libtom · sjaeckel · Jun 19, 2023 · Jun 17, 2023 · Jun 17, 2023 · Jun 17, 2023
diff --git a/.ci/valgrind.sh b/.ci/valgrind.sh
@@ -21,7 +21,10 @@ make clean &>/dev/null
 
 echo "Build for valgrind..."
 
-make -j$MAKE_JOBS CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" test LTC_DEBUG=1 1>gcc_1.txt 2>gcc_2.txt
+# set DWARFv4 as debug format for clang, since it creates DWARFv5 as default which isn't support in old valgrind
+[ -z "$(echo $CC | grep "clang")" ] || GFLAG="-gdwarf-4"
+
+make -j$MAKE_JOBS CFLAGS="$2 $CFLAGS $4 $GFLAG" EXTRALIBS="$5" test LTC_DEBUG=1 1>gcc_1.txt 2>gcc_2.txt
 
 echo "Run tests with valgrind..."
 

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -32,7 +32,7 @@ jobs:
     strategy:
       matrix:
         cc: [ gcc, clang ]
-        os: [ ubuntu-18.04 ]
+        os: [ ubuntu-20.04, ubuntu-22.04 ]
         config:
           - { BUILDNAME: 'META_BUILDS',          BUILDOPTIONS: '-DGMP_DESC',                                          BUILDSCRIPT: '.ci/meta_builds.sh' }
           - { BUILDNAME: 'VALGRIND',             BUILDOPTIONS: '',                                                    BUILDSCRIPT: '.ci/valgrind.sh' }
@@ -56,10 +56,11 @@ jobs:
       - name: install dependencies
         run: |
           sudo apt-get update -qq
-          sudo apt-get install -y libtommath-dev libgmp-dev libtfm-dev valgrind libtool-bin clang-tools lcov
+          sudo apt-get install -y libgmp-dev valgrind libtool-bin clang-tools lcov ruby clang
+          sudo apt-get remove -y libtommath1
           sudo gem install coveralls-lcov
           curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
-          sudo apt-get install libtfm1=0.13-5ubuntu1
+          sudo apt-get install libtfm-git-dev libtommath-git-dev
       - name: run tests
         env:
           CC: "${{ matrix.cc }}"
@@ -71,14 +72,16 @@ jobs:
       - name: regular logs
         if: ${{ !failure() }}
         run: |
-          cat gcc_1.txt
-          cat gcc_2.txt
+          cat gcc_1.txt || true
+          cat gcc_2.txt || true
       - name: error logs
         if: ${{ failure() }}
         run: |
-          cat test_std.txt
-          cat test_err.txt
-          cat tv.txt
+          cat gcc_1.txt || true
+          cat gcc_2.txt || true
+          cat test_std.txt || true
+          cat test_err.txt || true
+          cat tv.txt || true
       - name: pack build directory
         if: ${{ failure() }}
         run: |

diff --git a/makefile_include.mk b/makefile_include.mk
@@ -55,10 +55,10 @@ endif
 
 ifndef EXTRALIBS
 ifneq ($(shell echo $(CFLAGS) | grep USE_LTM),)
-EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config libtommath --libs)
+EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --libs libtommath)
 else
 ifneq ($(shell echo $(CFLAGS) | grep USE_TFM),)
-EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config tomsfastmath --libs)
+EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --libs tomsfastmath)
 endif
 endif
 endif
@@ -76,6 +76,12 @@ endef
 # by giving them as a parameter to make:
 #  make CFLAGS="-I./src/headers/ -DLTC_SOURCE ..." ...
 #
+ifneq ($(shell echo $(CFLAGS) | grep LTM_DESC),)
+LTC_CFLAGS+=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --cflags-only-I libtommath)
+endif
+ifneq ($(shell echo $(CFLAGS) | grep TFM_DESC),)
+LTC_CFLAGS+=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config --cflags-only-I tomsfastmath)
+endif
 LTC_CFLAGS += -I./src/headers/ -DLTC_SOURCE -Wall -Wsign-compare -Wshadow
 
 ifdef OLD_GCC

diff --git a/src/encauth/ccm/ccm_test.c b/src/encauth/ccm/ccm_test.c
@@ -215,14 +215,14 @@ int ccm_test(void)
             XMEMCPY(tag3, tests[x].tag, tests[x].taglen);
             tag3[0] ^= 0xff; /* set the tag to the wrong value */
             taglen = tests[x].taglen;
-            if ((err = ccm_memory(idx,
-                                  tests[x].key, 16,
-                                  NULL,
-                                  tests[x].nonce, tests[x].noncelen,
-                                  tests[x].header, tests[x].headerlen,
-                                  buf2, tests[x].ptlen,
-                                  buf,
-                                  tag3, &taglen, 1   )) != CRYPT_ERROR) {
+            if (ccm_memory(idx,
+                           tests[x].key, 16,
+                           NULL,
+                           tests[x].nonce, tests[x].noncelen,
+                           tests[x].header, tests[x].headerlen,
+                           buf2, tests[x].ptlen,
+                           buf,
+                           tag3, &taglen, 1   ) != CRYPT_ERROR) {
                return CRYPT_FAIL_TESTVECTOR;
             }
             if (compare_testvector(buf2, tests[x].ptlen, zero, tests[x].ptlen, "CCM decrypt wrong tag", x)) {

