Also document that method in contribution guide.
Resolves #306
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1. Input parameters
2. Output parameters
-When data and size is expected, a gnutls_datum structure should be
-used (or more precisely a pointer to the structure).
+When data and size are expected as input, a const gnutls_datum_t structure
+should be used (or more precisely a pointer to the structure).
+
+When data pointer and size are to be returned as output, a gnutls_datum_t
+structure should be used.
+
+When output is to be copied to caller an array of fixed data should be
+provided.
# Callback function parameters:
network stack and causes issues to gnutls applications running on windows).
+# Compiler warnings
+
+The compiler prints warnings for several reasons; these warnings are
+also not constant in time, different versions of the same compiler may
+warn about different issues.
+
+In GnuTLS we enable as many as possible warnings available in the compiler
+via configure.ac. On certain cases however we silence or disable warnings
+and the following subsections go case by case.
+
+## Switch unintended fall-through warnings
+
+These we silence by using the macro FALLTHROUGH under a switch
+statement which intentionally falls through. Example:
+```
+switch (session->internals.recv_state) {
+ case RECV_STATE_DTLS_RETRANSMIT:
+ ret = _dtls_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.recv_state = RECV_STATE_0;
+ FALLTHROUGH;
+ case RECV_STATE_0:
+
+ _dtls_async_timer_check(session);
+ return 1;
+}
+```
+
+
# Symbol and library versioning
The library uses the libtool versioning system, which in turn
abort();
case 3:
dst[--j] = (word >> 8) & 0xff;
- /* Fall through */
+ FALLTHROUGH;
case 2:
dst[--j] = (word >> 16) & 0xff;
- /* Fall through */
+ FALLTHROUGH;
case 1:
dst[--j] = (word >> 24) & 0xff;
}
session->internals.hb_local_data.length = data_size;
session->internals.hb_state = SHB_SEND2;
- /* fallthrough */
+ FALLTHROUGH;
case SHB_SEND2:
session->internals.hb_actual_retrans_timeout_ms =
session->internals.hb_retrans_timeout_ms;
}
session->internals.hb_state = SHB_RECV;
- /* fallthrough */
+ FALLTHROUGH;
case SHB_RECV:
ret =
STATE = STATE100;
IMED_RET("send change cipher spec", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE101:
ret =
generate_and_set_hs_traffic_keys(session);
STATE = STATE101;
IMED_RET_FATAL("generate session keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE102:
ret = _gnutls13_recv_encrypted_extensions(session);
STATE = STATE102;
IMED_RET("recv encrypted extensions", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE103:
ret = _gnutls13_recv_certificate_request(session);
STATE = STATE103;
IMED_RET("recv certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE104:
ret = _gnutls13_recv_certificate(session);
STATE = STATE104;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE105:
ret = _gnutls13_recv_certificate_verify(session);
STATE = STATE105;
IMED_RET("recv server certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE106:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE106;
ret = _gnutls13_recv_finished(session);
STATE = STATE107;
IMED_RET("recv finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE108:
ret = _gnutls13_send_certificate(session, AGAIN(STATE108));
STATE = STATE108;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE109:
ret = _gnutls13_send_certificate_verify(session, AGAIN(STATE109));
STATE = STATE109;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE110:
ret = _gnutls13_send_finished(session, AGAIN(STATE110));
STATE = STATE110;
IMED_RET("send finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE111:
STATE = STATE111;
ret = _gnutls13_handshake_hash_buffers_synth(session, session->security_parameters.prf, 0);
STATE = STATE90;
IMED_RET_FATAL("reset handshake buffers", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE91:
ret = _gnutls13_send_hello_retry_request(session, AGAIN(STATE91));
STATE = STATE91;
IMED_RET("send hello retry request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE92:
#ifdef TLS13_APPENDIX_D4
ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE92));
STATE = STATE92;
IMED_RET("send change cipher spec", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE93:
ret =
_gnutls_recv_handshake(session,
}
IMED_RET("recv client hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE94:
ret = _gnutls_send_server_hello(session, AGAIN(STATE94));
