Skip to content

Commit 5728214

Browse files
rizlikrizlik
committed
WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors
1 parent 093d777 commit 5728214

4 files changed

Lines changed: 49 additions & 29 deletions

File tree

src/internal.c

Lines changed: 28 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -22292,17 +22292,6 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2229222292
return ssl->error;
2229322293
}
2229422294

22295-
/* If checking alert on error (allowSocketErr == 1) do not try and
22296-
* process alerts for async or ocsp non blocking */
22297-
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \
22298-
(defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP))
22299-
if (allowSocketErr == 1 && \
22300-
(ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
22301-
ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
22302-
return ssl->error;
22303-
}
22304-
#endif
22305-
2230622295
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_ASYNC_CRYPT)
2230722296
/* process any pending DTLS messages - this flow can happen with async */
2230822297
if (ssl->dtls_rx_msg_list != NULL) {
@@ -42524,6 +42513,34 @@ int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx,
4252442513

4252542514
#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
4252642515

42516+
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
42517+
/* Do not try to process error for async, non blocking io, and app_read */
42518+
void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
42519+
{
42520+
#if defined(WOLFSSL_ASYNC_CRYPT)
42521+
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
42522+
return;
42523+
}
42524+
#endif
42525+
#if defined(WOLFSSL_NONBLOCK_OCSP)
42526+
if (err == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
42527+
return;
42528+
}
42529+
#endif
42530+
#if defined(WOLFSSL_EARLY_DATA)
42531+
if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
42532+
return;
42533+
}
42534+
#endif
42535+
if (err == WC_NO_ERR_TRACE(WANT_WRITE) ||
42536+
err == WC_NO_ERR_TRACE(WANT_READ)) {
42537+
return;
42538+
}
42539+
/* check if an alert was sent */
42540+
ProcessReplyEx(ssl, 1);
42541+
}
42542+
#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */
42543+
4252742544
#undef ERROR_OUT
4252842545

