Merge branch 'leah-master'

2015-02-16 14:24:28 -08:00
parent ff79e646e1 5f3b1d90b6
commit de7c9da363
8 changed files with 148 additions and 35 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -141,6 +141,7 @@ static void Usage(void)
    printf("-m          Match domain name in cert\n");
    printf("-N          Use Non-blocking sockets\n");
    printf("-r          Resume session\n");
    printf("-w          Wait for bidirectional shutdown\n");
 #ifdef HAVE_SECURE_RENEGOTIATION
    printf("-R          Allow Secure Renegotiation\n");
    printf("-i          Force client Initiated Secure Renegotiation\n");
@ -207,6 +208,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    int    doPeerCheck = 1;
    int    nonBlocking = 0;
    int    resumeSession = 0;
    int    shutdown      = 0;
    int    ret;
    int    scr           = 0;    /* allow secure renegotiation */
    int    forceScr      = 0;    /* force client initiaed scr */
    int    trackMemory   = 0;
@ -258,7 +261,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    StackTrap();
    while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
        switch (ch) {
            case '?' :
                Usage();
@ -367,6 +370,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                resumeSession = 1;
                break;
            case 'w' :
                shutdown = 1;
                break;
            case 'R' :
                #ifdef HAVE_SECURE_RENEGOTIATION
                    scr = 1;
@ -802,8 +809,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    }
 #endif
-    if (doDTLS == 0)            /* don't send alert after "break" command */
+    if (doDTLS == 0) {           /* don't send alert after "break" command */
-        wolfSSL_shutdown(ssl);  /* echoserver will interpret as new conn */
+        ret = wolfSSL_shutdown(ssl);
        if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
            wolfSSL_shutdown(ssl);    /* bidirectional shutdown */
    }
 #ifdef ATOMIC_USER
    if (atomicUser)
        FreeAtomicUser(ssl);
@ -879,7 +889,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
        /* try to send session break */
        wolfSSL_write(sslResume, msg, msgSz); 
-        wolfSSL_shutdown(sslResume);
+        ret = wolfSSL_shutdown(sslResume);
        if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
            wolfSSL_shutdown(sslResume);    /* bidirectional shutdown */
        wolfSSL_free(sslResume);
        CloseSocket(sockfd);
    }
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -135,6 +135,7 @@ static void Usage(void)
    printf("-r          Create server ready file, for external monitor\n");
    printf("-N          Use Non-blocking sockets\n");
    printf("-S <str>    Use Host Name Indication\n");
    printf("-w          Wait for bidirectional shutdown\n");
 #ifdef HAVE_OCSP
    printf("-o          Perform OCSP lookup on peer certificate\n");
    printf("-O <url>    Perform OCSP lookup using <url> as responder\n");
@ -173,6 +174,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    int    fewerPackets = 0;
    int    pkCallbacks  = 0;
    int    serverReadyFile = 0;
    int    shutdown        = 0;
    int    ret;
    char*  cipherList = NULL;
    const char* verifyCert = cliCert;
    const char* ourCert    = svrCert;
@ -203,7 +206,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    fdOpenSession(Task_self());
 #endif
-    while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
        switch (ch) {
            case '?' :
                Usage();
@ -257,6 +260,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                #endif
                break;
            case 'w' :
                shutdown = 1;
                break;
            case 'v' :
                version = atoi(myoptarg);
                if (version < 0 || version > 3) {
@ -560,7 +567,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        Task_yield();
    #endif
-    SSL_shutdown(ssl);
+    ret = SSL_shutdown(ssl);
    if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
        SSL_shutdown(ssl);    /* bidirectional shutdown */
    SSL_free(ssl);
    SSL_CTX_free(ctx);
--- a/src/internal.c
+++ b/src/internal.c
@ -6352,7 +6352,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
        ssl->options.closeNotify = 1;
    }
    WOLFSSL_ERROR(*type);
    if (ssl->keys.encryptionOn) {
        if (*inOutIdx + ssl->keys.padSz > totalSz)
            return BUFFER_E;
--- a/src/ssl.c
+++ b/src/ssl.c
@ -917,6 +917,8 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
 /* SSL_SUCCESS on ok */
 int wolfSSL_shutdown(WOLFSSL* ssl)
 {
    int  ret = SSL_FATAL_ERROR;
    byte tmp;
    WOLFSSL_ENTER("SSL_shutdown()");
    if (ssl == NULL)
@ -936,13 +938,30 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
            return SSL_FATAL_ERROR;
        }
        ssl->options.sentNotify = 1;  /* don't send close_notify twice */
        if (ssl->options.closeNotify)
            ret = SSL_SUCCESS;
        else
            ret = SSL_SHUTDOWN_NOT_DONE;
        WOLFSSL_LEAVE("SSL_shutdown()", ret);
        return ret;
    }
-    WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
+    /* call wolfSSL_shutdown again for bidirectional shudown */
    if (ssl->options.sentNotify && !ssl->options.closeNotify) {
        ret = wolfSSL_read(ssl, &tmp, 0);
        if (ret < 0) {
            WOLFSSL_ERROR(ssl->error);
            ret = SSL_FATAL_ERROR;
        } else if (ssl->options.closeNotify) {
            ssl->error = SSL_ERROR_SYSCALL;   /* simulate OpenSSL behavior */
            ret = SSL_SUCCESS;
        }
    }
-    ssl->error = SSL_ERROR_SYSCALL;   /* simulate OpenSSL behavior */
+    WOLFSSL_LEAVE("SSL_shutdown()", ret);
-    return SSL_SUCCESS;
+    return ret;
 }
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@ -47,12 +47,7 @@ enum {
    NUMARGS = 3
 };
-#ifndef USE_WINDOWS_API
+static const char *outputName;
    static const char outputName[] = "/tmp/output";
 #else
    static const char outputName[] = "output";
 #endif
 int myoptind = 0;
 char* myoptarg = NULL;
@ -77,6 +72,16 @@ int testsuite_test(int argc, char** argv)
    tcp_ready ready;
    THREAD_TYPE serverThread;
 #ifndef USE_WINDOWS_API
    char tempName[] = "/tmp/output-XXXXXX";
    int len = 18;
    int num = 6;
 #else
    char tempName[] = "fnXXXXXX";
    int len = 8;
    int num = 6;
 #endif
 #ifdef HAVE_CAVIUM
        int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
        if (ret != 0)
@ -136,6 +141,13 @@ int testsuite_test(int argc, char** argv)
        echo_args.argc = 3;
        echo_args.argv = myArgv;
        /* Create unique file name */
        outputName = mymktemp(tempName, len, num);
        if (outputName == NULL) {
            printf("Could not create unique file name");
            return EXIT_FAILURE;
        }
        strcpy(echo_args.argv[0], "echoclient");
        strcpy(echo_args.argv[1], "input");
        strcpy(echo_args.argv[2], outputName);
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -3179,30 +3179,49 @@ int rsa_test(void)
    wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
 #endif
    ret = wc_InitRsaKey(&key, 0);
-    if (ret != 0) return -39;
+    if (ret != 0) {
        free(tmp);
        return -39;
    }
    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
-    if (ret != 0) return -41;
+    if (ret != 0) {
-
+        free(tmp);
        return -41;
    }
    ret = wc_InitRng(&rng);
-    if (ret != 0) return -42;
+    if (ret != 0) {
-
+        free(tmp);
        return -42;
    }
    ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
-    if (ret < 0) return -43;
+    if (ret < 0) {
-
+        free(tmp);
        return -43;
    }
    ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
-    if (ret < 0) return -44;
+    if (ret < 0) {
-
+        free(tmp);
-    if (memcmp(plain, in, inLen)) return -45;
+        return -44;
-
+    }
    if (memcmp(plain, in, inLen)) {
        free(tmp);
        return -45;
    }
    ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
-    if (ret < 0) return -46;
+    if (ret < 0) {
-
+        free(tmp);
        return -46;
    }
    memset(plain, 0, sizeof(plain));
    ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
-    if (ret < 0) return -47;
+    if (ret < 0) {
-
+        free(tmp);
-    if (memcmp(plain, in, ret)) return -48;
+        return -47;
-
+    }
    if (memcmp(plain, in, ret)) {
        free(tmp);
        return -48;
    }
 #if defined(WOLFSSL_MDK_ARM)
    #define sizeof(s) strlen((char *)(s))
 #endif
@ -3215,8 +3234,10 @@ int rsa_test(void)
    bytes = sizeof_client_cert_der_2048;
 #else
    file2 = fopen(clientCert, "rb");
-    if (!file2)
+    if (!file2) {
        free(tmp);
        return -49;
    }
    bytes = fread(tmp, 1, FOURK_BUF, file2);
    fclose(file2);
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -644,6 +644,7 @@ enum { /* ssl Constants */
    SSL_ERROR_NONE      =  0,   /* for most functions */
    SSL_FAILURE         =  0,   /* for some functions */
    SSL_SUCCESS         =  1,
    SSL_SHUTDOWN_NOT_DONE =  2,  /* call wolfSSL_shutdown again to complete */
    SSL_BAD_CERTTYPE    = -8,
    SSL_BAD_STAT        = -7,
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@ -10,6 +10,7 @@
 #include <cyassl/ssl.h> /* portability layer */
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 #ifdef ATOMIC_USER
    #include <wolfssl/wolfcrypt/aes.h>
@ -17,7 +18,6 @@
    #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 #ifdef HAVE_PK_CALLBACKS
    #include <wolfssl/wolfcrypt/random.h>
    #include <wolfssl/wolfcrypt/asn.h>
    #ifdef HAVE_ECC
        #include <wolfssl/wolfcrypt/ecc.h>
@ -1791,5 +1791,44 @@ static INLINE char* strsep(char **stringp, const char *delim)
 #endif /* __hpux__ */
 /* Create unique filename, len is length of tempfn name, assuming
   len does not include null terminating character,
   num is number of characters in tempfn name to randomize */
 static INLINE const char* mymktemp(char *tempfn, int len, int num)
 {
    int x, size;
    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                                   "abcdefghijklmnopqrstuvwxyz";
    RNG rng;
    byte out;
    if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
        printf("Bad input\n");
        return NULL;
    }
    size = len - 1;
    if (wc_InitRng(&rng) != 0) {
        printf("InitRng failed\n");
        return NULL;
    }
    for (x = size; x > size - num; x--) {
        if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
            printf("RNG_GenerateBlock failed\n");
            return NULL;
        }
        tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
    }
    tempfn[len] = '\0';
 #if defined(HAVE_HASHDRBG)
    wc_FreeRng(&rng);
 #endif
    return tempfn;
 }
 #endif /* wolfSSL_TEST_H */