summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2018-08-07 09:52:55 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-08-08 15:03:28 +0200
commit125aab3c0ac4b7e6eadfd6974fb877fd874a358d (patch)
tree36684d871d6dd7182d5bf4b9921d1e14cc8507b7
parentfa122d8149f1058e135bdcb31a7306a70093352d (diff)
downloadgnutls-125aab3c0ac4b7e6eadfd6974fb877fd874a358d.tar.gz
use a consistent method to mark fall-through in switch cases
Also document that method in contribution guide. Resolves #306 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r--CONTRIBUTING.md41
-rw-r--r--lib/accelerated/x86/sha-padlock.c4
-rw-r--r--lib/ext/heartbeat.c4
-rw-r--r--lib/handshake-tls13.c60
-rw-r--r--lib/handshake.c78
-rw-r--r--lib/nettle/pk.c4
-rw-r--r--lib/pkcs11.c3
-rw-r--r--lib/pubkey.c2
-rw-r--r--lib/record.c9
-rw-r--r--lib/tls13/post_handshake.c18
-rw-r--r--lib/x509/pkcs12.c2
-rw-r--r--lib/x509/x509.c4
-rw-r--r--tests/tls13/key_update.c6
-rw-r--r--tests/utils.h8
14 files changed, 144 insertions, 99 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e95f849b11..c5a02c61a6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -140,8 +140,14 @@ The gnutls functions accept parameters in the order:
1. Input parameters
2. Output parameters
-When data and size is expected, a gnutls_datum structure should be
-used (or more precisely a pointer to the structure).
+When data and size are expected as input, a const gnutls_datum_t structure
+should be used (or more precisely a pointer to the structure).
+
+When data pointer and size are to be returned as output, a gnutls_datum_t
+structure should be used.
+
+When output is to be copied to caller an array of fixed data should be
+provided.
# Callback function parameters:
@@ -227,6 +233,37 @@ from entering the library (gnulib networking re-implements the windows
network stack and causes issues to gnutls applications running on windows).
+# Compiler warnings
+
+The compiler prints warnings for several reasons; these warnings are
+also not constant in time, different versions of the same compiler may
+warn about different issues.
+
+In GnuTLS we enable as many as possible warnings available in the compiler
+via configure.ac. On certain cases however we silence or disable warnings
+and the following subsections go case by case.
+
+## Switch unintended fall-through warnings
+
+These we silence by using the macro FALLTHROUGH under a switch
+statement which intentionally falls through. Example:
+```
+switch (session->internals.recv_state) {
+ case RECV_STATE_DTLS_RETRANSMIT:
+ ret = _dtls_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.recv_state = RECV_STATE_0;
+ FALLTHROUGH;
+ case RECV_STATE_0:
+
+ _dtls_async_timer_check(session);
+ return 1;
+}
+```
+
+
# Symbol and library versioning
The library uses the libtool versioning system, which in turn
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
index 41602832a0..48e21125a4 100644
--- a/lib/accelerated/x86/sha-padlock.c
+++ b/lib/accelerated/x86/sha-padlock.c
@@ -120,10 +120,10 @@ _nettle_write_be32(unsigned length, uint8_t * dst, uint32_t * src)
abort();
case 3:
dst[--j] = (word >> 8) & 0xff;
- /* Fall through */
+ FALLTHROUGH;
case 2:
dst[--j] = (word >> 16) & 0xff;
- /* Fall through */
+ FALLTHROUGH;
case 1:
dst[--j] = (word >> 24) & 0xff;
}
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index 13b7cf2e84..1b970fbc46 100644
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -206,7 +206,7 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
session->internals.hb_local_data.length = data_size;
session->internals.hb_state = SHB_SEND2;
- /* fallthrough */
+ FALLTHROUGH;
case SHB_SEND2:
session->internals.hb_actual_retrans_timeout_ms =
session->internals.hb_retrans_timeout_ms;
@@ -228,7 +228,7 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
}
session->internals.hb_state = SHB_RECV;
- /* fallthrough */
+ FALLTHROUGH;
case SHB_RECV:
ret =
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index a8666186c7..06c7c01d29 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -88,33 +88,33 @@ int _gnutls13_handshake_client(gnutls_session_t session)
STATE = STATE100;
IMED_RET("send change cipher spec", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE101:
ret =
generate_and_set_hs_traffic_keys(session);
