Merge pull request #4580 from kareem-wolfssl/minor_fixes

Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.

src/internal.c

@@ -22662,6 +22662,10 @@ exit_dpk:
         int                ret;
         word16             extSz = 0;
 
+        if (ssl == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
 #ifdef WOLFSSL_TLS13
         if (IsAtLeastTLSv1_3(ssl->version))
             return SendTls13ClientHello(ssl);
@@ -22719,6 +22723,10 @@ exit_dpk:
 #endif
         sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
+        if (ssl->arrays == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
 #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
             length += ENUM_LEN;   /* cookie */

src/tls13.c

@@ -3014,6 +3014,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND);
     WOLFSSL_ENTER("SendTls13ClientHello");
 
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifdef HAVE_SESSION_TICKET
     if (ssl->options.resuming &&
             (ssl->session.version.major != ssl->version.major ||
@@ -3130,6 +3134,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
     /* Keep for downgrade. */
     ssl->chVersion = ssl->version;
 
+    if (ssl->arrays == NULL) {
+        return BAD_FUNC_ARG;
+    }
     /* Client Random */
     if (ssl->options.connectState == CONNECT_BEGIN) {
         ret = wc_RNG_GenerateBlock(ssl->rng, args->output + args->idx, RAN_LEN);
@@ -9676,7 +9683,7 @@ int wolfSSL_CTX_get_max_early_data(WOLFSSL_CTX* ctx)
  *
  * ssl  The SSL/TLS object.
  * returns BAD_FUNC_ARG when ssl is NULL, or not using TLS v1.3,
- * SIDE_ERROR when not a server and 
+ * SIDE_ERROR when not a server and
  * returns the maximum amount of early data to be set
  */
 int wolfSSL_get_max_early_data(WOLFSSL* ssl)

wolfcrypt/src/evp.c

@@ -1964,6 +1964,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
                     pkey->ownEcc = 1;
                 }
             }
+            break;
 #endif
         default:
             break;

wolfcrypt/src/pkcs7.c

@@ -11692,8 +11692,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
             FALL_THROUGH;
 
-authenv_atrbend:
         case WC_PKCS7_AUTHENV_ATRBEND:
+authenv_atrbend:
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
                             ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {

wolfssl/wolfcrypt/types.h

@@ -311,12 +311,13 @@ decouple library dependencies with standard string, memory and so on.
     #ifndef FALL_THROUGH
         /* GCC 7 has new switch() fall-through detection */
         #if defined(__GNUC__)
-            #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
-                #if defined(WOLFSSL_LINUXKM) && defined(fallthrough)
-                    #define FALL_THROUGH fallthrough
-                #else
-                    #define FALL_THROUGH ; __attribute__ ((fallthrough))
-                #endif
+            #if defined(fallthrough)
+                #define FALL_THROUGH fallthrough
+            #elif ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
+                #define FALL_THROUGH ; __attribute__ ((fallthrough))
+            #elif defined(__clang__) && defined(__clang_major__) && \
+                    (__clang_major__ >= 11)
+                #define FALL_THROUGH ; __attribute__ ((fallthrough))
             #endif
         #endif
     #endif /* FALL_THROUGH */