feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7069 from douzzer/20231213-misc-fixes

Browse Source 
20231213-misc-fixes
This commit is contained in:
Chris Conlon
2023-12-14 15:18:12 -07:00
committed by GitHub
parent 27c6ee4d05 64e4796ed6
commit 2ffc818c28
4 changed files with 64 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
examples/client/client.c
View File

@@ -3700,6 +3700,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) { WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("UseCertificateStatusRequest failed"); err_sys("UseCertificateStatusRequest failed");
} }
@@ -3711,6 +3712,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("UseCertificateStatusRequest failed"); err_sys("UseCertificateStatusRequest failed");
} }
@@ -3720,6 +3722,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
WOLFSSL_CSR2_OCSP_MULTI, 0) WOLFSSL_CSR2_OCSP_MULTI, 0)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("UseCertificateStatusRequest failed"); err_sys("UseCertificateStatusRequest failed");
} }
@@ -3748,6 +3751,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error in setting fd"); err_sys("error in setting fd");
} }
@@ -3763,6 +3767,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (doSTARTTLS) { if (doSTARTTLS) {
if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) { if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error during STARTTLS protocol"); err_sys("error during STARTTLS protocol");
} }
@@ -3776,17 +3781,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) { if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't enable crl check"); err_sys("can't enable crl check");
} }
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0) if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load crl, check crlfile and date validity"); err_sys("can't load crl, check crlfile and date validity");
} }
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) { if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't set crl callback"); err_sys("can't set crl callback");
} }
@@ -3796,6 +3804,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (scr) { if (scr) {
if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) { if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't enable secure renegotiation"); err_sys("can't enable secure renegotiation");
} }
@@ -3948,6 +3957,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
size = wolfSSL_get_client_random(NULL, NULL, 0); size = wolfSSL_get_client_random(NULL, NULL, 0);
if (size == 0) { if (size == 0) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error getting client random buffer size"); err_sys("error getting client random buffer size");
} }
@@ -3955,6 +3965,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rnd == NULL) { if (rnd == NULL) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error creating client random buffer"); err_sys("error creating client random buffer");
} }
@@ -3963,6 +3974,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (size == 0) { if (size == 0) {
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error getting client random buffer"); err_sys("error getting client random buffer");
} }
@@ -4001,6 +4013,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (XSTRCMP(starttlsProt, "smtp") == 0) { if (XSTRCMP(starttlsProt, "smtp") == 0) {
if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) { if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error closing STARTTLS connection"); err_sys("error closing STARTTLS connection");
} }
@@ -4115,6 +4128,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err, LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed"); err_sys("non-blocking wolfSSL_Rehandshake failed");
} }
@@ -4145,6 +4159,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("err = %d, %s\n", err, printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed"); err_sys("wolfSSL_Rehandshake failed");
} }
@@ -4174,6 +4189,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("err = %d, %s\n", err, printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_SecureResume failed"); err_sys("wolfSSL_SecureResume failed");
} }
@@ -4210,6 +4226,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (exitWithRet) { if (exitWithRet) {
((func_args*)args)->return_code = err; ((func_args*)args)->return_code = err;
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
goto exit; goto exit;
} }
@@ -4229,6 +4246,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (exitWithRet && (err != 0)) { if (exitWithRet && (err != 0)) {
((func_args*)args)->return_code = err; ((func_args*)args)->return_code = err;
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
goto exit; goto exit;
} }
@@ -4346,6 +4364,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume); tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) { if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) {
wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_free(sslResume); sslResume = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("error in setting fd"); err_sys("error in setting fd");
} }
@@ -4366,6 +4385,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (scr) { if (scr) {
if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) { if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) {
wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_free(sslResume); sslResume = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't enable secure renegotiation"); err_sys("can't enable secure renegotiation");
} }
@@ -4440,6 +4460,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err, LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_free(sslResume); sslResume = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_connect resume failed"); err_sys("wolfSSL_connect resume failed");
} }
@@ -4488,6 +4509,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
LOG_ERROR("err = %d, %s\n", err, LOG_ERROR("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_free(sslResume); sslResume = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed"); err_sys("wolfSSL_Rehandshake failed");
} }
@@ -4502,6 +4524,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
LOG_ERROR("err = %d, %s\n", err, LOG_ERROR("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_free(sslResume); sslResume = NULL;
CloseSocket(sockfd);
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_SecureResume failed"); err_sys("wolfSSL_SecureResume failed");
} }

53
src/ssl.c
View File

@@ -1265,8 +1265,12 @@ int wolfSSL_send_session(WOLFSSL* ssl)
/* prevent multiple mutex initializations */ /* prevent multiple mutex initializations */
static volatile WOLFSSL_GLOBAL int initRefCount = 0; static volatile WOLFSSL_GLOBAL int initRefCount = 0;
#ifdef WOLFSSL_MUTEX_INITIALIZER
static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex = WOLFSSL_MUTEX_INITIALIZER;
#else
static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex; /* init ref count mutex */ static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex; /* init ref count mutex */
static WOLFSSL_GLOBAL int count_mutex_valid = 0; static WOLFSSL_GLOBAL int count_mutex_valid = 0;
#endif
/* Create a new WOLFSSL_CTX struct and return the pointer to created struct. /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
WOLFSSL_METHOD pointer passed in is given to ctx to manage. WOLFSSL_METHOD pointer passed in is given to ctx to manage.
@@ -6258,6 +6262,7 @@ int wolfSSL_Init(void)
} }
#endif #endif
#endif #endif
#ifndef WOLFSSL_MUTEX_INITIALIZER
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
if (wc_InitMutex(&count_mutex) != 0) { if (wc_InitMutex(&count_mutex) != 0) {
WOLFSSL_MSG("Bad Init Mutex count"); WOLFSSL_MSG("Bad Init Mutex count");
@@ -6267,6 +6272,7 @@ int wolfSSL_Init(void)
count_mutex_valid = 1; count_mutex_valid = 1;
} }
} }
#endif /* !WOLFSSL_MUTEX_INITIALIZER */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT) #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
/* OpenSSL registers cleanup using atexit */ /* OpenSSL registers cleanup using atexit */
if ((ret == WOLFSSL_SUCCESS) && (atexit(AtExitCleanup) != 0)) { if ((ret == WOLFSSL_SUCCESS) && (atexit(AtExitCleanup) != 0)) {
@@ -13378,21 +13384,30 @@ int wolfSSL_Cleanup(void)
WOLFSSL_ENTER("wolfSSL_Cleanup"); WOLFSSL_ENTER("wolfSSL_Cleanup");
if (initRefCount == 0) #ifndef WOLFSSL_MUTEX_INITIALIZER
return ret; /* possibly no init yet, but not failure either way */
if ((count_mutex_valid == 1) && (wc_LockMutex(&count_mutex) != 0)) {
WOLFSSL_MSG("Bad Lock Mutex count");
ret = BAD_MUTEX_E;
}
release = initRefCount-- == 1;
if (initRefCount < 0)
initRefCount = 0;
if (count_mutex_valid == 1) { if (count_mutex_valid == 1) {
wc_UnLockMutex(&count_mutex); #endif
if (wc_LockMutex(&count_mutex) != 0) {
WOLFSSL_MSG("Bad Lock Mutex count");
return BAD_MUTEX_E;
}
#ifndef WOLFSSL_MUTEX_INITIALIZER
} }
#endif
if (initRefCount > 0) {
--initRefCount;
if (initRefCount == 0)
release = 1;
}
#ifndef WOLFSSL_MUTEX_INITIALIZER
if (count_mutex_valid == 1) {
#endif
wc_UnLockMutex(&count_mutex);
#ifndef WOLFSSL_MUTEX_INITIALIZER
}
#endif
if (!release) if (!release)
return ret; return ret;
@@ -13442,11 +13457,13 @@ int wolfSSL_Cleanup(void)
#endif #endif
#endif /* !NO_SESSION_CACHE */ #endif /* !NO_SESSION_CACHE */
#ifndef WOLFSSL_MUTEX_INITIALIZER
if ((count_mutex_valid == 1) && (wc_FreeMutex(&count_mutex) != 0)) { if ((count_mutex_valid == 1) && (wc_FreeMutex(&count_mutex) != 0)) {
if (ret == WOLFSSL_SUCCESS) if (ret == WOLFSSL_SUCCESS)
ret = BAD_MUTEX_E; ret = BAD_MUTEX_E;
} }
count_mutex_valid = 0; count_mutex_valid = 0;
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
wolfSSL_RAND_Cleanup(); wolfSSL_RAND_Cleanup();
@@ -14339,6 +14356,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI
{ {
int error = -1; int error = -1;
word32 clientRow = 0, clientIdx = 0; word32 clientRow = 0, clientIdx = 0;
ClientSession* ret = NULL;
(void)useTicket; (void)useTicket;
if (side == WOLFSSL_CLIENT_END if (side == WOLFSSL_CLIENT_END
&& row != INVALID_SESSION_ROW && row != INVALID_SESSION_ROW
@@ -14392,6 +14411,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI
ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW; ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW;
} }
ret = &ClientCache[clientRow].Clients[clientIdx];
wc_UnLockMutex(&clisession_mutex); wc_UnLockMutex(&clisession_mutex);
} }
else { else {
@@ -14402,10 +14423,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI
else { else {
WOLFSSL_MSG("Skipping client cache"); WOLFSSL_MSG("Skipping client cache");
} }
if (error == 0)
return &ClientCache[clientRow].Clients[clientIdx]; return ret;
else
return NULL;
} }
#endif /* !NO_CLIENT_CACHE */ #endif /* !NO_CLIENT_CACHE */

2
tests/api.c
View File

@@ -45495,6 +45495,8 @@ static int test_wolfSSL_SESSION(void)
wolfSSL_shutdown(ssl); wolfSSL_shutdown(ssl);
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
CloseSocket(sockfd);
join_thread(serverThread); join_thread(serverThread);
FreeTcpReady(&ready); FreeTcpReady(&ready);

3
wolfssl/wolfcrypt/wc_port.h
View File

@@ -307,6 +307,9 @@
#if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED) #if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED)
typedef wolfSSL_Mutex wolfSSL_RwLock; typedef wolfSSL_Mutex wolfSSL_RwLock;
#endif #endif
#ifdef WOLFSSL_PTHREADS
#define WOLFSSL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
#endif
#ifndef WOLFSSL_NO_ATOMICS #ifndef WOLFSSL_NO_ATOMICS
#ifdef HAVE_C___ATOMIC #ifdef HAVE_C___ATOMIC