STATE = STATE94;
IMED_RET("send hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE99:
case STATE100:
#ifdef TLS13_APPENDIX_D4
IMED_RET("send change cipher spec", ret, 0);
}
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE101:
ret =
generate_and_set_hs_traffic_keys(session);
STATE = STATE101;
IMED_RET_FATAL("generate session keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE102:
ret = _gnutls13_send_encrypted_extensions(session, AGAIN(STATE102));
STATE = STATE102;
IMED_RET("send encrypted extensions", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE103:
ret = _gnutls13_send_certificate_request(session, AGAIN(STATE103));
STATE = STATE103;
IMED_RET("send certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE104:
ret = _gnutls13_send_certificate(session, AGAIN(STATE104));
STATE = STATE104;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE105:
ret = _gnutls13_send_certificate_verify(session, AGAIN(STATE105));
STATE = STATE105;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE106:
ret = _gnutls13_send_finished(session, AGAIN(STATE106));
STATE = STATE106;
IMED_RET("send finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE107:
/* At this point our sending keys should be the app keys
* see 4.4.4 at draft-ietf-tls-tls13-28 */
_gnutls_handshake_log("HSK[%p]: switching early to application traffic keys\n", session);
- /* fall through */
+ FALLTHROUGH;
case STATE108:
if (session->internals.resumed != RESUME_FALSE)
_gnutls_set_resumed_parameters(session);
return 0;
}
}
- /* fall through */
+ FALLTHROUGH;
case STATE109:
ret = _gnutls13_recv_certificate(session);
STATE = STATE109;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE110:
ret = _gnutls13_recv_certificate_verify(session);
STATE = STATE110;
IMED_RET("recv certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE111:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE111;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case STATE112: /* can enter from STATE108 */
ret = _gnutls13_recv_finished(session);
STATE = STATE112;
IMED_RET("recv finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE113:
/* If we did request a client certificate, then we can
* only send the tickets here */
ret = _tls13_read_connection_state_init(session, STAGE_APP);
IMED_RET_FATAL("set read app keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE114:
if (!(session->internals.hsk_flags & (HSK_TLS13_TICKET_SENT|HSK_EARLY_START_USED))) {
ret = _gnutls13_send_session_ticket(session, TICKETS_TO_SEND,
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case TICKET_STATE1:
ret =
_gnutls13_send_session_ticket(session, nr, TICKET_STATE==TICKET_STATE1?1:0);
ret = send_client_hello(session, AGAIN(STATE1));
STATE = STATE1;
IMED_RET("send hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE2:
if (IS_DTLS(session)) {
ret =
return 1;
}
}
- /* fall through */
+ FALLTHROUGH;
case STATE3:
/* receive the server hello */
ret =
0, NULL);
STATE = STATE3;
IMED_RET("recv hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE4:
ver = get_version(session);
if (ver->tls13_sem) { /* TLS 1.3 state machine */
ret = _gnutls_ext_sr_verify(session);
STATE = STATE4;
IMED_RET_FATAL("recv hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE5:
if (session->security_parameters.do_recv_supplemental) {
ret = _gnutls_recv_supplemental(session);
STATE = STATE5;
IMED_RET("recv supplemental", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE6:
/* RECV CERTIFICATE */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_server_certificate(session);
STATE = STATE6;
IMED_RET("recv server certificate", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE7:
#ifdef ENABLE_OCSP
/* RECV CERTIFICATE STATUS */
STATE = STATE7;
IMED_RET("recv server certificate", ret, 1);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE8:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE8;
ret = _gnutls_recv_server_kx_message(session);
STATE = STATE9;
IMED_RET("recv server kx message", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE10:
/* receive the server certificate request - if any
*/
STATE = STATE10;
IMED_RET("recv server certificate request message", ret,
1);
- /* fall through */
+ FALLTHROUGH;
case STATE11:
/* receive the server hello done */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
0, NULL);
STATE = STATE11;
IMED_RET("recv server hello done", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE12:
if (session->security_parameters.do_send_supplemental) {
ret =
STATE = STATE12;
IMED_RET("send supplemental", ret, 0);
}
- /* fall through */
+ FALLTHROUGH;
case STATE13:
/* send our certificate - if any and if requested
*/
(STATE13));
STATE = STATE13;
IMED_RET("send client certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE14:
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret =
AGAIN(STATE14));
STATE = STATE14;
IMED_RET("send client kx", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE15:
/* send client certificate verify */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
(STATE15));
STATE = STATE15;
IMED_RET("send client certificate verify", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE16:
STATE = STATE16;
if (session->internals.resumed == RESUME_FALSE) {
IMED_RET("recv handshake new session ticket", ret,
1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE17:
STATE = STATE17;
if (session->internals.resumed == RESUME_FALSE && (session->internals.flags & GNUTLS_ENABLE_FALSE_START) && can_send_false_start(session)) {
return 0;
}
- /* fall through */
+ FALLTHROUGH;
case STATE18:
STATE = STATE18;
ret = recv_handshake_final(session, TRUE);
IMED_RET("recv handshake final", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE19:
STATE = STATE19;
if (session->internals.resumed == RESUME_FALSE) {
}
STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case STATE2:
/* send the finished message */
ret = _gnutls_send_finished(session, FAGAIN(STATE2));
}
FINAL_STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case STATE31:
FINAL_STATE = STATE31;
return ret;
}
FINAL_STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
}
IMED_RET("recv hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE2:
ret = _gnutls_ext_sr_verify(session);
STATE = STATE2;
IMED_RET_FATAL("recv hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE3:
ret = _gnutls_send_server_hello(session, AGAIN(STATE3));
STATE = STATE3;
goto reset;
}
- /* fall through */
+ FALLTHROUGH;
case STATE4:
if (session->security_parameters.do_send_supplemental) {
ret =
IMED_RET("send supplemental data", ret, 0);
}
/* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
- /* fall through */
+ FALLTHROUGH;
case STATE5:
/* NOTE: these should not be send if we are resuming */
AGAIN(STATE5));
STATE = STATE5;
IMED_RET("send server certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE6:
#ifdef ENABLE_OCSP
if (session->internals.resumed == RESUME_FALSE)
STATE = STATE6;
IMED_RET("send server certificate status", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE7:
/* send server key exchange (A) */
if (session->internals.resumed == RESUME_FALSE)
AGAIN(STATE7));
STATE = STATE7;
IMED_RET("send server kx", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE8:
/* Send certificate request - if requested to */
if (session->internals.resumed == RESUME_FALSE)
AGAIN(STATE8));
STATE = STATE8;
IMED_RET("send server cert request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE9:
/* send the server hello done */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
AGAIN(STATE9));
STATE = STATE9;
IMED_RET("send server hello done", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE10:
if (session->security_parameters.do_recv_supplemental) {
ret = _gnutls_recv_supplemental(session);
IMED_RET("recv client supplemental", ret, 1);
}
/* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
- /* fall through */
+ FALLTHROUGH;
case STATE11:
/* receive the client certificate message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_client_certificate(session);
STATE = STATE11;
IMED_RET("recv client certificate", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE12:
ret = _gnutls_run_verify_callback(session, GNUTLS_SERVER);
STATE = STATE12;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case STATE13:
/* receive the client key exchange message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_client_kx_message(session);
STATE = STATE13;
IMED_RET("recv client kx", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE14:
/* receive the client certificate verify message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
(session);
STATE = STATE14;
IMED_RET("recv client certificate verify", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE15:
STATE = STATE15;
if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
ret = send_handshake_final(session, TRUE);
