| Message ID | 20220718160222.10634-4-denkenz@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/9] cert/key: Add support for EC based certificates | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
On Mon, 18 Jul 2022, Denis Kenzior wrote: > --- > ell/tls.c | 22 +++++++++++++++++++--- > 1 file changed, 19 insertions(+), 3 deletions(-) > > diff --git a/ell/tls.c b/ell/tls.c > index b2f7411f3b36..75b9d45c6523 100644 > --- a/ell/tls.c > +++ b/ell/tls.c > @@ -1899,6 +1899,8 @@ static void tls_handle_certificate(struct l_tls *tls, > bool dummy; > const char *error_str; > char *subject_str; > + enum l_key_cipher_type format_type; > + enum l_checksum_type checksum_type; > > if (len < 3) > goto decode_error; > @@ -2028,9 +2030,23 @@ static void tls_handle_certificate(struct l_tls *tls, > return; > } > > - if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, > - L_CHECKSUM_NONE, &tls->peer_pubkey_size, > - &dummy)) { > + switch (l_cert_get_pubkey_type(tls->peer_cert)) { > + case L_CERT_KEY_RSA: > + format_type = L_KEY_RSA_PKCS1_V1_5; > + checksum_type = L_CHECKSUM_NONE; > + break; > + case L_CERT_KEY_ECC: > + format_type = L_KEY_ECDSA_X962; > + checksum_type = L_CHECKSUM_SHA1; > + break; > + case L_CERT_KEY_UNKNOWN: Hi Denis, I needed to add default: here to get it to build. Details below. > + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, > + "Unknown public key type"); > + return; > + } > + > + if (!l_key_get_info(tls->peer_pubkey, format_type, checksum_type, > + &tls->peer_pubkey_size, &dummy)) { The ell (standalone, bootstrap-configure) build fails here with gcc12/Fedora36: ell/tls.c:2061:14: error: 'checksum_type' may be used uninitialized [-Werror=maybe-uninitialized] ell/tls.c:2061:14: error: 'format_type' may be used uninitialized [-Werror=maybe-uninitialized] Apparently gcc12 can't track that -Werror=switch-enum is in use in combination with -Werror=maybe-uninitialized, and doesn't understand that the switch statement above does guarantee initialization. > TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, > "Can't l_key_get_info for peer public key"); > > -- > 2.35.1 > > > -- Mat Martineau Intel
Hi Mat, > default: Indeed. > here to get it to build. Details below. > >> + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, >> + "Unknown public key type"); >> + return; >> + } >> + >> + if (!l_key_get_info(tls->peer_pubkey, format_type, checksum_type, >> + &tls->peer_pubkey_size, &dummy)) { > > The ell (standalone, bootstrap-configure) build fails here with gcc12/Fedora36: > > ell/tls.c:2061:14: error: 'checksum_type' may be used uninitialized > [-Werror=maybe-uninitialized] > ell/tls.c:2061:14: error: 'format_type' may be used uninitialized > [-Werror=maybe-uninitialized] > > Apparently gcc12 can't track that -Werror=switch-enum is in use in combination > with -Werror=maybe-uninitialized, and doesn't understand that the switch > statement above does guarantee initialization. > GCC seems a bit silly here. Not sure adding 'default:' is any better since we use these warnings defensively in case a new enumeration is added and not handled. Anyhow, I fixed this slightly differently in v2 out shortly. Thanks for testing. Regards, -Denis
diff --git a/ell/tls.c b/ell/tls.c index b2f7411f3b36..75b9d45c6523 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -1899,6 +1899,8 @@ static void tls_handle_certificate(struct l_tls *tls, bool dummy; const char *error_str; char *subject_str; + enum l_key_cipher_type format_type; + enum l_checksum_type checksum_type; if (len < 3) goto decode_error; @@ -2028,9 +2030,23 @@ static void tls_handle_certificate(struct l_tls *tls, return; } - if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - L_CHECKSUM_NONE, &tls->peer_pubkey_size, - &dummy)) { + switch (l_cert_get_pubkey_type(tls->peer_cert)) { + case L_CERT_KEY_RSA: + format_type = L_KEY_RSA_PKCS1_V1_5; + checksum_type = L_CHECKSUM_NONE; + break; + case L_CERT_KEY_ECC: + format_type = L_KEY_ECDSA_X962; + checksum_type = L_CHECKSUM_SHA1; + break; + case L_CERT_KEY_UNKNOWN: + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, + "Unknown public key type"); + return; + } + + if (!l_key_get_info(tls->peer_pubkey, format_type, checksum_type, + &tls->peer_pubkey_size, &dummy)) { TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, "Can't l_key_get_info for peer public key");