From dd0734449945f81bb9bc0d29c7b6ed8127d4f94d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 5 Nov 2019 22:46:11 +0100 Subject: [PATCH] SSL_SESSION_dup --- src/ssl.c | 40 ++++++++++++++++++++++++++++++++++++---- tests/api.c | 4 ++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 1 + 4 files changed, 42 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b9f57905e..4a639a864 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19724,6 +19724,36 @@ int wolfSSL_session_reused(WOLFSSL* ssl) } #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) +WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session) +{ + WOLFSSL_SESSION* copy; + WOLFSSL_ENTER("wolfSSL_SESSION_dup"); + + if (session == NULL) + return NULL; + if (session->isDynamic && !session->ticket) { + WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null"); + return NULL; + } + + copy = XMALLOC(sizeof(WOLFSSL_SESSION), NULL, DYNAMIC_TYPE_OPENSSL); + if (copy != NULL) { + XMEMCPY(copy, session, sizeof(WOLFSSL_SESSION)); + copy->isAlloced = 1; + #ifdef HAVE_SESSION_TICKET + if (session->isDynamic) { + copy->ticket = XMALLOC(session->ticketLen, NULL, + DYNAMIC_TYPE_SESSION_TICK); + XMEMCPY(copy->ticket, session->ticket, session->ticketLen); + } else { + copy->ticket = copy->staticTicket; + } + #endif + } + + return copy; +} + void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) { if (session == NULL) @@ -38459,7 +38489,9 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) ret = WOLFSSL_FAILURE; break; } - if (pt) { + /* Clear certificate chain */ + FreeDer(&ctx->certChain); + if (sk) { for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { x509 = wolfSSL_sk_X509_value(sk, i); /* Prevent wolfSSL_CTX_add_extra_chain_cert from freeing cert */ @@ -38474,10 +38506,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) wolfSSL_X509_free(x509); } } - } else { - /* Clear certificate chain */ - FreeDer(&ctx->certChain); } + /* Free previous chain */ + wolfSSL_sk_X509_free(ctx->x509Chain); + ctx->x509Chain = sk; } #else WOLFSSL_MSG("Session certificates not compiled in"); diff --git a/tests/api.c b/tests/api.c index c02e980ca..36b5e2f90 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23340,6 +23340,7 @@ static void test_wolfSSL_SESSION(void) WOLFSSL* ssl; WOLFSSL_CTX* ctx; WOLFSSL_SESSION* sess; + WOLFSSL_SESSION* sess_copy; const unsigned char context[] = "user app context"; unsigned char* sessDer = NULL; unsigned char* ptr = NULL; @@ -23413,6 +23414,9 @@ static void test_wolfSSL_SESSION(void) fdOpenSession(Task_self()); #endif + AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess)); + wolfSSL_SESSION_free(sess_copy); + /* get session from DER and update the timeout */ AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG); AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 7eb3fb797..d7dbfcf3c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -274,6 +274,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_set_connect_state wolfSSL_set_connect_state #define SSL_set_accept_state wolfSSL_set_accept_state #define SSL_session_reused wolfSSL_session_reused +#define SSL_SESSION_dup wolfSSL_SESSION_dup #define SSL_SESSION_free wolfSSL_SESSION_free #define SSL_is_init_finished wolfSSL_is_init_finished diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 773a35a2c..f9232768e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1092,6 +1092,7 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);