Merge pull request #7991 from douzzer/20240917-fixes

20240917-fixes
wolfSSL · Sep 20, 2024 · 8768c55 · 8768c55
2 parents b990840 + 5be198f
commit 8768c55
Show file tree

Hide file tree

Showing 14 changed files with 232 additions and 108 deletions.
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
@@ -37,8 +37,9 @@ jobs:
  - name: Build wolfSSL .deb
  run: make deb-docker
 
- - name: Build wolfSSL .rpm
- run: make rpm-docker
+# disabled 20240919 -- broken target.
+# - name: Build wolfSSL .rpm
+# run: make rpm-docker
 
  - name: Confirm packages built
  run: |
@@ -47,8 +48,9 @@ jobs:
  echo Did not find exactly two deb packages!!!
  exit 1
  fi
- RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
- if [ "$RPM_COUNT" != "4" ]; then
- echo Did not find exactly four rpm packages!!!
- exit 1
- fi
+# disabled 20240919 -- broken target.
+# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+# if [ "$RPM_COUNT" != "4" ]; then
+# echo Did not find exactly four rpm packages!!!
+# exit 1
+# fi
diff --git a/m4/ax_atomic.m4 b/m4/ax_atomic.m4
@@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
  [[int
  main (int argc, char **argv)
  {
- volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
+ volatile unsigned long ul1 = 1;
+ unsigned long ul2 = 0, ul3 = 2;
  __atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
  __atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
  __atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
- __atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
+ __atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
  __atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
  __atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
- volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
+ volatile unsigned long long ull1 = 1;
+ unsigned long long ull2 = 0, ull3 = 2;
  __atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
  __atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
  __atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
- __atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
+ __atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
  __atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
  __atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
  return 0;

diff --git a/src/dtls13.c b/src/dtls13.c
@@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
  byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
+static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
  * record

diff --git a/src/tls13.c b/src/tls13.c
@@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
 {
  int ret;
  HS_Hashes* tmpHashes;
+#ifdef WOLFSSL_DTLS13
+ byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
+#else
  byte falseHeader[HANDSHAKE_HEADER_SZ];
+#endif
 
  if (ssl == NULL || ech == NULL)
  return BAD_FUNC_ARG;

diff --git a/tests/api.c b/tests/api.c
@@ -532,15 +532,6 @@ int tmpDirNameSet = 0;
  | Constants
  *----------------------------------------------------------------------------*/
 
-/* Test result constants and macros. */
-
-/* Test succeeded. */
-#define TEST_SUCCESS (1)
-/* Test failed. */
-#define TEST_FAIL (0)
-/* Test skipped - not run. */
-#define TEST_SKIPPED (-7777)
-
 /* Returns the result based on whether check is true.
  *
  * @param [in] check Condition for success.
@@ -7291,7 +7282,7 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
 
 static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 {
- EXPECT_DECLS;
+ EXPECT_DECLS_NO_MSGS(-2000);
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  int c_sharedCtx = 0;
  int s_sharedCtx = 0;
@@ -7564,7 +7555,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
 
 static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
 {
- EXPECT_DECLS;
+ EXPECT_DECLS_NO_MSGS(-3000);
  char input[1024];
  int idx = 0;
  const char* msg_c = "hello wolfssl!";
@@ -7653,7 +7644,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
 int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
  test_ssl_cbf* server_cb, cbType client_on_handshake)
 {
- EXPECT_DECLS;
+ /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
+ * for numerous but varied expected-to-fail scenarios that should not emit
+ * error messages on the expected failures. Instead, we return a distinct
+ * code for each failure point, allowing the caller to assert on a
+ * particular mode of expected failure. On success, the usual TEST_SUCCESS
+ * is returned.
+ */
+ EXPECT_DECLS_NO_MSGS(-1000);
  struct test_ssl_memio_ctx test_ctx;
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
  size_t msg_len;
@@ -7665,8 +7663,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 
  test_ctx.c_ctx = client_cb->ctx;
  test_ctx.s_ctx = server_cb->ctx;
- test_ctx.c_cb.return_code = TEST_FAIL;
- test_ctx.s_cb.return_code = TEST_FAIL;
+ test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
+ test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
 
  ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
  ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
@@ -9575,10 +9573,10 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
  * therefore, handshake becomes failure.
  */
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_FAIL);
+ &server_cbf, NULL), -1001);
 
- ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
- ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
+ ExpectIntEQ(client_cbf.return_code, -1000);
+ ExpectIntEQ(server_cbf.return_code, -1000);
  ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
  ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
@@ -14120,7 +14118,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)
 
