From c81c9be9cebdbe998a0a58c9a4e3c375310ef98d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 6 Sep 2024 19:33:48 -0500 Subject: [PATCH] error code fixes: * fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1. * add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition). * refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form(). --- src/bio.c | 10 +- src/crl.c | 28 +-- src/dtls13.c | 2 +- src/internal.c | 34 +-- src/ocsp.c | 6 +- src/pk.c | 348 ++++++++++++++-------------- src/quic.c | 4 +- src/sniffer.c | 254 ++++++++++---------- src/ssl.c | 48 ++-- src/ssl_asn1.c | 54 ++--- src/ssl_bn.c | 32 +-- src/ssl_crypto.c | 8 +- src/ssl_p7p12.c | 6 +- src/ssl_sess.c | 8 +- src/tls.c | 6 +- src/tls13.c | 14 +- src/wolfio.c | 38 +-- src/x509.c | 28 +-- wolfcrypt/src/asn.c | 42 ++-- wolfcrypt/src/coding.c | 2 +- wolfcrypt/src/dh.c | 2 +- wolfcrypt/src/dsa.c | 4 +- wolfcrypt/src/ecc.c | 8 +- wolfcrypt/src/eccsi.c | 12 +- wolfcrypt/src/pkcs12.c | 12 +- wolfcrypt/src/pkcs7.c | 6 +- wolfcrypt/src/port/nxp/se050_port.c | 2 +- wolfcrypt/src/rsa.c | 2 +- wolfcrypt/src/sakke.c | 16 +- wolfcrypt/src/sp_arm32.c | 8 +- wolfcrypt/src/sp_arm64.c | 8 +- wolfcrypt/src/sp_armthumb.c | 8 +- wolfcrypt/src/sp_c32.c | 8 +- wolfcrypt/src/sp_c64.c | 8 +- wolfcrypt/src/sp_cortexm.c | 8 +- wolfcrypt/src/sp_x86_64.c | 12 +- 36 files changed, 551 insertions(+), 545 deletions(-) diff --git a/src/bio.c b/src/bio.c index b2504dfb92..db6d85d577 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1849,13 +1849,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) WOLFSSL_ENTER("wolfSSL_BIO_seek"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* offset ofs from beginning of file */ if (bio->type == WOLFSSL_BIO_FILE && XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1872,7 +1872,7 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_tell"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (bio->type != WOLFSSL_BIO_FILE) { @@ -1881,7 +1881,7 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) pos = (int)XFTELL(bio->ptr.fh); if (pos < 0) - return -1; + return WOLFSSL_FATAL_ERROR; else return pos; } @@ -3246,7 +3246,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) #if !defined(NO_FILESYSTEM) case WOLFSSL_BIO_FILE: if (bio->ptr.fh == XBADFILE) { - return -1; + return WOLFSSL_FATAL_ERROR; } ret = XVFPRINTF(bio->ptr.fh, format, args); break; diff --git a/src/crl.c b/src/crl.c index 8c221b217e..80a01dc83c 100644 --- a/src/crl.c +++ b/src/crl.c @@ -121,7 +121,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer, dcrl->issuerSz); if (crle->issuer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #endif #ifdef CRL_STATIC_REVOKED_LIST @@ -141,13 +141,13 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap, DYNAMIC_TYPE_CRL_ENTRY); if (crle->toBeSigned == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; crle->signature = (byte*)XMALLOC(crle->signatureSz, heap, DYNAMIC_TYPE_CRL_ENTRY); if (crle->signature == NULL) { XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); crle->toBeSigned = NULL; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WC_RSA_PSS @@ -160,7 +160,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, crle->toBeSigned = NULL; XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); crle->signature = NULL; - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex, crle->sigParamsSz); @@ -563,7 +563,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, WOLFSSL_ENTER("AddCRL"); if (crl == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; crle = crl->currentEntry; @@ -578,7 +578,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) { WOLFSSL_MSG("Init CRL Entry failed"); CRL_Entry_free(crle, crl->heap); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wc_LockRwLock_Wr(&crl->crlLock) != 0) { @@ -625,7 +625,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, else { WOLFSSL_MSG("Pem to Der failed"); FreeDer(&der); - return -1; + return WOLFSSL_FATAL_ERROR; } #else ret = NOT_COMPILED_IN; @@ -1018,7 +1018,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } if (crl->monitors[0].path) { @@ -1029,7 +1029,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1041,7 +1041,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1051,7 +1051,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } newList = tmp->crlList; @@ -1103,7 +1103,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL); if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) { WOLFSSL_MSG("kevent trigger customer event failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1235,7 +1235,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) /* write to our custom event */ if (write(mfd, &w64, sizeof(w64)) < 0) { WOLFSSL_MSG("StopMonitor write failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1378,7 +1378,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) { if (SetEvent(mfd) == 0) { WOLFSSL_MSG("SetEvent custom event trigger failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; } diff --git a/src/dtls13.c b/src/dtls13.c index 955b4198f1..974469b0f7 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -2585,7 +2585,7 @@ int Dtls13RtxTimeout(WOLFSSL* ssl) /* Increase timeout on long timeout */ if (DtlsMsgPoolTimeout(ssl) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; return Dtls13RtxSendBuffered(ssl); } diff --git a/src/internal.c b/src/internal.c index 5a362b6375..1b0a47d08e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2108,7 +2108,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz, if (type == WOLFSSL_EXPORT_TLS) { *sz += AES_BLOCK_SIZE*2; } - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { @@ -10467,7 +10467,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) if (ssl->CBIORecv == NULL) { WOLFSSL_MSG("Your IO Recv callback is null, please set"); - return -1; + return WOLFSSL_FATAL_ERROR; } retry: @@ -10486,7 +10486,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) } #endif #endif - return -1; + return WOLFSSL_FATAL_ERROR; case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ): if (retryLimit > 0 && ssl->ctx->autoRetry && @@ -10503,7 +10503,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) } #endif ssl->options.connReset = 1; - return -1; + return WOLFSSL_FATAL_ERROR; case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */ /* see if we got our timeout */ @@ -10527,7 +10527,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): ssl->options.isClosed = 1; - return -1; + return WOLFSSL_FATAL_ERROR; case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT): #ifdef WOLFSSL_DTLS @@ -10537,7 +10537,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) if (Dtls13RtxTimeout(ssl) < 0) { WOLFSSL_MSG( "Error trying to retransmit DTLS buffered message"); - return -1; + return WOLFSSL_FATAL_ERROR; } goto retry; } @@ -10552,7 +10552,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) goto retry; } #endif - return -1; + return WOLFSSL_FATAL_ERROR; default: WOLFSSL_MSG("Unexpected recv return code"); @@ -27580,7 +27580,7 @@ static int CmpEccStrength(int hashAlgo, int curveSz) { int dgstSz = GetMacDigestSize((byte)hashAlgo); if (dgstSz <= 0) - return -1; + return WOLFSSL_FATAL_ERROR; return dgstSz - (curveSz & (~0x3)); } #endif @@ -38207,7 +38207,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, diff -= ticketSeen; if (diff > timeout * 1000 || diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #else sword64 diff; sword64 ticketSeen; /* Time ticket seen (ms) */ @@ -38225,7 +38225,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, diff -= ticketSeen; if (diff > timeout * 1000 || diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #endif ato32(psk->it->ageAdd, &ticketAdd); /* Subtract client's ticket age and unobfuscate. */ @@ -38235,7 +38235,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Allow +/- 1000 milliseconds on ticket age. */ if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK) /* Check whether resumption is possible based on suites in SSL and @@ -38243,18 +38243,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, */ (void)ssl; if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #else (void)suite; if (!FindSuiteSSL(ssl, psk->it->suite)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif #ifdef OPENSSL_EXTRA if (ssl->sessionCtxSz > 0 && (psk->it->sessionCtxSz != ssl->sessionCtxSz || XMEMCMP(psk->it->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz) != 0)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif return 0; } @@ -41086,7 +41086,7 @@ int wolfSSL_sk_BY_DIR_HASH_find( } next = next->next; } - return -1; + return WOLFSSL_FATAL_ERROR; } /* return a number of WOLFSSL_BY_DIR_HASH in stack */ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) @@ -41094,7 +41094,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); if (sk == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)sk->num; } /* return WOLFSSL_BY_DIR_HASH instance at i */ @@ -41277,7 +41277,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); if (sk == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)sk->num; } /* return WOLFSSL_BY_DIR_entry instance at i */ diff --git a/src/ocsp.c b/src/ocsp.c index 761e5c0230..41c038fd12 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1641,7 +1641,7 @@ int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx) reqLen - ctx->sent); if (sent <= 0) { if (wolfSSL_BIO_should_retry(ctx->bio)) - return -1; + return WOLFSSL_FATAL_ERROR; WOLFSSL_MSG("wolfSSL_BIO_write error"); ctx->ioState = ORIOS_INVALID; return 0; @@ -1670,7 +1670,7 @@ int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx) if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { - return -1; + return WOLFSSL_FATAL_ERROR; } return WOLFSSL_FAILURE; } @@ -1898,7 +1898,7 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs) /* nonce present in req only */ if (reqNonce != NULL && rspNonce == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* nonces are present and equal, return 1. Extra NULL check for fixing scan-build warning. */ diff --git a/src/pk.c b/src/pk.c index 34cdf8d5b4..49f6e5bf1f 100644 --- a/src/pk.c +++ b/src/pk.c @@ -397,7 +397,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, /* Generate a random salt. */ if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) { WOLFSSL_MSG("generate iv failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -1790,7 +1790,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -1809,7 +1809,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, /* Something went wrong while decoding. */ WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 " "header"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -1831,13 +1831,13 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed"); } WOLFSSL_ERROR_VERBOSE(res); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Set external RSA key data from wolfCrypt key. */ if (SetRsaExternal(rsa) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { rsa->inSet = 1; @@ -2478,7 +2478,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) /* Validate parameters. */ if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2578,7 +2578,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) /* Validate parameters. */ if ((rsa == NULL) || (rsa->internal == NULL)) { WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2674,7 +2674,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Validate parameters. */ if ((rsa == NULL) || (rsa->internal == NULL)) { WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2683,14 +2683,14 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Copy down modulus if available. */ if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) { WOLFSSL_ERROR_MSG("rsa n key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down public exponent if available. */ if ((ret == 1) && (rsa->e != NULL) && (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) { WOLFSSL_ERROR_MSG("rsa e key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Enough numbers for public key */ @@ -2700,7 +2700,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) if ((ret == 1) && (rsa->d != NULL)) { if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { WOLFSSL_ERROR_MSG("rsa d key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Enough numbers for private key */ @@ -2712,14 +2712,14 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) if ((ret == 1) && (rsa->p != NULL) && (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) { WOLFSSL_ERROR_MSG("rsa p key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down second prime if available. */ if ((ret == 1) && (rsa->q != NULL) && (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) { WOLFSSL_ERROR_MSG("rsa q key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #ifndef