diff --git a/CMakeLists.txt b/CMakeLists.txt index fdaa2f134..2ab2e01eb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -179,6 +179,9 @@ if(CMAKE_COMPILER_IS_GNU) execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings") + if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") + endif() if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla") endif() @@ -194,6 +197,9 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() endif() + if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2") + endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") @@ -204,7 +210,7 @@ if(CMAKE_COMPILER_IS_GNU) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt new file mode 100644 index 000000000..4867721bf --- /dev/null +++ b/ChangeLog.d/fix-printf-specifiers.txt @@ -0,0 +1,10 @@ +Bugfix + * Add printf function attributes to mbedtls_debug_print_msg to ensure we + get printf format specifier warnings. +Changes + * Add extra printf compiler warning flags to builds. +Requirement changes + * The library now uses the %zu format specifier with the printf() family of + functions, so requires a toolchain that supports it. This change does not + affect the maintained LTS branches, so when contributing changes please + bear this in mind and do not add them to backported code. diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index ab5b03703..dd20ba087 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -80,6 +80,50 @@ #endif /* MBEDTLS_DEBUG_C */ +/** + * \def MBEDTLS_PRINTF_ATTRIBUTE + * + * Mark a function as having printf attributes, and thus enable checking + * via -wFormat and other flags. This does nothing on builds with compilers + * that do not support the format attribute + * + * Module: library/debug.c + * Caller: + * + * This module provides debugging functions. + */ +#if defined(__has_attribute) +#if __has_attribute(format) +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ + __attribute__((format (printf, string_index, first_to_check))) +#else /* __has_attribute(format) */ +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) +#endif /* __has_attribute(format) */ +#else /* defined(__has_attribute) */ +#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) +#endif + +/** + * \def MBEDTLS_PRINTF_SIZET + * + * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers + * and MinGW we need to define the printf specifier for size_t + * and long long per platform. + * + * Module: library/debug.c + * Caller: + * + * This module provides debugging functions. + */ +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) + #include + #define MBEDTLS_PRINTF_SIZET PRIuPTR + #define MBEDTLS_PRINTF_LONGLONG "I64d" +#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + #define MBEDTLS_PRINTF_SIZET "zu" + #define MBEDTLS_PRINTF_LONGLONG "lld" +#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + #ifdef __cplusplus extern "C" { #endif @@ -118,7 +162,7 @@ void mbedtls_debug_set_threshold( int threshold ); */ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, const char *file, int line, - const char *format, ... ); + const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); /** * \brief Print the return value of a function to the debug output. This diff --git a/library/Makefile b/library/Makefile index 903dc0df0..6bb9c1781 100644 --- a/library/Makefile +++ b/library/Makefile @@ -2,7 +2,7 @@ # Also see "include/mbedtls/config.h" CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= # Include ../include for public headers and . for private headers. diff --git a/library/debug.c b/library/debug.c index c3384be35..e91d1ad1d 100644 --- a/library/debug.c +++ b/library/debug.c @@ -74,6 +74,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, #endif } +MBEDTLS_PRINTF_ATTRIBUTE(5, 6) void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *format, ... ) diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 2fbff20ef..7798da615 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -47,7 +47,7 @@ #define PSA_ITS_STORAGE_PREFIX "" #endif -#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx" +#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x" #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \ @@ -87,8 +87,8 @@ static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename ) mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH, "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s", PSA_ITS_STORAGE_PREFIX, - (unsigned long) ( uid >> 32 ), - (unsigned long) ( uid & 0xffffffff ), + (unsigned) ( uid >> 32 ), + (unsigned) ( uid & 0xffffffff ), PSA_ITS_STORAGE_SUFFIX ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a8331d9bb..55a8e6134 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sending session ticket of length %d", tlen ) ); + ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); @@ -905,7 +905,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -1114,7 +1115,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) for( i = 0; i < n; i++ ) *p++ = ssl->session_negotiate->id[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); /* @@ -1182,7 +1183,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", - ciphersuites[i], ciphersuite_info->name ) ); + (unsigned int)ciphersuites[i], ciphersuite_info->name ) ); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1197,7 +1198,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1420,7 +1421,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* olen unused if all extensions are disabled */ ((void) olen); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); if( ext_len > 0 ) @@ -2167,10 +2168,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (uint32_t) buf[2] << 24 ) | - ( (uint32_t) buf[3] << 16 ) | - ( (uint32_t) buf[4] << 8 ) | - ( (uint32_t) buf[5] ) ) ); + ( (unsigned long) buf[2] << 24 ) | + ( (unsigned long) buf[3] << 16 ) | + ( (unsigned long) buf[4] << 8 ) | + ( (unsigned long) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -2253,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "ciphersuite