diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 79cf7f6eaf..b44dd29b97 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -634,6 +634,7 @@ USE_TLSV13 USE_WINDOWS_API USE_WOLF_STRNSTR USS_API +W64LIT_FORCE_LONG_LONG WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING WC_AES_BS_WORD_SIZE WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5d961fc9aa..8c0c8e2910 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -34004,7 +34004,7 @@ enum { SINGLERESPONSEASN_IDX_THISUPDATE_GT, SINGLERESPONSEASN_IDX_NEXTUPDATE, SINGLERESPONSEASN_IDX_NEXTUPDATE_GT, - SINGLERESPONSEASN_IDX_EXT, + SINGLERESPONSEASN_IDX_EXT }; /* Number of items in ASN.1 template for OCSP single response. */ @@ -34029,7 +34029,7 @@ enum { CERTIDASN_IDX_CID_HASHALGO_NULL, CERTIDASN_IDX_CID_ISSUERHASH, CERTIDASN_IDX_CID_ISSUERKEYHASH, - CERTIDASN_IDX_CID_SERIAL, + CERTIDASN_IDX_CID_SERIAL }; #define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem)) @@ -34404,7 +34404,7 @@ static const ASNItem respExtHdrASN[] = { }; enum { RESPEXTHDRASN_IDX_EXT = 0, - RESPEXTHDRASN_IDX_EXT_SEQ, + RESPEXTHDRASN_IDX_EXT_SEQ }; /* Number of items in ASN.1 template for OCSP response extension header. */ @@ -34498,7 +34498,7 @@ enum { OCSPNONCEEXTASN_IDX_EXT, OCSPNONCEEXTASN_IDX_EXT_OID, OCSPNONCEEXTASN_IDX_EXT_VAL, - OCSPNONCEEXTASN_IDX_EXT_NONCE, + OCSPNONCEEXTASN_IDX_EXT_NONCE }; /* Number of items in ASN.1 template for OCSP nonce extension. */ @@ -34575,7 +34575,7 @@ enum { OCSPRESPDATAASN_IDX_BYKEY_OCT, OCSPRESPDATAASN_IDX_PA, OCSPRESPDATAASN_IDX_RESP, - OCSPRESPDATAASN_IDX_RESPEXT, + OCSPRESPDATAASN_IDX_RESPEXT }; /* Number of items in ASN.1 template for OCSP ResponseData. */ @@ -34858,7 +34858,7 @@ enum { #endif OCSPBASICRESPASN_IDX_SIGNATURE, OCSPBASICRESPASN_IDX_CERTS, - OCSPBASICRESPASN_IDX_CERTS_SEQ, + OCSPBASICRESPASN_IDX_CERTS_SEQ }; /* Number of items in ASN.1 template for BasicOCSPResponse. */ @@ -35311,7 +35311,7 @@ enum { OCSPRESPONSEASN_IDX_BYTES_TYPE, - OCSPRESPONSEASN_IDX_BYTES_VAL, + OCSPRESPONSEASN_IDX_BYTES_VAL }; /* Number of items in ASN.1 template for OCSPResponse. */ @@ -35588,7 +35588,7 @@ enum { OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY, OCSPREQUESTASN_IDX_TBS_REQ_SERIAL, OCSPREQUESTASN_IDX_TBS_REQEXT, - OCSPREQUESTASN_IDX_OPT_SIG, + OCSPREQUESTASN_IDX_OPT_SIG }; /* Number of items in ASN.1 template for OCSPRequest. */ @@ -36145,7 +36145,7 @@ enum { REVOKEDASN_IDX_CERT, REVOKEDASN_IDX_TIME_UTC, REVOKEDASN_IDX_TIME_GT, - REVOKEDASN_IDX_TIME_EXT, + REVOKEDASN_IDX_TIME_EXT }; /* Number of items in ASN.1 template for revoked certificates. */ @@ -36742,7 +36742,7 @@ enum { #ifdef WC_RSA_PSS CRLASN_IDX_SIGALGO_PARAMS, #endif - CRLASN_IDX_SIGNATURE, + CRLASN_IDX_SIGNATURE }; /* Number of items in ASN.1 template for a CRL- CertificateList. */ diff --git a/wolfcrypt/src/asn_orig.c b/wolfcrypt/src/asn_orig.c index 747c699ac2..979bf53bc0 100644 --- a/wolfcrypt/src/asn_orig.c +++ b/wolfcrypt/src/asn_orig.c @@ -34,6 +34,9 @@ #ifndef WOLFSSL_IGNORE_FILE_WARN #warning asn_orig.c does not need to be compiled separately from asn.c #endif + /* An empty translation unit is a constraint violation in C89, so emit a + * harmless typedef to keep it well-formed. */ + typedef int wolfssl_asn_orig_dummy_decl; #else /* Forward declarations for static functions defined later in this file. */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8be44884f7..701a78e3c8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2090,7 +2090,7 @@ enum states { #ifdef WOLFSSL_DTLS13 SERVER_FINISHED_ACKED, #endif /* WOLFSSL_DTLS13 */ - + WOLF_ENUM_DUMMY_LAST_ELEMENT(states) }; /* SSL Version */ @@ -3082,10 +3082,10 @@ typedef enum { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) TLSX_CKS = TLSXT_CKS, #endif - TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO, #ifdef WOLFSSL_QUIC TLSX_KEY_QUIC_TP_PARAMS_DRAFT = TLSXT_KEY_QUIC_TP_PARAMS_DRAFT, #endif + TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO } TLSX_Type; /* TLS Certificate type defined RFC7250 @@ -3446,7 +3446,8 @@ typedef struct SignatureAlgorithms { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte hashSigAlgo[]; /* sig/algo to offer */ + /* sig/algo to offer */ + byte hashSigAlgo[WC_FLEXIBLE_ARRAY_SIZE]; } SignatureAlgorithms; WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New( @@ -3626,11 +3627,11 @@ typedef struct InternalTicket { /* RFC 5077 defines this for session tickets. All members need to be a byte or * array of byte to avoid alignment issues */ typedef struct ExternalTicket { - byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ - byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ - byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ - byte