RSA_LOW_MEM @@ -2727,21 +2727,21 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) if ((ret == 1) && (rsa->dmp1 != NULL) && (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { WOLFSSL_ERROR_MSG("rsa dP key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down d mod q-1 if available. */ if ((ret == 1) && (rsa->dmq1 != NULL) && (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) { WOLFSSL_ERROR_MSG("rsa dQ key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down 1/q mod p if available. */ if ((ret == 1) && (rsa->iqmp != NULL) && (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) { WOLFSSL_ERROR_MSG("rsa u key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif /* !RSA_LOW_MEM */ @@ -4265,7 +4265,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4286,7 +4286,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, default: WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding " "scheme"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else /* Check for supported padding schemes in FIPS. */ @@ -4294,14 +4294,14 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4309,7 +4309,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4317,7 +4317,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, /* Get an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); if (rng == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4343,7 +4343,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret); return ret; @@ -4378,7 +4378,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4397,7 +4397,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, break; default: WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else /* Check for supported padding schemes in FIPS. */ @@ -4405,14 +4405,14 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4420,7 +4420,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4438,7 +4438,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret); return ret; @@ -4469,7 +4469,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4484,20 +4484,20 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, /* TODO: RSA_X931_PADDING not supported */ default: WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4505,7 +4505,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4524,7 +4524,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret); return ret; @@ -4561,7 +4561,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4574,20 +4574,20 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, /* TODO: RSA_X931_PADDING not supported */ default: WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Get an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); if (rng == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4620,7 +4620,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret); return ret; @@ -4655,7 +4655,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) || (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) { WOLFSSL_ERROR_MSG("rsa no init error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_SMALL_STACK @@ -4664,7 +4664,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_ERROR_MSG("Memory allocation failure"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -4673,7 +4673,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) /* Initialize temp MP integer. */ if (mp_init(tmp) != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_init error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4684,7 +4684,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4693,7 +4693,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) (mp_int*)rsa->dmp1->internal); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_mod error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4701,7 +4701,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4710,7 +4710,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) (mp_int*)rsa->dmq1->internal); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_mod error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4892,34 +4892,34 @@ int SetDsaExternal(WOLFSSL_DSA* dsa) if (dsa == NULL || dsa->internal == NULL) { WOLFSSL_MSG("dsa key NULL error"); - return -1; + return WOLFSSL_FATAL_ERROR; } key = (DsaKey*)dsa->internal; if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) { WOLFSSL_MSG("dsa p key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) { WOLFSSL_MSG("dsa q key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) { WOLFSSL_MSG("dsa g key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) { WOLFSSL_MSG("dsa y key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) { WOLFSSL_MSG("dsa x key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->exSet = 1; @@ -4937,7 +4937,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa == NULL || dsa->internal == NULL) { WOLFSSL_MSG("dsa key NULL error"); - return -1; + return WOLFSSL_FATAL_ERROR; } key = (DsaKey*)dsa->internal; @@ -4945,25 +4945,25 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa->p != NULL && wolfssl_bn_get_value(dsa->p, &key->p) != 1) { WOLFSSL_MSG("rsa p key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->q != NULL && wolfssl_bn_get_value(dsa->q, &key->q) != 1) { WOLFSSL_MSG("rsa q key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->g != NULL && wolfssl_bn_get_value(dsa->g, &key->g) != 1) { WOLFSSL_MSG("rsa g key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->pub_key != NULL) { if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) { WOLFSSL_MSG("rsa pub_key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } /* public key */ @@ -4973,7 +4973,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa->priv_key != NULL) { if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) { WOLFSSL_MSG("rsa priv_key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } /* private key */ @@ -5021,7 +5021,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { rng = tmpRng; @@ -5125,7 +5125,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { rng = tmpRng; @@ -5297,20 +5297,20 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out) if (sig == NULL || sig->r == NULL || sig->s == NULL || out == NULL) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (StoreECC_DSA_Sig(buf, &bufLen, (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) { WOLFSSL_MSG("StoreECC_DSA_Sig error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out == NULL) { byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1); if (tmp == NULL) { WOLFSSL_MSG("malloc error"); - return -1; + return WOLFSSL_FATAL_ERROR; } *out = tmp; } @@ -5440,7 +5440,7 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa) { - int ret = -1; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK @@ -5453,21 +5453,21 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return ret; + return WOLFSSL_FATAL_ERROR; } if (dsa->inSet == 0) { WOLFSSL_MSG("No DSA internal set, do it"); if (SetDsaInternal(dsa) != 1) { WOLFSSL_MSG("SetDsaInternal failed"); - return ret; + return WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { @@ -5476,14 +5476,22 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } else { WOLFSSL_MSG("Bad RNG Init, trying global"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG); + tmpRng = NULL; +#endif rng = wolfssl_get_global_rng(); + if (! rng) + return WOLFSSL_FATAL_ERROR; } if (rng) { - if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) + if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { WOLFSSL_MSG("DsaSign failed"); + ret = WOLFSSL_FATAL_ERROR; + } else - ret = 1; + ret = WOLFSSL_SUCCESS; } if (initTmpRng) @@ -5534,13 +5542,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck) { - int ret = -1; + int ret; WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); if (d == NULL || sig == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->inSet == 0) { @@ -5548,7 +5556,7 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, if (SetDsaInternal(dsa) != 1) { WOLFSSL_MSG("SetDsaInternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6132,19 +6140,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, (word32)derSz); if (ret < 0) { WOLFSSL_MSG("DsaPrivateKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetDsaExternal(dsa) != 1) { WOLFSSL_MSG("SetDsaExternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->inSet = 1; @@ -6164,7 +6172,7 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (opt == WOLFSSL_DSA_LOAD_PRIVATE) { @@ -6179,17 +6187,17 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPrivateKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPublicKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetDsaExternal(dsa) != 1) { WOLFSSL_MSG("SetDsaExternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->inSet = 1; @@ -7588,13 +7596,13 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz) if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx, (word32)derSz) != 0)) { WOLFSSL_ERROR_MSG("DH key decode failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; @@ -7782,7 +7790,7 @@ WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh, static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, void* heap) { - int ret = -1; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int err = 0; byte* der = NULL; word32 derSz; @@ -7911,7 +7919,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Validate parameters. */ if ((dh == NULL) || (dh->internal == NULL)) { WOLFSSL_ERROR_MSG("dh key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -7923,21 +7931,21 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Set the prime. */ if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) { WOLFSSL_ERROR_MSG("dh param p error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_G)) { /* Set the generator. */ if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) { WOLFSSL_ERROR_MSG("dh param g error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_Q)) { /* Set the order. */ if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) { WOLFSSL_ERROR_MSG("dh param q error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_DH_EXTRA @@ -7945,14 +7953,14 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Set the private key. */ if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) { WOLFSSL_ERROR_MSG("No DH Private Key"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_PUB)) { /* Set the public key. */ if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) { WOLFSSL_ERROR_MSG("No DH Public Key"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif /* WOLFSSL_DH_EXTRA */ @@ -7997,7 +8005,7 @@ int SetDhInternal(WOLFSSL_DH* dh) /* Validate parameters. */ if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { /* Get the wolfSSL DH key. */ @@ -8006,26 +8014,26 @@ int SetDhInternal(WOLFSSL_DH* dh) /* Clear out key and initialize. */ wc_FreeDhKey(key); if (wc_InitDhKey(key) != 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Transfer prime. */ if (wolfssl_bn_get_value(dh->p, &key->p) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Transfer generator. */ if (wolfssl_bn_get_value(dh->g, &key->g) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_FFDHE_Q /* Transfer order if available. */ if ((ret == 1) && (dh->q != NULL)) { if (wolfssl_bn_get_value(dh->q, &key->q) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -8034,14 +8042,14 @@ int SetDhInternal(WOLFSSL_DH* dh) if ((ret == 1) && (dh->priv_key != NULL) && (!wolfSSL_BN_is_zero(dh->priv_key))) { if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Transfer public key if available. */ if ((ret == 1) && (dh->pub_key != NULL) && (!wolfSSL_BN_is_zero(dh->pub_key))) { if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif /* WOLFSSL_DH_EXTRA */ @@ -8064,17 +8072,14 @@ int SetDhInternal(WOLFSSL_DH* dh) */ int wolfSSL_DH_size(WOLFSSL_DH* dh) { - int ret = -1; - WOLFSSL_ENTER("wolfSSL_DH_size"); - /* Validate parameter. */ - if (dh != NULL) { - /* Size of key is size of prime in bytes. */ - ret = wolfSSL_BN_num_bytes(dh->p); - } + if (dh == NULL) + return WOLFSSL_FATAL_ERROR; - return ret; + /* Validate parameter. */ + /* Size of key is size of prime in bytes. */ + return wolfSSL_BN_num_bytes(dh->p); } /** @@ -8700,19 +8705,19 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, /* Validate parameters. */ if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Get the maximum size of computed DH key. */ if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) { WOLFSSL_ERROR_MSG("Bad DH_size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Validate the size of the private key. */ sz = wolfSSL_BN_num_bytes(dh->priv_key); if (sz > (int)privSz) { WOLFSSL_ERROR_MSG("Bad priv internal size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -8725,7 +8730,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, sz = wolfSSL_BN_num_bytes(otherPub); if (sz > pubSz) { WOLFSSL_ERROR_MSG("Bad otherPub size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -8735,14 +8740,14 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, pub = (unsigned char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pub == NULL) - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Allocate memory for the private key array. */ priv = (unsigned char*)XMALLOC((size_t)privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); if (priv == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -8750,20 +8755,20 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, /* Get the private key into the array. */ privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv); if (privSz <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Get the public key into the array. */ pubSz = wolfSSL_BN_bn2bin(otherPub, pub); if (pubSz <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Synchronize the external into the internal parameters. */ if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) { WOLFSSL_ERROR_MSG("Bad DH set internal"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } PRIVATE_KEY_UNLOCK(); @@ -8771,7 +8776,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, (word32)privSz, pub, (word32)pubSz) < 0)) { WOLFSSL_ERROR_MSG("wc_DhAgree failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Return actual length. */ @@ -8982,7 +8987,7 @@ int EccEnumToNID(int n) #endif default: WOLFSSL_MSG("NID not found"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -8998,8 +9003,7 @@ int EccEnumToNID(int n) */ int NIDToEccEnum(int nid) { - /* -1 on error. */ - int id = -1; + int id; WOLFSSL_ENTER("NIDToEccEnum"); @@ -9087,6 +9091,8 @@ int NIDToEccEnum(int nid) break; default: WOLFSSL_MSG("NID not found"); + /* -1 on error. */ + id = WOLFSSL_FATAL_ERROR; } return id; @@ -9378,7 +9384,7 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, if ((a == NULL) || (b == NULL)) { WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); /* Return error value. */ - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Compare NID and wolfSSL curve index. */ else { @@ -9529,7 +9535,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) /* Validate parameter. */ if ((group == NULL) || (group->curve_idx < 0)) { WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_SMALL_STACK @@ -9538,7 +9544,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) order = (mp_int *)XMALLOC(sizeof(*order), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (order == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -9645,7 +9651,7 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p) /* Validate parameter. */ if ((p == NULL) || (p->internal == NULL)) { WOLFSSL_MSG("ECPoint NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get internal point as a wolfCrypt EC point. */ @@ -9654,19 +9660,19 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p) /* Set X ordinate if available. */ if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) { WOLFSSL_MSG("ecc point X error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Y ordinate if available. */ if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y, point->y) != 1)) { WOLFSSL_MSG("ecc point Y error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Z ordinate if available. */ if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z, point->z) != 1)) { WOLFSSL_MSG("ecc point Z error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Internal values set when operations succeeded. */ p->inSet = (ret == 1); @@ -9692,7 +9698,7 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p) /* Validate parameter. */ if ((p == NULL) || (p->internal == NULL)) { WOLFSSL_MSG("ECPoint NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get internal point as a wolfCrypt EC point. */ @@ -9701,17 +9707,17 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p) /* Set X ordinate. */ if (wolfssl_bn_set_value(&p->X, point->x) != 1) { WOLFSSL_MSG("ecc point X error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Y ordinate. */ if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) { WOLFSSL_MSG("ecc point Y error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Z ordinate. */ if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) { WOLFSSL_MSG("ecc point Z error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* External values set when operations succeeded. */ p->exSet = (ret == 1); @@ -10357,7 +10363,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, /* Check return. When buf is NULL, return will be length only * error. */ - if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) { + if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { err = 1; } } @@ -11391,43 +11397,43 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, /* Check that the big numbers were allocated. */ if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) || (mod == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Get the modulus for the curve. */ if ((ret == 0) && (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* bt = Bx * (Az ^ 2). When Az is one then just copy. */ if (BN_is_one(a->Z)) { if (BN_copy(bt, b->X) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* az = Az ^ 2 */ else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* bt = Bx * az = Bx * (Az ^ 2) */ else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */ if (BN_is_one(b->Z)) { if (BN_copy(at, a->X) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* bz = Bz ^ 2 */ else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* at = Ax * bz = Ax * (Bz ^ 2) */ else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Compare x-ordinates. */ @@ -11438,32 +11444,32 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, /* bt = By * (Az ^ 3). When Az is one then just copy. */ if (BN_is_one(a->Z)) { if (BN_copy(bt, b->Y) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* az = az * Az = Az ^ 3 */ else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* bt = By * az = By * (Az ^ 3) */ else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */ if (BN_is_one(b->Z)) { if (BN_copy(at, a->Y) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* bz = bz * Bz = Bz ^ 3 */ else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* at = Ay * bz = Ay * (Bz ^ 3) */ else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Compare y-ordinates. */ @@ -11503,7 +11509,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, if ((group == NULL) || (a == NULL) || (a->internal == NULL) || (b == NULL) || (b->internal == NULL)) { WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret != -1) { #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN @@ -12280,11 +12286,11 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_MSG("Bad function arguments"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) && (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) { - res = -1; + res = WOLFSSL_FATAL_ERROR; } if (res == 1) { @@ -12303,7 +12309,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, /* Error out on parsing error. */ else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } } @@ -12320,7 +12326,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key), ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC); if (tmp == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* We now try again as x.963 [point type][x][opt y]. */ @@ -12352,7 +12358,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, else { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); } - res = -1; + res = WOLFSSL_FATAL_ERROR; } /* Internal key updated - update whether it is a valid key. */ @@ -12362,7 +12368,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, /* Set the external EC key based on value in internal. */ if ((res == 1) && (SetECKeyExternal(key) != 1)) { WOLFSSL_MSG("SetECKeyExternal failed"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } return res; @@ -13006,7 +13012,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) /* Validate parameter. */ if ((eckey == NULL) || (eckey->internal == NULL)) { WOLFSSL_MSG("ec key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { ecc_key* key = (ecc_key*)eckey->internal; @@ -13021,13 +13027,13 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) if (wc_ecc_copy_point(&key->pubkey, (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set external public key from internal wolfCrypt, public key. */ if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) { WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -13036,7 +13042,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) (wolfssl_bn_set_value(&eckey->priv_key, wc_ecc_key_get_priv(key)) != 1)) { WOLFSSL_MSG("ec priv key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* External values set when operations succeeded. */ @@ -13064,7 +13070,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((eckey == NULL) || (eckey->internal == NULL) || (eckey->group == NULL)) { WOLFSSL_MSG("ec key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { ecc_key* key = (ecc_key*)eckey->internal; @@ -13074,7 +13080,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((eckey->group->curve_idx < 0) || (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) { WOLFSSL_MSG("invalid curve idx"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -13087,14 +13093,14 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((ret == 1) && pubSet) { if (ec_point_internal_set(eckey->pub_key) != 1) { WOLFSSL_MSG("ec key pub error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy public point to key. */ if ((ret == 1) && (wc_ecc_copy_point( (ecc_point*)eckey->pub_key->internal, &key->pubkey) != MP_OKAY)) { WOLFSSL_MSG("wc_ecc_copy_point error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -13108,7 +13114,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if (wolfssl_bn_get_value(eckey->priv_key, wc_ecc_key_get_priv(key)) != 1) { WOLFSSL_MSG("ec key priv error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* private key */ if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) { @@ -13136,13 +13142,9 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) */ point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key) { - int ret = -1; - - if (key != NULL) { - ret = key->form; - } - - return ret; + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + return key->form; } /* Set point conversion format into EC key. @@ -13993,7 +13995,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, if ((dgst == NULL) || (sig == NULL) || (key == NULL) || (key->internal == NULL)) { WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Ensure internal EC key is set from external. */ @@ -14002,7 +14004,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, if (SetECKeyInternal(key) != 1) { WOLFSSL_MSG("SetECKeyInternal failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -14013,7 +14015,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified, (ecc_key *)key->internal) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (verified == 0) { WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); @@ -14027,7 +14029,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, (word32)dLen, &verified, (ecc_key*)key->internal); if (ret != MP_OKAY) { WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (verified == 0) { WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); @@ -15539,7 +15541,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, if (!err) { const unsigned char* ptr = der->buffer; - int type = -1; + int type; /* Set key type based on format returned. */ switch (keyFormat) { @@ -15558,6 +15560,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, type = EVP_PKEY_DH; break; default: + type = WOLFSSL_FATAL_ERROR; break; } @@ -15677,7 +15680,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, if (!err) { const unsigned char* ptr = der->buffer; - int type = -1; + int type; /* Set key type based on format returned. */ switch (keyFormat) { @@ -15696,6 +15699,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, type = EVP_PKEY_DH; break; default: + type = WOLFSSL_FATAL_ERROR; break; } diff --git a/src/quic.c b/src/quic.c index 8633cf06db..f709ea6935 100644 --- a/src/quic.c +++ b/src/quic.c @@ -200,7 +200,7 @@ static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) /* We check if the buf is at least RECORD_HEADER_SZ */ if (sz < RECORD_HEADER_SZ) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (qr->rec_hdr_remain == 0) { @@ -785,7 +785,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) /* record too small to be fit into a RecordLayerHeader struct. */ if (n == -1) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (quic_record_done(ssl->quic.input_head)) { QuicRecord* qr = ssl->quic.input_head; diff --git a/src/sniffer.c b/src/sniffer.c index 31d54a949f..7be98cdef0 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1656,31 +1656,31 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, int ret = -1; if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (keySz == 0) { /* load from file */ file = XFOPEN(keyFile, "rb"); - if (file == XBADFILE) return -1; + if (file == XBADFILE) return WOLFSSL_FATAL_ERROR; if(XFSEEK(file, 0, XSEEK_END) != 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } fileSz = XFTELL(file); if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } if(XFSEEK(file, 0, XSEEK_SET) != 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE); if (loadBuf == NULL) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = (int)XFREAD(loadBuf, 1, fileSz, file); @@ -1688,14 +1688,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, if (ret != fileSz) { XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE); - return -1; + return WOLFSSL_FATAL_ERROR; } } else { /* use buffer directly */ loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE); if (loadBuf == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } fileSz = keySz; XMEMCPY(loadBuf, keyFile, fileSz); @@ -1732,7 +1732,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, } if (ret < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -1751,14 +1751,14 @@ static int CreateWatchSnifferServer(char* error) DYNAMIC_TYPE_SNIFFER_SERVER); if (sniffer == NULL) { SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } InitSnifferServer(sniffer); sniffer->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (!sniffer->ctx) { SetError(MEMORY_STR, error, NULL, 0); FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) if (CryptoDeviceId != INVALID_DEVID) @@ -1800,7 +1800,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, NULL, DYNAMIC_TYPE_SNIFFER_NAMED_KEY); if (namedKey == NULL) { SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(namedKey, 0, sizeof(NamedKey)); @@ -1815,7 +1815,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, if (ret < 0) { SetError(KEY_FILE_STR, error, NULL, 0); FreeNamedKey(namedKey); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif @@ -1849,7 +1849,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, #ifdef HAVE_SNI FreeNamedKey(namedKey); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } InitSnifferServer(sniffer); @@ -1865,7 +1865,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, FreeNamedKey(namedKey); #endif FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) if (CryptoDeviceId != INVALID_DEVID) @@ -1906,7 +1906,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, SetError(KEY_FILE_STR, error, NULL, 0); if (isNew) FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLF_CRYPTO_CB wolfSSL_CTX_SetDevId(sniffer->ctx, CryptoDeviceId); @@ -2124,7 +2124,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) if (version != IPV6) { SetError(BAD_IPVER_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } /* Here, we need to move onto next header if not TCP. */ @@ -2134,7 +2134,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) int hdrsz = (exthdr->length + 1) * 8; if (hdrsz > length - exthdrsz) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } exthdrsz += hdrsz; exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz); @@ -2146,7 +2146,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) #ifndef WOLFSSL_SNIFFER_WATCH if (!IsServerRegistered6(iphdr->src) && !IsServerRegistered6(iphdr->dst)) { SetError(SERVER_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -2180,12 +2180,12 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error, if (version != IPV4) { SetError(BAD_IPVER_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (iphdr->protocol != TCP_PROTOCOL) { SetError(BAD_PROTO_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } info->length = IP_HL(iphdr); @@ -2577,7 +2577,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -2800,7 +2800,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* if curve not provided in key share data, then use private @@ -2893,7 +2893,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -2976,7 +2976,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -3162,13 +3162,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } if (SetCipherSpecs(session->sslClient) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } #ifdef WOLFSSL_TLS13 @@ -3200,7 +3200,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } if (ret != 0) { SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } #ifdef SHOW_SECRETS @@ -3260,7 +3260,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, session->sslServer->buffers.key->length == 0) { SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -3288,7 +3288,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len, info->key_len = (word16)((input[index] << 8) | input[index+1]); index += OPAQUE16_LEN; if (info->key_len == 0 || info->key_len > len - index) { - return -1; + return WOLFSSL_FATAL_ERROR; } info->key = &input[index]; index += info->key_len; @@ -3392,7 +3392,7 @@ static int ProcessServerKeyShare(SnifferSession* session, const byte* input, int } if (ret != 0) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -3417,7 +3417,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through hint len */ if (TICKET_HINT_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += TICKET_HINT_LEN; /* skip over hint len */ *sslBytes -= TICKET_HINT_LEN; @@ -3428,7 +3428,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through hint age and nonce len */ if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += TICKET_HINT_AGE_LEN; /* skip over hint age */ *sslBytes -= TICKET_HINT_AGE_LEN; @@ -3437,7 +3437,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, len = input[0]; if (len > MAX_TICKET_NONCE_STATIC_SZ) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += OPAQUE8_LEN; *sslBytes -= OPAQUE8_LEN; @@ -3455,7 +3455,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through len */ if (OPAQUE16_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); @@ -3465,7 +3465,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through ticket */ if (len > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -3475,7 +3475,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, #ifdef HAVE_SESSION_TICKET if (SetTicket(session->sslServer, input, len) != 0) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* set haveSessionId to use the wolfSession cache */ @@ -3502,7 +3502,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* capture last part of sessionID as macID (32 bytes) */ if (len < ID_LEN) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* store session with macID as sessionID */ session->sslServer->options.haveSessionId = 1; @@ -3546,7 +3546,7 @@ static int DoResume(SnifferSession* session, char* error) INC_STAT(SnifferStats.sslResumeMisses); #endif SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -3571,13 +3571,13 @@ static int DoResume(SnifferSession* session, char* error) if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetCipherSpecs(session->sslClient) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -3616,7 +3616,7 @@ static int DoResume(SnifferSession* session, char* error) if (ret != 0) { SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -3645,7 +3645,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through session len */ if (toRead > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMCPY(&pv, input, VERSION_SZ); @@ -3670,7 +3670,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through compression */ if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (b) { #ifdef WOLFSSL_TLS13 @@ -3718,7 +3718,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (b) { SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* extensions */ @@ -3729,7 +3729,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -3737,7 +3737,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through all extensions */ if (len > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } while (len >= EXT_TYPE_SZ + LENGTH_SZ) { @@ -3756,7 +3756,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (extLen > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef DEBUG_SNIFFER printf("\tserver_hello ext: 0x%02x (len %d)\n", extType, extLen); @@ -3769,7 +3769,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (ret != 0) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } break; #endif @@ -3835,14 +3835,14 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, #ifndef WOLFSSL_TLS13 SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; #endif } else { #ifdef WOLFSSL_NO_TLS12 SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; #endif } @@ -4007,7 +4007,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read up to session len */ if (toRead > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* skip, get negotiated one from server hello */ @@ -4029,7 +4029,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (bLen) { if (ID_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } Trace(CLIENT_RESUME_TRY_STR); #ifdef WOLFSSL_TLS13 @@ -4055,7 +4055,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -4063,7 +4063,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read suites + comp len */ if (len + ENUM_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += len; *sslBytes -= len; @@ -4074,7 +4074,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (bLen > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += bLen; *sslBytes -= bLen; @@ -4088,7 +4088,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -4096,7 +4096,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read through all extensions */ if (len > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } while (len >= EXT_TYPE_SZ + LENGTH_SZ) { @@ -4114,7 +4114,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read through individual extension */ if (extLen > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef DEBUG_SNIFFER @@ -4163,7 +4163,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, word16 ksLen = (word16)((input[0] << 8) | input[1]); if (ksLen + OPAQUE16_LEN > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* cache key share data till server_hello */ session->cliKeyShareSz = ksLen; @@ -4187,7 +4187,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, idsLen = (word16)((input[idx] << 8) | input[idx+1]); if (idsLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; @@ -4195,7 +4195,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, idLen = (word16)((input[idx] << 8) | input[idx+1]); if (idLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; identity = &input[idx]; @@ -4211,7 +4211,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, bindersLen = (word16)((input[idx] << 8) | input[idx+1]); if (bindersLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; binders = &input[idx]; @@ -4246,7 +4246,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (extLen && extLen < ID_LEN) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (extLen) { if (session->ticketID == NULL) { @@ -4255,7 +4255,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (session->ticketID == 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -4297,7 +4297,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, if (WatchCb == NULL) { SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = wc_InitSha256(&sha); @@ -4307,7 +4307,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, ret = wc_Sha256Final(&sha, digest); if (ret != 0) { SetError(WATCH_HASH_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = WatchCb((void*)session, digest, sizeof(digest), @@ -4317,7 +4317,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, INC_STAT(SnifferStats.sslKeysUnmatched); #endif SetError(WATCH_FAIL_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { #ifdef WOLFSSL_SNIFFER_STATS @@ -4341,7 +4341,7 @@ static int ProcessCertificate(const byte* input, int* sslBytes, if (*sslBytes < CERT_HEADER_SZ) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -4358,14 +4358,14 @@ static int ProcessCertificate(const byte* input, int* sslBytes, if (*sslBytes < (int)certChainSz) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ato24(input, &certSz); input += OPAQUE24_LEN; if (*sslBytes < (int)certSz) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *sslBytes -= certChainSz; @@ -4443,7 +4443,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, if (ret != 0) { SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } session->flags.gotFinished = 1; @@ -4479,7 +4479,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, if (ret != 0) { SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif @@ -4529,7 +4529,7 @@ static int DoHandShake(const byte* input, int* sslBytes, if (*sslBytes < HANDSHAKE_HEADER_SZ) { SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } type = input[0]; size = (input[1] << 16) | (input[2] << 8) | input[3]; @@ -4595,7 +4595,7 @@ static int DoHandShake(const byte* input, int* sslBytes, if (HashUpdate(session->hash, input, size) != 0) { SetError(EXTENDED_MASTER_HASH_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; goto exit; } } @@ -4629,7 +4629,7 @@ static int DoHandShake(const byte* input, int* sslBytes, /* can't know temp key passively */ SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; + ret = WOLFSSL_FATAL_ERROR; #if defined(WOLFSSL_SNIFFER_STATS) INC_STAT(SnifferStats.sslEphemeralMisses); @@ -4680,7 +4680,7 @@ static int DoHandShake(const byte* input, int* sslBytes, else { SetError(EXTENDED_MASTER_HASH_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } XMEMSET(session->hash, 0, sizeof(HsHashes)); XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); @@ -4712,7 +4712,7 @@ static int DoHandShake(const byte* input, int* sslBytes, break; default: SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -5246,14 +5246,14 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame, if (*rhSize > *sslBytes) { SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, (word16)*rhSize); if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) { SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } Trace(OLD_CLIENT_OK_STR); @@ -5319,7 +5319,7 @@ static int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen, /* field, but tcp checksum offloading could negate calculation */ if (checksum == 0) return 0; - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -5342,7 +5342,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, /* ip header */ if (length < IP_HDR_SZ) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } version = IP_V(iphdr); @@ -5356,31 +5356,31 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, } if (CheckIpHdr(iphdr, ipInfo, length, error, trace) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #ifndef WOLFSSL_SNIFFER_WATCH if (checkReg && !IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) { SetError(SERVER_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* tcp header */ if (length < (ipInfo->length + TCP_HDR_SZ)) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } tcphdr = (TcpHdr*)(packet + ipInfo->length); if (CheckTcpHdr(tcphdr, tcpInfo, error, trace) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #ifndef WOLFSSL_SNIFFER_WATCH if (checkReg && !IsPortRegistered(tcpInfo->srcPort) && !IsPortRegistered(tcpInfo->dstPort)) { SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -5388,7 +5388,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, *sslFrame = packet + ipInfo->length + tcpInfo->length; if (*sslFrame > packet + length) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } /* We only care about the data in the TCP/IP record. There may be extra @@ -5430,7 +5430,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes, return 1; SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } return 1; } @@ -5453,7 +5453,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes, #endif SetError(BAD_SESSION_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } } return 0; @@ -5514,12 +5514,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory != -1 && (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *front = add; *reassemblyMemory += sslBytes; @@ -5536,12 +5536,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory -1 && (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, end, sslFrame, &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add->next = curr; *front = add; @@ -5578,13 +5578,13 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory != -1 && (int)(*reassemblyMemory + added) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq], &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add->next = prev->next; prev->next = add; @@ -5854,7 +5854,7 @@ static int FindNextRecordInAssembly(SnifferSession* session, if ( *sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -5946,7 +5946,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session) TraceAck(real, expected); if (real > expected) - return -1; /* we missed a packet, ACKing data we never saw */ + return WOLFSSL_FATAL_ERROR; /* we missed a packet, ACKing data we never saw */ } return 0; } @@ -5995,7 +5995,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo, UpdateMissedDataSessions(); #endif SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } else { SetError(ACK_MISSED_STR, error, session, 0); @@ -6066,13 +6066,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if (session->flags.fatalError == FATAL_ERROR_STATE) { SetError(FATAL_ERROR_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (skipPartial) { if (FindNextRecordInAssembly(session, sslFrame, sslBytes, end, error) < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6090,7 +6090,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } if (vChain == NULL) { @@ -6113,7 +6113,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6151,7 +6151,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, #ifdef OLD_HELLO_ALLOWED int ret = DoOldHello(session, *sslFrame, &rhSize, sslBytes, error); if (ret < 0) - return -1; /* error already set */ + return WOLFSSL_FATAL_ERROR; /* error already set */ if (*sslBytes <= 0) return 1; #endif @@ -6262,7 +6262,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, rhSize = 0; if (sslBytes < 0) { SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (sslBytes >= RECORD_HEADER_SZ) { if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) { @@ -6284,7 +6284,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, sslBytes, 0) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes); @@ -6322,11 +6322,11 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, } if (ssl->decrypt.setup != 1) { SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (CheckAvailableSize(ssl, rhSize) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } sslFrame = DecryptMessage(ssl, sslFrame, rhSize, @@ -6350,7 +6350,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (errCode != 0) { if ((enum ContentType)rh.type == application_data) { SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* do not end session for failures on handshake packets */ return 0; @@ -6375,7 +6375,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (session->flags.fatalError == 0) SetError(BAD_HANDSHAKE_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* DoHandShake now fully decrements sslBytes to remaining */ @@ -6429,7 +6429,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, *data = NULL; SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *data = tmpData; XMEMCPY(*data + decoded, @@ -6449,7 +6449,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, stored = StoreDataCb(buf, bufSz, offset, ctx); if (stored <= 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } offset += stored; } while (offset < bufSz); @@ -6457,13 +6457,13 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, else { SetError(STORE_DATA_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #else (void)ctx; SetError(NO_DATA_DEST_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; #endif } TraceAddedData(ret, decoded); @@ -6474,7 +6474,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, else { /* set error, but do not treat fatal */ SetError(BAD_APP_DATA_STR, error,session, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); @@ -6498,7 +6498,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, case no_type: default: SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* do we have another msg in record ? */ @@ -6846,7 +6846,7 @@ int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error) (void)error; if (sz < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (data != NULL) { @@ -6869,7 +6869,7 @@ int ssl_Trace(const char* traceFile, char* error) TraceFile = XFOPEN(traceFile, "a"); if (!TraceFile) { SetError(BAD_TRACE_FILE_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } TraceOn = 1; } @@ -6939,7 +6939,7 @@ int ssl_GetSessionStats(unsigned int* active, unsigned int* total, return 0; else { SetError(BAD_SESSION_STATS, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6980,7 +6980,7 @@ int ssl_ResetStatistics(void) int ssl_ReadStatistics(SSLStats* stats) { if (stats == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; LOCK_STAT(); XMEMCPY(stats, &SnifferStats, sizeof(SSLStats)); @@ -6994,7 +6994,7 @@ int ssl_ReadStatistics(SSLStats* stats) int ssl_ReadResetStatistics(SSLStats* stats) { if (stats == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; LOCK_STAT(); XMEMCPY(stats, &SnifferStats, sizeof(SSLStats)); @@ -7040,10 +7040,10 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz, int ret; if (vSniffer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (key == NULL || keySz == 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } sniffer = (SnifferSession*)vSniffer; @@ -7072,7 +7072,7 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz, if (ret != WOLFSSL_SUCCESS) { SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -7086,10 +7086,10 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType, int ret; if (vSniffer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (keyFile == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* Remap the keyType from what the user can use to @@ -7101,7 +7101,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType, if (ret < 0) { SetError(KEY_FILE_STR, error, NULL, 0); XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER, diff --git a/src/ssl.c b/src/ssl.c index 1eca6af168..8affb043a4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -853,7 +853,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) if (output == NULL) { *outputLen = totalLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (totalLen > *outputLen) { @@ -1010,7 +1010,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) if (output == NULL) { *outputLen = totalLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (totalLen > *outputLen) { @@ -2123,7 +2123,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, } if (out == NULL) { *olen = (size_t)profile->kdfBits; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*olen < (size_t)profile->kdfBits) { @@ -2332,7 +2332,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub) } else { WOLFSSL_MSG("No room in peer list."); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } else { @@ -4582,7 +4582,7 @@ int wolfSSL_GetCipherType(WOLFSSL* ssl) if (ssl->specs.cipher_type == aead) return WOLFSSL_AEAD_TYPE; - return -1; + return WOLFSSL_FATAL_ERROR; } @@ -6558,7 +6558,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isRsaKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6642,7 +6642,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isEccKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6730,7 +6730,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* test if DSA key */ if (!isDsaKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6814,7 +6814,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* test if DH key */ if (!isDhKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6898,7 +6898,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (ret != 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -7013,7 +7013,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isFalcon) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -7098,7 +7098,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isDilithium) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -13199,7 +13199,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ + * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return mode; } @@ -13226,7 +13226,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ + * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return 0; } @@ -13677,7 +13677,7 @@ static WC_INLINE int compare_WOLFSSL_CIPHER( (a->bits == b->bits)) return 0; else - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* OPENSSL_ALL || WOLFSSL_QT */ @@ -18083,7 +18083,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return WOLFSSL_FAILURE; *outLen = szNeeded + headerLen + footerLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* don't even try if inLen too short */ @@ -19095,7 +19095,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) #endif if (o == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_QT @@ -19115,7 +19115,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!buf) { WOLFSSL_MSG("malloc error"); - return -1; + return WOLFSSL_FATAL_ERROR; } idx = SetObjectId(o->objSz, buf); XMEMCPY(buf + idx, o->obj, o->objSz); @@ -19124,12 +19124,12 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret < 0) { WOLFSSL_MSG("Issue getting OID of object"); - return -1; + return WOLFSSL_FATAL_ERROR; } } else { WOLFSSL_MSG("Issue getting OID of object"); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -19425,7 +19425,7 @@ static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr, CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC( sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL); if (new_ctx == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; new_ctx->ctx_l = ctx_l; new_ctx->ctx_ptr = ctx_ptr; new_ctx->new_func = new_func; @@ -19529,7 +19529,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, case WOLF_CRYPTO_EX_INDEX_SSL_SESSION: if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr, new_func, dup_func, free_func) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; idx = ssl_session_idx++; break; @@ -19550,7 +19550,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, break; } if (idx >= MAX_EX_DATA) - return -1; + return WOLFSSL_FATAL_ERROR; return idx; } #endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ @@ -22934,7 +22934,7 @@ int oid2nid(word32 oid, int grp) } } - return -1; + return WOLFSSL_FATAL_ERROR; } /* frees all nodes in the current threads error queue diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 22b36b577e..d1b036c3e0 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -96,7 +96,7 @@ static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item) for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { asn1Mem(obj, mem->offset) = asn1_new_tpl(mem); if (asn1Mem(obj, mem->offset) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } } @@ -110,7 +110,7 @@ static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item) break; default: WOLFSSL_MSG("ASN1 type not implemented"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -516,7 +516,7 @@ static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, != tag || GetLength(*src, &idx, asnLen, (word32)*len) < 0) { WOLFSSL_MSG("asn tag error"); - return -1; + return WOLFSSL_FATAL_ERROR; } *len -= idx; *src += idx; @@ -526,20 +526,20 @@ static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, * tag so we substitute it for the expected tag. */ if (mem->first_byte == 0) { WOLFSSL_MSG("first byte not set"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 || (byte)mem->tag != (tag & ASN_TYPE_MASK) || GetLength(*src, &idx, asnLen, (word32)*len) < 0) { WOLFSSL_MSG("asn tag error"); - return -1; + return WOLFSSL_FATAL_ERROR; } *asnLen += idx; /* total buffer length */ *impBuf = (byte*)XMALLOC(*asnLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*impBuf == NULL) { WOLFSSL_MSG("malloc error"); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMCPY(*impBuf, *src, *asnLen); (*impBuf)[0] = mem->first_byte; @@ -608,7 +608,7 @@ static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len, err = GetSequence(s, &idx, &slen, (word32)len); if (err <= 0) { WOLFSSL_MSG("GetSequence error"); - return -1; + return WOLFSSL_FATAL_ERROR; } s += idx; len -= idx; @@ -617,7 +617,7 @@ static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len, asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len); if (asn1Mem(obj, mem->offset) == NULL) { WOLFSSL_MSG("d2i error"); - return -1; + return WOLFSSL_FATAL_ERROR; } } *src = s; @@ -638,7 +638,7 @@ static int d2i_ASN_CHOICE(void* obj, const byte **src, long len, } } WOLFSSL_MSG("der does not decode with any CHOICE"); - return -1; + return WOLFSSL_FATAL_ERROR; } static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len, @@ -690,11 +690,11 @@ void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len, case WOLFSSL_ASN1_OBJECT_TYPE: obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item); if (obj == NULL) - err = -1; + err = WOLFSSL_FATAL_ERROR; break; default: WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i"); - err = -1; + err = WOLFSSL_FATAL_ERROR; break; } @@ -1123,7 +1123,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src) * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. - * @return -1 when a or b is NULL. + * @return WOLFSSL_FATAL_ERROR when a or b is NULL. */ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b) @@ -1135,11 +1135,11 @@ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { WOLFSSL_MSG("Bad parameter."); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Negative value < Positive value */ else if (a->negative && !b->negative) { - ret = -1; + ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */ } /* Positive value > Negative value */ else if (!a->negative && b->negative) { @@ -1204,7 +1204,7 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg) /* Get length from DER header. */ if (GetLength(data, &idx, &len, (word32)length) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { if (neg != NULL) { @@ -1832,7 +1832,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a) /* Create a big number from the DER encoding. */ bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL); if (bn == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret > 0) { @@ -2584,7 +2584,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1) * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. - * @return -1 when a or b is NULL. + * @return WOLFSSL_FATAL_ERROR when a or b is NULL. */ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b) @@ -2594,7 +2594,7 @@ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Compare length of data. */ else if (a->length != b->length) { @@ -2717,7 +2717,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) len = wolfSSL_ASN1_STRING_length(asn1); /* Check data and length are usable. */ if ((data == NULL) || (len < 0)) { - len = -1; + len = WOLFSSL_FATAL_ERROR; } } if (len != -1) { @@ -2725,7 +2725,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL, DYNAMIC_TYPE_OPENSSL); if (buf == NULL) { - len = -1; + len = WOLFSSL_FATAL_ERROR; } } if (len != -1) { @@ -2827,7 +2827,7 @@ static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s, unsigned char* out; if (s == NULL || s->data == NULL || s->length == 0) - return -1; + return WOLFSSL_FATAL_ERROR; len = SetHeader(tag, s->length, NULL, 0) + s->length; @@ -2880,7 +2880,7 @@ int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s, unsigned char* out; if (s == NULL || s->data == NULL || s->length == 0) - return -1; + return WOLFSSL_FATAL_ERROR; if (pp == NULL) return s->length; @@ -3389,7 +3389,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, /* Write out hash character to indicate hex string. */ if (wolfSSL_BIO_write(bio, hash, 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; } else { /* Check if we are to write out DER header. */ @@ -3401,7 +3401,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, str_len += 4; /* Write out tag and length as hex digits. */ if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; } } } @@ -3419,7 +3419,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, str_len += 2; /* Write out character as hex digites. */ if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } @@ -3474,7 +3474,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio, str_len++; /* Write out escaping character. */ if (wolfSSL_BIO_write(bio,"\\", 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } @@ -3482,7 +3482,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio, str_len++; /* Write out character. */ if (wolfSSL_BIO_write(bio, p, 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } diff --git a/src/ssl_bn.c b/src/ssl_bn.c index acd0e05ea5..e45e19da50 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -64,7 +64,7 @@ static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg) if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) else if (neg) { @@ -102,17 +102,17 @@ int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi) /* Validate parameters. */ if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (mpi == NULL) { WOLFSSL_MSG("mpi NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy the internal representation into MP integer. */ if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; @@ -145,7 +145,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) /* Validate parameters. */ if ((bn == NULL) || (mpi == NULL)) { WOLFSSL_MSG("mpi or bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Allocate a new big number if one not passed in. */ @@ -153,7 +153,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) a = wolfSSL_BN_new(); if (a == NULL) { WOLFSSL_MSG("wolfssl_bn_set_value alloc failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } *bn = a; } @@ -161,7 +161,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) /* Copy MP integer value into internal representation of big number. */ if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) { WOLFSSL_MSG("mp_copy error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Dispose of any allocated big number on error. */ @@ -455,7 +455,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) /* Validate parameters. */ if (BN_IS_NULL(bn)) { WOLFSSL_MSG("NULL bn error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get the length of the encoding. */ @@ -464,7 +464,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY)) { WOLFSSL_MSG("mp_to_unsigned_bin error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -1132,8 +1132,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) ret = 0; } else { - /* NULL less than not NULL. */ - ret = -1; + ret = -1; /* NULL less than not NULL. */ } } else if (bIsNull) { @@ -1150,9 +1149,12 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) else if (ret == MP_GT) { ret = 1; } - else { + else if (ret == MP_LT) { ret = -1; } + else { + ret = WOLFSSL_FATAL_ERROR; /* also -1 */ + } } return ret; @@ -2271,18 +2273,18 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks, if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Create a new RNG or use global. */ if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res, rng) != MP_OKAY)) { WOLFSSL_MSG("mp_prime_is_prime_ex error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (localRng) { diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index b529708fe8..fba578c508 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -2431,7 +2431,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* key, /* Check key parity is odd. */ if ((ret == 0) && (!wolfSSL_DES_check_key_parity(key))) { WOLFSSL_MSG("Odd parity test fail"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Check whether key is weak. */ if ((ret == 0) && wolfSSL_DES_is_weak_key(key)) { @@ -2929,19 +2929,19 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, /* Validate parameters. */ if ((key == NULL) || (aes == NULL)) { WOLFSSL_MSG("Null argument passed in"); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(aes, 0, sizeof(AES_KEY)); if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) { WOLFSSL_MSG("Error in initting AES key"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) { WOLFSSL_MSG("Error in setting AES key"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; } diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c index d2f35b0226..fba27676db 100644 --- a/src/ssl_p7p12.c +++ b/src/ssl_p7p12.c @@ -602,7 +602,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) canonLineLen = (word32)lineLen; if ((canonLine = wc_MIME_single_canonicalize( line, &canonLineLen)) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -612,7 +612,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) } if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); @@ -621,7 +621,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) else { /* no line ending in current line, write direct to out */ if (wolfSSL_BIO_write(out, line, lineLen) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } } diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 0df3ab62b0..82bcd69dbb 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -1625,7 +1625,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, ID_LEN, &error) % CLIENT_SESSION_ROWS; } else { - error = -1; + error = WOLFSSL_FATAL_ERROR; } if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) { clientIdx = (word32)ClientCache[clientRow].nextIdx; @@ -1644,7 +1644,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, } } else { - error = -1; + error = WOLFSSL_FATAL_ERROR; ClientCache[clientRow].nextIdx = 0; /* reset index as safety */ WOLFSSL_MSG("Invalid client cache index! " "Possible corrupted memory"); @@ -1709,7 +1709,7 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) if (clientSession->serverRow >= SESSION_ROWS || clientSession->serverIdx >= SESSIONS_PER_ROW) { WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); - error = -1; + error = WOLFSSL_FATAL_ERROR; } if (error == 0) { /* Lock row */ @@ -1734,7 +1734,7 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) if (cacheSession && cacheSession->sessionIDSz == 0) { cacheSession = NULL; WOLFSSL_MSG("Session cache entry not set"); - error = -1; + error = WOLFSSL_FATAL_ERROR; } } if (error == 0) { diff --git a/src/tls.c b/src/tls.c index 828db2c312..94742c9fbe 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3886,7 +3886,7 @@ int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s) csr2 = TLSX_CSR2_GetMulti(extensions); if (!csr2) - return -1; + return WOLFSSL_FATAL_ERROR; s->next = csr2->pendingSigners; csr2->pendingSigners = s; @@ -9559,14 +9559,14 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) #ifdef HAVE_LIBOQS if (!TLSX_KeyShare_IsSupported(group)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif for (i = 0; i < numGroups; i++) if (groups[i] == (word16)group) return i; - return -1; + return WOLFSSL_FATAL_ERROR; } /* Set a key share that is supported by the client into extensions. diff --git a/src/tls13.c b/src/tls13.c index 10e578edd5..e9defe6bda 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4145,7 +4145,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config) return i; } - return -1; + return WOLFSSL_FATAL_ERROR; } /* returns status after we hash the ech inner */ @@ -4418,11 +4418,11 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ssl->options.useEch == 1 && !ssl->options.disableECH) { TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; args->ech = (WOLFSSL_ECH*)echX->data; if (args->ech == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; @@ -4816,7 +4816,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, break; #endif /* WOLFSSL_SM3 */ default: - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } } @@ -4954,7 +4954,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, break; #endif /* WOLFSSL_SM3 */ default: - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -6938,7 +6938,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ; ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz; @@ -7409,7 +7409,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* replace the last 8 bytes of server random with the accept */ if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) { diff --git a/src/wolfio.c b/src/wolfio.c index 658dfe9339..a36ff53bd6 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1198,7 +1198,7 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr unsigned long blocking = non_blocking; ret = ioctlsocket(sockfd, FIONBIO, &blocking); if (ret == SOCKET_ERROR) - ret = -1; + ret = WOLFSSL_FATAL_ERROR; #else ret = fcntl(sockfd, F_GETFL, 0); if (ret >= 0) { @@ -1228,7 +1228,7 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) { WOLFSSL_MSG("socket fd out of FDSET range"); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -1314,7 +1314,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #endif /* HAVE_SOCKADDR */ if (sockfd == NULL || ip == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #if !defined(HAVE_GETADDRINFO) @@ -1343,12 +1343,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) if (wolfIO_Word16ToString(strPort, port) == 0) { WOLFSSL_MSG("invalid port number for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } sockaddr_len = answer->ai_addrlen; @@ -1412,7 +1412,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) } else { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #else @@ -1452,7 +1452,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) if (entry == NULL) { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -1465,7 +1465,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) { WOLFSSL_MSG("bad socket fd, out of fds?"); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef HAVE_IO_TIMEOUT @@ -1499,7 +1499,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) WOLFSSL_MSG("Responder tcp connect failed"); CloseSocket(*sockfd); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; #else @@ -1507,7 +1507,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) (void)ip; (void)port; (void)to_sec; - return -1; + return WOLFSSL_FATAL_ERROR; #endif /* HAVE_SOCKADDR */ } @@ -1520,7 +1520,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr; if (sockfd == NULL || port < 1) { - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(&addr, 0, sizeof(addr)); @@ -1538,7 +1538,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) { WOLFSSL_MSG("socket failed"); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ @@ -1559,14 +1559,14 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) WOLFSSL_MSG("wolfIO_TcpBind failed"); CloseSocket(*sockfd); *sockfd = SOCKET_INVALID; - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; #else (void)sockfd; (void)port; - return -1; + return WOLFSSL_FATAL_ERROR; #endif /* HAVE_SOCKADDR */ } @@ -1646,7 +1646,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath, } for (j = 0; j < i; j++) { - if (port[j] < '0' || port[j] > '9') return -1; + if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR; bigPort = (bigPort * 10) + (word32)(port[j] - '0'); } if (outPort) @@ -1726,7 +1726,7 @@ static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb, else { WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf bad size"); XFREE(newRecvBuf, heap, dynType); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1740,7 +1740,7 @@ static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb, else { WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed"); XFREE(newRecvBuf, heap, dynType); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -3054,7 +3054,7 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx) { uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx; if (!ctx || !ctx->ssl_rx_databuf) - return -1; + return WOLFSSL_FATAL_ERROR; (void)ssl; if (ctx->ssl_rb_len > 0) { if (sz > ctx->ssl_rb_len - ctx->ssl_rb_off) @@ -3206,7 +3206,7 @@ int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) ret = tcp_write(nlwip->pcb, buf, sz, TCP_WRITE_FLAG_COPY); if (ret != ERR_OK) { - sz = -1; + sz = WOLFSSL_FATAL_ERROR; } return sz; diff --git a/src/x509.c b/src/x509.c index 7240c7fb16..fbceee021d 100644 --- a/src/x509.c +++ b/src/x509.c @@ -461,13 +461,13 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, if (!x || !obj) { WOLFSSL_MSG("Bad parameter"); - return -1; + return WOLFSSL_FATAL_ERROR; } sk = wolfSSL_X509_get0_extensions(x); if (!sk) { WOLFSSL_MSG("No extensions"); - return -1; + return WOLFSSL_FATAL_ERROR; } lastpos++; if (lastpos < 0) @@ -476,7 +476,7 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk, lastpos)->obj, obj) == 0) return lastpos; - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ @@ -1993,7 +1993,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) * lastPos : Start search from extension after lastPos. * Set to -1 to search from index 0. * return >= 0 If successful the extension index is returned. - * return -1 If extension is not found or error is encountered. + * return WOLFSSL_FATAL_ERROR If extension is not found or error is encountered. */ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) { @@ -4503,7 +4503,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); if (sk == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } return (int)sk->num; @@ -4674,7 +4674,7 @@ int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk) WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_num"); if (sk == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } return wolfSSL_sk_num(sk); @@ -5335,7 +5335,7 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) { WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz"); if (!name) - return -1; + return WOLFSSL_FATAL_ERROR; return name->sz; } @@ -9084,7 +9084,7 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) return wolfSSL_X509_cmp_time(asnTime, NULL); } -/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise +/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, and 1 otherwise * return 0 on error */ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) @@ -10924,7 +10924,7 @@ static int ConvertNIDToWolfSSL(int nid) case NID_favouriteDrink: return ASN_FAVOURITE_DRINK; default: WOLFSSL_MSG("Attribute NID not found"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif /* OPENSSL_ALL || OPENSSL_EXTRA || @@ -12424,7 +12424,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( int idx) { if (!name || idx >= MAX_NAME_ENTRIES || !obj || !obj->obj) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (idx < 0) { @@ -12441,7 +12441,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( } } } - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -12777,7 +12777,7 @@ int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk, return i; } } - return -1; + return WOLFSSL_FATAL_ERROR; } /* Name Entry */ @@ -13417,7 +13417,7 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s) WOLFSSL_ENTER("wolfSSL_sk_X509_num"); if (s == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)s->num; } @@ -13549,7 +13549,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, else { for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) { if (chk[i] == '\0') { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; goto out; } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e99852296c..c9c30d0240 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3665,7 +3665,7 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS } else { *outSz = outIdx; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } @@ -4033,7 +4033,7 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) /* Return the length of the DER encoded ASN.1 */ *derSz = j; if (der == NULL) { - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } end: #ifdef WOLFSSL_SMALL_STACK @@ -7238,7 +7238,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, WOLFSSL_MSG("Checking size of PKCS8"); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } WOLFSSL_ENTER("wc_CreatePKCS8Key"); @@ -7366,7 +7366,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, /* Check for buffer to encoded into. */ if ((ret == 0) && (out == NULL)) { WOLFSSL_MSG("Checking size of PKCS8"); - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { /* Encode PKCS #8 key into buffer. */ @@ -8573,7 +8573,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, if (out == NULL) { /* Sequence tag, length */ *outSz = 1 + SetLength(outerLen, NULL) + outerLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } SetOctetString(keySz + padSz, out); @@ -9287,7 +9287,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if (out == NULL) { *outSz = totalSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } inOutIdx = 0; @@ -9443,7 +9443,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* Return size when no output buffer. */ if ((ret == 0) && (out == NULL)) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check output buffer is big enough for encoded data. */ if ((ret == 0) && (sz > (int)*outSz)) { @@ -10218,7 +10218,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* if no output, then just getting size */ if (output == NULL) { *outSz = total; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* make sure output fits in buffer */ @@ -10293,7 +10293,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz); if (output == NULL) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && ((int)*outSz < sz)) { @@ -10357,7 +10357,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) if (output == NULL) { *outSz = idx; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* make sure output fits in buffer */ if (idx > *outSz) { @@ -10405,7 +10405,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) } if ((ret == 0) && (output == NULL)) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && (*outSz < (word32)sz)) { @@ -11256,7 +11256,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, *inLen = outLen; if (output == NULL) { FreeTmpDsas(tmps, key->heap, ints); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (outLen > *inLen) { FreeTmpDsas(tmps, key->heap, ints); @@ -11318,7 +11318,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, } if ((ret == 0) && (output == NULL)) { *inLen = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && (sz > (int)*inLen)) { @@ -11369,7 +11369,7 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen) } /* This version of the function allows output to be NULL. In that case, the - DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer + DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer size will be pointed to by inLen. */ int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen) { @@ -11875,7 +11875,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, pubSz = 1 + pubSz; else pubSz = 1 + 2 * pubSz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); #else ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp); #endif @@ -26113,7 +26113,7 @@ int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, /* if derKey is NULL, return required output buffer size in derKeySz */ if (derKey == NULL) { *derKeySz = cert->pubKeySize; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { @@ -26180,7 +26180,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz) if (uuid == NULL) { *uuidSz = (word32)id->len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((int)*uuidSz < id->len) { @@ -26208,7 +26208,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz) if (id != NULL && id->oidSum == FASCN_OID) { if (fascn == NULL) { *fascnSz = (word32)id->len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((int)*fascnSz < id->len) { @@ -34686,7 +34686,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (inLen != NULL && totalSz > *inLen) { #ifndef WOLFSSL_NO_MALLOC @@ -34798,7 +34798,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Return the size if no buffer. */ if ((ret == 0) && (output == NULL)) { *inLen = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check the buffer is big enough. */ if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) { @@ -34937,7 +34937,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif *outLen = pkcs8Sz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*outLen < pkcs8Sz) { diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 27cf988187..aa87ae7949 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -458,7 +458,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, *outLen = i; if (ret == 0) - return getSzOnly ? LENGTH_ONLY_E : 0; + return getSzOnly ? WC_NO_ERR_TRACE(LENGTH_ONLY_E) : 0; return ret; } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c2f1fc0b2d..b26af8add5 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -3149,7 +3149,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, *pSz = pLen; *qSz = qLen; *gSz = gLen; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 520c100408..6ed4435fdd 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -542,7 +542,7 @@ int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz, *pSz = pLen; *qSz = qLen; *gSz = gLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (p == NULL || q == NULL || g == NULL) @@ -616,7 +616,7 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) if (x == NULL && y == NULL) { *xSz = xLen; *ySz = yLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (x == NULL || y == NULL) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index f834ef06e9..3d439e1cf7 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -9593,7 +9593,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, /* return length needed only */ if (point != NULL && out == NULL && outLen != NULL) { *outLen = 1 + 2*numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (point == NULL || out == NULL || outLen == NULL) @@ -9669,7 +9669,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point, /* return length needed only */ if (point != NULL && out == NULL && outLen != NULL) { *outLen = output_len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (point == NULL || out == NULL || outLen == NULL) @@ -9733,7 +9733,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* if key hasn't been setup assume max bytes for size estimation */ numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; *outLen = 1 + 2 * numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (key == NULL || out == NULL || outLen == NULL) @@ -15366,7 +15366,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen if (*outLen < (1 + numlen)) { *outLen = 1 + numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (out == NULL) diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 157c5ba7a9..2be700fcb4 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -516,7 +516,7 @@ static int eccsi_encode_point(ecc_point* point, word32 size, byte* data, if (data == NULL) { *sz = size * 2 + !raw; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < size * 2 + !raw)) { err = BUFFER_E; @@ -655,7 +655,7 @@ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)(key->ecc.dp->size * 3); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size * 3) { err = BUFFER_E; @@ -777,7 +777,7 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size) { err = BUFFER_E; @@ -1016,7 +1016,7 @@ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt, if ((err == 0) && (data == NULL)) { *sz = (word32)(key->ecc.dp->size * 3); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < (word32)(key->ecc.dp->size * 3))) { err = BUFFER_E; @@ -1077,7 +1077,7 @@ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size) { err = BUFFER_E; @@ -2000,7 +2000,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, sz = (word32)key->ecc.dp->size; if (sig == NULL) { *sigSz = sz * 4 + 1; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } if ((err == 0) && (*sigSz < sz * 4 + 1)) { diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index c24e1f1810..3cddc646b4 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -995,7 +995,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) if (der == NULL && derSz != NULL) { *derSz = (int)totalSz; XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*der == NULL) { @@ -1809,7 +1809,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, } if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { *outSz = sz + MAX_LENGTH_SZ + 1; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret < 0) { return ret; @@ -1871,7 +1871,7 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng, if (out == NULL) { *outSz = MAX_SEQ_SZ + WC_PKCS12_DATA_OBJ_SZ + 1 + MAX_LENGTH_SZ + length; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } heap = wc_PKCS12_GetHeap(pkcs12); @@ -1948,7 +1948,7 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12, *outSz = (word32)(MAX_SEQ_SZ + WC_CERTBAG_OBJECT_ID + 1 + MAX_LENGTH_SZ + MAX_SEQ_SZ + WC_CERTBAG1_OBJECT_ID + 1 + MAX_LENGTH_SZ + 1 + MAX_LENGTH_SZ + (int)certSz); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* check buffer size able to handle max size */ @@ -2093,7 +2093,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, totalSz += SetLength(outerSz, seq) + outerSz; if (out == NULL) { *outSz = totalSz + SetSequence(totalSz, seq); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < totalSz + SetSequence(totalSz, seq)) { @@ -2181,7 +2181,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, if (out == NULL) { *outSz = totalSz + SetSequence(totalSz, seq); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < (totalSz + SetSequence(totalSz, seq))) { diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index e6fa08c211..602e0c29ad 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1456,7 +1456,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, if (out == NULL) { *outSz = attrib->valueSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < attrib->valueSz) { @@ -6587,7 +6587,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz) if (out == NULL) { *outSz = pkcs7->signerInfo->sidSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < pkcs7->signerInfo->sidSz) { @@ -8841,7 +8841,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, /* if user set out to NULL, give back required length */ if (out == NULL) { *outSz = (word32)outLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* verify output buffer is large enough */ diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index a514ecce7f..1fff41d7eb 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -633,7 +633,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz) else { if (out == NULL) { *outSz = ret; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((word32)ret > *outSz) { WOLFSSL_MSG("Output buffer not large enough for object"); diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index bcfc814857..1cb01bb476 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2926,7 +2926,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, if (out == NULL) { *outSz = inLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } switch (key->state) { diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index a3407ed737..962299f340 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -622,7 +622,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)(3 * key->ecc.dp->size); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err >= 0) && (*sz < (word32)(3 * key->ecc.dp->size))) { err = BUFFER_E; @@ -731,7 +731,7 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err >= 0) && (*sz < (word32)key->ecc.dp->size)) { err = BUFFER_E; @@ -848,7 +848,7 @@ static int sakke_encode_point(ecc_point* point, word32 size, byte* data, if (data == NULL) { *sz = size * 2 + !raw; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < size * 2 + !raw)) { err = BUFFER_E; @@ -1419,7 +1419,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk, } if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -6421,7 +6421,7 @@ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)(key->ecc.dp->size * 2); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < (word32)key->ecc.dp->size * 2)) { err = BUFFER_E; @@ -6531,7 +6531,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len) #else if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { *len = 0; @@ -6729,7 +6729,7 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType, *authSz = outSz; if (auth == NULL) { - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } @@ -6824,7 +6824,7 @@ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz) /* Return length only if an output buffer is NULL. */ if (ssv == NULL) { *ssvSz = (word16) (n / 8); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else { n = *ssvSz; diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 34e771b6ea..403fbac003 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -152927,7 +152927,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -152985,7 +152985,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -155919,7 +155919,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -156148,7 +156148,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 196146c163..b2bb9c738b 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -121840,7 +121840,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -121898,7 +121898,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -124576,7 +124576,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -124805,7 +124805,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 48831471d6..bc201b08f4 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -214918,7 +214918,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -214976,7 +214976,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -217910,7 +217910,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -218139,7 +218139,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 557ded06d6..478e67e594 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -50966,7 +50966,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -51024,7 +51024,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -53958,7 +53958,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -54187,7 +54187,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index cd55ca3aed..c4481bd884 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -49795,7 +49795,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -49853,7 +49853,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -52531,7 +52531,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -52760,7 +52760,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index f664cf2d30..1bb8aa8387 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -78246,7 +78246,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -78304,7 +78304,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -81238,7 +81238,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -81467,7 +81467,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index cef7ffb54e..19fba33795 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -100243,7 +100243,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -100307,7 +100307,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -104076,7 +104076,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -104305,7 +104305,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -104636,7 +104636,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -104838,7 +104838,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) &&