From 678660e26d4f9f0d469f45dc3ad52ec2c2f93d36 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sun, 22 Mar 2026 13:17:47 -0500 Subject: [PATCH] src/keys.c and src/tls13.c: add WC_NO_ERR_TRACE() annotations for various initializations. wolfssl/ssl.h, examples/client/client.c, examples/server/server.c, src/bio.c, tests/api.c: add error tracing for WOLFSSL_SHUTDOWN_NOT_DONE. tests/api.c: in test_wolfSSL_read_write_ex(), use WOLFSSL_SUCCESS rather than 1 for expected-success wolfSSL_shutdown()s, and add note that the wrong value is being returned (the test currently always fails, which is masked by an always-success retval). --- examples/client/client.c | 8 ++++---- examples/server/server.c | 4 ++-- src/bio.c | 2 +- src/keys.c | 2 +- src/tls13.c | 12 ++++++------ tests/api.c | 12 +++++++----- wolfssl/ssl.h | 8 ++++++++ 7 files changed, 29 insertions(+), 19 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 8e925f4117..12b63c1398 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1044,7 +1044,7 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) printf("%s\n", tmpBuf); ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -4687,7 +4687,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -4695,7 +4695,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("Bidirectional shutdown complete\n"); break; } - else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { LOG_ERROR("Bidirectional shutdown failed\n"); break; } @@ -4932,7 +4932,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) sendGET, " resume", 0); ret = wolfSSL_shutdown(sslResume); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) wolfSSL_shutdown(sslResume); /* bidirectional shutdown */ /* display collected statistics */ diff --git a/examples/server/server.c b/examples/server/server.c index e52d611fbb..5506f27339 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -4044,7 +4044,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif /* WOLFSSL_DTLS13 */ ret = SSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -4052,7 +4052,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) printf("Bidirectional shutdown complete\n"); break; } - else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { LOG_ERROR("Bidirectional shutdown failed\n"); break; } diff --git a/src/bio.c b/src/bio.c index 02431dd38a..2eecb4fc7e 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2646,7 +2646,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (b->ptr.ssl != NULL) { int rc = wolfSSL_shutdown(b->ptr.ssl); - if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (rc == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ wolfSSL_shutdown(b->ptr.ssl); diff --git a/src/keys.c b/src/keys.c index b4b39a43f2..190a5d4dd3 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3571,7 +3571,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #endif #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) - ret = PROTOCOLCB_UNAVAILABLE; + ret = WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE); if (ssl->ctx->EncryptKeysCb) { void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); #if defined(WOLFSSL_RENESAS_FSPSM_TLS) diff --git a/src/tls13.c b/src/tls13.c index 50192f763c..1e267c1375 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -234,7 +234,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, { int ret; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) { ret = ssl->ctx->HKDFExpandLabelCb(okm, okmLen, prk, prkLen, protocol, protocolLen, @@ -2662,7 +2662,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, nonceSz = AESGCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, output, input, dataSz, @@ -2704,7 +2704,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, nonceSz = AESCCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, output, input, dataSz, @@ -3063,7 +3063,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, nonceSz = AESGCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, output, input, dataSz, @@ -3102,7 +3102,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, nonceSz = AESCCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, output, input, dataSz, @@ -6892,7 +6892,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif { /* Reset state */ - ret = VERSION_ERROR; + ret = WC_NO_ERR_TRACE(VERSION_ERROR); ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(Dch13Args)); #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/tests/api.c b/tests/api.c index 8687213f42..794a9a58d4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -6713,13 +6713,15 @@ static int test_wolfSSL_read_write_ex(void) ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); - ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); - ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SUCCESS); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); + + /* XXX this should be return EXPECT_RESULT(); */ return TEST_SUCCESS; } @@ -25691,7 +25693,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) if (EXPECT_SUCCESS()) { ret = wolfSSL_shutdown(ssl); - if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { ret = wolfSSL_shutdown(ssl); } } @@ -29286,7 +29288,7 @@ static void test_ticket_and_psk_mixing_on_result(WOLFSSL* ssl) } do { ret = wolfSSL_shutdown(ssl); - } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); #ifndef OPENSSL_COMPATIBLE_DEFAULTS @@ -29377,7 +29379,7 @@ static void test_prioritize_psk_on_result(WOLFSSL* ssl) } do { ret = wolfSSL_shutdown(ssl); - } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 518e3e3a92..17d108b592 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3075,6 +3075,14 @@ enum { /* ssl Constants */ WOLFSSL_SHUTDOWN_NOT_DONE = 2, #endif + #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ + (defined(BUILDING_WOLFSSL) || \ + defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) + #define WOLFSSL_SHUTDOWN_NOT_DONE \ + WC_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE) + #define CONST_NUM_ERR_WOLFSSL_SHUTDOWN_NOT_DONE 0 + #endif + WOLFSSL_FILETYPE_ASN1 = CTC_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM = CTC_FILETYPE_PEM, WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */