forked from wolfSSL/wolfssl
Merge pull request #913 from JacobBarthelmeh/Compatibility-Layer
allow re-using WOLFSSL structure after calling shutdown
This commit is contained in:
toddouska
GitHub
@@ -5094,6 +5094,10 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (ssl->hsHashes == NULL) {
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef NO_OLD_TLS
|
#ifndef NO_OLD_TLS
|
||||||
#ifndef NO_SHA
|
#ifndef NO_SHA
|
||||||
wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
|
wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
|
||||||
|
|||||||
83
src/ssl.c
83
src/ssl.c
@@ -2107,38 +2107,49 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
|
|||||||
|
|
||||||
if (ssl->options.quietShutdown) {
|
if (ssl->options.quietShutdown) {
|
||||||
WOLFSSL_MSG("quiet shutdown, no close notify sent");
|
WOLFSSL_MSG("quiet shutdown, no close notify sent");
|
||||||
return SSL_SUCCESS;
|
ret = SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
/* try to send close notify, not an error if can't */
|
/* try to send close notify, not an error if can't */
|
||||||
if (!ssl->options.isClosed && !ssl->options.connReset &&
|
if (!ssl->options.isClosed && !ssl->options.connReset &&
|
||||||
!ssl->options.sentNotify) {
|
!ssl->options.sentNotify) {
|
||||||
ssl->error = SendAlert(ssl, alert_warning, close_notify);
|
ssl->error = SendAlert(ssl, alert_warning, close_notify);
|
||||||
if (ssl->error < 0) {
|
if (ssl->error < 0) {
|
||||||
WOLFSSL_ERROR(ssl->error);
|
WOLFSSL_ERROR(ssl->error);
|
||||||
return SSL_FATAL_ERROR;
|
return SSL_FATAL_ERROR;
|
||||||
|
}
|
||||||
|
ssl->options.sentNotify = 1; /* don't send close_notify twice */
|
||||||
|
if (ssl->options.closeNotify)
|
||||||
|
ret = SSL_SUCCESS;
|
||||||
|
else {
|
||||||
|
ret = SSL_SHUTDOWN_NOT_DONE;
|
||||||
|
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ssl->options.sentNotify = 1; /* don't send close_notify twice */
|
|
||||||
if (ssl->options.closeNotify)
|
|
||||||
ret = SSL_SUCCESS;
|
|
||||||
else
|
|
||||||
ret = SSL_SHUTDOWN_NOT_DONE;
|
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
/* call wolfSSL_shutdown again for bidirectional shutdown */
|
||||||
return ret;
|
if (ssl->options.sentNotify && !ssl->options.closeNotify) {
|
||||||
|
ret = wolfSSL_read(ssl, &tmp, 0);
|
||||||
|
if (ret < 0) {
|
||||||
|
WOLFSSL_ERROR(ssl->error);
|
||||||
|
ret = SSL_FATAL_ERROR;
|
||||||
|
} else if (ssl->options.closeNotify) {
|
||||||
|
ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
|
||||||
|
ret = SSL_SUCCESS;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* call wolfSSL_shutdown again for bidirectional shutdown */
|
#ifdef OPENSSL_EXTRA
|
||||||
if (ssl->options.sentNotify && !ssl->options.closeNotify) {
|
/* reset WOLFSSL structure state for possible re-use */
|
||||||
ret = wolfSSL_read(ssl, &tmp, 0);
|
if (ret == SSL_SUCCESS) {
|
||||||
if (ret < 0) {
|
if (wolfSSL_clear(ssl) != SSL_SUCCESS) {
|
||||||
WOLFSSL_ERROR(ssl->error);
|
WOLFSSL_MSG("could not clear WOLFSSL");
|
||||||
ret = SSL_FATAL_ERROR;
|
ret = SSL_FATAL_ERROR;
|
||||||
} else if (ssl->options.closeNotify) {
|
|
||||||
ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
|
|
||||||
ret = SSL_SUCCESS;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
||||||
|
|
||||||
@@ -12716,6 +12727,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
|||||||
|
|
||||||
int wolfSSL_clear(WOLFSSL* ssl)
|
int wolfSSL_clear(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
|
if (ssl == NULL) {
|
||||||
|
return SSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
ssl->options.isClosed = 0;
|
ssl->options.isClosed = 0;
|
||||||
ssl->options.connReset = 0;
|
ssl->options.connReset = 0;
|
||||||
ssl->options.sentNotify = 0;
|
ssl->options.sentNotify = 0;
|
||||||
@@ -12731,27 +12746,29 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
|||||||
ssl->keys.encryptionOn = 0;
|
ssl->keys.encryptionOn = 0;
|
||||||
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
|
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
|
||||||
|
|
||||||
|
if (ssl->hsHashes != NULL) {
|
||||||
#ifndef NO_OLD_TLS
|
#ifndef NO_OLD_TLS
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
wc_InitMd5(&ssl->hsHashes->hashMd5);
|
wc_InitMd5(&ssl->hsHashes->hashMd5);
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_SHA
|
#ifndef NO_SHA
|
||||||
if (wc_InitSha(&ssl->hsHashes->hashSha) != 0)
|
if (wc_InitSha(&ssl->hsHashes->hashSha) != 0)
|
||||||
return SSL_FAILURE;
|
return SSL_FAILURE;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
if (wc_InitSha256(&ssl->hsHashes->hashSha256) != 0)
|
if (wc_InitSha256(&ssl->hsHashes->hashSha256) != 0)
|
||||||
return SSL_FAILURE;
|
return SSL_FAILURE;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA384
|
#ifdef WOLFSSL_SHA384
|
||||||
if (wc_InitSha384(&ssl->hsHashes->hashSha384) != 0)
|
if (wc_InitSha384(&ssl->hsHashes->hashSha384) != 0)
|
||||||
return SSL_FAILURE;
|
return SSL_FAILURE;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SHA512
|
#ifdef WOLFSSL_SHA512
|
||||||
if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0)
|
if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0)
|
||||||
return SSL_FAILURE;
|
return SSL_FAILURE;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
FreeX509(&ssl->peerCert);
|
FreeX509(&ssl->peerCert);
|
||||||
|
|||||||
Reference in New Issue
Block a user