4252942546
#endif /* !WOLFCRYPT_ONLY */

src/ssl.c

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -10592,7 +10592,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1059210592
if (ssl->options.sendVerify) {
1059310593
if ( (ssl->error = SendCertificate(ssl)) != 0) {
1059410594
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10595-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
10595+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1059610596
#endif
1059710597
WOLFSSL_ERROR(ssl->error);
1059810598
return WOLFSSL_FATAL_ERROR;
@@ -10613,7 +10613,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1061310613
if (!ssl->options.resuming) {
1061410614
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
1061510615
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10616-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
10616+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1061710617
#endif
1061810618
#ifdef WOLFSSL_EXTRA_ALERTS
1061910619
if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
@@ -10644,7 +10644,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1064410644
if (ssl->options.sendVerify) {
1064510645
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
1064610646
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10647-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
10647+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1064810648
#endif
1064910649
WOLFSSL_ERROR(ssl->error);
1065010650
return WOLFSSL_FATAL_ERROR;
@@ -10659,7 +10659,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1065910659
case FIRST_REPLY_THIRD :
1066010660
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
1066110661
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10662-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
10662+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1066310663
#endif
1066410664
WOLFSSL_ERROR(ssl->error);
1066510665
return WOLFSSL_FATAL_ERROR;
@@ -10672,7 +10672,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1067210672
case FIRST_REPLY_FOURTH :
1067310673
if ( (ssl->error = SendFinished(ssl)) != 0) {
1067410674
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10675-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
10675+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1067610676
#endif
1067710677
WOLFSSL_ERROR(ssl->error);
1067810678
return WOLFSSL_FATAL_ERROR;
@@ -11052,7 +11052,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1105211052
}
1105311053
if ( (ssl->error = SendServerHello(ssl)) != 0) {
1105411054
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11055-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11055+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1105611056
#endif
1105711057
WOLFSSL_ERROR(ssl->error);
1105811058
return WOLFSSL_FATAL_ERROR;
@@ -11071,7 +11071,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1107111071
if (!ssl->options.resuming)
1107211072
if ( (ssl->error = SendCertificate(ssl)) != 0) {
1107311073
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11074-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11074+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1107511075
#endif
1107611076
WOLFSSL_ERROR(ssl->error);
1107711077
return WOLFSSL_FATAL_ERROR;
@@ -11086,7 +11086,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1108611086
if (!ssl->options.resuming)
1108711087
if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
1108811088
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11089-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11089+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1109011090
#endif
1109111091
WOLFSSL_ERROR(ssl->error);
1109211092
return WOLFSSL_FATAL_ERROR;
@@ -11105,7 +11105,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1110511105
if (!ssl->options.resuming)
1110611106
if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
1110711107
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11108-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11108+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1110911109
#endif
1111011110
WOLFSSL_ERROR(ssl->error);
1111111111
return WOLFSSL_FATAL_ERROR;
@@ -11120,8 +11120,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1112011120
if (ssl->options.verifyPeer) {
1112111121
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
1112211122
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11123-
/* See if an alert was sent. */
11124-
ProcessReplyEx(ssl, 1);
11123+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1112511124
#endif
1112611125
WOLFSSL_ERROR(ssl->error);
1112711126
return WOLFSSL_FATAL_ERROR;
@@ -11141,7 +11140,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1114111140
if (!ssl->options.resuming)
1114211141
if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
1114311142
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11144-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11143+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1114511144
#endif
1114611145
WOLFSSL_ERROR(ssl->error);
1114711146
return WOLFSSL_FATAL_ERROR;
@@ -11182,7 +11181,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1118211181
if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
1118311182
if ( (ssl->error = SendTicket(ssl)) != 0) {
1118411183
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11185-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11184+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1118611185
#endif
1118711186
WOLFSSL_MSG("Thought we need ticket but failed");
1118811187
WOLFSSL_ERROR(ssl->error);
@@ -11203,7 +11202,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1120311202

1120411203
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
1120511204
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11206-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11205+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1120711206
#endif
1120811207
WOLFSSL_ERROR(ssl->error);
1120911208
return WOLFSSL_FATAL_ERROR;
@@ -11215,7 +11214,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1121511214
case CHANGE_CIPHER_SENT :
1121611215
if ( (ssl->error = SendFinished(ssl)) != 0) {
1121711216
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11218-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
11217+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1121911218
#endif
1122011219
WOLFSSL_ERROR(ssl->error);
1122111220
return WOLFSSL_FATAL_ERROR;

src/tls13.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13548,7 +13548,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1354813548
ssl->error = SendTls13Certificate(ssl);
1354913549
if (ssl->error != 0) {
1355013550
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13551-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
13551+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1355213552
#endif
1355313553
WOLFSSL_ERROR(ssl->error);
1355413554
return WOLFSSL_FATAL_ERROR;
@@ -13570,7 +13570,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1357013570
ssl->error = SendTls13CertificateVerify(ssl);
1357113571
if (ssl->error != 0) {
1357213572
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13573-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
13573+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1357413574
#endif
1357513575
WOLFSSL_ERROR(ssl->error);
1357613576
return WOLFSSL_FATAL_ERROR;
@@ -13586,7 +13586,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1358613586
case FIRST_REPLY_FOURTH:
1358713587
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
1358813588
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13589-
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
13589+
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
1359013590
#endif
1359113591
WOLFSSL_ERROR(ssl->error);
1359213592
return WOLFSSL_FATAL_ERROR;

wolfssl/internal.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7240,6 +7240,10 @@ WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
72407240
word32* keySz);
72417241
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
72427242

7243+
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
7244+
WOLFSSL_LOCAL void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err);
7245+
#endif
7246+
72437247
#ifdef __cplusplus
72447248
} /* extern "C" */
72457249
#endif

0 commit comments

Comments
 (0)