Does not compile on the cluster or 13- locally, because base SSL:
hmac384.cpp:56:14: error: variable has incomplete type 'HMAC_CTX' (aka 'hmac_ctx_st')
HMAC_CTX ctx;
/usr/include/openssl/ossl_typ.h:102:16: note: forward declaration of 'hmac_ctx_st'
typedef struct hmac_ctx_st HMAC_CTX;
There is no definition of that type anywhere in /usr/include.
The only consumer of this library is -- or was -- net/opal,
and the use of this library was .if 0'ed out. Remove that
non-use of the library as well.
The library should also be marked BROKEN because the code is, well,
broken. Clang rightfully complains:
ZrtpPacketCommit.h:124:42: warning: 'memcpy' will always overflow; destination buffer has size 0, but size argument is 8 [-Wfortify-source]
void setHMACMulti(uint8_t* hash) { memcpy(commitHeader->hmac-4*ZRTP_WORD_SIZE, hash, sizeof(commitHeader->hmac)); };
ZrtpQueue.cpp:147:9: warning: 'delete' applied to a pointer that was allocated with 'new[]'; did you mean 'delete[]'? [-Wmismatched-new-delete]
delete buffer;
ZrtpQueue.cpp:144:29: note: allocated with 'new[]' here
unsigned char* buffer = new unsigned char[nextSize];
The first warning is *possibly* spurious: it's doing memcpy() into
a struct intended for bit-banging, and is overwriting part of a
previous field. Since there's no member there, there's no size
information for fortify-source to use.
The other two warnings are plain old UB, they were UB when this
library was last released / updated in 2013, they're still UB, now.
There **are** newer releases of this project, but not entirely under
the GNU banner; https://github.com/wernerd/ZRTPCPP seems to be the
right source for that, but I'm not going to chase updating this.
0400c88291