Skip to content

Commit ad9da8e

Browse files
rizlikrizlik
committed
address reviewer's comments
1 parent 8ca9c49 commit ad9da8e

File tree

5 files changed

+30
-65
lines changed

5 files changed

+30
-65
lines changed

src/internal.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42501,10 +42501,10 @@ int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx,
4250142501

4250242502
#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
4250342503

42504-
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
4250542504
/* Do not try to process error for async, non blocking io, and app_read */
42506-
void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
42505+
void wolfSSL_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err)
4250742506
{
42507+
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
4250842508
#if defined(WOLFSSL_ASYNC_CRYPT)
4250942509
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
4251042510
return;
@@ -42526,8 +42526,8 @@ void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
4252642526
}
4252742527
/* check if an alert was sent */
4252842528
ProcessReplyEx(ssl, 1);
42529-
}
4253042529
#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */
42530+
}
4253142531

4253242532
#undef ERROR_OUT
4253342533

src/ssl.c

Lines changed: 14 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -10591,9 +10591,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1059110591
#endif
1059210592
if (ssl->options.sendVerify) {
1059310593
if ( (ssl->error = SendCertificate(ssl)) != 0) {
10594-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10595-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10596-
#endif
10594+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1059710595
WOLFSSL_ERROR(ssl->error);
1059810596
return WOLFSSL_FATAL_ERROR;
1059910597
}
@@ -10612,9 +10610,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1061210610
#endif
1061310611
if (!ssl->options.resuming) {
1061410612
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
10615-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10616-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10617-
#endif
10613+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1061810614
#ifdef WOLFSSL_EXTRA_ALERTS
1061910615
if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
1062010616
ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
@@ -10643,9 +10639,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1064310639
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
1064410640
if (ssl->options.sendVerify) {
1064510641
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
10646-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10647-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10648-
#endif
10642+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1064910643
WOLFSSL_ERROR(ssl->error);
1065010644
return WOLFSSL_FATAL_ERROR;
1065110645
}
@@ -10658,9 +10652,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1065810652

1065910653
case FIRST_REPLY_THIRD :
1066010654
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
10661-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10662-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10663-
#endif
10655+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1066410656
WOLFSSL_ERROR(ssl->error);
1066510657
return WOLFSSL_FATAL_ERROR;
1066610658
}
@@ -10671,9 +10663,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1067110663

1067210664
case FIRST_REPLY_FOURTH :
1067310665
if ( (ssl->error = SendFinished(ssl)) != 0) {
10674-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
10675-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
10676-
#endif
10666+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1067710667
WOLFSSL_ERROR(ssl->error);
1067810668
return WOLFSSL_FATAL_ERROR;
1067910669
}
@@ -11051,9 +11041,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1105111041
return WOLFSSL_FATAL_ERROR;
1105211042
}
1105311043
if ( (ssl->error = SendServerHello(ssl)) != 0) {
11054-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11055-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11056-
#endif
11044+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1105711045
WOLFSSL_ERROR(ssl->error);
1105811046
return WOLFSSL_FATAL_ERROR;
1105911047
}
@@ -11070,9 +11058,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1107011058
#ifndef NO_CERTS
1107111059
if (!ssl->options.resuming)
1107211060
if ( (ssl->error = SendCertificate(ssl)) != 0) {
11073-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11074-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11075-
#endif
11061+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1107611062
WOLFSSL_ERROR(ssl->error);
1107711063
return WOLFSSL_FATAL_ERROR;
1107811064
}
@@ -11085,9 +11071,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1108511071
#ifndef NO_CERTS
1108611072
if (!ssl->options.resuming)
1108711073
if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
11088-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11089-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11090-
#endif
11074+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1109111075
WOLFSSL_ERROR(ssl->error);
1109211076
return WOLFSSL_FATAL_ERROR;
1109311077
}
@@ -11104,9 +11088,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1110411088
#endif
1110511089
if (!ssl->options.resuming)
1110611090
if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
11107-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11108-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11109-
#endif
11091+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1111011092
WOLFSSL_ERROR(ssl->error);
1111111093
return WOLFSSL_FATAL_ERROR;
1111211094
}
@@ -11119,9 +11101,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1111911101
if (!ssl->options.resuming) {
1112011102
if (ssl->options.verifyPeer) {
1112111103
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
11122-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11123-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11124-
#endif
11104+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1112511105
WOLFSSL_ERROR(ssl->error);
1112611106
return WOLFSSL_FATAL_ERROR;
1112711107
}
@@ -11139,9 +11119,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1113911119
case CERT_REQ_SENT :
1114011120
if (!ssl->options.resuming)
1114111121
if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
11142-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11143-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11144-
#endif
11122+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1114511123
WOLFSSL_ERROR(ssl->error);
1114611124
return WOLFSSL_FATAL_ERROR;
1114711125
}
@@ -11180,9 +11158,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1118011158
#ifdef HAVE_SESSION_TICKET
1118111159
if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
1118211160
if ( (ssl->error = SendTicket(ssl)) != 0) {
11183-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11184-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11185-
#endif
11161+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1118611162
WOLFSSL_MSG("Thought we need ticket but failed");
1118711163
WOLFSSL_ERROR(ssl->error);
1118811164
return WOLFSSL_FATAL_ERROR;
@@ -11201,9 +11177,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1120111177
}
1120211178

