diff --git a/CMakeLists.txt b/CMakeLists.txt index 79fda7fd..deeef99a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -90,6 +90,8 @@ set(broken_crypto_src src/rc4.c ) + + # FIXME: change this default to OFF option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" ON) @@ -116,6 +118,8 @@ else() target_link_libraries(gmssl dl) endif() + + SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3) set(tools @@ -238,3 +242,9 @@ if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS") INSTALL(TARGETS gmssl-bin RUNTIME DESTINATION bin) endif() +if (CMAKE_C_COMPILER_ID MATCHES "MSVC") + add_compile_definitions(_CRT_SECURE_NO_WARNINGS) + target_compile_options(gmssl PRIVATE /wd4996) + target_compile_options(gmssl-bin PRIVATE /wd4996) +# target_compile_options(gmssl PRIVATE /wd4996) +endif() \ No newline at end of file diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index bceb7b98..f9cb8a19 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -807,7 +807,11 @@ typedef struct { int tls_init(TLS_CONNECT *conn, const TLS_CTX *ctx); +#ifdef WIN32 +int tls_set_socket(TLS_CONNECT* conn, SOCKET sock); +#else int tls_set_socket(TLS_CONNECT *conn, int sock); +#endif int tls_do_handshake(TLS_CONNECT *conn); int tls_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentlen); int tls_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_t *recvlen); diff --git a/src/tls.c b/src/tls.c index 19e3ab56..3a31fa79 100644 --- a/src/tls.c +++ b/src/tls.c @@ -240,7 +240,7 @@ int tls_record_set_type(uint8_t *record, int type) error_print(); return -1; } - record[0] = type; + record[0] = (uint8_t)type; return 1; } @@ -250,8 +250,8 @@ int tls_record_set_protocol(uint8_t *record, int protocol) error_print(); return -1; } - record[1] = protocol >> 8; - record[2] = protocol; + record[1] = (uint8_t)(protocol >> 8); + record[2] = (uint8_t)(protocol); return 1; } @@ -313,7 +313,7 @@ int tls_cbc_encrypt(const SM3_HMAC_CTX *inited_hmac_ctx, const SM4_KEY *enc_key, padding = mac + 32; padding_len = 16 - rem - 1; for (i = 0; i <= padding_len; i++) { - padding[i] = padding_len; + padding[i] = (uint8_t)padding_len; } iv = out; @@ -514,8 +514,8 @@ int tls_pre_master_secret_generate(uint8_t pre_master_secret[48], int protocol) error_print(); return -1; } - pre_master_secret[0] = protocol >> 8; - pre_master_secret[1] = protocol; + pre_master_secret[0] = (uint8_t)(protocol >> 8); + pre_master_secret[1] = (uint8_t)(protocol); if (rand_bytes(pre_master_secret + 2, 46) != 1) { error_print(); return -1; @@ -560,8 +560,8 @@ int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key, return -1; } server_ecdh_params[0] = TLS_curve_type_named_curve; - server_ecdh_params[1] = curve >> 8; - server_ecdh_params[2] = curve; + server_ecdh_params[1] = (uint8_t)(curve >> 8); + server_ecdh_params[2] = (uint8_t)curve; server_ecdh_params[3] = 65; sm2_point_to_uncompressed_octets(point, server_ecdh_params + 4); @@ -589,8 +589,8 @@ int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key, return -1; } server_ecdh_params[0] = TLS_curve_type_named_curve; - server_ecdh_params[1] = curve >> 8; - server_ecdh_params[2] = curve; + server_ecdh_params[1] = (uint8_t)(curve >> 8); + server_ecdh_params[2] = (uint8_t)(curve); server_ecdh_params[3] = 65; sm2_point_to_uncompressed_octets(point, server_ecdh_params + 4); @@ -1648,11 +1648,9 @@ int tls_alert_level(int alert) return 0; case TLS_alert_user_canceled: case TLS_alert_no_renegotiation: - return TLS_alert_level_warning; - default: - return TLS_alert_level_fatal; + return TLS_alert_level_warning; } - return -1; + return TLS_alert_level_fatal; } int tls_send_warning(TLS_CONNECT *conn, int alert) @@ -1844,7 +1842,11 @@ int tls_authorities_from_certs(uint8_t *names, size_t *nameslen, size_t maxlen, error_print(); return -1; } - tls_uint16_to_bytes(alen, &names, nameslen); + if (alen > UINT16_MAX) { + error_print(); + return -1; + } + tls_uint16_to_bytes((uint16_t)alen, &names, nameslen); if (asn1_sequence_to_der(name, namelen, &names, nameslen) != 1) { error_print(); return -1; @@ -2289,12 +2291,15 @@ void tls_cleanup(TLS_CONNECT *conn) gmssl_secure_clear(conn, sizeof(TLS_CONNECT)); } - +#ifdef WIN32 +int tls_set_socket(TLS_CONNECT *conn, SOCKET sock) +#else int tls_set_socket(TLS_CONNECT *conn, int sock) +#endif { +#if 0 int opts; -#if 0 // FIXME: do we still need this? when using select? if ((opts = fcntl(sock, F_GETFL)) < 0) { error_print(); diff --git a/tests/cmstest.c b/tests/cmstest.c index 8bf34cb3..941d6321 100644 --- a/tests/cmstest.c +++ b/tests/cmstest.c @@ -1,4 +1,4 @@ -/* +/* * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may @@ -170,8 +170,6 @@ static int test_cms_enced_content_info_encrypt(void) int oid; int cipher; - const uint8_t *piv; - size_t ivlen; uint8_t data2[256]; const uint8_t *shared_info1; size_t shared_info1_len; @@ -564,7 +562,6 @@ static int test_cms_signed_data(void) uint8_t name[256]; size_t namelen = 0; time_t not_before, not_after; - uint8_t subject[256]; size_t subject_len = 0; uint8_t *p = cert; const uint8_t *cp = cert; @@ -742,13 +739,11 @@ int test_cms_enveloped_data(void) uint8_t name1[256]; size_t name1_len; uint8_t serial1[20]; - size_t serial1_len; SM2_KEY sm2_key2; uint8_t name2[256]; size_t name2_len; uint8_t serial2[20]; - size_t serial2_len; time_t not_before, not_after; @@ -882,30 +877,6 @@ int test_cms_enveloped_data(void) static int test_cms_signed_and_enveloped_data(void) { /* -444 int cms_signed_and_enveloped_data_encipher_to_der( -445 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, -446 const uint8_t *rcpt_certs, size_t rcpt_certs_len, -447 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, -448 int content_type, const uint8_t *content, size_t content_len, -449 const uint8_t *signers_crls, size_t signers_crls_len, -450 const uint8_t *shared_info1, size_t shared_info1_len, -451 const uint8_t *shared_info2, size_t shared_info2_len, -452 uint8_t **out, size_t *outlen); -453 int cms_signed_and_enveloped_data_decipher_from_der( -454 const SM2_KEY *rcpt_key, -455 const uint8_t *rcpt_issuer, size_t rcpt_issuer_len, -456 const uint8_t *rcpt_serial, size_t rcpt_serial_len, -457 int *content_type, uint8_t *content, size_t *content_len, -458 const uint8_t **prcpt_infos, size_t *prcpt_infos_len, -459 const uint8_t **shared_info1, size_t *shared_info1_len, -460 const uint8_t **shared_info2, size_t *shared_info2_len, -461 const uint8_t **certs, size_t *certs_len, -462 const uint8_t **crls, size_t *crls_len, -463 const uint8_t **psigner_infos, size_t *psigner_infos_len, -464 const uint8_t *extra_certs, size_t extra_certs_len, -465 const uint8_t *extra_crls, size_t extra_crls_len, -466 const uint8_t **in, size_t *inlen); -*/ SM2_KEY sign_key; SM2_KEY decr_key; @@ -914,14 +885,7 @@ static int test_cms_signed_and_enveloped_data(void) uint8_t sign_serial[20]; uint8_t sign_name[256]; size_t sign_name_len; - - - - - - - - +*/ printf("%s() ok\n", __FUNCTION__); return 1; diff --git a/tests/md5test.c b/tests/md5test.c index ca7fba2a..3e72dfe7 100644 --- a/tests/md5test.c +++ b/tests/md5test.c @@ -40,7 +40,6 @@ static char *dgsthex[] = { int main(int argc, char **argv) { int err = 0; - char *p; uint8_t dgst[16]; uint8_t dgstbuf[16]; size_t dgstbuflen; @@ -61,7 +60,7 @@ int main(int argc, char **argv) printf(" digest(error) = %s\n", dgsthex[i]); err++; } else { - printf("md5 test %lu ok\n", i+1); + printf("md5 test %zu ok\n", i+1); } } diff --git a/tests/sha1test.c