mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

configure.ac:

Browse Source 
if ENABLED_LINUXKM_PIE, add -DWOLFSSL_NO_OCSP_ISSUER_CHECK to gate out backward dependency in asn.c;

  if ENABLE_LINUXKM, don't error on FIPS without thread_ls_on;

  for --enable-curl, set ENABLED_MD4="yes", and move --enable-md4 AC_ARG_ENABLE() clause up to a position adjacent to des3 handling;

scripts/sniffer-gen.sh: fix illegal exit code (SC2242);

src/internal.c: fix clang-analyzer-core.NonNullParamChecker in CreateTicket();

src/ocsp.c: fix readability-redundant-preprocessor;

src/tls.c: fix empty-body in TLSX_PskKeModes_Parse() and clang-diagnostic-unreachable-code-break in ALPN_Select();

tests/api.c: fix several clang-analyzer-core.NullDereference related to Expect*() refactor;

wolfcrypt/src/asn.c:

  fix -Wconversions in DecodeAuthKeyId() and ParseCertRelative();

  fix readability-redundant-declaration re GetCA() and GetCAByName();

  gate inclusion of wolfssl/internal.h on !defined(WOLFCRYPT_ONLY);

wolfssl/internal.h: add macro-detection gating around GetCA() and GetCAByName() prototypes matching gates in wolfcrypt/src/asn.c;

tests/utils.c: in create_tmp_dir(), use one-arg variant of mkdir() if defined(__CYGWIN__) || defined(__MINGW32__).
This commit is contained in:
Daniel Pouzzner 2023-07-12 13:47:40 -05:00
parent b8119af455
commit 648f474d83
9 changed files with 58 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
configure.ac
View File

@ -508,6 +508,9 @@ AC_SUBST([ENABLED_LINUXKM_BENCHMARKS])
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static"
if test "$ENABLED_LINUXKM_PIE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
fi
if test "$ENABLED_FIPS" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_PRIME_CHECK"
fi
@ -4391,6 +4394,14 @@ then
fi
# MD4
AC_ARG_ENABLE([md4],
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
# DES3
AC_ARG_ENABLE([des3],
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
@ -4701,7 +4712,7 @@ AS_CASE([$FIPS_VERSION],
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno" && test "$ENABLE_LINUXKM" = "no"],
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
@ -6299,6 +6310,11 @@ AC_ARG_ENABLE([curl],
# curl support requires all the features enabled within this conditional.
if test "$ENABLED_CURL" = "yes"
then
if test "$ENABLED_MD4" = "no"
then
ENABLED_MD4="yes"
fi
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
@ -6513,14 +6529,6 @@ then
fi
fi
# MD4
AC_ARG_ENABLE([md4],
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
@ -8933,14 +8941,10 @@ fi
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
then
ESCAPED_ARGS="$ac_configure_args"
ESCAPED_ARGS=$(echo "$ESCAPED_ARGS" | sed 's/\\/\\\\/g')
ESCAPED_ARGS=$(echo "$ESCAPED_ARGS" | sed 's/\"/\\\"/g')
ESCAPED_GLOBAL_ARGS="$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS"
ESCAPED_GLOBAL_ARGS=$(echo "$ESCAPED_GLOBAL_ARGS" | sed 's/\\/\\\\/g')
ESCAPED_GLOBAL_ARGS=$(echo "$ESCAPED_GLOBAL_ARGS" | sed 's/\"/\\\"/g')
ESCAPED_ARGS=$(echo "$ac_configure_args" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
ESCAPED_GLOBAL_CFLAGS=$(echo "$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ESCAPED_ARGS\"" > "${output_objdir}/.build_params" &&
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$ESCAPED_GLOBAL_ARGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> "${output_objdir}/.build_params" ||
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$ESCAPED_GLOBAL_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> "${output_objdir}/.build_params" ||
AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.])
else
rm -f "${output_objdir}/.build_params"

2
scripts/sniffer-gen.sh
View File

@ -65,7 +65,7 @@ run_sequence() {
run_test "" "-v 4 -g" "-v 4 -J"
else
echo "Invalid test"
exit -1
exit 1
fi
}

5
src/internal.c
View File

@ -35791,6 +35791,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
if (!ssl->options.tls1_3) {
if (ssl->arrays == NULL) {
WOLFSSL_MSG("CreateTicket called with null arrays");
ret = BAD_FUNC_ARG;
goto error;
}
XMEMCPY(it->msecret, ssl->arrays->masterSecret, SECRET_LEN);
#ifndef NO_ASN_TIME
c32toa(LowResTimer(), it->timestamp);

3
src/ocsp.c
View File

@ -549,8 +549,6 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
return ret;
}
#ifdef HAVE_OCSP
#ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert,
void* vp) {
@ -646,7 +644,6 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
}
return ret;
}
#endif /* HAVE_OCSP */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)

5
src/tls.c
View File

@ -1693,7 +1693,6 @@ int ALPN_Select(WOLFSSL *ssl)
SendAlert(ssl, alert_fatal, no_application_protocol);
WOLFSSL_ERROR_VERBOSE(UNKNOWN_ALPN_PROTOCOL_NAME_E);
return UNKNOWN_ALPN_PROTOCOL_NAME_E;
break;
}
}
else
@ -10290,8 +10289,10 @@ static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length,
if (ret == 0)
ret = TLSX_PskKeyModes_Use(ssl, modes);
if (ret != 0)
if (ret != 0) {
WOLFSSL_ERROR_VERBOSE(ret);
}
return ret;
}

17
tests/api.c
View File

@ -40233,12 +40233,15 @@ static int test_wolfSSL_BIO_gets(void)
ExpectNotNull(emp_bm = BUF_MEM_new());
ExpectNotNull(msg_bm = BUF_MEM_new());
ExpectIntEQ(BUF_MEM_grow(msg_bm, sizeof(msg)), sizeof(msg));
XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
if (EXPECT_SUCCESS())
XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
/* emp size is 1 for terminator */
ExpectIntEQ(BUF_MEM_grow(emp_bm, sizeof(emp)), sizeof(emp));
XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
emp_bm->data = emp;
msg_bm->data = msg;
if (EXPECT_SUCCESS()) {
XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
emp_bm->data = emp;
msg_bm->data = msg;
}
ExpectIntEQ(BIO_set_mem_buf(bio, emp_bm, BIO_CLOSE), WOLFSSL_SUCCESS);
/* check reading an empty string */
@ -40256,9 +40259,11 @@ static int test_wolfSSL_BIO_gets(void)
ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
emp_bm->data = NULL;
if (EXPECT_SUCCESS())
emp_bm->data = NULL;
BUF_MEM_free(emp_bm);
msg_bm->data = NULL;
if (EXPECT_SUCCESS())
msg_bm->data = NULL;
BUF_MEM_free(msg_bm);
#endif

3
tests/utils.c
View File

@ -53,6 +53,9 @@ char* create_tmp_dir(char *tmpDir, int len)
#ifdef _MSC_VER
if (_mkdir(tmpDir) != 0)
return NULL;
#elif defined(__CYGWIN__) || defined(__MINGW32__)
if (mkdir(tmpDir) != 0)
return NULL;
#else
if (mkdir(tmpDir, 0700) != 0)
return NULL;

35
wolfcrypt/src/asn.c
View File

@ -190,7 +190,10 @@ ASN Options:
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#include <wolfssl/internal.h>
#ifndef WOLFCRYPT_ONLY
#include <wolfssl/internal.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#include <wolfssl/openssl/objects.h>
#endif
@ -18867,7 +18870,7 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
/* Get the hash or hash of the hash if wrong size. */
ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
(int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
cert->extAuthKeyId, HashIdAlg(cert->signatureOID));
cert->extAuthKeyId, HashIdAlg((int)cert->signatureOID));
}
#ifdef WOLFSSL_AKID_NAME
if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.data != NULL) {
@ -21448,29 +21451,10 @@ int wc_ParseCert(DecodedCert* cert, int type, int verify, void* cm)
return ParseCert(cert, type, verify, cm);
}
#if !defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_X509_SMALL) && \
!defined(GetCA)
/* from SSL proper, for locking can't do find here anymore.
* brought in from internal.h if built with compat layer.
* if defined(GetCA), it's a predefined macro and these prototypes
* would conflict.
*/
#ifdef __cplusplus
extern "C" {
#endif
Signer* GetCA(void* signers, byte* hash);
#ifndef NO_SKID
Signer* GetCAByName(void* signers, byte* hash);
#endif
#ifdef __cplusplus
}
#endif
#endif /* !OPENSSL_EXTRA && !OPENSSL_EXTRA_X509_SMALL && !GetCA */
#if defined(WOLFCRYPT_ONLY)
#ifdef WOLFCRYPT_ONLY
/* dummy functions, not using wolfSSL so don't need actual ones */
Signer* GetCA(void* signers, byte* hash);
Signer* GetCA(void* signers, byte* hash)
{
(void)hash;
@ -21479,6 +21463,7 @@ Signer* GetCA(void* signers, byte* hash)
}
#ifndef NO_SKID
Signer* GetCAByName(void* signers, byte* hash);
Signer* GetCAByName(void* signers, byte* hash)
{
(void)hash;
@ -21488,6 +21473,8 @@ Signer* GetCAByName(void* signers, byte* hash)
#endif /* NO_SKID */
#ifdef WOLFSSL_AKID_NAME
Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
const byte* serial, word32 serialSz);
Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
const byte* serial, word32 serialSz)
{
@ -22701,7 +22688,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
}
}
else {
cert->maxPathLen = min(cert->ca->maxPathLen - 1,
cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1,
cert->maxPathLen);
}
}

6
wolfssl/internal.h
View File

@ -6128,12 +6128,14 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
DecodedCert* cert);
#endif
WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
#ifndef GetCA
WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
#endif
#ifdef WOLFSSL_AKID_NAME
WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer,
word32 issuerSz, const byte* serial, word32 serialSz);
#endif
#ifndef NO_SKID
#if !defined(NO_SKID) && !defined(GetCAByName)
WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
#endif
#endif /* !NO_CERTS */