diff --git a/src/misc/pkcs5/pkcs_5_test.c b/src/misc/pkcs5/pkcs_5_test.c
@@ -169,6 +169,7 @@ int pkcs_5_test (void)
                               (unsigned char*)cases_5_2[i].S, cases_5_2[i].S_len,
                               cases_5_2[i].c, hash,
                               DK, &dkLen)) != CRYPT_OK) {
+            LTC_UNUSED_PARAM(err);
 #ifdef LTC_TEST_DBG
             printf("\npkcs_5_alg2() #%d: Failed/1 (%s)\n", i, error_to_string(err));
 #endif
@@ -186,6 +187,7 @@ int pkcs_5_test (void)
                               (unsigned char*)cases_5_1[i].S,
                               cases_5_1[i].c, hash,
                               DK, &dkLen)) != CRYPT_OK) {
+            LTC_UNUSED_PARAM(err);
 #ifdef LTC_TEST_DBG
             printf("\npkcs_5_alg1() #%d: Failed/1 (%s)\n", i, error_to_string(err));
 #endif
@@ -203,6 +205,7 @@ int pkcs_5_test (void)
                                        (unsigned char*)cases_5_1o[i].S,
                                        cases_5_1o[i].c, hash,
                                        DK, &dkLen)) != CRYPT_OK) {
+            LTC_UNUSED_PARAM(err);
 #ifdef LTC_TEST_DBG
             printf("\npkcs_5_alg1_openssl() #%d: Failed/1 (%s)\n", i, error_to_string(err));
 #endif

diff --git a/src/misc/ssh/ssh_encode_sequence_multi.c b/src/misc/ssh/ssh_encode_sequence_multi.c
@@ -134,7 +134,7 @@ int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
                   STORE32H(size, out);
                   out += 4;
                }
-               if ((err = mp_to_unsigned_bin(vdata, out)) != CRYPT_OK) {
+               if (mp_to_unsigned_bin(vdata, out) != CRYPT_OK) {
                   err = CRYPT_ERROR;
                   goto error;
                }

diff --git a/src/pk/asn1/der/custom_type/der_encode_custom_type.c b/src/pk/asn1/der/custom_type/der_encode_custom_type.c
@@ -36,7 +36,7 @@ int der_encode_custom_type(const ltc_asn1_list *root,
 
    /* get size of output that will be required */
    y = 0; z = 0;
-   if ((err = der_length_custom_type(root, &y, &z)) != CRYPT_OK) return CRYPT_INVALID_ARG;
+   if (der_length_custom_type(root, &y, &z) != CRYPT_OK) return CRYPT_INVALID_ARG;
 
    /* too big ? */
    if (*outlen < y) {
@@ -46,7 +46,7 @@ int der_encode_custom_type(const ltc_asn1_list *root,
    }
 
    /* get length of the identifier, so we know the offset where to start writing */
-   if ((err = der_length_asn1_identifier(root, &id_len)) != CRYPT_OK) return CRYPT_INVALID_ARG;
+   if (der_length_asn1_identifier(root, &id_len) != CRYPT_OK) return CRYPT_INVALID_ARG;
    x = id_len;
 
 

diff --git a/src/pk/asn1/der/sequence/der_encode_sequence_ex.c b/src/pk/asn1/der/sequence/der_encode_sequence_ex.c
@@ -33,7 +33,7 @@ int der_encode_sequence_ex(const ltc_asn1_list *list, unsigned long inlen,
 
    /* get size of output that will be required */
    y = 0; z = 0;
-   if ((err = der_length_sequence_ex(list, inlen, &y, &z)) != CRYPT_OK) return CRYPT_INVALID_ARG;
+   if (der_length_sequence_ex(list, inlen, &y, &z) != CRYPT_OK) return CRYPT_INVALID_ARG;
 
