From 8a32e7f3f9751b2b451360094734b5050e579301 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 25 Dec 2023 00:23:37 -0600
Subject: [PATCH] fixes for clang -Wunreachable-code-aggressive:

tests/suites.c: in SuiteTest(), swap order of (void)s and return.

wolfcrypt/src/chacha.c: gate out unreachable C wc_Chacha_encrypt_bytes() call in wc_Chacha_Process, and gate out unused implementations of wc_Chacha_wordtobyte() and wc_Chacha_encrypt_bytes(), when defined(USE_INTEL_CHACHA_SPEEDUP).

wolfcrypt/src/sha256.c and wolfcrypt/src/sha512.c: fix logic in Sha256_SetTransform() and Sha512_SetTransform() to make the AVX1_RORX implementations accessible.  also add a missing Transform_Sha512_Len_p = NULL in the C path of Sha512_SetTransform().

wolfssl/internal.h: for the fallback definition of wolfSSL_curve_is_disabled, use an inline function instead of a compound-clause macro, because clang isn't smart enough to treat the compound expression as a bare constant zero, producing a lame-positive -Wunreachable-code.
---
 tests/suites.c         |  2 +-
 wolfcrypt/src/chacha.c |  9 +++++++--
 wolfcrypt/src/sha256.c | 26 ++++++++++++++------------
 wolfcrypt/src/sha512.c | 28 ++++++++++++++++------------
 wolfssl/internal.h     | 10 ++++++++--
 5 files changed, 46 insertions(+), 29 deletions(-)

diff --git a/tests/suites.c b/tests/suites.c
index 76aa41317..e95ff933c 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1455,8 +1455,8 @@ exit:
 
     return args.return_code;
 #else
-    return NOT_COMPILED_IN;
     (void)argc;
     (void)argv;
+    return NOT_COMPILED_IN;
 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
 }
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index d3a982ed6..c84829b77 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -200,6 +200,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     return 0;
 }
 
+#ifndef USE_INTEL_CHACHA_SPEEDUP
 /**
   * Converts word into bytes with rotations having been done.
   */
@@ -228,6 +229,7 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
 #endif
     }
 }
+#endif /* !USE_INTEL_CHACHA_SPEEDUP */
 
 
 #ifdef HAVE_XCHACHA
@@ -325,6 +327,7 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c,
 #endif
 
 
+#ifndef USE_INTEL_CHACHA_SPEEDUP
 /**
   * Encrypt a stream of bytes
   */
@@ -372,6 +375,8 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         ctx->left = CHACHA_CHUNK_BYTES - bytes;
     }
 }
+#endif /* !USE_INTEL_CHACHA_SPEEDUP */
+
 
 /**
   * API to encrypt/decrypt a message of any size.
@@ -423,10 +428,10 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
         chacha_encrypt_x64(ctx, input, output, msglen);
         return 0;
     }
-#endif
+#else
     wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
-
     return 0;
+#endif
 }
 
 void wc_Chacha_purge_current_block(ChaCha* ctx) {
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index d61f85fbd..427927cd8 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -356,7 +356,7 @@ static int InitSha256(wc_Sha256* sha256)
         intel_flags = cpuid_get_flags();
 
     #ifdef HAVE_INTEL_AVX2
-        if (1 && IS_INTEL_AVX2(intel_flags)) {
+        if (IS_INTEL_AVX2(intel_flags)) {
         #ifdef HAVE_INTEL_RORX
             if (IS_INTEL_BMI2(intel_flags)) {
                 Transform_Sha256_p = Transform_Sha256_AVX2_RORX;
@@ -365,27 +365,29 @@ static int InitSha256(wc_Sha256* sha256)
             }
             else
         #endif
-            if (1)
             {
                 Transform_Sha256_p = Transform_Sha256_AVX2;
                 Transform_Sha256_Len_p = Transform_Sha256_AVX2_Len;
                 Transform_Sha256_is_vectorized = 1;
             }
-        #ifdef HAVE_INTEL_RORX
-            else {
-                Transform_Sha256_p = Transform_Sha256_AVX1_RORX;
-                Transform_Sha256_Len_p = Transform_Sha256_AVX1_RORX_Len;
-                Transform_Sha256_is_vectorized = 1;
-            }
-        #endif
         }
         else
     #endif
     #ifdef HAVE_INTEL_AVX1
         if (IS_INTEL_AVX1(intel_flags)) {
-            Transform_Sha256_p = Transform_Sha256_AVX1;
-            Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len;
-            Transform_Sha256_is_vectorized = 1;
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                Transform_Sha256_p = Transform_Sha256_AVX1_RORX;
+                Transform_Sha256_Len_p = Transform_Sha256_AVX1_RORX_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
+            else
+        #endif
+            {
+                Transform_Sha256_p = Transform_Sha256_AVX1;
+                Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
         }
         else
     #endif
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index d51fa6199..c0a19609b 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -452,32 +452,36 @@ static int InitSha512_256(wc_Sha512* sha512)
             }
             else
         #endif
-            if (1) {
+            {
                 Transform_Sha512_p = Transform_Sha512_AVX2;
                 Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len;
                 Transform_Sha512_is_vectorized = 1;
             }
-        #ifdef HAVE_INTEL_RORX
-            else {
-                Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
-                Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
-                Transform_Sha512_is_vectorized = 1;
-            }
-        #endif
         }
         else
     #endif
     #if defined(HAVE_INTEL_AVX1)
         if (IS_INTEL_AVX1(intel_flags)) {
-            Transform_Sha512_p = Transform_Sha512_AVX1;
-            Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
-            Transform_Sha512_is_vectorized = 1;
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
+                Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
+                Transform_Sha512_is_vectorized = 1;
+            }
+            else
+        #endif
+            {
+                Transform_Sha512_p = Transform_Sha512_AVX1;
+                Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
+                Transform_Sha512_is_vectorized = 1;
+            }
         }
         else
     #endif
         {
             Transform_Sha512_p = _Transform_Sha512;
-            Transform_Sha512_is_vectorized = 1;
+            Transform_Sha512_Len_p = NULL;
+            Transform_Sha512_is_vectorized = 0;
         }
 
         transform_check = 1;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index f59da64fa..329f1abf2 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -6139,9 +6139,15 @@ WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
 WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
-                                            word16 named_curve);
+                                            word16 curve_id);
 #else
-#define wolfSSL_curve_is_disabled(ssl, c)   ((void)(ssl), (void)(c), 0)
+static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
+                                               word16 curve_id)
+{
+    (void)ssl;
+    (void)curve_id;
+    return 0;
+}
 #endif
 
 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,