feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-04-21 17:34:47 -05:00
parent 40d5aad8fe
commit 0cf9bacf1b
6 changed files with 118 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
examples/server/server.c
View File

@ -305,7 +305,8 @@ static int wolfsentry_store_endpoints(
int proto,
wolfsentry_route_flags_t flags)
{
struct wolfsentry_data *data = (struct wolfsentry_data *)XMALLOC(sizeof *data, NULL, DYNAMIC_TYPE_SOCKADDR);
struct wolfsentry_data *data = (struct wolfsentry_data *)XMALLOC(
sizeof *data, NULL, DYNAMIC_TYPE_SOCKADDR);
if (data == NULL)
return WOLFSSL_FAILURE;
@ -339,7 +340,10 @@ static int wolfsentry_store_endpoints(
data->remote.interface = data->local.interface = 0;
data->flags = flags;
if (wolfSSL_set_ex_data_with_cleanup(ssl, wolfsentry_data_index, data, (wolfSSL_ex_data_cleanup_routine_t)free_wolfsentry_data) != WOLFSSL_SUCCESS) {
if (wolfSSL_set_ex_data_with_cleanup(
ssl, wolfsentry_data_index, data,
(wolfSSL_ex_data_cleanup_routine_t)free_wolfsentry_data) !=
WOLFSSL_SUCCESS) {
free_wolfsentry_data(data);
return WOLFSSL_FAILURE;
}
@ -347,7 +351,11 @@ static int wolfsentry_store_endpoints(
return WOLFSSL_SUCCESS;
}
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
static int wolfSentry_NetworkFilterCallback(
WOLFSSL *ssl,
struct wolfsentry_context *wolfsentry,
wolfSSL_netfilter_decision_t *decision)
{
struct wolfsentry_data *data;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
wolfsentry_errcode_t ret;
@ -356,7 +364,17 @@ static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfsentry_cont
if ((data = wolfSSL_get_ex_data(ssl, wolfsentry_data_index)) == NULL)
return WOLFSSL_FAILURE;
ret = wolfsentry_route_event_dispatch(wolfsentry, &data->remote, &data->local, data->flags, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
ret = wolfsentry_route_event_dispatch(
wolfsentry,
&data->remote,
&data->local,
data->flags,
NULL /* event_label */,
0 /* event_label_len */,
NULL /* caller_context */,
NULL /* id */,
NULL /* inexact_matches */,
&action_results);
if (ret >= 0) {
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
@ -366,17 +384,21 @@ static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfsentry_cont
else
*decision = WOLFSSL_NETFILTER_PASS;
} else {
printf("wolfsentry_route_event_dispatch error " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
printf("wolfsentry_route_event_dispatch error "
WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
*decision = WOLFSSL_NETFILTER_PASS;
}
printf("wolfSentry got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d; decision=%d (%s)\n",
printf("wolfSentry got network filter callback: family=%d proto=%d rport=%d"
"lport=%d raddr=%s laddr=%s interface=%d; decision=%d (%s)\n",
data->remote.sa_family,
data->remote.sa_proto,
data->remote.sa_port,
data->local.sa_port,
inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(data->local.sa_family, data->local.addr, inet_ntop_buf2, sizeof inet_ntop_buf2),
inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf,
sizeof inet_ntop_buf),
inet_ntop(data->local.sa_family, data->local.addr, inet_ntop_buf2,
sizeof inet_ntop_buf2),
data->remote.interface,
*decision,
*decision == WOLFSSL_NETFILTER_REJECT ? "REJECT" :
@ -1959,23 +1981,35 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
err_sys_ex(catastrophic, "unable to get ctx");
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
wolfsentry_ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */, &wolfsentry);
wolfsentry_ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */,
&wolfsentry);
if (wolfsentry_ret < 0) {
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
err_sys_ex(catastrophic, "unable to initialize wolfSentry");
}
if (wolfsentry_data_index < 0)
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL,
NULL);
{
struct wolfsentry_route_table *table;
if ((wolfsentry_ret = wolfsentry_route_get_table_static(wolfsentry, &table)) < 0)
fprintf(stderr, "wolfsentry_route_get_table_static() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
if ((wolfsentry_ret = wolfsentry_route_get_table_static(wolfsentry,
&table)) < 0)
fprintf(stderr, "wolfsentry_route_get_table_static() returned "
WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
if (wolfsentry_ret >= 0) {
if ((wolfsentry_ret = wolfsentry_route_table_default_policy_set(wolfsentry, table, WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP)) < 0)
fprintf(stderr, "wolfsentry_route_table_default_policy_set(WOLFSENTRY_ACTION_RES_REJECT) returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
if ((wolfsentry_ret = wolfsentry_route_table_default_policy_set(
wolfsentry, table,
WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP))
< 0)
fprintf(stderr,
"wolfsentry_route_table_default_policy_set() returned "
WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}
if (wolfsentry_ret >= 0) {
@ -2008,8 +2042,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
0 /* event_label_len */, 0 /* event_label */, &id, &action_results)) < 0)
fprintf(stderr, "wolfsentry_route_insert_static() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
0 /* event_label_len */, 0 /* event_label */, &id,
&action_results)) < 0)
fprintf(stderr, "wolfsentry_route_insert_static() returned "
WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}
if (wolfsentry_ret < 0)
@ -2017,8 +2054,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
if (wolfSSL_CTX_set_AcceptFilter(ctx, (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback, wolfsentry) < 0)
err_sys_ex(catastrophic, "unable to install wolfSentry_NetworkFilterCallback");
if (wolfSSL_CTX_set_AcceptFilter(
ctx,
(NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback,
wolfsentry) < 0)
err_sys_ex(catastrophic,
"unable to install wolfSentry_NetworkFilterCallback");
#endif
if (simulateWantWrite)
@ -2713,13 +2754,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
{
SOCKADDR_IN_T local_addr;
socklen_t local_len = sizeof(local_addr);
getsockname(clientfd, (struct sockaddr *)&local_addr, (socklen_t *)&local_len);
getsockname(clientfd, (struct sockaddr *)&local_addr,
(socklen_t *)&local_len);
if (((struct sockaddr *)&client_addr)->sa_family != ((struct sockaddr *)&local_addr)->sa_family)
err_sys_ex(catastrophic, "client_addr.sa_family != local_addr.sa_family");
if (((struct sockaddr *)&client_addr)->sa_family !=
((struct sockaddr *)&local_addr)->sa_family)
err_sys_ex(catastrophic,
"client_addr.sa_family != local_addr.sa_family");
if (wolfsentry_store_endpoints(ssl, &client_addr, &local_addr, dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "error in wolfsentry_store_endpoints()");
if (wolfsentry_store_endpoints(
ssl, &client_addr, &local_addr,
dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP,
WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic,
"error in wolfsentry_store_endpoints()");
}
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
@ -3107,7 +3155,9 @@ exit:
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
wolfsentry_ret = wolfsentry_shutdown(&wolfsentry);
if (wolfsentry_ret < 0) {
fprintf(stderr, "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
fprintf(stderr,
"wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}
#endif

