fixes for whitespace, C++ warnings, and LLVM 15 clang-tidy defects/carps:

* whitespace in src/ssl.c, tests/api.c, wolfssl/openssl/fips_rand.h.

* clang-analyzer-core.StackAddressEscape from llvm-15 clang-tidy, in tests/suites.c:execute_test_case().

* bugprone-suspicious-memory-comparison from llvm-15 clang-tidy, in src/internal.c:DoSessionTicket() and src/ssl.c:wolfSSL_sk_push().

src/internal.c

@@ -30516,6 +30516,33 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     } InternalTicket;
 
+    static WC_INLINE int compare_InternalTickets(
+        InternalTicket *a,
+        InternalTicket *b)
+    {
+        if ((a->pv.major == b->pv.major) &&
+            (a->pv.minor == b->pv.minor) &&
+            (XMEMCMP(a->suite,b->suite,sizeof a->suite) == 0) &&
+            (XMEMCMP(a->msecret,b->msecret,sizeof a->msecret) == 0) &&
+            (a->timestamp == b->timestamp) &&
+            (a->haveEMS == b->haveEMS)
+#ifdef WOLFSSL_TLS13
+            &&
+            (a->ageAdd == b->ageAdd) &&
+            (a->namedGroup == b->namedGroup) &&
+            (a->ticketNonce.len == b->ticketNonce.len) &&
+            (XMEMCMP(a->ticketNonce.data, b->ticketNonce.data,
+                     a->ticketNonce.len) == 0)
+#ifdef WOLFSSL_EARLY_DATA
+            && (a->maxEarlyDataSz == b->maxEarlyDataSz)
+#endif
+#endif
+            )
+            return 0;
+        else
+            return -1;
+    }
+
     /* RFC 5077 defines this for session tickets */
     /* fit within SESSION_TICKET_LEN */
     typedef struct ExternalTicket {
@@ -30601,7 +30628,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             /* sanity checks on encrypt callback */
 
             /* internal ticket can't be the same if encrypted */
-            if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
+            if (compare_InternalTickets((InternalTicket *)et->enc_ticket, &it)
+                == 0)
+            {
                 ForceZero(&it, sizeof(it));
                 ForceZero(et->enc_ticket, sizeof(it));
                 WOLFSSL_MSG("User ticket encrypt didn't encrypt");

src/ssl.c

@@ -20902,13 +20902,13 @@ unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name)
         WOLFSSL_MSG("nothing to hash in WOLFSSL_X509_NAME");
         return 0;
     }
-  
+
     size = wolfSSL_i2d_X509_NAME_canon(name, &canon_name);
-    
+
     if (size <= 0){
         WOLFSSL_MSG("wolfSSL_i2d_X509_NAME_canon error");
         return 0;
-    } 
+    }
 
     if (wc_ShaHash((byte*)canon_name, size, digest) != 0) {
         WOLFSSL_MSG("wc_ShaHash error");
@@ -20916,7 +20916,7 @@ unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name)
     }
 
     XFREE(canon_name, NULL, DYNAMIC_TYPE_OPENSSL);
-    
+
     ret  =  (unsigned long) digest[0];
     ret |= ((unsigned long) digest[1]) << 8;
     ret |= ((unsigned long) digest[2]) << 16;
@@ -21783,6 +21783,25 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in)
     return WOLFSSL_SUCCESS;
 }
 
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+static WC_INLINE int compare_WOLFSSL_CIPHER(
+    WOLFSSL_CIPHER *a,
+    WOLFSSL_CIPHER *b)
+{
+    if ((a->cipherSuite0 == b->cipherSuite0) &&
+        (a->cipherSuite == b->cipherSuite) &&
+        (a->ssl == b->ssl) &&
+        (XMEMCMP(a->description, b->description, sizeof a->description) == 0) &&
+        (a->offset == b->offset) &&
+        (a->in_stack == b->in_stack) &&
+        (a->bits == b->bits))
+        return 0;
+    else
+        return -1;
+}
+#endif /* OPENSSL_ALL || WOLFSSL_QT */
+
+
 /* return 1 on success 0 on fail */
 int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
 {
@@ -21802,8 +21821,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
             /* check if entire struct is zero */
             XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
-            if (XMEMCMP(&sk->data.cipher, &ciph,
-                    sizeof(WOLFSSL_CIPHER)) == 0) {
+            if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
                 sk->data.cipher = *(WOLFSSL_CIPHER*)data;
                 sk->num = 1;
                 if (sk->hash_fn) {

tests/api.c

@@ -25347,7 +25347,8 @@ static int test_wc_ecc_pointFns (void)
     if (ret == 0) {
         ret = wc_ecc_import_point_der(der, derSz, idx, point);
         /* Condition double checks wc_ecc_cmp_point().  */
-        if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
+        if (ret == 0 &&
+            XMEMCMP((void *)&key.pubkey, (void *)point, sizeof(key.pubkey))) {
             ret = wc_ecc_cmp_point(&key.pubkey, point);
         }
     }
@@ -52055,7 +52056,6 @@ static void test_openssl_FIPS_drbg(void)
     AssertIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL),
         WOLFSSL_SUCCESS);
     AssertIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS);
-    
     AssertIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0),
         WOLFSSL_SUCCESS);
     AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);

tests/suites.c

@@ -321,7 +321,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     size_t      added;
     static      int tests = 1;
 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
-    char        portNumber[8];
+    static char portNumber[8];
 #endif
     int         cliTestShouldFail = 0, svrTestShouldFail = 0;
 #ifdef WOLFSSL_NO_CLIENT_AUTH

wolfssl/openssl/fips_rand.h

@@ -54,11 +54,11 @@ typedef struct WOLFSSL_DRBG_CTX {
     void* app_data;
 } WOLFSSL_DRBG_CTX;
 
-#define	DRBG_FLAG_CTR_USE_DF 0x1
-#define	DRBG_FLAG_TEST       0x2
+#define DRBG_FLAG_CTR_USE_DF 0x1
+#define DRBG_FLAG_TEST       0x2
 
-#define	DRBG_FLAG_NOERR      0x1
-#define	DRBG_CUSTOM_RESEED   0x2
+#define DRBG_FLAG_NOERR      0x1
+#define DRBG_CUSTOM_RESEED   0x2
 
 #define DRBG_STATUS_UNINITIALISED 0
 #define DRBG_STATUS_READY         1