Fix build errors and warnings for MSVC with DTLS 1.3

2022-09-07 18:30:54 +02:00
parent 38418b31f1
commit 112fc540bb
8 changed files with 57 additions and 39 deletions
--- a/IDE/WIN/user_settings.h
+++ b/IDE/WIN/user_settings.h
@ -6,6 +6,15 @@
 #error This user_settings.h header is only designed for Windows
 #endif
 #define USE_WOLFSSL_IO
 #define WOLFSSL_TLS13
 #define HAVE_HKDF
 #define HAVE_FFDHE_4096
 #define WC_RSA_PSS
 #define WOLFSSL_DTLS
 #define WOLFSSL_DTLS13
 #define WOLFSSL_DTLS_CID
 /* Configurations */
 #if defined(HAVE_FIPS)
    /* FIPS */
--- a/src/dtls.c
+++ b/src/dtls.c
@ -33,6 +33,11 @@
 typedef struct ConnectionID {
    byte length;
 /* Ignore "nonstandard extension used : zero-sized array in struct/union"
 * MSVC warning */
 #ifdef _MSC_VER
 #pragma warning(disable: 4200)
 #endif
    byte id[];
 } ConnectionID;
--- a/src/dtls13.c
+++ b/src/dtls13.c
@ -206,7 +206,7 @@ static int Dtls13HandshakeAddHeaderFrag(WOLFSSL* ssl, byte* output,
 static byte Dtls13TypeIsEncrypted(enum HandShakeType hs_type)
 {
-    int ret = 0;
+    byte ret = 0;
    switch (hs_type) {
    case hello_request:
@ -240,7 +240,6 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
    enum rnDirection dir)
 {
    RecordNumberCiphers* c;
    int ret;
    if (dir == PROTECT)
        c = &ssl->dtlsRecordNumberEncrypt;
@ -260,6 +259,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
 #ifdef HAVE_CHACHA
    if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {
        word32 counter;
 		int ret;
        if (c->chacha == NULL)
            return BAD_STATE_E;
@ -886,7 +886,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl)
        ret = Dtls13SendOneFragmentRtx(ssl,
            (enum HandShakeType)ssl->dtls13FragHandshakeType,
-            recordLength + MAX_MSG_EXTRA, output, recordLength, 0);
+            (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0);
        if (ret == WANT_WRITE) {
            ssl->dtls13FragOffset += fragLength;
            return ret;
@ -930,7 +930,7 @@ static int Dtls13SendFragmented(WOLFSSL* ssl, byte* message, word16 length,
       hash now pretending fragmentation will not happen */
    if (hash_output) {
        ret = Dtls13HashHandshake(ssl, message + rlHeaderLength,
-            length - rlHeaderLength);
+            length - (word16)rlHeaderLength);
        if (ret != 0)
            return ret;
    }
@ -1022,7 +1022,7 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags,
        if (ret != WOLFSSL_SUCCESS)
            return ret;
-        *idx += _cidSz;
+        *idx += (word16)_cidSz;
        return 0;
    }
@ -1256,7 +1256,7 @@ int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits,
 {
    w64wrapper _epoch;
    Dtls13Epoch* e;
-    byte found;
+    byte found = 0;
    int i;
    if (Dtls13GetEpochBits(ssl->dtls13PeerEpoch) == epochBits) {
@ -1465,7 +1465,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
        seq = ssl->dtls13EncryptEpoch->nextSeqNumber;
-        ret = Dtls13SendFragment(ssl, output, sendSz, r->length + headerLength,
+        ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength,
            (enum HandShakeType)r->handshakeType, 0,
            isLast || !ssl->options.groupMessages);
        if (ret != 0 && ret != WANT_WRITE)
@ -1590,7 +1590,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
            ssl->keys.dtls_expected_peer_handshake_number ||
        usingAsyncCrypto) {
        if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
-            DtlsMsgStore(ssl, w64GetLow32(ssl->keys.curEpoch64),
+            DtlsMsgStore(ssl, (word16)w64GetLow32(ssl->keys.curEpoch64),
                ssl->keys.dtls_peer_handshake_number,
                input + DTLS_HANDSHAKE_HEADER_SZ, messageLength, handshakeType,
                fragOff, fragLength, ssl->heap);
@ -1672,7 +1672,7 @@ int Dtls13AddHeaders(byte* output, word32 length, enum HandShakeType hsType,
    WOLFSSL* ssl)
 {
    word16 handshakeOffset;
-    int isEncrypted;
+    byte isEncrypted;
    isEncrypted = Dtls13TypeIsEncrypted(hsType);
    handshakeOffset = Dtls13GetRlHeaderLength(ssl, isEncrypted);
@ -2004,7 +2004,7 @@ int Dtls13NewEpoch(WOLFSSL* ssl, w64wrapper epochNumber, int side)
        /* fresh epoch, initialize fields */
        e->epochNumber = epochNumber;
        e->isValid = 1;
-        e->side = side;
+        e->side = (byte)side;
    }
    else if (e->side != side) {
        /* epoch used for the other side already. update side */
@ -2212,7 +2212,7 @@ static int Dtls13GetAckListLength(Dtls13RecordNumber* list, word16* length)
        numberElements++;
    }
-    *length = DTLS13_RN_SIZE * numberElements;
+    *length = (word16)(DTLS13_RN_SIZE * numberElements);
    return 0;
 }