STATE = STATE101;
IMED_RET_FATAL("generate session keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE102:
ret = _gnutls13_recv_encrypted_extensions(session);
STATE = STATE102;
IMED_RET("recv encrypted extensions", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE103:
ret = _gnutls13_recv_certificate_request(session);
STATE = STATE103;
IMED_RET("recv certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE104:
ret = _gnutls13_recv_certificate(session);
STATE = STATE104;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE105:
ret = _gnutls13_recv_certificate_verify(session);
STATE = STATE105;
IMED_RET("recv server certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE106:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE106;
@@ -125,22 +125,22 @@ int _gnutls13_handshake_client(gnutls_session_t session)
ret = _gnutls13_recv_finished(session);
STATE = STATE107;
IMED_RET("recv finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE108:
ret = _gnutls13_send_certificate(session, AGAIN(STATE108));
STATE = STATE108;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE109:
ret = _gnutls13_send_certificate_verify(session, AGAIN(STATE109));
STATE = STATE109;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE110:
ret = _gnutls13_send_finished(session, AGAIN(STATE110));
STATE = STATE110;
IMED_RET("send finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE111:
STATE = STATE111;
@@ -333,19 +333,19 @@ int _gnutls13_handshake_server(gnutls_session_t session)
ret = _gnutls13_handshake_hash_buffers_synth(session, session->security_parameters.prf, 0);
STATE = STATE90;
IMED_RET_FATAL("reset handshake buffers", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE91:
ret = _gnutls13_send_hello_retry_request(session, AGAIN(STATE91));
STATE = STATE91;
IMED_RET("send hello retry request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE92:
#ifdef TLS13_APPENDIX_D4
ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE92));
STATE = STATE92;
IMED_RET("send change cipher spec", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE93:
ret =
_gnutls_recv_handshake(session,
@@ -361,12 +361,12 @@ int _gnutls13_handshake_server(gnutls_session_t session)
}
IMED_RET("recv client hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE94:
ret = _gnutls_send_server_hello(session, AGAIN(STATE94));
STATE = STATE94;
IMED_RET("send hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE99:
case STATE100:
#ifdef TLS13_APPENDIX_D4
@@ -378,38 +378,38 @@ int _gnutls13_handshake_server(gnutls_session_t session)
IMED_RET("send change cipher spec", ret, 0);
}
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE101:
ret =
generate_and_set_hs_traffic_keys(session);
STATE = STATE101;
IMED_RET_FATAL("generate session keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE102:
ret = _gnutls13_send_encrypted_extensions(session, AGAIN(STATE102));
STATE = STATE102;
IMED_RET("send encrypted extensions", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE103:
ret = _gnutls13_send_certificate_request(session, AGAIN(STATE103));
STATE = STATE103;
IMED_RET("send certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE104:
ret = _gnutls13_send_certificate(session, AGAIN(STATE104));
STATE = STATE104;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE105:
ret = _gnutls13_send_certificate_verify(session, AGAIN(STATE105));
STATE = STATE105;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE106:
ret = _gnutls13_send_finished(session, AGAIN(STATE106));
STATE = STATE106;
IMED_RET("send finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE107:
/* At this point our sending keys should be the app keys
* see 4.4.4 at draft-ietf-tls-tls13-28 */
@@ -434,7 +434,7 @@ int _gnutls13_handshake_server(gnutls_session_t session)
_gnutls_handshake_log("HSK[%p]: switching early to application traffic keys\n", session);
- /* fall through */
+ FALLTHROUGH;
case STATE108:
if (session->internals.resumed != RESUME_FALSE)
_gnutls_set_resumed_parameters(session);
@@ -458,28 +458,28 @@ int _gnutls13_handshake_server(gnutls_session_t session)
return 0;
}
}
- /* fall through */
+ FALLTHROUGH;
case STATE109:
ret = _gnutls13_recv_certificate(session);
STATE = STATE109;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE110:
