feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

tests/api.c: fix data races in test_wolfSSL_CTX_add_session_ctx_ready() using a mutex, and in test_wolfSSL_dtls_AEAD_limit() using a mutex, an atomic integer, and a volatile attribute.

Browse Source 
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_ATOMIC_LOAD() and WOLFSSL_ATOMIC_STORE() definitions.
This commit is contained in:
Daniel Pouzzner
2025-02-06 00:55:44 -06:00
parent e6ceb40187
commit 40e3f03795
2 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
tests/api.c
View File

@ -9872,6 +9872,11 @@ static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl) static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
{ {
WOLFSSL_SESSION** sess; WOLFSSL_SESSION** sess;
#ifdef WOLFSSL_MUTEX_INITIALIZER
static wolfSSL_Mutex m = WOLFSSL_MUTEX_INITIALIZER(m);
(void)wc_LockMutex(&m);
#endif
if (wolfSSL_is_server(ssl)) if (wolfSSL_is_server(ssl))
sess = &test_wolfSSL_CTX_add_session_server_sess; sess = &test_wolfSSL_CTX_add_session_server_sess;
else else
@ -9905,6 +9910,10 @@ static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
* resuming on that session */ * resuming on that session */
AssertIntEQ(wolfSSL_session_reused(ssl), 1); AssertIntEQ(wolfSSL_session_reused(ssl), 1);
} }
#ifdef WOLFSSL_MUTEX_INITIALIZER
wc_UnLockMutex(&m);
#endif
/* Save CTX to be able to decrypt tickets */ /* Save CTX to be able to decrypt tickets */
if (wolfSSL_is_server(ssl) && if (wolfSSL_is_server(ssl) &&
test_wolfSSL_CTX_add_session_server_ctx == NULL) { test_wolfSSL_CTX_add_session_server_ctx == NULL) {
@ -90967,10 +90976,17 @@ static int test_wolfSSL_dtls_bad_record(void)
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \ #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) defined(HAVE_IO_TESTS_DEPENDENCIES)
static byte test_AEAD_fail_decryption = 0; static volatile int test_AEAD_seq_num = 0;
static byte test_AEAD_seq_num = 0; #ifdef WOLFSSL_ATOMIC_INITIALIZER
static byte test_AEAD_done = 0; wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0);
#else
static volatile int test_AEAD_done = 0;
#endif
#ifdef WOLFSSL_MUTEX_INITIALIZER
static wolfSSL_Mutex test_AEAD_mutex = WOLFSSL_MUTEX_INITIALIZER(test_AEAD_mutex);
#endif
static int test_AEAD_fail_decryption = 0;
static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{ {
int fd = wolfSSL_get_fd(ssl); int fd = wolfSSL_get_fd(ssl);
@ -91074,6 +91090,9 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
if (!w64IsZero(sendLimit)) { if (!w64IsZero(sendLimit)) {
/* Test the sending limit for AEAD ciphers */ /* Test the sending limit for AEAD ciphers */
#ifdef WOLFSSL_MUTEX_INITIALIZER
(void)wc_LockMutex(&test_AEAD_mutex);
#endif
Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
test_AEAD_seq_num = 1; test_AEAD_seq_num = 1;
XMEMSET(msgBuf, 0, sizeof(msgBuf)); XMEMSET(msgBuf, 0, sizeof(msgBuf));
@ -91081,6 +91100,9 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
AssertIntGT(ret, 0); AssertIntGT(ret, 0);
didReKey = 0; didReKey = 0;
w64Zero(&counter); w64Zero(&counter);
#ifdef WOLFSSL_MUTEX_INITIALIZER
wc_UnLockMutex(&test_AEAD_mutex);
#endif
/* 100 read calls should be enough to complete the key update */ /* 100 read calls should be enough to complete the key update */
for (i = 0; i < 100; i++) { for (i = 0; i < 100; i++) {
/* Key update should be sent and negotiated */ /* Key update should be sent and negotiated */
@ -91104,7 +91126,11 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR)); AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR));
#ifdef WOLFSSL_ATOMIC_INITIALIZER
WOLFSSL_ATOMIC_STORE(test_AEAD_done, 1);
#else
test_AEAD_done = 1; test_AEAD_done = 1;
#endif
} }
int counter = 0; int counter = 0;
@ -91120,8 +91146,11 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
tcp_set_nonblocking(&fd); /* So that read doesn't block */ tcp_set_nonblocking(&fd); /* So that read doesn't block */
wolfSSL_dtls_set_using_nonblock(ssl, 1); wolfSSL_dtls_set_using_nonblock(ssl, 1);
test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit); test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit);
while (!test_AEAD_done && ret > 0) { while (! WOLFSSL_ATOMIC_LOAD(test_AEAD_done) && ret > 0) {
counter++; counter++;
#ifdef WOLFSSL_MUTEX_INITIALIZER
(void)wc_LockMutex(&test_AEAD_mutex);
#endif
if (test_AEAD_seq_num) { if (test_AEAD_seq_num) {
/* We need to update the seq number so that we can understand the /* We need to update the seq number so that we can understand the
* peer. Otherwise we will incorrectly interpret the seq number. */ * peer. Otherwise we will incorrectly interpret the seq number. */
@ -91130,6 +91159,9 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
e->nextPeerSeqNumber = sendLimit; e->nextPeerSeqNumber = sendLimit;
test_AEAD_seq_num = 0; test_AEAD_seq_num = 0;
} }
#ifdef WOLFSSL_MUTEX_INITIALIZER
wc_UnLockMutex(&test_AEAD_mutex);
#endif
(void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
nanosleep(&delay, NULL); nanosleep(&delay, NULL);

