diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-10 17:22:51 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-10 17:22:51 +0000 |
| commit | 9620d12f28db2aeb252512922ab319555608b82a (patch) | |
| tree | 5c3bade68200d7834f3a751f3bc02c42f4f61fe0 | |
| parent | cdc70acc5ea495c7f0e33d90748fa91c25311523 (diff) | |
| parent | da1681ab244ee9ffad820b8b61659f1ef9b66e6f (diff) | |
| download | gnutls-9620d12f28db2aeb252512922ab319555608b82a.tar.gz | |
Merge branch 'tmp-lgtm-suppress-ctime' into 'master'
tools: suppress ctime() error from lgtm warnings
See merge request gnutls/gnutls!994
| -rw-r--r-- | lib/accelerated/aarch64/aarch64-common.h | 5 | ||||
| -rw-r--r-- | lib/accelerated/aarch64/aes-aarch64.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/aarch64/sha-aarch64.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/accelerated.h | 5 | ||||
| -rw-r--r-- | lib/accelerated/cryptodev.h | 5 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-gcm-aead.h | 4 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-padlock.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/x86/aes-x86.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/x86/sha-padlock.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/x86/sha-x86.h | 6 | ||||
| -rw-r--r-- | lib/accelerated/x86/x86-common.h | 4 | ||||
| -rw-r--r-- | libdane/includes/gnutls/dane.h | 4 | ||||
| -rw-r--r-- | src/certtool.c | 8 | ||||
| -rw-r--r-- | src/common.c | 19 | ||||
| -rw-r--r-- | src/common.h | 3 | ||||
| -rw-r--r-- | src/ocsptool-common.c | 17 | ||||
| -rw-r--r-- | src/pkcs11.c | 3 | ||||
| -rw-r--r-- | src/serv.c | 3 |
18 files changed, 85 insertions, 31 deletions
diff --git a/lib/accelerated/aarch64/aarch64-common.h b/lib/accelerated/aarch64/aarch64-common.h index ed2b4e8baf..039b8fb0d8 100644 --- a/lib/accelerated/aarch64/aarch64-common.h +++ b/lib/accelerated/aarch64/aarch64-common.h @@ -20,6 +20,9 @@ * */ +#ifndef GNUTLS_LIB_ACCELERATED_AARCH64_AARCH64_COMMON_H +# define GNUTLS_LIB_ACCELERATED_AARCH64_AARCH64_COMMON_H + #if !__ASSEMBLER__ #define NN_HASH(name, update_func, digest_func, NAME) { \ #name, \ @@ -41,3 +44,5 @@ void register_aarch64_crypto(void); #define ARMV8_SHA256 (1<<4) #define ARMV8_PMULL (1<<5) #define ARMV8_SHA512 (1<<6) + +#endif /* GNUTLS_LIB_ACCELERATED_AARCH64_AARCH64_COMMON_H */ diff --git a/lib/accelerated/aarch64/aes-aarch64.h b/lib/accelerated/aarch64/aes-aarch64.h index f596f4aac6..692d8620d7 100644 --- a/lib/accelerated/aarch64/aes-aarch64.h +++ b/lib/accelerated/aarch64/aes-aarch64.h @@ -1,5 +1,5 @@ -#ifndef AES_ARM_H -#define AES_ARM_H +#ifndef GNUTLS_LIB_ACCELERATED_AARCH64_AES_AARCH64_H +#define GNUTLS_LIB_ACCELERATED_AARCH64_AES_AARCH64_H #include "gnutls_int.h" @@ -31,4 +31,4 @@ extern const gnutls_crypto_cipher_st _gnutls_aes_gcm_aarch64; extern const gnutls_crypto_cipher_st _gnutls_aes_cbc_aarch64; extern const gnutls_crypto_cipher_st _gnutls_aes_ccm_aarch64; -#endif +#endif /* GNUTLS_LIB_ACCELERATED_AARCH64_AES_AARCH64_H */ diff --git a/lib/accelerated/aarch64/sha-aarch64.h b/lib/accelerated/aarch64/sha-aarch64.h index 010a216232..e5282b87a1 100644 --- a/lib/accelerated/aarch64/sha-aarch64.h +++ b/lib/accelerated/aarch64/sha-aarch64.h @@ -1,5 +1,5 @@ -#ifndef SHA_ARM_H -#define SHA_ARM_H +#ifndef GNUTLS_LIB_ACCELERATED_AARCH64_SHA_AARCH64_H +#define GNUTLS_LIB_ACCELERATED_AARCH64_SHA_AARCH64_H #include <nettle/sha.h> @@ -16,4 +16,4 @@ void aarch64_sha1_update(struct sha1_ctx *ctx, size_t length, const uint8_t * da void