Skip to content

Refactor: Extract ExportEccTempKey, DhSetKey, and other helper functions from SendServerKeyExchange #9348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Refactor: Extract ExportEccTempKey, DhSetKey, and other helper functions from SendServerKeyExchange #9348

wants to merge 1 commit into from
+448 −699

Conversation

@effbiae
Copy link
Contributor

@effbiae effbiae commented Oct 26, 2025
edited by dgarske
Loading

Description

Refactor: Extract ExportEccTempKey, DhSetKey, and other helper functions from SendServerKeyExchange

  • Replace repeated DH key setup code with DhSetKey function calls
  • Refactor ECC and curve key handling into dedicated functions
  • Improve code organization by reducing duplication (440 insertions, 699 deletions)

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Oct 26, 2025

🛟 Devin Lifeguard found 1 likely issues in this PR

  • no-memory-leaks snippet: Check if the ecdhe_psk_kea branch still guarantees a jump to exit_sske when ret != 0; if not, add if (ret) goto exit_sske; immediately after the call to ExportEccTempKey (mirroring the old ERROR_OUT behaviour) so the allocated exportBuf is freed.

@effbiae
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

@wolfSSL-Bot
Copy link

wolfSSL-Bot commented Oct 26, 2025

Can one of the admins verify this patch?

@dgarske
Copy link
Contributor

dgarske commented Oct 26, 2025

Okay to test. Contributor agreement on file. Thank you @effbiae

dgarske
dgarske requested changes Oct 27, 2025
View reviewed changes
@effbiae effbiae force-pushed the ExportEccTempKey branch 4 times, most recently from 8f5cd5a to 132c651 Compare October 28, 2025 08:10
dgarske
dgarske requested changes Oct 28, 2025
View reviewed changes
@effbiae effbiae force-pushed the ExportEccTempKey branch 2 times, most recently from a29d156 to 6d85ac5 Compare October 29, 2025 06:04
@effbiae
Copy link
Contributor Author

effbiae commented Oct 29, 2025

what happened in the jenkins failures?

@dgarske dgarske self-requested a review October 29, 2025 12:23
dgarske
dgarske requested changes Oct 29, 2025
View reviewed changes
@effbiae effbiae force-pushed the ExportEccTempKey branch 2 times, most recently from 02ffae0 to 7a35585 Compare October 30, 2025 03:22
@dgarske dgarske self-requested a review October 30, 2025 15:01
dgarske
dgarske requested changes Oct 30, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy is unhappy still:

[clang-tidy-defaults] [7 of 7] [wolfssl]
    configure...   real 0m44.049s  user 0m6.974s  sys 0m2.546s
    build.../tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35798:32: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
args->tmpSigSz = (word32)keySz;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35933:9: note: Loop condition is false.  Exiting loop
WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
^
./wolfssl/wolfcrypt/logging.h:259:30: note: expanded from macro 'WOLFSSL_START'
#define WOLFSSL_START(n) WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35934:9: note: Loop condition is false.  Exiting loop
WOLFSSL_ENTER("SendServerKeyExchange");
^
./wolfssl/wolfcrypt/logging.h:367:39: note: expanded from macro 'WOLFSSL_ENTER'
#define WOLFSSL_ENTER(m)          WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35941:13: note: Assuming field 'async' is not equal to NULL
if (ssl->async == NULL) {
^~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35941:9: note: Taking false branch
if (ssl->async == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35959:13: note: Assuming field 'buildingMsg' is 0
if (ssl->options.buildingMsg) {
^~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35959:9: note: Taking false branch
if (ssl->options.buildingMsg) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35978:9: note: Control jumps to 'case TLS_ASYNC_BEGIN:'  at line 35980
switch(ssl->options.asyncState)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35983:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 35994
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35996:29: note: Assuming field 'static_ecdh' is 0
if (ssl->specs.static_ecdh) {
^~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35996:25: note: Taking false branch
if (ssl->specs.static_ecdh) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36002:25: note: Loop condition is false.  Exiting loop
WOLFSSL_MSG("Using ephemeral ECDH");
^
./wolfssl/wolfcrypt/logging.h:392:39: note: expanded from macro 'WOLFSSL_MSG'
#define WOLFSSL_MSG(m)            WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36003:25: note:  Execution continues on line 36009
break;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36009:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 36195
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36255:29: note: Assuming field 'eccTempKey' is not equal to NULL
if (ssl->eccTempKey == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36255:25: note: Taking false branch
if (ssl->eccTempKey == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36264:29: note: Assuming field 'eccTempKeyPresent' is not equal to 0
if (ssl->eccTempKeyPresent == 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36264:25: note: Taking false branch
if (ssl->eccTempKeyPresent == 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36272:25: note:  Execution continues on line 36281
break;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36281:21: note: 'ret' is equal to 0
if (ret != 0) {
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36281:17: note: Taking false branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36292:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 36352
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:35: note: Calling 'ExportEccTempKey'
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35684:13: note: Assuming field 'exportBuf' is not equal to NULL
if (args->exportBuf == NULL)
^~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35684:9: note: Taking false branch
if (args->exportBuf == NULL)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35710:13: note: Loop condition is false.  Exiting loop
PRIVATE_KEY_UNLOCK();
^
./wolfssl/wolfcrypt/types.h:2226:34: note: expanded from macro 'PRIVATE_KEY_UNLOCK'
#define PRIVATE_KEY_UNLOCK() WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35713:13: note: Loop condition is false.  Exiting loop
PRIVATE_KEY_LOCK();
^
./wolfssl/wolfcrypt/types.h:2225:32: note: expanded from macro 'PRIVATE_KEY_LOCK'
#define PRIVATE_KEY_LOCK() WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35714:17: note: Assuming 'ret' is equal to 0
if (ret != 0) {
^~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35714:13: note: Taking false branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35720:9: note: Returning without writing to 'ssl->options.sigAlgo', which participates in a condition later
return ret;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:35: note: Returning from 'ExportEccTempKey'
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:25: note: Assuming 'ret' is 0
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:38: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:25: note: Taking false branch
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:33: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36360:29: note: Assuming field 'key' is not equal to NULL
if (ssl->buffers.key == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36360:25: note: Taking false branch
if (ssl->buffers.key == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36373:39: note: Calling 'SetKeyTypeAndDecodePrivateKey'
CHECK_RET(SetKeyTypeAndDecodePrivateKey(ssl, args),
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35787:9: note: 'keySz' declared without an initial value
word32 keySz;
^~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35789:9: note: Control jumps to 'case rsa_sa_algo:'  at line 35794
switch(ssl->options.sigAlgo) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35797:23: note: Calling 'DecodePrivateKey'
ret = DecodePrivateKey(ssl, &keySz);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:22: note: Field 'key' is not equal to NULL
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:9: note: Left side of '||' is false
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:37: note: Assuming field 'buffer' is equal to NULL
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:5: note: Taking true branch
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29706:13: note: Loop condition is false.  Exiting loop
WOLFSSL_MSG("Private key missing!");
^
./wolfssl/wolfcrypt/logging.h:392:39: note: expanded from macro 'WOLFSSL_MSG'
#define WOLFSSL_MSG(m)            WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29707:13: note: Control jumps to line 30237
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:142:52: note: expanded from macro 'ERROR_OUT'
#define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; }
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30237:9: note: 'ret' is not equal to 0
if (ret != 0) {
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30237:5: note: Taking true branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30241:5: note: Returning without writing to '*length'
return ret;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35797:23: note: Returning from 'DecodePrivateKey'
ret = DecodePrivateKey(ssl, &keySz);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35798:32: note: Assigned value is garbage or undefined
args->tmpSigSz = (word32)keySz;
^ ~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35811:32: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
args->tmpSigSz = keySz;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35933:9: note: Loop condition is false.  Exiting loop
WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
^
./wolfssl/wolfcrypt/logging.h:259:30: note: expanded from macro 'WOLFSSL_START'
#define WOLFSSL_START(n) WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35934:9: note: Loop condition is false.  Exiting loop
WOLFSSL_ENTER("SendServerKeyExchange");
^
./wolfssl/wolfcrypt/logging.h:367:39: note: expanded from macro 'WOLFSSL_ENTER'
#define WOLFSSL_ENTER(m)          WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35941:13: note: Assuming field 'async' is not equal to NULL
if (ssl->async == NULL) {
^~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35941:9: note: Taking false branch
if (ssl->async == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35959:13: note: Assuming field 'buildingMsg' is 0
if (ssl->options.buildingMsg) {
^~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35959:9: note: Taking false branch
