backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c.

2026-01-29 14:42:15 +01:00 · 2024-09-03 17:44:11 -05:00
parent 4d837e74c4
commit 806df85477
16 changed files with 162 additions and 166 deletions
--- a/src/bio.c
+++ b/src/bio.c
@@ -453,8 +453,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
        }
    }
    else {
-        if (Base64_Encode((const byte*)data, inLen, NULL, &sz) !=
-            LENGTH_ONLY_E) {
+        if (Base64_Encode((const byte*)data, inLen, NULL, &sz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
            WOLFSSL_MSG("Error with base64 get length");
            return WOLFSSL_FATAL_ERROR;
        }
--- a/src/internal.c
+++ b/src/internal.c
@@ -40363,7 +40363,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],

                        lenErrMask = 0 - (SECRET_LEN != args->sigSz);
                        args->lastErr = (ret & (~lenErrMask)) |
-                            (RSA_PAD_E & lenErrMask);
+                            (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask);
                        ret = 0;
                        break;
                    } /* rsa_kea */
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -852,7 +852,7 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
 int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
    WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags)
 {
-    int         ret = WOLFSSL_FAILURE;
+    int         ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
    DecodedCert *cert;
 #else
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2881,8 +2881,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
    /* make sure bidirectional TLS shutdown completes */
    if (ssl->error == WOLFSSL_ERROR_SYSCALL || ssl->options.shutdownDone) {
        /* ask the underlying transport the connection is closed */
-        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) ==
-                                            WOLFSSL_CBIO_ERR_CONN_CLOSE) {
+        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx)
+            == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE))
+        {
            ssl->options.isClosed = 1;
            ssl->error = WOLFSSL_ERROR_ZERO_RETURN;
        }
@@ -3400,7 +3401,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
    char    *list, *ptr, **token;
    word16  len;
    int     idx = 0;
-    int     ret = WOLFSSL_FAILURE;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);

    WOLFSSL_ENTER("wolfSSL_UseALPN");

@@ -6209,7 +6210,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
 #endif
    word32 size;
    byte*  buff;
-    int    ret = WOLFSSL_FAILURE;
+    int    ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);

    WOLFSSL_ENTER("check_cert_key");

@@ -10466,7 +10467,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
    static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
                                 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
    {
-        int       ret        = WOLFSSL_FATAL_ERROR;
+        int       ret        = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
        int       oldTimerOn = 0;   /* was timer already on */
        WOLFSSL_TIMEVAL startTime;
        WOLFSSL_TIMEVAL endTime;
@@ -12190,8 +12191,9 @@ int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
        int sz;

        PRIVATE_KEY_UNLOCK();
-        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) !=
-                LENGTH_ONLY_E) {
+        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
            WOLFSSL_MSG("get ecc der size failed");
            PRIVATE_KEY_LOCK();
            return WOLFSSL_FAILURE;
@@ -15481,7 +15483,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
    /* Nginx looks for this error to know to stop parsing certificates.
     * Same for HAProxy. */
    if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) ||
-       ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) ||
+       ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) ||
       ((err & 0xFFFL) == PEM_R_NO_START_LINE ))
        return PEM_R_NO_START_LINE;
    if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
--- a/src/tls.c
+++ b/src/tls.c
@@ -1830,7 +1830,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
                                 byte isRequest)
 {
    word16  size = 0, offset = 0, wlen;
-    int     r = BUFFER_ERROR;
+    int     r = WC_NO_ERR_TRACE(BUFFER_ERROR);
    const byte *s;

    if (OPAQUE16_LEN > length)
--- a/src/x509.c
+++ b/src/x509.c
@@ -7073,7 +7073,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
 {
 #if !defined(NO_FILESYSTEM) && \
    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
    XFILE         fp;
    long          sz;
    byte*         pem = NULL;