forked from wolfSSL/wolfssl
reorganize InitSSL. Rename forcekeep->cacheOnly. Free instead of decrement
This commit is contained in:
Nickolas Lapp
@@ -1587,13 +1587,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
/* decrement previous CTX reference count if exists.
|
/* decrement previous CTX reference count if exists.
|
||||||
* This should only happen if switching ctxs!*/
|
* This should only happen if switching ctxs!*/
|
||||||
if (!newSSL) {
|
if (!newSSL) {
|
||||||
if(LockMutex(&ssl->ctx->countMutex) != 0) {
|
WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
|
||||||
WOLFSSL_MSG("Couldn't lock on previous CTX count mutex");
|
wolfSSL_CTX_free(ssl->ctx);
|
||||||
return BAD_MUTEX_E;
|
|
||||||
}
|
|
||||||
WOLFSSL_MSG("Decrementing previous ctx reference count. Switching ctx.");
|
|
||||||
ssl->ctx->refCount--;
|
|
||||||
UnLockMutex(&ssl->ctx->countMutex);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* increment CTX reference count */
|
/* increment CTX reference count */
|
||||||
@@ -1713,27 +1708,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
|
|
||||||
XMEMSET(ssl, 0, sizeof(WOLFSSL));
|
XMEMSET(ssl, 0, sizeof(WOLFSSL));
|
||||||
|
|
||||||
/* arrays */
|
|
||||||
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
|
|
||||||
DYNAMIC_TYPE_ARRAYS);
|
|
||||||
if (ssl->arrays == NULL) {
|
|
||||||
WOLFSSL_MSG("Arrays Memory error");
|
|
||||||
return MEMORY_E;
|
|
||||||
}
|
|
||||||
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
|
||||||
|
|
||||||
/* suites */
|
|
||||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ssl->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Suites Memory error");
|
|
||||||
return MEMORY_E;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Initialize SSL with the appropriate fields from it's ctx */
|
|
||||||
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
||||||
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||||
|
|
||||||
@@ -1777,7 +1751,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
ssl->hmac = TLS_hmac;
|
ssl->hmac = TLS_hmac;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
ssl->buffers.dtlsCtx.fd = -1;
|
ssl->buffers.dtlsCtx.fd = -1;
|
||||||
@@ -1802,6 +1775,29 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
|
|
||||||
/* all done with init, now can return errors, call other stuff */
|
/* all done with init, now can return errors, call other stuff */
|
||||||
|
|
||||||
|
/* arrays */
|
||||||
|
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
|
||||||
|
DYNAMIC_TYPE_ARRAYS);
|
||||||
|
if (ssl->arrays == NULL) {
|
||||||
|
WOLFSSL_MSG("Arrays Memory error");
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
||||||
|
|
||||||
|
/* suites */
|
||||||
|
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||||
|
DYNAMIC_TYPE_SUITES);
|
||||||
|
if (ssl->suites == NULL) {
|
||||||
|
WOLFSSL_MSG("Suites Memory error");
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Initialize SSL with the appropriate fields from it's ctx */
|
||||||
|
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
|
||||||
|
|
||||||
/* hsHashes */
|
/* hsHashes */
|
||||||
ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
|
ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
|
||||||
DYNAMIC_TYPE_HASHES);
|
DYNAMIC_TYPE_HASHES);
|
||||||
|
|||||||
15
src/tls.c
15
src/tls.c
@@ -1003,7 +1003,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
#ifndef NO_WOLFSSL_SERVER
|
#ifndef NO_WOLFSSL_SERVER
|
||||||
word16 size = 0;
|
word16 size = 0;
|
||||||
word16 offset = 0;
|
word16 offset = 0;
|
||||||
int forceKeep = 0;
|
int cacheOnly = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
|
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
|
||||||
@@ -1015,7 +1015,10 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
|
|
||||||
if (!extension || !extension->data) {
|
if (!extension || !extension->data) {
|
||||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
||||||
forceKeep = 1;
|
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||||
|
* Enable it so that the received sni is available to functions
|
||||||
|
* that use a custom callback when SNI is received */
|
||||||
|
cacheOnly = 1;
|
||||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||||
#else
|
#else
|
||||||
return isRequest ? 0 /* not using SNI. */
|
return isRequest ? 0 /* not using SNI. */
|
||||||
@@ -1052,13 +1055,13 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
if (offset + size > length)
|
if (offset + size > length)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (!forceKeep && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
|
if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
|
||||||
continue; /* not using this type of SNI. */
|
continue; /* not using this type of SNI. */
|
||||||
|
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case WOLFSSL_SNI_HOST_NAME: {
|
case WOLFSSL_SNI_HOST_NAME: {
|
||||||
int matchStat;
|
int matchStat;
|
||||||
byte matched = forceKeep ||
|
byte matched = cacheOnly ||
|
||||||
((XSTRLEN(sni->data.host_name) == size)
|
((XSTRLEN(sni->data.host_name) == size)
|
||||||
&& (XSTRNCMP(sni->data.host_name,
|
&& (XSTRNCMP(sni->data.host_name,
|
||||||
(const char*)input + offset, size) == 0));
|
(const char*)input + offset, size) == 0));
|
||||||
@@ -1070,7 +1073,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
if (r != SSL_SUCCESS)
|
if (r != SSL_SUCCESS)
|
||||||
return r; /* throws error. */
|
return r; /* throws error. */
|
||||||
|
|
||||||
if(forceKeep) {
|
if(cacheOnly) {
|
||||||
WOLFSSL_MSG("Forcing storage of SNI, Fake match");
|
WOLFSSL_MSG("Forcing storage of SNI, Fake match");
|
||||||
matchStat = WOLFSSL_SNI_FORCE_KEEP;
|
matchStat = WOLFSSL_SNI_FORCE_KEEP;
|
||||||
} else if(matched) {
|
} else if(matched) {
|
||||||
@@ -1083,7 +1086,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
|
|
||||||
TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
|
TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
|
||||||
|
|
||||||
if(!forceKeep)
|
if(!cacheOnly)
|
||||||
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
|
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
|
||||||
|
|
||||||
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user