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_FAIL);
+ &func_cb_server, NULL), -1001);
 #else
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
  &func_cb_server, NULL), TEST_SUCCESS);
@@ -15009,14 +15007,20 @@ static int test_Sha512_Family_Final(int type, int isRaw)
  hash_test[2] = hash3;
  times = sizeof(hash_test) / sizeof(byte *);
 
- /* Good test args. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
+#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) || \
+ defined(WOLFSSL_NO_HASH_RAW)
+ if (finalFp != NULL)
+#endif
+ {
+ /* Good test args. */
+ for (i = 0; i < times; i++) {
+ ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
+ }
+ /* Test bad args. */
+ ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+ ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+ ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
  }
- /* Test bad args. */
- ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
- ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
- ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
  freeFp(&sha512);
 
@@ -61861,7 +61865,7 @@ static int test_wolfSSL_curves_mismatch(void)
  func_cb_server.method = test_params[i].server_meth;
 
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_FAIL);
+ &func_cb_server, NULL), -1001);
  ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
  ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);
 
@@ -69656,10 +69660,16 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
  defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
-static int clientSessRemCountMalloc = 0;
-static int serverSessRemCountMalloc = 0;
-static int clientSessRemCountFree = 0;
-static int serverSessRemCountFree = 0;
+#ifdef WOLFSSL_ATOMIC_OPS
+ typedef wolfSSL_Atomic_Int SessRemCounter_t;
+#else
+ typedef int SessRemCounter_t;
+#endif
+static SessRemCounter_t clientSessRemCountMalloc;
+static SessRemCounter_t serverSessRemCountMalloc;
+static SessRemCounter_t clientSessRemCountFree;
+static SessRemCounter_t serverSessRemCountFree;
+
 static WOLFSSL_CTX* serverSessCtx = NULL;
 static WOLFSSL_SESSION* serverSess = NULL;
 #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@@ -69680,9 +69690,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
  side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
  if (side != NULL) {
  if (*side == WOLFSSL_CLIENT_END)
- clientSessRemCountFree++;
+ (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
  else
- serverSessRemCountFree++;
+ (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);
 
  SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
  }
@@ -69719,14 +69729,14 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
 
  if (SSL_is_server(ssl)) {
  side = &sessRemCtx_Server;
- serverSessRemCountMalloc++;
+ (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
  ExpectNotNull(serverSess = SSL_get1_session(ssl));
  ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
  SSL_SUCCESS);
  }
  else {
  side = &sessRemCtx_Client;
- clientSessRemCountMalloc++;
+ (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
  #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
  !defined(NO_SESSION_CACHE_REF)
  ExpectNotNull(clientSess = SSL_get1_session(ssl));
@@ -69750,6 +69760,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
  * session object */
  test_ssl_cbf func_cb;
 
+ wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
+ wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
+ wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
+ wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);
+
  XMEMSET(&func_cb, 0, sizeof(func_cb));
  func_cb.ctx_ready = SessRemCtxSetupCb;
  func_cb.on_result = SessRemSslSetupCb;
@@ -78615,7 +78630,7 @@ static int test_DhCallbacks(void)
  func_cb_server.method = wolfTLSv1_2_server_method;
 
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_FAIL);
+ &func_cb_server, NULL), -1001);
 #endif
  return EXPECT_RESULT();
 }
@@ -85792,7 +85807,7 @@ static int test_multiple_crls_same_issuer(void)
  client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
 
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_FAIL);
+ &server_cbs, NULL), -1001);
  }
 #endif
  return EXPECT_RESULT();
@@ -90339,7 +90354,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
  server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
 
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_FAIL);
+ &server_cbs, NULL), -1001);
 
  return EXPECT_RESULT();
 }
@@ -91146,7 +91161,7 @@ static int test_override_alt_cert_chain(void)
  {test_override_alt_cert_chain_client_ctx_ready,
  test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
  {test_override_alt_cert_chain_client_ctx_ready2,
- test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
+ test_override_alt_cert_chain_server_ctx_ready, -1001},
  };
 
  for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
@@ -91162,8 +91177,10 @@ static int test_override_alt_cert_chain(void)
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
  &server_cbs, NULL), params[i].result);
 
- ExpectIntEQ(client_cbs.return_code, params[i].result);
- ExpectIntEQ(server_cbs.return_code, params[i].result);
+ ExpectIntEQ(client_cbs.return_code,
+ params[i].result <= 0 ? -1000 : TEST_SUCCESS);
+ ExpectIntEQ(server_cbs.return_code,
+ params[i].result <= 0 ? -1000 : TEST_SUCCESS);
  }
 
  return EXPECT_RESULT();
@@ -93766,7 +93783,7 @@ static int test_revoked_loaded_int_cert(void)
  client_cbf.ctx_ready = test_params[i].client_ctx_ready;
 
  ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_FAIL);
+ &server_cbf, NULL), -1001);
  ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
  ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));