ret = _gnutls13_recv_certificate_verify(session);
STATE = STATE110;
IMED_RET("recv certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE111:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE111;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case STATE112: /* can enter from STATE108 */
ret = _gnutls13_recv_finished(session);
STATE = STATE112;
IMED_RET("recv finished", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE113:
/* If we did request a client certificate, then we can
* only send the tickets here */
@@ -493,7 +493,7 @@ int _gnutls13_handshake_server(gnutls_session_t session)
ret = _tls13_read_connection_state_init(session, STAGE_APP);
IMED_RET_FATAL("set read app keys", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE114:
if (!(session->internals.hsk_flags & (HSK_TLS13_TICKET_SENT|HSK_EARLY_START_USED))) {
ret = _gnutls13_send_session_ticket(session, TICKETS_TO_SEND,
@@ -677,7 +677,7 @@ int gnutls_session_ticket_send(gnutls_session_t session, unsigned nr, unsigned f
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case TICKET_STATE1:
ret =
_gnutls13_send_session_ticket(session, nr, TICKET_STATE==TICKET_STATE1?1:0);
diff --git a/lib/handshake.c b/lib/handshake.c
index 2c7524016e..99967a2ffd 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2806,7 +2806,7 @@ static int handshake_client(gnutls_session_t session)
ret = send_client_hello(session, AGAIN(STATE1));
STATE = STATE1;
IMED_RET("send hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE2:
if (IS_DTLS(session)) {
ret =
@@ -2833,7 +2833,7 @@ static int handshake_client(gnutls_session_t session)
return 1;
}
}
- /* fall through */
+ FALLTHROUGH;
case STATE3:
/* receive the server hello */
ret =
@@ -2842,7 +2842,7 @@ static int handshake_client(gnutls_session_t session)
0, NULL);
STATE = STATE3;
IMED_RET("recv hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE4:
ver = get_version(session);
if (ver->tls13_sem) { /* TLS 1.3 state machine */
@@ -2853,21 +2853,21 @@ static int handshake_client(gnutls_session_t session)
ret = _gnutls_ext_sr_verify(session);
STATE = STATE4;
IMED_RET_FATAL("recv hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE5:
if (session->security_parameters.do_recv_supplemental) {
ret = _gnutls_recv_supplemental(session);
STATE = STATE5;
IMED_RET("recv supplemental", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE6:
/* RECV CERTIFICATE */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_server_certificate(session);
STATE = STATE6;
IMED_RET("recv server certificate", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE7:
#ifdef ENABLE_OCSP
/* RECV CERTIFICATE STATUS */
@@ -2878,7 +2878,7 @@ static int handshake_client(gnutls_session_t session)
STATE = STATE7;
IMED_RET("recv server certificate", ret, 1);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE8:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE8;
@@ -2892,7 +2892,7 @@ static int handshake_client(gnutls_session_t session)
ret = _gnutls_recv_server_kx_message(session);
STATE = STATE9;
IMED_RET("recv server kx message", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE10:
/* receive the server certificate request - if any
*/
@@ -2902,7 +2902,7 @@ static int handshake_client(gnutls_session_t session)
STATE = STATE10;
IMED_RET("recv server certificate request message", ret,
1);
- /* fall through */
+ FALLTHROUGH;
case STATE11:
/* receive the server hello done */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
@@ -2912,7 +2912,7 @@ static int handshake_client(gnutls_session_t session)
0, NULL);
STATE = STATE11;
IMED_RET("recv server hello done", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE12:
if (session->security_parameters.do_send_supplemental) {
ret =
@@ -2921,7 +2921,7 @@ static int handshake_client(gnutls_session_t session)
STATE = STATE12;
IMED_RET("send supplemental", ret, 0);
}
- /* fall through */
+ FALLTHROUGH;
case STATE13:
/* send our certificate - if any and if requested
*/
@@ -2932,7 +2932,7 @@ static int handshake_client(gnutls_session_t session)
(STATE13));
STATE = STATE13;
IMED_RET("send client certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE14:
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret =
@@ -2940,7 +2940,7 @@ static int handshake_client(gnutls_session_t session)
AGAIN(STATE14));
STATE = STATE14;
IMED_RET("send client kx", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE15:
/* send client certificate verify */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
@@ -2950,7 +2950,7 @@ static int handshake_client(gnutls_session_t session)
(STATE15));
STATE = STATE15;
IMED_RET("send client certificate verify", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE16:
STATE = STATE16;
if (session->internals.resumed == RESUME_FALSE) {
@@ -2961,7 +2961,7 @@ static int handshake_client(gnutls_session_t session)
IMED_RET("recv handshake new session ticket", ret,
1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE17:
STATE = STATE17;
if (session->internals.resumed == RESUME_FALSE && (session->internals.flags & GNUTLS_ENABLE_FALSE_START) && can_send_false_start(session)) {
@@ -2975,7 +2975,7 @@ static int handshake_client(gnutls_session_t session)
return 0;
}
- /* fall through */
+ FALLTHROUGH;
case STATE18:
STATE = STATE18;
@@ -2987,7 +2987,7 @@ static int handshake_client(gnutls_session_t session)
ret = recv_handshake_final(session, TRUE);
IMED_RET("recv handshake final", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE19:
STATE = STATE19;
if (session->internals.resumed == RESUME_FALSE) {
@@ -2999,7 +2999,7 @@ static int handshake_client(gnutls_session_t session)
}
STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
@@ -3117,7 +3117,7 @@ static int send_handshake_final(gnutls_session_t session, int init)
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case STATE2:
/* send the finished message */
ret = _gnutls_send_finished(session, FAGAIN(STATE2));
@@ -3128,7 +3128,7 @@ static int send_handshake_final(gnutls_session_t session, int init)
}
FINAL_STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
@@ -3201,7 +3201,7 @@ static int recv_handshake_final(gnutls_session_t session, int init)
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case STATE31:
FINAL_STATE = STATE31;
@@ -3219,7 +3219,7 @@ static int recv_handshake_final(gnutls_session_t session, int init)
return ret;
}
FINAL_STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
@@ -3265,13 +3265,13 @@ static int handshake_server(gnutls_session_t session)
}
IMED_RET("recv hello", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE2:
ret = _gnutls_ext_sr_verify(session);
STATE = STATE2;
IMED_RET_FATAL("recv hello", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE3:
ret = _gnutls_send_server_hello(session, AGAIN(STATE3));
STATE = STATE3;
@@ -3283,7 +3283,7 @@ static int handshake_server(gnutls_session_t session)
goto reset;
}
- /* fall through */
+ FALLTHROUGH;
case STATE4:
if (session->security_parameters.do_send_supplemental) {
ret =
@@ -3293,7 +3293,7 @@ static int handshake_server(gnutls_session_t session)
IMED_RET("send supplemental data", ret, 0);
}
/* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
- /* fall through */
+ FALLTHROUGH;
case STATE5:
/* NOTE: these should not be send if we are resuming */
@@ -3303,7 +3303,7 @@ static int handshake_server(gnutls_session_t session)
AGAIN(STATE5));
STATE = STATE5;
IMED_RET("send server certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE6:
#ifdef ENABLE_OCSP
if (session->internals.resumed == RESUME_FALSE)
@@ -3314,7 +3314,7 @@ static int handshake_server(gnutls_session_t session)
STATE = STATE6;
IMED_RET("send server certificate status", ret, 0);
#endif
- /* fall through */
+ FALLTHROUGH;
case STATE7:
/* send server key exchange (A) */
if (session->internals.resumed == RESUME_FALSE)
@@ -3323,7 +3323,7 @@ static int handshake_server(gnutls_session_t session)
AGAIN(STATE7));
STATE = STATE7;
IMED_RET("send server kx", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE8:
/* Send certificate request - if requested to */
if (session->internals.resumed == RESUME_FALSE)
@@ -3332,7 +3332,7 @@ static int handshake_server(gnutls_session_t session)
AGAIN(STATE8));
STATE = STATE8;
IMED_RET("send server cert request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE9:
/* send the server hello done */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
@@ -3342,7 +3342,7 @@ static int handshake_server(gnutls_session_t session)
AGAIN(STATE9));
