diff --git a/configure.ac b/configure.ac index fd3e5fa9b..e193038f5 100644 --- a/configure.ac +++ b/configure.ac @@ -8816,7 +8816,7 @@ rm cyassl/options.h.bak if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no" then SAVE_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS -I. -I$srcdir" + CFLAGS="$CFLAGS $DEFS -I. -I$srcdir" if test "$ENABLED_INTEL_QA" = "yes" then CFLAGS="$CFLAGS $QAT_FLAGS" diff --git a/examples/client/client.c b/examples/client/client.c index 2eb36b9d7..bd2b14873 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -138,6 +138,15 @@ static int lng_index = 0; #endif +static int quieter = 0; /* Print fewer messages. This is helpful with overly + * ambitious log parsers. */ + +#define LOG_ERROR(...) \ + do { \ + if (!quieter) \ + fprintf(stderr, __VA_ARGS__); \ + } while(0) + #ifdef HAVE_SESSION_TICKET #ifndef SESSION_TICKET_LEN @@ -435,7 +444,7 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg, } } while (err == WC_PENDING_E); if (ret != msgSz) { - fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err, + LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; @@ -455,7 +464,7 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg, } } while (err == WC_PENDING_E); if (ret != msgSz) { - fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err, + LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -723,7 +732,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, } } while (err == WC_PENDING_E); if (ret != len) { - fprintf(stderr, "SSL_write bench error %d!\n", err); + LOG_ERROR("SSL_write bench error %d!\n", err); if (!exitWithRet) err_sys("SSL_write failed"); goto doExit; @@ -749,7 +758,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, #endif if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE) { - fprintf(stderr, "SSL_read bench error %d\n", err); + LOG_ERROR("SSL_read bench error %d\n", err); err_sys("SSL_read failed"); } } @@ -943,7 +952,7 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) printf("Bidirectional shutdown complete\n"); } if (ret != WOLFSSL_SUCCESS) - fprintf(stderr, "Bidirectional shutdown failed\n"); + LOG_ERROR("Bidirectional shutdown failed\n"); } return WOLFSSL_SUCCESS; @@ -974,7 +983,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str ); if (ret != msgSz) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - fprintf(stderr, "SSL_write%s msg error %d, %s\n", str, err, + LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err, wolfSSL_ERR_error_string(err, buffer)); if (!exitWithRet) { err_sys("SSL_write failed"); @@ -1005,7 +1014,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, #endif if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) { - fprintf(stderr, "SSL_read reply error %d, %s\n", err, + LOG_ERROR("SSL_read reply error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); if (!exitWithRet) { err_sys("SSL_read failed"); @@ -1021,7 +1030,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, || err == WOLFSSL_ERROR_WANT_WRITE)) { elapsed = current_time(0) - start; if (elapsed > MAX_NON_BLOCK_SEC) { - fprintf(stderr, "Nonblocking read timeout\n"); + LOG_ERROR("Nonblocking read timeout\n"); ret = WOLFSSL_FATAL_ERROR; break; } @@ -1505,12 +1514,12 @@ static void showPeerPEM(WOLFSSL* ssl) if (peer) { WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); if (bioOut == NULL) { - fprintf(stderr, "failed to get bio on stdout\n"); + LOG_ERROR("failed to get bio on stdout\n"); } else { if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { - fprintf(stderr, "failed to set stdout to bio output\n"); + LOG_ERROR("failed to set stdout to bio output\n"); wolfSSL_BIO_free(bioOut); bioOut = NULL; } @@ -1751,7 +1760,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args) ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, &srtp_secret_length); if (ret != LENGTH_ONLY_E) { - fprintf(stderr, "DTLS SRTP: Error getting keying material length\n"); + LOG_ERROR("DTLS SRTP: Error getting keying material length\n"); return ret; } @@ -1765,7 +1774,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args) &srtp_secret_length); if (ret != WOLFSSL_SUCCESS) { XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); - fprintf(stderr, "DTLS SRTP: Error getting keying material\n"); + LOG_ERROR("DTLS SRTP: Error getting keying material\n"); return ret; } @@ -1862,6 +1871,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef NO_PSK { "openssl-psk", 0, 265 }, #endif + { "quieter", 0, 266 }, { 0, 0, 0 } }; #endif @@ -2597,7 +2607,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) nonBlocking = 1; simulateWantWrite = 1; #else - fprintf(stderr, "Ignoring -6 since async I/O support not " + LOG_ERROR("Ignoring -6 since async I/O support not " "compiled in.\n"); #endif break; @@ -2696,6 +2706,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) opensslPsk = 1; #endif break; + case 266: + quieter = 1; + break; default: Usage(); XEXIT_T(MY_EX_USAGE); @@ -2780,7 +2793,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif if (done) { - fprintf(stderr, "external test can't be run in this mode\n"); + LOG_ERROR("external test can't be run in this mode\n"); ((func_args*)args)->return_code = 0; XEXIT_T(EXIT_SUCCESS); @@ -2818,7 +2831,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef HAVE_SESSION_TICKET if ((version >= 4) && resumeSession) { - fprintf(stderr, "Can't do TLS 1.3 resumption; need session tickets!\n"); + LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n"); } #endif @@ -2831,7 +2844,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (usePqc) { if (version == CLIENT_DOWNGRADE_VERSION || version == EITHER_DOWNGRADE_VERSION) - fprintf(stderr, + LOG_ERROR( "WARNING: If a TLS 1.3 connection is not negotiated, you " "will not be using a post-quantum group.\n"); else if (version != 4 && version != -4) @@ -2928,11 +2941,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef DEBUG_WOLFSSL /* print off helper buffer sizes for use with static memory * printing to stderr in case of debug mode turned on */ - fprintf(stderr, "static memory management size = %d\n", + LOG_ERROR("static memory management size = %d\n", wolfSSL_MemoryPaddingSz()); - fprintf(stderr, "calculated optimum general buffer size = %d\n", + LOG_ERROR("calculated optimum general buffer size = %d\n", wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); - fprintf(stderr, "calculated optimum IO buffer size = %d\n", + LOG_ERROR("calculated optimum IO buffer size = %d\n", wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), WOLFMEM_IO_POOL_FIXED)); #endif /* DEBUG_WOLFSSL */ @@ -3331,7 +3344,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevOpen(&devId); if (ret < 0) { - fprintf(stderr, "Async device open failed\nRunning without async\n"); + LOG_ERROR("Async device open failed\nRunning without async\n"); } wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -3469,7 +3482,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) - fprintf(stderr, "Before creating SSL\n"); + LOG_ERROR("Before creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys("ctx not using static memory"); if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ @@ -3560,7 +3573,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) - fprintf(stderr, "After creating SSL\n"); + LOG_ERROR("After creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys("ctx not using static memory"); if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ @@ -3796,7 +3809,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); - fprintf(stderr, "wolfSSL_connect error %d, %s\n", err, + LOG_ERROR("wolfSSL_connect error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); /* cleanup */ @@ -4052,7 +4065,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); - fprintf(stderr, "wolfSSL_Rehandshake error %d, %s\n", err, + LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; @@ -4061,7 +4074,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } } else { - fprintf(stderr, "not doing secure resumption with non-blocking"); + LOG_ERROR("not doing secure resumption with non-blocking"); } } else { if (!resumeScr) { @@ -4243,12 +4256,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; } else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { - fprintf(stderr, "Bidirectional shutdown failed\n"); + LOG_ERROR("Bidirectional shutdown failed\n"); break; } } if (ret != WOLFSSL_SUCCESS) - fprintf(stderr, "Bidirectional shutdown failed\n"); + LOG_ERROR("Bidirectional shutdown failed\n"); } #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) if (atomicUser) @@ -4260,8 +4273,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) err_sys("static memory was not used with ssl"); - fprintf(stderr, "\nprint off SSL memory stats\n"); - fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n"); + LOG_ERROR("\nprint off SSL memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is called\n"); wolfSSL_PrintStatsConn(&ssl_stats); #endif @@ -4384,7 +4397,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */ #endif if (ret != WOLFSSL_SUCCESS) { - fprintf(stderr, "wolfSSL_connect resume error %d, %s\n", err, + LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; @@ -4397,7 +4410,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_session_reused(sslResume)) printf("reused session id\n"); else - fprintf(stderr, "didn't reuse session id!!!