Merge pull request #9649 from douzzer/20260112-fixes

20260112-fixes

Author: dgarske

configure.ac

@@ -10921,6 +10921,11 @@ fi
 LIB_SOCKET_NSL
 AX_HARDEN_CC_COMPILER_FLAGS
 
+# -Wdeprecated-enum-enum-conversion is on by default in C++20, but conflicts with
+# our use of enum constructs to define fungible constants.
+AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
+  [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
+
 case $host_os in
     mingw*)
         # if mingw then link to ws2_32 for sockets, and crypt32

src/ssl.c

@@ -1119,7 +1119,12 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 #endif
 
 /* prevent multiple mutex initializations */
+
+/* note, initRefCount is not used for thread synchronization, only for
+ * bookkeeping while inits_count_mutex is held.
+ */
 static volatile WC_THREADSHARED int initRefCount = 0;
+
 /* init ref count mutex */
 static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex);
@@ -6527,7 +6532,7 @@ int wolfSSL_Init(void)
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
     if (ret == WOLFSSL_SUCCESS) {
-        initRefCount++;
+        initRefCount = initRefCount + 1;
     }
     else {
         initRefCount = 1; /* Force cleanup */
@@ -11401,7 +11406,7 @@ int wolfSSL_Cleanup(void)
 #endif
 
     if (initRefCount > 0) {
-        --initRefCount;
+        initRefCount = initRefCount - 1;
         if (initRefCount == 0)
             release = 1;
     }

wolfcrypt/src/asn.c

@@ -27660,8 +27660,8 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
     if (userdata == NULL)
         return 0;
 
-    XSTRNCPY(passwd, (char*)userdata, (size_t)sz);
-    return (int)min((word32)sz, (word32)XSTRLEN((char*)userdata));
+    XSTRLCPY(passwd, (char*)userdata, (size_t)sz);
+    return (int)min((word32)(sz - 1), (word32)XSTRLEN((char*)userdata));
 }
 #endif
 

wolfcrypt/src/sha512.c

@@ -867,6 +867,7 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
         return BAD_FUNC_ARG;
     }
 
+    XMEMSET(sha512, 0, sizeof(*sha512));
 
     sha512->heap = heap;
 #ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -884,26 +885,33 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
     sha512->devCtx = NULL;
 #endif
 
-    /* call the initialization function pointed to by initfp */
-    ret = initfp(sha512);
-    if (ret != 0)
-        return ret;
-
 #ifdef WOLFSSL_HASH_KEEP
     sha512->msg  = NULL;
-    sha512->len  = 0;
-    sha512->used = 0;
 #endif
 
+    /* call the initialization function pointed to by initfp */
+    ret = initfp(sha512);
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
-    ret = wolfAsync_DevCtxInit(&sha512->asyncDev,
+    if (ret == 0) {
+        ret = wolfAsync_DevCtxInit(&sha512->asyncDev,
                         WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId);
+    }
 #else
     (void)devId;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifdef WOLFSSL_IMXRT1170_CAAM
-     ret = wc_CAAM_HashInit(&sha512->hndl, &sha512->ctx, WC_HASH_TYPE_SHA512);
+    if (ret == 0)
+        ret = wc_CAAM_HashInit(&sha512->hndl, &sha512->ctx, WC_HASH_TYPE_SHA512);
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    if (ret != 0) {
+        XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_DIGEST);
+        sha512->W = NULL;
+    }
 #endif
+
     return ret;
 } /* InitSha512_Family */
 

wolfcrypt/src/wc_port.c

@@ -151,7 +151,11 @@
 #endif
 
 /* prevent multiple mutex initializations */
-static volatile int initRefCount = 0;
+#ifdef WOLFSSL_ATOMIC_OPS
+    wolfSSL_Atomic_Int initRefCount = WOLFSSL_ATOMIC_INITIALIZER(0);
+#else
+    static int initRefCount = 0;
+#endif
 
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT)
 int aarch64_use_sb = 0;
@@ -164,7 +168,8 @@ WOLFSSL_ABI
 int wolfCrypt_Init(void)
 {
     int ret = 0;
-    if (initRefCount == 0) {
+    int my_initRefCount = wolfSSL_Atomic_Int_FetchAdd(&initRefCount, 1);
+    if (my_initRefCount == 0) {
         WOLFSSL_ENTER("wolfCrypt_Init");
 
     #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT)
@@ -444,8 +449,16 @@ int wolfCrypt_Init(void)
             return ret;
         }
 #endif
+
+        /* increment to 2, to signify successful initialization: */
+        (void)wolfSSL_Atomic_Int_FetchAdd(&initRefCount, 1);
+    }
+    else {
+        if (my_initRefCount < 2) {
+            (void)wolfSSL_Atomic_Int_FetchSub(&initRefCount, 1);
+            ret = BUSY_E;
+        }
     }
-    initRefCount++;
 
     return ret;
 }
@@ -469,12 +482,9 @@ WOLFSSL_ABI
 int wolfCrypt_Cleanup(void)
 {
     int ret = 0;
+    int my_initRefCount = wolfSSL_Atomic_Int_SubFetch(&initRefCount, 1);
 
-    initRefCount--;
-    if (initRefCount < 0)
-        initRefCount = 0;
-
-    if (initRefCount == 0) {
+    if (my_initRefCount == 1) {
         WOLFSSL_ENTER("wolfCrypt_Cleanup");
 
 #ifdef HAVE_ECC
@@ -564,11 +574,18 @@ int wolfCrypt_Cleanup(void)
          * must be freed. */
         wc_MemZero_Free();
     #endif
-    }
+
+        (void)wolfSSL_Atomic_Int_SubFetch(&initRefCount, 1);
 
 #if defined(HAVE_LIBOQS)
-    wolfSSL_liboqsClose();
+        wolfSSL_liboqsClose();
 #endif
+    }
+    else if (my_initRefCount < 0) {
+        (void)wolfSSL_Atomic_Int_AddFetch(&initRefCount, 1);
+        WOLFSSL_MSG("wolfCrypt_Cleanup() called with initRefCount <= 0.");
+        ret = ALREADY_E;
+    }
 
     return ret;
 }
@@ -1462,9 +1479,17 @@ int wolfSSL_Atomic_Ptr_CompareExchange(
      * atomic_compare_exchange_strong_explicit(), to sidestep _Atomic type
      * requirements.
      */
-    return __atomic_compare_exchange_n(
-        c, expected_ptr, new_ptr, 0 /* weak */,
-        __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
+     if (__atomic_compare_exchange_n(
+             c, expected_ptr, new_ptr,
+#ifdef WOLF_C89
+             0 /* weak */,
+#else
+             (_Bool)0 /* weak */,
+#endif
+             __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))
+         return 1;
+     else
+         return 0;
 }
 
 #elif defined(__GNUC__) && defined(__ATOMIC_RELAXED)

wolfcrypt/test/test.c

@@ -20195,7 +20195,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void)
     WC_ALLOC_VAR_EX(rng, WC_RNG, 1, HEAP_HINT,
                     DYNAMIC_TYPE_TMP_BUFFER,
                     return WC_TEST_RET_ENC_EC(MEMORY_E));
+#ifdef WC_DRBG_BANKREF
     XMEMSET(rng, 0, sizeof(*rng));
+#endif
 
     ret = wc_rng_bank_init(NULL, WC_RNG_BANK_STATIC_SIZE, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
@@ -20207,7 +20209,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID);
+    ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE,
+                           WC_RNG_BANK_FLAG_NO_VECTOR_OPS |
+                           WC_RNG_BANK_FLAG_CAN_WAIT,
+                           10, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -20417,7 +20422,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void)
 
 #else /* !WC_RNG_BANK_STATIC */
 
-    ret = wc_rng_bank_new(&bank2, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_NO_VECTOR_OPS, 10, HEAP_HINT, INVALID_DEVID);
+    ret = wc_rng_bank_new(&bank2, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_NONE, 10, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 

wrapper/rust/wolfssl-wolfcrypt/src/lib.rs

@@ -50,6 +50,8 @@ pub mod sha;
 /// ```rust
 /// use wolfssl_wolfcrypt::*;
 /// wolfcrypt_init().expect("Error with wolfcrypt_init()");
+/// // ... use the library ...
+/// wolfcrypt_cleanup().expect("wolfCrypt_Cleanup failed");
 /// ```
 pub fn wolfcrypt_init() -> Result<(), i32> {
     let rc = unsafe { sys::wolfCrypt_Init() };
@@ -66,12 +68,7 @@ pub fn wolfcrypt_init() -> Result<(), i32> {
 /// Returns either Ok(()) on success or Err(e) containing the wolfSSL
 /// library error code value.
 ///
-/// # Example
-///
-/// ```rust
-/// use wolfssl_wolfcrypt::*;
-/// wolfcrypt_cleanup().expect("Error with wolfcrypt_cleanup()");
-/// ```
+/// See also: [`wolfcrypt_init`]
 pub fn wolfcrypt_cleanup() -> Result<(), i32> {
     let rc = unsafe { sys::wolfCrypt_Cleanup() };
     if rc != 0 {

wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs

@@ -1,11 +1,7 @@
 use wolfssl_wolfcrypt::*;
 
 #[test]
-fn test_wolfcrypt_init() {
+fn test_wolfcrypt_init_and_cleanup() {
     wolfcrypt_init().expect("Error with wolfcrypt_init()");
-}
-
-#[test]
-fn test_wolfcrypt_cleanup() {
     wolfcrypt_cleanup().expect("Error with wolfcrypt_cleanup()");
 }