diff --git a/ESP32/DTLS13-wifi-station-client/main/client-dtls13.c b/ESP32/DTLS13-wifi-station-client/main/client-dtls13.c index 749825e97..ec85629bf 100644 --- a/ESP32/DTLS13-wifi-station-client/main/client-dtls13.c +++ b/ESP32/DTLS13-wifi-station-client/main/client-dtls13.c @@ -156,7 +156,7 @@ WOLFSSL_ESP_TASK dtls13_smp_client_task(void *pvParameters) ESP_LOGI(TAG, "See ./include/client-dtls13.h to update settings."); ESP_LOGI(TAG, "Setting server address to %s, port %d.", TLS_SMP_SERVER_ADDRESS, SERV_PORT); - memset(&servAddr, 0, sizeof(servAddr)); + XMEMSET(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if (inet_pton(AF_INET, TLS_SMP_SERVER_ADDRESS, &servAddr.sin_addr) < 1) { @@ -199,10 +199,11 @@ WOLFSSL_ESP_TASK dtls13_smp_client_task(void *pvParameters) ESP_LOGI(TAG, "Sending message"); - strcpy(sendLine, "Hello World."); + XSTRCPY(sendLine, "Hello World."); /* Send sendLine to the server */ - if (wolfSSL_write(ssl, sendLine, strlen(sendLine)) != strlen(sendLine)) { + if (wolfSSL_write(ssl, sendLine, XSTRLEN(sendLine)) != + XSTRLEN(sendLine)) { err = wolfSSL_get_error(ssl, 0); ESP_LOGE(TAG, "err = %d, %s\n", err, wolfSSL_ERR_reason_error_string(err)); diff --git a/ESP32/DTLS13-wifi-station-client/main/time_helper.c b/ESP32/DTLS13-wifi-station-client/main/time_helper.c index 233295757..34d90147b 100644 --- a/ESP32/DTLS13-wifi-station-client/main/time_helper.c +++ b/ESP32/DTLS13-wifi-station-client/main/time_helper.c @@ -189,7 +189,7 @@ int set_time(void) ESP_LOGI(TAG, "sntp_setservername:"); for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1) == 0) { + if (XSTRNCMP(thisServer, "\x00", 1) == 0) { /* just in case we run out of NTP servers */ break; } diff --git a/ESP32/DTLS13-wifi-station-server/main/server-dtls13.c b/ESP32/DTLS13-wifi-station-server/main/server-dtls13.c index b19fd488d..699fdbabc 100644 --- a/ESP32/DTLS13-wifi-station-server/main/server-dtls13.c +++ b/ESP32/DTLS13-wifi-station-server/main/server-dtls13.c @@ -244,7 +244,7 @@ WOLFSSL_ESP_TASK dtls13_smp_server_task(void *pvParameters) /* initialize network vars */ if (ret == WOLFSSL_SUCCESS) { - memset((char *)&servAddr, 0, sizeof(servAddr)); + XMEMSET((char *)&servAddr, 0, sizeof(servAddr)); /* host-to-network-long conversion (htonl) */ /* host-to-network-short conversion (htons) */ servAddr.sin_family = AF_INET; diff --git a/ESP32/DTLS13-wifi-station-server/main/time_helper.c b/ESP32/DTLS13-wifi-station-server/main/time_helper.c index 34e992f49..10438c73f 100644 --- a/ESP32/DTLS13-wifi-station-server/main/time_helper.c +++ b/ESP32/DTLS13-wifi-station-server/main/time_helper.c @@ -202,7 +202,7 @@ int set_time(void) ESP_LOGI(TAG, "sntp_setservername:"); for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1) == 0) { + if (XSTRNCMP(thisServer, "\x00", 1) == 0) { /* just in case we run out of NTP servers */ break; } diff --git a/ESP32/TLS13-ENC28J60-client/main/enc28j60_example_main.c b/ESP32/TLS13-ENC28J60-client/main/enc28j60_example_main.c index 580a31f0c..2b0812539 100644 --- a/ESP32/TLS13-ENC28J60-client/main/enc28j60_example_main.c +++ b/ESP32/TLS13-ENC28J60-client/main/enc28j60_example_main.c @@ -165,7 +165,7 @@ int tls_smp_client_task() { #endif /* WOLFSSL_TLS13 */ /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); + XMEMSET(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ @@ -220,13 +220,16 @@ int tls_smp_client_task() { * a non-negative integer, the socket file descriptor. */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd > 0) { + if (sockfd >= 0) { WOLFSSL_MSG("socket creation successful\n"); } else { - // TODO show errno + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: failed to create a socket (errno = %d).\n", + errno); + WOLFSSL_ERROR_MSG(err_msg); ret = WOLFSSL_FAILURE; - WOLFSSL_ERROR_MSG("ERROR: failed to create a socket.\n"); } } else { @@ -258,8 +261,10 @@ int tls_smp_client_task() { WOLFSSL_MSG("sockfd connect successful\n"); } else { - // TODO show errno - WOLFSSL_ERROR_MSG("ERROR: socket connect failed\n"); + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: socket connect failed (errno = %d)\n", errno); + WOLFSSL_ERROR_MSG(err_msg); ret = WOLFSSL_FAILURE; } } @@ -697,13 +702,13 @@ int tls_smp_client_task() { */ if (ret == WOLFSSL_SUCCESS) { - memset(buff, 0, BUFF_SIZE); + XMEMSET(buff, 0, BUFF_SIZE); /* get the length of our message, never longer than the declared size */ /* TODO check for zero length */ - len = strnlen(sendMessage, sendMessageSize); + len = XSTRLEN(sendMessage); /* write the message over secure connection to the server */ if (wolfSSL_write(ssl, sendMessage, len) == len) { @@ -783,7 +788,7 @@ int tls_smp_client_task() { if (ret == WOLFSSL_SUCCESS) { /* even though the result should be a zero-terminated string, * we'll clear the receive buffer */ - memset(buff, 0, BUFF_SIZE); + XMEMSET(buff, 0, BUFF_SIZE); /* read the response data from our secure connection */ if (wolfSSL_read(ssl, buff, BUFF_SIZE - 1) > 0) { @@ -946,7 +951,7 @@ int set_time() { int i = 0; for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1)) { + if (XSTRNCMP(thisServer, "\x00", 1)) { /* just in case we run out of NTP servers */ break; } diff --git a/ESP32/TLS13-ENC28J60-server/main/enc28j60_example_main.c b/ESP32/TLS13-ENC28J60-server/main/enc28j60_example_main.c index ce54aa311..699fcb0a5 100644 --- a/ESP32/TLS13-ENC28J60-server/main/enc28j60_example_main.c +++ b/ESP32/TLS13-ENC28J60-server/main/enc28j60_example_main.c @@ -190,7 +190,7 @@ int tls_smp_server_task() { #endif /* WOLFSSL_TLS13 */ /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); + XMEMSET(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ @@ -280,13 +280,16 @@ int tls_smp_server_task() { * a non-negative integer, the socket file descriptor. */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd > 0) { + if (sockfd >= 0) { WOLFSSL_MSG("socket creation successful\n"); } else { - // TODO show errno + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: failed to create a socket (errno = %d).\n", + errno); + WOLFSSL_ERROR_MSG(err_msg); ret = WOLFSSL_FAILURE; - WOLFSSL_ERROR_MSG("ERROR: failed to create a socket.\n"); } } else { @@ -348,9 +351,13 @@ int tls_smp_server_task() { WOLFSSL_MSG("setsockopt re-use addr successful\n"); } else { - // TODO show errno + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: failed to setsockopt addr on " + "socket (errno = %d).\n", + errno); + WOLFSSL_ERROR_MSG(err_msg); ret = WOLFSSL_FAILURE; - WOLFSSL_ERROR_MSG("ERROR: failed to setsockopt addr on socket.\n"); } } else { @@ -370,10 +377,12 @@ int tls_smp_server_task() { WOLFSSL_MSG("setsockopt re-use port successful\n"); } else { - // TODO show errno - // ret = WOLFSSL_FAILURE; - // TODO what's up with the error? - WOLFSSL_ERROR_MSG("ERROR: failed to setsockopt port on socket. >> IGNORED << \n"); + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: failed to setsockopt port on " + "socket (errno = %d). " + ">> IGNORED << \n", errno); + WOLFSSL_ERROR_MSG(err_msg); } } else { @@ -738,21 +747,19 @@ int tls_smp_server_task() { /* Accept client connections */ if ((mConnd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { - // fprintf(stderr, "ERROR: failed to accept the connection\n\n"); - ret = -1; - // TODO goto exit; - WOLFSSL_ERROR_MSG("ERROR: failed socket accept\n"); - ret = WOLFSSL_FAILURE; + WOLFSSL_ERROR_MSG("ERROR: failed socket accept\n"); + ret = WOLFSSL_FAILURE; + break; } /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { - // fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); - ret = -1; - //TODO goto exit; - WOLFSSL_ERROR_MSG("ERROR: filed wolfSSL_new during loop\n"); + WOLFSSL_ERROR_MSG("ERROR: failed wolfSSL_new during loop\n"); ret = WOLFSSL_FAILURE; - } + close(mConnd); + mConnd = SOCKET_INVALID; + break; + } /* Attach wolfSSL to the socket */ wolfSSL_set_fd(ssl, mConnd); @@ -771,45 +778,42 @@ int