tests: fix AesKeyExport lifecycle-tag leak and server-only session-cache test

The last two red PR jobs, both in the branch's new tests:

- intelasm (ASAN): test_wc_AesKeyExportArgMcdc calls wc_AesInit_Id() and
  wc_AesInit_Label() which succeed (allocating the WC_DEBUG_CIPHER_LIFECYCLE
  tag) but were never freed -> 8-byte LeakSanitizer leak. Add wc_AesFree()
  to both blocks.
- no-client-no-client-auth (minimal server-only build):
  test_wolfSSL_session_cache_api_direct's wolfSSL_new() returned NULL because
  a certless server CTX has no usable cipher suite. Load the test server
  cert/key (file, with a USE_CERT_BUFFERS_2048 fallback) before wolfSSL_new()
  in the server-only path; the client path is cert-free as before.

Verified: --enable-all + ASAN run of the aes group is leak-free, and
CPPFLAGS="-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH" now passes.
This commit is contained in:
Daniele Lacamera
2026-07-06 18:02:06 +02:00
parent ba3fd1203b
commit a9299732d9
2 changed files with 16 additions and 0 deletions
+14
View File
@@ -4608,6 +4608,20 @@ static int test_wolfSSL_session_cache_api_direct(void)
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#elif !defined(NO_WOLFSSL_SERVER)
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* A client CTX yields a usable WOLFSSL* cert-free, but a server needs a
* cert+key or wolfSSL_new() has no usable cipher suite and returns NULL
* (e.g. minimal server-only builds). Load the test server cert/key. */
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#elif !defined(NO_CERTS) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
#endif
ExpectNotNull(ssl = wolfSSL_new(ctx));
+2
View File
@@ -9927,6 +9927,7 @@ int test_wc_AesKeyExportArgMcdc(void)
WC_NO_ERR_TRACE(BUFFER_E));
ExpectIntEQ(wc_AesInit_Id(&aes, id, AES_MAX_ID_LEN + 1, NULL,
INVALID_DEVID), WC_NO_ERR_TRACE(BUFFER_E));
wc_AesFree(&aes); /* first init succeeded; free its lifecycle tag */
}
/* wc_AesInit_Label(): aes/label == NULL OR-chain, plus labelLen == 0 /
@@ -9949,6 +9950,7 @@ int test_wc_AesKeyExportArgMcdc(void)
WC_NO_ERR_TRACE(BUFFER_E));
ExpectIntEQ(wc_AesInit_Label(&aes, longLabel, NULL, INVALID_DEVID),
WC_NO_ERR_TRACE(BUFFER_E));
wc_AesFree(&aes); /* first init succeeded; free its lifecycle tag */
}
#endif /* WOLF_PRIVATE_KEY_ID */