@ -2525,7 +2525,7 @@ int SendDtls13Ack(WOLFSSL* ssl)
        output =
            ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
-        ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, length);
+        ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, (word16)length);
        if (ret != 0)
            return ret;
--- a/src/internal.c
+++ b/src/internal.c
@ -8376,16 +8376,15 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
    /* frag->padding makes sure we can fit the entire DTLS handshake header
     * before frag->buf */
-    dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
+    dtls = (DtlsHandShakeHeader*)(msg->fragBucketList->buf -
-                                          + OFFSETOF(DtlsFragBucket,buf)
+                                    DTLS_HANDSHAKE_HEADER_SZ);
                                          - DTLS_HANDSHAKE_HEADER_SZ);
    msg->fragBucketList = NULL;
    msg->fragBucketListCount = 0;
    dtls->type = msg->type;
    c32to24(msg->sz, dtls->length);
-    c16toa(msg->seq, dtls->message_seq);
+    c16toa((word16)msg->seq, dtls->message_seq);
    c32to24(0, dtls->fragment_offset);
    c32to24(msg->sz, dtls->fragment_length);
 }
@ -9303,7 +9302,7 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
        if (IsAtLeastTLSv1_3(ssl->version)) {
 #ifdef WOLFSSL_DTLS13
            word16 dtls_record_extra;
-            dtls_record_extra = Dtls13GetRlHeaderLength(ssl, IsEncryptionOn(ssl, 1));
+            dtls_record_extra = Dtls13GetRlHeaderLength(ssl, (byte)IsEncryptionOn(ssl, 1));
            dtls_record_extra -= RECORD_HEADER_SZ;
            adj += dtls_record_extra;
@ -9339,7 +9338,7 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
 #ifdef WOLFSSL_DTLS13
        if (IsAtLeastTLSv1_3(ssl->version))
-            return Dtls13HashHandshake(ssl, adj, sz);
+            return Dtls13HashHandshake(ssl, adj, (word16)sz);
 #endif /* WOLFSSL_DTLS13 */
    }
@ -10161,7 +10160,7 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, const byte* input,
            return ret;
    }
-    ret = Dtls13ParseUnifiedRecordLayer(ssl, input + *inOutIdx, readSize,
+    ret = Dtls13ParseUnifiedRecordLayer(ssl, input + *inOutIdx, (word16)readSize,
        &hdrInfo);
    if (ret != 0)
@ -20681,6 +20680,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
            if (sizeOnly)
                goto exit_buildmsg;
 			{
    #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
            /* If we want the PREV_ORDER then modify CUR_ORDER sequence number
             * for all encryption algos that use it for encryption parameters */
@ -20721,6 +20721,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
            }
    #endif
 			}
            if (ret != 0)
                goto exit_buildmsg;
            ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC;
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1217,7 +1217,7 @@ void* wolfSSL_dtls_create_peer(int port, char* ip)
    }
    addr->sin_family = AF_INET;
-    addr->sin_port = htons(port);
+    addr->sin_port = XHTONS((word16)port);
    if (XINET_PTON(AF_INET, ip, &addr->sin_addr) < 1) {
        XFREE(addr, NULL, DYNAMIC_TYPE_SOCKADDR);
        return NULL;
--- a/src/tls.c
+++ b/src/tls.c
@ -5935,7 +5935,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input,
    ProtocolVersion pv = ssl->ctx->method->version;
    int i;
    int len;
-    int newMinor = 0;
+    byte newMinor = 0;
    int set = 0;
    int ret;
    byte major, minor;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -2994,7 +2994,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #ifdef WOLFSSL_DTLS13
                if (ret == 0 && ssl->options.dtls) {
                    /* AAD points to the header. Reuse the variable  */
-                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, args->sz);
+                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz);
                }
 #endif /* WOLFSSL_DTLS13 */
            }
@ -3954,7 +3954,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
        if (ssl->options.dtls)
            ret = Dtls13HashHandshake(ssl,
                args->output + Dtls13GetRlHeaderLength(ssl, 0),
-                args->idx - Dtls13GetRlHeaderLength(ssl, 0));
+                (word16)args->idx - Dtls13GetRlHeaderLength(ssl, 0));
        else
 #endif /* WOLFSSL_DTLS13 */
                ret = HashOutput(ssl, args->output, args->idx, 0);
@ -3975,8 +3975,8 @@ int SendTls13ClientHello(WOLFSSL* ssl)
    ssl->options.buildingMsg = 0;
 #ifdef WOLFSSL_DTLS13
    if (ssl->options.dtls) {
-        ret = Dtls13HandshakeSend(ssl, args->output, args->sendSz,
+        ret = Dtls13HandshakeSend(ssl, args->output, (word16)args->sendSz,
-                                  args->idx, client_hello, 0);
