Bug Summary

File:root/firefox-clang/security/nss/lib/ssl/ssl3ext.h
Warning:line 33, column 8
Excessive padding in 'struct TLSExtensionDataStr' (52 padding bytes, where 4 is optimal). Optimal fields order: advertised, echAdvertised, sniNameArr, sigSchemes, delegCredSigSchemes, delegCredSigSchemesAdvertised, selectedGroup, peerDelegCred, selectedPsk, ech, remoteKeyShares, psk_ke_modes, signedCertTimestamps, certReqContext, nextProto, pskBinder, cookie, applicationToken, certReqAuthorities, serverHelloSenders, encryptedExtensionsSenders, certificateSenders, ticketTimestampVerified, emptySessionTicket, sentSessionTicketInClientHello, max_early_data_size, sniNameArrSize, peerSupportsFfdheGroups, numSigSchemes, numDelegCredSigSchemes, numDelegCredSigSchemesAdvertised, nextProtoState, echXtnOffset, lastXtnOffset, pskBindersLen, ticketAge, peerRequestedDelegCred, sendingDelegCredToPeer, certificateCompressionAdvertised, numAdvertised, echNumAdvertised, numNegotiated, dtlsSRTPCipherSuite, recordSizeLimit, compressionAlg, negotiated, consider reordering the fields or adding explicit padding members

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name authcert.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -fcoverage-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -resource-dir /usr/lib/llvm-21/lib/clang/21 -include /root/firefox-clang/obj-x86_64-pc-linux-gnu/mozilla-config.h -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D _GLIBCXX_ASSERTIONS -D DEBUG -D NSS_FIPS_DISABLED -D NSS_NO_INIT_SUPPORT -D NSS_X86_OR_X64 -D NSS_X64 -D NSS_USE_64 -D NSS_ALLOW_SSLKEYLOGFILE -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -D LINUX2_1 -D LINUX -D linux -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D HAVE_STRERROR -D XP_UNIX -D _REENTRANT -D NSS_DISABLE_DBM -D NSS_DISABLE_LIBPKIX -I /root/firefox-clang/security/nss/lib/ssl -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/ssl/ssl_ssl -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/private/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include -D MOZILLA_CLIENT -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-range-loop-analysis -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-06-27-100320-3286336-1 -x c /root/firefox-clang/security/nss/lib/ssl/authcert.c
1/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/*
3 * This file is PRIVATE to SSL.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9#ifndef __ssl3ext_h_
10#define __ssl3ext_h_
11
12#include "pk11hpke.h"
13#include "sslencode.h"
14
15typedef enum {
16 sni_nametype_hostname
17} SNINameType;
18typedef struct TLSExtensionDataStr TLSExtensionData;
19
20/* Registerable callback function that either appends extension to buffer
21 * or returns length of data that it would have appended.
22 */
23typedef SECStatus (*sslExtensionBuilderFunc)(const sslSocket *ss,
24 TLSExtensionData *xtnData,
25 sslBuffer *buf, PRBool *added);
26
27/* row in a table of hello extension senders */
28typedef struct {
29 PRInt32 ex_type;
30 sslExtensionBuilderFunc ex_sender;
31} sslExtensionBuilder;
32
33struct TLSExtensionDataStr {
Excessive padding in 'struct TLSExtensionDataStr' (52 padding bytes, where 4 is optimal). Optimal fields order: advertised, echAdvertised, sniNameArr, sigSchemes, delegCredSigSchemes, delegCredSigSchemesAdvertised, selectedGroup, peerDelegCred, selectedPsk, ech, remoteKeyShares, psk_ke_modes, signedCertTimestamps, certReqContext, nextProto, pskBinder, cookie, applicationToken, certReqAuthorities, serverHelloSenders, encryptedExtensionsSenders, certificateSenders, ticketTimestampVerified, emptySessionTicket, sentSessionTicketInClientHello, max_early_data_size, sniNameArrSize, peerSupportsFfdheGroups, numSigSchemes, numDelegCredSigSchemes, numDelegCredSigSchemesAdvertised, nextProtoState, echXtnOffset, lastXtnOffset, pskBindersLen, ticketAge, peerRequestedDelegCred, sendingDelegCredToPeer, certificateCompressionAdvertised, numAdvertised, echNumAdvertised, numNegotiated, dtlsSRTPCipherSuite, recordSizeLimit, compressionAlg, negotiated, consider reordering the fields or adding explicit padding members
