Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

20240917-fixes #7991

Merged
merged 9 commits into from
Sep 20, 2024
16 changes: 9 additions & 7 deletions .github/workflows/packaging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,9 @@ jobs:
- name: Build wolfSSL .deb
run: make deb-docker

- name: Build wolfSSL .rpm
run: make rpm-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker

- name: Confirm packages built
run: |
Expand All @@ -47,8 +48,9 @@ jobs:
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi
10 changes: 6 additions & 4 deletions m4/ax_atomic.m4
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
[[int
main (int argc, char **argv)
{
volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
volatile unsigned long ul1 = 1;
unsigned long ul2 = 0, ul3 = 2;
__atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
__atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
__atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
__atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
__atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
volatile unsigned long long ull1 = 1;
unsigned long long ull2 = 0, ull3 = 2;
__atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
__atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
__atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
__atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
__atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
return 0;
Expand Down
2 changes: 2 additions & 0 deletions src/dtls13.c
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
byte fragmentLength[3];
} Dtls13HandshakeHeader;

static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);

/**
* struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
* record
Expand Down
4 changes: 4 additions & 0 deletions src/tls13.c
Original file line number Diff line number Diff line change
Expand Up @@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
{
int ret;
HS_Hashes* tmpHashes;
#ifdef WOLFSSL_DTLS13
byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
#else
byte falseHeader[HANDSHAKE_HEADER_SZ];
#endif

if (ssl == NULL || ech == NULL)
return BAD_FUNC_ARG;
Expand Down
99 changes: 58 additions & 41 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -532,15 +532,6 @@ int tmpDirNameSet = 0;
| Constants
*----------------------------------------------------------------------------*/

/* Test result constants and macros. */

/* Test succeeded. */
#define TEST_SUCCESS (1)
/* Test failed. */
#define TEST_FAIL (0)
/* Test skipped - not run. */
#define TEST_SKIPPED (-7777)

/* Returns the result based on whether check is true.
*
* @param [in] check Condition for success.
Expand Down Expand Up @@ -7291,7 +7282,7 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,

static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
{
EXPECT_DECLS;
EXPECT_DECLS_NO_MSGS(-2000);
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
int c_sharedCtx = 0;
int s_sharedCtx = 0;
Expand Down Expand Up @@ -7564,7 +7555,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,

static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
{
EXPECT_DECLS;
EXPECT_DECLS_NO_MSGS(-3000);
char input[1024];
int idx = 0;
const char* msg_c = "hello wolfssl!";
Expand Down Expand Up @@ -7653,7 +7644,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
test_ssl_cbf* server_cb, cbType client_on_handshake)
{
EXPECT_DECLS;
/* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
* for numerous but varied expected-to-fail scenarios that should not emit
* error messages on the expected failures. Instead, we return a distinct
* code for each failure point, allowing the caller to assert on a
* particular mode of expected failure. On success, the usual TEST_SUCCESS
* is returned.
*/
EXPECT_DECLS_NO_MSGS(-1000);
struct test_ssl_memio_ctx test_ctx;
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
size_t msg_len;
Expand All @@ -7665,8 +7663,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,

test_ctx.c_ctx = client_cb->ctx;
test_ctx.s_ctx = server_cb->ctx;
test_ctx.c_cb.return_code = TEST_FAIL;
test_ctx.s_cb.return_code = TEST_FAIL;
test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;

ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
Expand Down Expand Up @@ -9575,10 +9573,10 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
* therefore, handshake becomes failure.
*/
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_FAIL);
&server_cbf, NULL), -1001);

ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
ExpectIntEQ(client_cbf.return_code, -1000);
ExpectIntEQ(server_cbf.return_code, -1000);
ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
Expand Down Expand Up @@ -14120,7 +14118,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)

#ifndef OPENSSL_COMPATIBLE_DEFAULTS
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
#else
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_SUCCESS);
Expand Down Expand Up @@ -15009,14 +15007,20 @@ static int test_Sha512_Family_Final(int type, int isRaw)
hash_test[2] = hash3;
times = sizeof(hash_test) / sizeof(byte *);

/* Good test args. */
for (i = 0; i < times; i++) {
ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) || \
defined(WOLFSSL_NO_HASH_RAW)
if (finalFp != NULL)
#endif
{
/* Good test args. */
for (i = 0; i < times; i++) {
ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
}
/* Test bad args. */
ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
}
/* Test bad args. */
ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));

freeFp(&sha512);

Expand Down Expand Up @@ -61861,7 +61865,7 @@ static int test_wolfSSL_curves_mismatch(void)
func_cb_server.method = test_params[i].server_meth;

ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);

Expand Down Expand Up @@ -69656,10 +69660,16 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)

#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
static int clientSessRemCountMalloc = 0;
static int serverSessRemCountMalloc = 0;
static int clientSessRemCountFree = 0;
static int serverSessRemCountFree = 0;
#ifdef WOLFSSL_ATOMIC_OPS
typedef wolfSSL_Atomic_Int SessRemCounter_t;
#else
typedef int SessRemCounter_t;
#endif
static SessRemCounter_t clientSessRemCountMalloc;
static SessRemCounter_t serverSessRemCountMalloc;
static SessRemCounter_t clientSessRemCountFree;
static SessRemCounter_t serverSessRemCountFree;

static WOLFSSL_CTX* serverSessCtx = NULL;
static WOLFSSL_SESSION* serverSess = NULL;
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
Expand All @@ -69680,9 +69690,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
if (side != NULL) {
if (*side == WOLFSSL_CLIENT_END)
clientSessRemCountFree++;
(void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
else
serverSessRemCountFree++;
(void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);

SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
}
Expand Down Expand Up @@ -69719,14 +69729,14 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)

if (SSL_is_server(ssl)) {
side = &sessRemCtx_Server;
serverSessRemCountMalloc++;
(void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
ExpectNotNull(serverSess = SSL_get1_session(ssl));
ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
SSL_SUCCESS);
}
else {
side = &sessRemCtx_Client;
clientSessRemCountMalloc++;
(void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
!defined(NO_SESSION_CACHE_REF)
ExpectNotNull(clientSess = SSL_get1_session(ssl));
Expand All @@ -69750,6 +69760,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
* session object */
test_ssl_cbf func_cb;

wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);

XMEMSET(&func_cb, 0, sizeof(func_cb));
func_cb.ctx_ready = SessRemCtxSetupCb;
func_cb.on_result = SessRemSslSetupCb;
Expand Down Expand Up @@ -78615,7 +78630,7 @@ static int test_DhCallbacks(void)
func_cb_server.method = wolfTLSv1_2_server_method;

ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
#endif
return EXPECT_RESULT();
}
Expand Down Expand Up @@ -85792,7 +85807,7 @@ static int test_multiple_crls_same_issuer(void)
client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;

ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), TEST_FAIL);
&server_cbs, NULL), -1001);
}
#endif
return EXPECT_RESULT();
Expand Down Expand Up @@ -90339,7 +90354,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;

ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), TEST_FAIL);
&server_cbs, NULL), -1001);

return EXPECT_RESULT();
}
Expand Down Expand Up @@ -91146,7 +91161,7 @@ static int test_override_alt_cert_chain(void)
{test_override_alt_cert_chain_client_ctx_ready,
test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
{test_override_alt_cert_chain_client_ctx_ready2,
test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
test_override_alt_cert_chain_server_ctx_ready, -1001},
};

for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
Expand All @@ -91162,8 +91177,10 @@ static int test_override_alt_cert_chain(void)
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), params[i].result);

ExpectIntEQ(client_cbs.return_code, params[i].result);
ExpectIntEQ(server_cbs.return_code, params[i].result);
ExpectIntEQ(client_cbs.return_code,
params[i].result <= 0 ? -1000 : TEST_SUCCESS);
ExpectIntEQ(server_cbs.return_code,
params[i].result <= 0 ? -1000 : TEST_SUCCESS);
}

return EXPECT_RESULT();
Expand Down Expand Up @@ -93766,7 +93783,7 @@ static int test_revoked_loaded_int_cert(void)
client_cbf.ctx_ready = test_params[i].client_ctx_ready;

ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_FAIL);
&server_cbf, NULL), -1001);
ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));

Expand Down
Loading