Skip to content

Commit 38d8eb6

Browse files
rizlikrizlik
committed
address reviewer's comments
1 parent 950c074 commit 38d8eb6

5 files changed

Lines changed: 30 additions & 65 deletions

File tree

src/internal.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42513,10 +42513,10 @@ int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx,
4251342513

4251442514
#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
4251542515

42516-
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
4251742516
/* Do not try to process error for async, non blocking io, and app_read */
42518-
void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
42517+
void wolfSSL_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err)
4251942518
{
42519+
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
4252042520
#if defined(WOLFSSL_ASYNC_CRYPT)
4252142521
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4252242522
return;
@@ -42538,8 +42538,8 @@ void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
4253842538
}
4253942539
/* check if an alert was sent */
4254042540
ProcessReplyEx(ssl, 1);
42541-
}
4254242541
#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */
42542+
}
4254342543

4254442544
#undef ERROR_OUT
4254542545

src/ssl.c

Lines changed: 14 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -10591,9 +10591,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1059110591
#endif
1059210592
if (ssl->options.sendVerify) {
1059310593
if ( (ssl->error = SendCertificate(ssl)) != 0) {
10594-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10595-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10596-
#endif
10594+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1059710595
WOLFSSL_ERROR(ssl->error);
1059810596
return WOLFSSL_FATAL_ERROR;
1059910597
}
@@ -10612,9 +10610,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1061210610
#endif
1061310611
if (!ssl->options.resuming) {
1061410612
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
10615-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10616-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10617-
#endif
10613+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1061810614
#ifdef WOLFSSL_EXTRA_ALERTS
1061910615
if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
1062010616
ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
@@ -10643,9 +10639,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1064310639
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
1064410640
if (ssl->options.sendVerify) {
1064510641
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
10646-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10647-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10648-
#endif
10642+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1064910643
WOLFSSL_ERROR(ssl->error);
1065010644
return WOLFSSL_FATAL_ERROR;
1065110645
}
@@ -10658,9 +10652,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1065810652

1065910653
case FIRST_REPLY_THIRD :
1066010654
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
10661-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10662-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10663-
#endif
10655+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1066410656
WOLFSSL_ERROR(ssl->error);
1066510657
return WOLFSSL_FATAL_ERROR;
1066610658
}
@@ -10671,9 +10663,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1067110663

1067210664
case FIRST_REPLY_FOURTH :
1067310665
if ( (ssl->error = SendFinished(ssl)) != 0) {
10674-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10675-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10676-
#endif
10666+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1067710667
WOLFSSL_ERROR(ssl->error);
1067810668
return WOLFSSL_FATAL_ERROR;
1067910669
}
@@ -11051,9 +11041,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1105111041
return WOLFSSL_FATAL_ERROR;
1105211042
}
1105311043
if ( (ssl->error = SendServerHello(ssl)) != 0) {
11054-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11055-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11056-
#endif
11044+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1105711045
WOLFSSL_ERROR(ssl->error);
1105811046
return WOLFSSL_FATAL_ERROR;
1105911047
}
@@ -11070,9 +11058,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1107011058
#ifndef NO_CERTS
1107111059
if (!ssl->options.resuming)
1107211060
if ( (ssl->error = SendCertificate(ssl)) != 0) {
11073-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11074-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11075-
#endif
11061+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1107611062
WOLFSSL_ERROR(ssl->error);
1107711063
return WOLFSSL_FATAL_ERROR;
1107811064
}
@@ -11085,9 +11071,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1108511071
#ifndef NO_CERTS
1108611072
if (!ssl->options.resuming)
1108711073
if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
11088-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11089-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11090-
#endif
11074+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1109111075
WOLFSSL_ERROR(ssl->error);
1109211076
return WOLFSSL_FATAL_ERROR;
1109311077
}
@@ -11104,9 +11088,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1110411088
#endif
1110511089
if (!ssl->options.resuming)
1110611090
if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
11107-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11108-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11109-
#endif
11091+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1111011092
WOLFSSL_ERROR(ssl->error);
1111111093
return WOLFSSL_FATAL_ERROR;
1111211094
}
@@ -11119,9 +11101,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1111911101
if (!ssl->options.resuming) {
1112011102
if (ssl->options.verifyPeer) {
1112111103
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
11122-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11123-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11124-
#endif
11104+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1112511105
WOLFSSL_ERROR(ssl->error);
1112611106
return WOLFSSL_FATAL_ERROR;
1112711107
}
@@ -11139,9 +11119,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1113911119
case CERT_REQ_SENT :
1114011120
if (!ssl->options.resuming)
1114111121
if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
11142-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11143-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11144-
#endif
11122+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1114511123
WOLFSSL_ERROR(ssl->error);
1114611124
return WOLFSSL_FATAL_ERROR;
1114711125
}
@@ -11180,9 +11158,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1118011158
#ifdef HAVE_SESSION_TICKET
1118111159
if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
1118211160
if ( (ssl->error = SendTicket(ssl)) != 0) {
11183-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11184-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11185-
#endif
11161+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1118611162
WOLFSSL_MSG("Thought we need ticket but failed");
1118711163
WOLFSSL_ERROR(ssl->error);
1118811164
return WOLFSSL_FATAL_ERROR;
@@ -11201,9 +11177,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1120111177
}
1120211178

