From 562db08c3dbadff53f90ed171eaabf1d96281ef1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 11 May 2017 15:15:19 -0700 Subject: [PATCH] Implemented strict switch fall-through handling using new macro `FALL_THROUGH`. --- configure.ac | 4 +-- src/internal.c | 53 ++++++++++++++++++++++++++++++++++++--- src/ssl.c | 27 ++++++++++++++++++++ src/tls.c | 2 +- src/tls13.c | 31 +++++++++++++++++++++++ wolfcrypt/src/asn.c | 12 ++++----- wolfcrypt/src/ecc.c | 8 +++--- wolfcrypt/src/rsa.c | 10 +++++--- wolfcrypt/src/signature.c | 3 ++- wolfssl/wolfcrypt/types.h | 8 ++++++ 10 files changed, 137 insertions(+), 21 deletions(-) diff --git a/configure.ac b/configure.ac index 3a2c8b8d5..3a369b1df 100644 --- a/configure.ac +++ b/configure.ac @@ -113,7 +113,7 @@ OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET" DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" LIB_ADD= LIB_STATIC_ADD= -SWITCH_FALLTHROUGH="-Wimplicit-fallthrough=0" +SWITCH_FALLTHROUGH="-Wimplicit-fallthrough=5" thread_ls_on=no # Thread local storage @@ -3423,7 +3423,7 @@ case $host_os in fi ;; esac -# add workaround for switch fall-through +# add strict checking for switch fall-through CFLAGS="$CFLAGS $SWITCH_FALLTHROUGH" diff --git a/src/internal.c b/src/internal.c index 505fb41c7..798c24d76 100755 --- a/src/internal.c +++ b/src/internal.c @@ -7084,6 +7084,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -7308,6 +7309,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -7513,6 +7515,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -7697,6 +7700,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -7826,6 +7830,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -9593,6 +9598,8 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, /* Advance state and proceed */ ssl->encrypt.state = CIPHER_STATE_DO; } + FALL_THROUGH; + case CIPHER_STATE_DO: { ret = EncryptDo(ssl, out, input, sz, asyncOkay); @@ -9607,6 +9614,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, } #endif } + FALL_THROUGH; case CIPHER_STATE_END: { @@ -9826,6 +9834,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, /* Advance state and proceed */ ssl->decrypt.state = CIPHER_STATE_DO; } + FALL_THROUGH; case CIPHER_STATE_DO: { ret = DecryptDo(ssl, plain, input, sz); @@ -9840,7 +9849,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, } #endif } - + FALL_THROUGH; case CIPHER_STATE_END: { #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) @@ -10527,6 +10536,7 @@ int ProcessReply(WOLFSSL* ssl) ssl->options.processReply = getRecordLayerHeader; continue; } + FALL_THROUGH; /* in the WOLFSSL_SERVER case, run the old client hello */ case runProcessOldClientHello: @@ -10561,6 +10571,7 @@ int ProcessReply(WOLFSSL* ssl) } #endif /* OLD_HELLO_ALLOWED */ + FALL_THROUGH; /* get the record layer header */ case getRecordLayerHeader: @@ -10588,6 +10599,7 @@ int ProcessReply(WOLFSSL* ssl) return ret; ssl->options.processReply = getData; + FALL_THROUGH; /* retrieve record layer data */ case getData: @@ -10609,6 +10621,7 @@ int ProcessReply(WOLFSSL* ssl) ssl->options.processReply = decryptMessage; startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */ + FALL_THROUGH; /* decrypt message */ case decryptMessage: @@ -10679,6 +10692,7 @@ int ProcessReply(WOLFSSL* ssl) } ssl->options.processReply = verifyMessage; + FALL_THROUGH; /* verify digest of message */ case verifyMessage: @@ -10713,6 +10727,7 @@ int ProcessReply(WOLFSSL* ssl) } ssl->options.processReply = runProcessingOneMessage; + FALL_THROUGH; /* the record layer is here */ case runProcessingOneMessage: @@ -11351,7 +11366,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->options.buildMsgState = BUILD_MSG_SIZE; } - + FALL_THROUGH; case BUILD_MSG_SIZE: { args->digestSz = ssl->specs.hash_size; @@ -11430,6 +11445,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->options.buildMsgState = BUILD_MSG_HASH; } + FALL_THROUGH; case BUILD_MSG_HASH: { word32 i; @@ -11448,6 +11464,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->options.buildMsgState = BUILD_MSG_VERIFY_MAC; } + FALL_THROUGH; case BUILD_MSG_VERIFY_MAC: { /* User Record Layer Callback handling */ @@ -11499,6 +11516,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->options.buildMsgState = BUILD_MSG_ENCRYPT; } + FALL_THROUGH; case BUILD_MSG_ENCRYPT: { ret = Encrypt(ssl, output + args->headerSz, output + args->headerSz, args->size, @@ -11982,7 +12000,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, switch (type) { case WOLFSSL_CSR2_OCSP_MULTI: length += OPAQUE24_LEN; - /* followed by */ + FALL_THROUGH; /* followed by */ case WOLFSSL_CSR2_OCSP: for (i = 0; i < count; i++) @@ -16134,6 +16152,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -16307,6 +16326,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -16405,6 +16425,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -16500,6 +16521,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -16536,6 +16558,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -17153,6 +17176,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -17403,6 +17427,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -17535,6 +17560,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -17645,6 +17671,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -17748,6 +17775,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -18026,6 +18054,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -18150,6 +18179,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -18201,6 +18231,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -18248,6 +18279,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -18282,6 +18314,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -18955,6 +18988,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -19737,6 +19771,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -19859,6 +19894,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -19988,6 +20024,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -20057,6 +20094,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -21028,6 +21066,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -21106,6 +21145,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -21160,6 +21200,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -21253,6 +21294,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -21825,6 +21867,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -22232,6 +22275,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -22350,6 +22394,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -22478,6 +22523,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -22516,6 +22562,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { diff --git a/src/ssl.c b/src/ssl.c index 2297c4e4e..31a2efcad 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -8095,6 +8095,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.connectState = CLIENT_HELLO_SENT; WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT"); + FALL_THROUGH; case CLIENT_HELLO_SENT : neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : @@ -8124,6 +8125,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.connectState = HELLO_AGAIN; WOLFSSL_MSG("connect state: HELLO_AGAIN"); + FALL_THROUGH; case HELLO_AGAIN : if (ssl->options.certOnly) @@ -8150,6 +8152,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.connectState = HELLO_AGAIN_REPLY; WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY"); + FALL_THROUGH; case HELLO_AGAIN_REPLY : #ifdef WOLFSSL_DTLS @@ -8173,6 +8176,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.connectState = FIRST_REPLY_DONE; WOLFSSL_MSG("connect state: FIRST_REPLY_DONE"); + FALL_THROUGH; case FIRST_REPLY_DONE : #ifndef NO_CERTS @@ -8187,6 +8191,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.connectState = FIRST_REPLY_FIRST; WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST"); + FALL_THROUGH; case FIRST_REPLY_FIRST : if (!ssl->options.resuming) { @@ -8199,6 +8204,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.connectState = FIRST_REPLY_SECOND; WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND"); + FALL_THROUGH; case FIRST_REPLY_SECOND : #ifndef NO_CERTS @@ -8212,6 +8218,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.connectState = FIRST_REPLY_THIRD; WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); + FALL_THROUGH; case FIRST_REPLY_THIRD : if ( (ssl->error = SendChangeCipher(ssl)) != 0) { @@ -8221,6 +8228,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("sent: change cipher spec"); ssl->options.connectState = FIRST_REPLY_FOURTH; WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH"); + FALL_THROUGH; case FIRST_REPLY_FOURTH : if ( (ssl->error = SendFinished(ssl)) != 0) { @@ -8230,6 +8238,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("sent: finished"); ssl->options.connectState = FINISHED_DONE; WOLFSSL_MSG("connect state: FINISHED_DONE"); + FALL_THROUGH; case FINISHED_DONE : /* get response */ @@ -8241,6 +8250,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.connectState = SECOND_REPLY_DONE; WOLFSSL_MSG("connect state: SECOND_REPLY_DONE"); + FALL_THROUGH; case SECOND_REPLY_DONE: #ifndef NO_HANDSHAKE_DONE_CB @@ -8441,6 +8451,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef WOLFSSL_TLS13 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); + FALL_THROUGH; case ACCEPT_CLIENT_HELLO_DONE : if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { @@ -8451,6 +8462,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = ACCEPT_HELLO_RETRY_REQUEST_DONE; WOLFSSL_MSG("accept state ACCEPT_HELLO_RETRY_REQUEST_DONE"); + FALL_THROUGH; case ACCEPT_HELLO_RETRY_REQUEST_DONE : if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { @@ -8462,6 +8474,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); + FALL_THROUGH; case ACCEPT_FIRST_REPLY_DONE : #ifdef WOLFSSL_TLS13 @@ -8475,6 +8488,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = SERVER_HELLO_SENT; WOLFSSL_MSG("accept state SERVER_HELLO_SENT"); + FALL_THROUGH; case SERVER_HELLO_SENT : #ifndef NO_CERTS @@ -8486,6 +8500,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.acceptState = CERT_SENT; WOLFSSL_MSG("accept state CERT_SENT"); + FALL_THROUGH; case CERT_SENT : #ifndef NO_CERTS @@ -8497,6 +8512,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.acceptState = CERT_STATUS_SENT; WOLFSSL_MSG("accept state CERT_STATUS_SENT"); + FALL_THROUGH; case CERT_STATUS_SENT : if (!ssl->options.resuming) @@ -8506,6 +8522,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = KEY_EXCHANGE_SENT; WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT"); + FALL_THROUGH; case KEY_EXCHANGE_SENT : #ifndef NO_CERTS @@ -8520,6 +8537,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif ssl->options.acceptState = CERT_REQ_SENT; WOLFSSL_MSG("accept state CERT_REQ_SENT"); + FALL_THROUGH; case CERT_REQ_SENT : if (!ssl->options.resuming) @@ -8529,6 +8547,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = SERVER_HELLO_DONE; WOLFSSL_MSG("accept state SERVER_HELLO_DONE"); + FALL_THROUGH; case SERVER_HELLO_DONE : if (!ssl->options.resuming) { @@ -8540,6 +8559,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); + FALL_THROUGH; case ACCEPT_SECOND_REPLY_DONE : #ifdef HAVE_SESSION_TICKET @@ -8552,6 +8572,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif /* HAVE_SESSION_TICKET */ ssl->options.acceptState = TICKET_SENT; WOLFSSL_MSG("accept state TICKET_SENT"); + FALL_THROUGH; case TICKET_SENT: if ( (ssl->error = SendChangeCipher(ssl)) != 0) { @@ -8560,6 +8581,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } ssl->options.acceptState = CHANGE_CIPHER_SENT; WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT"); + FALL_THROUGH; case CHANGE_CIPHER_SENT : if ( (ssl->error = SendFinished(ssl)) != 0) { @@ -8569,6 +8591,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.acceptState = ACCEPT_FINISHED_DONE; WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE"); + FALL_THROUGH; case ACCEPT_FINISHED_DONE : if (ssl->options.resuming) @@ -8580,6 +8603,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); + FALL_THROUGH; case ACCEPT_THIRD_REPLY_DONE : #ifndef NO_HANDSHAKE_DONE_CB @@ -24017,10 +24041,13 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) switch (a->data[i++] - 0x80) { case 4: len |= a->data[i++] << 24; + FALL_THROUGH; case 3: len |= a->data[i++] << 16; + FALL_THROUGH; case 2: len |= a->data[i++] << 8; + FALL_THROUGH; case 1: len |= a->data[i++]; break; diff --git a/src/tls.c b/src/tls.c index 4bc2b6d73..a8442b360 100755 --- a/src/tls.c +++ b/src/tls.c @@ -2666,7 +2666,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, if (!isPeer || csr2->requests != 0) break; - /* followed by */ + FALL_THROUGH; /* followed by */ case WOLFSSL_CSR2_OCSP_MULTI: { if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { diff --git a/src/tls13.c b/src/tls13.c index b3208edea..85a179162 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3557,6 +3557,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -3618,6 +3619,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -3666,6 +3668,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -3699,6 +3702,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -3723,6 +3727,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ + FALL_THROUGH; case TLS_ASYNC_END: { @@ -3868,6 +3873,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_BUILD; } /* case TLS_ASYNC_BEGIN */ + FALL_THROUGH; case TLS_ASYNC_BUILD: { @@ -3933,6 +3939,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_DO; } /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; case