8
wolfssl/wolfcrypt/wc_port.h
View File

@ -422,6 +422,8 @@
#ifdef SINGLE_THREADED #ifdef SINGLE_THREADED
typedef int wolfSSL_Atomic_Int; typedef int wolfSSL_Atomic_Int;
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
#define WOLFSSL_ATOMIC_LOAD(x) (x)
#define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
#define WOLFSSL_ATOMIC_OPS #define WOLFSSL_ATOMIC_OPS
#elif defined(HAVE_C___ATOMIC) #elif defined(HAVE_C___ATOMIC)
#ifdef __cplusplus #ifdef __cplusplus
@ -429,6 +431,8 @@
/* C++ using direct calls to compiler built-in functions */ /* C++ using direct calls to compiler built-in functions */
typedef volatile int wolfSSL_Atomic_Int; typedef volatile int wolfSSL_Atomic_Int;
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
#define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), __ATOMIC_CONSUME)
#define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), val, __ATOMIC_RELEASE)
#define WOLFSSL_ATOMIC_OPS #define WOLFSSL_ATOMIC_OPS
#endif #endif
#else #else
@ -437,6 +441,8 @@
#include <stdatomic.h> #include <stdatomic.h>
typedef atomic_int wolfSSL_Atomic_Int; typedef atomic_int wolfSSL_Atomic_Int;
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
#define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
#define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
#define WOLFSSL_ATOMIC_OPS #define WOLFSSL_ATOMIC_OPS
#endif /* WOLFSSL_HAVE_ATOMIC_H */ #endif /* WOLFSSL_HAVE_ATOMIC_H */
#endif #endif
@ -449,6 +455,8 @@
#endif #endif
typedef volatile long wolfSSL_Atomic_Int; typedef volatile long wolfSSL_Atomic_Int;
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
#define WOLFSSL_ATOMIC_LOAD(x) (x)
#define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
#define WOLFSSL_ATOMIC_OPS #define WOLFSSL_ATOMIC_OPS
#endif #endif
#endif /* WOLFSSL_NO_ATOMICS */ #endif /* WOLFSSL_NO_ATOMICS */