1120311179
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
11204-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11205-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11206-
#endif
11180+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1120711181
WOLFSSL_ERROR(ssl->error);
1120811182
return WOLFSSL_FATAL_ERROR;
1120911183
}
@@ -11213,9 +11187,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1121311187

1121411188
case CHANGE_CIPHER_SENT :
1121511189
if ( (ssl->error = SendFinished(ssl)) != 0) {
11216-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11217-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11218-
#endif
11190+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1121911191
WOLFSSL_ERROR(ssl->error);
1122011192
return WOLFSSL_FATAL_ERROR;
1122111193
}

src/tls13.c

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -13403,13 +13403,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1340313403
if (ssl->earlyData != no_early_data &&
1340413404
ssl->options.handShakeState != CLIENT_HELLO_COMPLETE) {
1340513405
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
13406-
if (!ssl->options.dtls && ssl->options.tls13MiddleBoxCompat) {
13407-
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
13408-
WOLFSSL_ERROR(ssl->error);
13409-
return WOLFSSL_FATAL_ERROR;
13406+
if (!ssl->options.dtls &&
13407+
ssl->options.tls13MiddleBoxCompat) {
13408+
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
13409+
WOLFSSL_ERROR(ssl->error);
13410+
return WOLFSSL_FATAL_ERROR;
13411+
}
13412+
ssl->options.sentChangeCipher = 1;
1341013413
}
13411-
ssl->options.sentChangeCipher = 1;
13412-
}
1341313414
#endif
1341413415
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
1341513416
return WOLFSSL_SUCCESS;
@@ -13547,9 +13548,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1354713548
if (!ssl->options.resuming && ssl->options.sendVerify) {
1354813549
ssl->error = SendTls13Certificate(ssl);
1354913550
if (ssl->error != 0) {
13550-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13551-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13552-
#endif
13551+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1355313552
WOLFSSL_ERROR(ssl->error);
1355413553
return WOLFSSL_FATAL_ERROR;
1355513554
}
@@ -13569,9 +13568,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1356913568
if (!ssl->options.resuming && ssl->options.sendVerify) {
1357013569
ssl->error = SendTls13CertificateVerify(ssl);
1357113570
if (ssl->error != 0) {
13572-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13573-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13574-
#endif
13571+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1357513572
WOLFSSL_ERROR(ssl->error);
1357613573
return WOLFSSL_FATAL_ERROR;
1357713574
}
@@ -13585,9 +13582,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1358513582

1358613583
case FIRST_REPLY_FOURTH:
1358713584
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
13588-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13589-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13590-
#endif
13585+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1359113586
WOLFSSL_ERROR(ssl->error);
1359213587
return WOLFSSL_FATAL_ERROR;
1359313588
}

tests/api/test_tls13.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2140,6 +2140,8 @@ int test_tls13_early_data(void)
21402140
struct test_tls13_wwrite_ctx wwrite_ctx_s, wwrite_ctx_c;
21412141

21422142
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
2143+
XMEMSET(&wwrite_ctx_c, 0, sizeof(wwrite_ctx_c));
2144+
XMEMSET(&wwrite_ctx_s, 0, sizeof(wwrite_ctx_s));
21432145

21442146
fprintf(stderr, "\tEarly data with %s%s%s\n", params[i].tls_version,
21452147
splitEarlyData ? " (split early data)" : "",
@@ -2179,8 +2181,6 @@ int test_tls13_early_data(void)
21792181
#endif
21802182

21812183
if (everyWriteWantWrite) {
2182-
XMEMSET(&wwrite_ctx_c, 0, sizeof(wwrite_ctx_c));
2183-
XMEMSET(&wwrite_ctx_s, 0, sizeof(wwrite_ctx_s));
21842184
wwrite_ctx_c.test_ctx = &test_ctx;
21852185
wwrite_ctx_s.test_ctx = &test_ctx;
21862186
wolfSSL_SetIOWriteCtx(ssl_c, &wwrite_ctx_c);

wolfssl/internal.h

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7240,9 +7240,7 @@ WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
72407240
word32* keySz);
72417241
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
72427242

7243-
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
7244-
WOLFSSL_LOCAL void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err);
7245-
#endif
7243+
WOLFSSL_LOCAL void wolfSSL_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err);
72467244

72477245
#ifdef __cplusplus
72487246
} /* extern "C" */

0 commit comments

Comments
 (0)