tls_smp_server_task() { if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) { WOLFSSL_ERROR_MSG("ERROR: wolfSSL_accept\n"); ret = WOLFSSL_FAILURE; - // fprintf(stderr, - // "wolfSSL_accept error = %d\n", - // wolfSSL_get_error(ssl, ret)); - // TODO goto exit; } else { WOLFSSL_MSG("Client connected successfully\n"); } - #ifdef HAVE_SECRET_CALLBACK - wolfSSL_FreeArrays(ssl); + if (ret == WOLFSSL_SUCCESS) { + wolfSSL_FreeArrays(ssl); + } #endif /* Read the client data into our buff array */ - memset(buff, 0, sizeof(buff)); - if ((ret = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) { - // fprintf(stderr, "ERROR: failed to read\n"); - //TODO goto exit; + if (ret == WOLFSSL_SUCCESS) { + XMEMSET(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) <= 0) { + WOLFSSL_ERROR_MSG("ERROR: failed to read\n"); + ret = WOLFSSL_FAILURE; + } } - /* Print to stdout any data the client sends */ - // printf("Client: %s\n", buff); - - /* Check for server shutdown command */ - if (strncmp(buff, "shutdown", 8) == 0) { - // printf("Shutdown command issued!\n"); - mShutdown = 1; - } + if (ret == WOLFSSL_SUCCESS) { + /* Check for server shutdown command */ + if (XSTRNCMP(buff, "shutdown", 8) == 0) { + mShutdown = 1; + } - /* Write our reply into buff */ - memset(buff, 0, sizeof(buff)); - memcpy(buff, reply, strlen(reply)); - len = strnlen(buff, sizeof(buff)); + /* Write our reply into buff */ + XMEMSET(buff, 0, sizeof(buff)); + XMEMCPY(buff, reply, XSTRLEN(reply)); + len = XSTRLEN(buff); - /* Reply back to the client */ - if ((ret = wolfSSL_write(ssl, buff, len)) != len) { - // fprintf(stderr, "ERROR: failed to write\n"); - // TODO goto exit; + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, len) != len) { + WOLFSSL_ERROR_MSG("ERROR: failed to write\n"); + ret = WOLFSSL_FAILURE; + } } /* Cleanup after this connection */ @@ -967,7 +971,7 @@ int set_time() { int i = 0; for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1)) { + if (XSTRNCMP(thisServer, "\x00", 1)) { /* just in case we run out of NTP servers */ break; } diff --git a/ESP32/TLS13-wifi_station-client/main/station_example_main.c b/ESP32/TLS13-wifi_station-client/main/station_example_main.c index a35990eda..20e1465bc 100644 --- a/ESP32/TLS13-wifi_station-client/main/station_example_main.c +++ b/ESP32/TLS13-wifi_station-client/main/station_example_main.c @@ -9,6 +9,7 @@ #include +#include #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "freertos/event_groups.h" @@ -192,7 +193,7 @@ int set_time() { int i = 0; for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1)) { + if (XSTRNCMP(thisServer, "\x00", 1)) { /* just in case we run out of NTP servers */ break; } @@ -302,7 +303,7 @@ int tls_smp_client_task() { /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); + XMEMSET(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ @@ -357,13 +358,13 @@ int tls_smp_client_task() { * a non-negative integer, the socket file descriptor. */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd > 0) { + if (sockfd >= 0) { ESP_LOGI(TAG,"socket creation successful\n"); } else { - // TODO show errno + ESP_LOGE(TAG, + "ERROR: failed to create a socket (errno = %d).\n", errno); ret = WOLFSSL_FAILURE; - ESP_LOGE(TAG, "ERROR: failed to create a socket.\n"); } } else { @@ -398,8 +399,8 @@ int tls_smp_client_task() { ESP_LOGI(TAG,"sockfd connect successful\n"); } else { - // TODO show errno - ESP_LOGE(TAG, "ERROR: socket connect failed\n"); + ESP_LOGE(TAG, + "ERROR: socket connect failed (errno = %d)\n", errno); ret = WOLFSSL_FAILURE; } } @@ -837,13 +838,13 @@ int tls_smp_client_task() { */ if (ret == WOLFSSL_SUCCESS) { - memset(buff, 0, BUFF_SIZE); + XMEMSET(buff, 0, BUFF_SIZE); /* get the length of our message, never longer than the declared size */ /* TODO check for zero length */ - len = strnlen(sendMessage, sendMessageSize); + len = XSTRLEN(sendMessage); /* write the message over secure connection to the server */ if (wolfSSL_write(ssl, sendMessage, len) == len) { @@ -923,7 +924,7 @@ int tls_smp_client_task() { if (ret == WOLFSSL_SUCCESS) { /* even though the result should be a zero-terminated string, * we'll clear the receive buffer */ - memset(buff, 0, BUFF_SIZE); + XMEMSET(buff, 0, BUFF_SIZE); /* read the response data from our secure connection */ if (wolfSSL_read(ssl, buff, BUFF_SIZE - 1) > 0) { diff --git a/ESP32/TLS13-wifi_station-server/main/station_example_main.c b/ESP32/TLS13-wifi_station-server/main/station_example_main.c index 91044619a..79e33706f 100644 --- a/ESP32/TLS13-wifi_station-server/main/station_example_main.c +++ b/ESP32/TLS13-wifi_station-server/main/station_example_main.c @@ -9,6 +9,7 @@ #include +#include #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "freertos/event_groups.h" @@ -196,7 +197,7 @@ int set_time() { int i = 0; for (i = 0; i < NTP_SERVER_COUNT; i++) { const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1)) { + if (XSTRNCMP(thisServer, "\x00", 1)) { /* just in case we run out of NTP servers */ break; } @@ -330,7 +331,7 @@ int tls_smp_server_task() { #endif /* WOLFSSL_TLS13 */ /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); + XMEMSET(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ servAddr.sin_family = AF_INET; /* using IPv4 */ @@ -427,13 +428,16 @@ int tls_smp_server_task() { * a non-negative integer, the socket file descriptor. */ sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd > 0) { + if (sockfd >= 0) { WOLFSSL_MSG("socket creation successful\n"); } else { - // TODO show errno + char err_msg[128]; + XSNPRINTF(err_msg, sizeof(err_msg), + "ERROR: failed to create a socket (errno = %d).\n", + errno); + WOLFSSL_ERROR_MSG(err_msg); ret = WOLFSSL_FAILURE; - WOLFSSL_ERROR_MSG("ERROR: failed to create a socket.\n"); } } else { @@ -913,20 +917,18 @@ int tls_smp_server_task() { /* Accept client connections */ if ((mConnd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { - - ret = -1; - goto exit; WOLFSSL_ERROR_MSG("ERROR: failed socket connection accept\n"); ret = WOLFSSL_FAILURE; + break; } /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { WOLFSSL_ERROR_MSG("ERROR: failed to create WOLFSSL object\n"); - ret = -1; - goto exit; - WOLFSSL_ERROR_MSG("ERROR: failed wolfSSL_new during loop\n"); ret = WOLFSSL_FAILURE; + close(mConnd); + mConnd = SOCKET_INVALID; + break; } /* Attach wolfSSL to the socket */ @@ -945,47 +947,56 @@ int tls_smp_server_task() { /* Establish TLS connection */ if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) { WOLFSSL_ERROR_MSG("ERROR: wolfSSL_accept\n"); - - ret = WOLFSSL_FAILURE; ESP_LOGE(TAG, "wolfSSL_accept error = %d\n", wolfSSL_get_error(ssl, ret)); - goto exit; + ret = WOLFSSL_FAILURE; } else { WOLFSSL_MSG("Client connected successfully\n"); } #ifdef HAVE_SECRET_CALLBACK - wolfSSL_FreeArrays(ssl); + if (ret == WOLFSSL_SUCCESS) { + wolfSSL_FreeArrays(ssl); + } #endif /* Read the client data into our buff array */ - memset(buff, 0, sizeof(buff)); - if ((ret = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) { - ESP_LOGE(TAG, "wolfSSL_read error = %d\n", - wolfSSL_get_error(ssl, ret)); - goto exit; + if (ret == WOLFSSL_SUCCESS) { + int readRet; + XMEMSET(buff, 0, sizeof(buff)); + readRet = wolfSSL_read(ssl, buff, sizeof(buff) - 1); + if (readRet <= 0) { + ESP_LOGE(TAG, "wolfSSL_read error = %d\n", + wolfSSL_get_error(ssl, readRet)); + ret = WOLFSSL_FAILURE; + } } - /* Print any data the client sends */ - ESP_LOGI(TAG, "Client: %s\n", buff); - - /* Check for server shutdown command */ - if (strncmp(buff, "shutdown", 8) == 0) { - ESP_LOGI(TAG, "Shutdown command issued!\n"); - mShutdown = 1; - } + if (ret == WOLFSSL_SUCCESS) { + /* Print any data the client sends */ + ESP_LOGI(TAG, "Client: %s\n", buff); - /* Write our reply into buff */ - memset(buff, 0, sizeof(buff)); - memcpy(buff, reply, strlen(reply)); - len = strnlen(buff, sizeof(buff)); + /* Check for server shutdown command */ + if (XSTRNCMP(buff, "shutdown", 8) == 0) { + ESP_LOGI(TAG, "Shutdown command issued!