wolfSSL · dgarske · May 16, 2024 · Mar 20, 2024 · Apr 18, 2024 · May 9, 2024
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
@@ -0,0 +1,103 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+ push:
+ branches: [ 'master', 'main', 'release/**' ]
+ pull_request:
+ branches: [ '*' ]
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+ build_wolfssl:
+ name: Build wolfSSL
+ # Just to keep it the same as the testing target
+ runs-on: ubuntu-latest
+ # This should be a safe limit for the tests to run.
+ timeout-minutes: 10
+ steps:
+ - name: Build wolfSSL
+ uses: wolfSSL/actions-build-autotools-project@v1
+ with:
+ path: wolfssl
+ configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+ install: true
+
+ - name: Upload built lib
+ uses: actions/upload-artifact@v4
+ with:
+ name: wolf-install-grpc
+ path: build-dir
+ retention-days: 5
+
+ grpc_check:
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - ref: v1.60.0
+ tests: >-
+ bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+ crl_ssl_transport_security_test server_ssl_test
+ ssl_transport_security_test ssl_transport_security_utils_test
+ test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+ h2_ssl_cert_test h2_ssl_session_reuse_test
+ name: ${{ matrix.ref }}
+ runs-on: ubuntu-latest
+ # This should be a safe limit for the tests to run.
+ timeout-minutes: 60
+ needs: build_wolfssl
+ steps:
+ - name: Confirm IPv4 and IPv6 support
+ run: |
+ ip addr list lo | grep 'inet '
+ ip addr list lo | grep 'inet6 '
+
+ - name: Install prereqs
+ run:
+ sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+ - name: Download lib
+ uses: actions/download-artifact@v4
+ with:
+ name: wolf-install-grpc
+ path: build-dir
+
+ - name: Checkout OSP
+ uses: actions/checkout@v4
+ with:
+ # TODO point to wolf repo once merged
+ repository: julek-wolfssl/osp
+ path: osp
+ ref: grpc-update
+
+ - name: Checkout grpc
+ uses: actions/checkout@v4
+ with:
+ repository: grpc/grpc
+ path: grpc
+ ref: ${{ matrix.ref }}
+
+ - name: Build grpc
+ working-directory: ./grpc
+ run: |
+ patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+ git submodule update --init
+ mkdir cmake/build
+ cd cmake/build
+ cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+ -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+ make -j $(nproc) ${{ matrix.tests }}
+
+ - name: Run grpc tests
+ working-directory: ./grpc
+ run: |
+ export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+ ./tools/run_tests/start_port_server.py
+ for t in ${{ matrix.tests }} ; do
+ ./cmake/build/$t
+ done
diff --git a/src/bio.c b/src/bio.c
@@ -77,6 +77,8 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
  if (buf == NULL || len == 0)
  return 0;
 
+ /* default no retry */
+ bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY);
  sz1 = wolfSSL_BIO_nread(bio, &pt, len);
  if (sz1 > 0) {
  XMEMCPY(buf, pt, sz1);
@@ -91,8 +93,10 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
  }
  }
  }
- if (sz1 == 0)
+ if (sz1 == 0) {
+ bio->flags |= WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY;
  sz1 = -1;
+ }
 
  return sz1;
 }
@@ -502,8 +506,11 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
  if (bio == NULL || data == NULL || len == 0)
  return 0;
 
+ /* default no retry */
+ bio->flags &= ~(WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY);
  sz1 = wolfSSL_BIO_nwrite(bio, &buf, len);
  if (sz1 == 0) {
+ bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
  WOLFSSL_MSG("No room left to write");
  return WOLFSSL_BIO_ERROR;
  }
@@ -521,6 +528,8 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
  if (sz2 > 0) {
  XMEMCPY(buf, data, sz2);
  sz1 += sz2;
+ if (len > sz2)
+ bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
  }
  }
 

diff --git a/src/crl.c b/src/crl.c
@@ -504,7 +504,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
  /* and try again checking Cert in the CRL list. */
  /* When not set the folder or not use hash_dir, do nothing. */
  if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) {
- if (crl->cm->x509_store_p != NULL) {
+ if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
  ret = LoadCertByIssuer(crl->cm->x509_store_p,
  (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
  if (ret == WOLFSSL_SUCCESS) {
@@ -521,7 +521,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
  ret = CRL_MISSING;
  }
 
- if (crl->cm->cbMissingCRL) {
+ if (crl->cm != NULL && crl->cm->cbMissingCRL) {
  char url[256];
 
  WOLFSSL_MSG("Issuing missing CRL callback");
@@ -685,8 +685,8 @@ static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm)
 {
  WOLFSSL_X509_CRL* ret;
 
- ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap,
-   DYNAMIC_TYPE_CRL);
+ ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL),
+ cm != NULL ? cm->heap : NULL, DYNAMIC_TYPE_CRL);
  if (ret != NULL) {
  if (InitCRL(ret, cm) < 0) {
  WOLFSSL_MSG("Unable to initialize new CRL structure");
@@ -885,6 +885,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
  return 0;
 }
 
+WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl)
+{
+ WOLFSSL_X509_CRL* ret;
+
+ WOLFSSL_ENTER("wolfSSL_X509_CRL_dup");
+
+ ret = wolfSSL_X509_crl_new(crl->cm);
+ if (ret != NULL && DupX509_CRL(ret, crl) != 0) {
+ FreeCRL(ret, 1);
+ ret = NULL;
+ }
+ return ret;
+}
+
 /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */
 int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
 {