From 1b907d05edb99d8d7b17a35184354cdf587fc417 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 10 Jun 2024 13:44:03 -0500
Subject: [PATCH] WOLFSSL_DEBUG_TRACE_ERROR_CODES: restore several
 initializations, one because needed (in wolfSSL_UseSecureRenegotiation()),
 the rest in an abundance of caution, and rearrange wolfSSL_CryptHwMutexInit()
 and wolfSSL_CryptHwMutexUnLock() in a similar abundance of caution.

---
 src/internal.c          |  2 +-
 src/ssl.c               |  2 +-
 src/tls.c               |  4 ++--
 wolfcrypt/src/sakke.c   | 10 +++++-----
 wolfcrypt/src/wc_port.c |  6 ++----
 wolfcrypt/src/wc_xmss.c |  4 ++--
 6 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index b485dec810..465ff0ba6b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12549,7 +12549,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
 int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
 {
     int checkCN;
-    int ret;
+    int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH);
 
     if (CheckForAltNames(dCert, domainName, (word32)domainNameLen,
                                             &checkCN) != 1) {
diff --git a/src/ssl.c b/src/ssl.c
index 293197eefd..672e41cc49 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3532,7 +3532,7 @@ int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
 /* user is forcing ability to use secure renegotiation, we discourage it */
 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
 {
-    int ret;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 #if defined(NO_TLS)
     (void)ssl;
 #else
diff --git a/src/tls.c b/src/tls.c
index e6a401305d..567f831349 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -883,7 +883,7 @@ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
  */
 static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
 {
-    int ret;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     wc_HashAlg hash;
     enum wc_HashType hashType = (enum wc_HashType)hmac->macType;
     int digestSz = wc_HashGetDigestSize(hashType);
@@ -9745,7 +9745,7 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
 
     if (extension && extension->resp == 1) {
         /* Outside of the async case this path should not be taken. */
-        int ret;
+        int ret = WC_NO_ERR_TRACE(INCOMPLETE_DATA);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* in async case make sure key generation is finalized */
         KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data;
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index 42fc76f090..c87963acc7 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -327,7 +327,7 @@ static int sakke_load_base_point(SakkeKey* key)
 static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res,
         int map)
 {
-    int err;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -357,7 +357,7 @@ static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res,
 static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n,
         const ecc_point* a, ecc_point* res, int map)
 {
-    int err;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -448,7 +448,7 @@ static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n, ecc_point* a,
 static int sakke_mulmod_point(SakkeKey* key, const mp_int* n,
         const ecc_point* p, byte* table, ecc_point* res, int map)
 {
-    int err;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -1363,7 +1363,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk,
 static int sakke_pairing(const SakkeKey* key, const ecc_point* p,
     const ecc_point* q, mp_int* r, const byte* table, word32 len)
 {
-    int err;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -2539,7 +2539,7 @@ int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz)
 static int sakke_modexp(const SakkeKey* key, const mp_int* b, mp_int* e,
         mp_int* r)
 {
-    int err;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index a5ba7e51a5..d026d10487 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -1303,9 +1303,8 @@ int wolfSSL_CryptHwMutexInit(void)
 }
 int wolfSSL_CryptHwMutexLock(void)
 {
-    int ret;
     /* Make sure HW Mutex has been initialized */
-    ret = wolfSSL_CryptHwMutexInit();
+    int ret = wolfSSL_CryptHwMutexInit();
     if (ret == 0) {
         ret = wc_LockMutex(&wcCryptHwMutex);
     }
@@ -1700,9 +1699,8 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int maxq_CryptHwMutexTryLock()
     {
-        int ret;
         /* Make sure HW Mutex has been initialized */
-        ret = wolfSSL_CryptHwMutexInit();
+        int ret = wolfSSL_CryptHwMutexInit();
         if (ret == 0) {
             ret = maxq_LockMutex(&wcCryptHwMutex, 1);
         }
diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c
index 75134a0c0a..0e63722247 100644
--- a/wolfcrypt/src/wc_xmss.c
+++ b/wolfcrypt/src/wc_xmss.c
@@ -385,7 +385,7 @@ static const wc_XmssString wc_xmss_alg[] = {
 static int wc_xmss_str_to_params(const char *s, word32* oid,
     const XmssParams** params)
 {
-    int ret;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 #if WOLFSSL_XMSS_MIN_HEIGHT <= 20
     unsigned int i;
 
@@ -614,7 +614,7 @@ static const wc_XmssString wc_xmssmt_alg[] = {
 static int wc_xmssmt_str_to_params(const char *s, word32* oid,
     const XmssParams** params)
 {
-    int ret;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 #if WOLFSSL_XMSS_MAX_HEIGHT >= 20
     unsigned int i;