From 007f01e7eca18c5b7be8e691f40a85a882b8508b Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 18 Oct 2021 15:44:44 -0500
Subject: [PATCH] scan-build LLVM-13 fixes: in src/tls.c
 TLSX_PopulateExtensions(), avoid -Wunreachable-code-return by refactoring
 iteration to use an array terminator (a new "WOLFSSL_NAMED_GROUP_INVALID"
 with value 0) rather than a compile-time-calculated constant of iteration.

---
 src/tls.c     | 14 +++-----------
 wolfssl/ssl.h |  1 +
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 30677592f..55c933ced 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -10210,8 +10210,8 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
     WOLFSSL_FFDHE_8192,
 #endif
+    WOLFSSL_NAMED_GROUP_INVALID
 };
-#define PREFERRED_GROUP_SZ (sizeof(preferredGroup) / sizeof(*preferredGroup))
 
 #endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
 
@@ -10225,7 +10225,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 #endif
 #if defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)
     TLSX* extension = NULL;
-    word16 namedGroup = 0;
+    word16 namedGroup = WOLFSSL_NAMED_GROUP_INVALID;
 #endif
 
     /* server will add extension depending on what is parsed from client */
@@ -10306,14 +10306,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                     namedGroup = ssl->session.namedGroup;
                 else
             #endif
-            PRAGMA_CLANG_DIAG_PUSH
-            PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-return\"")
-                if (PREFERRED_GROUP_SZ == 0) {
-                    WOLFSSL_MSG("No groups in preference list");
-                    return KEY_SHARE_ERROR;
-                }
-                else
-            PRAGMA_CLANG_DIAG_POP
                 if (ssl->numGroups > 0) {
                     int set = 0;
                     int i, j;
@@ -10323,7 +10315,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                      */
                     namedGroup = preferredGroup[0];
                     for (i = 0; i < ssl->numGroups && !set; i++) {
-                        for (j = 0; j < (int)PREFERRED_GROUP_SZ; j++) {
+                        for (j = 0; preferredGroup[j] != WOLFSSL_NAMED_GROUP_INVALID; j++) {
                             if (preferredGroup[j] == ssl->group[i]) {
                                 namedGroup = ssl->group[i];
                                 set = 1;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 318ae6513..a411e0563 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -3530,6 +3530,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
 
 /* Named Groups */
 enum {
+    WOLFSSL_NAMED_GROUP_INVALID = 0,
 #if 0 /* Not Supported */
     WOLFSSL_ECC_SECT163K1 = 1,
     WOLFSSL_ECC_SECT163R1 = 2,