diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 4297c98e70..ef9a3e029f 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -637,6 +637,7 @@ USE_TLSV13 USE_WINDOWS_API USE_WOLF_STRNSTR USS_API +W64LIT_FORCE_LONG_LONG WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING WC_AES_BS_WORD_SIZE WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 02e018f5d4..14ef4609cd 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -34131,7 +34131,7 @@ enum { SINGLERESPONSEASN_IDX_THISUPDATE_GT, SINGLERESPONSEASN_IDX_NEXTUPDATE, SINGLERESPONSEASN_IDX_NEXTUPDATE_GT, - SINGLERESPONSEASN_IDX_EXT, + SINGLERESPONSEASN_IDX_EXT }; /* Number of items in ASN.1 template for OCSP single response. */ @@ -34156,7 +34156,7 @@ enum { CERTIDASN_IDX_CID_HASHALGO_NULL, CERTIDASN_IDX_CID_ISSUERHASH, CERTIDASN_IDX_CID_ISSUERKEYHASH, - CERTIDASN_IDX_CID_SERIAL, + CERTIDASN_IDX_CID_SERIAL }; #define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem)) @@ -34531,7 +34531,7 @@ static const ASNItem respExtHdrASN[] = { }; enum { RESPEXTHDRASN_IDX_EXT = 0, - RESPEXTHDRASN_IDX_EXT_SEQ, + RESPEXTHDRASN_IDX_EXT_SEQ }; /* Number of items in ASN.1 template for OCSP response extension header. */ @@ -34625,7 +34625,7 @@ enum { OCSPNONCEEXTASN_IDX_EXT, OCSPNONCEEXTASN_IDX_EXT_OID, OCSPNONCEEXTASN_IDX_EXT_VAL, - OCSPNONCEEXTASN_IDX_EXT_NONCE, + OCSPNONCEEXTASN_IDX_EXT_NONCE }; /* Number of items in ASN.1 template for OCSP nonce extension. */ @@ -34702,7 +34702,7 @@ enum { OCSPRESPDATAASN_IDX_BYKEY_OCT, OCSPRESPDATAASN_IDX_PA, OCSPRESPDATAASN_IDX_RESP, - OCSPRESPDATAASN_IDX_RESPEXT, + OCSPRESPDATAASN_IDX_RESPEXT }; /* Number of items in ASN.1 template for OCSP ResponseData. */ @@ -34985,7 +34985,7 @@ enum { #endif OCSPBASICRESPASN_IDX_SIGNATURE, OCSPBASICRESPASN_IDX_CERTS, - OCSPBASICRESPASN_IDX_CERTS_SEQ, + OCSPBASICRESPASN_IDX_CERTS_SEQ }; /* Number of items in ASN.1 template for BasicOCSPResponse. */ @@ -35438,7 +35438,7 @@ enum { OCSPRESPONSEASN_IDX_BYTES_TYPE, - OCSPRESPONSEASN_IDX_BYTES_VAL, + OCSPRESPONSEASN_IDX_BYTES_VAL }; /* Number of items in ASN.1 template for OCSPResponse. */ @@ -35715,7 +35715,7 @@ enum { OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY, OCSPREQUESTASN_IDX_TBS_REQ_SERIAL, OCSPREQUESTASN_IDX_TBS_REQEXT, - OCSPREQUESTASN_IDX_OPT_SIG, + OCSPREQUESTASN_IDX_OPT_SIG }; /* Number of items in ASN.1 template for OCSPRequest. */ @@ -36278,7 +36278,7 @@ enum { REVOKEDASN_IDX_CERT, REVOKEDASN_IDX_TIME_UTC, REVOKEDASN_IDX_TIME_GT, - REVOKEDASN_IDX_TIME_EXT, + REVOKEDASN_IDX_TIME_EXT }; /* Number of items in ASN.1 template for revoked certificates. */ @@ -36875,7 +36875,7 @@ enum { #ifdef WC_RSA_PSS CRLASN_IDX_SIGALGO_PARAMS, #endif - CRLASN_IDX_SIGNATURE, + CRLASN_IDX_SIGNATURE }; /* Number of items in ASN.1 template for a CRL- CertificateList. */ diff --git a/wolfcrypt/src/asn_orig.c b/wolfcrypt/src/asn_orig.c index 9020af0d74..ccab650425 100644 --- a/wolfcrypt/src/asn_orig.c +++ b/wolfcrypt/src/asn_orig.c @@ -34,6 +34,9 @@ #ifndef WOLFSSL_IGNORE_FILE_WARN #warning asn_orig.c does not need to be compiled separately from asn.c #endif + /* An empty translation unit is a constraint violation in C89, so emit a + * harmless typedef to keep it well-formed. */ + typedef int wolfssl_asn_orig_dummy_decl; #else /* Forward declarations for static functions defined later in this file. */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index cd900d035e..786dc52c34 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2090,7 +2090,7 @@ enum states { #ifdef WOLFSSL_DTLS13 SERVER_FINISHED_ACKED, #endif /* WOLFSSL_DTLS13 */ - + WOLF_ENUM_DUMMY_LAST_ELEMENT(states) }; /* SSL Version */ @@ -3086,10 +3086,10 @@ typedef enum { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) TLSX_CKS = TLSXT_CKS, #endif - TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO, #ifdef WOLFSSL_QUIC TLSX_KEY_QUIC_TP_PARAMS_DRAFT = TLSXT_KEY_QUIC_TP_PARAMS_DRAFT, #endif + TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO } TLSX_Type; /* TLS Certificate type defined RFC7250 @@ -3450,7 +3450,8 @@ typedef struct SignatureAlgorithms { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte hashSigAlgo[]; /* sig/algo to offer */ + /* sig/algo to offer */ + byte hashSigAlgo[WC_FLEXIBLE_ARRAY_SIZE]; } SignatureAlgorithms; WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New( @@ -3630,11 +3631,11 @@ typedef struct InternalTicket { /* RFC 5077 defines this for session tickets. All members need to be a byte or * array of byte to avoid alignment issues */ typedef struct ExternalTicket { - byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ - byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ - byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ - byte enc_ticket[]; /* encrypted ticket - var length - * + total mac - 32 */ + byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ + byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ + byte enc_ticket[WC_FLEXIBLE_ARRAY_SIZE]; /* encrypted ticket - var length + * + total mac - 32 */ } ExternalTicket; /* Fixed portion of external ticket (key_name + iv + enc_len) */ @@ -3718,7 +3719,7 @@ typedef struct Cookie { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte data[]; + byte data[WC_FLEXIBLE_ARRAY_SIZE]; } Cookie; WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, @@ -3781,7 +3782,7 @@ enum PskDecryptReturn { PSK_DECRYPT_NONE = 0, PSK_DECRYPT_OK, PSK_DECRYPT_CREATE, - PSK_DECRYPT_FAIL, + PSK_DECRYPT_FAIL }; #ifdef HAVE_SESSION_TICKET @@ -4513,7 +4514,7 @@ enum SignatureAlgorithm { enum SigAlgRsaPss { pss_sha256 = 0x09, pss_sha384 = 0x0a, - pss_sha512 = 0x0b, + pss_sha512 = 0x0b }; #ifdef WOLFSSL_SM2 @@ -4548,7 +4549,7 @@ enum ClientCertificateType { rsa_fixed_ecdh = 65, ecdsa_fixed_ecdh = 66, falcon_sign = 67, - mldsa_sign = 68, + mldsa_sign = 68 }; /* Maximum number of ClientCertificateType bytes the server emits in a @@ -5094,14 +5095,14 @@ enum buildMsgState { BUILD_MSG_HASH, BUILD_MSG_VERIFY_MAC, BUILD_MSG_ENCRYPT, - BUILD_MSG_ENCRYPTED_VERIFY_MAC, + BUILD_MSG_ENCRYPTED_VERIFY_MAC }; /* sub-states for cipher operations */ enum cipherState { CIPHER_STATE_BEGIN = 0, CIPHER_STATE_DO, - CIPHER_STATE_END, + CIPHER_STATE_END }; struct Options { @@ -5458,7 +5459,7 @@ typedef enum { STACK_TYPE_X509_NAME_ENTRY = 17, STACK_TYPE_X509_REQ_ATTR = 18, STACK_TYPE_GENERAL_SUBTREE = 19, - STACK_TYPE_X509_REVOKED = 20, + STACK_TYPE_X509_REVOKED = 20 } WOLF_STACK_TYPE; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -5769,7 +5770,7 @@ typedef struct DtlsFragBucket { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte buf[]; + byte buf[WC_FLEXIBLE_ARRAY_SIZE]; } DtlsFragBucket; typedef struct DtlsMsg { @@ -6796,6 +6797,7 @@ enum ContentType { #ifdef WOLFSSL_DTLS13 ack = 26, #endif /* WOLFSSL_DTLS13 */ + WOLF_ENUM_DUMMY_LAST_ELEMENT(ContentType) }; @@ -6955,7 +6957,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsTLS_ex(const ProtocolVersion pv); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); -WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv); +WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend); WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); @@ -7265,7 +7267,7 @@ typedef struct CipherSuiteInfo { #endif WOLFSSL_TEST_VIS const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_TEST_VIS int GetCipherNamesSize(void); -WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* used in wolfSSL_sk_CIPHER_description */ #define MAX_SEGMENTS 5 @@ -7281,7 +7283,7 @@ WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL int SetCipherBits(const char* enc); WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]); #endif -WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 7821b3fd3f..aad0ad68b4 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -221,6 +221,29 @@ typedef const char wcchar[]; #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */ #endif +#if defined(WC_FLEXIBLE_ARRAY_SIZE) + /* keep override value. */ +#elif defined(__cplusplus) + /* No C++ standard has FAMs; [] and [0] are vendor extensions. + * Use the struct hack. */ + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) + /* Standard C99+ flexible array member -- valid even under + * __STRICT_ANSI__ / -pedantic. */ + #define WC_FLEXIBLE_ARRAY_SIZE +#elif defined(__STRICT_ANSI__) || defined(WOLF_C89) + /* C89 "struct hack" fallback. + * See http://c-faq.com/struct/structhack.html */ + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#elif defined(__GNUC__) || defined(__clang__) || \ + (defined(_MSC_VER) && !defined(__cplusplus)) + /* gnu89 etc.: [] accepted as an extension without -pedantic; + * MSVC C mode accepts it too (C4200, off by default at /W3). */ + #define WC_FLEXIBLE_ARRAY_SIZE +#else + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#endif + /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ #if defined(_WIN32) || defined(HAVE_LIMITS_H) #include @@ -299,7 +322,7 @@ typedef const char wcchar[]; typedef unsigned long long word64; #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else @@ -310,7 +333,7 @@ typedef const char wcchar[]; typedef unsigned long word64; #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else @@ -321,7 +344,7 @@ typedef const char wcchar[]; typedef unsigned long long word64; #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else