Add first .clang-tidy file

.clang-tidy

@@ -0,0 +1,38 @@
+# -bugprone-assignment-in-if-condition
+#   [TODO] opinionated, we might want to enable that at some point
+# -bugprone-branch-clone
+#   In some cases it is more readable to have identical branch blocks
+# -bugprone-easily-swappable-parameters:
+#   We have a lot integer-liky types (e.g. TPMI_RH_NV_INDEX) which we do not
+#   want to turn into opaque or strong types. They are part of the API.
+# -bugprone-implicit-widening-of-multiplication-result
+#   [TODO]
+#  -bugprone-reserved-identifier
+#   [TODO]
+#
+# -clang-analyzer-optin.performance.Padding
+#   We prefer logical/semantic order over (potentially insignificant)
+#   optimization.
+# -clang-analyzer-security.insecureAPI
+#   There is no real alternative to strcat etc. in C99.
+# -clang-analyzer-valist.Uninitialized
+#   Bugged: https://bugs.llvm.org/show_bug.cgi?id=41311
+
+---
+Checks: "\
+  bugprone*, \
+  -bugprone-assignment-in-if-condition, \
+  -bugprone-branch-clone, \
+  -bugprone-easily-swappable-parameters, \
+  -bugprone-implicit-widening-of-multiplication-result, \
+  -bugprone-reserved-identifier, \
+  \
+  clang-analyzer, \
+  -clang-analyzer-optin.performance.Padding, \
+  -clang-analyzer-security.insecureAPI.*, \
+  -clang-analyzer-valist.Uninitialized, \
+  \
+  clang-diagnostic*, \
+"
+WarningsAsErrors: "*"
+HeaderFilterRegex: "(src|include)/.*"

include/tss2/tss2_common.h

@@ -50,7 +50,7 @@ typedef uint32_t TSS2_RC;
  * layer that generated the error.
  */
 #define TSS2_RC_LAYER_SHIFT      (16)
-#define TSS2_RC_LAYER(level)     ((TSS2_RC)level << TSS2_RC_LAYER_SHIFT)
+#define TSS2_RC_LAYER(level)     ((TSS2_RC)(level) << TSS2_RC_LAYER_SHIFT)
 #define TSS2_RC_LAYER_MASK       TSS2_RC_LAYER(0xff)
 
 /* These layer codes are reserved for software layers defined in the TCG

include/tss2/tss2_esys.h

@@ -3796,7 +3796,7 @@ Esys_Vendor_TCG_Test_Finish(
  */
 void
 Esys_Free(
-    void *__ptr);
+    void *ptr);
 
 TSS2_RC
 Esys_GetSysContext(

include/tss2/tss2_tcti.h

@@ -63,76 +63,76 @@ typedef void TSS2_TCTI_POLL_HANDLE;
 #endif
 
 /* The following are used to configure timeout characteristics. */
-#define  TSS2_TCTI_TIMEOUT_BLOCK    -1
+#define  TSS2_TCTI_TIMEOUT_BLOCK    (-1)
 #define  TSS2_TCTI_TIMEOUT_NONE     0
 
 /* Macros to simplify access to values in common TCTI structure */
 #define TSS2_TCTI_MAGIC(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->magic
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->magic
 #define TSS2_TCTI_VERSION(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->version
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->version
 #define TSS2_TCTI_TRANSMIT(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->transmit
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->transmit
 #define TSS2_TCTI_RECEIVE(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->receive
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->receive
 #define TSS2_TCTI_FINALIZE(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->finalize
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->finalize
 #define TSS2_TCTI_CANCEL(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->cancel
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->cancel
 #define TSS2_TCTI_GET_POLL_HANDLES(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->getPollHandles
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->getPollHandles
 #define TSS2_TCTI_SET_LOCALITY(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V1*)tctiContext)->setLocality
+    ((TSS2_TCTI_CONTEXT_COMMON_V1*)(tctiContext))->setLocality
 #define TSS2_TCTI_MAKE_STICKY(tctiContext) \
-    ((TSS2_TCTI_CONTEXT_COMMON_V2*)tctiContext)->makeSticky
+    ((TSS2_TCTI_CONTEXT_COMMON_V2*)(tctiContext))->makeSticky
 
 /* Macros to simplify invocation of functions from the common TCTI structure */
 #define Tss2_Tcti_Transmit(tctiContext, size, command) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 1) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_TRANSMIT(tctiContext) == NULL) ? \
         TSS2_TCTI_RC_NOT_IMPLEMENTED: \
     TSS2_TCTI_TRANSMIT(tctiContext)(tctiContext, size, command))
 #define Tss2_Tcti_Receive(tctiContext, size, response, timeout) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 1) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_RECEIVE(tctiContext) == NULL) ? \
         TSS2_TCTI_RC_NOT_IMPLEMENTED: \
     TSS2_TCTI_RECEIVE(tctiContext)(tctiContext, size, response, timeout))
 #define Tss2_Tcti_Finalize(tctiContext) \
     do { \
-        if ((tctiContext != NULL) && \
+        if (((tctiContext) != NULL) && \
             (TSS2_TCTI_VERSION(tctiContext) >= 1) && \
             (TSS2_TCTI_FINALIZE(tctiContext) != NULL)) \
         { \
             TSS2_TCTI_FINALIZE(tctiContext)(tctiContext); \
         } \
     } while (0)
 #define Tss2_Tcti_Cancel(tctiContext) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 1) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_CANCEL(tctiContext) == NULL) ? \
         TSS2_TCTI_RC_NOT_IMPLEMENTED: \
     TSS2_TCTI_CANCEL(tctiContext)(tctiContext))
 #define Tss2_Tcti_GetPollHandles(tctiContext, handles, num_handles) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 1) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_GET_POLL_HANDLES(tctiContext) == NULL) ? \
         TSS2_TCTI_RC_NOT_IMPLEMENTED: \
     TSS2_TCTI_GET_POLL_HANDLES(tctiContext)(tctiContext, handles, num_handles))
 #define Tss2_Tcti_SetLocality(tctiContext, locality) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 1) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_SET_LOCALITY(tctiContext) == NULL) ? \
         TSS2_TCTI_RC_NOT_IMPLEMENTED: \
     TSS2_TCTI_SET_LOCALITY(tctiContext)(tctiContext, locality))
 #define Tss2_Tcti_MakeSticky(tctiContext, handle, sticky) \
-    ((tctiContext == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
+    (((tctiContext) == NULL) ? TSS2_TCTI_RC_BAD_REFERENCE: \
     (TSS2_TCTI_VERSION(tctiContext) < 2) ? \
         TSS2_TCTI_RC_ABI_MISMATCH: \
     (TSS2_TCTI_MAKE_STICKY(tctiContext) == NULL) ? \

src/tss2-esys/api/Esys_ACT_SetTimeout.c

@@ -164,26 +164,26 @@ Esys_ACT_SetTimeout_Async(
     r = iesys_check_sequence_async(esysContext);
     if (r != TSS2_RC_SUCCESS)
         return r;
-    esysContext->state = _ESYS_STATE_INTERNALERROR;
+    esysContext->state = ESYS_STATE_INTERNALERROR;
 
     /* Check input parameters */
     r = check_session_feasibility(shandle1, shandle2, shandle3, 1);
-    return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
+    return_state_if_error(r, ESYS_STATE_INIT, "Check session usage");
 
     /* Retrieve the metadata objects for provided handles */
     r = esys_GetResourceObject(esysContext, actHandle, &actHandleNode);
-    return_state_if_error(r, _ESYS_STATE_INIT, "actHandle unknown.");
+    return_state_if_error(r, ESYS_STATE_INIT, "actHandle unknown.");
 
     /* Initial invocation of SAPI to prepare the command buffer with parameters */
     r = Tss2_Sys_ACT_SetTimeout_Prepare(esysContext->sys,
                                (actHandleNode == NULL) ? TPM2_RH_NULL
                                 : actHandleNode->rsrc.handle,
                                 startTimeout);
-    return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
+    return_state_if_error(r, ESYS_STATE_INIT, "SAPI Prepare returned error.");
 
     /* Calculate the cpHash Values */
     r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
-    return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+    return_state_if_error(r, ESYS_STATE_INIT, "Initialize session resources");
     if (actHandleNode != NULL)
         iesys_compute_session_value(esysContext->session_tab[0],
                 &actHandleNode->rsrc.name, &actHandleNode->auth);
@@ -195,21 +195,21 @@ Esys_ACT_SetTimeout_Async(
 
