From 6052e0187986d6179163e47dc5de41680f42b25c Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 30 Jun 2023 12:59:42 -0700 Subject: [PATCH] Fixes for SNI test with static memory enabled. Fixes for other minor static memory build combinations. --- tests/api.c | 180 +++++++++++++++++++++++----------------- wolfcrypt/src/wc_port.c | 2 +- wolfcrypt/test/test.c | 8 +- wolfssl/test.h | 6 +- 4 files changed, 113 insertions(+), 83 deletions(-) diff --git a/tests/api.c b/tests/api.c index e8d57039d..6881328e0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -47,6 +47,20 @@ #endif #if defined(WOLFSSL_STATIC_MEMORY) #include + +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else + #define TEST_TLS_STATIC_MEMSZ (320000) + #endif + #else + #define TEST_TLS_STATIC_MEMSZ (80000) + #endif +#endif + #endif /* WOLFSSL_STATIC_MEMORY */ #ifndef HEAP_HINT #define HEAP_HINT NULL @@ -6800,11 +6814,11 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) } #else ctx = wolfSSL_CTX_new(callbacks->method()); +#endif if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); goto cleanup; } -#endif /* set defaults */ if (callbacks->caPemFile == NULL) @@ -7053,14 +7067,12 @@ static void run_wolfssl_client(void* args) } } #else - if (ctx == NULL) { - ctx = wolfSSL_CTX_new(callbacks->method()); - } + ctx = wolfSSL_CTX_new(callbacks->method()); +#endif if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); goto cleanup; } -#endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); @@ -9353,90 +9365,117 @@ static int test_wolfSSL_UseSNI_connection(void) callback_functions client_cb; callback_functions server_cb; size_t i; - +#ifdef WOLFSSL_STATIC_MEMORY + byte cliMem[TEST_TLS_STATIC_MEMSZ]; + byte svrMem[TEST_TLS_STATIC_MEMSZ]; +#endif struct { method_provider client_meth; method_provider server_meth; + #ifdef WOLFSSL_STATIC_MEMORY + wolfSSL_method_func client_meth_ex; + wolfSSL_method_func server_meth_ex; + #endif } methods[] = { #if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13) - {wolfSSLv23_client_method, wolfSSLv23_server_method}, + {wolfSSLv23_client_method, wolfSSLv23_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfSSLv23_client_method_ex, wolfSSLv23_server_method_ex + #endif + }, #endif #ifndef WOLFSSL_NO_TLS12 - {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method}, + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfTLSv1_2_client_method_ex, wolfTLSv1_2_server_method_ex + #endif + }, #endif #ifdef WOLFSSL_TLS13 - {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method}, + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfTLSv1_3_client_method_ex, wolfTLSv1_3_server_method_ex + #endif + }, #endif }; size_t methodsSz = sizeof(methods) / sizeof(*methods); for (i = 0; i < methodsSz; i++) { - XMEMSET(&client_cb, 0, sizeof(callback_functions)); - XMEMSET(&server_cb, 0, sizeof(callback_functions)); - client_cb.method = methods[i].client_meth; - server_cb.method = methods[i].server_meth; - client_cb.devId = testDevId; - server_cb.devId = testDevId; + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = methods[i].client_meth; + server_cb.method = methods[i].server_meth; + client_cb.devId = testDevId; + server_cb.devId = testDevId; + #ifdef WOLFSSL_STATIC_MEMORY + client_cb.method_ex = methods[i].client_meth_ex; + server_cb.method_ex = methods[i].server_meth_ex; + client_cb.mem = cliMem; + client_cb.memSz = (word32)sizeof(cliMem); + server_cb.mem = svrMem; + server_cb.memSz = (word32)sizeof(svrMem);; + #endif - /* success case at ctx */ - printf("success case at ctx\n"); - client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; - server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* success case at ctx */ + printf("\n\tsuccess case at ctx\n"); + client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* success case at ssl */ - printf("success case at ssl\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; - server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* success case at ssl */ + printf("\tsuccess case at ssl\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* default mismatch behavior */ - printf("default mismatch behavior\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; - server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* default mismatch behavior */ + printf("\tdefault mismatch behavior\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* continue on mismatch */ - printf("continue on mismatch\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; - server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* continue on mismatch */ + printf("\tcontinue on mismatch\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* fake answer on mismatch */ - printf("fake answer on mismatch\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; - server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* fake answer on mismatch */ + printf("\tfake answer on mismatch\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* sni abort - success */ - printf("sni abort - success\n"); - client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; - server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* sni abort - success */ + printf("\tsni abort - success\n"); + client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* sni abort - abort when absent (ctx) */ - printf("sni abort - abort when absent (ctx)\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; - server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* sni abort - abort when absent (ctx) */ + printf("\tsni abort - abort when absent (ctx)\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* sni abort - abort when absent (ssl) */ - printf("sni abort - abort when absent (ssl)\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; - server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* sni abort - abort when absent (ssl) */ + printf("\tsni abort - abort when absent (ssl)\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* sni abort - success when overwritten */ - printf("sni abort - success when overwritten\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; - server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* sni abort - success when overwritten */ + printf("\tsni abort - success when overwritten\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); - /* sni abort - success when allowing mismatches */ - printf("sni abort - success when allowing mismatches\n"); - client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; - server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; - test_wolfSSL_client_server(&client_cb, &server_cb); + /* sni abort - success when allowing mismatches */ + printf("\tsni abort - success when allowing mismatches\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); } res = TEST_RES_CHECK(1); @@ -57657,17 +57696,6 @@ static int test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) -#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ - defined(SESSION_CERTS) - #ifdef OPENSSL_EXTRA - #define TEST_TLS_STATIC_MEMSZ (400000) - #else - #define TEST_TLS_STATIC_MEMSZ (320000) - #endif -#else - #define TEST_TLS_STATIC_MEMSZ (80000) -#endif - static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) { EXPECT_DECLS; diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 0c5f01baa..1318e78d9 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -385,7 +385,7 @@ int wolfCrypt_Init(void) return ret; } -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) long wolfCrypt_heap_peakAllocs_checkpoint(void) { long ret = ourMemStats.peakAllocsTripOdometer; ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d9057d621..05a765a37 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -55,7 +55,7 @@ #endif #endif -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS; #else @@ -84,7 +84,7 @@ } #else #define PRINT_HEAP_CHECKPOINT() -#endif +#endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */ #ifdef USE_FLAT_TEST_H #ifdef HAVE_CONFIG_H @@ -832,7 +832,7 @@ wc_test_ret_t wolfcrypt_test(void* args) #endif { wc_test_ret_t ret; -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) long heap_baselineAllocs, heap_baselineBytes; #endif #ifdef TEST_ALWAYS_RUN_TO_END @@ -840,7 +840,7 @@ wc_test_ret_t wolfcrypt_test(void* args) #endif STACK_SIZE_INIT(); -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) (void)wolfCrypt_heap_peakAllocs_checkpoint(); heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); (void)wolfCrypt_heap_peakBytes_checkpoint(); diff --git a/wolfssl/test.h b/wolfssl/test.h index a46e0c60b..0b36a5e74 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -2903,7 +2903,8 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) char buffer[WOLFSSL_MAX_ERROR_SZ]; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509* peer; -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) +#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_BIO* bio = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; @@ -2948,7 +2949,8 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) +#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(OPENSSL_EXTRA_X509_SMALL) /* avoid printing duplicate certs */ if (store->depth == 1) { int i;