\n"); + LOG_ERROR("didn't reuse session id!!!\n"); #ifdef HAVE_ALPN if (alpnList != NULL) { @@ -4432,7 +4445,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("Beginning secure renegotiation.\n"); if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(sslResume, 0); - fprintf(stderr, "err = %d, %s\n", err, + LOG_ERROR("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; @@ -4446,7 +4459,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("Beginning secure resumption.\n"); if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(sslResume, 0); - fprintf(stderr, "err = %d, %s\n", err, + LOG_ERROR("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(sslResume); sslResume = NULL; wolfSSL_CTX_free(ctx); ctx = NULL; @@ -4483,8 +4496,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1) err_sys("static memory was not used with ssl"); - fprintf(stderr, "\nprint off SSLresume memory stats\n"); - fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n"); + LOG_ERROR("\nprint off SSLresume memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is called\n"); wolfSSL_PrintStatsConn(&ssl_stats); #endif @@ -4503,7 +4516,7 @@ exit: wolfsentry_ret = wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL)); if (wolfsentry_ret < 0) { - fprintf(stderr, + LOG_ERROR( "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret)); } diff --git a/examples/server/server.c b/examples/server/server.c index bceeca1db..6d05e4779 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -148,8 +148,16 @@ int catastrophic = 0; /* Use with -x flag to still exit when an error is * cert to send to clients attempting to connect. The * server should error out completely in that case */ +static int quieter = 0; /* Print fewer messages. This is helpful with overly + * ambitious log parsers. */ static int lng_index = 0; +#define LOG_ERROR(...) \ + do { \ + if (!quieter) \ + fprintf(stderr, __VA_ARGS__); \ + } while(0) + #ifdef WOLFSSL_CALLBACKS #if !defined(NO_OLD_TIMEVAL_NAME) Timeval srvTo; @@ -186,8 +194,8 @@ static int lng_index = 0; static void err_sys_ex(int out, const char* msg) { if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */ - fprintf(stderr, "wolfSSL error: %s\n", msg); - fprintf(stderr, "Continuing server execution...\n\n"); + LOG_ERROR("wolfSSL error: %s\n", msg); + LOG_ERROR("Continuing server execution...\n\n"); } else { err_sys(msg); } @@ -448,7 +456,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, err != WOLFSSL_ERROR_WANT_WRITE && err != WOLFSSL_ERROR_ZERO_RETURN && err != APP_DATA_READY) { - fprintf(stderr, "SSL_read echo error %d\n", err); + LOG_ERROR("SSL_read echo error %d\n", err); err_sys_ex(runWithErrors, "SSL_read failed"); break; } @@ -483,7 +491,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, } } while (err == WC_PENDING_E); if (ret != (int)min(len, rx_pos)) { - fprintf(stderr, "SSL_write echo error %d\n", err); + LOG_ERROR("SSL_write echo error %d\n", err); err_sys_ex(runWithErrors, "SSL_write failed"); } @@ -557,7 +565,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) #endif #ifdef WOLFSSL_DTLS if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) { - fprintf(stderr, "Dropped client's message due to a bad MAC\n"); + LOG_ERROR("Dropped client's message due to a bad MAC\n"); } else #endif @@ -568,7 +576,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) && err != APP_DATA_READY #endif ) { - fprintf(stderr, "SSL_read input error %d, %s\n", err, + LOG_ERROR("SSL_read input error %d, %s\n", err, ERR_error_string(err, buffer)); err_sys_ex(runWithErrors, "SSL_read failed"); } @@ -641,7 +649,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE); if (ret != outputLen) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - fprintf(stderr, "SSL_write msg error %d, %s\n", err, + LOG_ERROR("SSL_write msg error %d, %s\n", err, ERR_error_string(err, buffer)); err_sys_ex(runWithErrors, "SSL_write failed"); } @@ -1328,7 +1336,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args) ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, &srtp_secret_length); if (ret != LENGTH_ONLY_E) { - fprintf(stderr, "DTLS SRTP: Error getting key material length\n"); + LOG_ERROR("DTLS SRTP: Error getting key material length\n"); return ret; } @@ -1342,7 +1350,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args) &srtp_secret_length); if (ret != WOLFSSL_SUCCESS) { XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); - fprintf(stderr, "DTLS SRTP: Error getting key material\n"); + LOG_ERROR("DTLS SRTP: Error getting key material\n"); return ret; } @@ -1413,6 +1421,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef HAVE_CRL {"crl-dir", 1, 265}, #endif + {"quieter", 0, 266}, { 0, 0, 0 } }; #endif @@ -2113,7 +2122,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) nonBlocking = 1; simulateWantWrite = 1; #else - fprintf(stderr, "Ignoring -6 since async I/O support not " + LOG_ERROR("Ignoring -6 since async I/O support not " "compiled in.\n"); #endif break; @@ -2258,9 +2267,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (force_curve_group_id <= 0) { if (lng_index == 1) { /* TODO: Need Japanese translation */ - fprintf(stderr, "Invalid curve '%s'\n", myoptarg); + LOG_ERROR("Invalid curve '%s'\n", myoptarg); } else { - fprintf(stderr, "Invalid curve '%s'\n", myoptarg); + LOG_ERROR("Invalid curve '%s'\n", myoptarg); } XEXIT_T(EXIT_FAILURE); } @@ -2293,6 +2302,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif break; + case 266: + quieter = 1; + break; + + case -1: default: Usage(); XEXIT_T(MY_EX_USAGE); @@ -2338,7 +2352,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifndef HAVE_SESSION_TICKET if ((version >= 4) && resume) { - fprintf(stderr, "Can't do TLS 1.3 resumption; need session tickets!\n"); + LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n"); } #endif @@ -2352,7 +2366,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (usePqc) { if (version == SERVER_DOWNGRADE_VERSION || version == EITHER_DOWNGRADE_VERSION) { - fprintf(stderr, + LOG_ERROR( "WARNING: If a TLS 1.3 connection is not negotiated, you " "will not be using a post-quantum group.\n"); } else if (version != 4 && version != -4) { @@ -2449,11 +2463,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef DEBUG_WOLFSSL /* print off helper buffer sizes for use with static memory * printing to stderr in case of debug mode turned on */ - fprintf(stderr, "static memory management size = %d\n", + LOG_ERROR("static memory management size = %d\n", wolfSSL_MemoryPaddingSz()); - fprintf(stderr, "calculated optimum general buffer size = %d\n", + LOG_ERROR("calculated optimum general buffer size = %d\n", wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); - fprintf(stderr, "calculated optimum IO buffer size = %d\n", + LOG_ERROR("calculated optimum IO buffer size = %d\n", wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), WOLFMEM_IO_POOL_FIXED)); #endif /* DEBUG_WOLFSSL */ @@ -2834,7 +2848,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevOpen(&devId); if (ret < 0) { - fprintf(stderr, "Async device open failed\nRunning without async\n"); + LOG_ERROR("Async device open failed\nRunning without async\n"); } wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -2857,6 +2871,30 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) wolfSSL_CTX_NoTicketTLSv12(ctx); #endif #endif +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + if (!disableCRL) { + /* Need to load CA's to confirm CRL signatures */ + unsigned int verify_flags = 0; +#ifdef TEST_BEFORE_DATE + verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; +#endif + if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, + verify_flags) != WOLFSSL_SUCCESS) { + err_sys_ex(catastrophic, + "can't load ca file, Please run from wolfSSL home dir"); + } +#ifdef HAVE_CRL_MONITOR + crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON; +#endif + if (wolfSSL_CTX_EnableCRL(ctx, 0) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to enable CRL"); + if (wolfSSL_CTX_LoadCRL(ctx, crlDir != NULL ? crlDir : crlPemDir, + WOLFSSL_FILETYPE_PEM, crlFlags) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to load CRL"); + if (wolfSSL_CTX_SetCRL_Cb(ctx, CRL_CallBack) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to set CRL callback url"); + } +#endif while (1) { @@ -2876,7 +2914,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } } #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) - fprintf(stderr, "Before creating SSL\n"); + LOG_ERROR("Before creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys_ex(runWithErrors, "ctx not using static memory"); if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ @@ -2965,7 +3003,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) - fprintf(stderr, "After creating SSL\n"); + LOG_ERROR("After creating SSL\n"); if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) err_sys_ex(runWithErrors, "ctx not using static memory"); if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ @@ -3033,20 +3071,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifndef NO_HANDSHAKE_DONE_CB wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); #endif -#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) - if (!disableCRL) { -#ifdef HAVE_CRL_MONITOR - crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON; -#endif - if (wolfSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "unable to enable CRL"); - if (wolfSSL_LoadCRL(ssl, crlDir != NULL ? crlDir : crlPemDir, - WOLFSSL_FILETYPE_PEM, crlFlags) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "unable to load CRL"); - if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "unable to set CRL callback url"); - } -#endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { @@ -3357,8 +3381,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif if (ret != WOLFSSL_SUCCESS) { err = SSL_get_error(ssl, 0); - fprintf(stderr, "SSL_accept error %d, %s\n", err, - ERR_error_string(err, buffer)); + LOG_ERROR("SSL_accept error %d, %s\n", err, + ERR_error_string(err, buffer)); if (!exitWithRet) { err_sys_ex(runWithErrors, "SSL_accept failed"); } else { @@ -3571,7 +3595,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); - fprintf(stderr, + LOG_ERROR( "wolfSSL_Rehandshake error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); wolfSSL_free(ssl); ssl = NULL; @@ -3631,10 +3655,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) if (sendTicket) { if (wolfSSL_send_SessionTicket(ssl) != WOLFSSL_SUCCESS) { - fprintf(stderr, "Sending new session ticket failed\n"); + LOG_ERROR("Sending new session ticket failed\n"); } else { - fprintf(stderr, "New session ticket sent\n"); + LOG_ERROR("New session ticket sent\n"); } } #endif @@ -3703,12 +3727,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; } else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { - fprintf(stderr, "Bidirectional shutdown failed\n"); + LOG_ERROR("Bidirectional shutdown failed\n"); break; } } if (ret != WOLFSSL_SUCCESS) - fprintf(stderr, "Bidirectional shutdown failed\n"); + LOG_ERROR("Bidirectional shutdown failed\n"); } /* display collected statistics */ @@ -3716,8 +3740,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) err_sys_ex(runWithErrors, "static memory was not used with ssl"); - fprintf(stderr, "\nprint off SSL memory stats\n"); - fprintf(stderr, "*** This is memory state before wolfSSL_free is " + LOG_ERROR("\nprint off SSL memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is " "called\n"); wolfSSL_PrintStatsConn(&ssl_stats); @@ -3757,7 +3781,7 @@ exit: wolfsentry_ret = wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL)); if (wolfsentry_ret < 0) { - fprintf(stderr, + LOG_ERROR( "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret)); } diff --git a/src/crl.c b/src/crl.c index 02a347360..6fd82c986 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1342,7 +1342,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) #define DM_ERROR() do { status = MONITOR_SETUP_E; goto cleanup; } while(0) /* windows monitoring - * Tested initially by hand by running + * Tested initially by hand by running * .\server.exe -A certs/ca-cert.pem -i -x * and connecting to with * .\client.exe -C -c certs/server-cert.pem -k certs/server-key.pem @@ -1492,23 +1492,6 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) return ret; } - -#else /* HAVE_CRL_MONITOR */ - -#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - -static int StartMonitorCRL(WOLFSSL_CRL* crl) -{ - (void)crl; - - WOLFSSL_ENTER("StartMonitorCRL"); - WOLFSSL_MSG("Not compiled in"); - - return NOT_COMPILED_IN; -} - -#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ - #endif /* HAVE_CRL_MONITOR */ #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) diff --git a/src/internal.c b/src/internal.c index 9d3cf0117..fdb381798 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13805,6 +13805,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* CA already verified above in ParseCertRelative */ WOLFSSL_MSG("Adding CA from chain"); + SSL_CM_WARNING(ssl); ret = AddCA(SSL_CM(ssl), &add, WOLFSSL_CHAIN_CA, NO_VERIFY); if (ret == WOLFSSL_SUCCESS) { diff --git a/src/ssl.c b/src/ssl.c index bf2bd820f..55827657a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7441,8 +7441,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* add trusted peer cert. der is freed within */ if (ctx != NULL) ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone); - else + else { + SSL_CM_WARNING(ssl); ret = AddTrustedPeer(SSL_CM(ssl), &der, !ssl->options.verifyNone); + } if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error adding trusted peer"); } @@ -8198,6 +8200,7 @@ int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, if (ssl == NULL || ssl->ctx == NULL) return BAD_FUNC_ARG; + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type); } @@ -8648,6 +8651,7 @@ int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm, int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) { WOLFSSL_ENTER("wolfSSL_EnableOCSP"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); else @@ -8657,6 +8661,7 @@ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) int wolfSSL_DisableOCSP(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableOCSP"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); else @@ -8667,6 +8672,7 @@ int wolfSSL_DisableOCSP(WOLFSSL* ssl) int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); else @@ -8676,6 +8682,7 @@ int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); else @@ -8685,6 +8692,7 @@ int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) { WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); else @@ -8696,6 +8704,7 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) { WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); + SSL_CM_WARNING(ssl); if (ssl) { ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), @@ -9484,6 +9493,7 @@ int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm, const char* file, int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) { WOLFSSL_ENTER("wolfSSL_EnableCRL"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); else @@ -9494,6 +9504,7 @@ int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) int wolfSSL_DisableCRL(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableCRL"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); else @@ -9504,6 +9515,7 @@ int wolfSSL_DisableCRL(WOLFSSL* ssl) int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) { WOLFSSL_ENTER("wolfSSL_LoadCRL"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); else @@ -9513,6 +9525,7 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) { WOLFSSL_ENTER("wolfSSL_LoadCRL"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); else @@ -9524,6 +9537,7 @@ int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) { WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); else @@ -9534,6 +9548,7 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) { WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + SSL_CM_WARNING(ssl); if (ssl) return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb); else @@ -17117,6 +17132,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl)); } #endif /* WOLFSSL_LOCAL_X509_STORE */ @@ -20773,6 +20789,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) if (ret == 0 && i == ssl->session->chain.count-1) { /* On the last element in the chain try to add the CA chain * first if we have one for this cert */ + SSL_CM_WARNING(ssl); if (PushCAx509Chain(SSL_CM(ssl), x509, sk) == WOLFSSL_FATAL_ERROR) { ret = WOLFSSL_FATAL_ERROR; diff --git a/tests/api.c b/tests/api.c index 779ca74fb..81455591c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -54595,11 +54595,11 @@ static int test_wolfSSL_CTX_LoadCRL(void) #endif WOLFSSL_CERT_MANAGER* cm = NULL; - #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ + #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ BAD_FUNC_ARG) - #define FAIL_T2(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ + #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ NOT_COMPILED_IN) - #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ + #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ WOLFSSL_SUCCESS) #ifndef NO_WOLFSSL_CLIENT #define NEW_CTX(ctx) AssertNotNull( \ @@ -54629,17 +54629,17 @@ static int test_wolfSSL_CTX_LoadCRL(void) ctx = NULL; NEW_CTX(ctx); - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); ctx = NULL; NEW_CTX(ctx); - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), WOLFSSL_SUCCESS); - AssertNotNull(ssl = wolfSSL_new(ctx)); - AssertIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS); wolfSSL_free(ssl); ssl = NULL; wolfSSL_CTX_free(ctx); diff --git a/tests/suites.c b/tests/suites.c index b8049a54c..d5d17eebb 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -61,7 +61,8 @@ #include "examples/client/client.h" #include "examples/server/server.h" -#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(SINGLE_THREADED) static WOLFSSL_CTX* cipherSuiteCtx = NULL; static