From c08878ac9460ea46aa08e2d62791d5b1a8f44b24 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 3 Apr 2023 15:49:39 -0500 Subject: [PATCH] configure.ac: include both -I. and -I$srcdir for "circular dependency" test, so that ${build_pwd}/wolfssl/options.h is found in out-of-tree builds; streamline scripting that dynamically sets $TRIM; linuxkm/module_exports.c.template: include wolfssl/wolfcrypt/wolfmath.h, to bring in wc_GetMathInfo() prototype; src/ssl.c: move "Global pointer to constant BN on" to src/ssl_bn.c; and in wolfSSL_Cleanup(), call the new wolfSSL_BN_free_one() rather than using ad hoc cleanup logic; src/ssl_bn.c: add bn_one and wolfSSL_BN_free_one(); src/ssl_asn1.c: fix bugprone-macro-parentheses in bufLenOrNull(); refactor wolfSSL_ASN1_TIME_diff() to avoid floating point math; use intermediate tm_year variable in wolfssl_asn1_time_to_tm() to avoid target-specific type conflicts on tm->tm_year; use "FALL_THROUGH", not "/* fall-through */", in wolfSSL_ASN1_TYPE_set (clang-diagnostic-implicit-fallthrough); wolfcrypt/src/ecc.c: fix identicalInnerCondition in ecc_mul2add(); wolfcrypt/src/integer.c: refactor OPT_CAST()s in mp_grow() to unconditional casts as elsewhere, to mollify a confused cppcheck-all-intmath; tests/api.c: reformat some overlong lines. --- configure.ac | 18 ++++++------------ linuxkm/module_exports.c.template | 1 + src/ssl.c | 8 +------- src/ssl_asn1.c | 18 +++++++++++------- src/ssl_bn.c | 7 +++++++ tests/api.c | 17 ++++++++++------- wolfcrypt/src/ecc.c | 3 +-- wolfcrypt/src/integer.c | 4 ++-- 8 files changed, 39 insertions(+), 37 deletions(-) diff --git a/configure.ac b/configure.ac index 81f75b970f..07fd993689 100644 --- a/configure.ac +++ b/configure.ac @@ -8642,18 +8642,12 @@ echo "#endif" >> $OPTION_FILE echo "" >> $OPTION_FILE # check for supported command to trim option with -which colrm &> /dev/null -RESULT=$? -if test "$RESULT" = "0"; then +if colrm &> /dev/null; then TRIM="colrm 3" +elif cut &> /dev/null; then + TRIM="cut -c1-2" else - which cut &> /dev/null - RESULT=$? - if test "$RESULT" = "0"; then - TRIM="cut -c1-2" - else - AC_MSG_ERROR([Could not find colrm or cut to make options file]) - fi + AC_MSG_ERROR([Could not find colrm or cut to make options file]) fi for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS; do @@ -8724,7 +8718,7 @@ done < $OPTION_FILE # switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h -# workaround for mingw sed that may get "Permission denied" trying to preserver permissions +# workaround for mingw sed that may get "Permission denied" trying to preserve permissions case $host_os in mingw*) chmod u+w cyassl/options.h ;; @@ -8735,7 +8729,7 @@ rm cyassl/options.h.bak if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no" then SAVE_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS -I$srcdir" + CFLAGS="$CFLAGS -I. -I$srcdir" if test "$ENABLED_INTEL_QA" = "yes" then CFLAGS="$CFLAGS $QAT_FLAGS" diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index 5d697e52ed..62d6cf1c57 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include diff --git a/src/ssl.c b/src/ssl.c index 5077a21f8f..6d6a82f12c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -393,9 +393,6 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local) #endif #ifdef OPENSSL_EXTRA - /* Global pointer to constant BN on */ - static WOLFSSL_BIGNUM* bn_one = NULL; - /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for * OPENSSL_EXTRA where RAND callbacks are not used */ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB @@ -14180,10 +14177,7 @@ int wolfSSL_Cleanup(void) return ret; #ifdef OPENSSL_EXTRA - if (bn_one) { - wolfSSL_BN_free(bn_one); - bn_one = NULL; - } + wolfSSL_BN_free_one(); #endif #ifndef NO_SESSION_CACHE diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 213ccebe08..51d24ccc55 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -155,7 +155,7 @@ void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl) } /* Offset buf if not NULL or NULL. */ -#define bufLenOrNull(buf, len) ((buf != NULL) ? ((buf) + (len)) : NULL) +#define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL) /* Encode X509 algorithm as DER. * @@ -3246,7 +3246,7 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, *secs = 0; } else if (ret == 1) { - const int SECS_PER_DAY = 24 * 60 * 60; + const long long SECS_PER_DAY = 24 * 60 * 60; long long fromSecs; long long toSecs = 0; @@ -3255,9 +3255,9 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, ret = wolfssl_asn1_time_to_secs(to, &toSecs); } if (ret == 1) { - double diffSecs = (double)(toSecs - fromSecs); + long long diffSecs = toSecs - fromSecs; *days = (int) (diffSecs / SECS_PER_DAY); - *secs = (int) (diffSecs - (((double)*days) * SECS_PER_DAY)); + *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY)); } } @@ -3672,16 +3672,20 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime, if (asnTime->type == V_ASN1_UTCTIME) { /* Get year from UTC TIME string. */ + int tm_year; if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen, - &tm->tm_year)) == 1) { + &tm_year)) == 1) { + tm->tm_year = tm_year; /* Month starts after year - 2 characters. */ i = 2; } } else if (asnTime->type == V_ASN1_GENERALIZEDTIME) { /* Get year from GENERALIZED TIME string. */ + int tm_year; if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen, - &tm->tm_year)) == 1) { + &tm_year)) == 1) { + tm->tm_year = tm_year; /* Month starts after year - 4 characters. */ i = 4; } @@ -3998,7 +4002,7 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) WOLFSSL_MSG("NULL tag meant to be always empty!"); /* No way to return error - value will not be used. */ } - /* fall-through */ + FALL_THROUGH; case V_ASN1_OBJECT: case V_ASN1_UTCTIME: case V_ASN1_GENERALIZEDTIME: diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 474259688b..e301c29e82 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -306,6 +306,9 @@ void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef OPENSSL_EXTRA + +static WOLFSSL_BIGNUM* bn_one = NULL; + /* Return a big number with the value of one. * * @return A big number with the value one on success. @@ -349,6 +352,10 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) return one; } +static void wolfSSL_BN_free_one(void) { + wolfSSL_BN_free(bn_one); + bn_one = NULL; +} /* Create a new big number with the same value as the one passed in. * diff --git a/tests/api.c b/tests/api.c index 70c61b06ee..aee462d555 100644 --- a/tests/api.c +++ b/tests/api.c @@ -31070,7 +31070,8 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void) {positiveDer, sizeof(positiveDer), 65537}, {primeDer, sizeof(primeDer), 0} }; - static const size_t NUM_TEST_VECTORS = sizeof(testVectors)/sizeof(testVectors[0]); + static const size_t NUM_TEST_VECTORS = + sizeof(testVectors)/sizeof(testVectors[0]); /* Check d2i error conditions */ /* NULL pointer to input. */ @@ -32492,8 +32493,8 @@ static int test_wolfSSL_ASN1_TIME_to_tm(void) { int res = TEST_SKIPPED; #if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \ - && !defined(NO_ASN_TIME) + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME) ASN1_TIME asnTime; struct tm tm; @@ -32890,11 +32891,13 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1); AssertIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0); #ifdef HAVE_COMP_KEY - AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, - NULL, 0, NULL)), 0); + AssertIntGT((len = EC_POINT_point2oct( + group, point, POINT_CONVERSION_COMPRESSED, + NULL, 0, NULL)), 0); #else - AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL)), 0); + AssertIntGT((len = EC_POINT_point2oct( + group, point, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, NULL)), 0); #endif AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); #ifdef HAVE_COMP_KEY diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 26fcf5ef39..5a6ac71624 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7669,10 +7669,9 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, mu = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); if (mu == NULL) err = MEMORY_E; + else #endif - if (err == MP_OKAY) { err = mp_init(mu); - } if (err == MP_OKAY) { err = mp_montgomery_calc_normalization(mu, modulus); diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 610512e708..01f07d295a 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -423,7 +423,7 @@ int mp_grow (mp_int * a, int size) * in case the operation failed we don't want * to overwrite the dp member of a. */ - tmp = OPT_CAST(mp_digit) XREALLOC (a->dp, sizeof (mp_digit) * size, NULL, + tmp = (mp_digit *)XREALLOC (a->dp, sizeof (mp_digit) * size, NULL, DYNAMIC_TYPE_BIGINT); if (tmp == NULL) { /* reallocation failed but "a" is still valid [can be freed] */ @@ -3280,7 +3280,7 @@ int mp_init_size (mp_int * a, int size) size += (MP_PREC * 2) - (size % MP_PREC); /* alloc mem */ - a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, NULL, + a->dp = (mp_digit *)XMALLOC (sizeof (mp_digit) * size, NULL, DYNAMIC_TYPE_BIGINT); if (a->dp == NULL) { return MP_MEM;