not + * used in the case of something like a leanpsk only build */ +void bench_stats_asym_finish(const char* algo, int strength, + const char* desc, int doAsync, int count, double start); + +void bench_stats_asym_finish(const char* algo, int strength, const char* desc, int doAsync, int count, double start) { double total, each = 0, opsSec, milliEach; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9d1caf804..b48389e75 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1860,14 +1860,17 @@ int hash_test(void) ret = wc_HashFinal(&hash, typesGood[i], out); if (ret != exp_ret) return -4160 - i; +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(typesGood[i]); if (ret == BAD_FUNC_ARG || (exp_ret == 0 && ret == HASH_TYPE_E) || (exp_ret != 0 && ret != HASH_TYPE_E)) { return -4170 - i; } +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ } +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) ret = wc_HashGetOID(WC_HASH_TYPE_MD2); #ifdef WOLFSSL_MD2 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) @@ -1890,6 +1893,7 @@ int hash_test(void) ret = wc_HashGetOID(WC_HASH_TYPE_NONE); if (ret != BAD_FUNC_ARG) return -4183; +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ #ifndef NO_ASN #ifdef WOLFSSL_MD2 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 90b566ed2..d254a3df7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2222,6 +2222,7 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); /* Not an OpenSSL API. */ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); +WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -2313,7 +2314,6 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi #ifdef WOLFSSL_HAPROXY WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); -WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); #endif WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); From aa990ed1ce2e860baee2cee8ec8f5c672152fcab Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 2 May 2017 14:54:27 -0600 Subject: [PATCH 2/3] in error case close FILE --- src/ssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index ab30d3599..557b8416b 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -22168,9 +22168,11 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return SSL_BAD_FILE; if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) { + XFCLOSE(fp); return SSL_BAD_FILE; } + /* file is closed when bio is free'd */ return SSL_SUCCESS; #else (void)name; @@ -22600,6 +22602,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) bio = NULL; } + /* file is closed when BIO is free'd */ return bio; #else (void)filename; From 8146f73eff1addc6f07b19c434a2943484eab0b5 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 2 May 2017 15:20:20 -0600 Subject: [PATCH 3/3] warnings when using g++ compiler --- wolfcrypt/src/asn.c | 12 ++++++------ wolfcrypt/src/pkcs7.c | 3 +-- wolfcrypt/src/pwdbased.c | 6 +++--- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 51d0d717f..70dc76bb2 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9637,7 +9637,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, - int public) + int pubIn) { byte curve[MAX_ALGO_SZ+2]; byte ver[MAX_VERSION_SZ]; @@ -9678,8 +9678,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, } prvidx += privSz; - /* public */ - if (public) { + /* pubIn */ + if (pubIn) { ret = wc_ecc_export_x963(key, NULL, &pubSz); if (ret != LENGTH_ONLY_E) { XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -9717,7 +9717,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, totalSz = prvidx + pubidx + curveidx + verSz + seqSz; if (totalSz > (int)inLen) { XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (public) { + if (pubIn) { XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } return BAD_FUNC_ARG; @@ -9741,8 +9741,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, XMEMCPY(output + idx, curve, curveidx); idx += curveidx; - /* public */ - if (public) { + /* pubIn */ + if (pubIn) { XMEMCPY(output + idx, pub, pubidx); /* idx += pubidx; not used after write, if more data remove comment */ XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index d3c9338a0..e21525bfd 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -834,8 +834,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, * type - [OUT] pointer to wc_HashType for output * * returns hash digest size on success, negative on error */ -static enum wc_HashType wc_PKCS7_SetHashType(PKCS7* pkcs7, - enum wc_HashType* type) +static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type) { if (pkcs7 == NULL || type == NULL) return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index edec68237..45a2634b7 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -761,15 +761,15 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, bSz = 128 * blockSize; blocksSz = bSz * parallel; - blocks = XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (blocks == NULL) goto end; /* Temporary for scryptROMix. */ - v = XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (v == NULL) goto end; /* Temporary for scryptBlockMix. */ - y = XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER); + y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (y == NULL) goto end;