1120311179
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
11204-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11205-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11206-
#endif
11180+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1120711181
WOLFSSL_ERROR(ssl->error);
1120811182
return WOLFSSL_FATAL_ERROR;
1120911183
}
@@ -11213,9 +11187,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
1121311187

1121411188
case CHANGE_CIPHER_SENT :
1121511189
if ( (ssl->error = SendFinished(ssl)) != 0) {
11216-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
11217-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
11218-
#endif
11190+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1121911191
WOLFSSL_ERROR(ssl->error);
1122011192
return WOLFSSL_FATAL_ERROR;
1122111193
}

src/tls13.c

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -13394,13 +13394,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1339413394
if (ssl->earlyData != no_early_data &&
1339513395
ssl->options.handShakeState != CLIENT_HELLO_COMPLETE) {
1339613396
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
13397-
if (!ssl->options.dtls && ssl->options.tls13MiddleBoxCompat) {
13398-
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
13399-
WOLFSSL_ERROR(ssl->error);
13400-
return WOLFSSL_FATAL_ERROR;
13397+
if (!ssl->options.dtls &&
13398+
ssl->options.tls13MiddleBoxCompat) {
13399+
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
13400+
WOLFSSL_ERROR(ssl->error);
13401+
return WOLFSSL_FATAL_ERROR;
13402+
}
13403+
ssl->options.sentChangeCipher = 1;
1340113404
}
13402-
ssl->options.sentChangeCipher = 1;
13403-
}
1340413405
#endif
1340513406
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
1340613407
return WOLFSSL_SUCCESS;
@@ -13538,9 +13539,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1353813539
if (!ssl->options.resuming && ssl->options.sendVerify) {
1353913540
ssl->error = SendTls13Certificate(ssl);
1354013541
if (ssl->error != 0) {
13541-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13542-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13543-
#endif
13542+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1354413543
WOLFSSL_ERROR(ssl->error);
1354513544
return WOLFSSL_FATAL_ERROR;
1354613545
}
@@ -13560,9 +13559,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1356013559
if (!ssl->options.resuming && ssl->options.sendVerify) {
1356113560
ssl->error = SendTls13CertificateVerify(ssl);
1356213561
if (ssl->error != 0) {
13563-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13564-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13565-
#endif
13562+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1356613563
WOLFSSL_ERROR(ssl->error);
1356713564
return WOLFSSL_FATAL_ERROR;
1356813565
}
@@ -13576,9 +13573,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
1357613573

1357713574
case FIRST_REPLY_FOURTH:
1357813575
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
13579-
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
13580-
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
13581-
#endif
13576+
wolfSSL_MaybeCheckAlertOnErr(ssl, ssl->error);
1358213577
WOLFSSL_ERROR(ssl->error);
1358313578
return WOLFSSL_FATAL_ERROR;
1358413579
}

tests/api/test_tls13.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2140,6 +2140,8 @@ int test_tls13_early_data(void)
21402140
struct test_tls13_wwrite_ctx wwrite_ctx_s, wwrite_ctx_c;
21412141

21422142
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
2143+
XMEMSET(&wwrite_ctx_c, 0, sizeof(wwrite_ctx_c));
2144+
XMEMSET(&wwrite_ctx_s, 0, sizeof(wwrite_ctx_s));
21432145

21442146
fprintf(stderr, "\tEarly data with %s%s%s\n", params[i].tls_version,
21452147
splitEarlyData ? " (split early data)" : "",
@@ -2179,8 +2181,6 @@ int test_tls13_early_data(void)
21792181
#endif
21802182

21812183
if (everyWriteWantWrite) {
2182-
XMEMSET(&wwrite_ctx_c, 0, sizeof(wwrite_ctx_c));
2183-
XMEMSET(&wwrite_ctx_s, 0, sizeof(wwrite_ctx_s));
21842184
wwrite_ctx_c.test_ctx = &test_ctx;
21852185
wwrite_ctx_s.test_ctx = &test_ctx;
21862186
wolfSSL_SetIOWriteCtx(ssl_c, &wwrite_ctx_c);

wolfssl/internal.h

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7239,9 +7239,7 @@ WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
72397239
word32* keySz);
72407240
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
72417241

7242-
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
7243-
WOLFSSL_LOCAL void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err);
7244-
#endif
7242+
WOLFSSL_LOCAL void wolfSSL_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err);
72457243

72467244
#ifdef __cplusplus
72477245
} /* extern "C" */

0 commit comments

Comments
 (0)