Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode

scan-build LLVM-13 fixes and expanded coverage

examples/client/client.c

@@ -2709,7 +2709,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         default:
             err_sys("Bad SSL version");
-            break;
     }
 
     if (method == NULL)
@@ -3692,7 +3691,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (scr && forceScr) {
         if (nonBlocking) {
             if (!resumeScr) {
-                if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
                     if (err == WOLFSSL_ERROR_WANT_READ ||
                             err == WOLFSSL_ERROR_WANT_WRITE) {
@@ -3711,8 +3710,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                         else {
                             do {
                                 if (err == APP_DATA_READY) {
-                                    if ((ret = wolfSSL_read(ssl, reply,
-                                            sizeof(reply)-1)) < 0) {
+                                    if (wolfSSL_read(ssl, reply,
+                                            sizeof(reply)-1) < 0) {
                                         err_sys("APP DATA should be present "
                                                 "but error returned");
                                     }

examples/echoclient/echoclient.c

@@ -318,10 +318,6 @@ void echoclient_test(void* args)
                 printf("SSL_read msg error %d, %s\n", err,
                     ERR_error_string(err, buffer));
                 err_sys("SSL_read failed");
-
-            #ifndef WOLFSSL_MDK_SHELL
-                break;
-            #endif
             }
         }
     }

examples/server/server.c

@@ -3073,13 +3073,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     defined(HAVE_SERVER_RENEGOTIATION_INFO)
         if (scr && forceScr) {
             if (nonBlocking) {
-                if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
                     if (err == WOLFSSL_ERROR_WANT_READ ||
                             err == WOLFSSL_ERROR_WANT_WRITE) {
                         do {
                             if (err == APP_DATA_READY) {
-                                if ((ret = wolfSSL_read(ssl, input, sizeof(input)-1)) < 0) {
+                                if (wolfSSL_read(ssl, input, sizeof(input)-1) < 0) {
                                     err_sys("APP DATA should be present but error returned");
                                 }
                                 printf("Received message: %s\n", input);
@@ -3112,7 +3112,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     }
                 }
             } else {
-                if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
 #ifdef WOLFSSL_ASYNC_CRYPT
                     err = wolfSSL_get_error(ssl, 0);
                     while (err == WC_PENDING_E) {

src/ssl.c

@@ -24680,19 +24680,18 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         {"None",    NID_auth_null},
         {NULL,      NID_undef}
     };
-    
+
     const struct authnid* sa;
     const char* authStr;
-    const char* name;
     char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
-    
-    if ((name = GetCipherSegment(cipher, n)) == NULL) {
+
+    if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
         return NID_undef;
     }
 
     authStr = GetCipherAuthStr(n);
-    
+
     if (authStr != NULL) {
         for(sa = authnid_tbl; sa->alg_name != NULL; sa++) {
             if (XSTRNCMP(sa->alg_name, authStr, XSTRLEN(sa->alg_name)) == 0) {
@@ -24700,7 +24699,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
             }
         }
     }
-    
+
     return NID_undef;
 }
 /* return cipher NID corresponding to cipher suite
@@ -24732,12 +24731,11 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
     
     const struct ciphernid* c;
     const char* encStr;
-    const char* name;
     char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
     
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_cipher_nid");
     
-    if ((name = GetCipherSegment(cipher, n)) == NULL) {
+    if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
         return NID_undef;
     }
@@ -24859,11 +24857,10 @@ static const struct kxnid {
 int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher)
 {
     char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
-    const char* name;
 
     WOLFSSL_ENTER("wolfSSL_CIPHER_is_aead");
-    
-    if ((name = GetCipherSegment(cipher, n)) == NULL) {
+
+    if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
         return NID_undef;
     }
@@ -54635,8 +54632,8 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
 
     /* Create a Cert that has the certificate request fields. */
     req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
-    if ((ret = wolfssl_x509_make_der(req, 1, der, &derSz, 0))
-            != WOLFSSL_SUCCESS) {
+    ret = wolfssl_x509_make_der(req, 1, der, &derSz, 0);
+    if (ret != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("Unable to make DER for X509");
         WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", ret);
         return WOLFSSL_FAILURE;
@@ -58066,10 +58063,8 @@ void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx)
 #endif /* OPENSSL_EXTRA */
 
 #ifndef NO_FILESYSTEM
-    #ifdef __clang__
-        #pragma clang diagnostic push
-        #pragma clang diagnostic ignored "-Wformat-nonliteral"
-    #endif
+    PRAGMA_CLANG_DIAG_PUSH
+    PRAGMA_CLANG("clang diagnostic ignored \"-Wformat-nonliteral\"")
 #endif
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
@@ -58152,8 +58147,8 @@ int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
 }
 #endif /* OPENSSL_EXTRA && !NO_BIO */
 
-#if !defined(NO_FILESYSTEM) && defined(__clang__)
-#pragma clang diagnostic pop
+#ifndef NO_FILESYSTEM
+    PRAGMA_CLANG_DIAG_POP
 #endif
 
 #undef  LINE_LEN

src/tls.c

@@ -3219,7 +3219,6 @@ void* TLSX_CSR_GetRequest(TLSX* extensions)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 return &csr->request.ocsp;
-            break;
         }
     }
 
@@ -3642,7 +3641,6 @@ void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx)
                     return idx < csr2->requests
                          ? &csr2->request.ocsp[csr2->requests - idx - 1]
                          : NULL;
-                break;
             }
         }
     }
@@ -10212,8 +10210,8 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
     WOLFSSL_FFDHE_8192,
 #endif
+    WOLFSSL_NAMED_GROUP_INVALID
 };
-#define PREFERRED_GROUP_SZ (sizeof(preferredGroup) / sizeof(*preferredGroup))
 
 #endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */
 
@@ -10227,7 +10225,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 #endif
 #if defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)
     TLSX* extension = NULL;
-    word16 namedGroup = 0;
+    word16 namedGroup = WOLFSSL_NAMED_GROUP_INVALID;
 #endif
 
     /* server will add extension depending on what is parsed from client */
@@ -10308,11 +10306,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                     namedGroup = ssl->session.namedGroup;
                 else
             #endif
-                if (PREFERRED_GROUP_SZ == 0) {
-                    WOLFSSL_MSG("No groups in preference list");
-                    return KEY_SHARE_ERROR;
-                }
-                else if (ssl->numGroups > 0) {
+                if (ssl->numGroups > 0) {
                     int set = 0;
                     int i, j;
 
@@ -10321,7 +10315,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                      */
                     namedGroup = preferredGroup[0];
                     for (i = 0; i < ssl->numGroups && !set; i++) {
-                        for (j = 0; j < (int)PREFERRED_GROUP_SZ; j++) {
+                        for (j = 0; preferredGroup[j] != WOLFSSL_NAMED_GROUP_INVALID; j++) {
                             if (preferredGroup[j] == ssl->group[i]) {
                                 namedGroup = ssl->group[i];
                                 set = 1;

tests/api.c

@@ -21609,8 +21609,9 @@ static int test_wc_curve25519_export_key_raw_ex (void)
         return  1;
     }
 
-#endif
+#else
     return 0;
+#endif
 } /* end of test_wc_curve25519_export_key_raw_ex */
 /*
  * Testing wc_curve25519_make_key
@@ -39512,7 +39513,6 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
 
     int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
     int test_drive_len[100];
-    int drive_len;
 
     int ret = 0;
     EVP_CIPHER_CTX *evp = NULL;
@@ -39595,7 +39595,6 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
     for (i = 0; test_drive[i]; i++) {
 
             last_val = 0x0f;
-        drive_len = 0;
 
         AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);
 
@@ -39610,7 +39609,6 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
             binary_dump(outb, outl);
             AssertIntEQ((ret = check_result(outb, outl)), 0);
             AssertFalse(outl > ((inl/16+1)*16) && outl > 16);
-            drive_len += outl;
         }
 
         ret = EVP_CipherFinal(evp, outb, &outl);

wolfcrypt/src/aes.c

@@ -10075,6 +10075,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     o = out;
     oSz = inSz;
+    XMEMSET(A, 0, sizeof A);
     XMEMCPY(B+1, nonce, nonceSz);
     lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 

wolfcrypt/src/camellia.c

@@ -1548,7 +1548,7 @@ int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv
             ret = camellia_setup256(key, cam->key);
             break;
         default:
-            return BAD_FUNC_ARG;
+            ret = BAD_FUNC_ARG;
     }
 
     if (ret != 0)

wolfcrypt/src/evp.c

@@ -4182,7 +4182,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     {
         struct do_all_md *md = (struct do_all_md*)arg;
         
-        const char* alias = NULL;
         const struct s_ent *ent;
         
         /* sanity check */
@@ -4193,7 +4192,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         /* loop all md */
         for (ent = md_tbl; ent->name != NULL; ent++){
             /* check if the md has alias */
-            if((alias = hasAliasName(ent->name)) != NULL) {
+            if(hasAliasName(ent->name) != NULL) {
                 md->fn(NULL, ent->name, ent->name, md->arg);
             }
             else {
@@ -9008,8 +9007,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
         cpySz = min((BASE64_DECODE_BLOCK_SIZE - ctx->remaining), inl);
 
         for ( i = 0; cpySz > 0 && inLen > 0; i++) {
-            if ((res = Base64_SkipNewline(in, &inLen, &j))
-                                            == ASN_INPUT_E) {
+            if (Base64_SkipNewline(in, &inLen, &j) == ASN_INPUT_E) {
                 return -1;  /* detected an illegal char in input */
             }
             c = in[j++];

wolfcrypt/src/pkcs7.c

@@ -11012,6 +11012,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     /* authAttribs: add contentType attrib if needed */
     if (pkcs7->contentOID != DATA) {
 