34 /* registered callbacks that send server hello extensions */
35 sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS22];
36 sslExtensionBuilder encryptedExtensionsSenders[SSL_MAX_EXTENSIONS22];
37 sslExtensionBuilder certificateSenders[SSL_MAX_EXTENSIONS22];
38
39 /* Keep track of the extensions that are advertised or negotiated. */
40 PRUint16 numAdvertised;
41 PRUint16 *advertised; /* Allocated dynamically. */
42 PRUint16 echNumAdvertised; /* Tracks Xtns offered in ClientHelloInner. */
43 PRUint16 *echAdvertised;
44 PRUint16 numNegotiated;
45 PRUint16 negotiated[SSL_MAX_EXTENSIONS22];
46
47 /* SessionTicket Extension related data. */
48 PRBool ticketTimestampVerified;
49 PRBool emptySessionTicket;
50 PRBool sentSessionTicketInClientHello;
51 SECItem psk_ke_modes;
52 PRUint32 max_early_data_size;
53
54 /* SNI Extension related data
55 * Names data is not coppied from the input buffer. It can not be
56 * used outside the scope where input buffer is defined and that
57 * is beyond ssl3_HandleClientHello function. */
58 SECItem *sniNameArr;
59 PRUint32 sniNameArrSize;
60
61 /* Signed Certificate Timestamps extracted from the TLS extension.
62 * (client only).
63 * This container holds a temporary pointer to the extension data,
64 * until a session structure (the sec.ci.sid of an sslSocket) is setup
65 * that can hold a permanent copy of the data
66 * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
67 * The data pointed to by this structure is neither explicitly allocated
68 * nor copied: the pointer points to the handshake message buffer and is
69 * only valid in the scope of ssl3_HandleServerHello.
70 */
71 SECItem signedCertTimestamps;
72
73 PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
74
75 /* clientSigAndHash contains the contents of the signature_algorithms
76 * extension (if any) the other side supports. This is only valid for TLS
77 * 1.2 or later. In TLS 1.3, it is also used for CertificateRequest. */
78 SSLSignatureScheme *sigSchemes;
79 unsigned int numSigSchemes;
80
81 /* Keep track of signature schemes that the remote peer supports for
82 * Delegated Credentials signatures, as well was those we have
83 * advertised (for purposes of validating any received DC).
84 * This list may not be the same as those supported for certificates.
85 * Only valid for TLS 1.3. */
86 SSLSignatureScheme *delegCredSigSchemes;
87 unsigned int numDelegCredSigSchemes;
88 SSLSignatureScheme *delegCredSigSchemesAdvertised;
89 unsigned int numDelegCredSigSchemesAdvertised;
90
91 SECItem certReqContext;
92 CERTDistNames certReqAuthorities;
93
94 /* In a client: if the server supports Next Protocol Negotiation, then
95 * this is the protocol that was negotiated.
96 */
97 SECItem nextProto;
98 SSLNextProtoState nextProtoState;
99
100 PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
101
102 unsigned int echXtnOffset; /* The start of the ECH Xtn (if any) */
103 unsigned int lastXtnOffset; /* Where to insert any other extensions.
104 * 0 = end, otherwise base of PSK xtn. */
105 PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */
106
107 /* The following are used by a TLS 1.3 server. */
108 SECItem pskBinder; /* The binder for the first PSK. */
109 unsigned int pskBindersLen; /* The length of the binders. */
110 PRUint32 ticketAge; /* Used to accept early data. */
111 SECItem cookie; /* HRR Cookie. */
112 const sslNamedGroupDef *selectedGroup; /* For HRR. */
113 /* The application token contains a value that was passed to the client via
114 * a session ticket, or the cookie in a HelloRetryRequest. */
115 SECItem applicationToken;
116
117 /* The record size limit set by the peer. Our value is kept in ss->opt. */
118 PRUint16 recordSizeLimit;
119
120 /* Delegated credentials.
121 *
122 * The delegated credential sent by the peer. Set by
123 * |tls13_ReadDelegatedCredential|.
124 */
125 sslDelegatedCredential *peerDelegCred;
126 /* Whether the peer requested a delegated credential. */
127 PRBool peerRequestedDelegCred;
128 /* Whether the host is committed to using a delegated credential. Set by
129 * |tls13_MaybeSetDelegatedCredential|.
130 */
131 PRBool sendingDelegCredToPeer;
132
133 /* A non-owning reference to the selected PSKs. MUST NOT be freed directly,
134 * rather through tls13_DestoryPskList(). */
135 sslPsk *selectedPsk;
136
137 /* ECH working state. Non-null when a valid Encrypted Client Hello extension
138 * was received. */
139 sslEchXtnState *ech;
140
141 /* The compression algorithm that will be used to encode certificates. */
142 SSLCertificateCompressionAlgorithmID compressionAlg;
143 PRBool certificateCompressionAdvertised;
144};
145
146typedef struct TLSExtensionStr {
147 PRCList link; /* The linked list link */
148 PRUint16 type; /* Extension type */
149 SECItem data; /* Pointers into the handshake data. */
150} TLSExtension;
151
152typedef struct sslCustomExtensionHooks {
153 PRCList link;
154 PRUint16 type;
155 SSLExtensionWriter writer;
156 void *writerArg;
157 SSLExtensionHandler handler;
158 void *handlerArg;
159} sslCustomExtensionHooks;
160
161SECStatus ssl3_HandleExtensions(sslSocket *ss,
162 PRUint8 **b, PRUint32 *length,
163 SSLHandshakeType handshakeMessage);
164SECStatus ssl3_ParseExtensions(sslSocket *ss,
165 PRUint8 **b, PRUint32 *length);
166SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
167 SSLHandshakeType handshakeMessage);
168TLSExtension *ssl3_FindExtension(sslSocket *ss,
169 SSLExtensionType extension_type);
170void ssl3_DestroyRemoteExtensions(PRCList *list);
171void ssl3_MoveRemoteExtensions(PRCList *dst, PRCList *src);
172void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
173void ssl3_DestroyExtensionData(TLSExtensionData *xtnData);
174void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
175
176PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
177PRBool ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
178
179SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
180 TLSExtensionData *xtnData,
181 PRUint16 ex_type,
182 sslExtensionBuilderFunc cb);
183SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf,
184 SSLHandshakeType message);
185SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData,
186 sslBuffer *buf, PRBool *append);
187SECStatus ssl3_EmplaceExtension(sslSocket *ss, sslBuffer *buf, PRUint16 exType,
188 const PRUint8 *data, unsigned int len, PRBool advertise);
189SECStatus ssl_InsertPaddingExtension(sslSocket *ss, unsigned int prefixLen,
190 sslBuffer *buf);
191
192/* Thunks to let us operate on const sslSocket* objects. */
193void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
194 SSL3AlertDescription desc);
195void ssl3_ExtDecodeError(const sslSocket *ss);
196SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
197 PRUint8 **b, PRUint32 *length);
198SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
199 PRUint32 bytes, PRUint8 **b,
200 PRUint32 *length);
201SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
202 PRUint32 bytes, PRUint8 **b,
203 PRUint32 *length);
204
205SECStatus SSLExp_GetExtensionSupport(PRUint16 type,
206 SSLExtensionSupport *support);
207SECStatus SSLExp_InstallExtensionHooks(
208 PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer,
209 void *writerArg, SSLExtensionHandler handler, void *handlerArg);
210sslCustomExtensionHooks *ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension);
211SECStatus ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf,
212 SSLHandshakeType message);
213SECStatus tls_ClientHelloExtensionPermutationSetup(sslSocket *ss);
214void tls_ClientHelloExtensionPermutationDestroy(sslSocket *ss);
215
216#endif