Address review: narrow CryptoCb introspection to a boolean check

- Replace public wc_CryptoCb_GetDevice() with
  wc_CryptoCb_IsDeviceRegistered() returns 1 or 0. keep the CryptoCb
  struct and GetDevice private.
- Reject RegisterDevice(INVALID_DEVID) with BAD_FUNC_ARG instead of ALREADY_E.
- Document the new API and the ALREADY_E/BAD_FUNC_ARG returns.
- Fix table-full test to not leak when MAX_CRYPTO_DEVID_CALLBACKS >= 256.
This commit is contained in:
Alex Lanzano
2026-06-10 15:02:22 -04:00
parent 451eaf9cba
commit c0ec8f39b2
4 changed files with 75 additions and 31 deletions
+30
View File
@@ -13,6 +13,10 @@
\return CRYPTOCB_UNAVAILABLE to fallback to using software crypto
\return 0 for success
\return ALREADY_E if devId is already registered. A devId must be
un-registered with wc_CryptoCb_UnRegisterDevice before it can be
registered again; re-registering an active devId is not an in-place update.
\return BAD_FUNC_ARG if devId is INVALID_DEVID (-2)
\return negative value for failure
\param devId any unique value, not -2 (INVALID_DEVID)
@@ -98,6 +102,32 @@
*/
int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
/*!
\ingroup CryptoCb
\brief This function reports whether a crypto callback device identifier
(devID) is currently registered. It is useful for checking registration
state before calling wc_CryptoCb_RegisterDevice, which now rejects an
already-registered devID with ALREADY_E.
\return 1 if the device ID is registered
\return 0 if the device ID is not registered, or if devId is
INVALID_DEVID (-2)
\param devId the device identifier to query
_Example_
\code
if (!wc_CryptoCb_IsDeviceRegistered(devId)) {
wc_CryptoCb_RegisterDevice(devId, myCryptoCb_Func, &myCtx);
}
\endcode
\sa wc_CryptoCb_RegisterDevice
\sa wc_CryptoCb_UnRegisterDevice
*/
int wc_CryptoCb_IsDeviceRegistered(int devId);
/*!
\ingroup CryptoCb
+21 -21
View File
@@ -29228,28 +29228,27 @@ static int test_wc_CryptoCb(void)
int tlsVer;
#endif
/* Exercise the exposed CryptoCb device-management API:
* wc_CryptoCb_RegisterDevice / UnRegisterDevice / GetDevice /
* wc_CryptoCb_RegisterDevice / UnRegisterDevice / IsDeviceRegistered /
* DefaultDevID (and InfoString when DEBUG_CRYPTOCB is enabled). */
{
int getDevId = 1234;
int getDevCtx = 0;
CryptoCb* dev = NULL;
int i, n, rc;
/* Unregistered devId is not found. */
ExpectNull(wc_CryptoCb_GetDevice(getDevId));
/* Unregistered devId is not reported as registered. */
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(getDevId), 0);
/* After registering, the device is found with matching fields. */
/* Registering with INVALID_DEVID is rejected. */
ExpectIntEQ(wc_CryptoCb_RegisterDevice(INVALID_DEVID, NULL, &getDevCtx),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(INVALID_DEVID), 0);
/* After registering, the device is reported registered. */
ExpectIntEQ(wc_CryptoCb_RegisterDevice(getDevId, NULL, &getDevCtx), 0);
ExpectNotNull(dev = wc_CryptoCb_GetDevice(getDevId));
if (dev != NULL) {
ExpectIntEQ(dev->devId, getDevId);
ExpectNull(dev->cb);
ExpectPtrEq(dev->ctx, &getDevCtx);
}
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(getDevId), 1);
/* A different, unregistered devId is still not found. */
ExpectNull(wc_CryptoCb_GetDevice(getDevId + 1));
/* A different, unregistered devId is still not reported registered. */
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(getDevId + 1), 0);
/* Re-registering an already-registered devId is rejected. */
ExpectIntEQ(wc_CryptoCb_RegisterDevice(getDevId, NULL, &getDevCtx),
@@ -29264,25 +29263,26 @@ static int test_wc_CryptoCb(void)
ExpectIntNE(wc_CryptoCb_DefaultDevID(), INVALID_DEVID);
#endif
/* After unregistering, the device is no longer found. */
/* After unregistering, the device is no longer registered. */
wc_CryptoCb_UnRegisterDevice(getDevId);
ExpectNull(wc_CryptoCb_GetDevice(getDevId));
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(getDevId), 0);
/* Unregistering is a harmless no-op for unknown or invalid devIds. */
wc_CryptoCb_UnRegisterDevice(getDevId); /* already removed */
wc_CryptoCb_UnRegisterDevice(INVALID_DEVID); /* never a real devId */
ExpectNull(wc_CryptoCb_GetDevice(getDevId));
ExpectIntEQ(wc_CryptoCb_IsDeviceRegistered(getDevId), 0);
/* The device table is finite: once full, registration returns
* BUFFER_E. Register unique devIds until that happens, then clean up.