10
src/internal.c
View File

@ -1884,11 +1884,13 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int n_ex_data)
void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data)
{
int n_ex_data = (int)(sizeof ex_data->ex_data / sizeof ex_data->ex_data[0]);
for (--n_ex_data; n_ex_data >= 0; --n_ex_data) {
if (ex_data->ex_data[n_ex_data] != NULL)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(ex_data, n_ex_data, NULL, NULL);
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(ex_data, n_ex_data,
NULL, NULL);
}
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
@ -1902,7 +1904,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#endif
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
#endif
#ifdef HAVE_WOLF_EVENT
@ -6437,7 +6439,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
* using stream ciphers where it is retained. */
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&ssl->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&ssl->ex_data);
#endif
FreeCiphers(ssl);

35
src/ssl.c
View File

@ -1015,7 +1015,11 @@ int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
int wolfSSL_CTX_set_AcceptFilter(
WOLFSSL_CTX *ctx,
NetworkFilterCallback_t AcceptFilter,
void *AcceptFilter_arg)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->AcceptFilter = AcceptFilter;
@ -1023,7 +1027,11 @@ int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t Accep
return WOLFSSL_SUCCESS;
}
int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
int wolfSSL_set_AcceptFilter(
WOLFSSL *ssl,
NetworkFilterCallback_t AcceptFilter,
void *AcceptFilter_arg)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->AcceptFilter = AcceptFilter;
@ -12921,7 +12929,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
if (ssl->AcceptFilter) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) ==
WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;
@ -16308,7 +16317,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_ENTER("wolfSSL_BIO_free");
if (bio) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&bio->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&bio->ex_data);
#endif
if (bio->infoCb) {
/* info callback is called before free */
@ -18755,7 +18764,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
WOLFSSL_ENTER("ExternalFreeX509");
if (x509) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&x509->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&x509->ex_data);
#endif
if (x509->dynamicMemory) {
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@ -21958,7 +21967,7 @@ void FreeSession(WOLFSSL_SESSION* session, int isAlloced)
return;
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data);
#endif
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
@ -26086,7 +26095,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
return;
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&store->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&store->ex_data);
#endif
if (store->isDynamic) {
@ -26304,7 +26313,7 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
WOLFSSL_ENTER("X509_STORE_CTX_free");
if (ctx != NULL) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
#endif
#ifdef OPENSSL_EXTRA
if (ctx->param != NULL){
@ -44923,8 +44932,8 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_WPAS_SMALL)
#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) ||
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
{
@ -48808,8 +48817,8 @@ void wolfSSL_OPENSSL_config(char *config_name)
#endif /* !NO_WOLFSSL_STUB */
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(HAVE_EX_DATA) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
{
@ -53442,7 +53451,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
if (rsa) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_CRYPTO_cleanup_ex_data(&rsa->ex_data, MAX_EX_DATA);
wolfSSL_CRYPTO_cleanup_ex_data(&rsa->ex_data);
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
int doFree = 0;

3
src/tls13.c
View File

@ -8359,7 +8359,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
if (ssl->AcceptFilter) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) ==
WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;

2
wolfssl/internal.h
View File

@ -3044,7 +3044,7 @@ WOLFSSL_LOCAL
void SSL_CtxResourceFree(WOLFSSL_CTX*);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int n_ex_data);
void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data);
#endif
WOLFSSL_LOCAL

15
wolfssl/ssl.h
View File

@ -1149,9 +1149,18 @@ typedef enum {
WOLFSSL_NETFILTER_REJECT = 2
} wolfSSL_netfilter_decision_t;
typedef int (*NetworkFilterCallback_t)(WOLFSSL *ssl, void *AcceptFilter_arg, wolfSSL_netfilter_decision_t *decision);
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
WOLFSSL_API int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
typedef int (*NetworkFilterCallback_t)(
WOLFSSL *ssl,
void *AcceptFilter_arg,
wolfSSL_netfilter_decision_t *decision);
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(
WOLFSSL_CTX *ctx,
NetworkFilterCallback_t AcceptFilter,
void *AcceptFilter_arg);
WOLFSSL_API int wolfSSL_set_AcceptFilter(
WOLFSSL *ssl,
NetworkFilterCallback_t AcceptFilter,
void *AcceptFilter_arg);
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */