diff options
39 files changed, 497 insertions, 389 deletions
diff --git a/.gitignore b/.gitignore index e19ca802cb..88c4d33b68 100644 --- a/.gitignore +++ b/.gitignore @@ -189,7 +189,8 @@ fuzz/*_fuzzer *.gcda *.gcno *.gcov -gl +/gl/* +!/gl/override /GNUmakefile GnuTLS-*-coverage/ gnutls-*.tar.* diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ccc4eddfa1..5ce88f2662 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -390,6 +390,42 @@ MinGW64.DLLs: - win64-build/ retry: 1 +MinGW64.Vista+: + stage: stage1-testing + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD + script: + - ./bootstrap + - export CC="ccache x86_64-w64-mingw32-gcc" + # Target Vista instead of XP, currently the default in mingw + - export CPPFLAGS="-D_WIN32_WINT=0x600" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin + - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc + - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register + - mkdir -p build + - cd build + - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc + # generate the certtool autogen file to check whether later compilation will modify it + - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak + - mingw64-make -j$BUILDJOBS + - mingw64-make -j$CHECKJOBS -C tests check + - cd .. + # since we use --enable-local-libopts the generated files must equal the .bak + - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false + tags: + - shared + - docker + - linux + except: + - tags + artifacts: + expire_in: 1 week + when: on_failure + paths: + - build/*.log + - build/tests/*.log + - build/tests/*/*.log + retry: 1 + MinGW64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD diff --git a/bootstrap.conf b/bootstrap.conf index 4c186d6c37..3abfe10464 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -25,10 +25,10 @@ checkout_only_file= local_gl_dir=gl/override/ required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle devel/libtasn1" -# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings +# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca attribute byteswap c-ctype extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings gnulib_modules=" -alloca byteswap c-ctype c-strcase extensions func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings +alloca attribute byteswap c-ctype c-strcase extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings " unistring_modules=" diff --git a/configure.ac b/configure.ac index 9b346e0f17..145f4502ed 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,7 @@ AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") dnl Detect windows build use_accel=yes +have_vista_dynamic=yes case "$host" in *android*) have_android=yes @@ -121,6 +122,22 @@ case "$host" in AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs]) LIB_CRYPT32="-lcrypt32" AC_SUBST([LIB_CRYPT32]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM( + [[#include <windows.h> + #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 + # error Vista APIs allowed statically + #endif + ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no]) + AC_ARG_ENABLE(dyn_ncrypt, + AS_HELP_STRING([--enable-dyn-ncrypt], [use ncrypt dynamically]), + enable_dyn_ncrypt=$enableval, enable_dyn_ncrypt=$have_vista_dynamic + ) + if test "x$enable_dyn_ncrypt" = "xyes"; then + AC_DEFINE([DYN_NCRYPT], 1, [Dynamic use of ncrypt API (win32)]) + else + LIBNCRYPT="-lncrypt" + fi + AC_SUBST([LIBNCRYPT]) ;; *darwin*) have_macosx=yes @@ -1106,7 +1123,6 @@ AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename]) AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename]) -AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename]) dnl configuration options for config file parsing (inih) AC_DEFINE([INI_MAX_LINE], 2048, [inih maximum line size]) diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index 2a9bc1a45b..f188caecc9 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -667,15 +667,29 @@ is for the conformance to NIST's FIPS140-2 publication, which consists of polici for cryptographic modules (such as software libraries). Its implementation in GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled when the library is explicitly compiled with the '--enable-fips140-mode' -configure option. The operation of the library is then modified, as follows. +configure option. + +There are two distinct library states with regard to FIPS140-2: the FIPS140-2 +mode is @emph{installed} if @code{/etc/system-fips} is present, and the +FIPS140-2 mode is @emph{enabled} if @code{/proc/sys/crypto/fips_enabled} +contains '1', which is typically set with the ``fips=1'' kernel command line +option. + +When the FIPS140-2 mode is installed, the operation of the library is modified +as follows. @itemize -@item FIPS140-2 mode is enabled when @code{/proc/sys/crypto/fips_enabled} contains '1' and @code{/etc/system-fips} is present. -@item Only approved by FIPS140-2 algorithms are enabled -@item Only approved by FIPS140-2 key lengths are allowed for key generation @item The random generator used switches to DRBG-AES @item The integrity of the GnuTLS and dependent libraries is checked on startup @item Algorithm self-tests are run on library load +@end itemize + +When the FIPS140-2 mode is enabled, The operation of the library is in addition +modified as follows. + +@itemize +@item Only approved by FIPS140-2 algorithms are enabled +@item Only approved by FIPS140-2 key lengths are allowed for key generation @item Any cryptographic operation will be refused if any of the self-tests failed @end itemize diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c index 33eff67a6c..f0b56fffe2 100644 --- a/doc/examples/ex-ocsp-client.c +++ b/doc/examples/ex-ocsp-client.c @@ -183,7 +183,7 @@ static gnutls_x509_crt_t load_cert(const char *cert_file) if (ret < 0) exit(1); - data.data = (void *) read_binary_file(cert_file, &size); + data.data = (void *) read_file(cert_file, RF_BINARY, &size); data.size = size; if (!data.data) { diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index 7890518f94..0e2b64ee1c 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -28,7 +28,7 @@ write_pkcs12(const gnutls_datum_t * cert, gnutls_pkcs12_bag_t