From 6456b244d3b68db91e02f9c75712cf89db1b2e65 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Oct 2022 16:18:33 -0500
Subject: [PATCH 1/5] tests/api.c: refactor struct initializer using XMEMCPY()
 to mollify -Werror=missing-field-initializers in C++ builds.

---
 tests/api.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 7fdf59f0c..e99e3e5e0 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -58973,11 +58973,13 @@ static int test_wolfSSL_DTLS_fragment_buckets(void)
     !defined(NO_OLD_TLS)
 static int test_WOLFSSL_dtls_version_alert(void)
 {
-    struct test_memio_ctx test_ctx = { 0 };
+    struct test_memio_ctx test_ctx;
     WOLFSSL_CTX *ctx_c, *ctx_s;
     WOLFSSL *ssl_c, *ssl_s;
     int ret;
 
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
     ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_server_method);
     if (ret != 0)
@@ -59147,12 +59149,14 @@ static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
 
 static int test_ticket_nonce_malloc(void)
 {
-    struct test_memio_ctx test_ctx = { 0 };
+    struct test_memio_ctx test_ctx;
     WOLFSSL_CTX *ctx_c, *ctx_s;
     byte small, medium, big;
     WOLFSSL *ssl_c, *ssl_s;
     int ret;
 
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
     ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfTLSv1_3_client_method, wolfTLSv1_3_server_method);
     if (ret != 0)

From 02863d2e812862f5f34b87c3cafe54a0df815a4b Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Oct 2022 16:37:38 -0500
Subject: [PATCH 2/5] configure.ac: when FIPS 140-3, disable AES-GCM streaming
 API, unless "dev".

---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 68f9752a2..2df9bf662 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4188,6 +4188,10 @@ AS_CASE([$FIPS_VERSION],
         AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
 
+	# AES-GCM streaming isn't part of the current FIPS suite.
+        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "yes")],
+            [ENABLED_AESGCM_STREAM="no"])
+
         # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
             [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])

From e48e406def79de91d13199b923091e333368bbb3 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Oct 2022 16:48:49 -0500
Subject: [PATCH 3/5] CMakeLists.txt: add handling for WARNING_C_FLAGS in setup
 for CMAKE_C_FLAGS, to allow override warning config, e.g. without -Werror.

---
 CMakeLists.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 800d76cbf..9a324692f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -169,7 +169,9 @@ find_package(Threads)
 # Example for map file and custom linker script
 #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
 
-if(WIN32)
+if(DEFINED WARNING_C_FLAGS)
+set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+elseif(WIN32)
 # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
 set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
 else()

From 1bca5d80a1a7a4a7e2eec715f688a5eb0484e086 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Oct 2022 16:51:19 -0500
Subject: [PATCH 4/5] configure.ac: fix hard tab.

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 2df9bf662..b4a64d555 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4188,7 +4188,7 @@ AS_CASE([$FIPS_VERSION],
         AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
 
-	# AES-GCM streaming isn't part of the current FIPS suite.
+        # AES-GCM streaming isn't part of the current FIPS suite.
         AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "yes")],
             [ENABLED_AESGCM_STREAM="no"])
 

From af4987628f4bd33f6b57ead709657c6d07444f28 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Oct 2022 17:08:51 -0500
Subject: [PATCH 5/5] wolfssl/test.h: fix bugprone-macro-parentheses.

---
 wolfssl/test.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfssl/test.h b/wolfssl/test.h
index e304e3a01..a78cee7ea 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -5117,7 +5117,7 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
     (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) &&                    \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&              \
     !defined(NO_OLD_TLS))
-#define TEST_MEMIO_BUF_SZ 64 * 1024
+#define TEST_MEMIO_BUF_SZ (64 * 1024)
 struct test_memio_ctx
 {
     byte c_buff[TEST_MEMIO_BUF_SZ];