From e194a11cb83b6a4062ab57719e70ceccc618d02c Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 6 Jul 2020 10:47:46 -0600 Subject: [PATCH] add wolfSSL_SESSION_new and change to peek error --- src/ssl.c | 74 ++++++++++++++++++++++++++++++++++++---------- wolfssl/internal.h | 2 +- wolfssl/ssl.h | 1 + 3 files changed, 60 insertions(+), 17 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1d3b3c182..a27b09d16 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12744,16 +12744,13 @@ int AddSession(WOLFSSL* ssl) #ifdef HAVE_EXT_CACHE if (ssl->options.internalCacheOff) { /* Create a new session object to be stored. */ - session = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL, - DYNAMIC_TYPE_OPENSSL); + session = wolfSSL_SESSION_new(); if (session == NULL) { #ifdef HAVE_SESSION_TICKET XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); #endif return MEMORY_E; } - XMEMSET(session, 0, sizeof(WOLFSSL_SESSION)); - session->isAlloced = 1; } else #endif @@ -17332,6 +17329,12 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len) { WOLFSSL_X509* newX509 = NULL; + WOLFSSL_ENTER("wolfSSL_d2i_X509"); + + if (in == NULL) { + WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509"); + return NULL; + } newX509 = wolfSSL_X509_d2i(x509, *in, len); if (newX509 != NULL) { @@ -19277,6 +19280,28 @@ int wolfSSL_session_reused(WOLFSSL* ssl) } #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) +/* return a new malloc'd session with default settings on success */ +WOLFSSL_SESSION* wolfSSL_SESSION_new() +{ + WOLFSSL_SESSION* ret = NULL; + + ret = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL, + DYNAMIC_TYPE_OPENSSL); + if (ret != NULL) { + XMEMSET(ret, 0, sizeof(WOLFSSL_SESSION)); + #ifdef OPENSSL_EXTRA + if (wc_InitMutex(&ret->refMutex) != 0) { + WOLFSSL_MSG("Error setting up session reference mutex"); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + #endif + ret->isAlloced = 1; + } + return ret; +} + + /* add one to session reference count * return WOFLSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) @@ -19309,8 +19334,7 @@ WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session) } #endif - copy = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL, - DYNAMIC_TYPE_OPENSSL); + copy = wolfSSL_SESSION_new(); if (copy != NULL) { XMEMCPY(copy, session, sizeof(WOLFSSL_SESSION)); copy->isAlloced = 1; @@ -19347,7 +19371,18 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) } #endif -#ifdef HAVE_EXT_CACHE +#ifdef OPENSSL_EXTRA + if (wc_LockMutex(&session->refMutex) != 0) { + WOLFSSL_MSG("Failed to lock session mutex"); + } + if (session->refCount > 0) { + session->refCount--; + wc_UnLockMutex(&session->refMutex); + return; + } + wc_UnLockMutex(&session->refMutex); +#endif +#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) if (session->isAlloced) { #ifdef HAVE_SESSION_TICKET if (session->isDynamic) @@ -27239,12 +27274,9 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, return NULL; if (s == NULL) { - s = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL, - DYNAMIC_TYPE_OPENSSL); + s = wolfSSL_SESSION_new(); if (s == NULL) return NULL; - XMEMSET(s, 0, sizeof(WOLFSSL_SESSION)); - s->isAlloced = 1; #ifdef HAVE_SESSION_TICKET s->isDynamic = 0; #endif @@ -43011,13 +43043,16 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; } - ret = -ret; + /* OpenSSL uses positive error codes */ + if (ret < 0) { + ret = -ret; + } - if (ret == ASN_NO_PEM_HEADER) + if (ret == -ASN_NO_PEM_HEADER) return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; - if (ret != WANT_READ && ret != WANT_WRITE && - ret != ZERO_RETURN && ret != WOLFSSL_ERROR_ZERO_RETURN && - ret != SOCKET_PEER_CLOSED_E && ret != SOCKET_ERROR_E) + if (ret != -WANT_READ && ret != -WANT_WRITE && + ret != -ZERO_RETURN && ret != -WOLFSSL_ERROR_ZERO_RETURN && + ret != -SOCKET_PEER_CLOSED_E && ret != -SOCKET_ERROR_E) break; wc_RemoveErrorNode(-1); @@ -43839,6 +43874,13 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) { + WOLFSSL_ENTER("wolfSSL_X509_dup"); + + if (x == NULL) { + WOLFSSL_MSG("Error: NULL certificate passed in"); + return NULL; + } + return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 16e8f533a..ad9524fc6 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3176,7 +3176,7 @@ struct WOLFSSL_SESSION { byte staticTicket[SESSION_TICKET_LEN]; byte isDynamic; #endif -#ifdef HAVE_EXT_CACHE +#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) byte isAlloced; #endif #ifdef HAVE_EX_DATA diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c90e7f5b2..d02deb24c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1155,6 +1155,7 @@ WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);