     /* Generate the auth values and set them in the SAPI command buffer */
     r = iesys_gen_auths(esysContext, actHandleNode, NULL, NULL, &auths);
-    return_state_if_error(r, _ESYS_STATE_INIT,
+    return_state_if_error(r, ESYS_STATE_INIT,
                           "Error in computation of auth values");
 
     esysContext->authsCount = auths.count;
     if (auths.count > 0) {
         r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
-        return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
+        return_state_if_error(r, ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
     }
 
     /* Trigger execution and finish the async invocation */
     r = Tss2_Sys_ExecuteAsync(esysContext->sys);
-    return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
+    return_state_if_error(r, ESYS_STATE_INTERNALERROR,
                           "Finish (Execute Async)");
 
-    esysContext->state = _ESYS_STATE_SENT;
+    esysContext->state = ESYS_STATE_SENT;
 
     return r;
 }
@@ -253,31 +253,31 @@ Esys_ACT_SetTimeout_Finish(
     }
 
     /* Check for correct sequence and set sequence to irregular for now */
-    if (esysContext->state != _ESYS_STATE_SENT &&
-        esysContext->state != _ESYS_STATE_RESUBMISSION) {
+    if (esysContext->state != ESYS_STATE_SENT &&
+        esysContext->state != ESYS_STATE_RESUBMISSION) {
         LOG_ERROR("Esys called in bad sequence.");
         return TSS2_ESYS_RC_BAD_SEQUENCE;
     }
-    esysContext->state = _ESYS_STATE_INTERNALERROR;
+    esysContext->state = ESYS_STATE_INTERNALERROR;
 
     /*Receive the TPM response and handle resubmissions if necessary. */
     r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
     if (base_rc(r) == TSS2_BASE_RC_TRY_AGAIN) {
         LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
-        esysContext->state = _ESYS_STATE_SENT;
+        esysContext->state = ESYS_STATE_SENT;
         return r;
     }
     /* This block handle the resubmission of TPM commands given a certain set of
      * TPM response codes. */
     if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
         LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
             "resubmission: %" PRIx32, r);
-        if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
+        if (esysContext->submissionCount++ >= ESYS_MAX_SUBMISSIONS) {
             LOG_WARNING("Maximum number of (re)submissions has been reached.");
-            esysContext->state = _ESYS_STATE_INIT;
+            esysContext->state = ESYS_STATE_INIT;
             return r;
         }
-        esysContext->state = _ESYS_STATE_RESUBMISSION;
+        esysContext->state = ESYS_STATE_RESUBMISSION;
         r = Tss2_Sys_ExecuteAsync(esysContext->sys);
         if (r != TSS2_RC_SUCCESS) {
             LOG_WARNING("Error attempting to resubmit");
@@ -292,11 +292,11 @@ Esys_ACT_SetTimeout_Finish(
     /* The following is the "regular error" handling. */
     if (iesys_tpm_error(r)) {
         LOG_WARNING("Received TPM Error");
-        esysContext->state = _ESYS_STATE_INIT;
+        esysContext->state = ESYS_STATE_INIT;
         return r;
     } else if (r != TSS2_RC_SUCCESS) {
         LOG_ERROR("Received a non-TPM Error");
-        esysContext->state = _ESYS_STATE_INTERNALERROR;
+        esysContext->state = ESYS_STATE_INTERNALERROR;
         return r;
     }
 
@@ -305,18 +305,18 @@ Esys_ACT_SetTimeout_Finish(
      * parameter decryption have to be done.
      */
     r = iesys_check_response(esysContext);
-    return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
+    return_state_if_error(r, ESYS_STATE_INTERNALERROR,
                           "Error: check response");
 
     /*
      * After the verification of the response we call the complete function
      * to deliver the result.
      */
     r = Tss2_Sys_ACT_SetTimeout_Complete(esysContext->sys);
-    return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
+    return_state_if_error(r, ESYS_STATE_INTERNALERROR,
                           "Received error from SAPI unmarshaling");
 
-    esysContext->state = _ESYS_STATE_INIT;
+    esysContext->state = ESYS_STATE_INIT;
 
     return TSS2_RC_SUCCESS;
 }