mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 06:10:53 +02:00
tests: fix AesKeyExport lifecycle-tag leak and server-only session-cache test
The last two red PR jobs, both in the branch's new tests: - intelasm (ASAN): test_wc_AesKeyExportArgMcdc calls wc_AesInit_Id() and wc_AesInit_Label() which succeed (allocating the WC_DEBUG_CIPHER_LIFECYCLE tag) but were never freed -> 8-byte LeakSanitizer leak. Add wc_AesFree() to both blocks. - no-client-no-client-auth (minimal server-only build): test_wolfSSL_session_cache_api_direct's wolfSSL_new() returned NULL because a certless server CTX has no usable cipher suite. Load the test server cert/key (file, with a USE_CERT_BUFFERS_2048 fallback) before wolfSSL_new() in the server-only path; the client path is cert-free as before. Verified: --enable-all + ASAN run of the aes group is leak-free, and CPPFLAGS="-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH" now passes.
This commit is contained in:
+14
@@ -4608,6 +4608,20 @@ static int test_wolfSSL_session_cache_api_direct(void)
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||
#elif !defined(NO_WOLFSSL_SERVER)
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||
/* A client CTX yields a usable WOLFSSL* cert-free, but a server needs a
|
||||
* cert+key or wolfSSL_new() has no usable cipher suite and returns NULL
|
||||
* (e.g. minimal server-only builds). Load the test server cert/key. */
|
||||
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
|
||||
ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
|
||||
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
|
||||
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
|
||||
#elif !defined(NO_CERTS) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
|
||||
ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
|
||||
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
|
||||
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
#endif
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
|
||||
|
||||
@@ -9927,6 +9927,7 @@ int test_wc_AesKeyExportArgMcdc(void)
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
ExpectIntEQ(wc_AesInit_Id(&aes, id, AES_MAX_ID_LEN + 1, NULL,
|
||||
INVALID_DEVID), WC_NO_ERR_TRACE(BUFFER_E));
|
||||
wc_AesFree(&aes); /* first init succeeded; free its lifecycle tag */
|
||||
}
|
||||
|
||||
/* wc_AesInit_Label(): aes/label == NULL OR-chain, plus labelLen == 0 /
|
||||
@@ -9949,6 +9950,7 @@ int test_wc_AesKeyExportArgMcdc(void)
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
ExpectIntEQ(wc_AesInit_Label(&aes, longLabel, NULL, INVALID_DEVID),
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
wc_AesFree(&aes); /* first init succeeded; free its lifecycle tag */
|
||||
}
|
||||
#endif /* WOLF_PRIVATE_KEY_ID */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user