IMED_RET("send handshake final 2", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE16:
ret =
_gnutls_send_new_session_ticket(session,
AGAIN(STATE16));
STATE = STATE16;
IMED_RET("send handshake new session ticket", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE17:
STATE = STATE17;
if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
}
STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
free(sig.data);
sig.data = NULL;
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_EC: /* we only do keys for ECDSA */
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_DSA:
break;
}
#endif
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_DH:
{
struct dsa_params pub;
}
data = tmp;
data_size = size;
- /* fallthrough */
+
+ FALLTHROUGH;
case GNUTLS_PKCS11_OBJ_ID:
a[0].type = CKA_ID;
a[0].value = (void*)data;
case GNUTLS_PK_DSA:
if (mand)
*mand = 1;
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_ECDSA:
me = _gnutls_dsa_q_to_hash(&key->params, NULL);
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case BYE_STATE1:
ret =
gnutls_alert_send(session, GNUTLS_AL_WARNING,
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case BYE_STATE2:
BYE_STATE = BYE_STATE2;
if (how == GNUTLS_SHUT_RDWR) {
session->internals.recv_state = RECV_STATE_0;
- /* Fall through: */
FALLTHROUGH;
case RECV_STATE_0:
return gnutls_assert_val(ret);
session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_2;
- /* fall-through */
+ FALLTHROUGH;
case RECORD_SEND_KEY_UPDATE_2:
ret = gnutls_session_key_update(session, 0);
if (ret < 0)
return gnutls_assert_val(ret);
session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_3;
- /* fall-through */
+ FALLTHROUGH;
case RECORD_SEND_KEY_UPDATE_3:
ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
-1, EPOCH_WRITE_CURRENT,
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE1:
ret = _gnutls13_recv_certificate_request_int(session,
&session->internals.reauth_buffer);
REAUTH_STATE = REAUTH_STATE1;
IMED_RET("recv certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE2:
ret = _gnutls13_send_certificate(session, AGAIN(REAUTH_STATE2));
REAUTH_STATE = REAUTH_STATE2;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE3:
ret = _gnutls13_send_certificate_verify(session, AGAIN(REAUTH_STATE3));
REAUTH_STATE = REAUTH_STATE3;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE4:
ret = _gnutls13_send_finished(session, AGAIN(REAUTH_STATE4));
REAUTH_STATE = REAUTH_STATE4;
session->internals.handshake_hash_buffer_prev_len = session->internals.handshake_hash_buffer.length;
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE1:
ret = _gnutls13_send_certificate_request(session, AGAIN(REAUTH_STATE1));
REAUTH_STATE = REAUTH_STATE1;
IMED_RET("send certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE2:
/* here we should tolerate application data */
ret = _gnutls13_recv_certificate(session);
REAUTH_STATE = REAUTH_STATE2;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE3:
ret = _gnutls13_recv_certificate_verify(session);
REAUTH_STATE = REAUTH_STATE3;
IMED_RET("recv certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE4:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
REAUTH_STATE = REAUTH_STATE4;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE5:
ret = _gnutls13_recv_finished(session);
REAUTH_STATE = REAUTH_STATE5;
goto done;
}
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_BAG_PKCS8_KEY:
if (*key != NULL) { /* too simple to continue */
gnutls_assert();
case GNUTLS_IA_CAISSUERS_URI:
oid = GNUTLS_OID_AD_CAISSUERS;
- /* fall through */
+ FALLTHROUGH;
case GNUTLS_IA_OCSP_URI:
if (oid == NULL)
gnutls_assert_val
(GNUTLS_E_UNKNOWN_ALGORITHM);
}
- /* fall through */
+ FALLTHROUGH;
case GNUTLS_IA_URI:
snprintf(nptr, sizeof(nptr),
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 2:
success("%s: updating server's key\n", name);
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 3:
success("%s: updating client's key and asking server\n", name);
do {
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 4:
success("%s: updating server's key and asking client\n", name);
do {
# error tests cannot be compiled with NDEBUG defined
#endif
+#if _GNUTLS_GCC_VERSION >= 70100
+#define FALLTHROUGH __attribute__ ((fallthrough))
+#endif
+
+#ifndef FALLTHROUGH
+# define FALLTHROUGH
+#endif
+
inline static int global_init(void)
{
#ifdef ENABLE_PKCS11
projects / thirdparty / gnutls.git / commitdiff
