From 59fb81c9500041ebdcaa4cb871f7c2bc664959db Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 27 Jan 2020 21:10:47 -0600 Subject: [PATCH 1/4] Add fix --- src/ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 7bb58e1fd..e94bfc3ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2947,7 +2947,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl) /* call wolfSSL_shutdown again for bidirectional shutdown */ if (ssl->options.sentNotify && !ssl->options.closeNotify) { - ret = wolfSSL_read(ssl, &tmp, 0); + ret = wolfSSL_read(ssl, &tmp, 1); if (ret < 0) { WOLFSSL_ERROR(ssl->error); ret = WOLFSSL_FATAL_ERROR; @@ -2955,7 +2955,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl) ssl->error = WOLFSSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */ ret = WOLFSSL_SUCCESS; } else if ((ssl->error == WOLFSSL_ERROR_NONE) && - (ret < WOLFSSL_SUCCESS)) { + (ret > 0)) { ret = WOLFSSL_SHUTDOWN_NOT_DONE; } } From 41d3ba0efa4200b6f2302026245b9e99a4f2b607 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 17 Feb 2020 16:39:34 -0600 Subject: [PATCH 2/4] Tests and examples for bidirectional shutdown --- examples/client/client.c | 7 +++++-- examples/server/server.c | 8 ++++++-- tests/test.conf | 6 ++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index de839b3e7..971306de6 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3045,8 +3045,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (dtlsUDP == 0) { /* don't send alert after "break" command */ ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) - wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); + } } #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) if (atomicUser) diff --git a/examples/server/server.c b/examples/server/server.c index 7440d64df..140d21494 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2378,9 +2378,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (dtlsUDP == 0) { ret = SSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) - SSL_shutdown(ssl); /* bidirectional shutdown */ + while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret = SSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); + } } + /* display collected statistics */ #ifdef WOLFSSL_STATIC_MEMORY if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) diff --git a/tests/test.conf b/tests/test.conf index 2e67d461f..736bdf935 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2188,3 +2188,9 @@ -v 3 -l ECDHE-RSA-AES128-SHA256 -U + +# server with bidirectional shutdown +-w + +# client with bidirectional shutdown +-w From 3f7ce61dbdc27b76b99c445cc39411deff6b3e25 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 1 Apr 2020 11:14:25 -0500 Subject: [PATCH 3/4] Updates from review --- examples/client/client.c | 18 +++++++++++++----- examples/server/server.c | 4 +++- src/ssl.c | 17 ++++++++--------- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 971306de6..1df295db8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -762,8 +762,14 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) printf("%s\n", tmpBuf); ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) - wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); + } + } return WOLFSSL_SUCCESS; } @@ -3046,9 +3052,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (dtlsUDP == 0) { /* don't send alert after "break" command */ ret = wolfSSL_shutdown(ssl); while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { - ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ - if (ret == WOLFSSL_SUCCESS) - printf("Bidirectional shutdown complete\n"); + if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); + } } } #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) diff --git a/examples/server/server.c b/examples/server/server.c index 140d21494..ec10eb5d1 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -51,6 +51,8 @@ static int devId = INVALID_DEVID; #endif +#define DEFAULT_TIMEOUT_SEC 2 + /* Note on using port 0: if the server uses port 0 to bind an ephemeral port * number and is using the ready file for scripted testing, the code in * test.h will write the actual port number into the ready file for use @@ -2378,7 +2380,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (dtlsUDP == 0) { ret = SSL_shutdown(ssl); - while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { ret = SSL_shutdown(ssl); /* bidirectional shutdown */ if (ret == WOLFSSL_SUCCESS) printf("Bidirectional shutdown complete\n"); diff --git a/src/ssl.c b/src/ssl.c index e94bfc3ce..9e153c2b1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2908,7 +2908,6 @@ WOLFSSL_ABI int wolfSSL_shutdown(WOLFSSL* ssl) { int ret = WOLFSSL_FATAL_ERROR; - byte tmp; WOLFSSL_ENTER("SSL_shutdown()"); if (ssl == NULL) @@ -2947,16 +2946,16 @@ int wolfSSL_shutdown(WOLFSSL* ssl) /* call wolfSSL_shutdown again for bidirectional shutdown */ if (ssl->options.sentNotify && !ssl->options.closeNotify) { - ret = wolfSSL_read(ssl, &tmp, 1); - if (ret < 0) { + ret = ProcessReply(ssl); + if (ret == ZERO_RETURN) { + /* simulate OpenSSL behavior */ + ssl->error = WOLFSSL_ERROR_SYSCALL; + ret = WOLFSSL_SUCCESS; + } else if (ssl->error == WOLFSSL_ERROR_NONE) { + ret = WOLFSSL_SHUTDOWN_NOT_DONE; + } else { WOLFSSL_ERROR(ssl->error); ret = WOLFSSL_FATAL_ERROR; - } else if (ssl->options.closeNotify) { - ssl->error = WOLFSSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */ - ret = WOLFSSL_SUCCESS; - } else if ((ssl->error == WOLFSSL_ERROR_NONE) && - (ret > 0)) { - ret = WOLFSSL_SHUTDOWN_NOT_DONE; } } } From b1ec15de3e576b5fdc9987642b71d78a014121de Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 1 Apr 2020 17:48:17 -0500 Subject: [PATCH 4/4] Only try shutdown once in example --- examples/client/client.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 1df295db8..5c1e906d2 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -762,13 +762,15 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) printf("%s\n", tmpBuf); ret = wolfSSL_shutdown(ssl); - while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ if (ret == WOLFSSL_SUCCESS) printf("Bidirectional shutdown complete\n"); } + if (ret != WOLFSSL_SUCCESS) + printf("Bidirectional shutdown failed\n"); } return WOLFSSL_SUCCESS; @@ -3051,12 +3053,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (dtlsUDP == 0) { /* don't send alert after "break" command */ ret = wolfSSL_shutdown(ssl); - while (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ if (ret == WOLFSSL_SUCCESS) printf("Bidirectional shutdown complete\n"); } + if (ret != WOLFSSL_SUCCESS) + printf("Bidirectional shutdown failed\n"); } } #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)