add locks around user login / modify sections of code for thread safety

JacobBarthelmeh · JacobBarthelmeh · commit 0050bdd48486 · 2026-04-13T10:48:28.000-06:00
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -87,3 +87,7 @@ jobs:
     # Build and test with AUTH=1 and ASAN
     - name: Build and test with AUTH ASAN
       run: cd test && make clean && make -j AUTH=1 ASAN=1 WOLFSSL_DIR=../wolfssl && make run
+
+    # Build and test with AUTH=1 and THREADSAFE
+    - name: Build and test with AUTH THREADSAFE ASAN
+      run: cd test && make clean && make -j AUTH=1 THREADSAFE=1 ASAN=1 WOLFSSL_DIR=../wolfssl && make run
diff --git a/port/posix/posix_auth.c b/port/posix/posix_auth.c
@@ -48,10 +48,9 @@ typedef struct whAuthBase_User {
     unsigned char credentials[WH_AUTH_BASE_MAX_CREDENTIALS_LEN];
     uint16_t      credentials_len;
 } whAuthBase_User;
-/* TODO: Thread safety - The global users array is not protected by any
- * synchronization mechanism. In a multi-threaded environment, concurrent
- * access could lead to race conditions. Consider adding appropriate locking
- * mechanisms (mutex, rwlock) to protect concurrent access. */
+/* The global users array is protected by the auth context lock when
+ * WOLFHSM_CFG_THREADSAFE is defined. Locking is performed by the wh_Auth_*
+ * wrapper functions in wh_auth.c. */
 static whAuthBase_User users[WH_AUTH_BASE_MAX_USERS];
 
 #if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
diff --git a/src/wh_auth.c b/src/wh_auth.c
@@ -62,9 +62,22 @@ int wh_Auth_Init(whAuthContext* context, const whAuthConfig* config)
     context->context = config->context;
     memset(&context->user, 0, sizeof(whAuthUser));
 
+#ifdef WOLFHSM_CFG_THREADSAFE
+    /* Initialize the lock for thread-safe auth operations */
+    rc = wh_Lock_Init(&context->lock, config->lockConfig);
+    if (rc != WH_ERROR_OK) {
+        context->cb      = NULL;
+        context->context = NULL;
+        return rc;
+    }
+#endif /* WOLFHSM_CFG_THREADSAFE */
+
     if (context->cb != NULL && context->cb->Init != NULL) {
         rc = context->cb->Init(context->context, config->config);
         if (rc != WH_ERROR_OK) {
+#ifdef WOLFHSM_CFG_THREADSAFE
+            (void)wh_Lock_Cleanup(&context->lock);
+#endif
             context->cb      = NULL;
             context->context = NULL;
         }
@@ -76,14 +89,24 @@ int wh_Auth_Init(whAuthContext* context, const whAuthConfig* config)
 
 int wh_Auth_Cleanup(whAuthContext* context)
 {
+    int rc = WH_ERROR_OK;
+
     if ((context == NULL) || (context->cb == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
     if (context->cb->Cleanup == NULL) {
         return WH_ERROR_ABORTED;
     }
-    return context->cb->Cleanup(context->context);
+
+    rc = context->cb->Cleanup(context->context);
+
+#ifdef WOLFHSM_CFG_THREADSAFE
+    /* Cleanup the lock for thread-safe auth operations */
+    (void)wh_Lock_Cleanup(&context->lock);
+#endif /* WOLFHSM_CFG_THREADSAFE */
+
+    return rc;
 }
 
 
@@ -109,6 +132,11 @@ int wh_Auth_Login(whAuthContext* context, uint8_t client_id,
         return WH_ERROR_BADARGS;
     }
 
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
     /* allowing only one user logged in to an open connection at a time */
     if (context->user.user_id != WH_USER_ID_INVALID) {
         *loggedIn = 0;
@@ -125,6 +153,7 @@ int wh_Auth_Login(whAuthContext* context, uint8_t client_id,
         }
     }
 
