diff --git a/src/sniffer.c b/src/sniffer.c index b088cf3e3..83055a525 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2863,13 +2863,14 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif - if (ret != 0) { - goto exit_sk; - } - /* make sure a key type was found */ if (args->key->type == WC_PK_TYPE_NONE) { - ERROR_OUT(NOT_COMPILED_IN, exit_sk); + ret = NOT_COMPILED_IN; + } + + /* check for errors before moving to next state */ + if (ret < 0) { + break; } /* Advance state and proceed */ @@ -2949,6 +2950,11 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif /* WOLFSSL_ASYNC_CRYPT */ + /* check for errors before moving to next state */ + if (ret < 0) { + break; + } + /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_DO */ @@ -2960,6 +2966,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->key->type == WC_PK_TYPE_RSA) { if (ret != SECRET_LEN) { SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE); + ret = RSA_BUFFER_E; } } #endif /* !NO_RSA */ @@ -2979,6 +2986,11 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif /* !NO_DH && WOLFSSL_DH_EXTRA */ + /* check for errors before moving to next state */ + if (ret < 0) { + break; + } + /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; } /* case TLS_ASYNC_VERIFY */ @@ -3001,12 +3013,12 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); - ret = -1; goto exit_sk; + ret = -1; break; } if (SetCipherSpecs(session->sslClient) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); - ret = -1; goto exit_sk; + ret = -1; break; } #ifdef WOLFSSL_TLS13 @@ -3038,7 +3050,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } if (ret != 0) { SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); - ret = -1; goto exit_sk; + ret = -1; break; } #ifdef SHOW_SECRETS @@ -3059,17 +3071,17 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, ret = INPUT_CASE_ERROR; } /* switch(ssl->options.asyncState) */ +#ifdef WOLFSSL_ASYNC_CRYPT exit_sk: /* Handle async pending response */ -#ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) { return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_SNIFFER_STATS - if (ret != 0) + if (ret < 0) INC_STAT(SnifferStats.sslKeyFails); #endif diff --git a/src/ssl.c b/src/ssl.c index 396c1ff37..b1211bd88 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13709,6 +13709,7 @@ void AddSession(WOLFSSL* ssl) } } #endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */ + (void)error; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a6ff5c269..18e82a282 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7899,7 +7899,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, /* check for async hardware acceleration */ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) - if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { + if (err == MP_OKAY && key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) #ifdef HAVE_CAVIUM_V if (NitroxEccIsCurveSupported(key))