forked from wolfSSL/wolfssl
Merge pull request #4891 from dgarske/multi_test
This commit is contained in:
Juliusz Sosinowicz
GitHub
@@ -3191,8 +3191,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
||||||
if (trustCert) {
|
if (trustCert) {
|
||||||
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
||||||
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
err_sys("can't load trusted peer cert file");
|
err_sys("can't load trusted peer cert file");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2568,9 +2568,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
}
|
}
|
||||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||||
if (trustCert) {
|
if (trustCert) {
|
||||||
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
||||||
WOLFSSL_FILETYPE_PEM))
|
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
|
||||||
!= WOLFSSL_SUCCESS) {
|
|
||||||
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
|
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2790,8 +2789,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
}
|
}
|
||||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||||
if (trustCert) {
|
if (trustCert) {
|
||||||
if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert,
|
if (wolfSSL_trust_peer_cert(ssl, trustCert,
|
||||||
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
|
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
|
||||||
err_sys_ex(runWithErrors, "can't load trusted peer cert "
|
err_sys_ex(runWithErrors, "can't load trusted peer cert "
|
||||||
"file");
|
"file");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -30626,7 +30626,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
id = ssl->session->altSessionID;
|
id = ssl->session->altSessionID;
|
||||||
idSz = ID_LEN;
|
idSz = ID_LEN;
|
||||||
}
|
}
|
||||||
XMEMCPY(it.id, id, ID_LEN);
|
/* make sure idSz is not larger than ID_LEN */
|
||||||
|
if (idSz > ID_LEN)
|
||||||
|
idSz = ID_LEN;
|
||||||
|
XMEMCPY(it.id, id, idSz);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -30765,20 +30768,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
/* get master secret */
|
/* get master secret */
|
||||||
if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
|
if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
|
||||||
if (ssl->version.minor < it->pv.minor) {
|
if (ssl->version.minor < it->pv.minor) {
|
||||||
ForceZero(&it, sizeof(it));
|
ForceZero(it, sizeof(*it));
|
||||||
WOLFSSL_MSG("Ticket has greater version");
|
WOLFSSL_MSG("Ticket has greater version");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
else if (ssl->version.minor > it->pv.minor) {
|
else if (ssl->version.minor > it->pv.minor) {
|
||||||
if (IsAtLeastTLSv1_3(it->pv) != IsAtLeastTLSv1_3(ssl->version)) {
|
if (IsAtLeastTLSv1_3(it->pv) != IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
ForceZero(&it, sizeof(it));
|
ForceZero(it, sizeof(*it));
|
||||||
WOLFSSL_MSG("Tickets cannot be shared between "
|
WOLFSSL_MSG("Tickets cannot be shared between "
|
||||||
"TLS 1.3 and TLS 1.2 and lower");
|
"TLS 1.3 and TLS 1.2 and lower");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ssl->options.downgrade) {
|
if (!ssl->options.downgrade) {
|
||||||
ForceZero(&it, sizeof(it));
|
ForceZero(it, sizeof(*it));
|
||||||
WOLFSSL_MSG("Ticket has lesser version");
|
WOLFSSL_MSG("Ticket has lesser version");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
@@ -30786,7 +30789,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
WOLFSSL_MSG("Downgrading protocol due to ticket");
|
WOLFSSL_MSG("Downgrading protocol due to ticket");
|
||||||
|
|
||||||
if (it->pv.minor < ssl->options.minDowngrade) {
|
if (it->pv.minor < ssl->options.minDowngrade) {
|
||||||
ForceZero(&it, sizeof(it));
|
ForceZero(it, sizeof(*it));
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
ssl->version.minor = it->pv.minor;
|
ssl->version.minor = it->pv.minor;
|
||||||
@@ -30837,7 +30840,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ForceZero(&it, sizeof(it));
|
ForceZero(it, sizeof(*it));
|
||||||
|
|
||||||
WOLFSSL_LEAVE("DoClientTicket", ret);
|
WOLFSSL_LEAVE("DoClientTicket", ret);
|
||||||
WOLFSSL_END(WC_FUNC_TICKET_DO);
|
WOLFSSL_END(WC_FUNC_TICKET_DO);
|
||||||
|
|||||||
20
src/ssl.c
20
src/ssl.c
@@ -5266,7 +5266,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
