wolfSSL · toddouska · Jul 10, 2020 · Apr 24, 2020 · Jun 5, 2020
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
@@ -525,15 +525,15 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
     int recvd;
     int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
     struct sockaddr peer;
-    socklen_t peerSz;
-    
+    socklen_t peerSz = 0;
+
     if (DoneHandShake) dtls_timeout = 0;
 
     if (!wolfSSL_get_using_nonblock(ssl)) {
         struct timeval timeout;
         XMEMSET(&timeout, 0, sizeof(timeout));
         timeout.tv_sec = dtls_timeout;
-    
+
         if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
                        sizeof(timeout)) != 0) {
                 printf("setsockopt rcvtimeo failed\n");
@@ -543,7 +543,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
     recvd = (int)recvfrom(sd, buf, sz, 0, (SOCKADDR*)&peer, &peerSz);
 
     if (recvd < 0) {
-         
+
         if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
             if (wolfSSL_dtls_get_using_nonblock(ssl)) {
                 return WOLFSSL_CBIO_ERR_WANT_READ;
@@ -576,7 +576,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
-static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer, 
+static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer,
                   socklen_t peerSz)
 {
     int sent;
@@ -625,9 +625,9 @@ static int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 #endif
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
     if (info->doDTLS) {
-        return SendTo(info->server.sockFd, buf, sz, 
+        return SendTo(info->server.sockFd, buf, sz,
             (const struct sockaddr*)&info->clientAddr, sizeof(info->clientAddr));
-    } else 
+    } else
 #endif
         return SocketSend(info->server.sockFd, buf, sz);
 }
@@ -659,9 +659,9 @@ static int ClientSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 #endif
 #ifdef WOLFSSL_DTLS
     if (info->doDTLS) {
-        return SendTo(info->client.sockFd, buf, sz, 
+        return SendTo(info->client.sockFd, buf, sz,
             (const struct sockaddr*)&info->serverAddr, sizeof(info->serverAddr));
-    } else 
+    } else
 #endif
         return SocketSend(info->client.sockFd, buf, sz);
 }
@@ -676,7 +676,7 @@ static int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
     if (info->doDTLS) {
         return ReceiveFrom(ssl, info->client.sockFd, buf, sz);
-    } else 
+    } else
 #endif
         return SocketRecv(info->client.sockFd, buf, sz);
 }
@@ -734,14 +734,14 @@ static int SetupSocketAndConnect(info_t* info, const char* host,
 
 #ifdef WOLFSSL_DTLS
     if (info->doDTLS) {
-        /* Create the SOCK_DGRAM socket type is implemented on the User 
+        /* Create the SOCK_DGRAM socket type is implemented on the User
         *  Datagram Protocol/Internet Protocol(UDP/IP protocol).*/
         if ((info->client.sockFd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
             printf("ERROR: failed to create the SOCK_DGRAM socket\n");
             return -1;
         }
         XMEMCPY(&info->serverAddr, &servAddr, sizeof(servAddr));
-    } else { 
+    } else {
 #endif
     /* Create a socket that uses an Internet IPv4 address,
      * Sets the socket to be stream based (TCP),
@@ -792,7 +792,7 @@ static int bench_tls_client(info_t* info)
     if(info->doDTLS) {
         if (tls13) return WOLFSSL_SUCCESS;
         cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
-    } else 
+    } else
 #endif
 #ifdef WOLFSSL_TLS13
     if (tls13)
@@ -889,7 +889,7 @@ static int bench_tls_client(info_t* info)
 
 #ifdef WOLFSSL_DTLS
         if (info->doDTLS) {
-            ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr, 
+            ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
                                                     sizeof(info->serverAddr));
             if (ret != WOLFSSL_SUCCESS) {
                 printf("error setting dtls peer\n");
@@ -906,7 +906,7 @@ static int bench_tls_client(info_t* info)
         wolfSSL_SetIOWriteCtx(cli_ssl, info);
 
 #if defined(HAVE_PTHREAD) && defined(WOLFSSL_DTLS)
-        /* synchronize with server */ 
+        /* synchronize with server */
         if (info->doDTLS && !info->clientOrserverOnly) {
             pthread_mutex_lock(&info->dtls_mutex);
             if (info->serverReady != 1) {
@@ -1083,7 +1083,7 @@ static int SetupSocketAndListen(int* listenFd, word32 port, int doDTLS)
 #ifdef WOLFSSL_DTLS
     if (doDTLS) {
         /* Create a socket that is implemented on the User Datagram Protocol/
-        * Interet Protocol(UDP/IP protocol). */ 
+        * Interet Protocol(UDP/IP protocol). */
         if((*listenFd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
             printf("ERROR: failed to create the socket\n");
             return -1;
@@ -1149,7 +1149,7 @@ static int SocketWaitClient(info_t* info)
             MSG_PEEK, (struct sockaddr*)&clientAddr, &size);
         if (connd < -1) {
             printf("ERROR: failed to accept the connection\n");
-            return -1; 
+            return -1;
         }
         XMEMCPY(&info->clientAddr, &clientAddr, sizeof(clientAddr));
         info->server.sockFd = info->listenFd;
@@ -1195,7 +1195,7 @@ static int bench_tls_server(info_t* info)
     if(info->doDTLS) {
         if(tls13) return WOLFSSL_SUCCESS;
         srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
-    } else { 
+    } else {
 #endif
 #ifdef WOLFSSL_TLS13
     if (tls13)
@@ -1301,7 +1301,7 @@ static int bench_tls_server(info_t* info)
         }
 #ifdef WOLFSSL_DTLS
         if (info->doDTLS) {
-            ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr, 
+            ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
                         sizeof(info->clientAddr));
             if (ret != WOLFSSL_SUCCESS) {
                 printf("error setting dtls peer\n");
@@ -1405,7 +1405,7 @@ static int bench_tls_server(info_t* info)
 #ifdef WOLFSSL_DTLS
         if (info->doDTLS) {
             SetupSocketAndListen(&info->listenFd, info->port, info->doDTLS);
-        }   
+        }
 #endif
 
     }

diff --git a/examples/client/client.c b/examples/client/client.c
@@ -728,7 +728,7 @@ static int StartTLS_Init(SOCKET_T* sockfd)
     XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
     if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
         err_sys("failed to read STARTTLS command\n");
-
+    tmpBuf[sizeof(tmpBuf)-1] = '\0';
     if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
         printf("%s\n", tmpBuf);
     } else {

diff --git a/src/bio.c b/src/bio.c
@@ -159,22 +159,20 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
 
 static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
 {
-    int ret = sz;
-
     if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
         if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf,
                         sz) != WOLFSSL_SUCCESS)
         {
-            ret = WOLFSSL_FATAL_ERROR;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
-        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, ret)
+        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz)
                 != WOLFSSL_SUCCESS) {
-            ret = WOLFSSL_FATAL_ERROR;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
-    return ret;
+    return sz;
 }
 #endif /* WOLFCRYPT_ONLY */
 
@@ -609,17 +607,17 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
         bio = bio->next;
     }
 
-    if (frmt != NULL) {
-        XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-
     /* info cb, user can override return value */
     if (front != NULL && front->infoCb != NULL) {
         ret = (int)front->infoCb(front,
                                  WOLFSSL_BIO_CB_WRITE | WOLFSSL_BIO_CB_RETURN,
                                  (const char*)data, 0, 0, ret);
     }
 
+    if (frmt != NULL) {
+        XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
     if (retB64 != 0)
         return retB64;
     else
@@ -1527,6 +1525,7 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio)
  */
 long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
 {
+    int ret = 0;
     #ifndef WOLFSSL_DTLS
     (void)on;
     #endif
@@ -1538,9 +1537,9 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
             {
                 int flag = XFCNTL(bio->num, F_GETFL, 0);
                 if (on)
-                    XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
+                    ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
                 else
-                    XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
+                    ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
             }
         #endif
             break;
@@ -1554,8 +1553,10 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
             WOLFSSL_MSG("Unsupported bio type for non blocking");
             break;
     }
-
-    return 1;
+    if (ret != -1)
+        return 1;
+    else
+        return 0;
 }
 
 

diff --git a/src/crl.c b/src/crl.c
@@ -630,6 +630,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
                 head = head->next;
                 FreeCRL_Entry(current, heap);
             }
+
             return NULL;
         }
         current = current->next;

diff --git a/src/internal.c b/src/internal.c
@@ -19215,7 +19215,7 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
     int           i;
     unsigned long len;
     const char*   nameDelim;
-    
+
     /* Support trailing : */
     nameDelim = XSTRSTR(name, ":");
     if (nameDelim)
@@ -26933,6 +26933,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             #ifdef WOLFSSL_EXTRA_ALERTS
                 SendAlert(ssl, alert_fatal, handshake_failure);
             #endif
+                #ifdef HAVE_EXT_CACHE
+                    wolfSSL_SESSION_free(session);
+                #endif
                 return EXT_MASTER_SECRET_NEEDED_E;
             }
         #ifdef HAVE_EXT_CACHE

diff --git a/src/keys.c b/src/keys.c
@@ -3385,7 +3385,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
         /* Initialize the AES-GCM/CCM explicit IV to a zero. */
     #ifdef WOLFSSL_DTLS
         if (scr_copy)
-            XMEMCPY(ssl->keys.aead_exp_IV,
+            XMEMMOVE(ssl->keys.aead_exp_IV,
                     keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
     #endif
         XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);