wolfSSL · toddouska · Feb 16, 2015 · Jan 30, 2015 · Feb 4, 2015 · Feb 6, 2015
diff --git a/examples/client/client.c b/examples/client/client.c
@@ -141,6 +141,7 @@ static void Usage(void)
     printf("-m          Match domain name in cert\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-r          Resume session\n");
+    printf("-w          Wait for bidirectional shutdown\n");
 #ifdef HAVE_SECURE_RENEGOTIATION
     printf("-R          Allow Secure Renegotiation\n");
     printf("-i          Force client Initiated Secure Renegotiation\n");
@@ -207,6 +208,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    doPeerCheck = 1;
     int    nonBlocking = 0;
     int    resumeSession = 0;
+    int    shutdown      = 0;
     int    scr           = 0;    /* allow secure renegotiation */
     int    forceScr      = 0;    /* force client initiaed scr */
     int    trackMemory   = 0;
@@ -258,7 +260,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -367,6 +369,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 resumeSession = 1;
                 break;
 
+            case 'w' :
+                shutdown = 1;
+                break;
+
             case 'R' :
                 #ifdef HAVE_SECURE_RENEGOTIATION
                     scr = 1;
@@ -643,7 +649,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (wolfSSL_connect(ssl) != SSL_SUCCESS)
                 err_sys("SSL_connect failed");
 
-            wolfSSL_shutdown(ssl);
+            if (shutdown) {     /* bidirectional shutdown if true */
+                if (!wolfSSL_shutdown(ssl))
+                    wolfSSL_shutdown(ssl);
+            }
+            else {
+                wolfSSL_shutdown(ssl);
+            }
             wolfSSL_free(ssl);
             CloseSocket(sockfd);
         }
@@ -802,8 +814,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-    if (doDTLS == 0)            /* don't send alert after "break" command */
-        wolfSSL_shutdown(ssl);  /* echoserver will interpret as new conn */
+    if (doDTLS == 0) {           /* don't send alert after "break" command */
+        if (shutdown) {     /* bidirectional shutdown if true */
+            if (!wolfSSL_shutdown(ssl))  /* echoserver interprets as new conn */
+                wolfSSL_shutdown(ssl);
+        }
+        else {
+            wolfSSL_shutdown(ssl);
+        }
+    }
 #ifdef ATOMIC_USER
     if (atomicUser)
         FreeAtomicUser(ssl);
@@ -879,7 +898,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         /* try to send session break */
         wolfSSL_write(sslResume, msg, msgSz); 
 
-        wolfSSL_shutdown(sslResume);
+        if (shutdown) {     /* bidirectional shutdown if true */
+            if (!wolfSSL_shutdown(sslResume))
+                wolfSSL_shutdown(sslResume);
+        }
+        else {
+            wolfSSL_shutdown(sslResume);
+        }
         wolfSSL_free(sslResume);
         CloseSocket(sockfd);
     }

diff --git a/examples/server/server.c b/examples/server/server.c
@@ -135,6 +135,7 @@ static void Usage(void)
     printf("-r          Create server ready file, for external monitor\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-S <str>    Use Host Name Indication\n");
+    printf("-w           Wait for bidirectional shutdown\n");
 #ifdef HAVE_OCSP
     printf("-o          Perform OCSP lookup on peer certificate\n");
     printf("-O <url>    Perform OCSP lookup using <url> as responder\n");
@@ -173,6 +174,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    fewerPackets = 0;
     int    pkCallbacks  = 0;
     int    serverReadyFile = 0;
+    int    shutdown        = 0;
     char*  cipherList = NULL;
     const char* verifyCert = cliCert;
     const char* ourCert    = svrCert;
@@ -203,7 +205,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -257,6 +259,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 #endif
                 break;
 
+            case 'w' :
+                shutdown = 1;
+                break;
+
             case 'v' :
                 version = atoi(myoptarg);
                 if (version < 0 || version > 3) {
@@ -560,7 +566,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         Task_yield();
     #endif
 
-    SSL_shutdown(ssl);
+    if (shutdown) {                /* bidirectional shutdown if true */
+        if (!SSL_shutdown(ssl))
+            SSL_shutdown(ssl);
+    }
+    else {
+        SSL_shutdown(ssl);
+    }
     SSL_free(ssl);
     SSL_CTX_free(ctx);
 

diff --git a/src/internal.c b/src/internal.c
@@ -6352,7 +6352,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
         ssl->options.closeNotify = 1;
     }
     WOLFSSL_ERROR(*type);
-
     if (ssl->keys.encryptionOn) {
         if (*inOutIdx + ssl->keys.padSz > totalSz)
             return BUFFER_E;

diff --git a/src/ssl.c b/src/ssl.c
@@ -917,6 +917,7 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
 /* SSL_SUCCESS on ok */
 int wolfSSL_shutdown(WOLFSSL* ssl)
 {
+    byte tmp;
     WOLFSSL_ENTER("SSL_shutdown()");
 
     if (ssl == NULL)
@@ -936,13 +937,27 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
             return SSL_FATAL_ERROR;
         }
         ssl->options.sentNotify = 1;  /* don't send close_notify twice */
-    }
-
-    WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
+        WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
 
-    ssl->error = SSL_ERROR_SYSCALL;   /* simulate OpenSSL behavior */
+        if (ssl->options.closeNotify)
+            return 1;
+        else
+            return 0;
+    }
 
-    return SSL_SUCCESS;
+    /* call wolfSSL_shutdown again for bidirectional shudown */
+    if (ssl->options.sentNotify && !ssl->options.closeNotify) {
+        ssl->error = wolfSSL_read(ssl, &tmp, 0);
+        if (ssl->error < 0) {
+            WOLFSSL_ERROR(ssl->error);
+            return SSL_FATAL_ERROR;
+        }
+        WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
+        ssl->error = SSL_ERROR_SYSCALL;   /* simulate OpenSSL behavior */
+        if(ssl->options.closeNotify)
+            return SSL_SUCCESS;
+    }
+    return SSL_FATAL_ERROR;
 }
 
 

diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
@@ -47,12 +47,7 @@ enum {
     NUMARGS = 3
 };
 
-#ifndef USE_WINDOWS_API
-    static const char outputName[] = "/tmp/output";
-#else
-    static const char outputName[] = "output";
-#endif
-
+static const char *outputName;
 
 int myoptind = 0;
 char* myoptarg = NULL;
@@ -77,6 +72,16 @@ int testsuite_test(int argc, char** argv)
     tcp_ready ready;
     THREAD_TYPE serverThread;
 
+#ifndef USE_WINDOWS_API
+    char tempName[] = "/tmp/output-XXXXXX";
+    int len = 18;
+    int num = 6;
+#else
+    char tempName[] = "fnXXXXXX";
+    int len = 8;
+    int num = 6;
+#endif
+
 #ifdef HAVE_CAVIUM
         int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
         if (ret != 0)
@@ -136,6 +141,13 @@ int testsuite_test(int argc, char** argv)
         echo_args.argc = 3;
         echo_args.argv = myArgv;
 
+        /* Create unique file name */
+        outputName = mymktemp(tempName, len, num);
+        if (outputName == NULL) {
+            printf("Could not create unique file name");
+            return EXIT_FAILURE;
+        }
+
         strcpy(echo_args.argv[0], "echoclient");
         strcpy(echo_args.argv[1], "input");
         strcpy(echo_args.argv[2], outputName);

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -3179,30 +3179,49 @@ int rsa_test(void)
     wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
 #endif
     ret = wc_InitRsaKey(&key, 0);
-    if (ret != 0) return -39;
+    if (ret != 0) {
+        free(tmp);
+        return -39;
+    }
     ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
-    if (ret != 0) return -41;
-
+    if (ret != 0) {
+        free(tmp);
+        return -41;
+    }
     ret = wc_InitRng(&rng);
-    if (ret != 0) return -42;
-
+    if (ret != 0) {
+        free(tmp);
+        return -42;
+    }
     ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
-    if (ret < 0) return -43;
-
+    if (ret < 0) {
+        free(tmp);
+        return -43;
+    }
     ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
-    if (ret < 0) return -44;
-
-    if (memcmp(plain, in, inLen)) return -45;
-
+    if (ret < 0) {
+        free(tmp);
+        return -44;
+    }
+    if (memcmp(plain, in, inLen)) {
+        free(tmp);
+        return -45;
+    }
     ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
-    if (ret < 0) return -46;
-
+    if (ret < 0) {
+        free(tmp);
+        return -46;
+    }
     memset(plain, 0, sizeof(plain));
     ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
-    if (ret < 0) return -47;
-
-    if (memcmp(plain, in, ret)) return -48;
-
+    if (ret < 0) {
+        free(tmp);
+        return -47;
+    }
+    if (memcmp(plain, in, ret)) {
+        free(tmp);
+        return -48;
+    }
 #if defined(WOLFSSL_MDK_ARM)
     #define sizeof(s) strlen((char *)(s))
 #endif
@@ -3215,8 +3234,10 @@ int rsa_test(void)
     bytes = sizeof_client_cert_der_2048;
 #else
     file2 = fopen(clientCert, "rb");
-    if (!file2)
+    if (!file2) {
+        free(tmp);
         return -49;
+    }
 
     bytes = fread(tmp, 1, FOURK_BUF, file2);
     fclose(file2);

diff --git a/wolfssl/test.h b/wolfssl/test.h
@@ -10,14 +10,14 @@
 #include <cyassl/ssl.h> /* portability layer */
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/random.h>
 
 #ifdef ATOMIC_USER
     #include <wolfssl/wolfcrypt/aes.h>
     #include <wolfssl/wolfcrypt/arc4.h>
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 #ifdef HAVE_PK_CALLBACKS
-    #include <wolfssl/wolfcrypt/random.h>
     #include <wolfssl/wolfcrypt/asn.h>
     #ifdef HAVE_ECC
         #include <wolfssl/wolfcrypt/ecc.h>
@@ -1791,5 +1791,44 @@ static INLINE char* strsep(char **stringp, const char *delim)
 
 #endif /* __hpux__ */
 
+/* Create unique filename, len is length of tempfn name, assuming
+   len does not include null terminating character,
+   num is number of characters in tempfn name to randomize */
+static INLINE const char* mymktemp(char *tempfn, int len, int num)
+{
+    int x, size;
+    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                   "abcdefghijklmnopqrstuvwxyz";
+    RNG rng;
+    byte out;
+
+    if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
+        printf("Bad input\n");
+        return NULL;
+    }
+
+    size = len - 1;
+
+    if (wc_InitRng(&rng) != 0) {
+        printf("InitRng failed\n");
+        return NULL;
+    }
+
+    for (x = size; x > size - num; x--) {
+        if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
+            printf("RNG_GenerateBlock failed\n");
+            return NULL;
+        }
+        tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
+    }
+    tempfn[len] = '\0';
+
+#if defined(HAVE_HASHDRBG)
+    wc_FreeRng(&rng);
+#endif
+
+    return tempfn;
+}
+
 #endif /* wolfSSL_TEST_H */