    /* too big ? */
    if (*outlen < y) {

diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c
@@ -72,14 +72,14 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
        }
    }
    /* get key type */
-   if ((err = der_decode_sequence_multi(in, inlen,
-                          LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
-                          LTC_ASN1_INTEGER,      1UL, key->p,
-                          LTC_ASN1_INTEGER,      1UL, key->q,
-                          LTC_ASN1_INTEGER,      1UL, key->g,
-                          LTC_ASN1_INTEGER,      1UL, key->y,
-                          LTC_ASN1_INTEGER,      1UL, key->x,
-                          LTC_ASN1_EOL,          0UL, NULL)) == CRYPT_OK) {
+   if (der_decode_sequence_multi(in, inlen,
+                                 LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
+                                 LTC_ASN1_INTEGER,       1UL, key->p,
+                                 LTC_ASN1_INTEGER,       1UL, key->q,
+                                 LTC_ASN1_INTEGER,       1UL, key->g,
+                                 LTC_ASN1_INTEGER,       1UL, key->y,
+                                 LTC_ASN1_INTEGER,       1UL, key->x,
+                                 LTC_ASN1_EOL,           0UL, NULL) == CRYPT_OK) {
 
        key->type = PK_PRIVATE;
    } else { /* public */

diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c
@@ -64,7 +64,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen,
    if (err != CRYPT_OK) return err;
 
 
-   if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
+   if (pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l) == CRYPT_OK) {
 
       /* Setup for basic structure */
       n=0;
@@ -73,7 +73,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen,
       LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key);
       LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
 
-      if (((err = s_der_flexi_sequence_cmp(l, flexi_should)) == CRYPT_OK) &&
+      if ((s_der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) &&
             (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) {
          ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor;
 
@@ -154,7 +154,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen,
 
          /* load private key value 'k' */
          len = priv_key->size;
-         if ((err = der_decode_sequence_flexi(priv_key->data, &len, &p)) == CRYPT_OK) {
+         if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) {
             if (p->type == LTC_ASN1_SEQUENCE &&
                 LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) &&
                 LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) {

diff --git a/src/pk/rsa/rsa_verify_hash.c b/src/pk/rsa/rsa_verify_hash.c
@@ -136,7 +136,7 @@ int rsa_verify_hash_ex(const unsigned char *sig,            unsigned long  sigle
       LTC_SET_ASN1(siginfo,    0, LTC_ASN1_SEQUENCE,          digestinfo,                    2);
       LTC_SET_ASN1(siginfo,    1, LTC_ASN1_OCTET_STRING,      tmpbuf,                        siglen);
 
-      if ((err = der_decode_sequence_strict(out, outlen, siginfo, 2)) != CRYPT_OK) {
+      if (der_decode_sequence_strict(out, outlen, siginfo, 2) != CRYPT_OK) {
          /* fallback to Legacy:missing NULL */
          LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE,          digestinfo,                    1);
          if ((err = der_decode_sequence_strict(out, outlen, siginfo, 2)) != CRYPT_OK) {

diff --git a/tests/der_test.c b/tests/der_test.c
@@ -1272,19 +1272,18 @@ static void der_Xcode_run(const der_Xcode_t* x)
 {
    unsigned long l1, l2, sz;
    void *d1, *d2;
-   int err;
 
    l1 = 1;
    d1 = XMALLOC(l1 * x->type_sz);
    sz = (x->in_sz * x->factor)/x->type_sz;
 
-   if ((err = x->encode(x->in, sz, d1, &l1)) == CRYPT_BUFFER_OVERFLOW) {
+   if (x->encode(x->in, sz, d1, &l1) == CRYPT_BUFFER_OVERFLOW) {
       d1 = XREALLOC(d1, l1 * x->type_sz);
    }
    DO(x->encode(x->in, sz, d1, &l1));
    l2 = 1;
    d2 = XMALLOC(l2 * x->type_sz);
-   while ((err = x->decode(d1, l1, d2, &l2)) == CRYPT_BUFFER_OVERFLOW) {
+   while (x->decode(d1, l1, d2, &l2) == CRYPT_BUFFER_OVERFLOW) {
       d2 = XREALLOC(d2, l2 * x->type_sz);
    }
    DO(x->decode(d1, l1, d2, &l2));

diff --git a/tests/pkcs_1_test.c b/tests/pkcs_1_test.c
@@ -14,7 +14,7 @@ int pkcs_1_test(void)
 {
    unsigned char buf[3][128];
    int res1, res2, res3, prng_idx, hash_idx;
-   unsigned long x, y, l1, l2, l3, i1, i2, lparamlen, saltlen, modlen;
+   unsigned long x, y, l1, l2, l3, i1, lparamlen, saltlen, modlen;
    static const unsigned char lparam[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
 
    /* get hash/prng  */
@@ -75,7 +75,7 @@ int pkcs_1_test(void)
       DO(pkcs_1_pss_decode(buf[0], l3, buf[1], l1, saltlen, hash_idx, modlen, &res2));
 
       buf[0][i1] ^= 1;
-      buf[1][i2 = abs(rand()) % (l1 - 1)] ^= 1;
+      buf[1][abs(rand()) % (l1 - 1)] ^= 1;
       pkcs_1_pss_decode(buf[0], l3, buf[1], l1, saltlen, hash_idx, modlen, &res3);
       if (!(res1 == 1 && res2 == 0 && res3 == 0)) {
          fprintf(stderr, "PSS failed: %d, %d, %d, %lu, %lu\n", res1, res2, res3, l3, saltlen);