+                                  (word16)args->idx, client_hello, 0);
        WOLFSSL_LEAVE("SendTls13ClientHello", ret);
        WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND);
@ -4035,7 +4035,7 @@ static int Dtls13DoDowngrade(WOLFSSL* ssl)
    ssl->dtls13ClientHello = NULL;
    ssl->dtls13ClientHelloSz = 0;
    ssl->keys.dtls_sequence_number_hi =
-        w64GetHigh32(ssl->dtls13EncryptEpoch->nextSeqNumber);
+        (word16)w64GetHigh32(ssl->dtls13EncryptEpoch->nextSeqNumber);
    ssl->keys.dtls_sequence_number_lo =
        w64GetLow32(ssl->dtls13EncryptEpoch->nextSeqNumber);
    return ret;
@ -6164,8 +6164,8 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
 #ifdef WOLFSSL_DTLS13
        if (ssl->options.dtls) {
            ret = Dtls13HashHandshake(ssl,
-                                      output + Dtls13GetRlHeaderLength(ssl, 0) ,
+									output + Dtls13GetRlHeaderLength(ssl, 0) ,
-                                      sendSz - Dtls13GetRlHeaderLength(ssl, 0));
+                            (word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0));
        }
        else
 #endif /* WOLFSSL_DTLS13 */
@ -6192,7 +6192,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
    ssl->options.buildingMsg = 0;
 #ifdef WOLFSSL_DTLS13
    if (ssl->options.dtls) {
-        ret = Dtls13HandshakeSend(ssl, output, sendSz, sendSz,
+        ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)sendSz,
            (enum HandShakeType)extMsgType, 0);
        WOLFSSL_LEAVE("SendTls13ServerHello", ret);
@ -6333,7 +6333,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
 #ifdef WOLFSSL_DTLS13
    if (ssl->options.dtls) {
        ssl->options.buildingMsg = 0;
-        ret = Dtls13HandshakeSend(ssl, output, sendSz, idx,
+        ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)idx,
                                  encrypted_extensions, 1);
        if (ret == 0)
@ -6445,7 +6445,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
    if (ssl->options.dtls) {
        ssl->options.buildingMsg = 0;
        ret =
-            Dtls13HandshakeSend(ssl, output, sendSz, i, certificate_request, 1);
+            Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
 								certificate_request, 1);
        WOLFSSL_LEAVE("SendTls13CertificateRequest", ret);
        WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
@ -7255,7 +7256,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
            /* DTLS1.3 uses a separate variable and logic for fragments */
            ssl->options.buildingMsg = 0;
            ssl->fragOffset = 0;
-            ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate, 1);
+            ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
 									  certificate, 1);
        }
        else
 #endif /* WOLFSSL_DTLS13 */
@ -7792,7 +7794,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                ssl->options.buildingMsg = 0;
                ret = Dtls13HandshakeSend(ssl, args->output,
                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
-                    args->sendSz, certificate_verify, 1);
+                    (word16)args->sendSz, certificate_verify, 1);
                if (ret != 0)
                    goto exit_scv;
@ -8719,8 +8721,8 @@ static int SendTls13Finished(WOLFSSL* ssl)
 #ifdef WOLFSSL_DTLS13
    if (isDtls) {
-        dtlsRet = Dtls13HandshakeSend(ssl, output, outputSz,
+        dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz,
-            Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz, finished,
+            (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished,
            1);
        if (dtlsRet != 0 && dtlsRet != WANT_WRITE)
            return ret;
@ -8931,7 +8933,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
 #ifdef WOLFSSL_DTLS13
    if (ssl->options.dtls) {
-        ret = Dtls13HandshakeSend(ssl, output, outputSz,
+        ret = Dtls13HandshakeSend(ssl, output, (word16)outputSz,
            OPAQUE8_LEN + Dtls13GetRlHeaderLength(ssl, 1) +
                DTLS_HANDSHAKE_HEADER_SZ,
            key_update, 0);
--- a/src/wolfio.c
+++ b/src/wolfio.c
@ -374,9 +374,9 @@ static int sockAddrEqual(
 static int isDGramSock(int sfd)
 {
-    int type = 0;
+    char type = 0;
    /* optvalue 'type' is of size int */
-    XSOCKLENT length = (XSOCKLENT)sizeof(int);
+    XSOCKLENT length = (XSOCKLENT)sizeof(char);
    if (getsockopt(sfd, SOL_SOCKET, SO_TYPE, &type, &length) == 0 &&
            type != SOCK_DGRAM) {
@ -399,7 +399,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
    byte doDtlsTimeout;
    SOCKADDR_S lclPeer;
    SOCKADDR_S* peer;
-    XSOCKLENT peerSz;
+    XSOCKLENT peerSz = 0;
    WOLFSSL_ENTER("EmbedReceiveFrom()");