enc_ticket[]; /* encrypted ticket - var length - * + total mac - 32 */ + byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ + byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ + byte enc_ticket[WC_FLEXIBLE_ARRAY_SIZE]; /* encrypted ticket - var length + * + total mac - 32 */ } ExternalTicket; /* Fixed portion of external ticket (key_name + iv + enc_len) */ @@ -3714,7 +3715,7 @@ typedef struct Cookie { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte data[]; + byte data[WC_FLEXIBLE_ARRAY_SIZE]; } Cookie; WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, @@ -3777,7 +3778,7 @@ enum PskDecryptReturn { PSK_DECRYPT_NONE = 0, PSK_DECRYPT_OK, PSK_DECRYPT_CREATE, - PSK_DECRYPT_FAIL, + PSK_DECRYPT_FAIL }; #ifdef HAVE_SESSION_TICKET @@ -4509,7 +4510,7 @@ enum SignatureAlgorithm { enum SigAlgRsaPss { pss_sha256 = 0x09, pss_sha384 = 0x0a, - pss_sha512 = 0x0b, + pss_sha512 = 0x0b }; #ifdef WOLFSSL_SM2 @@ -4544,7 +4545,7 @@ enum ClientCertificateType { rsa_fixed_ecdh = 65, ecdsa_fixed_ecdh = 66, falcon_sign = 67, - mldsa_sign = 68, + mldsa_sign = 68 }; /* Maximum number of ClientCertificateType bytes the server emits in a @@ -5090,14 +5091,14 @@ enum buildMsgState { BUILD_MSG_HASH, BUILD_MSG_VERIFY_MAC, BUILD_MSG_ENCRYPT, - BUILD_MSG_ENCRYPTED_VERIFY_MAC, + BUILD_MSG_ENCRYPTED_VERIFY_MAC }; /* sub-states for cipher operations */ enum cipherState { CIPHER_STATE_BEGIN = 0, CIPHER_STATE_DO, - CIPHER_STATE_END, + CIPHER_STATE_END }; struct Options { @@ -5454,7 +5455,7 @@ typedef enum { STACK_TYPE_X509_NAME_ENTRY = 17, STACK_TYPE_X509_REQ_ATTR = 18, STACK_TYPE_GENERAL_SUBTREE = 19, - STACK_TYPE_X509_REVOKED = 20, + STACK_TYPE_X509_REVOKED = 20 } WOLF_STACK_TYPE; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -5765,7 +5766,7 @@ typedef struct DtlsFragBucket { #ifdef _MSC_VER #pragma warning(disable: 4200) #endif - byte buf[]; + byte buf[WC_FLEXIBLE_ARRAY_SIZE]; } DtlsFragBucket; typedef struct DtlsMsg { @@ -6786,6 +6787,7 @@ enum ContentType { #ifdef WOLFSSL_DTLS13 ack = 26, #endif /* WOLFSSL_DTLS13 */ + WOLF_ENUM_DUMMY_LAST_ELEMENT(ContentType) }; @@ -6945,7 +6947,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsTLS_ex(const ProtocolVersion pv); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); -WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv); +WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend); WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); @@ -7255,7 +7257,7 @@ typedef struct CipherSuiteInfo { #endif WOLFSSL_TEST_VIS const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_TEST_VIS int GetCipherNamesSize(void); -WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* used in wolfSSL_sk_CIPHER_description */ #define MAX_SEGMENTS 5 @@ -7271,7 +7273,7 @@ WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL int SetCipherBits(const char* enc); WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]); #endif -WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index cdbc989a36..77844a9008 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -221,6 +221,29 @@ typedef const char wcchar[]; #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */ #endif +#if defined(WC_FLEXIBLE_ARRAY_SIZE) + /* keep override value. */ +#elif defined(__cplusplus) + /* No C++ standard has FAMs; [] and [0] are vendor extensions. + * Use the struct hack. */ + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) + /* Standard C99+ flexible array member -- valid even under + * __STRICT_ANSI__ / -pedantic. */ + #define WC_FLEXIBLE_ARRAY_SIZE +#elif defined(__STRICT_ANSI__) || defined(WOLF_C89) + /* C89 "struct hack" fallback. + * See http://c-faq.com/struct/structhack.html */ + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#elif defined(__GNUC__) || defined(__clang__) || \ + (defined(_MSC_VER) && !defined(__cplusplus)) + /* gnu89 etc.: [] accepted as an extension without -pedantic; + * MSVC C mode accepts it too (C4200, off by default at /W3). */ + #define WC_FLEXIBLE_ARRAY_SIZE +#else + #define WC_FLEXIBLE_ARRAY_SIZE 1 +#endif + /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ #if defined(_WIN32) || defined(HAVE_LIMITS_H) #include @@ -299,7 +322,7 @@ typedef const char wcchar[]; typedef unsigned long long word64; #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else @@ -310,7 +333,7 @@ typedef const char wcchar[]; typedef unsigned long word64; #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else @@ -321,7 +344,7 @@ typedef const char wcchar[]; typedef unsigned long long word64; #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 #define WORD64_AVAILABLE - #ifdef WOLF_C89 + #if defined(WOLF_C89) && !defined(W64LIT_FORCE_LONG_LONG) #define W64LIT(x) x##UL #define SW64LIT(x) x##L #else