Skip to content

Commit

Permalink
add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, W…
Browse files Browse the repository at this point in the history
…C_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES.
  • Loading branch information
douzzer committed Jun 8, 2024
1 parent f7bc78c commit b3e8f0a
Show file tree
Hide file tree
Showing 76 changed files with 1,057 additions and 787 deletions.
16 changes: 16 additions & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,17 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"],
[AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"])

AC_ARG_ENABLE([debug-trace-errcodes],
[ AS_HELP_STRING([--enable-debug-trace-errcodes],[Print trace messages when library errors are thrown.]) ],
[ ENABLED_DEBUG_TRACE_ERRCODES=$enableval ],
[ ENABLED_DEBUG_TRACE_ERRCODES=no ]
)

if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_TRACE_ERROR_CODES"
fi

# Start without certificates enabled and enable if a certificate algorithm is
# enabled
ENABLED_CERTS="no"
Expand Down Expand Up @@ -9788,6 +9799,11 @@ echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "yes"
then
support/gen-debug-trace-error-codes.sh || AC_MSG_ERROR([Header generation for debug-trace-errcodes failed.])
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no"
then
SAVE_CFLAGS=$CFLAGS
Expand Down
2 changes: 1 addition & 1 deletion src/bio.c
Original file line number Diff line number Diff line change
Expand Up @@ -403,7 +403,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
/* get the encoded length */
if (bio->flags & WOLFSSL_BIO_FLAG_BASE64_NO_NL) {
if (Base64_Encode_NoNl((const byte*)data, inLen, NULL,
&sz) != LENGTH_ONLY_E) {
&sz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
WOLFSSL_MSG("Error with base64 get length");
return WOLFSSL_FATAL_ERROR;
}
Expand Down
10 changes: 6 additions & 4 deletions src/crl.c
Original file line number Diff line number Diff line change
Expand Up @@ -503,7 +503,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
/* Loading <issuer-hash>.rN form CRL file if find at the folder, */
/* and try again checking Cert in the CRL list. */
/* When not set the folder or not use hash_dir, do nothing. */
if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) {
if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
ret = LoadCertByIssuer(crl->cm->x509_store_p,
(WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
Expand All @@ -517,7 +517,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
#endif
if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check");
if (ret != CRL_CERT_DATE_ERR) {
if (ret != WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR)) {
ret = CRL_MISSING;
}

Expand Down Expand Up @@ -655,13 +655,15 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz,
verify, crl->cm);
if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)
&& verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error");
CRL_Entry_free(crl->currentEntry, crl->heap);
crl->currentEntry = NULL;
}
else {
ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E);
ret = AddCRL(crl, dcrl, myBuffer,
ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
if (ret != 0) {
WOLFSSL_MSG("AddCRL error");
crl->currentEntry = NULL;
Expand Down
18 changes: 9 additions & 9 deletions src/dtls.c
Original file line number Diff line number Diff line change
Expand Up @@ -107,14 +107,14 @@ int DtlsIgnoreError(int err)
{
/* Whitelist of errors not to ignore */
switch (err) {
case MEMORY_E:
case MEMORY_ERROR:
case ASYNC_INIT_E:
case ASYNC_OP_E:
case SOCKET_ERROR_E:
case WANT_READ:
case WANT_WRITE:
case COOKIE_ERROR:
case WC_NO_ERR_TRACE(MEMORY_E):
case WC_NO_ERR_TRACE(MEMORY_ERROR):
case WC_NO_ERR_TRACE(ASYNC_INIT_E):
case WC_NO_ERR_TRACE(ASYNC_OP_E):
case WC_NO_ERR_TRACE(SOCKET_ERROR_E):
case WC_NO_ERR_TRACE(WANT_READ):
case WC_NO_ERR_TRACE(WANT_WRITE):
case WC_NO_ERR_TRACE(COOKIE_ERROR):
return 0;
default:
return 1;
Expand Down Expand Up @@ -267,7 +267,7 @@ static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch,
return BUFFER_E;
ret = TlsCheckCookie(ssl, ch->cookieExt.elements + OPAQUE16_LEN,
(word16)(ch->cookieExt.size - OPAQUE16_LEN));
if (ret < 0 && ret != HRR_COOKIE_ERROR)
if (ret < 0 && ret != WC_NO_ERR_TRACE(HRR_COOKIE_ERROR))
return ret;
*cookieGood = ret > 0;
ret = 0;
Expand Down
3 changes: 2 additions & 1 deletion src/dtls13.c
Original file line number Diff line number Diff line change
Expand Up @@ -396,7 +396,8 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
* WANT_WRITE means that we are done with processing the msg and we are
* waiting to flush the output buffer. */
if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request &&
ssl->options.handShakeDone && ret == WC_PENDING_E)) {
ssl->options.handShakeDone &&
ret == WC_NO_ERR_TRACE(WC_PENDING_E))) {
if (IsAtLeastTLSv1_3(ssl->version))
Dtls13MsgWasProcessed(ssl, (enum HandShakeType)msg->type);
else if (downgraded)
Expand Down
Loading

0 comments on commit b3e8f0a

Please sign in to comment.