TLS_ASYNC_DO: { @@ -3983,6 +3990,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ + FALL_THROUGH; case TLS_ASYNC_VERIFY: { @@ -3998,6 +4006,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ + FALL_THROUGH; case TLS_ASYNC_FINALIZE: { @@ -5024,6 +5033,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = CLIENT_HELLO_SENT; WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT"); + FALL_THROUGH; case CLIENT_HELLO_SENT: neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : @@ -5043,6 +5053,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = HELLO_AGAIN; WOLFSSL_MSG("connect state: HELLO_AGAIN"); + FALL_THROUGH; + case HELLO_AGAIN: if (ssl->options.certOnly) return SSL_SUCCESS; @@ -5061,6 +5073,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = HELLO_AGAIN_REPLY; WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY"); + FALL_THROUGH; case HELLO_AGAIN_REPLY: if (ssl->options.serverState == NULL_STATE) { @@ -5083,6 +5096,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = FIRST_REPLY_DONE; WOLFSSL_MSG("connect state: FIRST_REPLY_DONE"); + FALL_THROUGH; case FIRST_REPLY_DONE: #ifndef NO_CERTS @@ -5098,6 +5112,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = FIRST_REPLY_FIRST; WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST"); + FALL_THROUGH; case FIRST_REPLY_FIRST: #ifndef NO_CERTS @@ -5113,6 +5128,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = FIRST_REPLY_SECOND; WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND"); + FALL_THROUGH; case FIRST_REPLY_SECOND: if ((ssl->error = SendTls13Finished(ssl)) != 0) { @@ -5123,6 +5139,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) ssl->options.connectState = FINISHED_DONE; WOLFSSL_MSG("connect state: FINISHED_DONE"); + FALL_THROUGH; case FINISHED_DONE: #ifndef NO_HANDSHAKE_DONE_CB @@ -5366,6 +5383,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); + FALL_THROUGH; case ACCEPT_CLIENT_HELLO_DONE : if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { @@ -5376,6 +5394,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } ssl->options.acceptState = ACCEPT_HELLO_RETRY_REQUEST_DONE; WOLFSSL_MSG("accept state ACCEPT_HELLO_RETRY_REQUEST_DONE"); + FALL_THROUGH; case ACCEPT_HELLO_RETRY_REQUEST_DONE : if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { @@ -5386,6 +5405,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); + FALL_THROUGH; case ACCEPT_FIRST_REPLY_DONE : if ((ssl->error = SendTls13ServerHello(ssl)) != 0) { @@ -5394,6 +5414,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } ssl->options.acceptState = SERVER_HELLO_SENT; WOLFSSL_MSG("accept state SERVER_HELLO_SENT"); + FALL_THROUGH; case SERVER_HELLO_SENT : if ((ssl->error = SendTls13EncryptedExtensions(ssl)) != 0) { @@ -5402,6 +5423,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } ssl->options.acceptState = SERVER_EXTENSIONS_SENT; WOLFSSL_MSG("accept state SERVER_EXTENSIONS_SENT"); + FALL_THROUGH; + case SERVER_EXTENSIONS_SENT : #ifndef NO_CERTS if (!ssl->options.resuming) { @@ -5416,6 +5439,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #endif ssl->options.acceptState = CERT_REQ_SENT; WOLFSSL_MSG("accept state CERT_REQ_SENT"); + FALL_THROUGH; case CERT_REQ_SENT : ssl->options.acceptState = KEY_EXCHANGE_SENT; @@ -5429,6 +5453,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #endif ssl->options.acceptState = CERT_SENT; WOLFSSL_MSG("accept state CERT_SENT"); + FALL_THROUGH; case CERT_SENT : #ifndef NO_CERTS @@ -5441,6 +5466,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #endif ssl->options.acceptState = CERT_STATUS_SENT; WOLFSSL_MSG("accept state CERT_STATUS_SENT"); + FALL_THROUGH; case CERT_VERIFY_SENT : if ((ssl->error = SendTls13Finished(ssl)) != 0) { @@ -5450,6 +5476,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) ssl->options.acceptState = ACCEPT_FINISHED_DONE; WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE"); + FALL_THROUGH; case ACCEPT_FINISHED_DONE : #ifdef HAVE_SESSION_TICKET @@ -5464,6 +5491,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #endif /* HAVE_SESSION_TICKET */ ssl->options.acceptState = TICKET_SENT; WOLFSSL_MSG("accept state TICKET_SENT"); + FALL_THROUGH; case TICKET_SENT: while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) @@ -5474,6 +5502,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); + FALL_THROUGH; + case ACCEPT_SECOND_REPLY_DONE : #ifdef HAVE_SESSION_TICKET if (!ssl->options.resuming && ssl->options.verifyPeer && @@ -5486,6 +5516,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #endif /* HAVE_SESSION_TICKET */ ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); + FALL_THROUGH; case ACCEPT_THIRD_REPLY_DONE: #ifndef NO_HANDSHAKE_DONE_CB diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4d03a700d..8d9901c12 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4472,9 +4472,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, ERROR_OUT(MEMORY_E, exit_cs); } - /* fall through */ sigCtx->state = SIG_STATE_HASH; } /* SIG_STATE_BEGIN */ + FALL_THROUGH; case SIG_STATE_HASH: { @@ -4550,9 +4550,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, goto exit_cs; } - /* fall through */ sigCtx->state = SIG_STATE_KEY; } /* SIG_STATE_HASH */ + FALL_THROUGH; case SIG_STATE_KEY: { @@ -4625,9 +4625,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, goto exit_cs; } - /* fall through */ sigCtx->state = SIG_STATE_DO; } /* SIG_STATE_KEY */ + FALL_THROUGH; case SIG_STATE_DO: { @@ -4667,9 +4667,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, goto exit_cs; } - /* fall through */ sigCtx->state = SIG_STATE_CHECK; } /* SIG_STATE_DO */ + FALL_THROUGH; case SIG_STATE_CHECK: { @@ -8207,8 +8207,8 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz, if (ret != 0) { goto exit_ms; } + FALL_THROUGH; - /* fall-through */ case CERTSIGN_STATE_ENCODE: #ifndef NO_RSA if (rsaKey) { @@ -8223,8 +8223,8 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz, certSignCtx->digest, digestSz, typeH); } #endif /* !NO_RSA */ + FALL_THROUGH; - /* fall-through */ case CERTSIGN_STATE_DO: certSignCtx->state = CERTSIGN_STATE_DO; ret = ALGO_ID_E; /* default to error */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index f371e6bfb..0d91570bf 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2900,8 +2900,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, if (err < 0) { break; } + FALL_THROUGH; - /* fall through */ case ECC_STATE_SHARED_SEC_RES: private_key->state = ECC_STATE_SHARED_SEC_RES; err = 0; @@ -3393,8 +3393,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, } #endif /* WOLFSSL_ATECC508A */ + FALL_THROUGH; - /* fall through */ case ECC_STATE_SIGN_ENCODE: key->state = ECC_STATE_SIGN_ENCODE; @@ -3924,8 +3924,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, if (err < 0) { break; } + FALL_THROUGH; - /* fall through */ case ECC_STATE_VERIFY_DO: key->state = ECC_STATE_VERIFY_DO; @@ -3933,8 +3933,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, if (err < 0) { break; } + FALL_THROUGH; - /* fall through */ case ECC_STATE_VERIFY_RES: key->state = ECC_STATE_VERIFY_RES; err = 0; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 089f87434..7f9da78b7 100755 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1282,7 +1282,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, } key->state = RSA_STATE_ENCRYPT_EXPTMOD; - /* fall through */ + + FALL_THROUGH; case RSA_STATE_ENCRYPT_EXPTMOD: @@ -1296,7 +1297,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, break; } - /* fall through */ + FALL_THROUGH; case RSA_STATE_ENCRYPT_RES: ret = key->dataLen; @@ -1402,7 +1403,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out, break; } - /* fall through */ + FALL_THROUGH; case RSA_STATE_DECRYPT_UNPAD: { @@ -1426,7 +1427,8 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out, } key->state = RSA_STATE_DECRYPT_RES; - /* fall through */ + + FALL_THROUGH; } case RSA_STATE_DECRYPT_RES: #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 247d5d931..5d430d3de 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -206,6 +206,7 @@ int wc_SignatureVerify( /* Otherwise fall-through and perform normal RSA verify against updated * DER encoding + hash */ #endif + FALL_THROUGH; case WC_SIGNATURE_TYPE_RSA: { @@ -338,7 +339,7 @@ int wc_SignatureGenerate( /* Otherwise fall-through and perform normal RSA sign against updated * DER encoding + hash */ #endif - + FALL_THROUGH; case WC_SIGNATURE_TYPE_RSA: #ifndef NO_RSA /* Create signature using provided RSA key */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e993329e0..f7bcd837c 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -161,6 +161,14 @@ #define THREAD_LS_T #endif + /* GCC 7 has new switch() fall-through detection */ + #ifndef FALL_THROUGH + #if defined(__GNUC__) + #define FALL_THROUGH __attribute__ ((fallthrough)) + #else + #define FALL_THROUGH + #endif + #endif /* Micrium will use Visual Studio for compilation but not the Win32 API */ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \