wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Test cleanups. Fix possible leak in TLSX_UseSRTP.

Browse Source
This commit is contained in:
David Garske
2022-01-19 09:20:45 -08:00
parent 86ba0ef643
commit 8e0ece920b
6 changed files with 53 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
examples/client/client.c
View File

@ -1770,32 +1770,34 @@ static void Usage(void)
* calls srtp_helper_get_ekm() to wait and then get the ekm computed by the * calls srtp_helper_get_ekm() to wait and then get the ekm computed by the
* server, then check if it matches the one computed by itself. * server, then check if it matches the one computed by itself.
*/ */
static int client_srtp_test(WOLFSSL *ssl, struct srtp_test_helper *srtp_helper) static int client_srtp_test(WOLFSSL *ssl, srtp_test_helper *srtp_helper)
{ {
uint8_t *srtp_secret, *other_secret, *p; byte *srtp_secret, *other_secret = NULL, *p;
size_t srtp_secret_length, other_size; size_t srtp_secret_length, other_size = 0;
int ret; int ret;
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
&srtp_secret_length); &srtp_secret_length);
if (ret != LENGTH_ONLY_E) { if (ret != LENGTH_ONLY_E) {
printf("SRTP: can't get dtsl_srtp keying material"); printf("DTLS SRTP: Error getting keying material length\n");
return ret; return ret;
} }
srtp_secret = (uint8_t*)XMALLOC(srtp_secret_length, srtp_secret = (byte*)XMALLOC(srtp_secret_length,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (srtp_secret == NULL) if (srtp_secret == NULL) {
err_sys("SRTP: low memory"); err_sys("DTLS SRTP: Low memory");
}
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret, ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret,
&srtp_secret_length); &srtp_secret_length);
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
printf("SRTP: can't get dtsl_srtp keying material"); XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf("DTLS SRTP: Error getting keying material\n");
return ret; return ret;
} }
printf("DTLS-SRTP exported key material:\n"); printf("DTLS SRTP: Exported key material:\n");
for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++) for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++)
printf("%02X", *p); printf("%02X", *p);
printf("\n"); printf("\n");
@ -1808,7 +1810,7 @@ static int client_srtp_test(WOLFSSL *ssl, struct srtp_test_helper *srtp_helper)
/* we are delegated from server to free this buffer */ /* we are delegated from server to free this buffer */
XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf("SRTP: Exported Keying Material mismatch"); printf("DTLS SRTP: Exported Keying Material mismatch\n");
return WOLFSSL_UNKNOWN; return WOLFSSL_UNKNOWN;
} }
@ -1820,7 +1822,7 @@ static int client_srtp_test(WOLFSSL *ssl, struct srtp_test_helper *srtp_helper)
return 0; return 0;
} }
#endif #endif /* WOLFSSL_SRTP */
THREAD_RETURN WOLFSSL_THREAD client_test(void* args) THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{ {
@ -3974,7 +3976,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
if (dtlsSrtpProfiles != NULL) { if (dtlsSrtpProfiles != NULL) {
err = client_srtp_test(ssl, ((func_args*)args)->srtp_test_helper); err = client_srtp_test(ssl, ((func_args*)args)->srtp_helper);
if (err != 0) { if (err != 0) {
if (exitWithRet) { if (exitWithRet) {
((func_args*)args)->return_code = err; ((func_args*)args)->return_code = err;
@ -3986,7 +3988,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("SRTP check failed"); err_sys("SRTP check failed");
} }
} }
#endif #endif /* WOLFSSL_SRTP */
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (updateKeysIVs) if (updateKeysIVs)
@ -4340,7 +4342,7 @@ exit:
StartTCP(); StartTCP();
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
args.srtp_test_helper = NULL; args.srtp_helper = NULL;
#endif #endif
args.argc = argc; args.argc = argc;
args.argv = argv; args.argv = argv;