STATE = STATE9;
IMED_RET("send server hello done", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE10:
if (session->security_parameters.do_recv_supplemental) {
ret = _gnutls_recv_supplemental(session);
@@ -3350,27 +3350,27 @@ static int handshake_server(gnutls_session_t session)
IMED_RET("recv client supplemental", ret, 1);
}
/* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
- /* fall through */
+ FALLTHROUGH;
case STATE11:
/* receive the client certificate message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_client_certificate(session);
STATE = STATE11;
IMED_RET("recv client certificate", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE12:
ret = _gnutls_run_verify_callback(session, GNUTLS_SERVER);
STATE = STATE12;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case STATE13:
/* receive the client key exchange message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret = _gnutls_recv_client_kx_message(session);
STATE = STATE13;
IMED_RET("recv client kx", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE14:
/* receive the client certificate verify message */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
@@ -3379,7 +3379,7 @@ static int handshake_server(gnutls_session_t session)
(session);
STATE = STATE14;
IMED_RET("recv client certificate verify", ret, 1);
- /* fall through */
+ FALLTHROUGH;
case STATE15:
STATE = STATE15;
if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
@@ -3389,14 +3389,14 @@ static int handshake_server(gnutls_session_t session)
ret = send_handshake_final(session, TRUE);
IMED_RET("send handshake final 2", ret, 1);
}
- /* fall through */
+ FALLTHROUGH;
case STATE16:
ret =
_gnutls_send_new_session_ticket(session,
AGAIN(STATE16));
STATE = STATE16;
IMED_RET("send handshake new session ticket", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case STATE17:
STATE = STATE17;
if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
@@ -3416,7 +3416,7 @@ static int handshake_server(gnutls_session_t session)
}
STATE = STATE0;
- /* fall through */
+ FALLTHROUGH;
default:
break;
}
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index bfcafa926c..6dcd2fdd08 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1724,7 +1724,7 @@ gnutls_x509_spki_st spki;
free(sig.data);
sig.data = NULL;
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_EC: /* we only do keys for ECDSA */
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_DSA:
@@ -1839,7 +1839,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
break;
}
#endif
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_DH:
{
struct dsa_params pub;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 844bfebdcf..6f9274856e 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -568,7 +568,8 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj,
}
data = tmp;
data_size = size;
- /* fallthrough */
+
+ FALLTHROUGH;
case GNUTLS_PKCS11_OBJ_ID:
a[0].type = CKA_ID;
a[0].value = (void*)data;
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 8fc42b95a5..ae6fb5cb2b 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -301,7 +301,7 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
case GNUTLS_PK_DSA:
if (mand)
*mand = 1;
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_PK_ECDSA:
me = _gnutls_dsa_q_to_hash(&key->params, NULL);
diff --git a/lib/record.c b/lib/record.c
index 96bf5736a9..f0bf192cb8 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -293,7 +293,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case BYE_STATE1:
ret =
gnutls_alert_send(session, GNUTLS_AL_WARNING,
@@ -303,7 +303,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
gnutls_assert();
return ret;
}
- /* fall through */
+ FALLTHROUGH;
case BYE_STATE2:
BYE_STATE = BYE_STATE2;
if (how == GNUTLS_SHUT_RDWR) {
@@ -1615,7 +1615,6 @@ check_session_status(gnutls_session_t session, unsigned ms)
session->internals.recv_state = RECV_STATE_0;
- /* Fall through: */
FALLTHROUGH;
case RECV_STATE_0:
@@ -1903,14 +1902,14 @@ gnutls_record_send2(gnutls_session_t session, const void *data,
return gnutls_assert_val(ret);
session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_2;
- /* fall-through */
+ FALLTHROUGH;
case RECORD_SEND_KEY_UPDATE_2:
ret = gnutls_session_key_update(session, 0);
if (ret < 0)