char nonblockFlag[] = "-N"; static char noVerifyFlag[] = "-d"; @@ -791,7 +792,8 @@ static void test_harness(void* vargs) int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(SINGLE_THREADED) func_args args; char argv0[3][80]; char* myArgv[3]; diff --git a/tests/unit.c b/tests/unit.c index 825c5550f..d537929fb 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -27,6 +27,7 @@ #endif #include +#include #include #include @@ -290,6 +291,7 @@ void wait_tcp_ready(func_args* args) #endif } +#ifndef SINGLE_THREADED void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread) { @@ -341,4 +343,5 @@ void join_thread(THREAD_TYPE thread) #endif } +#endif /* SINGLE_THREADED */ diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 7b227531a..62e4598ae 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -25,6 +25,7 @@ #endif #include +#include #include #include @@ -57,7 +58,10 @@ static THREAD_RETURN simple_test(func_args *args); static void simple_test(func_args *args); #endif static int test_tls(func_args* server_args); +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR) static int test_crl_monitor(void); +#endif static void show_ciphers(void); static void cleanup_output(void); static int validate_cleanup_output(void); @@ -216,7 +220,8 @@ int testsuite_test(int argc, char** argv) return server_args.return_code; } -#ifdef HAVE_CRL_MONITOR +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR) ret = test_crl_monitor(); if (ret != 0) { cleanup_output(); @@ -257,7 +262,7 @@ int testsuite_test(int argc, char** argv) } #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - defined(HAVE_CRL_MONITOR) + defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR) #define CRL_MONITOR_TEST_ROUNDS 6 static int test_crl_monitor(void) @@ -274,6 +279,7 @@ static int test_crl_monitor(void) "-A", "certs/ca-cert.pem", "--crl-dir", tmpDir, "-C", rounds, + "--quieter", "-x" }; const char* clientArgv[] = { @@ -281,11 +287,14 @@ static int test_crl_monitor(void) "-C", "-c", "certs/server-cert.pem", "-k", "certs/server-key.pem", + "--quieter", "-H", "exitWithRet" }; int ret = -1; int i; + printf("\nRunning CRL monitor test\n"); + sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS); XMEMSET(&server_args, 0, sizeof(func_args)); @@ -333,7 +342,7 @@ static int test_crl_monitor(void) rem_file(buf); expectFail = 1; } - + client_args.return_code = 0; client_test(&client_args); @@ -376,6 +385,8 @@ static int test_tls(func_args* server_args) char* myArgv[NUMARGS]; char arg[3][128]; + printf("\nRunning TLS test\n"); + /* Set up command line arguments for echoclient to send input file * and write echoed data to temporary output file. */ myArgv[0] = arg[0]; @@ -487,6 +498,8 @@ static void simple_test(func_args* args) char *cliArgv[NUMARGS]; char argvc[3][32]; + printf("\nRunning simple test\n"); + for (i = 0; i < 9; i++) svrArgv[i] = argvs[i]; for (i = 0; i < 3; i++) @@ -575,6 +588,7 @@ void wait_tcp_ready(func_args* args) #endif /* thread checks */ } +#ifndef SINGLE_THREADED /* Start a thread. * @@ -675,6 +689,8 @@ void join_thread(THREAD_TYPE thread) #endif } +#endif /* SINGLE_THREADED */ + #ifndef NO_FILESYSTEM #ifdef _MSC_VER @@ -753,7 +769,7 @@ int copy_file(const char* in, const char* out) if (XFWRITE(buf, 1, sz, outFile) != sz) goto cleanup; - + ret = 0; cleanup: if (inFile != XBADFILE) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 84c96af4f..a8c14b166 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -3366,7 +3366,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) *thread = _beginthreadex(NULL, 0, cb, arg, 0, NULL); if (*thread == 0) { *thread = INVALID_THREAD_VAL; - return MEMORY_ERROR; + return MEMORY_E; } return 0; @@ -3381,10 +3381,10 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) /* We still want to attempt to close the thread handle even on error */ if (WaitForSingleObject((HANDLE)thread, INFINITE) == WAIT_FAILED) - ret = MEMORY_ERROR; + ret = MEMORY_E; if (CloseHandle((HANDLE)thread) == 0) - ret = MEMORY_ERROR; + ret = MEMORY_E; return ret; } @@ -3394,10 +3394,10 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - + *cond = CreateEventA(NULL, FALSE, FALSE, NULL); if (*cond == NULL) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3408,7 +3408,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (CloseHandle(*cond) == 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3419,7 +3419,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (SetEvent(*cond) == 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3433,13 +3433,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (WaitForSingleObject(*cond, INFINITE) == WAIT_FAILED) - return MEMORY_ERROR; + return MEMORY_E; return 0; } #endif /* WOLFSSL_COND */ -#else /* pthread */ +#elif defined(WOLFSSL_PTHREADS) int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg) @@ -3448,7 +3448,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (pthread_create(thread, NULL, cb, arg) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3459,7 +3459,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (pthread_join(thread, NULL) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3471,7 +3471,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (pthread_cond_init(cond, NULL) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3482,7 +3482,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (pthread_cond_destroy(cond) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3493,7 +3493,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) return BAD_FUNC_ARG; if (pthread_cond_signal(cond) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } @@ -3507,7 +3507,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) /* mutex has to be locked on entry so we can't touch */ if (pthread_cond_wait(cond, mutex) != 0) - return MEMORY_ERROR; + return MEMORY_E; return 0; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ec47b4352..ca7047529 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5683,6 +5683,13 @@ struct WOLFSSL { #else #define SSL_CM(ssl) (ssl)->ctx->cm #endif +/* Issue warning when we are modifying the overall context CM */ +#define SSL_CM_WARNING(ssl) \ + do { \ + if (SSL_CM( (ssl) ) == (ssl)->ctx->cm) { \ + WOLFSSL_MSG("Modifying SSL_CTX CM not SSL specific CM"); \ + } \ + } while (0) #define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? (ssl)->ca_names : \ (ssl)->ctx->ca_names) diff --git a/wolfssl/test.h b/wolfssl/test.h index c15aa09ac..89661674b 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -633,8 +633,10 @@ typedef struct func_args { void wait_tcp_ready(func_args* args); +#ifndef SINGLE_THREADED void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread); void join_thread(THREAD_TYPE thread); +#endif typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); @@ -643,7 +645,7 @@ void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb, void test_wolfSSL_client_server_nofail(callback_functions* client_cb, callback_functions* server_cb); -/* Return +/* Return * tmpDir on success * NULL on failure */ char* create_tmp_dir(char* tmpDir, int len); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9017c9357..a14364d4d 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -275,23 +275,6 @@ #include -/* AFTER user_settings.h is loaded, -** determine if POSIX multi-threaded: HAVE_PTHREAD */ -#if defined(SINGLE_THREADED) || defined(__MINGW32__) - /* Never HAVE_PTHREAD in single thread, or non-POSIX mode. - ** Reminder: MING32 is win32 threads, not POSIX threads */ - #undef HAVE_PTHREAD -#else - #ifdef _POSIX_THREADS - /* HAVE_PTHREAD == POSIX threads capable and enabled. */ - #undef HAVE_PTHREAD - #define HAVE_PTHREAD 1 - #else - /* Not manually disabled, but POSIX threads not found. */ - #undef HAVE_PTHREAD - #endif -#endif - #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) (((major) * 256) + (minor)) #if !defined(HAVE_FIPS) #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(0,0) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6354dd763..dc0eff721 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1383,7 +1383,7 @@ typedef struct w64wrapper { #ifndef SINGLE_THREADED /* Necessary headers should already be included. */ - + /* We don't support returns from threads */ typedef THREAD_RETURN (WOLFSSL_THREAD *THREAD_CB)(void* arg); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 975b668d7..6a6bf87bc 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1160,6 +1160,23 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif + + /* AFTER user_settings.h is loaded, + ** determine if POSIX multi-threaded: HAVE_PTHREAD */ + #if defined(SINGLE_THREADED) || defined(__MINGW32__) + /* Never HAVE_PTHREAD in single thread, or non-POSIX mode. + ** Reminder: MING32 is win32 threads, not POSIX threads */ + #undef HAVE_PTHREAD + #else + /* _POSIX_THREADS is defined by unistd.h so this check needs to happen + * after we include all the platform relevant libs. */ + #ifdef _POSIX_THREADS + /* HAVE_PTHREAD == POSIX threads capable and enabled. */ + #undef HAVE_PTHREAD + #define HAVE_PTHREAD 1 + #endif + #endif + #ifdef __cplusplus } /* extern "C" */ #endif