* The cap (256) just guards against an unexpectedly large table. */
* BUFFER_E. Registering MAX_CRYPTO_DEVID_CALLBACKS + 1 unique devIds is
* guaranteed to fill the table and hit BUFFER_E regardless of how many
* slots were already in use. Then unregister every id we tried
* (UnRegister is a no-op for the final failed attempt). */
rc = 0;
for (i = 0; rc == 0 && i < 256; i++) {
for (i = 0; rc == 0 && i <= MAX_CRYPTO_DEVID_CALLBACKS; i++) {
rc = wc_CryptoCb_RegisterDevice(0x5000 + i, NULL, NULL);
}
ExpectIntEQ(rc, WC_NO_ERR_TRACE(BUFFER_E));
/* Every id except the final failed attempt registered; unregister them. */
for (n = 0; n + 1 < i; n++) {
for (n = 0; n < i; n++) {
wc_CryptoCb_UnRegisterDevice(0x5000 + n);
}
+19 -4
View File
@@ -80,10 +80,12 @@ Crypto Callback Build Options:
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
/* TODO: Consider linked list with mutex */
#ifndef MAX_CRYPTO_DEVID_CALLBACKS
#define MAX_CRYPTO_DEVID_CALLBACKS 8
#endif
typedef struct CryptoCb {
int devId;
CryptoDevCallbackFunc cb;
void* ctx;
} CryptoCb;
static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
#ifdef WOLF_CRYPTO_CB_FIND
@@ -350,7 +352,7 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
/* Search through listed devices and return the first matching device ID
* found. */
CryptoCb* wc_CryptoCb_GetDevice(int devId)
static CryptoCb* wc_CryptoCb_GetDevice(int devId)
{
int i;
for (i = 0; i < MAX_CRYPTO_DEVID_CALLBACKS; i++) {
@@ -360,6 +362,15 @@ CryptoCb* wc_CryptoCb_GetDevice(int devId)
return NULL;
}
/* Returns 1 if the given device ID is currently registered, 0 otherwise.
* INVALID_DEVID marks free table slots, so it is never reported registered. */
int wc_CryptoCb_IsDeviceRegistered(int devId)
{
if (devId == INVALID_DEVID)
return 0;
return wc_CryptoCb_GetDevice(devId) != NULL;
}
/* Filters through find callback set when trying to get the device,
* returns the device found on success and null if not found. */
@@ -448,6 +459,10 @@ int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
int rc = 0;
CryptoCb* dev;
/* INVALID_DEVID marks a free slot and cannot be registered as a device. */
if (devId == INVALID_DEVID)
return BAD_FUNC_ARG;
/* Reject re-registration of an already-registered device ID. */
if (wc_CryptoCb_GetDevice(devId) != NULL)
return ALREADY_E;
+5 -6
View File
@@ -672,11 +672,10 @@ typedef struct wc_CryptoInfo {
typedef int (*CryptoDevCallbackFunc)(int devId, struct wc_CryptoInfo* info, void* ctx);
typedef struct CryptoCb {
int devId;
CryptoDevCallbackFunc cb;
void* ctx;
} CryptoCb;
/* Maximum number of crypto callback devices that can be registered. */
#ifndef MAX_CRYPTO_DEVID_CALLBACKS
#define MAX_CRYPTO_DEVID_CALLBACKS 8
#endif
WOLFSSL_LOCAL void wc_CryptoCb_Init(void);
WOLFSSL_LOCAL void wc_CryptoCb_Cleanup(void);
@@ -684,7 +683,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx);
WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
WOLFSSL_API int wc_CryptoCb_DefaultDevID(void);
WOLFSSL_API CryptoCb* wc_CryptoCb_GetDevice(int devId);
WOLFSSL_API int wc_CryptoCb_IsDeviceRegistered(int devId);
#ifdef WOLF_CRYPTO_CB_FIND
typedef int (*CryptoDevCallbackFind)(int devId, int algoType);