Merge pull request #8945 from SparkiDev/mem_fail_fixes_2

JacobBarthelmeh · web-flow · commit 77792ace659b · 2025-07-01T09:35:11.000-06:00
Memory allocation failure testing fixes
diff --git a/tests/api.c b/tests/api.c
@@ -64461,13 +64461,15 @@ static int test_wolfSSL_SCR_after_resumption(void)
     ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
     ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
 
-    func_cb_client.ssl_ready = test_wolfSSL_SCR_after_resumption_ssl_ready;
-    func_cb_server.on_result = test_wolfSSL_SCR_after_resumption_on_result;
+    if (EXPECT_SUCCESS()) {
+        func_cb_client.ssl_ready = test_wolfSSL_SCR_after_resumption_ssl_ready;
+        func_cb_server.on_result = test_wolfSSL_SCR_after_resumption_on_result;
 
-    test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
+        test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
 
-    ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
-    ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
+        ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
+        ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
+    }
 
     wolfSSL_SESSION_free(test_wolfSSL_SCR_after_resumption_session);
 
diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c
@@ -898,6 +898,7 @@ int test_dtls13_longer_length(void)
     struct test_memio_ctx test_ctx;
     unsigned char readBuf[50];
     int seq16bit = 0;
+    int ret;
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
 
@@ -930,7 +931,8 @@ int test_dtls13_longer_length(void)
     ExpectIntEQ(test_ctx.s_len, 0);
 
     ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
-    ExpectIntEQ(test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s), TEST_SUCCESS);
+    ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s);
+    ExpectIntEQ(ret, TEST_SUCCESS);
 
     return EXPECT_RESULT();
 }
@@ -950,6 +952,7 @@ int test_dtls13_short_read(void)
     struct test_memio_ctx test_ctx;
     unsigned char readBuf[50];
     int i;
+    int ret;
 
     /* we setup two test, in the first one the server reads just two bytes of
      * the header, in the second one it reads just the header (5) */
@@ -980,8 +983,8 @@ int test_dtls13_short_read(void)
         ExpectIntEQ(test_ctx.s_len, 0);
 
         ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
-        ExpectIntEQ(test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s),
-            TEST_SUCCESS);
+        ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s);
+        ExpectIntEQ(ret, TEST_SUCCESS);
         ssl_c = ssl_s = NULL;
         ctx_c = ctx_s = NULL;
     }
@@ -1004,6 +1007,7 @@ int test_dtls12_short_read(void)
     struct test_memio_ctx test_ctx;
     unsigned char readBuf[50];
     int i;
+    int ret;
 
     for (i = 0; i < 3; i++) {
         XMEMSET(&test_ctx, 0, sizeof(test_ctx));
@@ -1041,8 +1045,8 @@ int test_dtls12_short_read(void)
         ExpectIntEQ(test_ctx.s_len, 0);
 
         ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
-        ExpectIntEQ(test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s),
-            TEST_SUCCESS);
+        ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s);
+        ExpectIntEQ(ret, TEST_SUCCESS);
         ssl_c = ssl_s = NULL;
         ctx_c = ctx_s = NULL;
     }
@@ -1064,6 +1068,7 @@ int test_dtls12_record_length_mismatch(void)
     WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
     struct test_memio_ctx test_ctx;
     unsigned char readBuf[50];
+    int ret;
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
 
@@ -1090,7 +1095,8 @@ int test_dtls12_record_length_mismatch(void)
     ExpectIntEQ(test_ctx.s_len, 0);
 
     ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
-    ExpectIntEQ(test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s), TEST_SUCCESS);
+    ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s);
+    ExpectIntEQ(ret, TEST_SUCCESS);
 
     return EXPECT_RESULT();
 }
@@ -1176,6 +1182,7 @@ int test_dtls_short_ciphertext(void)
     WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
     struct test_memio_ctx test_ctx;
     unsigned char readBuf[50];
+    int ret;
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
 
@@ -1208,7 +1215,8 @@ int test_dtls_short_ciphertext(void)
 
     ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
 
-    ExpectIntEQ(test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s), TEST_SUCCESS);
+    ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s);
+    ExpectIntEQ(ret, TEST_SUCCESS);
 
     return EXPECT_RESULT();
 }
diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c
@@ -16680,6 +16680,7 @@ int test_mldsa_pkcs8(void)
     dilithium_key mldsa_key;
     WC_RNG rng;
     word32 size;
+    int ret;
 
     struct {
         int wcId;
@@ -16699,6 +16700,8 @@ int test_mldsa_pkcs8(void)
 
     (void) pemSz;
 
+    XMEMSET(&rng, 0, sizeof(rng));
+
     ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER));
     ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL,
@@ -16789,7 +16792,8 @@ int test_mldsa_pkcs8(void)
     }
 
     wc_dilithium_free(&mldsa_key);
-    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ret = wc_FreeRng(&rng);
+    ExpectIntEQ(ret, 0);
     wolfSSL_CTX_free(ctx);
     XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -16821,6 +16825,7 @@ int test_mldsa_pkcs12(void)
     WC_RNG rng;
     dilithium_key mldsa_key;
     char pkcs12Passwd[] = "mldsa";
+    int ret;
 
     struct {
         int enc;
@@ -16844,6 +16849,8 @@ int test_mldsa_pkcs12(void)
             ML_DSA_LEVEL5_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5_TYPE},
     };
 
+    XMEMSET(&rng, 0, sizeof(rng));
+
     ExpectNotNull(inKey = (byte*) XMALLOC(inKeyMaxSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER));
     ExpectNotNull(inCert = (byte*) XMALLOC(inCertMaxSz, NULL,
@@ -16952,7 +16959,8 @@ int test_mldsa_pkcs12(void)
     }
 
     wc_dilithium_free(&mldsa_key);
-    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ret = wc_FreeRng(&rng);
+    ExpectIntEQ(ret, 0);
     wolfSSL_CTX_free(ctx);
     XFREE(inCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(inKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/tests/utils.c b/tests/utils.c
@@ -230,22 +230,33 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
             ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
                                                  WOLFSSL_FILETYPE_ASN1);
         }
-        if (ret != WOLFSSL_SUCCESS)
+        if (ret != WOLFSSL_SUCCESS) {
+            wolfSSL_CTX_free(*ctx_c);
+            *ctx_c = NULL;
             return -1;
+        }
 #endif /* NO_CERTS */
         wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
         wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
         if (ctx->c_ciphers != NULL) {
             ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
+            if (ret != WOLFSSL_SUCCESS) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
                 return -1;
+            }
         }
     }
 
     if (ctx_s != NULL && *ctx_s == NULL) {
         *ctx_s = wolfSSL_CTX_new(method_s());
-        if (*ctx_s == NULL)
+        if (*ctx_s == NULL) {
+            if (ctx_c != NULL) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
+            }
             return -1;
+        }
 #ifndef NO_CERTS
         if (serverKey == NULL) {
             ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
@@ -255,8 +266,17 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
             ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
                 (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
         }
-        if (ret != WOLFSSL_SUCCESS)
-            return- -1;
+        if (ret != WOLFSSL_SUCCESS) {
+            if (ctx_s != NULL) {
+                wolfSSL_CTX_free(*ctx_s);
+                *ctx_s = NULL;
+            }
+            if (ctx_c != NULL) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
+            }
+            return -1;
+        }
 
         if (serverCert == NULL) {
             ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
@@ -266,29 +286,69 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
             ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
                 serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
         }
-        if (ret != WOLFSSL_SUCCESS)
+        if (ret != WOLFSSL_SUCCESS) {
+            if (ctx_s != NULL) {
+                wolfSSL_CTX_free(*ctx_s);
+                *ctx_s = NULL;
+            }
+            if (ctx_c != NULL) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
+            }
             return -1;
+        }
 #endif /* NO_CERTS */
         wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
         wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
         if (ctx->s_ciphers != NULL) {
             ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
+            if (ret != WOLFSSL_SUCCESS) {
+                if (ctx_s != NULL) {
+                    wolfSSL_CTX_free(*ctx_s);
+                    *ctx_s = NULL;
+                }
+                if (ctx_c != NULL) {
+                    wolfSSL_CTX_free(*ctx_c);
+                    *ctx_c = NULL;
+                }
                 return -1;
+            }
         }
     }
 
     if (ctx_c != NULL && ssl_c != NULL) {
         *ssl_c = wolfSSL_new(*ctx_c);
-        if (*ssl_c == NULL)
+        if (*ssl_c == NULL) {
+            if (ctx_s != NULL) {
+                wolfSSL_CTX_free(*ctx_s);
+                *ctx_s = NULL;
+            }
+            if (ctx_c != NULL) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
+            }
             return -1;
+        }
         wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
         wolfSSL_SetIOReadCtx(*ssl_c, ctx);
     }
     if (ctx_s != NULL && ssl_s != NULL) {
         *ssl_s = wolfSSL_new(*ctx_s);
-        if (*ssl_s == NULL)
+        if (*ssl_s == NULL) {
+            if (ssl_c != NULL) {
+                wolfSSL_free(*ssl_c);
+                *ssl_c = NULL;
+            }
+            if (ctx_s != NULL) {
+                wolfSSL_CTX_free(*ctx_s);
+                *ctx_s = NULL;
+            }
+            if (ctx_c != NULL) {
+                wolfSSL_CTX_free(*ctx_c);
+                *ctx_c = NULL;
+            }
             return -1;
+        }
         wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
         wolfSSL_SetIOReadCtx(*ssl_s, ctx);
 #if !defined(NO_DH)
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
@@ -12659,8 +12659,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
         case WC_PKCS7_ENV_5:
 
         #ifndef NO_PKCS7_STREAM
+
             if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
                             pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                if (ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                    wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL);
+                    wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap);
+                }
                 return ret;
             }
 