if (ssl->options.buildingMsg) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35978:9: note: Control jumps to 'case TLS_ASYNC_BEGIN:'  at line 35980
switch(ssl->options.asyncState)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35983:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 35994
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35996:29: note: Assuming field 'static_ecdh' is 0
if (ssl->specs.static_ecdh) {
^~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35996:25: note: Taking false branch
if (ssl->specs.static_ecdh) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36002:25: note: Loop condition is false.  Exiting loop
WOLFSSL_MSG("Using ephemeral ECDH");
^
./wolfssl/wolfcrypt/logging.h:392:39: note: expanded from macro 'WOLFSSL_MSG'
#define WOLFSSL_MSG(m)            WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36003:25: note:  Execution continues on line 36009
break;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36009:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 36195
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36255:29: note: Assuming field 'eccTempKey' is not equal to NULL
if (ssl->eccTempKey == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36255:25: note: Taking false branch
if (ssl->eccTempKey == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36264:29: note: Assuming field 'eccTempKeyPresent' is not equal to 0
if (ssl->eccTempKeyPresent == 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36264:25: note: Taking false branch
if (ssl->eccTempKeyPresent == 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36272:25: note:  Execution continues on line 36281
break;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36281:21: note: 'ret' is equal to 0
if (ret != 0) {
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36281:17: note: Taking false branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36292:17: note: Control jumps to 'case ecc_diffie_hellman_kea:'  at line 36352
switch(ssl->specs.kea)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:35: note: Calling 'ExportEccTempKey'
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35684:13: note: Assuming field 'exportBuf' is not equal to NULL
if (args->exportBuf == NULL)
^~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35684:9: note: Taking false branch
if (args->exportBuf == NULL)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35710:13: note: Loop condition is false.  Exiting loop
PRIVATE_KEY_UNLOCK();
^
./wolfssl/wolfcrypt/types.h:2226:34: note: expanded from macro 'PRIVATE_KEY_UNLOCK'
#define PRIVATE_KEY_UNLOCK() WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35713:13: note: Loop condition is false.  Exiting loop
PRIVATE_KEY_LOCK();
^
./wolfssl/wolfcrypt/types.h:2225:32: note: expanded from macro 'PRIVATE_KEY_LOCK'
#define PRIVATE_KEY_LOCK() WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35714:17: note: Assuming 'ret' is equal to 0
if (ret != 0) {
^~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35714:13: note: Taking false branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35720:9: note: Returning without writing to 'ssl->options.sigAlgo', which participates in a condition later
return ret;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:35: note: Returning from 'ExportEccTempKey'
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:25: note: Assuming 'ret' is 0
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:38: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36357:25: note: Taking false branch
CHECK_RET(ExportEccTempKey(ssl, args), exit_sske);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:33: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36360:29: note: Assuming field 'key' is not equal to NULL
if (ssl->buffers.key == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36360:25: note: Taking false branch
if (ssl->buffers.key == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36373:39: note: Calling 'SetKeyTypeAndDecodePrivateKey'
CHECK_RET(SetKeyTypeAndDecodePrivateKey(ssl, args),
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:45: note: expanded from macro 'CHECK_RET'
#define CHECK_RET(exp, eLabel)  if ((ret = (exp))) goto eLabel;
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35787:9: note: 'keySz' declared without an initial value
word32 keySz;
^~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35789:9: note: Control jumps to 'case ecc_dsa_sa_algo:'  at line 35806
switch(ssl->options.sigAlgo) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35809:23: note: Calling 'DecodePrivateKey'
ret = DecodePrivateKey(ssl, &keySz);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:22: note: Field 'key' is not equal to NULL
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:9: note: Left side of '||' is false
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:37: note: Assuming field 'buffer' is equal to NULL
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29692:5: note: Taking true branch
if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29706:13: note: Loop condition is false.  Exiting loop
WOLFSSL_MSG("Private key missing!");
^
./wolfssl/wolfcrypt/logging.h:392:39: note: expanded from macro 'WOLFSSL_MSG'
#define WOLFSSL_MSG(m)            WC_DO_NOTHING
^
./wolfssl/wolfcrypt/types.h:397:27: note: expanded from macro 'WC_DO_NOTHING'
#define WC_DO_NOTHING do {} while (0)
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:29707:13: note: Control jumps to line 30237
ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:142:52: note: expanded from macro 'ERROR_OUT'
#define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; }
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30237:9: note: 'ret' is not equal to 0
if (ret != 0) {
^~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30237:5: note: Taking true branch
if (ret != 0) {
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:30241:5: note: Returning without writing to '*length'
return ret;
^
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35809:23: note: Returning from 'DecodePrivateKey'
ret = DecodePrivateKey(ssl, &keySz);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:35811:32: note: Assigned value is garbage or undefined
args->tmpSigSz = keySz;
^ ~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36466:25: warning: Value stored to 'preSigIdx' is never read [clang-analyzer-deadcode.DeadStores]
preSigIdx = args->idx;
^           ~~~~~~~~~
/tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:36466:25: note: Value stored to 'preSigIdx' is never read
preSigIdx = args->idx;
^           ~~~~~~~~~
make[2]: *** [Makefile:9107: src/libwolfssl_la-internal.lo] Error 1
make[1]: *** [Makefile:10800: all-recursive] Error 1
make: *** [Makefile:5969: all] Error 2
   real 3m32.289s  user 2m38.164s  sys 0m3.562s
    clang-tidy-defaults fail_build
    failed config: 'EXTRA_CPPFLAGS=-Werror' '--srcdir' '.' '--disable-jobserver' '--enable-option-checking=fatal' 'CC=/tmp/workspace/PRB-multi-test-script/testing/git-hooks/clang-tidy-builder.sh' 'CLANG=/usr/lib/llvm-14/bin/clang-14' 'CFLAGS=-Wunreachable-code-aggressive -Wthread-safety -Wloop-analysis -Wenum-compare-conditional -fcolor-diagnostics -fcomplete-member-pointers -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -DTEST_ALWAYS_RUN_TO_END -g -fdebug-types-section -Wunreachable-code-break -Wunreachable-code-return -Wimplicit-fallthrough' 'CPPFLAGS=-DKEEP_OUR_CERT -DKEEP_PEER_CERT -DWOLFSSL_ALT_NAMES -DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DSP_ALLOC -DWOLFSSL_CLANG_TIDY -DNO_WOLFSSL_MEMORY'
    BUILD_ENV: 'CLANG_TIDY=/usr/lib/llvm-14/bin/clang-tidy' 'CLANG=/usr/lib/llvm-14/bin/clang-14' 'CLANG_TIDY_EXTRA_ARGS=--use-color=0 -line-filter=[{"name":"asn1.h","lines":[[1,166]]},{"name":".c"},{"name":".h"},{"name":".s"},{"name":".S"},{"name":".i"}]' 'CLANG_OVERRIDE_CFLAGS=' 'FAIL_BUILD_CODENAME=fail_analytic_build' 'MAX_FIPS_CODE_SZ=10000000'
exiting with status 2
results for wolfssl:
succeeded: check-file-modes check-source-text check-shell-scripts check-configure all-c89-cppcheck cppcheck-defaults
failed: clang-tidy-defaults
final tally for wolfssl with build env 300e7f6cb9: 6 of 7 checks succeeded, 0 skipped, 0 forced, and 1 failed.

@dgarske dgarske assigned effbiae and unassigned effbiae Oct 30, 2025
@dgarske dgarske self-requested a review October 31, 2025 14:32
dgarske
dgarske reviewed Oct 31, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rebased to resolve merge conflict and force pushed. Testing so far looks good. Please adjust the title and description to reflect the larger refactor done here.

@dgarske dgarske assigned effbiae and unassigned effbiae Oct 31, 2025
@dgarske
Copy link
Contributor

dgarske commented Oct 31, 2025

I rebased to resolve merge conflict and force pushed. Testing so far looks good. Please adjust the title and description to reflect the larger refactor done here.

I took care of it.

dgarske
dgarske requested changes Oct 31, 2025
View reviewed changes
@dgarske dgarske self-requested a review November 3, 2025 14:25
@dgarske dgarske assigned effbiae and unassigned effbiae Nov 3, 2025
dgarske
dgarske requested changes Nov 3, 2025
View reviewed changes
@effbiae effbiae requested a review from dgarske November 6, 2025 06:03
@dgarske dgarske requested review from SparkiDev and removed request for SparkiDev and douzzer November 6, 2025 06:10
SparkiDev
SparkiDev requested changes Nov 6, 2025
View reviewed changes
@dgarske dgarske requested a review from SparkiDev November 10, 2025 16:34
dgarske
dgarske requested changes Nov 11, 2025
View reviewed changes
src/internal.c Outdated


#define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; }
#define CHECK_RET(ret, exp, eLabel) do { if ((ret = (exp)) != 0) goto eLabel; \
Copy link
Contributor

@dgarske dgarske Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

[clang-tidy-defaults] [7 of 7] [wolfssl]
    configure...   real 0m6.012s  user 0m4.372s  sys 0m1.927s
    build.../tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:47: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
#define CHECK_RET(ret, exp, eLabel) do { if ((ret = (exp)) != 0) goto eLabel; \
^
(  )

Copy link
Contributor

@dgarske dgarske Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its still reporting:

[clang-tidy-defaults] [7 of 7] [wolfssl]
    configure...   real 0m6.506s  user 0m4.488s  sys 0m2.242s
    build.../tmp/workspace/PRB-multi-test-script/wolfssl/src/internal.c:143:47: warning: macro argument should be enclosed in parentheses [bugprone-macro-parentheses]
#define CHECK_RET(ret, exp, eLabel) do { if ((ret = (exp)) != 0) goto eLabel; \
^
(  )

dgarske
dgarske requested changes Nov 11, 2025
View reviewed changes
@dgarske dgarske assigned effbiae and unassigned effbiae Nov 12, 2025
dgarske
dgarske approved these changes Nov 13, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding to merge until after the v5.8.4 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@SparkiDev SparkiDev Awaiting requested review from SparkiDev

Requested changes must be addressed to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

Not For This Release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@effbiae @wolfSSL-Bot @dgarske @SparkiDev