From ea2836279bac9697447ecd73c492a60457260e31 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 6 Mar 2024 18:55:17 +0200 Subject: [PATCH 1/6] Fix GCC warning -Wformat-truncation. --- src/lib/crypto/ecdh.cpp | 4 ++-- src/lib/pgp-key.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/crypto/ecdh.cpp b/src/lib/crypto/ecdh.cpp index 31f078accd..12a47734fb 100644 --- a/src/lib/crypto/ecdh.cpp +++ b/src/lib/crypto/ecdh.cpp @@ -263,7 +263,7 @@ ecdh_encrypt_pkcs5(rnp::RNG * rng, out->mlen = sizeof(out->m); #if defined(CRYPTO_BACKEND_BOTAN3) - char name[8]; + char name[16]; snprintf(name, sizeof(name), "AES-%zu", 8 * kek_len); if (botan_nist_kw_enc(name, 0, m, m_padded_len, kek, kek_len, out->m, &out->mlen)) { #else @@ -362,7 +362,7 @@ ecdh_decrypt_pkcs5(uint8_t * out, } #if defined(CRYPTO_BACKEND_BOTAN3) - char name[8]; + char name[16]; snprintf(name, sizeof(name), "AES-%zu", 8 * kek_len); if (botan_nist_kw_dec( name, 0, in->m, in->mlen, kek.data(), kek_len, deckey.data(), &deckey_len)) { diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp index 7acabad601..37759b518e 100644 --- a/src/lib/pgp-key.cpp +++ b/src/lib/pgp-key.cpp @@ -3081,7 +3081,7 @@ grip_hash_mpi(rnp::Hash &hash, const pgp_mpi_t &val, const char name, bool lzero hlen++; } - char buf[20] = {0}; + char buf[26] = {0}; snprintf(buf, sizeof(buf), "(1:%c%zu:", name, hlen); hash.add(buf, strlen(buf)); } From e257f0175c247b697642a48d2152d559850624f3 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 6 Mar 2024 18:55:50 +0200 Subject: [PATCH 2/6] Fix GCC warning -Wstringop-truncation --- src/tests/streams.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/streams.cpp b/src/tests/streams.cpp index 622c804fe0..38b8f330e1 100644 --- a/src/tests/streams.cpp +++ b/src/tests/streams.cpp @@ -171,7 +171,7 @@ copy_tmp_path(char *buf, size_t buflen, pgp_dest_t *dst) } pgp_dest_file_param_t; pgp_dest_file_param_t *param = (pgp_dest_file_param_t *) dst->param; - strncpy(buf, param->path.c_str(), buflen); + strncpy(buf, param->path.c_str(), buflen - 1); } TEST_F(rnp_tests, test_stream_file) From aeeed668df39c412f020347659adcc761bc7f88a Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 6 Mar 2024 18:57:38 +0200 Subject: [PATCH 3/6] Fix GCC warning -Wclass-memaccess --- src/tests/generatekey.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/tests/generatekey.cpp b/src/tests/generatekey.cpp index 71361d930d..2b5a948196 100644 --- a/src/tests/generatekey.cpp +++ b/src/tests/generatekey.cpp @@ -1139,14 +1139,13 @@ TEST_F(rnp_tests, test_generated_key_sigs) { pgp_key_t pub; pgp_key_t sec; - rnp_keygen_subkey_desc_t desc; + rnp_keygen_subkey_desc_t desc = {}; pgp_sig_subpkt_t * subpkt = NULL; pgp_signature_t * psig = NULL; pgp_signature_t * ssig = NULL; pgp_signature_info_t psiginfo = {}; pgp_signature_info_t ssiginfo = {}; - memset(&desc, 0, sizeof(desc)); #if defined(ENABLE_CRYPTO_REFRESH) desc.pgp_version = PGP_V4; #endif From 0682807dae04cc21fadb4a38fff84bec1c954b5f Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 6 Mar 2024 19:19:26 +0200 Subject: [PATCH 4/6] Remove unused variable. --- src/rnp/fficli.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/rnp/fficli.cpp b/src/rnp/fficli.cpp index e39f0f84c5..bf3de77cb1 100644 --- a/src/rnp/fficli.cpp +++ b/src/rnp/fficli.cpp @@ -2869,7 +2869,6 @@ cli_rnp_print_signatures(cli_rnp_t *rnp, const std::vectorresfp; @@ -2878,7 +2877,6 @@ cli_rnp_print_signatures(cli_rnp_t *rnp, const std::vector Date: Wed, 13 Mar 2024 13:34:23 +0200 Subject: [PATCH 5/6] CI: Update runner with disabled Brainpool to improve coverage. --- .github/workflows/centos-and-fedora.