aarch64_sha256_update(struct sha256_ctx *ctx, size_t length, const uint8_t * data); void aarch64_sha512_update(struct sha512_ctx *ctx, size_t length, const uint8_t * data); -#endif +#endif /* GNUTLS_LIB_ACCELERATED_AARCH64_SHA_AARCH64_H */ diff --git a/lib/accelerated/accelerated.h b/lib/accelerated/accelerated.h index 1fccccbb3c..5e9e92afb1 100644 --- a/lib/accelerated/accelerated.h +++ b/lib/accelerated/accelerated.h @@ -1 +1,6 @@ +#ifndef GNUTLS_LIB_ACCELERATED_ACCELERATED_H +# define GNUTLS_LIB_ACCELERATED_ACCELERATED_H + void _gnutls_register_accel_crypto(void); + +#endif /* GNUTLS_LIB_ACCELERATED_ACCELERATED_H */ diff --git a/lib/accelerated/cryptodev.h b/lib/accelerated/cryptodev.h index 78b81cbd53..4824def777 100644 --- a/lib/accelerated/cryptodev.h +++ b/lib/accelerated/cryptodev.h @@ -1,3 +1,6 @@ +#ifndef GNUTLS_LIB_ACCELERATED_CRYPTODEV_H +# define GNUTLS_LIB_ACCELERATED_CRYPTODEV_H + extern int _gnutls_cryptodev_fd; #define CHECK_AES_KEYSIZE(s) \ @@ -7,3 +10,5 @@ extern int _gnutls_cryptodev_fd; void _gnutls_cryptodev_deinit(void); int _gnutls_cryptodev_init(void); int _cryptodev_register_gcm_crypto(int cfd); + +#endif /* GNUTLS_LIB_ACCELERATED_CRYPTODEV_H */ diff --git a/lib/accelerated/x86/aes-gcm-aead.h b/lib/accelerated/x86/aes-gcm-aead.h index a1a71edbc5..f8cb5a5ea1 100644 --- a/lib/accelerated/x86/aes-gcm-aead.h +++ b/lib/accelerated/x86/aes-gcm-aead.h @@ -1,3 +1,6 @@ +#ifndef GNUTLS_LIB_ACCELERATED_X86_AES_GCM_AEAD_H +# define GNUTLS_LIB_ACCELERATED_X86_AES_GCM_AEAD_H + static int aes_gcm_aead_encrypt(void *ctx, const void *nonce, size_t nonce_size, @@ -46,3 +49,4 @@ aes_gcm_aead_decrypt(void *ctx, return 0; } +#endif /* GNUTLS_LIB_ACCELERATED_X86_AES_GCM_AEAD_H */ diff --git a/lib/accelerated/x86/aes-padlock.h b/lib/accelerated/x86/aes-padlock.h index cff3128f14..cd9dc23609 100644 --- a/lib/accelerated/x86/aes-padlock.h +++ b/lib/accelerated/x86/aes-padlock.h @@ -1,5 +1,5 @@ -#ifndef AES_PADLOCK_H -#define AES_PADLOCK_H +#ifndef GNUTLS_LIB_ACCELERATED_X86_AES_PADLOCK_H +#define GNUTLS_LIB_ACCELERATED_X86_AES_PADLOCK_H #include "gnutls_int.h" #include <aes-x86.h> @@ -43,4 +43,4 @@ int padlock_ecb_encrypt(void *out, const void *inp, struct padlock_cipher_data *ctx, size_t len); int padlock_cbc_encrypt(void *out, const void *inp, struct padlock_cipher_data *ctx, size_t len); -#endif +#endif /* GNUTLS_LIB_ACCELERATED_X86_AES_PADLOCK_H */ diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h index 2fcd890980..92f54a6a90 100644 --- a/lib/accelerated/x86/aes-x86.h +++ b/lib/accelerated/x86/aes-x86.h @@ -1,5 +1,5 @@ -#ifndef AES_X86_H -#define AES_X86_H +#ifndef GNUTLS_LIB_ACCELERATED_X86_AES_X86_H +#define GNUTLS_LIB_ACCELERATED_X86_AES_X86_H #include "gnutls_int.h" @@ -62,4 +62,4 @@ extern const gnutls_crypto_cipher_st _gnutls_aes_ssse3; extern const gnutls_crypto_cipher_st _gnutls_aesni_x86; -#endif +#endif /* GNUTLS_LIB_ACCELERATED_X86_AES_X86_H */ diff --git a/lib/accelerated/x86/sha-padlock.h b/lib/accelerated/x86/sha-padlock.h index e489582b65..af67a07dd7 100644 --- a/lib/accelerated/x86/sha-padlock.h +++ b/lib/accelerated/x86/sha-padlock.h @@ -1,5 +1,5 @@ -#ifndef SHA_PADLOCK_H -#define SHA_PADLOCK_H +#ifndef GNUTLS_LIB_ACCELERATED_X86_SHA_PADLOCK_H +#define GNUTLS_LIB_ACCELERATED_X86_SHA_PADLOCK_H #include <nettle/sha.h> @@ -33,4 +33,4 @@ extern const struct nettle_hash padlock_sha512; extern const gnutls_crypto_mac_st _gnutls_hmac_sha_padlock_nano; extern const gnutls_crypto_digest_st _gnutls_sha_padlock_nano; -#endif +#endif /* GNUTLS_LIB_ACCELERATED_X86_SHA_PADLOCK_H */ diff --git a/lib/accelerated/x86/sha-x86.h b/lib/accelerated/x86/sha-x86.h index 3304212538..4724604bdd 100644 --- a/lib/accelerated/x86/sha-x86.h +++ b/lib/accelerated/x86/sha-x86.h @@ -1,5 +1,5 @@ -#ifndef SHA_X86_H -#define SHA_X86_H +#ifndef GNUTLS_LIB_ACCELERATED_X86_SHA_X86_H +#define GNUTLS_LIB_ACCELERATED_X86_SHA_X86_H #include <nettle/sha.h> @@ -19,4 +19,4 @@ void x86_sha512_update(struct sha512_ctx *ctx, size_t length, const uint8_t * da extern const gnutls_crypto_digest_st _gnutls_sha_x86_ssse3; extern const gnutls_crypto_mac_st _gnutls_hmac_sha_x86_ssse3; -#endif +#endif /* GNUTLS_LIB_ACCELERATED_X86_SHA_X86_H */ diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h index c12f7e1177..0e2d86d510 100644 --- a/lib/accelerated/x86/x86-common.h +++ b/lib/accelerated/x86/x86-common.h @@ -19,6 +19,8 @@ * along with this program. If not, see <https://www.gnu.org/licenses/>. * */ +#ifndef GNUTLS_LIB_ACCELERATED_X86_X86_COMMON_H +# define GNUTLS_LIB_ACCELERATED_X86_X86_COMMON_H #include <config.h> @@ -48,3 +50,5 @@ unsigned int gnutls_have_cpuid(void); (nettle_hash_update_func *) update_func, \ (nettle_hash_digest_func *) digest_func \ } + +#endif diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h index 69ced4bde9..92d1da9226 100644 --- a/libdane/includes/gnutls/dane.h +++ b/libdane/includes/gnutls/dane.h @@ -20,6 +20,8 @@ * */ +#ifndef GNUTLS_DANE_H +#define GNUTLS_DANE_H #include <gnutls/gnutls.h> /* for gnutls_datum_t */ @@ -198,3 +200,5 @@ const char *dane_strerror(int error); #define DANE_E_FILE_ERROR -12 #define DANE_E_CERT_ERROR -13 #define DANE_E_UNKNOWN_DANE_DATA -14 + +#endif /* GNUTLS_DANE_H */ diff --git a/src/certtool.c b/src/certtool.c index 6623b86385..f34f7d4573 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -325,6 +325,7 @@ generate_certificate(gnutls_privkey_t * ret_key, unsigned int usage = 0, server, ask; gnutls_x509_crq_t crq; /* request */ unsigned pk; + char timebuf[SIMPLE_CTIME_BUF_SIZE]; ret = gnutls_x509_crt_init(&crt); if (ret < 0) { @@ -439,8 +440,8 @@ generate_certificate(gnutls_privkey_t * ret_key, if (ca_crt && (secs > gnutls_x509_crt_get_expiration_time(ca_crt))) { time_t exp = gnutls_x509_crt_get_expiration_time(ca_crt); - fprintf(stderr, "\nExpiration time: %s", ctime(&secs)); - fprintf(stderr, "CA expiration time: %s", ctime(&exp)); + fprintf(stderr, "\nExpiration time: %s\n", simple_ctime(&secs, timebuf)); + fprintf(stderr, "CA expiration time: %s\n", simple_ctime(&exp, timebuf)); fprintf(stderr, "Warning: The time set exceeds the CA's expiration time\n"); ask = 1; } @@ -2652,12 +2653,13 @@ static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st *info, common_in gnutls_datum_t data; char prefix[128]; int ret; + char timebuf[SIMPLE_CTIME_BUF_SIZE]; print_dn("\tSigner's issuer DN", &info->issuer_dn); print_raw("\tSigner's serial", &info->signer_serial); print_raw("\tSigner's issuer key ID", &info->issuer_keyid); if (info->signing_time != -1) - fprintf(outfile, "\tSigning time: %s", ctime(&info->signing_time)); + fprintf(outfile, "\tSigning time: %s\n", simple_ctime(&info->signing_time, timebuf)); fprintf(outfile, "\tSignature Algorithm: %s\n", gnutls_sign_get_name(info->algo)); diff --git a/src/common.c b/src/common.c index 664513c9ad..433e31ac90 100644 --- a/src/common.c +++ b/src/common.c @@ -1199,3 +1199,22 @@ void log_set(FILE *file) { logfile = file; } + +/* This is very similar to ctime() but it does not force a newline. + */ +char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE]) +{ + struct tm tm; + + if (localtime_r(t, &tm) == NULL) + goto error; + + if (!strftime(out, SIMPLE_CTIME_BUF_SIZE, "%c", &tm)) + goto error; + + return out; + + error: + snprintf(out, SIMPLE_CTIME_BUF_SIZE, "[error]"); + return out; +} diff --git a/src/common.h b/src/common.h index 40f16451ae..884a355a82 100644 --- a/src/common.h +++ b/src/common.h @@ -144,4 +144,7 @@ void set_read_funcs(gnutls_session_t session) # define set_read_funcs(x) #endif +#define SIMPLE_CTIME_BUF_SIZE 64 +char *simple_ctime(const time_t *t, char buf[SIMPLE_CTIME_BUF_SIZE]); + #endif /* GNUTLS_SRC_COMMON_H */ diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c index dd9dc2dc8d..4286e1484c 100644 --- a/src/ocsptool-common.c +++ b/src/ocsptool-common.c @@ -335,6 +335,8 @@ check_ocsp_response(gnutls_x509_crt_t cert, int ret; unsigned int status, cert_status; time_t rtime, vtime, ntime, now; + char timebuf1[SIMPLE_CTIME_BUF_SIZE]; + char timebuf2[SIMPLE_CTIME_BUF_SIZE]; now = time(0); @@ -395,7 +397,7 @@ check_ocsp_response(gnutls_x509_crt_t cert, } if (cert_status == GNUTLS_OCSP_CERT_REVOKED) { - printf("*** Certificate was revoked at %s", ctime(&rtime)); + printf("*** Certificate was revoked at %s\n", simple_ctime(&rtime, timebuf1)); ret = 0; goto cleanup; } @@ -403,17 +405,16 @@ check_ocsp_response(gnutls_x509_crt_t cert, if (ntime == -1) { if (now - vtime > OCSP_VALIDITY_SECS) { printf - ("*** The OCSP response is old (was issued at: %s) ignoring", - ctime(&vtime)); + ("*** The OCSP response is old (was issued at: %s) ignoring\n", + simple_ctime(&vtime, timebuf1)); ret = -1; goto cleanup; } } else { /* there is a newer OCSP answer, don't trust this one */ if (ntime < now) { - printf - ("*** The OCSP response was issued at: %s, but there is a newer issue at %s", - ctime(&vtime), ctime(&ntime)); + printf("*** The OCSP response was issued at: %s but there is a newer issue at %s\n", + simple_ctime(&vtime, timebuf1), simple_ctime(&ntime, timebuf2)); ret = -1; goto cleanup; } @@ -445,8 +446,8 @@ check_ocsp_response(gnutls_x509_crt_t cert, } finish_ok: - printf("- OCSP server flags certificate not revoked as of %s", - ctime(&vtime)); + printf("- OCSP server flags certificate not revoked as of %s\n", + simple_ctime(&vtime, timebuf1)); ret = 1; cleanup: gnutls_ocsp_resp_deinit(resp); diff --git a/src/pkcs11.c b/src/pkcs11.c index bb4acd66ce..d938231c35 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -281,6 +281,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, unsigned int oflags; const char *vendor; char *objurl; + char timebuf[SIMPLE_CTIME_BUF_SIZE]; ret = gnutls_pkcs11_obj_export_url(crt_list[i], detailed, @@ -326,7 +327,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, } if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) { - fprintf(outfile, "\tExpires: %s", ctime(&exp)); + fprintf(outfile, "\tExpires: %s\n", simple_ctime(&exp, timebuf)); } gnutls_free(output); diff --git a/src/serv.c b/src/serv.c index 0866bff903..fbb40258a5 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1451,6 +1451,7 @@ static void tcp_server(const char *name, int port) if (accept_fd < 0) { perror("accept()"); } else { + char timebuf[SIMPLE_CTIME_BUF_SIZE]; time_t tt = time(0); char *ctt; @@ -1472,7 +1473,7 @@ static void tcp_server(const char *name, int port) j->close_ok = 0; if (verbose != 0) { - ctt = ctime(&tt); + ctt = simple_ctime(&tt, timebuf); ctt[strlen(ctt) - 1] = 0; printf |