Fixes for invalid printf format specifiers
Fixes for printf format specifiers, where they have been flagged as
invalid sizes by coverity, and new build flags to enable catching these
errors when building using CMake. Note that this patch uses %zu, which
requires C99 or later.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a8331d9..b4ba88c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -685,7 +685,7 @@
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "sending session ticket of length %d", tlen ) );
+ ( "sending session ticket of length %zu", tlen ) );
memcpy( p, ssl->session_negotiate->ticket, tlen );
@@ -905,7 +905,7 @@
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lld", (long long) t ) );
#else
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
return( ret );
@@ -1114,7 +1114,7 @@
for( i = 0; i < n; i++ )
*p++ = ssl->session_negotiate->id[i];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %zu", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
/*
@@ -1182,7 +1182,7 @@
continue;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
- ciphersuites[i], ciphersuite_info->name ) );
+ (unsigned int)ciphersuites[i], ciphersuite_info->name ) );
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1197,7 +1197,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+ ( "client hello, got %zu ciphersuites (excluding SCSVs)", n ) );
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -1420,7 +1420,7 @@
/* olen unused if all extensions are disabled */
((void) olen);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %zu",
ext_len ) );
if( ext_len > 0 )
@@ -2167,10 +2167,10 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
- ( (uint32_t) buf[2] << 24 ) |
- ( (uint32_t) buf[3] << 16 ) |
- ( (uint32_t) buf[4] << 8 ) |
- ( (uint32_t) buf[5] ) ) );
+ ( (unsigned long) buf[2] << 24 ) |
+ ( (unsigned long) buf[3] << 16 ) |
+ ( (unsigned long) buf[4] << 8 ) |
+ ( (unsigned long) buf[5] ) ) );
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
@@ -2253,7 +2253,7 @@
if( ssl->handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "ciphersuite info for %04x not found", i ) );
+ ( "ciphersuite info for %04x not found", (unsigned int)i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -2261,7 +2261,7 @@
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
/*
@@ -2304,7 +2304,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned int)i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
buf[37 + n] ) );
@@ -2373,7 +2373,7 @@
ext = buf + 40 + n;
MBEDTLS_SSL_DEBUG_MSG( 2,
- ( "server hello, total extension length: %d", ext_len ) );
+ ( "server hello, total extension length: %zu", ext_len ) );
while( ext_len )
{
@@ -2537,7 +2537,7 @@
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown extension found: %d (ignoring)", ext_id ) );
+ ( "unknown extension found: %u (ignoring)", ext_id ) );
}
ext_len -= 4 + ext_size;
@@ -2628,7 +2628,7 @@
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %zu < %u",
ssl->handshake->dhm_ctx.len * 8,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@@ -4347,7 +4347,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", ticket_len ) );
/* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 72f09bb..26e19a6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -283,8 +283,8 @@
}
ssl->handshake->retransmit_timeout = new_timeout;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
- ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout ) );
return( 0 );
}
@@ -292,8 +292,8 @@
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
{
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
- ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout ) );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -764,7 +764,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
"including %d bytes of padding",
rec->data_len, 0 ) );
@@ -842,7 +842,7 @@
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
"including 0 bytes of padding",
rec->data_len ) );
@@ -945,8 +945,8 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of IV and %d bytes of padding",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
+ "including %zu bytes of IV and %zu bytes of padding",
rec->data_len, transform->ivlen,
padlen + 1 ) );
@@ -1366,7 +1366,7 @@
{
if( rec->data_len < dynamic_iv_len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < explicit_iv_len (%zu) ",
rec->data_len,
dynamic_iv_len ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -1385,7 +1385,7 @@
/* Check that there's space for the authentication tag. */
if( rec->data_len < transform->taglen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < taglen (%zu) ",
rec->data_len,
transform->taglen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -1488,7 +1488,7 @@
if( rec->data_len < minlen + transform->ivlen ||
rec->data_len < minlen + transform->maclen + 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < max( ivlen(%zu), maclen (%zu) "
"+ 1 ) ( + expl IV )", rec->data_len,
transform->ivlen,
transform->maclen ) );
@@ -1554,7 +1554,7 @@
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
if( rec->data_len % transform->ivlen != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) %% ivlen (%zu) != 0",
rec->data_len, transform->ivlen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
@@ -1624,7 +1624,7 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( rec->data_len < transform->maclen + padlen + 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < maclen (%zu) + padlen (%zu)",
rec->data_len,
transform->maclen,
padlen + 1 ) );
@@ -1653,8 +1653,8 @@
if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
- "should be no more than %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %zu, "
+ "should be no more than %zu",
padlen, transform->ivlen ) );
#endif
correct = 0;
@@ -1890,7 +1890,7 @@
memcpy( msg_pre, ssl->out_msg, len_pre );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %zu, ",
ssl->out_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
@@ -1911,7 +1911,7 @@
ssl->out_msglen = out_buf_len -
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %zu, ",
ssl->out_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
@@ -1942,7 +1942,7 @@
memcpy( msg_pre, ssl->in_msg, len_pre );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %zu, ",
ssl->in_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
@@ -1963,7 +1963,7 @@
ssl->in_msglen = in_buf_len -
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %zu, ",
ssl->in_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
@@ -2042,7 +2042,7 @@
if( ssl->in_left != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %zu",
ssl->next_record_offset ) );
memmove( ssl->in_hdr,
ssl->in_hdr + ssl->next_record_offset,
@@ -2052,7 +2052,7 @@
ssl->next_record_offset = 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
ssl->in_left, nb_want ) );
/*
@@ -2094,7 +2094,7 @@
else
timeout = ssl->conf->read_timeout;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
if( ssl->f_recv_timeout != NULL )
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
@@ -2153,7 +2153,7 @@
else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
ssl->in_left, nb_want ) );
while( ssl->in_left < nb_want )
@@ -2177,7 +2177,7 @@
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
ssl->in_left, nb_want ) );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
@@ -2190,8 +2190,8 @@
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_recv returned %d bytes but only %lu were requested",
- ret, (unsigned long)len ) );
+ ( "f_recv returned %d bytes but only %zu were requested",
+ ret, len ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2230,7 +2230,7 @@
while( ssl->out_left > 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %zu, out_left: %zu",
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
@@ -2244,8 +2244,8 @@
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_send returned %d bytes but only %lu bytes were sent",
- ret, (unsigned long)ssl->out_left ) );
+ ( "f_send returned %d bytes but only %zu bytes were sent",
+ ret, ssl->out_left ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2286,14 +2286,14 @@
/* Allocate space for current message */
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed",
sizeof( mbedtls_ssl_flight_item ) ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", ssl->out_msglen ) );
mbedtls_free( msg );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
@@ -2922,8 +2922,8 @@
/* Now write the potentially updated record content type. */
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
+ "version = [%u:%u], msglen = %zu",
ssl->out_hdr[0], ssl->out_hdr[1],
ssl->out_hdr[2], len ) );
@@ -3119,7 +3119,7 @@
{
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %zu",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -3127,7 +3127,7 @@
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
- " %d, type = %d, hslen = %d",
+ " %zu, type = %u, hslen = %zu",
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -3163,7 +3163,7 @@
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
- "message_seq = %d, start_of_flight = %d",
+ "message_seq = %u, start_of_flight = %u",
recv_msg_seq,
ssl->handshake->in_flight_start_seq ) );
@@ -3176,7 +3176,7 @@
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
- "message_seq = %d, expected = %d",
+ "message_seq = %u, expected = %u",
recv_msg_seq,
ssl->handshake->in_msg_seq ) );
}
@@ -3746,8 +3746,8 @@
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
+ "version = [%d:%d], msglen = %zu",
rec->type,
major_ver, minor_ver, rec->data_len ) );
@@ -3790,8 +3790,8 @@
if( rec_epoch != ssl->in_epoch )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
- "expected %d, received %d",
- ssl->in_epoch, rec_epoch ) );
+ "expected %u, received %lu",
+ ssl->in_epoch, (unsigned long) rec_epoch ) );
/* Records from the next epoch are considered for buffering
* (concretely: early Finished messages). */
@@ -4325,31 +4325,31 @@
{
/* If we can't buffer a future message because
* of space limitations -- ignore. */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
- (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n",
+ msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
goto exit;
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
- (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+ msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
}
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
- (unsigned) msg_len,
- (unsigned) reassembly_buf_sz,
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %d (already %zu bytes buffered) -- fail\n",
+ msg_len,
+ reassembly_buf_sz,
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ hs->buffering.total_bytes_buffered ) );
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %zu",
msg_len ) );
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
@@ -4395,7 +4395,7 @@
frag_off = ssl_get_hs_frag_off( ssl );
frag_len = ssl_get_hs_frag_len( ssl );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %zu, length = %zu",
frag_off, frag_len ) );
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
@@ -4622,15 +4622,15 @@
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
- (unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n",
+ rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
return( 0 );
}
/* Buffer record */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
- ssl->in_epoch + 1 ) );
+ ssl->in_epoch + 1U ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
/* ssl_parse_record_header() only considers records
@@ -4903,7 +4903,7 @@
{
if( ssl->in_msglen != 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %zu",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -4939,12 +4939,12 @@
/* Note: Standard allows for more than one 2 byte alert
to be packed in a single message, but Mbed TLS doesn't
currently support this. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %zu",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
ssl->in_msg[0], ssl->in_msg[1] ) );
/*
@@ -5771,7 +5771,7 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
- "maximum fragment length: %d > %d",
+ "maximum fragment length: %zu > %zu",
len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e33b828..d72ded4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -298,13 +298,13 @@
{
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
- " match sig %d and hash %d",
+ " match sig %u and hash %u",
sig_cur, md_cur ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
- "hash alg %d not supported", md_cur ) );
+ "hash alg %u not supported", md_cur ) );
}
}
@@ -633,7 +633,7 @@
/* Remember the client asked us to send a new ticket */
ssl->handshake->new_session_ticket = 1;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", len ) );
if( len == 0 )
return( 0 );
@@ -1048,7 +1048,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
- suite_id, suite_info->name ) );
+ (unsigned int)suite_id, suite_info->name ) );
if( suite_info->min_minor_ver > ssl->minor_ver ||
suite_info->max_minor_ver < ssl->minor_ver )
@@ -1116,7 +1116,7 @@
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
- "for signature algorithm %d", sig_type ) );
+ "for signature algorithm %u", sig_type ) );
return( 0 );
}
}
@@ -1247,7 +1247,7 @@
sess_len = ( buf[2] << 8 ) | buf[3];
chal_len = ( buf[4] << 8 ) | buf[5];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
ciph_len, sess_len, chal_len ) );
/*
@@ -1629,7 +1629,7 @@
if( cli_msg_seq != ssl->handshake->in_msg_seq )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
- "%d (expected %d)", cli_msg_seq,
+ "%u (expected %u)", cli_msg_seq,
ssl->handshake->in_msg_seq ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
@@ -2073,7 +2073,7 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
ext_id ) );
}
@@ -2274,7 +2274,7 @@
else
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
- "%d - should not happen", sig_alg ) );
+ "%u - should not happen", sig_alg ) );
}
}
#endif
@@ -2826,7 +2826,7 @@
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lld", (long long) t ) );
#else
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
return( ret );
@@ -2914,7 +2914,7 @@
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
p += ssl->session_negotiate->id_len;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
@@ -2926,7 +2926,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
- ssl->session_negotiate->compression ) );
+ (unsigned int)ssl->session_negotiate->compression ) );
/* Do not write the extensions if the protocol is SSLv3 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
@@ -2995,7 +2995,7 @@
ext_len += olen;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %zu", ext_len ) );
if( ext_len > 0 )
{
@@ -3502,7 +3502,7 @@
md_alg = MBEDTLS_MD_NONE;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", md_alg ) );
/*
* 2.2: Compute the hash to be signed
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 336cbea..eb22b21 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -961,7 +961,7 @@
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -969,7 +969,7 @@
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
if( md_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
ciphersuite_info->mac ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2215,7 +2215,7 @@
n = crt->raw.len;
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %d",
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
}
@@ -2708,7 +2708,7 @@
if( ssl->session_negotiate->verify_result != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
- ssl->session_negotiate->verify_result ) );
+ (unsigned int) ssl->session_negotiate->verify_result ) );
}
else
{
@@ -2831,7 +2831,7 @@
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
if( chain == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed",
sizeof( mbedtls_x509_crt ) ) );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -3858,7 +3858,7 @@
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
if( ssl->in_buf == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", in_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
@@ -3869,7 +3869,7 @@
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
if( ssl->out_buf == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", out_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