return gnutls_assert_val(ret);
session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_3;
- /* fall-through */
+ FALLTHROUGH;
case RECORD_SEND_KEY_UPDATE_3:
ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
-1, EPOCH_WRITE_CURRENT,
diff --git a/lib/tls13/post_handshake.c b/lib/tls13/post_handshake.c
index c550c198a7..ca0ed53b0a 100644
--- a/lib/tls13/post_handshake.c
+++ b/lib/tls13/post_handshake.c
@@ -99,23 +99,23 @@ int _gnutls13_reauth_client(gnutls_session_t session)
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE1:
ret = _gnutls13_recv_certificate_request_int(session,
&session->internals.reauth_buffer);
REAUTH_STATE = REAUTH_STATE1;
IMED_RET("recv certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE2:
ret = _gnutls13_send_certificate(session, AGAIN(REAUTH_STATE2));
REAUTH_STATE = REAUTH_STATE2;
IMED_RET("send certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE3:
ret = _gnutls13_send_certificate_verify(session, AGAIN(REAUTH_STATE3));
REAUTH_STATE = REAUTH_STATE3;
IMED_RET("send certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE4:
ret = _gnutls13_send_finished(session, AGAIN(REAUTH_STATE4));
REAUTH_STATE = REAUTH_STATE4;
@@ -160,29 +160,29 @@ int _gnutls13_reauth_server(gnutls_session_t session)
session->internals.handshake_hash_buffer_prev_len = session->internals.handshake_hash_buffer.length;
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE1:
ret = _gnutls13_send_certificate_request(session, AGAIN(REAUTH_STATE1));
REAUTH_STATE = REAUTH_STATE1;
IMED_RET("send certificate request", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE2:
/* here we should tolerate application data */
ret = _gnutls13_recv_certificate(session);
REAUTH_STATE = REAUTH_STATE2;
IMED_RET("recv certificate", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE3:
ret = _gnutls13_recv_certificate_verify(session);
REAUTH_STATE = REAUTH_STATE3;
IMED_RET("recv certificate verify", ret, 0);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE4:
ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
REAUTH_STATE = REAUTH_STATE4;
if (ret < 0)
return gnutls_assert_val(ret);
- /* fall through */
+ FALLTHROUGH;
case REAUTH_STATE5:
ret = _gnutls13_recv_finished(session);
REAUTH_STATE = REAUTH_STATE5;
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 7164820a8d..414f9aa3d3 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1645,7 +1645,7 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
goto done;
}
- /* fallthrough */
+ FALLTHROUGH;
case GNUTLS_BAG_PKCS8_KEY:
if (*key != NULL) { /* too simple to continue */
gnutls_assert();
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 721a1a0a93..4aff55eba9 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3979,7 +3979,7 @@ legacy_parse_aia(ASN1_TYPE src,
case GNUTLS_IA_CAISSUERS_URI:
oid = GNUTLS_OID_AD_CAISSUERS;
- /* fall through */
+ FALLTHROUGH;
case GNUTLS_IA_OCSP_URI:
if (oid == NULL)
@@ -4007,7 +4007,7 @@ legacy_parse_aia(ASN1_TYPE src,
gnutls_assert_val
(GNUTLS_E_UNKNOWN_ALGORITHM);
}
- /* fall through */
+ FALLTHROUGH;
case GNUTLS_IA_URI:
snprintf(nptr, sizeof(nptr),
diff --git a/tests/tls13/key_update.c b/tests/tls13/key_update.c
index bed8a682b4..9abfa8afed 100644
--- a/tests/tls13/key_update.c
+++ b/tests/tls13/key_update.c
@@ -145,7 +145,7 @@ static void run(const char *name, unsigned test)
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 2:
success("%s: updating server's key\n", name);
@@ -162,7 +162,7 @@ static void run(const char *name, unsigned test)
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 3:
success("%s: updating client's key and asking server\n", name);
do {
@@ -178,7 +178,7 @@ static void run(const char *name, unsigned test)
if (test != 0)
break;
sec_sleep(2);
- /* fall-through */
+ FALLTHROUGH;
case 4:
success("%s: updating server's key and asking client\n", name);
do {
diff --git a/tests/utils.h b/tests/utils.h
index 58e9aef8a2..d5409d661d 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -40,6 +40,14 @@
# error tests cannot be compiled with NDEBUG defined
#endif
+#if _GNUTLS_GCC_VERSION >= 70100
+#define FALLTHROUGH __attribute__ ((fallthrough))
+#endif
+
+#ifndef FALLTHROUGH
+# define FALLTHROUGH
+#endif
+
inline static int global_init(void)
{
#ifdef ENABLE_PKCS11