memory management and add to compatibility layer

2016-11-18 17:42:37 -07:00 · 2016-11-18 17:42:37 -07:00 · 7e91838d4a
parent ff05c8a7a5
commit 7e91838d4a
5 changed files with 128 additions and 63 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -9625,7 +9625,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
        (void)ctx;
        (void)sz;
        WOLFSSL_MSG("session cache is set at compile time");
-        return SESSIONS_PER_ROW * SESSION_ROWS;
+        #ifndef NO_SESSION_CACHE
+            return SESSIONS_PER_ROW * SESSION_ROWS;
+        #else
+            return 0;
+        #endif
    }


@ -9767,6 +9771,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
    }


+    long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
+    {
+        (void)ctx;
+        WOLFSSL_ENTER("wolfSSL_CTX_get_options");
+        WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
+
+        return 0;
+    }
+
+
    long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
    {
        /* goahead calls with 0, do nothing */
@ -11696,7 +11710,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
    long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
    {
        (void)ctx;
-        return SESSIONS_PER_ROW * SESSION_ROWS;
+        #ifndef NO_SESSION_CACHE
+            return SESSIONS_PER_ROW * SESSION_ROWS;
+        #else
+            return 0;
+        #endif
    }

    unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
@ -13968,18 +13986,24 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
    return 0;
 }

-/*** TBD ***/
-WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op)
+
+/* wolfSSL options are set through API calls and macros.
+ * return 0 for no options set */
+unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
 {
-    (void)s;
+    (void)ssl;
    (void)op;
+    WOLFSSL_MSG("Set options in wolfSSL through API and macros");
    return 0;
 }

-/*** TBD ***/
-WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s)
+
+/* wolfSSL options are set through API calls and macros.
+ * return 0 for no options set */
+WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL* ssl)
 {
-    (void)s;
+    (void)ssl;
+    WOLFSSL_MSG("Set options in wolfSSL through API and macros");
    return 0;
 }

@ -13998,6 +14022,7 @@ WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s)
 }


+#ifndef NO_DH
 long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
 {
    int pSz, gSz;
@ -14022,7 +14047,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)

    g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH);
    if (!g) {
-        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+        XFREE(p, ssl->heap, DYNAMIC_TYPE_DH);
        return MEMORY_E;
    }

@ -14032,20 +14057,25 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
    if (pSz >= 0 && gSz >= 0) /* Conversion successful */
        ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);

-    XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
-    XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
+    XFREE(p, ssl->heap, DYNAMIC_TYPE_DH);
+    XFREE(g, ssl->heap, DYNAMIC_TYPE_DH);

    return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
 }
+#endif /* !NO_DH */


-/*** TBD ***/
-WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg)
+#ifdef HAVE_PK_CALLBACKS
+long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
 {
-    (void)s;
-    (void)arg;
-    return 0;
+    if (ssl == NULL) {
+        return SSL_FAILURE;
+    }
+
+    ssl->loggingCtx = arg;
+    return SSL_SUCCESS;
 }
+#endif /* HAVE_PK_CALLBACKS */

 /*** TBD ***/
 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
@ -15963,6 +15993,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
 }


+#if !defined(NO_DSA) && !defined(NO_DH)
 WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)
 {
    WOLFSSL_DH* dh;
@ -16000,6 +16031,7 @@ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)

    return dh;
 }
+#endif /* !defined(NO_DSA) && !defined(NO_DH) */

 #endif /* !NO_RSA && !NO_DSA */

@ -19578,18 +19610,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
        return 0;
    }

-    int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
-        WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
-
-        if (ctx == NULL || pkey == NULL) {
-            return SSL_FAILURE;
-        }
-
-        return wolfSSL_CTX_use_PrivateKey_buffer(ssl, pkey->pkey->ptr,
-                                                pkey->pkey_sz, PRIVATEKEY_TYPE);
-    }
-
-
    int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
        (void)b;
        (void)name;
@ -19767,6 +19787,20 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)


 #ifdef OPENSSL_EXTRA
+
+int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
+
+    if (ctx == NULL || pkey == NULL) {
+        return SSL_FAILURE;
+    }
+
+    return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                       (const unsigned char*)pkey->pkey.ptr,
+                                       pkey->pkey_sz, PRIVATEKEY_TYPE);
+}
+
 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
 {
    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
@ -19895,41 +19929,51 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe

    if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) {
        WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
+        FreeDer(&pDer);
        return NULL;
    }

    dsa = wolfSSL_DSA_new();
    if (dsa == NULL) {
+        FreeDer(&pDer);
        WOLFSSL_MSG("Error creating DSA struct");
+        return NULL;
    }

    key = (DsaKey*)dsa->internal;
    if (key == NULL) {
+        FreeDer(&pDer);
+        wolfSSL_DSA_free(dsa);
        WOLFSSL_MSG("Error finding DSA key struct");
+        return NULL;
    }

    if (GetInt(&key->p,  pDer->buffer, &idx, pDer->length) < 0 ||
        GetInt(&key->q,  pDer->buffer, &idx, pDer->length) < 0 ||
        GetInt(&key->g,  pDer->buffer, &idx, pDer->length) < 0 ) {
        WOLFSSL_MSG("dsa key error");
+        FreeDer(&pDer);
        wolfSSL_DSA_free(dsa);
        return NULL;
    }

    if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
        WOLFSSL_MSG("dsa p key error");
+        FreeDer(&pDer);
        wolfSSL_DSA_free(dsa);
        return NULL;
    }

    if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
        WOLFSSL_MSG("dsa q key error");
+        FreeDer(&pDer);
        wolfSSL_DSA_free(dsa);
        return NULL;
    }

    if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
        WOLFSSL_MSG("dsa g key error");
+        FreeDer(&pDer);
        wolfSSL_DSA_free(dsa);
        return NULL;
    }
@ -19938,6 +19982,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe
        *x = dsa;
    }