b/tests/sha1test.c index a9953de8..9043a083 100644 --- a/tests/sha1test.c +++ b/tests/sha1test.c @@ -56,7 +56,7 @@ int main(void) sha1_finish(&ctx, dgst); if (memcmp(dgstbuf, dgst, sizeof(dgst)) != 0) { - printf("sha1 test %lu failed\n", i+1); + printf("sha1 test %zu failed\n", i+1); printf("%s\n", dgsthex[i]); for (j = 0; j < sizeof(dgst); j++) { printf("%02X", dgst[j]); @@ -64,7 +64,7 @@ int main(void) printf("\n"); err++; } else { - printf("sha1 test %lu ok\n", i+1); + printf("sha1 test %zu ok\n", i+1); } } diff --git a/tests/tlstest.c b/tests/tlstest.c index 36c36fc6..a374ae57 100644 --- a/tests/tlstest.c +++ b/tests/tlstest.c @@ -171,7 +171,6 @@ static int test_tls_server_hello(void) static int test_tls_certificate(void) { - uint8_t record[1024]; size_t recordlen = 0; FILE *fp = NULL; diff --git a/tests/x509_exttest.c b/tests/x509_exttest.c index d0405b77..b24e4af2 100644 --- a/tests/x509_exttest.c +++ b/tests/x509_exttest.c @@ -681,7 +681,6 @@ static int test_x509_ext_key_usage(void) }; int oids[16] = {0}; size_t oids_cnt; - int i; if (x509_ext_key_usage_to_der(kp, sizeof(kp)/sizeof(int), &p, &len) != 1 || asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1 diff --git a/tests/x509_reqtest.c b/tests/x509_reqtest.c index be9edf77..5ff045da 100644 --- a/tests/x509_reqtest.c +++ b/tests/x509_reqtest.c @@ -134,17 +134,9 @@ static int test_x509_req(void) uint8_t subject[256]; size_t subject_len; SM2_KEY sm2_key; - uint8_t req[512]; size_t reqlen = 0; - int version; - const uint8_t *subj; - size_t subj_len; - SM2_KEY pub_key; - const uint8_t *attrs; - size_t attrs_len; - if (sm2_key_generate(&sm2_key) != 1 || x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1 || x509_req_sign(req, &reqlen, sizeof(req), diff --git a/tests/x509test.c b/tests/x509test.c index ac586bee..17ccb9f7 100644 --- a/tests/x509test.c +++ b/tests/x509test.c @@ -32,7 +32,7 @@ static int test_x509_version(void) uint8_t *p = buf; const uint8_t *cp = buf; size_t len = 0; - size_t i; + int i; format_print(stderr, 0, 0, "Version\n"); for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { @@ -65,7 +65,6 @@ static int test_x509_validity(void) uint8_t *p = buf; const uint8_t *cp = buf; size_t len = 0; - size_t i; time(¬_before); @@ -239,7 +238,6 @@ static int set_x509_name(uint8_t *name, size_t *namelen, size_t maxlen) static int test_x509_tbs_cert(void) { uint8_t serial[20] = { 0x01, 0x00 }; - size_t serial_len; uint8_t issuer[256]; size_t issuer_len = 0; time_t not_before, not_after; @@ -311,7 +309,6 @@ static int test_x509_cert_get(const uint8_t *cert, size_t certlen) static int test_x509_cert(void) { uint8_t serial[20] = { 0x01, 0x00 }; - size_t serial_len; uint8_t issuer[256]; size_t issuer_len = 0; time_t not_before, not_after; diff --git a/tools/cmssign.c b/tools/cmssign.c index 5447a16c..faf727dd 100644 --- a/tools/cmssign.c +++ b/tools/cmssign.c @@ -55,7 +55,6 @@ int cmssign_main(int argc, char **argv) uint8_t *cms = NULL; size_t cmslen, cms_maxlen; CMS_CERTS_AND_KEY cert_and_key; - int content_type; argc--; argv++; diff --git a/tools/sdfutil.c b/tools/sdfutil.c index 5b8f1492..45b67e7b 100644 --- a/tools/sdfutil.c +++ b/tools/sdfutil.c @@ -50,8 +50,7 @@ int sdfutil_main(int argc, char **argv) FILE *infp = stdin; FILE *outfp = stdout; unsigned char buf[4096]; - unsigned int ulen; - int len; + size_t len; SDF_DEVICE dev; SDF_KEY key; int dev_opened = 0; diff --git a/tools/skfutil.c b/tools/skfutil.c index 9a8ec59d..43a39f5d 100644 --- a/tools/skfutil.c +++ b/tools/skfutil.c @@ -55,8 +55,7 @@ int skfutil_main(int argc, char **argv) FILE *infp = stdin; FILE *outfp = stdout; unsigned char buf[4096]; - unsigned int ulen; - int len; + size_t len; uint8_t authkey[16]; size_t authkeylen;