feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4891 from dgarske/multi_test

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-02-28 15:28:39 +01:00
committed by GitHub
parent 1cb7342f61 821fd3c898
commit 92bd5a4076
9 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -6843,7 +6843,7 @@ AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEE
AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
[ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
[ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"

4
examples/client/client.c
View File

@@ -3191,8 +3191,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load trusted peer cert file");
}

9
examples/server/server.c
View File

@@ -2568,9 +2568,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM))
!= WOLFSSL_SUCCESS) {
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
}
}
@@ -2790,8 +2789,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
if (wolfSSL_trust_peer_cert(ssl, trustCert,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "can't load trusted peer cert "
"file");
}

15
src/internal.c
View File

@@ -30626,7 +30626,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
id = ssl->session->altSessionID;
idSz = ID_LEN;
}
XMEMCPY(it.id, id, ID_LEN);
/* make sure idSz is not larger than ID_LEN */
if (idSz > ID_LEN)
idSz = ID_LEN;
XMEMCPY(it.id, id, idSz);
}
#endif
@@ -30765,20 +30768,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* get master secret */
if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
if (ssl->version.minor < it->pv.minor) {
ForceZero(&it, sizeof(it));
ForceZero(it, sizeof(*it));
WOLFSSL_MSG("Ticket has greater version");
return VERSION_ERROR;
}
else if (ssl->version.minor > it->pv.minor) {
if (IsAtLeastTLSv1_3(it->pv) != IsAtLeastTLSv1_3(ssl->version)) {
ForceZero(&it, sizeof(it));
ForceZero(it, sizeof(*it));
WOLFSSL_MSG("Tickets cannot be shared between "
"TLS 1.3 and TLS 1.2 and lower");
return VERSION_ERROR;
}
if (!ssl->options.downgrade) {
ForceZero(&it, sizeof(it));
ForceZero(it, sizeof(*it));
WOLFSSL_MSG("Ticket has lesser version");
return VERSION_ERROR;
}
@@ -30786,7 +30789,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
WOLFSSL_MSG("Downgrading protocol due to ticket");
if (it->pv.minor < ssl->options.minDowngrade) {
ForceZero(&it, sizeof(it));
ForceZero(it, sizeof(*it));
return VERSION_ERROR;
}
ssl->version.minor = it->pv.minor;
@@ -30837,7 +30840,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
}
ForceZero(&it, sizeof(it));
ForceZero(it, sizeof(*it));
WOLFSSL_LEAVE("DoClientTicket", ret);
WOLFSSL_END(WC_FUNC_TICKET_DO);

20
src/ssl.c
View File

@@ -5266,7 +5266,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#define SESSIONS_PER_ROW 3
#define SESSION_ROWS 11
#endif
#define INVALID_SESSION_ROW -1
#define INVALID_SESSION_ROW (-1)
#ifdef NO_SESSION_CACHE_ROW_LOCK
#undef ENABLE_SESSION_CACHE_ROW_LOCK
@@ -5330,11 +5330,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#error CLIENT_SESSION_ROWS too big
#endif
typedef struct ClientSession {
struct ClientSession {
word16 serverRow; /* SessionCache Row id */
word16 serverIdx; /* SessionCache Idx (column) */
word32 sessionIDHash;
} ClientSession;
};
#ifndef WOLFSSL_CLIENT_SESSION_DEFINED
typedef struct ClientSession ClientSession;
#define WOLFSSL_CLIENT_SESSION_DEFINED
#endif
typedef struct ClientRow {
int nextIdx; /* where to place next one */
@@ -15507,6 +15511,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
return WOLFSSL_FAILURE;
#endif
XMEMSET(bogusID, 0, sizeof(bogusID));
if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
id = ssl->arrays->sessionID;
else if (ssl->session->haveAltSessionID) {
@@ -15763,8 +15768,9 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
SESSION_ROW_UNLOCK(sessRow);
sessRow = NULL;
}
/* Make sure we don't access this anymore */
session = NULL;
/* Note: the `session` variable cannot be used below, since the row is
* un-locked */
if (ret != WOLFSSL_SUCCESS)
return ret;
@@ -24094,7 +24100,7 @@ int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
output->heap, DYNAMIC_TYPE_SESSION_TICK);
if (tmp == NULL) {
WOLFSSL_MSG("Failed to allocate memory for ticket");
XFREE(ticBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
output->ticket = NULL;
output->ticketLen = 0;
output->ticketLenAlloc = 0;
@@ -24138,7 +24144,7 @@ int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
}
else {
if (ticBuff != NULL)
XFREE(ticBuff, input->heap, DYNAMIC_TYPE_SESSION_TICK);
XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
output->ticket = output->_staticTicket;
output->ticketLenAlloc = 0;
}

2
src/wolfio.c
View File

@@ -834,10 +834,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
return -1;
}
#if !defined(HAVE_GETADDRINFO)
#ifdef WOLFSSL_IPV6
sockaddr_len = sizeof(SOCKADDR_IN6);
#else
sockaddr_len = sizeof(SOCKADDR_IN);
#endif
#endif
XMEMSET(&addr, 0, sizeof(addr));

2
tests/api.c
View File

@@ -39320,6 +39320,8 @@ static void test_wolfSSL_SESSION(void)
#else
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
#endif
#else
(void)sess;
#endif /* OPENSSL_EXTRA */
/* Retain copy of the session for later testing */

9
wolfssl/internal.h
View File

@@ -1691,7 +1691,10 @@ typedef WOLFSSL_BUFFER_INFO buffer;
typedef struct Suites Suites;
/* Declare opaque struct for API to use */
typedef struct ClientSession ClientSession;
#ifndef WOLFSSL_CLIENT_SESSION_DEFINED
typedef struct ClientSession ClientSession;
#define WOLFSSL_CLIENT_SESSION_DEFINED
#endif
/* defaults to client */
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
@@ -4619,13 +4622,13 @@ struct WOLFSSL {
*/
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \
err = wolfSSL_ERR_peek_last_error(); \
(err) = wolfSSL_ERR_peek_last_error(); \
if (ERR_GET_LIB(err) == ERR_LIB_PEM && \
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \
wc_RemoveErrorNode(-1); \
}
#else
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)err;
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err);
#endif
/*

3
wolfssl/ssl.h
View File

@@ -2852,7 +2852,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
WOLFSSL_API int wolfSSL_Unload_trust_peers(WOLFSSL* ssl);
#endif
WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
const unsigned char*, long, int);
const unsigned char* in,
long sz, int format);
#endif
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
const unsigned char* in, long sz, int format,