+    FreeDer(&pDer);
    return dsa;
 }
 #endif /* NO_DSA */
@ -20323,16 +20368,6 @@ STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 }


-long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
-{
-    (void)ctx;
-    WOLFSSL_ENTER("wolfSSL_CTX_get_options");
-    WOLFSSL_STUB("wolfSSL_CTX_get_options");
-
-    return 0;
-}
-
-
 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
 {
    WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
--- a/tests/api.c
+++ b/tests/api.c
@ -2267,6 +2267,10 @@ static void test_wolfSSL_certs(void)

    AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS);

+    #ifdef HAVE_PK_CALLBACKS
+    AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), SSL_SUCCESS);
+    #endif /* HAVE_PK_CALLBACKS */
+
    /* create and use x509 */
    x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
    AssertNotNull(x509);
@ -2284,6 +2288,7 @@ static void test_wolfSSL_certs(void)
                                  sizeof_server_cert_der_2048), SSL_SUCCESS);
    #endif

+    #if !defined(NO_SHA) && !defined(NO_SHA256)
    /************* Get Digest of Certificate ******************/
    {
        byte   digest[64]; /* max digest size */
@ -2292,59 +2297,73 @@ static void test_wolfSSL_certs(void)
        XMEMSET(digest, 0, sizeof(digest));
        AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha1(), digest, &digestSz),
                    SSL_SUCCESS);
+        AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha256(), digest, &digestSz),
+                    SSL_SUCCESS);

        AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
                    SSL_FAILURE);
    }
+    #endif /* !NO_SHA && !NO_SHA256*/

    /* test and checkout X509 extensions */
-    sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints,
+            &crit, NULL);
    AssertNotNull(sk);
    AssertIntEQ(crit, 0);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_key_usage,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
+            &crit, NULL);
    /* AssertNotNull(sk); no extension set */
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+            NID_authority_key_identifier, &crit, NULL);
    AssertNotNull(sk);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_private_key_usage_period, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+            NID_private_key_usage_period, &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_subject_alt_name, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name,
+            &crit, NULL);
    /* AssertNotNull(sk); no alt names set */
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_issuer_alt_name, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_info_access, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit,
+            NULL);
    /* AssertNotNull(sk); no auth info set */
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_sinfo_access, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_name_constraints, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_certificate_policies, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+            NID_certificate_policies, &crit, NULL);
    #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
        AssertNull(sk);
    #else
@ -2352,36 +2371,42 @@ static void test_wolfSSL_certs(void)
    #endif
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_policy_mappings, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_policy_constraints, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_inhibit_any_policy, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy,
+            &crit, NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);

-    sk = X509_get_ext_d2i(x509, NID_tlsfeature, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit,
+            NULL);
    /* AssertNotNull(sk); NID not yet supported */
    AssertIntEQ(crit, -1);
    wolfSSL_sk_ASN1_OBJECT_free(sk);
    
    /* test invalid cases */
    crit = 0;
-    sk = X509_get_ext_d2i(x509, -1, &crit, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
    AssertNull(sk);
    AssertIntEQ(crit, -1);
-    sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL);
+    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
+            NULL, NULL);
    AssertNull(sk);

    AssertIntEQ(SSL_get_hit(ssl), 0);
-    SSL_free(ssl); /* frees x509 also since loaded into ssl */
+    X509_free(x509);
+    SSL_free(ssl);
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
@ -2474,6 +2499,9 @@ static void test_wolfSSL_tmp_dh(void)
    AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS);
    AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS);

+    BIO_free(bio);
+    DSA_free(dsa);
+    DH_free(dh);
    SSL_free(ssl);
    SSL_CTX_free(ctx);

--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2750,6 +2750,9 @@ struct WOLFSSL {
 #ifdef OPENSSL_EXTRA
    WOLFSSL_BIO*     biord;              /* socket bio read  to free/close */
    WOLFSSL_BIO*     biowr;              /* socket bio write to free/close */
+#ifdef HAVE_PK_CALLBACKS
+    void*            loggingCtx;         /* logging callback argument */
+#endif
 #endif
 #ifndef NO_RSA
    RsaKey*         peerRsaKey;
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@ -47,7 +47,9 @@
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/arc4.h>
-
+#ifdef HAVE_IDEA
+    #include <wolfssl/wolfcrypt/idea.h>
+#endif

 #ifdef __cplusplus
    extern "C" {
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -1932,6 +1932,7 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
                                              unsigned char* out, size_t outSz);
 WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
+WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);

 /*lighttp compatibility */

@ -1947,7 +1948,6 @@ struct WOLFSSL_X509_NAME_ENTRY {
 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL)
 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
-WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void);
 /* These are to be merged shortly */
@ -1967,9 +1967,6 @@ WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsign
 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
 WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk );

-WOLFSSL_API unsigned long wolfSSL_SSL_CTX_get_options(const WOLFSSL_CTX *ctx);
-WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned long op);
-
 /* end lighttpd*/
 #endif
 #endif
@ -1987,6 +1984,8 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
 WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
    WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
 WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
+


 #endif /* HAVE_STUNNEL || HAVE_LIGHTY */
@ -2044,8 +2043,6 @@ WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int);

 WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);

-WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
-
 WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);

 WOLFSSL_API int   wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);