info for %04x not found", i ) ); + ( "ciphersuite info for %04x not found", (unsigned int)i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2261,7 +2262,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); /* @@ -2304,7 +2305,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); @@ -2373,7 +2374,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ext = buf + 40 + n; MBEDTLS_SSL_DEBUG_MSG( 2, - ( "server hello, total extension length: %d", ext_len ) ); + ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); while( ext_len ) { @@ -2537,7 +2538,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) default: MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %d (ignoring)", ext_id ) ); + ( "unknown extension found: %u (ignoring)", ext_id ) ); } ext_len -= 4 + ext_size; @@ -2628,7 +2629,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", ssl->handshake->dhm_ctx.len * 8, ssl->conf->dhm_min_bitlen ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); @@ -4347,7 +4348,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) ); /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 72f09bb42..54a7be011 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -283,8 +283,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) } ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", - ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout ) ); return( 0 ); } @@ -292,8 +292,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) { ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", - ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout ) ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -623,9 +623,10 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d", - (unsigned) rec->data_len, - MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET + " too large, maximum %" MBEDTLS_PRINTF_SIZET, + rec->data_len, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -764,7 +765,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", rec->data_len, 0 ) ); @@ -842,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including 0 bytes of padding", rec->data_len ) ); @@ -945,8 +946,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " - "including %d bytes of IV and %d bytes of padding", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %" MBEDTLS_PRINTF_SIZET + " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", rec->data_len, transform->ivlen, padlen + 1 ) ); @@ -1366,7 +1368,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, { if( rec->data_len < dynamic_iv_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", rec->data_len, dynamic_iv_len ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1385,7 +1388,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* Check that there's space for the authentication tag. */ if( rec->data_len < transform->taglen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", rec->data_len, transform->taglen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -1488,7 +1492,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( rec->data_len < minlen + transform->ivlen || rec->data_len < minlen + transform->maclen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET + "), maclen (%" MBEDTLS_PRINTF_SIZET ") " "+ 1 ) ( + expl IV )", rec->data_len, transform->ivlen, transform->maclen ) ); @@ -1554,7 +1560,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ if( rec->data_len % transform->ivlen != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", rec->data_len, transform->ivlen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } @@ -1624,7 +1631,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DEBUG_ALL) if( rec->data_len < transform->maclen + padlen + 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET + ") < maclen (%" MBEDTLS_PRINTF_SIZET + ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", rec->data_len, transform->maclen, padlen + 1 ) ); @@ -1653,8 +1662,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " - "should be no more than %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " + "should be no more than %" MBEDTLS_PRINTF_SIZET, padlen, transform->ivlen ) ); #endif correct = 0; @@ -1890,7 +1899,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->out_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", @@ -1911,7 +1920,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) ssl->out_msglen = out_buf_len - ssl->transform_out->ctx_deflate.avail_out - bytes_written; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->out_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", @@ -1942,7 +1951,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) memcpy( msg_pre, ssl->in_msg, len_pre ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", @@ -1963,7 +1972,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->in_msglen = in_buf_len - ssl->transform_in->ctx_inflate.avail_out - header_bytes; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", ssl->in_msglen ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", @@ -2042,7 +2051,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->in_left != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %" + MBEDTLS_PRINTF_SIZET, ssl->next_record_offset ) ); memmove( ssl->in_hdr, ssl->in_hdr + ssl->next_record_offset, @@ -2052,7 +2062,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) ssl->next_record_offset = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); /* @@ -2094,7 +2105,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else timeout = ssl->conf->read_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) ); if( ssl->f_recv_timeout != NULL ) ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, @@ -2153,7 +2164,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else #endif { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); while( ssl->in_left < nb_want ) @@ -2177,7 +2189,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, ssl->in_left, nb_want ) ); MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); @@ -2190,8 +2203,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %lu were requested", - ret, (unsigned long)len ) ); + ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", + ret, len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2230,7 +2243,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) while( ssl->out_left > 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET + ", out_left: %" MBEDTLS_PRINTF_SIZET, mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); buf = ssl->out_hdr - ssl->out_left; @@ -2244,8 +2258,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %lu bytes were sent", - ret, (unsigned long)ssl->out_left ) ); + ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", + ret, ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2286,14 +2300,15 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) /* Allocate space for current message */ if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", sizeof( mbedtls_ssl_flight_item ) ) ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + ssl->out_msglen ) ); mbedtls_free( msg ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } @@ -2699,9 +2714,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " - "size %u, maximum %u", - (unsigned) ssl->out_msglen, - (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + "size %" MBEDTLS_PRINTF_SIZET + ", maximum %" MBEDTLS_PRINTF_SIZET, + ssl->out_msglen, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2728,9 +2744,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " - "size %u, maximum %u", - (unsigned) ( hs_len ), - (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); + "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, + hs_len, + (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2922,8 +2938,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Now write the potentially updated record content type. */ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " - "version = [%d:%d], msglen = %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, " + "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) ); @@ -3119,7 +3135,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -3127,7 +3143,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %d, type = %d, hslen = %d", + " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -3163,7 +3179,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " - "message_seq = %d, start_of_flight = %d", + "message_seq = %u, start_of_flight = %u", recv_msg_seq, ssl->handshake->in_flight_start_seq ) ); @@ -3176,7 +3192,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) else { MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " - "message_seq = %d, expected = %d", + "message_seq = %u, expected = %u", recv_msg_seq, ssl->handshake->in_msg_seq ) ); } @@ -3746,8 +3762,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " - "version = [%d:%d], msglen = %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " + "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, rec->type, major_ver, minor_ver, rec->data_len ) ); @@ -3790,8 +3806,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, if( rec_epoch != ssl->in_epoch ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " - "expected %d, received %d", - ssl->in_epoch, rec_epoch ) ); + "expected %u, received %lu", + ssl->in_epoch, (unsigned long) rec_epoch ) ); /* Records from the next epoch are considered for buffering * (concretely: early Finished messages). */ @@ -4325,31 +4341,41 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", - (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n", - (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- attempt to make space by freeing buffered future messages\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); } if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n", - (unsigned) msg_len, - (unsigned) reassembly_buf_sz, - MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET + " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed" + " the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- fail\n", + msg_len, + reassembly_buf_sz, + (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; goto exit; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET, msg_len ) ); hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); @@ -4395,7 +4421,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) frag_off = ssl_get_hs_frag_off( ssl ); frag_len = ssl_get_hs_frag_len( ssl ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET + ", length = %" MBEDTLS_PRINTF_SIZET, frag_off, frag_len ) ); memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); @@ -4622,15 +4649,18 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - hs->buffering.total_bytes_buffered ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", - (unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, - (unsigned) hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered ) ); return( 0 ); } /* Buffer record */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", - ssl->in_epoch + 1 ) ); + ssl->in_epoch + 1U ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len ); /* ssl_parse_record_header() only considers records @@ -4903,7 +4933,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) { if( ssl->in_msglen != 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } @@ -4939,12 +4969,12 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) /* Note: Standard allows for more than one 2 byte alert to be packed in a single message, but Mbed TLS doesn't currently support this. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", + MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]", ssl->in_msg[0], ssl->in_msg[1] ) ); /* @@ -5771,7 +5801,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " - "maximum fragment length: %d > %d", + "maximum fragment length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, len, max_len ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e33b828ad..807fb187b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -298,13 +298,13 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " match sig %d and hash %d", - sig_cur, md_cur ) ); + " match sig %u and hash %u", + (unsigned) sig_cur, (unsigned) md_cur ) ); } else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %d not supported", md_cur ) ); + "hash alg %u not supported", (unsigned) md_cur ) ); } } @@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) ); if( len == 0 ) return( 0 ); @@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", - suite_id, suite_info->name ) ); + (unsigned int) suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || suite_info->max_minor_ver < ssl->minor_ver ) @@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %d", sig_type ) ); + "for signature algorithm %u", (unsigned) sig_type ) ); return( 0 ); } } @@ -1247,7 +1247,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) sess_len = ( buf[2] << 8 ) | buf[3]; chal_len = ( buf[4] << 8 ) | buf[5]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u", ciph_len, sess_len, chal_len ) ); /* @@ -1629,7 +1629,7 @@ read_record_header: if( cli_msg_seq != ssl->handshake->in_msg_seq ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: " - "%d (expected %d)", cli_msg_seq, + "%u (expected %u)", cli_msg_seq, ssl->handshake->in_msg_seq ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } @@ -2073,7 +2073,7 @@ read_record_header: #endif /* MBEDTLS_SSL_DTLS_SRTP */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)", ext_id ) ); } @@ -2274,7 +2274,7 @@ have_ciphersuite: else { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm " - "%d - should not happen", sig_alg ) ); + "%u - should not happen", (unsigned) sig_alg ) ); } } #endif @@ -2826,7 +2826,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( t >> 8 ); *p++ = (unsigned char)( t ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t ) ); #else if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); @@ -2914,7 +2915,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); p += ssl->session_negotiate->id_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", ssl->handshake->resume ? "a" : "no" ) ); @@ -2926,7 +2927,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", - ssl->session_negotiate->compression ) ); + (unsigned int) ssl->session_negotiate->compression ) ); /* Do not write the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -2995,7 +2996,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len ) ); if( ext_len > 0 ) { @@ -3502,7 +3504,7 @@ curve_matching_done: md_alg = MBEDTLS_MD_NONE; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); /* * 2.2: Compute the hash to be signed diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 336cbea37..e367fbd9c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -283,7 +283,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, + in_buf_new_len ) ); modified = 1; } } @@ -304,7 +305,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } else { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, + out_buf_new_len ) ); modified = 1; } } @@ -961,7 +963,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); if( cipher_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", ciphersuite_info->cipher ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -969,8 +971,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); if( md_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", - ciphersuite_info->mac ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", + (unsigned) ciphersuite_info->mac ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2215,8 +2217,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) n = crt->raw.len; if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", - i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } @@ -2707,8 +2710,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_DEBUG_C) if( ssl->session_negotiate->verify_result != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x", - ssl->session_negotiate->verify_result ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", + (unsigned int) ssl->session_negotiate->verify_result ) ); } else { @@ -2831,7 +2834,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); if( chain == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", sizeof( mbedtls_x509_crt ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -3858,7 +3861,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->in_buf = mbedtls_calloc( 1, in_buf_len ); if( ssl->in_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } @@ -3869,7 +3872,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, ssl->out_buf = mbedtls_calloc( 1, out_buf_len ); if( ssl->out_buf == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } diff --git a/programs/Makefile b/programs/Makefile index e0a324f1e..90338755b 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -3,8 +3,8 @@ # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -WARNING_CXXFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= MBEDTLS_TEST_PATH:=../tests/src diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d0758bcf4..393798138 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1667,7 +1667,7 @@ int main( int argc, char *argv[] ) PSA_ALG_SHA_256 ) ) != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); goto exit; } } diff --git a/tests/Makefile b/tests/Makefile index d11d90441..d250d717a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -3,7 +3,7 @@ # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= # Include public header files from ../include, test-specific header files diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 330846a02..fb9ce0703 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -16,6 +16,7 @@ #define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_FILENAME_LENGTH \ ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \ + 16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \ sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/ )