bag, key_bag; char pkcs12_struct[10 * 1024]; size_t pkcs12_struct_size; - FILE *fd; + FILE *fp; /* A good idea might be to use gnutls_x509_privkey_get_key_id() * to obtain a unique ID. @@ -116,13 +116,13 @@ write_pkcs12(const gnutls_datum_t * cert, return 1; } - fd = fopen(OUTFILE, "w"); - if (fd == NULL) { + fp = fopen(OUTFILE, "w"); + if (fp == NULL) { fprintf(stderr, "cannot open file\n"); return 1; } - fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd); - fclose(fd); + fwrite(pkcs12_struct, 1, pkcs12_struct_size, fp); + fclose(fp); gnutls_pkcs12_bag_deinit(bag); gnutls_pkcs12_bag_deinit(key_bag); diff --git a/gnulib b/gnulib -Subproject 02c8a3da2c4462ecf78944af9f6fd2c986fa536 +Subproject fb64a78174042189f4d012cbd748d565f021cd6 diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index a0427914f9..9a9d68c488 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -155,7 +155,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, gnutls_datum_t * psk) { gnutls_psk_server_credentials_t cred; - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret; @@ -203,13 +203,13 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_ERROR; } - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { if (username_matches(&username_datum, line, line_size)) { ret = pwd_put_values(psk, line); if (ret < 0) { @@ -231,8 +231,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); zeroize_key(line, line_size); free(line); diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index baa4086e77..49039a66e7 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -193,7 +193,7 @@ static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -202,14 +202,14 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx); - fd = fopen(pconf_file, "r"); - if (fd == NULL) { + fp = fopen(pconf_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; } len = strlen(indexstr); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != ':') @@ -234,7 +234,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) cleanup: zeroize_key(line, line_size); free(line); - fclose(fd); + fclose(fp); return ret; } @@ -244,7 +244,7 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, SRP_PWD_ENTRY ** _entry) { gnutls_srp_server_credentials_t cred; - FILE *fd = NULL; + FILE *fp = NULL; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -308,15 +308,15 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); ret = GNUTLS_E_SRP_PWD_ERROR; goto cleanup; } len = strlen(username); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != '\0') @@ -372,8 +372,8 @@ found: zeroize_key(line, line_size); free(line); } - if (fd) - fclose(fd); + if (fp) + fclose(fp); return ret; } diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c index cfa65eb318..56bc5f6584 100644 --- a/lib/cert-cred-rawpk.c +++ b/lib/cert-cred-rawpk.c @@ -239,8 +239,6 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_pcert_st* pcert; - gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file - size_t key_size; gnutls_str_array_t str_names; unsigned int i; @@ -291,8 +289,13 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, } } else { + gnutls_datum_t rawpubkey; // to hold rawpk data from file + size_t key_size; + /* Read our raw public-key into memory from file */ - rawpubkey.data = (void*) read_binary_file(rawpkfile, &key_size); + rawpubkey.data = (void*) read_file(rawpkfile, + RF_BINARY | RF_SENSITIVE, + &key_size); if (rawpubkey.data == NULL) { gnutls_privkey_deinit(privkey); @@ -307,7 +310,9 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey, format, key_usage, 0); - _gnutls_free_datum(&rawpubkey); + zeroize_key(rawpubkey.data, rawpubkey.size); + free(rawpubkey.data); + rawpubkey.size = 0; if (ret < 0) { gnutls_privkey_deinit(privkey); diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index 4e86a59ba6..04aa3169b6 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -543,7 +543,7 @@ read_cert_file(gnutls_certificate_credentials_t res, return read_cert_url(res, key, certfile); } - data = read_binary_file(certfile, &size); + data = read_file(certfile, RF_BINARY, &size); if (data == NULL) { gnutls_assert(); @@ -588,7 +588,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, (GNUTLS_E_UNIMPLEMENTED_FEATURE); } - data = read_binary_file(keyfile, &size); + data = read_file(keyfile, RF_BINARY | RF_SENSITIVE, &size); if (data == NULL) { gnutls_assert(); @@ -596,6 +596,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, } ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey); + zeroize_key(data, size); free(data); return ret; @@ -1447,7 +1448,8 @@ int size_t size; int ret; - p12blob.data = (void *) read_binary_file(pkcs12file, &size); + p12blob.data = (void *) read_file(pkcs12file, RF_BINARY | RF_SENSITIVE, + &size); p12blob.size = (unsigned int) size; if (p12blob.data == NULL) { gnutls_assert(); @@ -1457,7 +1459,9 @@ int ret = gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob, type, password); + zeroize_key(p12blob.data, p12blob.size); free(p12blob.data); + p12blob.size = 0; return ret; } diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index f904b029b2..f915b6d744 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -1939,13 +1939,6 @@ static int test_mac(gnutls_mac_algorithm_t mac, return ret; \ } -#define FIPS_STARTUP_ONLY_TEST_CASE(x, func, vectors) case x: \ - if (_gnutls_fips_mode_enabled() != 1) { \ - ret = func(x, V(vectors), flags); \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ - return ret; \ - } - /*- * gnutls_cipher_self_test: * @flags: GNUTLS_SELF_TEST_FLAG flags @@ -2075,7 +2068,7 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac) switch (mac) { case GNUTLS_MAC_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); + NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); FALLTHROUGH; CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors); FALLTHROUGH; @@ -2135,7 +2128,7 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest) switch (digest) { case GNUTLS_DIG_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); + NON_FIPS_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); FALLTHROUGH; CASE(GNUTLS_DIG_SHA1, test_digest, sha1_vectors); FALLTHROUGH; diff --git a/lib/datum.h b/lib/datum.h index 3d86a0dc72..35b9e3b97c 100644 --- a/lib/datum.h +++ b/lib/datum.h @@ -28,13 +28,13 @@ /* This will copy the provided data in @dat. If the provided data are * NULL or zero-size @dat will be NULL as well. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size); /* This will always return a non-NULL, and zero-terminated string in @dat. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, size_t data_size); @@ -48,7 +48,7 @@ void _gnutls_free_datum(gnutls_datum_t * dat) } } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { @@ -59,7 +59,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) dat->size = 0; } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { diff --git a/lib/file.c b/lib/file.c index cec1281bd1..3ded84913b 100644 --- a/lib/file.c +++ b/lib/file.c @@ -27,13 +27,13 @@ int _gnutls_file_exists(const char *file) { - FILE *fd; + FILE *fp; - fd = fopen(file, "r"); - if (fd == NULL) + fp = fopen(file, "re"); + if (fp == NULL) return -1; - fclose(fd); + fclose(fp); return 0; } @@ -46,6 +46,10 @@ int _gnutls_file_exists(const char *file) * zero terminated but the terminating null is not included in length. * The returned data are allocated using gnutls_malloc(). * + * Note that this function is not designed for reading sensitive materials, + * such as private keys, on practical applications. When the reading fails + * in the middle, the partially loaded content might remain on memory. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. * @@ -55,7 +59,7 @@ int gnutls_load_file(const char *filename, gnutls_datum_t * data) { size_t len; - data->data = (void *) read_binary_file(filename, &len); + data->data = (void *) read_file(filename, RF_BINARY, &len); if (data->data == NULL) return GNUTLS_E_FILE_ERROR; diff --git a/lib/fips.c b/lib/fips.c index 3c43250aaf..acdd2ec23e 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -93,7 +93,7 @@ unsigned _gnutls_fips_mode_enabled(void) goto exit; } - fd = fopen(FIPS_KERNEL_FILE, "r"); + fd = fopen(FIPS_KERNEL_FILE, "re"); if (fd != NULL) { f1p = fgetc(fd); fclose(fd); @@ -102,14 +102,13 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } + f2p = !access(FIPS_SYSTEM_FILE, F_OK); if (f2p != 0) { /* a funny state where self tests are performed * and ignored */ diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in index 46a1eb5d85..15d3ab057c 100644 --- a/lib/gnutls.pc.in +++ b/lib/gnutls.pc.in @@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system URL: https://www.gnutls.org/ Version: @VERSION@ Libs: -L${libdir} -lgnutls -Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ +Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@ @GNUTLS_REQUIRES_PRIVATE@ Cflags: -I${includedir} diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 9959c82202..4db7a2534d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -55,6 +55,8 @@ typedef int ssize_t; #include <nettle/memxor.h> +#include "attribute.h" + #define ENABLE_ALIGN16 #ifdef __clang_major @@ -76,26 +78,6 @@ typedef int ssize_t; # define unlikely #endif -#if _GNUTLS_GCC_VERSION >= 30300 -# define attr_nonnull_all __attribute__ ((nonnull)) -# define attr_nonnull(a) __attribute__ ((nonnull a)) -#else -# define attr_nonnull_all -# define attr_nonnull(a) -#endif - -#if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) -# define attr_warn_unused_result __attribute__((warn_unused_result)) -#else -# define attr_warn_unused_result -#endif - -#if _GNUTLS_GCC_VERSION >= 70100 -# define FALLTHROUGH __attribute__ ((fallthrough)) -#else -# define FALLTHROUGH -#endif - #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <gnutls/abstract.h> @@ -143,7 +143,7 @@ void _gnutls_nss_keylog_write(gnutls_session_t session, checked_env = 1; keylogfile = secure_getenv("SSLKEYLOGFILE"); if (keylogfile != NULL) - keylog = fopen(keylogfile, "a"); + keylog = fopen(keylogfile, "ae"); } if (keylog) { diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d03bf6e444..fad16aaf4f 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -889,7 +889,7 @@ static void compat_load(const char *configfile) if (configfile == NULL) configfile = "/etc/gnutls/pkcs11.conf"; - fp = fopen(configfile, "r"); + fp = fopen(configfile, "re"); if (fp == NULL) { gnutls_assert(); return; diff --git a/lib/priority.c b/lib/priority.c index ad99459adb..0a284ae1f1 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1304,6 +1304,7 @@ static void _gnutls_update_system_priorities(void) { int ret; struct stat sb; + FILE *fp; if (stat(system_priority_file, &sb) < 0) { _gnutls_debug_log("cfg: unable to access: %s: %d\n", @@ -1321,7 +1322,14 @@ static void _gnutls_update_system_priorities(void) if (system_wide_priority_strings_init != 0) _name_val_array_clear(&system_wide_priority_strings); - ret = ini_parse(system_priority_file, cfg_ini_handler, NULL); + fp = fopen(system_priority_file, "re"); + if (fp == NULL) { + _gnutls_debug_log("cfg: unable to open: %s: %d\n", + system_priority_file, errno); + return; + } + ret = ini_parse_file(fp, cfg_ini_handler, NULL); + fclose(fp); if (ret != 0) { _gnutls_debug_log("cfg: unable to parse: %s: %d\n", system_priority_file, ret); diff --git a/lib/random.c b/lib/random.c index 6462738416..605fc8d51a 100644 --- a/lib/random.c +++ b/lib/random.c @@ -105,9 +105,9 @@ int _gnutls_rnd_preinit(void) #elif defined(ENABLE_FIPS140) /* The FIPS140 random generator is only enabled when we are compiled - * with FIPS support, _and_ the system requires FIPS140. + * with FIPS support, _and_ the system is in FIPS installed state. */ - if (_gnutls_fips_mode_enabled() == 1) { + if (_gnutls_fips_mode_enabled() != 0) { ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); if (ret < 0) return ret; diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c index 678a668e49..f9a4b1ca9e 100644 --- a/lib/system/keys-win.c +++ b/lib/system/keys-win.c @@ -26,6 +26,7 @@ #define _WIN32_WINNT 0x600 #endif +#include <config.h> #include "gnutls_int.h" #include "errors.h" #include <gnutls/gnutls.h> @@ -45,8 +46,6 @@ #include <winbase.h> #include <winapifamily.h> -#define DYN_NCRYPT - #ifdef __MINGW32__ # include <_mingw.h> # ifdef __MINGW64_VERSION_MAJOR @@ -234,6 +233,7 @@ get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert) return 0; } +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) static void *memrev(unsigned char *pvData, DWORD cbData) { @@ -437,6 +437,106 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) return -1; } +static +int privkey_import_capi(gnutls_privkey_t pkey, const char *url, + priv_st *priv, CRYPT_KEY_PROV_INFO *kpi) +{ + HCRYPTPROV hCryptProv = NULL; + int ret, enc_too = 0; + DWORD i, dwErrCode = 0; + + if (CryptAcquireContextW(&hCryptProv, + kpi->pwszContainerName, + kpi->pwszProvName, + kpi->dwProvType, kpi->dwFlags)) { + for (i = 0; i < kpi->cProvParam; i++) + if (!CryptSetProvParam(hCryptProv, + kpi->rgProvParam[i]. + dwParam, + kpi->rgProvParam[i]. + pbData, + kpi->rgProvParam[i]. + dwFlags)) { + dwErrCode = GetLastError(); + break; + }; + } else { + dwErrCode = GetLastError(); + } + + if (ERROR_SUCCESS != dwErrCode) { + _gnutls_debug_log + ("error in getting cryptprov: %d from %s\n", + (int)GetLastError(), url); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + { + BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; + PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; + DWORD len = sizeof(buf); + + if (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_FIRST)) { + DWORD hash = 0; + do { + switch (pAlgo->aiAlgid) { + case CALG_RSA_SIGN: + priv->pk = GNUTLS_PK_RSA; + enc_too = 1; + break; + case CALG_DSS_SIGN: + priv->pk = + priv->pk == + GNUTLS_PK_RSA ? + GNUTLS_PK_RSA : + GNUTLS_PK_DSA; + break; + case CALG_SHA1: + hash = 1; + break; + case CALG_SHA_256: + hash = 256; + break; + default: + break; + } + + len = sizeof(buf); // reset the buffer size + } while (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_NEXT)); + + if (priv->pk == GNUTLS_PK_DSA) + priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; + else + priv->sign_algo = + (hash > + 1) ? GNUTLS_SIGN_RSA_SHA256 : + GNUTLS_SIGN_RSA_SHA1; + } + } + + priv->hCryptProv = hCryptProv; + priv->dwKeySpec = kpi->dwKeySpec; + + ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, + (enc_too != + 0) ? capi_decrypt : NULL, + capi_deinit, capi_info, 0); + cleanup: + if (ret < 0) { + if (hCryptProv != 0) + CryptReleaseContext(hCryptProv, 0); + } + return ret; +} +#endif /* WINAPI_PARTITION_DESKTOP */ + static int cng_sign(gnutls_privkey_t key, void *userdata, const gnutls_datum_t * raw_data, gnutls_datum_t * signature) @@ -597,6 +697,70 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) return -1; } +static +int privkey_import_ncrypt(gnutls_privkey_t pkey, const char *url, + priv_st *priv, CRYPT_KEY_PROV_INFO *kpi, NCRYPT_PROV_HANDLE *sctx) +{ + SECURITY_STATUS r; + NCRYPT_KEY_HANDLE nc = NULL; + int ret, enc_too = 0; + WCHAR algo_str[64]; + DWORD algo_str_size = 0; + + r = pNCryptOpenKey(*sctx, &nc, kpi->pwszContainerName, 0, 0); + if (FAILED(r)) { + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, + (BYTE *) algo_str, sizeof(algo_str), + &algo_str_size, 0); + if (FAILED(r)) { + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_RSA; + priv->sign_algo = GNUTLS_SIGN_RSA_SHA256; + enc_too = 1; + } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_DSA; + priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; + } else { + _gnutls_debug_log("unknown key algorithm: %ls\n", + algo_str); + ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + goto cleanup; + } + priv->nc = nc; + + ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, + (enc_too != + 0) ? cng_decrypt : NULL, + cng_deinit, cng_info, 0); + cleanup: + if (ret < 0) { + if (nc != 0) + pNCryptFreeObject(nc); + } + return ret; +} + /*- * _gnutls_privkey_import_system: * @pkey: The private key @@ -613,25 +777,20 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) -*/ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) { -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) +#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && _WIN32_WINNT < 0x0A00 /*win10 */ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); -#else +#else /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */ uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; size_t id_size; const CERT_CONTEXT *cert = NULL; CRYPT_HASH_BLOB blob; CRYPT_KEY_PROV_INFO *kpi = NULL; - NCRYPT_KEY_HANDLE nc = NULL; - HCRYPTPROV hCryptProv = NULL; NCRYPT_PROV_HANDLE sctx = NULL; DWORD kpi_size; SECURITY_STATUS r; - int ret, enc_too = 0; - WCHAR algo_str[64]; - DWORD algo_str_size = 0; + int ret; priv_st *priv; - DWORD i, dwErrCode = 0; if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -702,157 +861,31 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); if (!FAILED(r)) { /* if this works carry on with CNG */ - r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0); - if (FAILED(r)) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, - (BYTE *) algo_str, sizeof(algo_str), - &algo_str_size, 0); - if (FAILED(r)) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_RSA; - priv->sign_algo = GNUTLS_SIGN_RSA_SHA256; - enc_too = 1; - } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_DSA; - priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; - } else { - _gnutls_debug_log("unknown key algorithm: %ls\n", - algo_str); - ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); - goto cleanup; - } - priv->nc = nc; - - ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, - (enc_too != - 0) ? cng_decrypt : NULL, - cng_deinit, cng_info, 0); + ret = privkey_import_ncrypt(pkey, url, priv, kpi, &sctx); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { +#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) + /* CAPI is not supported in UWP */ + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +#else /* WINAPI_PARTITION_DESKTOP */ /* this should be CAPI */ _gnutls_debug_log ("error in opening CNG keystore: %x from %ls\n", (int)r, kpi->pwszProvName); - if (CryptAcquireContextW(&hCryptProv, - kpi->pwszContainerName, - kpi->pwszProvName, - kpi->dwProvType, kpi->dwFlags)) { - for (i = 0; i < kpi->cProvParam; i++) - if (!CryptSetProvParam(hCryptProv, - kpi->rgProvParam[i]. - dwParam, - kpi->rgProvParam[i]. - pbData, - kpi->rgProvParam[i]. - dwFlags)) { - dwErrCode = GetLastError(); - break; - }; - } else { - dwErrCode = GetLastError(); - } - - if (ERROR_SUCCESS != dwErrCode) { - _gnutls_debug_log - ("error in getting cryptprov: %d from %s\n", - (int)GetLastError(), url); - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - { - BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; - PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; - DWORD len = sizeof(buf); - - if (CryptGetProvParam - (hCryptProv, PP_ENUMALGS_EX, buf, &len, - CRYPT_FIRST)) { - DWORD hash = 0; - do { - switch (pAlgo->aiAlgid) { - case CALG_RSA_SIGN: - priv->pk = GNUTLS_PK_RSA; - enc_too = 1; - break; - case CALG_DSS_SIGN: - priv->pk = - priv->pk == - GNUTLS_PK_RSA ? - GNUTLS_PK_RSA : - GNUTLS_PK_DSA; - break; - case CALG_SHA1: - hash = 1; - break; - case CALG_SHA_256: - hash = 256; - break; - default: - break; - } - - len = sizeof(buf); // reset the buffer size - } while (CryptGetProvParam - (hCryptProv, PP_ENUMALGS_EX, buf, &len, - CRYPT_NEXT)); - - if (priv->pk == GNUTLS_PK_DSA) - priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; - else - priv->sign_algo = - (hash > - 1) ? GNUTLS_SIGN_RSA_SHA256 : - GNUTLS_SIGN_RSA_SHA1; - } - } - - priv->hCryptProv = hCryptProv; - priv->dwKeySpec = kpi->dwKeySpec; - - ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, - (enc_too != - 0) ? capi_decrypt : NULL, - capi_deinit, capi_info, 0); + ret = privkey_import_capi(pkey, url, priv, kpi); if (ret < 0) { gnutls_assert(); goto cleanup; } +#endif /* WINAPI_PARTITION_DESKTOP */ } ret = 0; cleanup: if (ret < 0) { - if (nc != 0) - pNCryptFreeObject(nc); - if (hCryptProv != 0) - CryptReleaseContext(hCryptProv, 0); gnutls_free(priv); } if (sctx != 0) @@ -865,7 +898,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) CertCloseStore(store, 0); return ret; -#endif +#endif /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */ } int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) @@ -1487,13 +1520,16 @@ int _gnutls_system_key_init(void) ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } -#endif ncrypt_init = 1; return 0; fail: FreeLibrary(ncrypt_lib); return ret; +#else + ncrypt_init = 1; + return 0; +#endif } void _gnutls_system_key_deinit(void) diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index 36328e04af..5cedeed118 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -326,7 +326,7 @@ static int verify_pubkey(const char *file, const char *host, const char *service, const gnutls_datum_t * pubkey) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret, l2, mismatch = 0; @@ -343,14 +343,14 @@ static int verify_pubkey(const char *file, if (service != NULL) service_len = strlen(service); - fd = fopen(file, "rb"); - if (fd == NULL) { + fp = fopen(file, "rbe"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } do { - l2 = getline(&line, &line_size, fd); + l2 = getline(&line, &line_size, fp); if (l2 > 0) { ret = parse_line(line, host, host_len, service, @@ -371,8 +371,8 @@ static int verify_pubkey(const char *file, cleanup: free(line); - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_free(b64key.data); return ret; @@ -400,7 +400,7 @@ int store_pubkey(const char *db_name, const char *host, const char *service, time_t expiration, const gnutls_datum_t * pubkey) { - FILE *fd = NULL; + FILE *fp = NULL; gnutls_datum_t b64key = { NULL, 0 }; int ret; @@ -414,8 +414,8 @@ int store_pubkey(const char *db_name, const char *host, goto cleanup; } - fd = fopen(db_name, "ab+"); - if (fd == NULL) { + fp = fopen(db_name, "abe+"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } @@ -425,14 +425,14 @@ int store_pubkey(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service, + fprintf(fp, "|g0|%s|%s|%lu|%.*s\n", host, service, (unsigned long) expiration, b64key.size, b64key.data); ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_mutex_unlock(&_gnutls_file_mutex); gnutls_free(b64key.data); @@ -446,11 +446,11 @@ int store_commitment(const char *db_name, const char *host, gnutls_digest_algorithm_t hash_algo, const gnutls_datum_t * hash) { - FILE *fd; + FILE *fp; char buffer[MAX_HASH_SIZE * 2 + 1]; - fd = fopen(db_name, "ab+"); - if (fd == NULL) + fp = fopen(db_name, "abe+"); + if (fp == NULL) return gnutls_assert_val(GNUTLS_E_FILE_ERROR); if (service == NULL) @@ -458,12 +458,12 @@ int store_commitment(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service, + fprintf(fp, "|c0|%s|%s|%lu|%u|%s\n", host, service, (unsigned long) expiration, (unsigned) hash_algo, _gnutls_bin2hex(hash->data, hash->size, buffer, sizeof(buffer), NULL)); - fclose(fd); + fclose(fp); return 0; } diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 50020d074c..9820595e97 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -356,7 +356,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -366,7 +366,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } if (crl_file) { - crls.data = (void *) read_binary_file(crl_file, &size); + crls.data = (void *) read_file(crl_file, RF_BINARY, &size); if (crls.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -551,7 +551,7 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; diff --git a/src/certtool-common.c b/src/certtool-common.c index c76352c9d8..3af2d08080 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -270,7 +270,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info) if (gnutls_url_is_supported(info->privkey) != 0) return _load_url_privkey(info->privkey); - dat.data = (void *) read_binary_file(info->privkey, &size); + dat.data = (void *) read_file(info->privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -313,7 +313,7 @@ load_x509_private_key(int mand, common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->privkey, &size); + dat.data = (void *) read_file(info->privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -389,7 +389,7 @@ gnutls_x509_crt_t load_cert(int mand, common_info_st * info) gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, common_info_st * info) { - FILE *fd; + FILE *fp; static gnutls_x509_crt_t *crt; int ret; gnutls_datum_t dat; @@ -409,18 +409,18 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, return