Fix TLS bidirectional shutdown socket issue. Just use 11111 for all T…

…LS tests, to avoid real random port collision with SWTPM sockets. Resolves TLS issue with "ERROR: failed to bind! errno 98".
wolfSSL · Nov 29, 2023 · 1853127 · 1853127
1 parent 3d28d90
commit 1853127
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 20 deletions.
diff --git a/examples/run_examples.sh b/examples/run_examples.sh
@@ -179,14 +179,7 @@ fi
 # TLS Tests RSA
 echo -e "TLS tests"
 generate_port() { # function to produce a random port number
-    if [[ "$OSTYPE" == "linux"* ]]; then
-        port=$(($(od -An -N2 /dev/urandom) % (65535-49152) + 49152))
-    elif [[ "$OSTYPE" == "darwin"* ]]; then
-        port=$(($(od -An -N2 /dev/random) % (65535-49152) + 49152))
-    else
-        echo "Unknown OS TYPE"
-        exit 1
-    fi
+    port=11111
     echo -e "Using port $port"
     echo -e "Using port $port" >> run.out
 }
@@ -195,11 +188,11 @@ run_tpm_tls_client() { # Usage: run_tpm_tls_client [ecc/rsa] [tpmargs]]
     echo -e "TLS test (TPM as client) $1 $2"
     generate_port
     pushd $WOLFSSL_PATH >> run.out
-    ./examples/server/server -p $port -g -A ./certs/tpm-ca-$1-cert.pem 2>&1 >> $PWD/run.out &
+    ./examples/server/server -p $port -w -g -A ./certs/tpm-ca-$1-cert.pem 2>&1 >> $PWD/run.out &
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "tls server $1 $2 failed! $RESULT" && exit 1
     popd >> run.out
-    sleep 0.5
+    sleep 0.1
     ./examples/tls/tls_client -p=$port -$1 $2 2>&1 >> run.out
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "tpm tls client $1 $2 failed! $RESULT" && exit 1
@@ -208,12 +201,14 @@ run_tpm_tls_client() { # Usage: run_tpm_tls_client [ecc/rsa] [tpmargs]]
 run_tpm_tls_server() { # Usage: run_tpm_tls_server [ecc/rsa] [tpmargs]]
     echo -e "TLS test (TPM as server) $1 $2"
     generate_port
+
     ./examples/tls/tls_server -p=$port -$1 $2 2>&1 >> run.out &
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "tpm tls server $1 $2 failed! $RESULT" && exit 1
     pushd $WOLFSSL_PATH >> run.out
-    sleep 0.5
-    ./examples/client/client -p $port -g -A ./certs/tpm-ca-$1-cert.pem 2>&1 >> $PWD/run.out
+    sleep 0.1
+
+    ./examples/client/client -p $port -w -g -A ./certs/tpm-ca-$1-cert.pem 2>&1 >> $PWD/run.out
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "tls client $1 $2 failed! $RESULT" && exit 1
     popd >> run.out

diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c
@@ -130,6 +130,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
     XMEMSET(&storageKey, 0, sizeof(storageKey));
     XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
     sockIoCtx.fd = -1;
+    sockIoCtx.listenFd = -1;
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
 #ifndef NO_RSA
     XMEMSET(&rsaKey, 0, sizeof(rsaKey));
@@ -558,6 +559,15 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
         printf("Failure %d (0x%x): %s\n", rc, rc, wolfTPM2_GetRCString(rc));
     }
 
+    /* Bidirectional shutdown */
+    while (wolfSSL_shutdown(ssl) == SSL_SHUTDOWN_NOT_DONE) {
+        printf("Shutdown not complete\n");
+    }
+
+    CloseAndCleanupSocket(&sockIoCtx);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+
     wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
 #ifndef NO_RSA
     wc_FreeRsaKey(&wolfRsaKey);
@@ -572,12 +582,6 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
 #endif
     wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
 
-    wolfSSL_shutdown(ssl);
-
-    CloseAndCleanupSocket(&sockIoCtx);
-    wolfSSL_free(ssl);
-    wolfSSL_CTX_free(ctx);
-
     wolfTPM2_Cleanup(&dev);
 
     return rc;

diff --git a/examples/tls/tls_common.h b/examples/tls/tls_common.h
@@ -237,12 +237,14 @@ static inline int SetupSocketAndListen(SockIoCbCtx* sockIoCtx, word32 port)
         printf("setsockopt SO_REUSEADDR failed\n");
         return -1;
     }
+#ifdef SO_REUSEPORT
     optval = 1;
     if (setsockopt(sockIoCtx->listenFd, SOL_SOCKET, SO_REUSEPORT,
                    (void*)&optval, sizeof(optval)) == -1) {
         printf("setsockopt SO_REUSEPORT failed\n");
         return -1;
     }
+#endif
 
     /* Connect to the server */
     if (bind(sockIoCtx->listenFd, (struct sockaddr*)&servAddr,

diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c
@@ -137,6 +137,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
     XMEMSET(&storageKey, 0, sizeof(storageKey));
     XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
     sockIoCtx.fd = -1;
+    sockIoCtx.listenFd = -1;
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
 #ifndef NO_RSA
     XMEMSET(&rsaKey, 0, sizeof(rsaKey));
@@ -534,12 +535,16 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
         printf("Failure %d (0x%x): %s\n", rc, rc, wolfTPM2_GetRCString(rc));
     }
 
-    wolfSSL_shutdown(ssl);
+    /* Bidirectional shutdown */
+    while (wolfSSL_shutdown(ssl) == SSL_SHUTDOWN_NOT_DONE) {
+        printf("Shutdown not complete\n");
+    }
 
-    CloseAndCleanupSocket(&sockIoCtx);
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
 
+    CloseAndCleanupSocket(&sockIoCtx);
+
     wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
 #ifndef NO_RSA
     wc_FreeRsaKey(&wolfRsaKey);