diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c index 71d51f5046..94a2960f9e 100644 --- a/IDE/MQX/client-tls.c +++ b/IDE/MQX/client-tls.c @@ -41,8 +41,8 @@ int main(int argc, char** argv) int ret; /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; @@ -72,14 +72,14 @@ int main(int argc, char** argv) if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr, sizeof(servAddr.sin_addr)) != 1) { fprintf(stderr, "ERROR: invalid address\n"); ret = -1; - goto end; + goto socket_cleanup; } /* Connect to the server */ if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) == -1) { fprintf(stderr, "ERROR: failed to connect\n"); - goto end; + goto socket_cleanup; } /*---------------------------------*/ @@ -95,7 +95,7 @@ int main(int argc, char** argv) if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } /* Load client certificates into WOLFSSL_CTX */ diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c index eed2bd668f..fb8be91fb9 100644 --- a/IDE/MQX/server-tls.c +++ b/IDE/MQX/server-tls.c @@ -35,20 +35,20 @@ int main() { - int sockfd; - int connd; + int sockfd = -1; + int connd = -1; struct sockaddr_in servAddr; struct sockaddr_in clientAddr; socklen_t size = sizeof(clientAddr); char buff[256]; size_t len; int shutdown = 0; - int ret; + int ret = 0; const char* reply = "I hear ya fa shizzle!\n"; /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; @@ -62,7 +62,8 @@ int main() * 0 means choose the default protocol. */ if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { fprintf(stderr, "ERROR: failed to create the socket\n"); - return -1; + ret = -1; + goto exit; } @@ -70,7 +71,8 @@ int main() /* Create and initialize WOLFSSL_CTX */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); - return -1; + ret = -1; + goto exit; } /* Load server certificates into WOLFSSL_CTX */ @@ -78,7 +80,8 @@ int main() != SSL_SUCCESS) { fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", CERT_FILE); - return -1; + ret = -1; + goto exit; } /* Load server key into WOLFSSL_CTX */ @@ -86,7 +89,8 @@ int main() != SSL_SUCCESS) { fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", KEY_FILE); - return -1; + ret = -1; + goto exit; } @@ -104,13 +108,15 @@ int main() /* Bind the server socket to our port */ if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { fprintf(stderr, "ERROR: failed to bind\n"); - return -1; + ret = -1; + goto exit; } /* Listen for a new connection, allow 5 pending connections */ if (listen(sockfd, 5) == -1) { fprintf(stderr, "ERROR: failed to listen\n"); - return -1; + ret = -1; + goto exit; } @@ -123,13 +129,15 @@ int main() if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { fprintf(stderr, "ERROR: failed to accept the connection\n\n"); - return -1; + ret = -1; + goto exit; } /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); - return -1; + ret = -1; + goto exit; } /* Attach wolfSSL to the socket */ @@ -140,7 +148,8 @@ int main() if (ret != SSL_SUCCESS) { fprintf(stderr, "wolfSSL_accept error = %d\n", wolfSSL_get_error(ssl, ret)); - return -1; + ret = -1; + goto exit; } @@ -152,7 +161,8 @@ int main() memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { fprintf(stderr, "ERROR: failed to read\n"); - return -1; + ret = -1; + goto exit; } /* Print to stdout any data the client sends */ @@ -174,23 +184,31 @@ int main() /* Reply back to the client */ if (wolfSSL_write(ssl, buff, len) != len) { fprintf(stderr, "ERROR: failed to write\n"); - return -1; + ret = -1; + goto exit; } /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ + ssl = NULL; close(connd); /* Close the connection to the client */ + connd = -1; } printf("Shutdown complete\n"); + ret = 0; - - - /* Cleanup and return */ - wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ - wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ - close(sockfd); /* Close the socket listening for clients */ - return 0; /* Return reporting a success */ -} +exit: + if (ssl != NULL) + wolfSSL_free(ssl); /* Free the wolfSSL object */ + if (connd != -1) + close(connd); /* Close the connection to the client */ + if (ctx != NULL) + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + if (sockfd != -1) + close(sockfd); /* Close the socket listening for clients */ + return ret; /* Return reporting success or failure */ +} diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c index c1150c9c54..90e9941e83 100644 --- a/IDE/QNX/example-client/client-tls.c +++ b/IDE/QNX/example-client/client-tls.c @@ -88,8 +88,8 @@ int main(int argc, char** argv) FILE* f; /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; /* Check for proper calling convention */ if (argc != 6) { @@ -119,14 +119,14 @@ int main(int argc, char** argv) if (inet_pton(AF_INET, argv[2], &servAddr.sin_addr) != 1) { fprintf(stderr, "ERROR: invalid address\n"); ret = -1; - goto end; + goto socket_cleanup; } /* Connect to the server */ if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) == -1) { fprintf(stderr, "ERROR: failed to connect\n"); - goto end; + goto socket_cleanup; } /*---------------------------------*/ @@ -142,7 +142,7 @@ int main(int argc, char** argv) if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } /* load cert and convert DER to PEM using dynamic length */ @@ -150,7 +150,7 @@ int main(int argc, char** argv) if (pemSz <= 0) { fprintf(stderr, "ERROR: converting DER cert to PEM\n"); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } if (wolfSSL_CTX_use_certificate_buffer(ctx, pem, pemSz, @@ -158,7 +158,7 @@ int main(int argc, char** argv) fprintf(stderr, "issue loading in pem cert\n"); ret = -1; free(pem); - goto socket_cleanup; + goto ctx_cleanup; } free(pem); @@ -167,7 +167,7 @@ int main(int argc, char** argv) if (pemSz <= 0) { fprintf(stderr, "ERROR: converting DER key to PEM\n"); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, @@ -175,7 +175,7 @@ int main(int argc, char** argv) fprintf(stderr, "issue loading in pem key\n"); ret = -1; free(pem); - goto socket_cleanup; + goto ctx_cleanup; } free(pem); @@ -184,7 +184,7 @@ int main(int argc, char** argv) if (f == NULL) { fprintf(stderr, "unable to open %s\n", argv[3]); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } fseek(f, 0, SEEK_END); pemSz = ftell(f); @@ -193,7 +193,7 @@ int main(int argc, char** argv) if (pem == NULL) { fclose(f); ret = -1; - goto socket_cleanup; + goto ctx_cleanup; } pemSz = fread(pem, 1, pemSz, f); fclose(f); diff --git a/IDE/iotsafe-raspberrypi/client-tls13.c b/IDE/iotsafe-raspberrypi/client-tls13.c index c68a9e520f..15ed1aa152 100644 --- a/IDE/iotsafe-raspberrypi/client-tls13.c +++ b/IDE/iotsafe-raspberrypi/client-tls13.c @@ -161,6 +161,7 @@ int client_loop(const char *peer_ip, const char *peer_name, /* Declare certificate temporary buffer */ uint8_t cert_buffer[2048] = {0}; uint32_t cert_buffer_size = 0; + int cert_sz = 0; uint8_t *cert_iter = NULL; /* Declare wolfSSL objects */ @@ -306,16 +307,17 @@ int client_loop(const char *peer_ip, const char *peer_name, /* Extract client certificate from IoTSAFE*/ printf("---- Extracting client certificate from IoTSAFE\n"); - if ((cert_buffer_size = wolfIoTSafe_GetCert( + cert_sz = wolfIoTSafe_GetCert( CRT_CLIENT_FILE_ID, cert_buffer, - sizeof(cert_buffer))) - < 1) + sizeof(cert_buffer)); + if (cert_sz < 1) { fprintf(stderr, "ERROR: Bad client certificate\n"); ret = -1; goto exit; } + cert_buffer_size = (uint32_t)cert_sz; /* Print extracted client certificate */ printf("---- Printing extracted client certificate\n"); @@ -332,21 +334,22 @@ int client_loop(const char *peer_ip, const char *peer_name, != WOLFSSL_SUCCESS) { fprintf(stderr, "ERROR: Failed to load client certificate\n"); - return -1; + goto exit; } /* Extract server certificate from IoTSAFE*/ printf("---- Extracting server certificate from IoTSAFE\n"); - if ((cert_buffer_size = wolfIoTSafe_GetCert( + cert_sz = wolfIoTSafe_GetCert( CRT_SERVER_FILE_ID, cert_buffer, - sizeof(cert_buffer))) - < 1) + sizeof(cert_buffer)); + if (cert_sz < 1) { fprintf(stderr, "ERROR: Bad server certificate\n"); ret = -1; goto exit; } + cert_buffer_size = (uint32_t)cert_sz; /* Print extracted server certificate */ printf("---- Printing extracted server certificate\n"); @@ -363,7 +366,7 @@ int client_loop(const char *peer_ip, const char *peer_name, != WOLFSSL_SUCCESS) { fprintf(stderr, "ERROR: Failed to load server certificate\n"); - return -1; + goto exit; } /* Set client to authenticate server */