diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h index f8b7c5e1c..779868134 100644 --- a/IDE/WIN/user_settings.h +++ b/IDE/WIN/user_settings.h @@ -6,6 +6,15 @@ #error This user_settings.h header is only designed for Windows #endif +#define USE_WOLFSSL_IO +#define WOLFSSL_TLS13 +#define HAVE_HKDF +#define HAVE_FFDHE_4096 +#define WC_RSA_PSS +#define WOLFSSL_DTLS +#define WOLFSSL_DTLS13 +#define WOLFSSL_DTLS_CID + /* Configurations */ #if defined(HAVE_FIPS) /* FIPS */ diff --git a/src/dtls.c b/src/dtls.c index 5c5869de9..9b4ec5764 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -33,6 +33,11 @@ typedef struct ConnectionID { byte length; +/* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ +#ifdef _MSC_VER +#pragma warning(disable: 4200) +#endif byte id[]; } ConnectionID; diff --git a/src/dtls13.c b/src/dtls13.c index b9df18b92..0d27b1a40 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -206,7 +206,7 @@ static int Dtls13HandshakeAddHeaderFrag(WOLFSSL* ssl, byte* output, static byte Dtls13TypeIsEncrypted(enum HandShakeType hs_type) { - int ret = 0; + byte ret = 0; switch (hs_type) { case hello_request: @@ -240,7 +240,6 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, enum rnDirection dir) { RecordNumberCiphers* c; - int ret; if (dir == PROTECT) c = &ssl->dtlsRecordNumberEncrypt; @@ -260,6 +259,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, #ifdef HAVE_CHACHA if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) { word32 counter; + int ret; if (c->chacha == NULL) return BAD_STATE_E; @@ -886,7 +886,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) ret = Dtls13SendOneFragmentRtx(ssl, (enum HandShakeType)ssl->dtls13FragHandshakeType, - recordLength + MAX_MSG_EXTRA, output, recordLength, 0); + (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0); if (ret == WANT_WRITE) { ssl->dtls13FragOffset += fragLength; return ret; @@ -930,7 +930,7 @@ static int Dtls13SendFragmented(WOLFSSL* ssl, byte* message, word16 length, hash now pretending fragmentation will not happen */ if (hash_output) { ret = Dtls13HashHandshake(ssl, message + rlHeaderLength, - length - rlHeaderLength); + length - (word16)rlHeaderLength); if (ret != 0) return ret; } @@ -1022,7 +1022,7 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags, if (ret != WOLFSSL_SUCCESS) return ret; - *idx += _cidSz; + *idx += (word16)_cidSz; return 0; } @@ -1256,7 +1256,7 @@ int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, { w64wrapper _epoch; Dtls13Epoch* e; - byte found; + byte found = 0; int i; if (Dtls13GetEpochBits(ssl->dtls13PeerEpoch) == epochBits) { @@ -1465,7 +1465,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) seq = ssl->dtls13EncryptEpoch->nextSeqNumber; - ret = Dtls13SendFragment(ssl, output, sendSz, r->length + headerLength, + ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength, (enum HandShakeType)r->handshakeType, 0, isLast || !ssl->options.groupMessages); if (ret != 0 && ret != WANT_WRITE) @@ -1590,7 +1590,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, ssl->keys.dtls_expected_peer_handshake_number || usingAsyncCrypto) { if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) { - DtlsMsgStore(ssl, w64GetLow32(ssl->keys.curEpoch64), + DtlsMsgStore(ssl, (word16)w64GetLow32(ssl->keys.curEpoch64), ssl->keys.dtls_peer_handshake_number, input + DTLS_HANDSHAKE_HEADER_SZ, messageLength, handshakeType, fragOff, fragLength, ssl->heap); @@ -1672,7 +1672,7 @@ int Dtls13AddHeaders(byte* output, word32 length, enum HandShakeType hsType, WOLFSSL* ssl) { word16 handshakeOffset; - int isEncrypted; + byte isEncrypted; isEncrypted = Dtls13TypeIsEncrypted(hsType); handshakeOffset = Dtls13GetRlHeaderLength(ssl, isEncrypted); @@ -2004,7 +2004,7 @@ int Dtls13NewEpoch(WOLFSSL* ssl, w64wrapper epochNumber, int side) /* fresh epoch, initialize fields */ e->epochNumber = epochNumber; e->isValid = 1; - e->side = side; + e->side = (byte)side; } else if (e->side != side) { /* epoch used for the other side already. update side */ @@ -2212,7 +2212,7 @@ static int Dtls13GetAckListLength(Dtls13RecordNumber* list, word16* length) numberElements++; } - *length = DTLS13_RN_SIZE * numberElements; + *length = (word16)(DTLS13_RN_SIZE * numberElements); return 0; } @@ -2525,7 +2525,7 @@ int SendDtls13Ack(WOLFSSL* ssl) output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, length); + ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, (word16)length); if (ret != 0) return ret; diff --git a/src/internal.c b/src/internal.c index f9a8cdabc..cdcad7e96 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8376,16 +8376,15 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg) /* frag->padding makes sure we can fit the entire DTLS handshake header * before frag->buf */ - dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList - + OFFSETOF(DtlsFragBucket,buf) - - DTLS_HANDSHAKE_HEADER_SZ); + dtls = (DtlsHandShakeHeader*)(msg->fragBucketList->buf - + DTLS_HANDSHAKE_HEADER_SZ); msg->fragBucketList = NULL; msg->fragBucketListCount = 0; dtls->type = msg->type; c32to24(msg->sz, dtls->length); - c16toa(msg->seq, dtls->message_seq); + c16toa((word16)msg->seq, dtls->message_seq); c32to24(0, dtls->fragment_offset); c32to24(msg->sz, dtls->fragment_length); } @@ -9303,7 +9302,7 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) if (IsAtLeastTLSv1_3(ssl->version)) { #ifdef WOLFSSL_DTLS13 word16 dtls_record_extra; - dtls_record_extra = Dtls13GetRlHeaderLength(ssl, IsEncryptionOn(ssl, 1)); + dtls_record_extra = Dtls13GetRlHeaderLength(ssl, (byte)IsEncryptionOn(ssl, 1)); dtls_record_extra -= RECORD_HEADER_SZ; adj += dtls_record_extra; @@ -9339,7 +9338,7 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) #ifdef WOLFSSL_DTLS13 if (IsAtLeastTLSv1_3(ssl->version)) - return Dtls13HashHandshake(ssl, adj, sz); + return Dtls13HashHandshake(ssl, adj, (word16)sz); #endif /* WOLFSSL_DTLS13 */ } @@ -10161,7 +10160,7 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, const byte* input, return ret; } - ret = Dtls13ParseUnifiedRecordLayer(ssl, input + *inOutIdx, readSize, + ret = Dtls13ParseUnifiedRecordLayer(ssl, input + *inOutIdx, (word16)readSize, &hdrInfo); if (ret != 0) @@ -20681,6 +20680,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (sizeOnly) goto exit_buildmsg; + { #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) /* If we want the PREV_ORDER then modify CUR_ORDER sequence number * for all encryption algos that use it for encryption parameters */ @@ -20721,6 +20721,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo; } #endif + } + if (ret != 0) goto exit_buildmsg; ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC; diff --git a/src/ssl.c b/src/ssl.c index 6ad5bbdf2..71c9b0a2d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1217,7 +1217,7 @@ void* wolfSSL_dtls_create_peer(int port, char* ip) } addr->sin_family = AF_INET; - addr->sin_port = htons(port); + addr->sin_port = XHTONS((word16)port); if (XINET_PTON(AF_INET, ip, &addr->sin_addr) < 1) { XFREE(addr, NULL, DYNAMIC_TYPE_SOCKADDR); return NULL; diff --git a/src/tls.c b/src/tls.c index 9419ac082..9e758a1f6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5935,7 +5935,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, ProtocolVersion pv = ssl->ctx->method->version; int i; int len; - int newMinor = 0; + byte newMinor = 0; int set = 0; int ret; byte major, minor; diff --git a/src/tls13.c b/src/tls13.c index f00195411..5c57b9776 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2994,7 +2994,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #ifdef WOLFSSL_DTLS13 if (ret == 0 && ssl->options.dtls) { /* AAD points to the header. Reuse the variable */ - ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, args->sz); + ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz); } #endif /* WOLFSSL_DTLS13 */ } @@ -3954,7 +3954,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ssl->options.dtls) ret = Dtls13HashHandshake(ssl, args->output + Dtls13GetRlHeaderLength(ssl, 0), - args->idx - Dtls13GetRlHeaderLength(ssl, 0)); + (word16)args->idx - Dtls13GetRlHeaderLength(ssl, 0)); else #endif /* WOLFSSL_DTLS13 */ ret = HashOutput(ssl, args->output, args->idx, 0); @@ -3975,8 +3975,8 @@ int SendTls13ClientHello(WOLFSSL* ssl) ssl->options.buildingMsg = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { - ret = Dtls13HandshakeSend(ssl, args->output, args->sendSz, - args->idx, client_hello, 0); + ret = Dtls13HandshakeSend(ssl, args->output, (word16)args->sendSz, + (word16)args->idx, client_hello, 0); WOLFSSL_LEAVE("SendTls13ClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND); @@ -4035,7 +4035,7 @@ static int Dtls13DoDowngrade(WOLFSSL* ssl) ssl->dtls13ClientHello = NULL; ssl->dtls13ClientHelloSz = 0; ssl->keys.dtls_sequence_number_hi = - w64GetHigh32(ssl->dtls13EncryptEpoch->nextSeqNumber); + (word16)w64GetHigh32(ssl->dtls13EncryptEpoch->nextSeqNumber); ssl->keys.dtls_sequence_number_lo = w64GetLow32(ssl->dtls13EncryptEpoch->nextSeqNumber); return ret; @@ -6164,8 +6164,8 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { ret = Dtls13HashHandshake(ssl, - output + Dtls13GetRlHeaderLength(ssl, 0) , - sendSz - Dtls13GetRlHeaderLength(ssl, 0)); + output + Dtls13GetRlHeaderLength(ssl, 0) , + (word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0)); } else #endif /* WOLFSSL_DTLS13 */ @@ -6192,7 +6192,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) ssl->options.buildingMsg = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { - ret = Dtls13HandshakeSend(ssl, output, sendSz, sendSz, + ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)sendSz, (enum HandShakeType)extMsgType, 0); WOLFSSL_LEAVE("SendTls13ServerHello", ret); @@ -6333,7 +6333,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { ssl->options.buildingMsg = 0; - ret = Dtls13HandshakeSend(ssl, output, sendSz, idx, + ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)idx, encrypted_extensions, 1); if (ret == 0) @@ -6445,7 +6445,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, if (ssl->options.dtls) { ssl->options.buildingMsg = 0; ret = - Dtls13HandshakeSend(ssl, output, sendSz, i, certificate_request, 1); + Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i, + certificate_request, 1); WOLFSSL_LEAVE("SendTls13CertificateRequest", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND); @@ -7255,7 +7256,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* DTLS1.3 uses a separate variable and logic for fragments */ ssl->options.buildingMsg = 0; ssl->fragOffset = 0; - ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate, 1); + ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i, + certificate, 1); } else #endif /* WOLFSSL_DTLS13 */ @@ -7792,7 +7794,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) ssl->options.buildingMsg = 0; ret = Dtls13HandshakeSend(ssl, args->output, MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA, - args->sendSz, certificate_verify, 1); + (word16)args->sendSz, certificate_verify, 1); if (ret != 0) goto exit_scv; @@ -8719,8 +8721,8 @@ static int SendTls13Finished(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (isDtls) { - dtlsRet = Dtls13HandshakeSend(ssl, output, outputSz, - Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz, finished, + dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz, + (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished, 1); if (dtlsRet != 0 && dtlsRet != WANT_WRITE) return ret; @@ -8931,7 +8933,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { - ret = Dtls13HandshakeSend(ssl, output, outputSz, + ret = Dtls13HandshakeSend(ssl, output, (word16)outputSz, OPAQUE8_LEN + Dtls13GetRlHeaderLength(ssl, 1) + DTLS_HANDSHAKE_HEADER_SZ, key_update, 0); diff --git a/src/wolfio.c b/src/wolfio.c index 8e4d9237e..f706eb5a5 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -374,9 +374,9 @@ static int sockAddrEqual( static int isDGramSock(int sfd) { - int type = 0; + char type = 0; /* optvalue 'type' is of size int */ - XSOCKLENT length = (XSOCKLENT)sizeof(int); + XSOCKLENT length = (XSOCKLENT)sizeof(char); if (getsockopt(sfd, SOL_SOCKET, SO_TYPE, &type, &length) == 0 && type != SOCK_DGRAM) { @@ -399,7 +399,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) byte doDtlsTimeout; SOCKADDR_S lclPeer; SOCKADDR_S* peer; - XSOCKLENT peerSz; + XSOCKLENT peerSz = 0; WOLFSSL_ENTER("EmbedReceiveFrom()");