From ada785e115201ead98ae47c392832942c2bbdf81 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 7 Sep 2023 16:26:42 +0200
Subject: [PATCH] Address code review

---
 src/dtls.c   | 7 ++++---
 src/dtls13.c | 2 +-
 src/tls13.c  | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/dtls.c b/src/dtls.c
index 464fd1499..30af15c69 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -28,7 +28,7 @@
  *     clientHello messages will consume resources on the server.
  * WOLFSSL_DTLS_CH_FRAG
  *     Allow a server to process a fragmented second/verified (one containing a
- *     valid cookie response) ClientHello message. The first/unverifies (one
+ *     valid cookie response) ClientHello message. The first/unverified (one
  *     without a cookie extension) ClientHello MUST be unfragmented so that the
  *     DTLS server can process it statelessly. This is only implemented for
  *     DTLS 1.3. The user MUST call wolfSSL_dtls13_allow_ch_frag() on the server
@@ -895,6 +895,7 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 #else
         WOLFSSL_MSG("\tProcessing fragmented ClientHello but "
                 "WOLFSSL_DTLS_CH_FRAG is not defined. This should not happen.");
+        return BAD_STATE_E;
 #endif
     }
     if (tls13 != NULL)
@@ -945,7 +946,7 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 #ifdef WOLFSSL_DTLS_CH_FRAG
         /* Don't send anything here when processing fragment */
         if (isFirstCHFrag)
-            ret = BUFFER_ERROR;
+            ret = COOKIE_ERROR;
         else
 #endif
             ret = SendStatelessReply((WOLFSSL*)ssl, &ch, isTls13);
@@ -966,7 +967,7 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 #ifdef WOLFSSL_DTLS_CH_FRAG
             /* Don't send anything here when processing fragment */
             if (isFirstCHFrag)
-                ret = BUFFER_ERROR;
+                ret = COOKIE_ERROR;
             else
 #endif
                 ret = SendStatelessReply((WOLFSSL*)ssl, &ch, isTls13);
diff --git a/src/dtls13.c b/src/dtls13.c
index c7df75f61..3ea608215 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -1668,7 +1668,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
                 DoClientHelloStateless(ssl, input + idx, fragLength, 1, &tls13)
                     == 0 && tls13) {
             /* We can save this message and continue as stateful. */
-            if (ssl->chGoodCb != NULL && !IsSCR(ssl)) {
+            if (ssl->chGoodCb != NULL) {
                 int cbret = ssl->chGoodCb(ssl, ssl->chGoodCtx);
                 if (cbret < 0) {
                     ssl->error = cbret;
diff --git a/src/tls13.c b/src/tls13.c
index a4c794b28..1c4919e4c 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -6658,7 +6658,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             *inOutIdx += helloSz;
             goto exit_dch;
         }
-        if (ssl->chGoodCb != NULL && !IsSCR(ssl)) {
+        if (ssl->chGoodCb != NULL) {
             int cbret = ssl->chGoodCb(ssl, ssl->chGoodCtx);
             if (cbret < 0) {
                 ssl->error = cbret;