20260322-various-fixes

examples/client/client.c

@@ -1044,7 +1044,7 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
     printf("%s\n", tmpBuf);
 
     ret = wolfSSL_shutdown(ssl);
-    if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+    if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
         if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
                 TEST_RECV_READY) {
             ret = wolfSSL_shutdown(ssl);    /* bidirectional shutdown */
@@ -4687,15 +4687,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
     ret = wolfSSL_shutdown(ssl);
-    if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+    if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
         while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
                 TEST_RECV_READY) {
             ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
             if (ret == WOLFSSL_SUCCESS) {
                 printf("Bidirectional shutdown complete\n");
                 break;
             }
-            else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
+            else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
                 LOG_ERROR("Bidirectional shutdown failed\n");
                 break;
             }
@@ -4932,7 +4932,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 sendGET, " resume", 0);
 
         ret = wolfSSL_shutdown(sslResume);
-        if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+        if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE))
             wolfSSL_shutdown(sslResume);    /* bidirectional shutdown */
 
         /* display collected statistics */

examples/server/server.c

@@ -4044,15 +4044,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #endif /* WOLFSSL_DTLS13 */
 
         ret = SSL_shutdown(ssl);
-        if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+        if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
             while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
                     TEST_RECV_READY) {
                 ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
                 if (ret == WOLFSSL_SUCCESS) {
                     printf("Bidirectional shutdown complete\n");
                     break;
                 }
-                else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
+                else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
                     LOG_ERROR("Bidirectional shutdown failed\n");
                     break;
                 }

src/bio.c

@@ -2646,7 +2646,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
         if (b->ptr.ssl != NULL) {
             int rc = wolfSSL_shutdown(b->ptr.ssl);
-            if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
+            if (rc == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
                 /* In this case, call again to give us a chance to read the
                  * close notify alert from the other end. */
                 wolfSSL_shutdown(b->ptr.ssl);

src/keys.c

@@ -3571,7 +3571,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
 #endif
 
 #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
-    ret = PROTOCOLCB_UNAVAILABLE;
+    ret = WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE);
     if (ssl->ctx->EncryptKeysCb) {
         void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
         #if defined(WOLFSSL_RENESAS_FSPSM_TLS)

src/tls13.c

@@ -234,7 +234,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
 {
     int ret;
 #if defined(HAVE_PK_CALLBACKS)
-    ret = NOT_COMPILED_IN;
+    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
     if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) {
         ret = ssl->ctx->HKDFExpandLabelCb(okm, okmLen, prk, prkLen,
                                          protocol, protocolLen,
@@ -2662,7 +2662,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
                     nonceSz = AESGCM_NONCE_SZ;
 
                 #if defined(HAVE_PK_CALLBACKS)
-                    ret = NOT_COMPILED_IN;
+                    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
                     if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) {
                         ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1,
                                   output, input, dataSz,
@@ -2704,7 +2704,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
 
                     nonceSz = AESCCM_NONCE_SZ;
                 #if defined(HAVE_PK_CALLBACKS)
-                    ret = NOT_COMPILED_IN;
+                    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
                     if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) {
                         ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1,
                                   output, input, dataSz,
@@ -3063,7 +3063,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
                     nonceSz = AESGCM_NONCE_SZ;
 
                 #if defined(HAVE_PK_CALLBACKS)
-                    ret = NOT_COMPILED_IN;
+                    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
                     if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) {
                         ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0,
                                   output, input, dataSz,
@@ -3102,7 +3102,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
 
                     nonceSz = AESCCM_NONCE_SZ;
                 #if defined(HAVE_PK_CALLBACKS)
-                    ret = NOT_COMPILED_IN;
+                    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
                     if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) {
                         ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0,
                                   output, input, dataSz,
@@ -6892,7 +6892,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     {
         /* Reset state */
-        ret = VERSION_ERROR;
+        ret = WC_NO_ERR_TRACE(VERSION_ERROR);
         ssl->options.asyncState = TLS_ASYNC_BEGIN;
         XMEMSET(args, 0, sizeof(Dch13Args));
     #ifdef WOLFSSL_ASYNC_CRYPT

tests/api.c

@@ -6713,13 +6713,15 @@ static int test_wolfSSL_read_write_ex(void)
 
     ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
     ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
-    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
-    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SUCCESS);
 
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
+
+    /* XXX this should be return EXPECT_RESULT(); */
     return TEST_SUCCESS;
 }
 
@@ -25691,7 +25693,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
 
     if (EXPECT_SUCCESS()) {
         ret = wolfSSL_shutdown(ssl);
-        if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) {
             ret = wolfSSL_shutdown(ssl);
         }
     }
@@ -29286,7 +29288,7 @@ static void test_ticket_and_psk_mixing_on_result(WOLFSSL* ssl)
     }
     do {
         ret = wolfSSL_shutdown(ssl);
-    } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE);
+    } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE));
     AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS);
     wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384");
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
@@ -29377,7 +29379,7 @@ static void test_prioritize_psk_on_result(WOLFSSL* ssl)
     }
     do {
         ret = wolfSSL_shutdown(ssl);
-    } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE);
+    } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE));
     AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS);
     wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384");
     /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is

wolfcrypt/src/logging.c

@@ -1939,7 +1939,7 @@ int wc_backtrace_render(void) {
         int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1);
         if (cur_init_count != 0) {
             (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1);
-            return DEADLOCK_AVERTED_E;
+            return WC_NO_ERR_TRACE(DEADLOCK_AVERTED_E);
         }
         ret = wc_InitMutex(&backtrace_mutex);
         if (ret != 0)
@@ -1960,7 +1960,7 @@ int wc_backtrace_render(void) {
     if (backtrace_state == NULL) {
         if (backtrace_init(&backtrace_state) < 0) {
             wc_UnLockMutex(&backtrace_mutex);
-            return BAD_STATE_E;
+            return WC_NO_ERR_TRACE(BAD_STATE_E);
         }
     }
 

wolfssl/ssl.h

@@ -3075,6 +3075,14 @@ enum { /* ssl Constants */
     WOLFSSL_SHUTDOWN_NOT_DONE =  2,
 #endif
 
+    #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+            (defined(BUILDING_WOLFSSL) || \
+             defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+        #define WOLFSSL_SHUTDOWN_NOT_DONE \
+            WC_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)
+        #define CONST_NUM_ERR_WOLFSSL_SHUTDOWN_NOT_DONE 0
+    #endif
+
     WOLFSSL_FILETYPE_ASN1    = CTC_FILETYPE_ASN1,
     WOLFSSL_FILETYPE_PEM     = CTC_FILETYPE_PEM,
     WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */

wolfssl/wolfcrypt/error-crypt.h

@@ -355,7 +355,7 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
     #endif
     #ifndef WC_ERR_TRACE
         #if defined(__GNUC__) && !defined(__STRICT_ANSI__)
-            #define WC_ERR_TRACE(label)                                   \
+            #define WC_ERR_TRACE(label) __extension__                     \
                 ({ if (wc_debug_trace_error_codes_enabled()) {            \
                     (void)WOLFSSL_DEBUG_PRINTF_FN(                        \
                                           WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \