From patchwork Thu Dec 19 22:04:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1213747 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="lAJFSECC"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47f5YP43GGz9sPT for ; Fri, 20 Dec 2019 09:06:01 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dE5/83D/XNQBWk0+dZ0e61YnwFwZxicvOMpsz1cy3j4=; b=lAJFSECCekYhac /UpI7TNYKLebWeNkfUDtz9W7WBp7yurIIQJN74DxW2q14HGSHFqg0zvPV2TT7XCT+5aISpnWkzsfb iS3BvYEKHU5DPWqQmh0Kt+1vbTTZj4Ol+5+Gc8SekKCBlrsIJA0SG43V4zc5Rnv6Z/jNE8UP04mSx 2jqzuOiq1bhVZJ0SKD42PDNSFknqHaDKtHcVkhkxOnXKdppD4Op2lm9vYD0uL21VXrZWQgDa8zW0y hhPUoi+HAt+wfRrU9LqWZ0LRAk7O+JoCNL9aJwfhGIbKYcsp9q9KJgqM6T3qcm6AZpudR1+Jf6ek/ SHsNprZvpMLlwfJISzzw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3ve-0007hp-Ne; Thu, 19 Dec 2019 22:05:54 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ii3uI-0003bV-Rp for openwrt-devel@lists.openwrt.org; Thu, 19 Dec 2019 22:04:38 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 207A24B92; Thu, 19 Dec 2019 23:04:29 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 5a7ee360; Thu, 19 Dec 2019 23:04:19 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Date: Thu, 19 Dec 2019 23:04:15 +0100 Message-Id: <20191219220421.22206-4-ynezz@true.cz> In-Reply-To: <20191219220421.22206-1-ynezz@true.cz> References: <20191219220421.22206-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191219_140431_239740_6386F0BB X-CRM114-Status: GOOD ( 10.70 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [178.217.244.18 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH ucert 3/9] cmake: enable hardening compiler flags and fix the reported issues X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Lets enable some useful flags in order to spot possible issues during QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new flags as reported by clang-9 on x86/64: ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare] ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare] ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare] Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/ Signed-off-by: Petr Štetiar --- CMakeLists.txt | 8 +++++++- ucert.c | 18 +++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 14888ac38135..436abc6857b3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,13 @@ cmake_minimum_required(VERSION 2.6) PROJECT(ucert C) -ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations) + +ADD_DEFINITIONS(-Wall -Werror) +IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6) + ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration) + ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral) +ENDIF() +ADD_DEFINITIONS(-Os -std=gnu99 -ggdb -Wmissing-declarations -Wno-unused-parameter) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") diff --git a/ucert.c b/ucert.c index 569b31d5f16e..8503eeb26cd8 100644 --- a/ucert.c +++ b/ucert.c @@ -48,9 +48,13 @@ static enum { static bool quiet; #ifndef UCERT_STRIP_MESSAGES -#define DPRINTF(format, ...) if (!quiet) fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__) +#define DPRINTF(format, ...) \ + do { \ + if (!quiet) \ + fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__); \ + } while (0) #else -#define DPRINTF(format, ...) +#define DPRINTF(format, ...) do { } while (0) #endif /* @@ -133,7 +137,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { struct cert_object *cobj; char filebuf[CERT_BUF_LEN]; int ret = 0, pret = 0; - int len, pos = 0; + size_t len, pos = 0; f = fopen(certfile, "r"); if (!f) @@ -269,8 +273,8 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, list_for_each_entry(cobj, chain, list) { /* blob has payload, verify that using signature */ if (cobj->cert[CERT_ATTR_PAYLOAD]) { - uint64_t validfrom; - uint64_t expiresat; + time_t validfrom; + time_t expiresat; uint32_t certtype; ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir); @@ -499,8 +503,8 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) { struct blob_attr *payloadtb[CERT_PL_ATTR_MAX]; struct stat st; struct timeval tv; - uint64_t validfrom; - uint32_t certtype; + time_t validfrom; + enum certtype_id certtype; char *fingerprint; char rfname[512];