diff --git a/src/rand_win.c b/src/rand_win.c index da6ab653..69fe9e50 100644 --- a/src/rand_win.c +++ b/src/rand_win.c @@ -18,7 +18,7 @@ int rand_bytes(uint8_t *buf, size_t len) { - HCRYPTPROV hCryptProv = NULL; + HCRYPTPROV hCryptProv; int ret = -1; if (!buf) { diff --git a/src/sgd.h b/src/sgd.h index 2f6586b6..a602fe81 100644 --- a/src/sgd.h +++ b/src/sgd.h @@ -275,34 +275,9 @@ typedef int32_t SGD_BOOL; #define SGD_STATUS_READY 0x00000202 #define SGD_STATUS_EXCEPTION 0x00000203 -/* SKF */ -#ifndef WIN32 -typedef signed char INT8; -typedef signed short INT16; -typedef signed int INT32; -typedef unsigned char UINT8; -typedef unsigned short UINT16; -typedef unsigned int UINT32; -typedef long BOOL; -typedef UINT8 BYTE; -typedef UINT8 CHAR; -typedef INT16 SHORT; -typedef UINT16 USHORT; -# ifndef SGD_NATIVE_LONG -typedef INT32 LONG; -typedef UINT32 ULONG; -# else -typedef long LONG; -typedef unsigned long ULONG; -# endif -typedef UINT32 UINT; -typedef UINT16 WORD; -typedef UINT32 DWORD; -typedef UINT32 FLAGS; -typedef CHAR * LPSTR; -typedef void * HANDLE; +#ifdef WIN32 +#include #else -#ifndef _WINDEF_H typedef signed char INT8; typedef signed short INT16; typedef signed int INT32; @@ -328,7 +303,7 @@ typedef UINT32 FLAGS; typedef CHAR * LPSTR; typedef void * HANDLE; #endif -#endif + typedef HANDLE DEVHANDLE; typedef HANDLE HAPPLICATION; diff --git a/src/tlcp.c b/src/tlcp.c index cec7ea8c..dcdfadc2 100644 --- a/src/tlcp.c +++ b/src/tlcp.c @@ -301,7 +301,7 @@ int tlcp_do_connect(TLS_CONNECT *conn) goto end; } p = server_enc_cert_lenbuf; len = 0; - tls_uint24_to_bytes(server_enc_cert_len, &p, &len); + tls_uint24_to_bytes((uint24_t)server_enc_cert_len, &p, &len); if (sm2_verify_init(&verify_ctx, &server_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1 || sm2_verify_update(&verify_ctx, client_random, 32) != 1 || sm2_verify_update(&verify_ctx, server_random, 32) != 1 @@ -731,7 +731,7 @@ int tlcp_do_accept(TLS_CONNECT *conn) goto end; } p = server_enc_cert_lenbuf; len = 0; - tls_uint24_to_bytes(server_enc_cert_len, &p, &len); + tls_uint24_to_bytes((uint24_t)server_enc_cert_len, &p, &len); if (sm2_sign_init(&sign_ctx, &conn->sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1 || sm2_sign_update(&sign_ctx, client_random, 32) != 1 || sm2_sign_update(&sign_ctx, server_random, 32) != 1 diff --git a/src/tls12.c b/src/tls12.c index 89963297..27e8191f 100644 --- a/src/tls12.c +++ b/src/tls12.c @@ -217,7 +217,6 @@ int tls12_do_connect(TLS_CONNECT *conn) SM2_KEY server_sign_key; - SM2_SIGN_CTX verify_ctx; SM2_SIGN_CTX sign_ctx; const uint8_t *sig; size_t siglen; @@ -228,11 +227,8 @@ int tls12_do_connect(TLS_CONNECT *conn) const uint8_t *verify_data; size_t verify_data_len; uint8_t local_verify_data[12]; - int handshake_type; - const uint8_t *server_enc_cert; // 这几个值也是不需要的 - size_t server_enc_cert_len; - uint8_t server_enc_cert_lenbuf[3]; + const uint8_t *cp; uint8_t *p; size_t len; @@ -708,7 +704,6 @@ int tls12_do_accept(TLS_CONNECT *conn) // ClientKeyExchange SM2_POINT client_ecdhe_point; uint8_t pre_master_secret[SM2_MAX_PLAINTEXT_SIZE]; // sm2_decrypt 保证输出不会溢出 - size_t pre_master_secret_len; // Finished SM3_CTX sm3_ctx; @@ -718,7 +713,6 @@ int tls12_do_accept(TLS_CONNECT *conn) const uint8_t *verify_data; size_t verify_data_len; - uint8_t *p; const uint8_t *cp; size_t len; diff --git a/src/tls13.c b/src/tls13.c index 6d445e1a..c33de356 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -101,8 +101,8 @@ int tls13_gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], aad[0] = TLS_record_application_data; aad[1] = 0x03; //TLS_protocol_tls12_major; aad[2] = 0x03; //TLS_protocol_tls12_minor; - aad[3] = clen >> 8; - aad[4] = clen; + aad[3] = (uint8_t)(clen >> 8); + aad[4] = (uint8_t)(clen); gmac = out + mlen; if (gcm_encrypt(key, nonce, sizeof(nonce), aad, sizeof(aad), mbuf, mlen, out, 16, gmac) != 1) { @@ -124,7 +124,6 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], uint8_t aad[5]; size_t mlen; const uint8_t *gmac; - size_t i; // nonce = (zeros|seq_num) xor (iv) nonce[0] = nonce[1] = nonce[2] = nonce[3] = 0; @@ -135,8 +134,8 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], aad[0] = TLS_record_application_data; aad[1] = 0x03; //TLS_protocol_tls12_major; aad[2] = 0x03; //TLS_protocol_tls12_minor; - aad[3] = inlen >> 8; - aad[4] = inlen; + aad[3] = (uint8_t)(inlen >> 8); + aad[4] = (uint8_t)(inlen); if (inlen < GHASH_SIZE) { error_print(); @@ -182,8 +181,8 @@ int tls13_record_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], enced_record[0] = TLS_record_application_data; // 显然这个不太对啊 enced_record[1] = 0x03; //TLS_protocol_tls12_major; enced_record[2] = 0x03; //TLS_protocol_tls12_minor; - enced_record[3] = (*enced_recordlen) >> 8; - enced_record[4] = (*enced_recordlen); + enced_record[3] = (uint8_t)((*enced_recordlen) >> 8); + enced_record[4] = (uint8_t)(*enced_recordlen); (*enced_recordlen) += 5; return 1; @@ -204,8 +203,8 @@ int tls13_record_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], record[0] = record_type; record[1] = 0x03; //TLS_protocol_tls12_major; record[2] = 0x03; //TLS_protocol_tls12_minor; - record[3] = (*recordlen) >> 8; - record[4] = (*recordlen); + record[3] = (uint8_t)((*recordlen) >> 8); + record[4] = (uint8_t)(*recordlen); (*recordlen) += 5; return 1; @@ -242,8 +241,8 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s record[0] = TLS_record_application_data; record[1] = TLS_protocol_tls12 >> 8; record[2] = TLS_protocol_tls12 & 0xff; - record[3] = recordlen >> 8; - record[4] = recordlen; + record[3] = (uint8_t)(recordlen >> 8); + record[4] = (uint8_t)(recordlen); recordlen += 5; tls_record_send(record, recordlen, conn->sock); @@ -412,7 +411,7 @@ int tls13_hkdf_expand_label(const DIGEST *digest, const uint8_t secret[32], uint8_t *p = hkdf_label; size_t hkdf_label_len = 0; - label_len = strlen("tls13 ") + strlen(label); + label_len = (uint8_t)(strlen("tls13 ") + strlen(label)); //FIXME: check length < 255 tls_uint16_to_bytes((uint16_t)outlen, &p, &hkdf_label_len); tls_uint8_to_bytes(label_len, &p, &hkdf_label_len); tls_array_to_bytes((uint8_t *)"tls13 ", strlen("tls13 "), &p, &hkdf_label_len); @@ -712,8 +711,6 @@ int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_P uint16_t ext_type; const uint8_t *ext_data; size_t ext_datalen; - const uint8_t *p; - size_t len; tls_uint16_from_bytes(&ext_type, &exts, &extslen); tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen); @@ -1498,8 +1495,6 @@ int tls13_do_connect(TLS_CONNECT *conn) const uint8_t *cert; size_t certlen; - uint8_t *p; - conn->is_client = 1; tls_record_set_protocol(enced_record, TLS_protocol_tls12); @@ -1937,7 +1932,6 @@ int tls13_do_accept(TLS_CONNECT *conn) const uint8_t *client_verify_data; size_t client_verify_data_len; - size_t i; uint8_t client_write_key[16]; uint8_t server_write_key[16]; @@ -1945,7 +1939,6 @@ int tls13_do_accept(TLS_CONNECT *conn) uint8_t zeros[32] = {0}; uint8_t psk[32] = {0}; uint8_t early_secret[32]; - uint8_t binder_key[32]; uint8_t handshake_secret[32]; uint8_t client_handshake_traffic_secret[32]; uint8_t server_handshake_traffic_secret[32]; diff --git a/src/tls_trace.c b/src/tls_trace.c index c9a95430..cc653362 100644 --- a/src/tls_trace.c +++ b/src/tls_trace.c @@ -588,7 +588,7 @@ int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo uint16_t cipher_suite; uint8_t comp_meth; const uint8_t *exts; - size_t session_id_len, cipher_suites_len, comp_meths_len, exts_len; + size_t session_id_len, exts_len; format_print(fp, format, indent, "ServerHello\n"); indent += 4; if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto bad;