Merge branch 'master' of https://github.com/lchristina26/wolfssl into leah-master

examples/client/client.c

@@ -141,6 +141,7 @@ static void Usage(void)
     printf("-m          Match domain name in cert\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-r          Resume session\n");
+    printf("-w          Wait for bidirectional shutdown\n");
 #ifdef HAVE_SECURE_RENEGOTIATION
     printf("-R          Allow Secure Renegotiation\n");
     printf("-i          Force client Initiated Secure Renegotiation\n");
@@ -207,6 +208,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    doPeerCheck = 1;
     int    nonBlocking = 0;
     int    resumeSession = 0;
+    int    shutdown      = 0;
     int    scr           = 0;    /* allow secure renegotiation */
     int    forceScr      = 0;    /* force client initiaed scr */
     int    trackMemory   = 0;
@@ -258,7 +260,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -367,6 +369,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 resumeSession = 1;
                 break;
 
+            case 'w' :
+                shutdown = 1;
+                break;
+
             case 'R' :
                 #ifdef HAVE_SECURE_RENEGOTIATION
                     scr = 1;
@@ -643,7 +649,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (wolfSSL_connect(ssl) != SSL_SUCCESS)
                 err_sys("SSL_connect failed");
 
+            if (shutdown) {     /* bidirectional shutdown if true */
+                if (!wolfSSL_shutdown(ssl))
                     wolfSSL_shutdown(ssl);
+            }
+            else {
+                wolfSSL_shutdown(ssl);
+            }
             wolfSSL_free(ssl);
             CloseSocket(sockfd);
         }
@@ -802,8 +814,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-    if (doDTLS == 0)            /* don't send alert after "break" command */
+    if (doDTLS == 0) {           /* don't send alert after "break" command */
-        wolfSSL_shutdown(ssl);  /* echoserver will interpret as new conn */
+        if (shutdown) {     /* bidirectional shutdown if true */
+            if (!wolfSSL_shutdown(ssl))  /* echoserver interprets as new conn */
+                wolfSSL_shutdown(ssl);
+        }
+        else {
+            wolfSSL_shutdown(ssl);
+        }
+    }
 #ifdef ATOMIC_USER
     if (atomicUser)
         FreeAtomicUser(ssl);
@@ -879,7 +898,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         /* try to send session break */
         wolfSSL_write(sslResume, msg, msgSz); 
 
+        if (shutdown) {     /* bidirectional shutdown if true */
+            if (!wolfSSL_shutdown(sslResume))
                 wolfSSL_shutdown(sslResume);
+        }
+        else {
+            wolfSSL_shutdown(sslResume);
+        }
         wolfSSL_free(sslResume);
         CloseSocket(sockfd);
     }

examples/server/server.c

@@ -135,6 +135,7 @@ static void Usage(void)
     printf("-r          Create server ready file, for external monitor\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-S <str>    Use Host Name Indication\n");
+    printf("-w           Wait for bidirectional shutdown\n");
 #ifdef HAVE_OCSP
     printf("-o          Perform OCSP lookup on peer certificate\n");
     printf("-O <url>    Perform OCSP lookup using <url> as responder\n");
@@ -173,6 +174,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    fewerPackets = 0;
     int    pkCallbacks  = 0;
     int    serverReadyFile = 0;
+    int    shutdown        = 0;
     char*  cipherList = NULL;
     const char* verifyCert = cliCert;
     const char* ourCert    = svrCert;
@@ -203,7 +205,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -257,6 +259,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 #endif
                 break;
 
+            case 'w' :
+                shutdown = 1;
+                break;
+
             case 'v' :
                 version = atoi(myoptarg);
                 if (version < 0 || version > 3) {
@@ -560,7 +566,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         Task_yield();
     #endif
 
+    if (shutdown) {                /* bidirectional shutdown if true */
+        if (!SSL_shutdown(ssl))
             SSL_shutdown(ssl);
+    }
+    else {
+        SSL_shutdown(ssl);
+    }
     SSL_free(ssl);
     SSL_CTX_free(ctx);
     

src/internal.c

@@ -6351,8 +6351,9 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
         WOLFSSL_MSG("    close notify");
         ssl->options.closeNotify = 1;
     }
+    if (!ssl->options.sentNotify) {
         WOLFSSL_ERROR(*type);
-
+    }
     if (ssl->keys.encryptionOn) {
         if (*inOutIdx + ssl->keys.padSz > totalSz)
             return BUFFER_E;
@@ -7750,7 +7751,9 @@ startScr:
 
     while (ssl->buffers.clearOutputBuffer.length == 0) {
         if ( (ssl->error = ProcessReply(ssl)) < 0) {
+            if (!ssl->options.sentNotify) {
                 WOLFSSL_ERROR(ssl->error);
+            }
             if (ssl->error == ZERO_RETURN) {
                 WOLFSSL_MSG("Zero return, no more data coming");
                 return 0;         /* no more data coming */

src/ssl.c

@@ -936,6 +936,17 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
             return SSL_FATAL_ERROR;
         }
         ssl->options.sentNotify = 1;  /* don't send close_notify twice */
+        WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
+        return 0;
+    }
+
+    /* call wolfSSL_shutdown again for bidirectional shudown */
+    if (ssl->options.sentNotify && !ssl->options.closeNotify) {
+        ssl->error = ReceiveData(ssl, 0, 0, 0);
+        if (ssl->error < 0) {
+            WOLFSSL_ERROR(ssl->error);
+            return SSL_FATAL_ERROR;
+        }
     }
 
     WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);

testsuite/testsuite.c

@@ -47,12 +47,7 @@ enum {
     NUMARGS = 3
 };
 
-#ifndef USE_WINDOWS_API
+static const char *outputName;
-    static const char outputName[] = "/tmp/output";
-#else
-    static const char outputName[] = "output";
-#endif
-
 
 int myoptind = 0;
 char* myoptarg = NULL;
@@ -77,6 +72,16 @@ int testsuite_test(int argc, char** argv)
     tcp_ready ready;
     THREAD_TYPE serverThread;
 
+#ifndef USE_WINDOWS_API
+    char tempName[] = "/tmp/output-XXXXXX";
+    int len = 18;
+    int num = 6;
+#else
+    char tempName[] = "fnXXXXXX";
+    int len = 8;
+    int num = 6;
+#endif
+
 #ifdef HAVE_CAVIUM
         int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
         if (ret != 0)
@@ -136,6 +141,13 @@ int testsuite_test(int argc, char** argv)
         echo_args.argc = 3;
         echo_args.argv = myArgv;
 
+        /* Create unique file name */
+        outputName = mymktemp(tempName, len, num);
+        if (outputName == NULL) {
+            printf("Could not create unique file name");
+            return EXIT_FAILURE;
+        }
+
         strcpy(echo_args.argv[0], "echoclient");
         strcpy(echo_args.argv[1], "input");
         strcpy(echo_args.argv[2], outputName);

wolfssl/test.h

@@ -10,6 +10,7 @@
 #include <cyassl/ssl.h> /* portability layer */
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/random.h>
 
 #ifdef ATOMIC_USER
     #include <wolfssl/wolfcrypt/aes.h>
@@ -17,7 +18,6 @@
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 #ifdef HAVE_PK_CALLBACKS
-    #include <wolfssl/wolfcrypt/random.h>
     #include <wolfssl/wolfcrypt/asn.h>
     #ifdef HAVE_ECC
         #include <wolfssl/wolfcrypt/ecc.h>
@@ -1791,5 +1791,44 @@ static INLINE char* strsep(char **stringp, const char *delim)
 
 #endif /* __hpux__ */
 
+/* Create unique filename, len is length of tempfn name, assuming
+   len does not include null terminating character,
+   num is number of characters in tempfn name to randomize */
+static INLINE const char* mymktemp(char *tempfn, int len, int num)
+{
+    int x, size;
+    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                   "abcdefghijklmnopqrstuvwxyz";
+    RNG rng;
+    int out;
+
+    if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
+        printf("Bad input\n");
+        return NULL;
+    }
+
+    size = len - 1;
+
+    if (wc_InitRng(&rng) != 0) {
+        printf("InitRng failed\n");
+        return NULL;
+    }
+
+    for (x = size; x > size - num; x--) {
+        if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
+            printf("RNG_GenerateBlock failed\n");
+            return NULL;
+        }
+        tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
+    }
+    tempfn[len] = '\0';
+
+#if defined(HAVE_HASHDRBG)
+    wc_FreeRng(&rng);
+#endif
+
+    return tempfn;
+}
+
 #endif /* wolfSSL_TEST_H */