Merge pull request #913 from JacobBarthelmeh/Compatibility-Layer

allow re-using WOLFSSL structure after calling shutdown
2017-05-12 16:50:14 -07:00
parent dcd3a6a478 0374907acc
commit 3297280e62
2 changed files with 54 additions and 33 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -5094,6 +5094,10 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
    }
 #endif

+    if (ssl->hsHashes == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifndef NO_OLD_TLS
 #ifndef NO_SHA
    wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -2107,9 +2107,9 @@ int wolfSSL_shutdown(WOLFSSL* ssl)

    if (ssl->options.quietShutdown) {
        WOLFSSL_MSG("quiet shutdown, no close notify sent");
-        return SSL_SUCCESS;
+        ret = SSL_SUCCESS;
    }
-
+    else {
        /* try to send close notify, not an error if can't */
        if (!ssl->options.isClosed && !ssl->options.connReset &&
                                      !ssl->options.sentNotify) {
@ -2121,12 +2121,12 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
            ssl->options.sentNotify = 1;  /* don't send close_notify twice */
            if (ssl->options.closeNotify)
                ret = SSL_SUCCESS;
-        else
+            else {
                ret = SSL_SHUTDOWN_NOT_DONE;
-
                WOLFSSL_LEAVE("SSL_shutdown()", ret);
                return ret;
            }
+        }

        /* call wolfSSL_shutdown again for bidirectional shutdown */
        if (ssl->options.sentNotify && !ssl->options.closeNotify) {
@ -2139,6 +2139,17 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
                ret = SSL_SUCCESS;
            }
        }
+    }
+
+#ifdef OPENSSL_EXTRA
+    /* reset WOLFSSL structure state for possible re-use */
+    if (ret == SSL_SUCCESS) {
+        if (wolfSSL_clear(ssl) != SSL_SUCCESS) {
+            WOLFSSL_MSG("could not clear WOLFSSL");
+            ret = SSL_FATAL_ERROR;
+        }
+    }
+#endif

    WOLFSSL_LEAVE("SSL_shutdown()", ret);

@ -12716,6 +12727,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)

    int wolfSSL_clear(WOLFSSL* ssl)
    {
+        if (ssl == NULL) {
+            return SSL_FAILURE;
+        }
+
        ssl->options.isClosed = 0;
        ssl->options.connReset = 0;
        ssl->options.sentNotify = 0;
@ -12731,6 +12746,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
        ssl->keys.encryptionOn = 0;
        XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));

+        if (ssl->hsHashes != NULL) {
 #ifndef NO_OLD_TLS
 #ifndef NO_MD5
            wc_InitMd5(&ssl->hsHashes->hashMd5);
@ -12752,6 +12768,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
            if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0)
                return SSL_FAILURE;
 #endif
+        }

 #ifdef KEEP_PEER_CERT
        FreeX509(&ssl->peerCert);