NULL; } - fd = fopen(info->cert, "r"); - if (fd == NULL) { + fp = fopen(info->cert, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", info->cert); app_exit(1); } - fix_lbuffer(file_size(fd)); + fix_lbuffer(file_size(fp)); - size = fread(lbuffer, 1, lbuffer_size - 1, fd); + size = fread(lbuffer, 1, lbuffer_size - 1, fp); lbuffer[size] = 0; - fclose(fd); + fclose(fp); dat.data = (void *) lbuffer; dat.size = size; @@ -448,7 +448,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, common_info_st * info) { - FILE *fd; + FILE *fp; static gnutls_x509_crl_t *crl; unsigned int crl_max; int ret; @@ -467,18 +467,18 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, return NULL; } - fd = fopen(info->crl, "r"); - if (fd == NULL) { + fp = fopen(info->crl, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", info->crl); app_exit(1); } - fix_lbuffer(file_size(fd)); + fix_lbuffer(file_size(fp)); - size = fread(lbuffer, 1, lbuffer_size - 1, fd); + size = fread(lbuffer, 1, lbuffer_size - 1, fp); lbuffer[size] = 0; - fclose(fd); + fclose(fp); dat.data = (void *) lbuffer; dat.size = size; @@ -519,7 +519,7 @@ gnutls_x509_crq_t load_request(common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->request, &size); + dat.data = (void *) read_file(info->request, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -560,7 +560,7 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info) if (gnutls_url_is_supported(info->ca_privkey) != 0) return _load_url_privkey(info->ca_privkey); - dat.data = (void *) read_binary_file(info->ca_privkey, &size); + dat.data = (void *) read_file(info->ca_privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -610,7 +610,7 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) return crt; } - dat.data = (void *) read_binary_file(info->ca, &size); + dat.data = (void *) read_file(info->ca, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -657,7 +657,7 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->pubkey, &size); + dat.data = (void *) read_file(info->pubkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -1090,7 +1090,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) app_exit(1); } - params.data = (void *) fread_file(infile, &size); + params.data = (void *) fread_file(infile, 0, &size); params.size = size; if (params.data == NULL) { diff --git a/src/certtool.c b/src/certtool.c index a46f774114..0e24ac8281 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1530,7 +1530,7 @@ void certificate_info(int pubkey, common_info_st * cinfo) gnutls_datum_t pem; unsigned int crt_num; - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1651,7 +1651,7 @@ void crl_info(common_info_st *cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1723,7 +1723,7 @@ void crq_info(common_info_st *cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -2241,7 +2241,7 @@ static void load_data(common_info_st *cinfo, gnutls_datum_t *data) app_exit(1); } - data->data = (void *) fread_file(fp, &size); + data->data = (void *) fread_file(fp, 0, &size); if (data->data == NULL) { fprintf(stderr, "Error reading data file"); app_exit(1); @@ -2513,7 +2513,7 @@ static void verify_chain(common_info_st * cinfo) app_exit(1); } - buf = (void *) fread_file(infile, &size); + buf = (void *) fread_file(infile, 0, &size); if (buf == NULL) { fprintf(stderr, "Error reading certificate chain"); app_exit(1); @@ -2530,7 +2530,7 @@ static void verify_certificate(common_info_st * cinfo) char *cas = NULL; size_t cert_size; - cert = (void *) fread_file(infile, &cert_size); + cert = (void *) fread_file(infile, 0, &cert_size); if (cert == NULL) { fprintf(stderr, "Error reading certificate chain"); app_exit(1); @@ -2573,7 +2573,7 @@ void verify_crl(common_info_st * cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -2661,7 +2661,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -2785,7 +2785,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3404,7 +3404,7 @@ void pkcs12_info(common_info_st * cinfo) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3593,7 +3593,7 @@ void pkcs8_info(void) size_t size; gnutls_datum_t data; - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3618,7 +3618,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3787,7 +3787,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) pubkey = load_pubkey(0, cinfo); if (pubkey == NULL) { /* load from stdin */ - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -3931,7 +3931,7 @@ void certificate_fpr(common_info_st * cinfo) crt = load_cert(0, cinfo); if (crt == NULL) { - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1036,7 +1036,7 @@ static int try_resume(socket_st * hd) fprintf(stderr, "could not open %s\n", OPT_ARG(EARLYDATA)); exit(1); } - edata.data = (void *) fread_file(fp, &size); + edata.data = (void *) fread_file(fp, 0, &size); edata.size = size; fclose(fp); } diff --git a/src/ocsptool.c b/src/ocsptool.c index 3b7940962c..a963de039a 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -99,10 +99,9 @@ static void request_info(void) if (HAVE_OPT(LOAD_REQUEST)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_REQUEST), - &size); + (void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading request\n"); app_exit(1); @@ -236,10 +235,9 @@ static void response_info(void) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE), - &size); + (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -348,7 +346,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, if (HAVE_OPT(LOAD_TRUST)) { dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_TRUST), &size); + (void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size); if (dat.data == NULL) { fprintf(stderr, "error reading --load-trust: %s\n", OPT_ARG(LOAD_TRUST)); @@ -524,10 +522,9 @@ static void verify_response(gnutls_datum_t *nonce) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE), - &size); + (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -141,35 +141,35 @@ int main(int argc, char **argv) static int filecopy(const char *src, const char *dst) { - FILE *fd, *fd2; + FILE *fp, *fp2; char line[5 * 1024]; char *p; - fd = fopen(dst, "w"); - if (fd == NULL) { + fp = fopen(dst, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", dst); return -1; } - fd2 = fopen(src, "r"); - if (fd2 == NULL) { + fp2 = fopen(src, "r"); + if (fp2 == NULL) { /* empty file */ - fclose(fd); + fclose(fp); return 0; } line[sizeof(line) - 1] = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; - fputs(line, fd); + fputs(line, fp); } while (1); - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); return 0; } @@ -178,7 +178,7 @@ static int write_key(const char *username, const char *key, int key_size, const char *passwd_file) { - FILE *fd; + FILE *fp; char line[5 * 1024]; char *p, *pp; char tmpname[1024]; @@ -186,7 +186,7 @@ write_key(const char *username, const char *key, int key_size, /* delete previous entry */ struct stat st; - FILE *fd2; + FILE *fp2; int put; if (strlen(passwd_file) + 5 > sizeof(tmpname)) { @@ -207,25 +207,25 @@ write_key(const char *username, const char *key, int key_size, return -1; } - fd = fopen(passwd_file, "w"); - if (fd == NULL) { + fp = fopen(passwd_file, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", passwd_file); (void)remove(tmpname); return -1; } - fd2 = fopen(tmpname, "r"); - if (fd2 == NULL) { + fp2 = fopen(tmpname, "r"); + if (fp2 == NULL) { fprintf(stderr, "Cannot open '%s' for read\n", tmpname); (void)remove(tmpname); - fclose(fd); + fclose(fp); return -1; } put = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; @@ -237,19 +237,19 @@ write_key(const char *username, const char *key, int key_size, MAX(strlen(username), (unsigned int) (pp - p))) == 0) { put = 1; - fprintf(fd, "%s:%s\n", username, key); + fprintf(fp, "%s:%s\n", username, key); } else { - fputs(line, fd); + fputs(line, fp); } } while (1); if (put == 0) { - fprintf(fd, "%s:%s\n", username, key); + fprintf(fp, "%s:%s\n", username, key); } - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); (void)remove(tmpname); diff --git a/src/serv.c b/src/serv.c index 414cd0546b..57304bc9d3 100644 --- a/src/serv.c +++ b/src/serv.c @@ -219,7 +219,7 @@ static void read_dh_params(void) char tmpdata[2048]; int size; gnutls_datum_t params; - FILE *fd; + FILE *fp; if (gnutls_dh_params_init(&dh_params) < 0) { fprintf(stderr, "Error in dh parameter initialization\n"); @@ -228,15 +228,15 @@ static void read_dh_params(void) /* read the params file */ - fd = fopen(dh_params_file, "r"); - if (fd == NULL) { + fp = fopen(dh_params_file, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", dh_params_file); exit(1); } - size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fd); + size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fp); tmpdata[size] = 0; - fclose(fd); + fclose(fp); params.data = (unsigned char *) tmpdata; params.size = size; diff --git a/src/srptool.c b/src/srptool.c index 27821be238..7939f6bfab 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -74,14 +74,14 @@ static void print_num(const char *msg, const gnutls_datum_t * num) static int generate_create_conf(const char *tpasswd_conf) { - FILE *fd; + FILE *fp; char line[5 * 1024]; int index = 1, srp_idx; gnutls_datum_t g, n; gnutls_datum_t str_g, str_n; - fd = fopen(tpasswd_conf, "w"); - if (fd == NULL) { + fp = fopen(tpasswd_conf, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", tpasswd_conf); return -1; } @@ -119,13 +119,13 @@ static int generate_create_conf(const char *tpasswd_conf) if (gnutls_srp_base64_encode_alloc(&n, &str_n) < 0) { fprintf(stderr, "Could not encode\n"); - fclose(fd); + fclose(fp); return -1; } if (gnutls_srp_base64_encode_alloc(&g, &str_g) < 0) { fprintf(stderr, "Could not encode\n"); - fclose(fd); + fclose(fp); return -1; } @@ -134,11 +134,11 @@ static int generate_create_conf(const char *tpasswd_conf) gnutls_free(str_n.data); gnutls_free(str_g.data); - fwrite(line, 1, strlen(line), fd); + fwrite(line, 1, strlen(line), fp); } - fclose(fd); + fclose(fp); return 0; @@ -211,35 +211,35 @@ _verify_passwd_int(const char *username, const char *passwd, static int filecopy(const char *src, const char *dst) { - FILE *fd, *fd2; + FILE *fp, *fp2; char line[5 * 1024]; char *p; - fd = fopen(dst, "w"); - if (fd == NULL) { + fp = fopen(dst, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", dst); return -1; } - fd2 = fopen(src, "r"); - if (fd2 == NULL) { + fp2 = fopen(src, "r"); + if (fp2 == NULL) { /* empty file */ - fclose(fd); + fclose(fp); return 0; } line[sizeof(line) - 1] = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; - fputs(line, fd); + fputs(line, fp); } while (1); - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); return 0; } @@ -247,18 +247,18 @@ static int filecopy(const char *src, const char *dst) /* accepts password file */ static int find_strchr(const char *username, const char *file) { - FILE *fd; + FILE *fp; char *pos; char line[5 * 1024]; unsigned int i; - fd = fopen(file, "r"); - if (fd == NULL) { + fp = fopen(file, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", file); return -1; } - while (fgets(line, sizeof(line), fd) != NULL) { + while (fgets(line, sizeof(line), fp) != NULL) { /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') @@ -269,12 +269,12 @@ static int find_strchr(const char *username, const char *file) /* find the index */ pos = strrchr(line, ':'); pos++; - fclose(fd); + fclose(fp); return atoi(pos); } } - fclose(fd); + fclose(fp); return -1; } @@ -285,7 +285,7 @@ static int verify_passwd(const char *conffile, const char *tpasswd, const char *username, const char *passwd) { - FILE *fd; + FILE *fp; char line[5 * 1024]; unsigned int i; gnutls_datum_t g, n; @@ -299,14 +299,14 @@ verify_passwd(const char *conffile, const char *tpasswd, return -1; } - fd = fopen(conffile, "r"); - if (fd == NULL) { + fp = fopen(conffile, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot find %s\n", conffile); return -1; } do { - p = fgets(line, sizeof(line) - 1, fd); + p = fgets(line, sizeof(line) - 1, fp); } while (p != NULL && atoi(p) != iindex); @@ -316,20 +316,20 @@ verify_passwd(const char *conffile, const char *tpasswd, } line[sizeof(line) - 1] = 0; - fclose(fd); + fclose(fp); if ((iindex = read_conf_values(&g, &n, line)) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", conffile); return -1; } - fd = fopen(tpasswd, "r"); - if (fd == NULL) { + fp = fopen(tpasswd, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", tpasswd); return -1; } - while (fgets(line, sizeof(line), fd) != NULL) { + while (fgets(line, sizeof(line), fp) != NULL) { /* move to first ':' * This is the actual verifier. */ @@ -342,7 +342,7 @@ verify_passwd(const char *conffile, const char *tpasswd, char *verifier_pos, *salt_pos; pos = strchr(line, ':'); - fclose(fd); + fclose(fp); if (pos == NULL) { fprintf(stderr, "Cannot parse conf file '%s'\n", @@ -369,7 +369,7 @@ verify_passwd(const char *conffile, const char *tpasswd, } } - fclose(fd); + fclose(fp); return -1; } @@ -511,7 +511,7 @@ int crypt_int(const char *username, const char *passwd, int salt_size, const char *tpasswd_conf, const char *tpasswd, int uindex) { - FILE *fd; + FILE *fp; char *cr; gnutls_datum_t g, n; char line[5 * 1024]; @@ -519,14 +519,14 @@ crypt_int(const char *username, const char *passwd, int salt_size, int iindex; char tmpname[1024]; - fd = fopen(tpasswd_conf, "r"); - if (fd == NULL) { + fp = fopen(tpasswd_conf, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot find %s\n", tpasswd_conf); return -1; } do { /* find the specified uindex in file */ - p = fgets(line, sizeof(line) - 1, fd); + p = fgets(line, sizeof(line) - 1, fp); } while (p != NULL && (iindex = atoi(p)) != uindex); @@ -536,7 +536,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, } line[sizeof(line) - 1] = 0; - fclose(fd); + fclose(fp); if ((iindex = read_conf_values(&g, &n, line)) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", tpasswd_conf); @@ -550,7 +550,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, } else { /* delete previous entry */ struct stat st; - FILE *fd2; + FILE *fp2; int put; if (strlen(tpasswd) + 5 > sizeof(tmpname)) { @@ -572,16 +572,16 @@ crypt_int(const char *username, const char *passwd, int salt_size, return -1; } - fd = fopen(tpasswd, "w"); - if (fd == NULL) { + fp = fopen(tpasswd, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", tpasswd); (void)remove(tmpname); return -1; } - fd2 = fopen(tmpname, "r"); - if (fd2 == NULL) { + fp2 = fopen(tmpname, "r"); + if (fp2 == NULL) { fprintf(stderr, "Cannot open '%s' for read\n", tmpname); (void)remove(tmpname); @@ -590,7 +590,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, put = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; @@ -602,20 +602,20 @@ crypt_int(const char *username, const char *passwd, int salt_size, MAX(strlen(username), (unsigned int) (pp - p))) == 0) { put = 1; - fprintf(fd, "%s:%s:%u\n", username, cr, + fprintf(fp, "%s:%s:%u\n", username, cr, iindex); } else { - fputs(line, fd); + fputs(line, fp); } } while (1); if (put == 0) { - fprintf(fd, "%s:%s:%u\n", username, cr, iindex); + fprintf(fp, "%s:%s:%u\n", username, cr, iindex); } - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); (void)remove(tmpname); diff --git a/tests/Makefile.am b/tests/Makefile.am index a41067f5af..11a083c637 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -567,6 +567,7 @@ endif if !WINDOWS indirect_tests += datefudge-check +noinst_PROGRAMS = datefudge-check endif check_PROGRAMS = $(cpptests) $(ctests) $(indirect_tests) diff --git a/tests/atfork.c b/tests/atfork.c index 42c4851efd..654519dc7c 100644 --- a/tests/atfork.c +++ b/tests/atfork.c @@ -32,7 +32,6 @@ #include <sys/wait.h> #endif -#include "utils.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> @@ -46,6 +45,10 @@ void doit(void) #include "../lib/atfork.h" #include "../lib/atfork.c" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + void doit(void) { pid_t pid; diff --git a/tests/mpi.c b/tests/mpi.c index 604024622d..65a0dd0516 100644 --- a/tests/mpi.c +++ b/tests/mpi.c @@ -26,12 +26,15 @@ #include <stdio.h> -#include "utils.h" #include "../lib/gnutls_int.h" #include "../lib/mpi.h" #include "../lib/errors.h" #include "../lib/debug.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 7301f293f5..1516afbf35 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -26,11 +26,14 @@ #include <stdio.h> -#include <utils.h> #include "../lib/gnutls_int.h" #include "../lib/x509/x509_int.h" #include "../lib/debug.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include <utils.h> + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); diff --git a/tests/srp.c b/tests/srp.c index c927e877be..607e52ae46 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -329,21 +329,21 @@ const char *tpasswd_conf_file = void doit(void) { - FILE *fd; + FILE *fp; - fd = fopen("tpasswd.conf", "w"); - if (fd == NULL) + fp = fopen("tpasswd.conf", "w"); + if (fp == NULL) exit(1); - fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fd); - fclose(fd); + fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fp); + fclose(fp); - fd = fopen("tpasswd", "w"); - if (fd == NULL) + fp = fopen("tpasswd", "w"); + if (fp == NULL) exit(1); - fwrite(tpasswd_file, 1, strlen(tpasswd_file), fd); - fclose(fd); + fwrite(tpasswd_file, 1, strlen(tpasswd_file), fp); + fclose(fp); start("tls1.2 srp-1024", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test", "test", 0); start("tls1.2 srp-1536", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test2", "test2", 0); diff --git a/tests/tls13/anti_replay.c b/tests/tls13/anti_replay.c index e0aea00385..506c11596a 100644 --- a/tests/tls13/anti_replay.c +++ b/tests/tls13/anti_replay.c @@ -24,11 +24,14 @@ #include <assert.h> #include <stdint.h> -#include "utils.h" #include "virt-time.h" #include "../../lib/tls13/anti_replay.h" #include "../../lib/system.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + #define MAX_CLIENT_HELLO_RECORDED 10 struct storage_st { diff --git a/tests/utils.h b/tests/utils.h index 61d6dc9f9e..935368088a 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -41,13 +41,13 @@ # error tests cannot be compiled with NDEBUG defined #endif -#if _GNUTLS_GCC_VERSION >= 70100 -#define FALLTHROUGH __attribute__ ((fallthrough)) -#endif - #ifndef FALLTHROUGH +#if _GNUTLS_GCC_VERSION >= 70100 +# define FALLTHROUGH __attribute__ ((fallthrough)) +#else # define FALLTHROUGH #endif +#endif /* number of elements within an array */ #define countof(a) (sizeof(a)/sizeof(*(a))) |