+    (void)WH_AUTH_UNLOCK(context);
     return rc;
 }
 
@@ -138,14 +167,19 @@ int wh_Auth_Logout(whAuthContext* context, whUserId user_id)
         return WH_ERROR_BADARGS;
     }
 
-    rc = context->cb->Logout(context->context, context->user.user_id, user_id);
+    rc = WH_AUTH_LOCK(context);
     if (rc != WH_ERROR_OK) {
         return rc;
     }
 
-    /* Clear the user context */
-    memset(&context->user, 0, sizeof(whAuthUser));
-    return WH_ERROR_OK;
+    rc = context->cb->Logout(context->context, context->user.user_id, user_id);
+    if (rc == WH_ERROR_OK) {
+        /* Clear the user context */
+        memset(&context->user, 0, sizeof(whAuthUser));
+    }
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
 }
 
 
@@ -271,51 +305,91 @@ int wh_Auth_UserAdd(whAuthContext* context, const char* username,
                     whAuthMethod method, const void* credentials,
                     uint16_t credentials_len)
 {
+    int rc;
+
     if ((context == NULL) || (context->cb == NULL) ||
         (context->cb->UserAdd == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserAdd(context->context, username, out_user_id,
-                                permissions, method, credentials,
-                                credentials_len);
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
+    rc = context->cb->UserAdd(context->context, username, out_user_id,
+                              permissions, method, credentials,
+                              credentials_len);
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
 }
 
 
 int wh_Auth_UserDelete(whAuthContext* context, whUserId user_id)
 {
+    int rc;
+
     if ((context == NULL) || (context->cb == NULL) ||
         (context->cb->UserDelete == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserDelete(context->context, context->user.user_id,
-                                   user_id);
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
+    rc = context->cb->UserDelete(context->context, context->user.user_id,
+                                 user_id);
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
 }
 
 
 int wh_Auth_UserSetPermissions(whAuthContext* context, whUserId user_id,
                                whAuthPermissions permissions)
 {
+    int rc;
+
     if ((context == NULL) || (context->cb == NULL) ||
         (context->cb->UserSetPermissions == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserSetPermissions(
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
+    rc = context->cb->UserSetPermissions(
         context->context, context->user.user_id, user_id, permissions);
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
 }
 
 int wh_Auth_UserGet(whAuthContext* context, const char* username,
                     whUserId* out_user_id, whAuthPermissions* out_permissions)
 {
+    int rc;
+
     if ((context == NULL) || (context->cb == NULL) ||
         (context->cb->UserGet == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserGet(context->context, username, out_user_id,
-                                out_permissions);
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
+    rc = context->cb->UserGet(context->context, username, out_user_id,
+                              out_permissions);
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
 }
 
 int wh_Auth_UserSetCredentials(whAuthContext* context, whUserId user_id,
@@ -325,12 +399,44 @@ int wh_Auth_UserSetCredentials(whAuthContext* context, whUserId user_id,
                                const void*  new_credentials,
                                uint16_t     new_credentials_len)
 {
+    int rc;
+
     if ((context == NULL) || (context->cb == NULL) ||
         (context->cb->UserSetCredentials == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserSetCredentials(
+    rc = WH_AUTH_LOCK(context);
+    if (rc != WH_ERROR_OK) {
+        return rc;
+    }
+
+    rc = context->cb->UserSetCredentials(
         context->context, user_id, method, current_credentials,
         current_credentials_len, new_credentials, new_credentials_len);
+
+    (void)WH_AUTH_UNLOCK(context);
+    return rc;
+}
+
+
+/********** Lock/Unlock Functions for Thread Safety *************************/
+
+#ifdef WOLFHSM_CFG_THREADSAFE
+int wh_Auth_Lock(whAuthContext* auth)
+{
+    if (auth == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+    return wh_Lock_Acquire(&auth->lock);
+}
+
+
+int wh_Auth_Unlock(whAuthContext* auth)
+{
+    if (auth == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+    return wh_Lock_Release(&auth->lock);
 }
+#endif /* WOLFHSM_CFG_THREADSAFE */
diff --git a/test/wh_test_posix_threadsafe_stress.c b/test/wh_test_posix_threadsafe_stress.c
@@ -39,9 +39,11 @@
 
 #include "wolfhsm/wh_settings.h"
 
+/* Note: pthread_barrier_t is not available on macOS, so skip this test */
 #if defined(WOLFHSM_CFG_THREADSAFE) && defined(WOLFHSM_CFG_TEST_POSIX) &&     \
     defined(WOLFHSM_CFG_GLOBAL_KEYS) && defined(WOLFHSM_CFG_ENABLE_CLIENT) && \
-    defined(WOLFHSM_CFG_ENABLE_SERVER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
+    defined(WOLFHSM_CFG_ENABLE_SERVER) && !defined(WOLFHSM_CFG_NO_CRYPTO) &&  \
+    !defined(__APPLE__)
 
 #include <stdint.h>
 #include <stdio.h>
diff --git a/wolfhsm/wh_auth.h b/wolfhsm/wh_auth.h
@@ -42,6 +42,10 @@
 #include "wolfhsm/wh_common.h"
 #include "wolfhsm/wh_message.h" /* for WH_NUMBER_OF_GROUPS */
 
+#ifdef WOLFHSM_CFG_THREADSAFE
+#include "wolfhsm/wh_lock.h"
+#endif
+
 /** Auth Manager Types */
 
 /* User identifier type */
@@ -150,6 +154,9 @@ typedef struct whAuthContext_t {
     whAuthCb*  cb;
     whAuthUser user;
     void*      context;
+#ifdef WOLFHSM_CFG_THREADSAFE
+    whLock lock; /* Lock for serializing auth operations */
+#endif
 } whAuthContext;
 
 /* Simple helper configuration structure associated with an Auth Manager
@@ -158,6 +165,9 @@ typedef struct whAuthConfig_t {
     whAuthCb* cb;
     void*     context;
     void*     config;
+#ifdef WOLFHSM_CFG_THREADSAFE
+    whLockConfig* lockConfig; /* Lock configuration for thread safety */
+#endif
 } whAuthConfig;
 
 /** Public Auth Manager API Functions */
@@ -298,4 +308,33 @@ int wh_Auth_UserSetCredentials(whAuthContext* context, whUserId user_id,
                                uint16_t     current_credentials_len,
                                const void*  new_credentials,
                                uint16_t     new_credentials_len);
+
+#ifdef WOLFHSM_CFG_THREADSAFE
+/**
+ * @brief Acquires the auth lock.
+ *
+ * @param[in] auth Pointer to the auth context. Must not be NULL.
+ * @return int WH_ERROR_OK on success.
+ *             WH_ERROR_BADARGS if auth is NULL.
+ *             Other negative error codes on lock acquisition failure.
+ */
+int wh_Auth_Lock(whAuthContext* auth);
+
+/**
+ * @brief Releases the auth lock.
+ *
+ * @param[in] auth Pointer to the auth context. Must not be NULL.
+ * @return int WH_ERROR_OK on success.
+ *             WH_ERROR_BADARGS if auth is NULL.
+ *             Other negative error codes on lock release failure.
+ */
+int wh_Auth_Unlock(whAuthContext* auth);
+
+#define WH_AUTH_LOCK(auth) wh_Auth_Lock(auth)
+#define WH_AUTH_UNLOCK(auth) wh_Auth_Unlock(auth)
+#else
+#define WH_AUTH_LOCK(auth) (WH_ERROR_OK)
+#define WH_AUTH_UNLOCK(auth) (WH_ERROR_OK)
+#endif
+
 #endif /* !WOLFHSM_WH_AUTH_H_ */
