scan-build LLVM-13 fixes: in src/tls.c TLSX_PopulateExtensions(), avoid -Wunreachable-code-return by refactoring iteration to use an array terminator (a new "WOLFSSL_NAMED_GROUP_INVALID" with value 0) rather than a compile-time-calculated constant of iteration.

2021-10-18 15:44:44 -05:00 · 2021-10-18 15:44:44 -05:00 · 007f01e7ec
parent 816527e826
commit 007f01e7ec
2 changed files with 4 additions and 11 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -10210,8 +10210,8 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
    WOLFSSL_FFDHE_8192,
 #endif
+    WOLFSSL_NAMED_GROUP_INVALID
 };
-#define PREFERRED_GROUP_SZ (sizeof(preferredGroup) / sizeof(*preferredGroup))

 #endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */

@ -10225,7 +10225,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 #endif
 #if defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)
    TLSX* extension = NULL;
-    word16 namedGroup = 0;
+    word16 namedGroup = WOLFSSL_NAMED_GROUP_INVALID;
 #endif

    /* server will add extension depending on what is parsed from client */
@ -10306,14 +10306,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                    namedGroup = ssl->session.namedGroup;
                else
            #endif
-            PRAGMA_CLANG_DIAG_PUSH
-            PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-return\"")
-                if (PREFERRED_GROUP_SZ == 0) {
-                    WOLFSSL_MSG("No groups in preference list");
-                    return KEY_SHARE_ERROR;
-                }
-                else
-            PRAGMA_CLANG_DIAG_POP
                if (ssl->numGroups > 0) {
                    int set = 0;
                    int i, j;
@ -10323,7 +10315,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                     */
                    namedGroup = preferredGroup[0];
                    for (i = 0; i < ssl->numGroups && !set; i++) {
-                        for (j = 0; j < (int)PREFERRED_GROUP_SZ; j++) {
+                        for (j = 0; preferredGroup[j] != WOLFSSL_NAMED_GROUP_INVALID; j++) {
                            if (preferredGroup[j] == ssl->group[i]) {
                                namedGroup = ssl->group[i];
                                set = 1;
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -3530,6 +3530,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,

 /* Named Groups */
 enum {
+    WOLFSSL_NAMED_GROUP_INVALID = 0,
 #if 0 /* Not Supported */
    WOLFSSL_ECC_SECT163K1 = 1,
    WOLFSSL_ECC_SECT163R1 = 2,