30
examples/server/server.c
View File

@ -1290,41 +1290,44 @@ static void Usage(void)
* calls srtp_helper_set_ekm() to wake the client and share the ekm with * calls srtp_helper_set_ekm() to wake the client and share the ekm with
* him. The client will check that the ekm matches the one computed by itself. * him. The client will check that the ekm matches the one computed by itself.
*/ */
static int server_srtp_test(WOLFSSL *ssl, struct srtp_test_helper *srtp_helper) static int server_srtp_test(WOLFSSL *ssl, srtp_test_helper *srtp_helper)
{ {
size_t srtp_secret_length; size_t srtp_secret_length;
uint8_t *srtp_secret, *p; byte *srtp_secret, *p;
int ret; int ret;
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
&srtp_secret_length); &srtp_secret_length);
if (ret != LENGTH_ONLY_E) { if (ret != LENGTH_ONLY_E) {
printf("SRTP: can't get dtsl_srtp keying material"); printf("DTLS SRTP: Error getting key material length\n");
return ret; return ret;
} }
srtp_secret = (uint8_t*)XMALLOC(srtp_secret_length, srtp_secret = (byte*)XMALLOC(srtp_secret_length,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (srtp_secret == NULL) if (srtp_secret == NULL) {
err_sys("SRTP: low memory"); err_sys("DTLS SRTP: Memory error");
}
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret, ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret,
&srtp_secret_length); &srtp_secret_length);
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
printf("SRTP: can't get dtsl_srtp keying material"); XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf("DTLS SRTP: Error getting key material\n");
return ret; return ret;
} }
printf("DTLS-SRTP exported key material:\n"); printf("DTLS SRTP: Exported key material:\n");
for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++) for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++)
printf("%02X", *p); printf("%02X", *p);
printf("\n"); printf("\n");
if (srtp_helper != NULL) { if (srtp_helper != NULL) {
srtp_helper_set_ekm(srtp_helper, srtp_secret, srtp_secret_length); srtp_helper_set_ekm(srtp_helper, srtp_secret, srtp_secret_length);
/* client code will free srtp_sercret buffer after checking for /* client code will free srtp_secret buffer after checking for
correctness */ correctness */
} else { }
else {
XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
} }
@ -3143,7 +3146,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
if (dtlsSrtpProfiles != NULL) { if (dtlsSrtpProfiles != NULL) {
err = server_srtp_test(ssl, ((func_args*)args)->srtp_test_helper); err = server_srtp_test(ssl, ((func_args*)args)->srtp_helper);
if (err != 0) { if (err != 0) {
if (exitWithRet) { if (exitWithRet) {
((func_args*)args)->return_code = err; ((func_args*)args)->return_code = err;
@ -3155,8 +3158,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
err_sys("SRTP check failed"); err_sys("SRTP check failed");
} }
} }
#endif /* WOLFSSL_SRTP */
#endif
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
if (alpnList != NULL) { if (alpnList != NULL) {
@ -3422,7 +3424,7 @@ exit:
args.signal = &ready; args.signal = &ready;
args.return_code = 0; args.return_code = 0;
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
args.srtp_test_helper = NULL; args.srtp_helper = NULL;
#endif #endif
InitTcpReady(&ready); InitTcpReady(&ready);

9
src/ssl.c
View File

@ -1301,18 +1301,15 @@ static const WOLFSSL_SRTP_PROTECTION_PROFILE gSrtpProfiles[] = {
static const WOLFSSL_SRTP_PROTECTION_PROFILE* DtlsSrtpFindProfile( static const WOLFSSL_SRTP_PROTECTION_PROFILE* DtlsSrtpFindProfile(
const char* profile_str, word32 profile_str_len, unsigned long id) const char* profile_str, word32 profile_str_len, unsigned long id)
{ {
size_t srtp_profile_len;
int i; int i;
const WOLFSSL_SRTP_PROTECTION_PROFILE* profile = NULL; const WOLFSSL_SRTP_PROTECTION_PROFILE* profile = NULL;
for (i=0; for (i=0;
i<(int)(sizeof(gSrtpProfiles)/sizeof(WOLFSSL_SRTP_PROTECTION_PROFILE)); i<(int)(sizeof(gSrtpProfiles)/sizeof(WOLFSSL_SRTP_PROTECTION_PROFILE));
i++) { i++) {
if (profile_str != NULL) { if (profile_str != NULL) {
srtp_profile_len = strlen(gSrtpProfiles[i].name); word32 srtp_profile_len = (word32)XSTRLEN(gSrtpProfiles[i].name);
if (srtp_profile_len != profile_str_len) if (srtp_profile_len == profile_str_len &&
continue; XMEMCMP(gSrtpProfiles[i].name, profile_str, profile_str_len)
if (XMEMCMP(gSrtpProfiles[i].name, profile_str, profile_str_len)
== 0) { == 0) {
profile = &gSrtpProfiles[i]; profile = &gSrtpProfiles[i];
break; break;

11
src/tls.c
View File

@ -5507,20 +5507,19 @@ static word16 TLSX_UseSRTP_Write(TlsxSrtp* srtp, byte* output)
static int TLSX_UseSRTP(TLSX** extensions, word16 profiles, void* heap) static int TLSX_UseSRTP(TLSX** extensions, word16 profiles, void* heap)
{ {
int ret = 0; int ret = 0;
TlsxSrtp *srtp = NULL;
TLSX* extension; TLSX* extension;
if (extensions == NULL) { if (extensions == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
srtp = TLSX_UseSRTP_New(profiles, heap);
if (srtp == NULL) {
return MEMORY_E;
}
extension = TLSX_Find(*extensions, TLSX_USE_SRTP); extension = TLSX_Find(*extensions, TLSX_USE_SRTP);
if (extension == NULL) { if (extension == NULL) {
TlsxSrtp* srtp = TLSX_UseSRTP_New(profiles, heap);
if (srtp == NULL) {
return MEMORY_E;
}
ret = TLSX_Push(extensions, TLSX_USE_SRTP, (void*)srtp, heap); ret = TLSX_Push(extensions, TLSX_USE_SRTP, (void*)srtp, heap);
if (ret != 0) { if (ret != 0) {
TLSX_UseSRTP_Free(srtp, heap); TLSX_UseSRTP_Free(srtp, heap);

6
tests/suites.c
View File

@ -322,7 +322,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#endif #endif
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
struct srtp_test_helper srtp_helper; srtp_test_helper srtp_helper;
#endif #endif
/* Is Valid Cipher and Version Checks */ /* Is Valid Cipher and Version Checks */
/* build command list for the Is checks below */ /* build command list for the Is checks below */
@ -454,8 +454,8 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
srtp_helper_init(&srtp_helper); srtp_helper_init(&srtp_helper);
cliArgs.srtp_test_helper = &srtp_helper; cliArgs.srtp_helper = &srtp_helper;
svrArgs.srtp_test_helper = &srtp_helper; svrArgs.srtp_helper = &srtp_helper;
#endif #endif
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self()); fdOpenSession(Task_self());

20
wolfssl/test.h
View File

@ -521,14 +521,14 @@ typedef struct callback_functions {
} callback_functions; } callback_functions;
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
struct srtp_test_helper { typedef struct srtp_test_helper {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_t mutex; pthread_mutex_t mutex;
pthread_cond_t cond; pthread_cond_t cond;
#endif #endif
uint8_t *server_srtp_ekm; uint8_t* server_srtp_ekm;
size_t server_srtp_ekm_size; size_t server_srtp_ekm_size;
}; } srtp_test_helper;
#endif #endif
typedef struct func_args { typedef struct func_args {
@ -538,7 +538,7 @@ typedef struct func_args {
tcp_ready* signal; tcp_ready* signal;
callback_functions *callbacks; callback_functions *callbacks;
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
struct srtp_test_helper *srtp_test_helper; srtp_test_helper* srtp_helper;
#endif #endif
} func_args; } func_args;
@ -645,7 +645,7 @@ extern char* myoptarg;
#ifdef WOLFSSL_SRTP #ifdef WOLFSSL_SRTP
static WC_INLINE void srtp_helper_init(struct srtp_test_helper *srtp) static WC_INLINE void srtp_helper_init(srtp_test_helper *srtp)
{ {
srtp->server_srtp_ekm_size = 0; srtp->server_srtp_ekm_size = 0;
srtp->server_srtp_ekm = NULL; srtp->server_srtp_ekm = NULL;
@ -664,7 +664,7 @@ static WC_INLINE void srtp_helper_init(struct srtp_test_helper *srtp)
* This function wait that the other peer calls strp_helper_set_ekm() and then * This function wait that the other peer calls strp_helper_set_ekm() and then
* store the buffer pointer/size in @ekm and @size. * store the buffer pointer/size in @ekm and @size.
*/ */
static WC_INLINE void srtp_helper_get_ekm(struct srtp_test_helper *srtp, static WC_INLINE void srtp_helper_get_ekm(srtp_test_helper *srtp,
uint8_t **ekm, size_t *size) uint8_t **ekm, size_t *size)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
@ -695,7 +695,7 @@ static WC_INLINE void srtp_helper_get_ekm(struct srtp_test_helper *srtp,
* *
* used in client_srtp_test()/server_srtp_test() * used in client_srtp_test()/server_srtp_test()
*/ */
static WC_INLINE void srtp_helper_set_ekm(struct srtp_test_helper *srtp, static WC_INLINE void srtp_helper_set_ekm(srtp_test_helper *srtp,
uint8_t *ekm, size_t size) uint8_t *ekm, size_t size)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
@ -709,7 +709,7 @@ static WC_INLINE void srtp_helper_set_ekm(struct srtp_test_helper *srtp,
#endif #endif
} }
static WC_INLINE void srtp_helper_free(struct srtp_test_helper *srtp) static WC_INLINE void srtp_helper_free(srtp_test_helper *srtp)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_destroy(&srtp->mutex); pthread_mutex_destroy(&srtp->mutex);
@ -717,7 +717,7 @@ static WC_INLINE void srtp_helper_free(struct srtp_test_helper *srtp)
#endif #endif
} }
#endif #endif /* WOLFSSL_SRTP */
/** /**
* *