From bc89b5ddd5e3017dd8f9ede3b8990a48b10d942c Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 17 Oct 2025 12:46:40 -0600 Subject: [PATCH 1/4] clang format check --- .github/workflows/clang-format-check.yml | 8 ++------ src/wh_client_crypto.c | 6 ++---- src/wh_comm.c | 3 +-- src/wh_crypto.c | 2 +- src/wh_server_cert.c | 1 - src/wh_server_crypto.c | 6 +++--- src/wh_utils.c | 4 ++-- test/wh_test_crypto.c | 10 +++++----- 8 files changed, 16 insertions(+), 24 deletions(-) diff --git a/.github/workflows/clang-format-check.yml b/.github/workflows/clang-format-check.yml index a455820c..5b1725e7 100644 --- a/.github/workflows/clang-format-check.yml +++ b/.github/workflows/clang-format-check.yml @@ -57,14 +57,10 @@ jobs: echo "" echo "Please run the following command locally on your feature branch and commit the changes:" echo " git-clang-format-15 $BASE_REF" - exit 0 - # TEMPORARY DISABLE DUE TO BUGS - #exit 1 + exit 1 else echo "❌ git-clang-format-15 failed with exit code $status" echo "Output (if any):" cat "$DIFF_FILE" - exit 0 - # TEMPORARY DISABLE DUE TO BUGS - #exit 1 + exit 1 fi diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 494ad6e3..8d73ad5c 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -28,9 +28,8 @@ /* System libraries */ #include -#include /* For NULL */ -#include /* For memset, memcpy */ - +#include /* For NULL */ +#include /* For memset, memcpy */ /* Common WolfHSM types and defines shared with the server */ #include "wolfhsm/wh_common.h" @@ -38,7 +37,6 @@ #include "wolfhsm/wh_crypto.h" #include "wolfhsm/wh_utils.h" - /* Components */ #include "wolfhsm/wh_comm.h" diff --git a/src/wh_comm.c b/src/wh_comm.c index b8e4f647..2b16312c 100644 --- a/src/wh_comm.c +++ b/src/wh_comm.c @@ -24,7 +24,7 @@ /* Pick up compile-time configuration */ #include "wolfhsm/wh_settings.h" -#include /* For sized ints */ +#include /* For sized ints */ #include #include @@ -33,7 +33,6 @@ #include "wolfhsm/wh_comm.h" - /** Conditional byteswap functions */ uint8_t wh_Translate8(uint16_t magic, uint8_t val) diff --git a/src/wh_crypto.c b/src/wh_crypto.c index 57a66650..c430a9b6 100644 --- a/src/wh_crypto.c +++ b/src/wh_crypto.c @@ -30,7 +30,7 @@ /* System libraries */ #include -#include /* For NULL */ +#include /* For NULL */ #include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/wolfcrypt/types.h" diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c index 583e8d10..e0a5021a 100644 --- a/src/wh_server_cert.c +++ b/src/wh_server_cert.c @@ -42,7 +42,6 @@ #include "wolfssl/ssl.h" #include "wolfssl/wolfcrypt/asn.h" - static int _verifyChainAgainstCmStore(whServerContext* server, WOLFSSL_CERT_MANAGER* cm, const uint8_t* chain, uint32_t chain_len, diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index acf8f7d1..7d511e43 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -101,9 +101,9 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, #ifdef HAVE_HKDF /* Process an HKDF request packet and produce a response packet */ -static int _HandleHkdf(whServerContext* ctx, uint16_t magic, - const void* cryptoDataIn, uint16_t inSize, - void* cryptoDataOut, uint16_t* outSize); +static int _HandleHkdf(whServerContext* ctx, uint16_t magic, + const void* cryptoDataIn, uint16_t inSize, + void* cryptoDataOut, uint16_t* outSize); #endif /* HAVE_HKDF */ #ifndef NO_AES diff --git a/src/wh_utils.c b/src/wh_utils.c index c4d7bb57..9cb9c0c1 100644 --- a/src/wh_utils.c +++ b/src/wh_utils.c @@ -25,8 +25,8 @@ #include "wolfhsm/wh_settings.h" #include -#include /* For size_t */ -#include /* For memset/cpy */ +#include /* For size_t */ +#include /* For memset/cpy */ #if defined(WOLFHSM_CFG_HEXDUMP) #include diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 7fe98e7f..8d36e6b9 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -208,11 +208,11 @@ static int whTest_CryptoRsa(whClientContext* ctx, int devId, WC_RNG* rng) if (ret == 0) { /* Using client export key */ - memset(cipherText, 0, sizeof(cipherText)); - memset(finalText, 0, sizeof(finalText)); - ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); - if (ret!= 0) { - WH_ERROR_PRINT("Failed to wc_InitRsaKey_ex %d\n", ret); + memset(cipherText, 0, sizeof(cipherText)); + memset(finalText, 0, sizeof(finalText)); + ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_InitRsaKey_ex %d\n", ret); } else { ret = wh_Client_RsaMakeExportKey(ctx, RSA_KEY_BITS, RSA_EXPONENT, rsa); From c6966b86d41b5b6659f1d50cc95360708c20f1ad Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 17 Oct 2025 15:18:10 -0600 Subject: [PATCH 2/4] Test: Formatting changes to reproduce flakiness --- src/wh_client_crypto.c | 4 ++-- src/wh_comm.c | 2 +- src/wh_crypto.c | 2 +- src/wh_server_crypto.c | 6 +++--- src/wh_utils.c | 4 ++-- test/wh_test_crypto.c | 11 ++++++----- 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 8d73ad5c..6656d99c 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -28,8 +28,8 @@ /* System libraries */ #include -#include /* For NULL */ -#include /* For memset, memcpy */ +#include /* For NULL */ +#include /* For memset, memcpy */ /* Common WolfHSM types and defines shared with the server */ #include "wolfhsm/wh_common.h" diff --git a/src/wh_comm.c b/src/wh_comm.c index 2b16312c..88c43045 100644 --- a/src/wh_comm.c +++ b/src/wh_comm.c @@ -24,7 +24,7 @@ /* Pick up compile-time configuration */ #include "wolfhsm/wh_settings.h" -#include /* For sized ints */ +#include /* For sized ints */ #include #include diff --git a/src/wh_crypto.c b/src/wh_crypto.c index c430a9b6..1b0d3c47 100644 --- a/src/wh_crypto.c +++ b/src/wh_crypto.c @@ -30,7 +30,7 @@ /* System libraries */ #include -#include /* For NULL */ +#include /* For NULL */ #include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/wolfcrypt/types.h" diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 7d511e43..acf8f7d1 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -101,9 +101,9 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, #ifdef HAVE_HKDF /* Process an HKDF request packet and produce a response packet */ -static int _HandleHkdf(whServerContext* ctx, uint16_t magic, - const void* cryptoDataIn, uint16_t inSize, - void* cryptoDataOut, uint16_t* outSize); +static int _HandleHkdf(whServerContext* ctx, uint16_t magic, + const void* cryptoDataIn, uint16_t inSize, + void* cryptoDataOut, uint16_t* outSize); #endif /* HAVE_HKDF */ #ifndef NO_AES diff --git a/src/wh_utils.c b/src/wh_utils.c index 9cb9c0c1..c4d7bb57 100644 --- a/src/wh_utils.c +++ b/src/wh_utils.c @@ -25,8 +25,8 @@ #include "wolfhsm/wh_settings.h" #include -#include /* For size_t */ -#include /* For memset/cpy */ +#include /* For size_t */ +#include /* For memset/cpy */ #if defined(WOLFHSM_CFG_HEXDUMP) #include diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 8d36e6b9..c16e37a9 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -208,12 +208,13 @@ static int whTest_CryptoRsa(whClientContext* ctx, int devId, WC_RNG* rng) if (ret == 0) { /* Using client export key */ - memset(cipherText, 0, sizeof(cipherText)); - memset(finalText, 0, sizeof(finalText)); - ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); + memset(cipherText, 0, sizeof(cipherText)); + memset(finalText, 0, sizeof(finalText)); + ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_InitRsaKey_ex %d\n", ret); - } else { + WH_ERROR_PRINT("Failed to wc_InitRsaKey_ex %d\n", ret); + } + else { ret = wh_Client_RsaMakeExportKey(ctx, RSA_KEY_BITS, RSA_EXPONENT, rsa); if (ret != 0) { From 33b552d8e010cfe621666bc588db007c39791538 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 17 Oct 2025 15:27:07 -0600 Subject: [PATCH 3/4] Test: Bad formatting to test version differences --- src/wh_client_crypto.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 6656d99c..7d8367fb 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -2983,20 +2983,18 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx, } /* Setup generic header and get pointer to request data */ - req = (whMessageCrypto_Sha256Request*)_createCryptoRequest( - dataPtr, WC_HASH_TYPE_SHA256); + req = (whMessageCrypto_Sha256Request*)_createCryptoRequest(dataPtr,WC_HASH_TYPE_SHA256); /* Send the full block to the server, along with the * current hash state if needed. Finalization/padding of last block is up to * the server, we just need to let it know we are done and sending an * incomplete last block */ - if (isLastBlock) { - req->isLastBlock = 1; - req->lastBlockLen = sha256->buffLen; - } - else { - req->isLastBlock = 0; + if(isLastBlock){ + req->isLastBlock=1; + req->lastBlockLen=sha256->buffLen; + }else{ + req->isLastBlock=0; } memcpy(req->inBlock, sha256->buffer, (isLastBlock) ? sha256->buffLen : WC_SHA256_BLOCK_SIZE); From 70b671edd8004faddc6fa77f18f2e5683da5cb71 Mon Sep 17 00:00:00 2001 From: jackctj117 Date: Fri, 17 Oct 2025 15:29:11 -0600 Subject: [PATCH 4/4] Apply clang-format-15 fixes --- src/wh_client_crypto.c | 55 ++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 7d8367fb..a2063426 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -134,7 +134,8 @@ static int _getCryptoResponse(uint8_t* respBuf, uint16_t type, /* Helper function to prepare a crypto request buffer with generic header */ static uint8_t* _createCryptoRequest(uint8_t* reqBuf, uint16_t type) { - return _createCryptoRequestWithSubtype(reqBuf, type, WH_MESSAGE_CRYPTO_ALGO_SUBTYPE_NONE); + return _createCryptoRequestWithSubtype(reqBuf, type, + WH_MESSAGE_CRYPTO_ALGO_SUBTYPE_NONE); } /* Helper function to prepare a crypto request buffer with generic header and @@ -2968,13 +2969,13 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx, wc_Sha256* sha256, uint32_t isLastBlock) { - uint16_t group = WH_MESSAGE_GROUP_CRYPTO; - uint16_t action = WH_MESSAGE_ACTION_NONE; - int ret = 0; - uint16_t dataSz = 0; - whMessageCrypto_Sha256Request* req = NULL; - whMessageCrypto_Sha2Response* res = NULL; - uint8_t* dataPtr = NULL; + uint16_t group = WH_MESSAGE_GROUP_CRYPTO; + uint16_t action = WH_MESSAGE_ACTION_NONE; + int ret = 0; + uint16_t dataSz = 0; + whMessageCrypto_Sha256Request* req = NULL; + whMessageCrypto_Sha2Response* res = NULL; + uint8_t* dataPtr = NULL; /* Get data buffer */ dataPtr = wh_CommClient_GetDataPtr(ctx->comm); @@ -2983,21 +2984,23 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx, } /* Setup generic header and get pointer to request data */ - req = (whMessageCrypto_Sha256Request*)_createCryptoRequest(dataPtr,WC_HASH_TYPE_SHA256); + req = (whMessageCrypto_Sha256Request*)_createCryptoRequest( + dataPtr, WC_HASH_TYPE_SHA256); /* Send the full block to the server, along with the * current hash state if needed. Finalization/padding of last block is up to * the server, we just need to let it know we are done and sending an * incomplete last block */ - if(isLastBlock){ - req->isLastBlock=1; - req->lastBlockLen=sha256->buffLen; - }else{ - req->isLastBlock=0; + if (isLastBlock) { + req->isLastBlock = 1; + req->lastBlockLen = sha256->buffLen; + } + else { + req->isLastBlock = 0; } memcpy(req->inBlock, sha256->buffer, - (isLastBlock) ? sha256->buffLen : WC_SHA256_BLOCK_SIZE); + (isLastBlock) ? sha256->buffLen : WC_SHA256_BLOCK_SIZE); /* Send the hash state - this will be 0 on the first block on a properly * initialized sha256 struct */ @@ -3115,13 +3118,13 @@ int wh_Client_Sha256(whClientContext* ctx, wc_Sha256* sha256, const uint8_t* in, int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in, uint32_t inLen, uint8_t* out) { - int ret = WH_ERROR_OK; - wc_Sha256* sha256 = sha; - uint16_t respSz = 0; - uint16_t group = WH_MESSAGE_GROUP_CRYPTO_DMA; - uint8_t* dataPtr = NULL; - whMessageCrypto_Sha2DmaRequest* req = NULL; - whMessageCrypto_Sha2DmaResponse* resp = NULL; + int ret = WH_ERROR_OK; + wc_Sha256* sha256 = sha; + uint16_t respSz = 0; + uint16_t group = WH_MESSAGE_GROUP_CRYPTO_DMA; + uint8_t* dataPtr = NULL; + whMessageCrypto_Sha2DmaRequest* req = NULL; + whMessageCrypto_Sha2DmaResponse* resp = NULL; uintptr_t inAddr = 0; /* The req->input.addr is reused elsewhere, this local variable is to keep track of the resulting DMA translation to pass back to the callback on @@ -3141,10 +3144,10 @@ int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in, /* map addresses and setup default request structure */ if (in != NULL || out != NULL) { - req->finalize = 0; - req->state.sz = sizeof(*sha256); - req->input.sz = inLen; - req->output.sz = WC_SHA256_DIGEST_SIZE; /* not needed, but YOLO */ + req->finalize = 0; + req->state.sz = sizeof(*sha256); + req->input.sz = inLen; + req->output.sz = WC_SHA256_DIGEST_SIZE; /* not needed, but YOLO */ /* Perform address translations */ ret = wh_Client_DmaProcessClientAddress(