+        XMEMSET(&contentTypeAttrib, 0, sizeof contentTypeAttrib);
+
         /* if type is not id-data, contentType attribute MUST be added */
         contentTypeAttrib.oid = contentTypeOid;
         contentTypeAttrib.oidSz = sizeof(contentTypeOid);

wolfcrypt/src/sha512.c

@@ -806,6 +806,9 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
     if (sha512->buffLen >= WC_SHA512_BLOCK_SIZE)
         return BUFFER_E;
 
+    if (len == 0)
+        return 0;
+
     AddLength(sha512, len);
 
     if (sha512->buffLen > 0) {

wolfcrypt/src/sp_int.c

@@ -3649,10 +3649,10 @@ int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r)
         err = MP_VAL;
     }
 
-    if (0) {
+    #if 0
         sp_print(a, "a");
         sp_print_digit(d, "m");
-    }
+    #endif
 
     if (err == MP_OKAY) {
         /* Check whether d is a power of 2. */
@@ -3696,9 +3696,9 @@ int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r)
     #endif
     }
 
-    if (0) {
+    #if 0
         sp_print_digit(*r, "rmod");
-    }
+    #endif
 
     return err;
 }
@@ -3732,10 +3732,10 @@ int sp_div_2_mod_ct(sp_int* a, sp_int* m, sp_int* r)
         sp_int_digit mask;
         int i;
 
-        if (0) {
+        #if 0
             sp_print(a, "a");
             sp_print(m, "m");
-        }
+        #endif
 
         mask = 0 - (a->dp[0] & 1);
         for (i = 0; i < m->used; i++) {
@@ -3754,9 +3754,9 @@ int sp_div_2_mod_ct(sp_int* a, sp_int* m, sp_int* r)
         sp_clamp(r);
         sp_div_2(r, r);
 
-        if (0) {
+        #if 0
             sp_print(r, "rd2");
-        }
+        #endif
     }
 
     return err;
@@ -3828,10 +3828,10 @@ static int _sp_add_off(sp_int* a, sp_int* b, sp_int* r, int o)
     int j;
     sp_int_word t = 0;
 
-    if (0) {
+    #if 0
         sp_print(a, "a");
         sp_print(b, "b");
-    }
+    #endif
 
 #ifdef SP_MATH_NEED_ADD_OFF
     for (i = 0; (i < o) && (i < a->used); i++) {
@@ -3869,9 +3869,9 @@ static int _sp_add_off(sp_int* a, sp_int* b, sp_int* r, int o)
 
     sp_clamp(r);
 
-    if (0) {
+    #if 0
         sp_print(r, "radd");
-    }
+    #endif
 
     return MP_OKAY;
 }
@@ -4055,11 +4055,13 @@ int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
     }
 
     ALLOC_SP_INT_SIZE(t, used, err, NULL);
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
         sp_print(b, "b");
         sp_print(m, "m");
     }
+    #endif
 
     if (err == MP_OKAY) {
         err = sp_add(a, b, t);
@@ -4068,9 +4070,11 @@ int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
         err = sp_mod(t, m, r);
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rma");
     }
+    #endif
 
     FREE_SP_INT(t, NULL);
     return err;
@@ -4105,11 +4109,13 @@ int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
         sp_print(b, "b");
         sp_print(m, "m");
     }
+    #endif
 
     ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
     if (err == MP_OKAY) {
@@ -4136,9 +4142,11 @@ int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
         }
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rms");
     }
+    #endif
 
     FREE_SP_INT_ARRAY(t, NULL);
     return err;
@@ -4154,11 +4162,13 @@ int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
         sp_print(b, "b");
         sp_print(m, "m");
     }
+    #endif
 
     ALLOC_SP_INT_SIZE(t, used, err, NULL);
     if (err == MP_OKAY) {
@@ -4168,9 +4178,11 @@ int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
         err = sp_mod(t, m, r);
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rms");
     }
+    #endif
 
     FREE_SP_INT(t, NULL);
     return err;
@@ -4551,10 +4563,12 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
         sp_print(d, "b");
     }
+    #endif
 
     if (err == MP_OKAY) {
     #ifdef WOLFSSL_SP_INT_NEGATIVE
@@ -4756,7 +4770,8 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
         }
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         if (rem != NULL) {
             sp_print(rem, "rdr");
         }
@@ -4764,6 +4779,7 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
             sp_print(r, "rdw");
         }
     }
+    #endif
 
     FREE_SP_INT_ARRAY(td, NULL);
     return err;
@@ -7679,10 +7695,12 @@ int sp_mul(sp_int* a, sp_int* b, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
         sp_print(b, "b");
     }
+    #endif
 
     if (err == MP_OKAY) {
     #ifdef WOLFSSL_SP_INT_NEGATIVE
@@ -7783,9 +7801,11 @@ int sp_mul(sp_int* a, sp_int* b, sp_int* r)
     }
 #endif
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rmul");
     }
+    #endif
 
     return err;
 }
@@ -8665,11 +8685,13 @@ int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(b, "a");
         sp_print(e, "b");
         sp_print(m, "m");
     }
+    #endif
 
     if (err != MP_OKAY) {
     }
@@ -8777,9 +8799,11 @@ int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r)
     (void)eBits;
     (void)digits;
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rme");
     }
+    #endif
     return err;
 }
 #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
@@ -9172,11 +9196,13 @@ int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(b, "a");
         sp_print(e, "b");
         sp_print(m, "m");
     }
+    #endif
 
     if (err != MP_OKAY) {
     }
@@ -9206,9 +9232,11 @@ int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
         err = _sp_exptmod_nct(b, e, m, r);
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rme");
     }
+    #endif
 
     return err;
 }
@@ -11655,9 +11683,11 @@ int sp_sqr(sp_int* a, sp_int* r)
         err = MP_VAL;
     }
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(a, "a");
     }
+    #endif
 
     if (err == MP_OKAY) {
         if (a->used == 0) {
@@ -11747,9 +11777,11 @@ int sp_sqr(sp_int* a, sp_int* r)
     }
 #endif
 
-    if (0 && (err == MP_OKAY)) {
+    #if 0
+    if (err == MP_OKAY) {
         sp_print(r, "rsqr");
     }
+    #endif
 
     return err;
 #endif /* WOLFSSL_SP_MATH && WOLFSSL_SP_SMALL */

wolfcrypt/src/srp.c

@@ -619,16 +619,21 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
         if (!r) r = SrpHashUpdate(&hash, secret, size);
         if (!r) r = SrpHashUpdate(&hash, counter, 4);
 
-        if (j + digestSz > srp->keySz) {
-            if (!r) r = SrpHashFinal(&hash, digest);
-            XMEMCPY(srp->key + j, digest, srp->keySz - j);
-            j = srp->keySz;
-        }
-        else {
-            if (!r) r = SrpHashFinal(&hash, srp->key + j);
-            j += digestSz;
+        if (!r) {
+            if (j + digestSz > srp->keySz) {
+                r = SrpHashFinal(&hash, digest);
+                XMEMCPY(srp->key + j, digest, srp->keySz - j);
+                j = srp->keySz;
+            }
+            else
+            {
+                r = SrpHashFinal(&hash, srp->key + j);
+                j += digestSz;
+            }
         }
         SrpHashFree(&hash);
+        if (r)
+            break;
     }
 
     ForceZero(digest, sizeof(digest));

wolfssl/ssl.h

@@ -3530,6 +3530,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
 
 /* Named Groups */
 enum {
+    WOLFSSL_NAMED_GROUP_INVALID = 0,
 #if 0 /* Not Supported */
     WOLFSSL_ECC_SECT163K1 = 1,
     WOLFSSL_ECC_SECT163R1 = 2,

wolfssl/wolfcrypt/types.h

@@ -330,6 +330,14 @@ decouple library dependencies with standard string, memory and so on.
         #endif
     #endif /* WARN_UNUSED_RESULT */
 
+    #ifndef WC_MAYBE_UNUSED
+        #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__)
+            #define WC_MAYBE_UNUSED __attribute__((unused))
+        #else
+            #define WC_MAYBE_UNUSED
+        #endif
+    #endif /* WC_MAYBE_UNUSED */
+
     /* Micrium will use Visual Studio for compilation but not the Win32 API */
     #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
         !defined(FREERTOS_TCP) && !defined(EBSNET) && \
@@ -1133,6 +1141,19 @@ decouple library dependencies with standard string, memory and so on.
         #define PRAGMA_GCC_POP
     #endif
 
+    #ifdef __clang__
+        #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push")
+        #define PRAGMA_CLANG(str) _Pragma(str)
+        #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop")
+    #else
+        #define PRAGMA_CLANG_DIAG_PUSH
+        #define PRAGMA_CLANG(str)
+        #define PRAGMA_CLANG_DIAG_POP
+    #endif
+
+
+
+
     #ifdef __cplusplus
         }   /* extern "C" */
     #endif