\n"); + mShutdown = 1; + } - /* Reply back to the client */ - if ((ret = wolfSSL_write(ssl, buff, len)) != len) { - ESP_LOGE(TAG, "wolfSSL_write error = %d\n", - wolfSSL_get_error(ssl, ret)); - goto exit; + /* Write our reply into buff */ + XMEMSET(buff, 0, sizeof(buff)); + XMEMCPY(buff, reply, XSTRLEN(reply)); + len = XSTRLEN(buff); + + /* Reply back to the client */ + { + int writeRet = wolfSSL_write(ssl, buff, len); + if (writeRet != len) { + ESP_LOGE(TAG, "wolfSSL_write error = %d\n", + wolfSSL_get_error(ssl, writeRet)); + ret = WOLFSSL_FAILURE; + } + } } /* Cleanup after this connection */ @@ -1009,7 +1020,6 @@ int tls_smp_server_task() { * *************************************************************************** */ -exit: if (mConnd != SOCKET_INVALID) { close(mConnd); /* Close the connection to the client */ mConnd = SOCKET_INVALID; diff --git a/dtls/client-dtls-export.c b/dtls/client-dtls-export.c index 2cdc4b5e1..8c95b03ac 100644 --- a/dtls/client-dtls-export.c +++ b/dtls/client-dtls-export.c @@ -50,7 +50,7 @@ static void Usage(const char* progName) int main(int argc, char** argv) { - int sockfd = 0; + int sockfd = -1; int ret; struct sockaddr_in servAddr; WOLFSSL* ssl = NULL; @@ -203,7 +203,7 @@ int main(int argc, char** argv) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } - if (sockfd > 0) close(sockfd); + if (sockfd >= 0) close(sockfd); if (ctx != NULL) wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); diff --git a/dtls/client-dtls-import.c b/dtls/client-dtls-import.c index d6ff02699..c6493b477 100644 --- a/dtls/client-dtls-import.c +++ b/dtls/client-dtls-import.c @@ -49,7 +49,7 @@ static void Usage(const char* progName) int main(int argc, char** argv) { - int sockfd = 0; + int sockfd = -1; int ret; struct sockaddr_in servAddr; WOLFSSL* ssl = NULL; @@ -60,6 +60,7 @@ int main(int argc, char** argv) unsigned char* sessionBuf = NULL; unsigned int sessionSz = 0; int n; + int err_occurred = 0; /* Program argument checking */ if (argc < 2 || argc > 3) { @@ -149,6 +150,7 @@ int main(int argc, char** argv) int err = wolfSSL_get_error(ssl, ret); fprintf(stderr, "Error: wolfSSL_write failed: %d (%s)\n", err, wolfSSL_ERR_reason_error_string(err)); + err_occurred = 1; break; } printf("Sent: %s", sendLine); @@ -164,6 +166,8 @@ int main(int argc, char** argv) if (err != SSL_ERROR_WANT_READ) { fprintf(stderr, "Error: wolfSSL_read failed: %d (%s)\n", err, wolfSSL_ERR_reason_error_string(err)); + ret = n; + err_occurred = 1; break; } } @@ -171,7 +175,9 @@ int main(int argc, char** argv) printf("\nEnter message (or 'quit' to exit):\n"); } - ret = 0; + if (!err_occurred) { + ret = 0; + } cleanup: if (sessionBuf != NULL) free(sessionBuf); @@ -179,7 +185,7 @@ int main(int argc, char** argv) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } - if (sockfd > 0) close(sockfd); + if (sockfd >= 0) close(sockfd); if (ctx != NULL) wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); diff --git a/dtls/client-dtls-resume.c b/dtls/client-dtls-resume.c index 8b4b9019f..0d8e13c90 100644 --- a/dtls/client-dtls-resume.c +++ b/dtls/client-dtls-resume.c @@ -47,7 +47,7 @@ main(int argc, char * argv[]) { /* standard variables used in a dtls client*/ - int sockfd = 0; + int sockfd = -1; int err1; const char * host = argv[1]; WOLFSSL * ssl = NULL; /* The ssl for original connection. */ @@ -88,7 +88,7 @@ main(int argc, sockfd = new_udp_client_socket(ssl, host); - if (sockfd <= 0) { + if (sockfd < 0) { printf("error: new_udp_client_socket failed\n"); return EXIT_FAILURE; } @@ -123,7 +123,7 @@ main(int argc, close(sockfd); ssl = NULL; - sockfd = 0; + sockfd = -1; /* Make a new WOLFSSL. */ ssl_res = wolfSSL_new(ctx); @@ -143,7 +143,7 @@ main(int argc, /* Open a new udp socket. */ sockfd = new_udp_client_socket(ssl_res, host); - if (sockfd <= 0) { + if (sockfd < 0) { printf("error: new_udp_client_socket failed\n"); return EXIT_FAILURE; } @@ -173,7 +173,7 @@ main(int argc, ssl_res = NULL; session = NULL; - sockfd = 0; + sockfd = -1; return 0; } @@ -187,12 +187,12 @@ new_udp_client_socket(WOLFSSL * ssl, const char * host) { struct sockaddr_in servAddr; - int sockfd = 0; + int sockfd = -1; int ret = 0; sockfd = socket(AF_INET, SOCK_DGRAM, 0); - if (sockfd <= 0) { + if (sockfd < 0) { int errsave = errno; printf("error: socket returned %d\n", errsave); return -1; @@ -208,7 +208,7 @@ new_udp_client_socket(WOLFSSL * ssl, if (ret != 1) { printf("error: inet_pton %s returned %d\n", host, ret); close(sockfd); - sockfd = 0; + sockfd = -1; return -1; } @@ -217,7 +217,7 @@ new_udp_client_socket(WOLFSSL * ssl, if (ret != SSL_SUCCESS) { printf("error: wolfSSL_dtls_set_peer returned %d\n", ret); close(sockfd); - sockfd = 0; + sockfd = -1; return -1; } diff --git a/dtls/client-dtls-threaded.c b/dtls/client-dtls-threaded.c index 1152712fd..05b4e5eff 100644 --- a/dtls/client-dtls-threaded.c +++ b/dtls/client-dtls-threaded.c @@ -47,7 +47,7 @@ typedef struct { WOLFSSL_CTX * ctx; } thread_args_t; -static void safer_shutdown(thread_args_t * args); +static int safer_shutdown(thread_args_t * args); static void * client_work(void * arg); int @@ -107,6 +107,7 @@ main(int argc, for (size_t i = 0; i < n_threads; ++i) { args[i].ctx = ctx; + args[i].activefd = -1; ret = pthread_create(&threads[i], NULL, client_work, &args[i]); if (ret == 0 ) { @@ -169,7 +170,7 @@ client_work(void * args) } thread_args->activefd = socket(AF_INET, SOCK_DGRAM, 0); - if (thread_args->activefd <= 0) { + if (thread_args->activefd < 0) { printf("error: socket returned %d\n", thread_args->activefd); return NULL; } @@ -246,19 +247,22 @@ client_work(void * args) sleep(1); } - safer_shutdown(thread_args); + ret = safer_shutdown(thread_args); + if (ret != 0) { + printf("error: safer_shutdown failed: %d\n", ret); + } return NULL; } /* Small shutdown wrapper to safely clean up a thread's * connection. */ -static void +static int safer_shutdown(thread_args_t * args) { if (args == NULL) { printf("error: safer_shutdown with null args\n"); - return; + return -1; } if (args->ssl != NULL) { @@ -268,11 +272,11 @@ safer_shutdown(thread_args_t * args) args->ssl = NULL; } - if (args->activefd > 0) { + if (args->activefd >= 0) { printf("info: closed socket: %d\n", args->activefd); close(args->activefd); - args->activefd = 0; + args->activefd = -1; } - return; + return 0; } diff --git a/dtls/server-dtls-export.c b/dtls/server-dtls-export.c index 857e00d98..5e0a468b7 100644 --- a/dtls/server-dtls-export.c +++ b/dtls/server-dtls-export.c @@ -63,7 +63,7 @@ int main(int argc, char** argv) char servKeyLoc[] = "../certs/server-key.pem"; int ret = 0; int on = 1; - int listenfd = 0; + int listenfd = -1; int recvLen; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; @@ -274,7 +274,7 @@ int main(int argc, char** argv) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } - if (listenfd > 0) close(listenfd); + if (listenfd >= 0) close(listenfd); if (ctx != NULL) wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); diff --git a/dtls/server-dtls-import.c b/dtls/server-dtls-import.c index f1a83b9c1..e58b891b5 100644 --- a/dtls/server-dtls-import.c +++ b/dtls/server-dtls-import.c @@ -59,7 +59,7 @@ int main(int argc, char** argv) { int ret = 0; int on = 1; - int listenfd = 0; + int listenfd = -1; int recvLen; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; @@ -72,6 +72,7 @@ int main(int argc, char** argv) const char* sessionFile = DEFAULT_SERVER_SESSION_FILE; unsigned char* sessionBuf = NULL; unsigned int sessionSz = 0; + int err_occurred = 0; /* Program argument checking */ if (argc > 2) { @@ -202,6 +203,7 @@ int main(int argc, char** argv) int err = wolfSSL_get_error(ssl, ret); fprintf(stderr, "Error: wolfSSL_write failed: %d (%s)\n", err, wolfSSL_ERR_reason_error_string(err)); + err_occurred = 1; break; } } @@ -210,12 +212,16 @@ int main(int argc, char** argv) if (err != SSL_ERROR_WANT_READ) { fprintf(stderr, "Error: wolfSSL_read failed: %d (%s)\n", err, wolfSSL_ERR_reason_error_string(err)); + ret = recvLen; + err_occurred = 1; break; } } } - ret = 0; + if (!err_occurred) { + ret = 0; + } cleanup: if (sessionBuf != NULL) free(sessionBuf); @@ -223,7 +229,7 @@ int main(int argc, char** argv) wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } - if (listenfd > 0) close(listenfd); + if (listenfd >= 0) close(listenfd); if (ctx != NULL) wolfSSL_CTX_free(ctx); wolfSSL_Cleanup(); diff --git a/dtls/server-dtls-threaded.c b/dtls/server-dtls-threaded.c index 8e4941a5a..00a1ff605 100644 --- a/dtls/server-dtls-threaded.c +++ b/dtls/server-dtls-threaded.c @@ -63,7 +63,7 @@ static WOLFSSL_CTX * ctx = NULL; static volatile int stop_server = 0; static int new_udp_listen_socket(void); -static void safer_shutdown(thread_args_t * args); +static int safer_shutdown(thread_args_t * args); static void * server_work(void * thread_args); static void sig_handler(const int sig); static void cleanup_threadpool(pthread_t * threads, thread_args_t * args, @@ -78,7 +78,7 @@ main(int argc, char servKeyLoc[] = "../certs/server-key.pem"; int ret = 0; /* Variables for awaiting datagram */ - int listenfd = 0; /* Initialize our socket */ + int listenfd = -1; /* Initialize our socket */ struct sockaddr_in cliaddr; /* the client's address */ socklen_t cliLen = sizeof(cliaddr); /* variables needed for threading */ @@ -159,7 +159,7 @@ main(int argc, /* Create a UDP/IP socket */ listenfd = new_udp_listen_socket(); - if (listenfd <= 0 ) { + if (listenfd < 0) { printf("error: cannot create socket: %d\n", listenfd); return EXIT_FAILURE; } @@ -243,7 +243,10 @@ main(int argc, /* All threads exited. Do a final cleanup pass just in case. */ for (size_t i = 0; i < n_threads; ++i) { - safer_shutdown(&args[i]); + ret = safer_shutdown(&args[i]); + if (ret != 0) { + printf("error: safer_shutdown failed: %d\n", ret); + } } wolfSSL_CTX_free(ctx); @@ -256,13 +259,13 @@ static int new_udp_listen_socket(void) { struct sockaddr_in listen_addr; /* our server's address */ - int sockfd = 0; + int sockfd = -1; int ret = 0; int on = 1; sockfd = socket(AF_INET, SOCK_DGRAM, 0); - if (sockfd <= 0) { + if (sockfd < 0) { int errsave = errno; printf("error: socket returned %d\n", errsave); return -1; @@ -277,14 +280,14 @@ new_udp_listen_socket(void) if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char*)&on, sizeof(on)) != 0) { printf("error: setsockopt() with SO_REUSEADDR"); close(sockfd); - sockfd = 0; + sockfd = -1; return -1; } #ifdef SO_REUSEPORT if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, (char*)&on, sizeof(on)) != 0) { printf("error: setsockopt() with SO_REUSEPORT"); close(sockfd); - sockfd = 0; + sockfd = -1; return -1; } #endif @@ -296,7 +299,7 @@ new_udp_listen_socket(void) int errsave = errno; printf("error: bind returned %d\n", errsave); close(sockfd); - sockfd = 0; + sockfd = -1; return -1; } @@ -370,21 +373,24 @@ server_work(void * args) } } - safer_shutdown(thread_args); + ret = safer_shutdown(thread_args); + if (ret != 0) { + printf("error: safer_shutdown failed: %d\n", ret); + } printf("info: exiting thread %ld\n", (long)pthread_self()); pthread_exit(NULL); } /* Small shutdown wrapper to safely clean up a thread's * connection. */ -static void +static int safer_shutdown(thread_args_t * args) { int ret; if (args == NULL) { printf("error: safer_shutdown with null args\n"); - return; + return -1; } if (args->ssl != NULL) { @@ -399,15 +405,15 @@ safer_shutdown(thread_args_t * args) args->ssl = NULL; } - if (args->activefd > 0) { + if (args->activefd >= 0) { printf("info: closed socket: %d\n", args->activefd); close(args->activefd); - args->activefd = 0; + args->activefd = -1; } args->done = 1; - return; + return 0; } static void diff --git a/pk/rsa/rsa-nb.c b/pk/rsa/rsa-nb.c index 91c2c4caf..df24afc8a 100644 --- a/pk/rsa/rsa-nb.c +++ b/pk/rsa/rsa-nb.c @@ -224,7 +224,7 @@ int main(int argc, char** argv) verifySz = ret; ret = 0; - if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) { + if (verifySz != (int)inSz || XMEMCMP(plain, in, inSz) != 0) { ret = SIG_VERIFY_E; } @@ -242,8 +242,6 @@ int main(int argc, char** argv) wc_FreeRng(&rng); wolfSSL_Cleanup(); - (void)verifySz; - return 0; #else (void)kRsaKey; diff --git a/psk/client-psk-resume.c b/psk/client-psk-resume.c index 2379652dd..d65df7b97 100644 --- a/psk/client-psk-resume.c +++ b/psk/client-psk-resume.c @@ -95,13 +95,15 @@ int main(int argc, char **argv){ /* converts IPv4 addresses from text to binary form */ ret = inet_pton(AF_INET, argv[1], &servaddr.sin_addr); if (ret != 1){ - ret = -1; goto exit; + ret = -1; + goto exit; } /* attempts to make a connection on a socket */ ret = connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); if (ret != 0 ){ - ret = -1; goto exit; + ret = -1; + goto exit; } wolfSSL_Init(); /* initialize wolfSSL */ @@ -109,7 +111,8 @@ int main(int argc, char **argv){ /* create and initialize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { fprintf(stderr, "wolfSSL_CTX_new error.\n"); - ret = -1; goto exit; + ret = -1; + goto exit; } #ifndef NO_PSK @@ -122,7 +125,8 @@ int main(int argc, char **argv){ /* create wolfSSL object after each tcp connect */ if ( (ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "wolfSSL_new error.\n"); - ret = -1; goto exit; + ret = -1; + goto exit; } /* associate the file descriptor with the session */ @@ -131,20 +135,22 @@ int main(int argc, char **argv){ /* takes inputting string and outputs it to the server */ if (wolfSSL_write(ssl, sendline, sizeof(sendline)) != sizeof(sendline)) { printf("Write Error to Server\n"); - ret = -1; goto exit; + ret = -1; + goto exit; } /* flags if the Server stopped before the client could end */ if (wolfSSL_read(ssl, recvline, MAXLINE) < 0 ) { printf("Client: Server Terminated Prematurely!\n"); - ret = -1; goto exit; + ret = -1; + goto exit; } /* show message from the server */ printf("Server Message: %s\n", recvline); /* Save the session ID to reuse */ - session = wolfSSL_get_session(ssl); + session = wolfSSL_get1_session(ssl); sslResume = wolfSSL_new(ctx); /* shut down wolfSSL */ @@ -152,11 +158,22 @@ int main(int argc, char **argv){ /* close connection */ close(sockfd); + sockfd = SOCKET_INVALID; /* cleanup without wolfSSL_Cleanup() and wolfSSL_CTX_free() for now */ wolfSSL_free(ssl); ssl = NULL; + if (session == NULL) { + ret = -1; + goto exit; + } + + if (sslResume == NULL) { + ret = -1; + goto exit; + } + /* * resume session, start new connection and socket */ @@ -213,6 +230,8 @@ int main(int argc, char **argv){ wolfSSL_free(ssl); /* Free the wolfSSL object */ if (sslResume) wolfSSL_free(sslResume); /* Free the wolfSSL object */ + if (session != NULL) + wolfSSL_SESSION_free(session); if (sockfd != SOCKET_INVALID) close(sockfd); /* Close the socket */ if (sock != SOCKET_INVALID) diff --git a/tls-options/client-tls-resume.c b/tls-options/client-tls-resume.c index 6b7d01109..18de2e756 100644 --- a/tls-options/client-tls-resume.c +++ b/tls-options/client-tls-resume.c @@ -29,6 +29,7 @@ #include #include #include +#include /* wolfSSL */ #include diff --git a/tls-options/client-tls-session.c b/tls-options/client-tls-session.c index 8096b87af..11da8be54 100644 --- a/tls-options/client-tls-session.c +++ b/tls-options/client-tls-session.c @@ -29,6 +29,7 @@ #include #include #include +#include /* wolfSSL */ #include @@ -223,6 +224,10 @@ int main(int argc, char **argv) */ if (strcmp(msg, "break") == 0) { session = wolfSSL_get_session(ssl); + if (session == NULL) { + print_SSL_error("failed wolfSSL_get_session", ssl); + break; + } ret = write_SESS(session, SAVED_SESS); break; } diff --git a/tls/client-tls-resume.c b/tls/client-tls-resume.c index 07827d246..4f1413de1 100644 --- a/tls/client-tls-resume.c +++ b/tls/client-tls-resume.c @@ -180,6 +180,7 @@ int main(int argc, char** argv) wolfSSL_free(ssl); ssl = NULL; close(sockfd); + sockfd = SOCKET_INVALID; /* --------------------------------------- *