diff --git a/examples/client/client.c b/examples/client/client.c index 0850a89a0..88dba47a4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3700,6 +3700,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("UseCertificateStatusRequest failed"); } @@ -3711,6 +3712,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("UseCertificateStatusRequest failed"); } @@ -3720,6 +3722,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) WOLFSSL_CSR2_OCSP_MULTI, 0) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("UseCertificateStatusRequest failed"); } @@ -3748,6 +3751,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error in setting fd"); } @@ -3763,6 +3767,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (doSTARTTLS) { if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error during STARTTLS protocol"); } @@ -3776,17 +3781,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't enable crl check"); } if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't load crl, check crlfile and date validity"); } if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't set crl callback"); } @@ -3796,6 +3804,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (scr) { if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't enable secure renegotiation"); } @@ -3948,6 +3957,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) size = wolfSSL_get_client_random(NULL, NULL, 0); if (size == 0) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error getting client random buffer size"); } @@ -3955,6 +3965,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rnd == NULL) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error creating client random buffer"); } @@ -3963,6 +3974,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (size == 0) { XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error getting client random buffer"); } @@ -4001,6 +4013,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (XSTRCMP(starttlsProt, "smtp") == 0) { if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error closing STARTTLS connection"); } @@ -4115,6 +4128,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("non-blocking wolfSSL_Rehandshake failed"); } @@ -4145,6 +4159,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("wolfSSL_Rehandshake failed"); } @@ -4174,6 +4189,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("wolfSSL_SecureResume failed"); } @@ -4210,6 +4226,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (exitWithRet) { ((func_args*)args)->return_code = err; wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; goto exit; } @@ -4229,6 +4246,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (exitWithRet && (err != 0)) { ((func_args*)args)->return_code = err; wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; goto exit; } @@ -4346,6 +4364,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume); if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) { wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("error in setting fd"); } @@ -4366,6 +4385,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (scr) { if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) { wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't enable secure renegotiation"); } @@ -4440,6 +4460,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("wolfSSL_connect resume failed"); } @@ -4488,6 +4509,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) LOG_ERROR("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("wolfSSL_Rehandshake failed"); } @@ -4502,6 +4524,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) LOG_ERROR("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("wolfSSL_SecureResume failed"); } diff --git a/src/ssl.c b/src/ssl.c index 64bddbea0..cf4ab9fbf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1265,8 +1265,12 @@ int wolfSSL_send_session(WOLFSSL* ssl) /* prevent multiple mutex initializations */ static volatile WOLFSSL_GLOBAL int initRefCount = 0; +#ifdef WOLFSSL_MUTEX_INITIALIZER +static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex = WOLFSSL_MUTEX_INITIALIZER; +#else static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex; /* init ref count mutex */ static WOLFSSL_GLOBAL int count_mutex_valid = 0; +#endif /* Create a new WOLFSSL_CTX struct and return the pointer to created struct. WOLFSSL_METHOD pointer passed in is given to ctx to manage. @@ -6258,6 +6262,7 @@ int wolfSSL_Init(void) } #endif #endif +#ifndef WOLFSSL_MUTEX_INITIALIZER if (ret == WOLFSSL_SUCCESS) { if (wc_InitMutex(&count_mutex) != 0) { WOLFSSL_MSG("Bad Init Mutex count"); @@ -6267,6 +6272,7 @@ int wolfSSL_Init(void) count_mutex_valid = 1; } } +#endif /* !WOLFSSL_MUTEX_INITIALIZER */ #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT) /* OpenSSL registers cleanup using atexit */ if ((ret == WOLFSSL_SUCCESS) && (atexit(AtExitCleanup) != 0)) { @@ -13378,21 +13384,30 @@ int wolfSSL_Cleanup(void) WOLFSSL_ENTER("wolfSSL_Cleanup"); - if (initRefCount == 0) - return ret; /* possibly no init yet, but not failure either way */ - - if ((count_mutex_valid == 1) && (wc_LockMutex(&count_mutex) != 0)) { - WOLFSSL_MSG("Bad Lock Mutex count"); - ret = BAD_MUTEX_E; - } - - release = initRefCount-- == 1; - if (initRefCount < 0) - initRefCount = 0; - +#ifndef WOLFSSL_MUTEX_INITIALIZER if (count_mutex_valid == 1) { - wc_UnLockMutex(&count_mutex); +#endif + if (wc_LockMutex(&count_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_E; + } +#ifndef WOLFSSL_MUTEX_INITIALIZER } +#endif + + if (initRefCount > 0) { + --initRefCount; + if (initRefCount == 0) + release = 1; + } + +#ifndef WOLFSSL_MUTEX_INITIALIZER + if (count_mutex_valid == 1) { +#endif + wc_UnLockMutex(&count_mutex); +#ifndef WOLFSSL_MUTEX_INITIALIZER + } +#endif if (!release) return ret; @@ -13442,11 +13457,13 @@ int wolfSSL_Cleanup(void) #endif #endif /* !NO_SESSION_CACHE */ +#ifndef WOLFSSL_MUTEX_INITIALIZER if ((count_mutex_valid == 1) && (wc_FreeMutex(&count_mutex) != 0)) { if (ret == WOLFSSL_SUCCESS) ret = BAD_MUTEX_E; } count_mutex_valid = 0; +#endif #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); @@ -14339,6 +14356,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI { int error = -1; word32 clientRow = 0, clientIdx = 0; + ClientSession* ret = NULL; + (void)useTicket; if (side == WOLFSSL_CLIENT_END && row != INVALID_SESSION_ROW @@ -14392,6 +14411,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW; } + ret = &ClientCache[clientRow].Clients[clientIdx]; + wc_UnLockMutex(&clisession_mutex); } else { @@ -14402,10 +14423,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI else { WOLFSSL_MSG("Skipping client cache"); } - if (error == 0) - return &ClientCache[clientRow].Clients[clientIdx]; - else - return NULL; + + return ret; } #endif /* !NO_CLIENT_CACHE */ diff --git a/tests/api.c b/tests/api.c index b4345c31f..19cca234e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -45495,6 +45495,8 @@ static int test_wolfSSL_SESSION(void) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + join_thread(serverThread); FreeTcpReady(&ready); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 35bfb2b95..0a06378fc 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -307,6 +307,9 @@ #if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED) typedef wolfSSL_Mutex wolfSSL_RwLock; #endif +#ifdef WOLFSSL_PTHREADS + #define WOLFSSL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +#endif #ifndef WOLFSSL_NO_ATOMICS #ifdef HAVE_C___ATOMIC