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/centos-and-fedora.yml b/.github/workflows/centos-and-fedora.yml index 522c5b6db3..6722cdaf24 100644 --- a/.github/workflows/centos-and-fedora.yml +++ b/.github/workflows/centos-and-fedora.yml @@ -95,9 +95,11 @@ jobs: - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL } env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } # Coverage report for OpenSSL 3.0 backend with disabled algos - - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL } - env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off } - + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } + # Coverage report for Botan backend with disabled algos + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: Botan, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} @@ -121,6 +123,7 @@ jobs: echo "ENABLE_TWOFISH=${{ matrix.image.two }}" >> $GITHUB_ENV echo "ENABLE_BLOWFISH=${{ matrix.image.blow }}" >> $GITHUB_ENV echo "ENABLE_RIPEMD160=${{ matrix.image.rmd }}" >> $GITHUB_ENV + echo "ENABLE_BRAINPOOL=${{ matrix.image.bp }}" >> $GITHUB_ENV echo CORES="$(nproc --all)" >> $GITHUB_ENV @@ -149,13 +152,14 @@ jobs: [ -n "$ENABLE_TWOFISH" ] && two_opt=(-DENABLE_TWOFISH="$ENABLE_TWOFISH") [ -n "$ENABLE_BLOWFISH" ] && blow_opt=(-DENABLE_BLOWFISH="$ENABLE_BLOWFISH") [ -n "$ENABLE_RIPEMD160" ] && rmd_opt=(-DENABLE_RIPEMD160="$ENABLE_RIPEMD160") + [ -n "$ENABLE_BRAINPOOL" ] && bp_opt=(-DENABLE_BRAINPOOL="$ENABLE_BRAINPOOL") cmake -B build \ -DBUILD_SHARED_LIBS=${{ env.SHARED_LIBS }} \ -DDOWNLOAD_GTEST=ON \ -DCMAKE_BUILD_TYPE=Release \ -DCRYPTO_BACKEND=${{ matrix.image.backend }} \ - ${sm2_opt:-} ${idea_opt:-} ${two_opt:-} ${blow_opt:-} ${rmd_opt:-} ${cov_opt:-} ${san_opt:-} . + ${sm2_opt:-} ${idea_opt:-} ${two_opt:-} ${blow_opt:-} ${rmd_opt:-} ${bp_opt:-} ${cov_opt:-} ${san_opt:-} . - name: Build run: cmake --build build --parallel ${{ env.CORES }} From 368595d97a28098b84fbf64cc7fceab8f8bde0c8 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Fri, 15 Mar 2024 16:10:27 +0200 Subject: [PATCH 6/6] Ignore rarely-hit ElGamal code chunk in coverage report. --- src/lib/crypto/elgamal.cpp | 3 +++ src/lib/crypto/elgamal_ossl.cpp | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/src/lib/crypto/elgamal.cpp b/src/lib/crypto/elgamal.cpp index acebf4d684..4946b70518 100644 --- a/src/lib/crypto/elgamal.cpp +++ b/src/lib/crypto/elgamal.cpp @@ -276,8 +276,11 @@ elgamal_generate(rnp::RNG *rng, pgp_eg_key_t *key, size_t keybits) goto end; } if (bn_num_bytes(*y) < BITS_TO_BYTES(keybits)) { + /* This code chunk is rarely hit, so ignoring it for the coverage report: + * LCOV_EXCL_START */ botan_privkey_destroy(key_priv); goto start; + /* LCOV_EXCL_END */ } if (botan_privkey_get_field(BN_HANDLE_PTR(p), key_priv, "p") || diff --git a/src/lib/crypto/elgamal_ossl.cpp b/src/lib/crypto/elgamal_ossl.cpp index a05cda5cd0..7be98a2af9 100644 --- a/src/lib/crypto/elgamal_ossl.cpp +++ b/src/lib/crypto/elgamal_ossl.cpp @@ -394,11 +394,14 @@ elgamal_generate(rnp::RNG *rng, pgp_eg_key_t *key, size_t keybits) goto done; } if (y.bytes() != BITS_TO_BYTES(keybits)) { + /* This code chunk is rarely hit, so ignoring it for the coverage report: + * LCOV_EXCL_START */ EVP_PKEY_CTX_free(ctx); ctx = NULL; EVP_PKEY_free(pkey); pkey = NULL; goto start; + /* LCOV_EXCL_END */ } rnp::bn p; @@ -418,11 +421,14 @@ elgamal_generate(rnp::RNG *rng, pgp_eg_key_t *key, size_t keybits) goto done; } if (BITS_TO_BYTES(BN_num_bits(DH_get0_pub_key(dh))) != BITS_TO_BYTES(keybits)) { + /* This code chunk is rarely hit, so ignoring it for the coverage report: + * LCOV_EXCL_START */ EVP_PKEY_CTX_free(ctx); ctx = NULL; EVP_PKEY_free(pkey); pkey = NULL; goto start; + /* LCOV_EXCL_END */ } const bignum_t *p;