|||||||
#define SESSIONS_PER_ROW 3
|
#define SESSIONS_PER_ROW 3
|
||||||
#define SESSION_ROWS 11
|
#define SESSION_ROWS 11
|
||||||
#endif
|
#endif
|
||||||
#define INVALID_SESSION_ROW -1
|
#define INVALID_SESSION_ROW (-1)
|
||||||
|
|
||||||
#ifdef NO_SESSION_CACHE_ROW_LOCK
|
#ifdef NO_SESSION_CACHE_ROW_LOCK
|
||||||
#undef ENABLE_SESSION_CACHE_ROW_LOCK
|
#undef ENABLE_SESSION_CACHE_ROW_LOCK
|
||||||
@@ -5330,11 +5330,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
|||||||
#error CLIENT_SESSION_ROWS too big
|
#error CLIENT_SESSION_ROWS too big
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef struct ClientSession {
|
struct ClientSession {
|
||||||
word16 serverRow; /* SessionCache Row id */
|
word16 serverRow; /* SessionCache Row id */
|
||||||
word16 serverIdx; /* SessionCache Idx (column) */
|
word16 serverIdx; /* SessionCache Idx (column) */
|
||||||
word32 sessionIDHash;
|
word32 sessionIDHash;
|
||||||
} ClientSession;
|
};
|
||||||
|
#ifndef WOLFSSL_CLIENT_SESSION_DEFINED
|
||||||
|
typedef struct ClientSession ClientSession;
|
||||||
|
#define WOLFSSL_CLIENT_SESSION_DEFINED
|
||||||
|
#endif
|
||||||
|
|
||||||
typedef struct ClientRow {
|
typedef struct ClientRow {
|
||||||
int nextIdx; /* where to place next one */
|
int nextIdx; /* where to place next one */
|
||||||
@@ -15507,6 +15511,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
XMEMSET(bogusID, 0, sizeof(bogusID));
|
||||||
if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
|
if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
|
||||||
id = ssl->arrays->sessionID;
|
id = ssl->arrays->sessionID;
|
||||||
else if (ssl->session->haveAltSessionID) {
|
else if (ssl->session->haveAltSessionID) {
|
||||||
@@ -15763,8 +15768,9 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
|
|||||||
SESSION_ROW_UNLOCK(sessRow);
|
SESSION_ROW_UNLOCK(sessRow);
|
||||||
sessRow = NULL;
|
sessRow = NULL;
|
||||||
}
|
}
|
||||||
/* Make sure we don't access this anymore */
|
|
||||||
session = NULL;
|
/* Note: the `session` variable cannot be used below, since the row is
|
||||||
|
* un-locked */
|
||||||
|
|
||||||
if (ret != WOLFSSL_SUCCESS)
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
return ret;
|
return ret;
|
||||||
@@ -24094,7 +24100,7 @@ int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
|
|||||||
output->heap, DYNAMIC_TYPE_SESSION_TICK);
|
output->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||||
if (tmp == NULL) {
|
if (tmp == NULL) {
|
||||||
WOLFSSL_MSG("Failed to allocate memory for ticket");
|
WOLFSSL_MSG("Failed to allocate memory for ticket");
|
||||||
XFREE(ticBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
|
XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||||
output->ticket = NULL;
|
output->ticket = NULL;
|
||||||
output->ticketLen = 0;
|
output->ticketLen = 0;
|
||||||
output->ticketLenAlloc = 0;
|
output->ticketLenAlloc = 0;
|
||||||
@@ -24138,7 +24144,7 @@ int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (ticBuff != NULL)
|
if (ticBuff != NULL)
|
||||||
XFREE(ticBuff, input->heap, DYNAMIC_TYPE_SESSION_TICK);
|
XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||||
output->ticket = output->_staticTicket;
|
output->ticket = output->_staticTicket;
|
||||||
output->ticketLenAlloc = 0;
|
output->ticketLenAlloc = 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -834,10 +834,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(HAVE_GETADDRINFO)
|
||||||
#ifdef WOLFSSL_IPV6
|
#ifdef WOLFSSL_IPV6
|
||||||
sockaddr_len = sizeof(SOCKADDR_IN6);
|
sockaddr_len = sizeof(SOCKADDR_IN6);
|
||||||
#else
|
#else
|
||||||
sockaddr_len = sizeof(SOCKADDR_IN);
|
sockaddr_len = sizeof(SOCKADDR_IN);
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
XMEMSET(&addr, 0, sizeof(addr));
|
XMEMSET(&addr, 0, sizeof(addr));
|
||||||
|
|
||||||
|
|||||||
@@ -39320,6 +39320,8 @@ static void test_wolfSSL_SESSION(void)
|
|||||||
#else
|
#else
|
||||||
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
|
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
|
||||||
#endif
|
#endif
|
||||||
|
#else
|
||||||
|
(void)sess;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
/* Retain copy of the session for later testing */
|
/* Retain copy of the session for later testing */
|
||||||
|
|||||||
@@ -1691,7 +1691,10 @@ typedef WOLFSSL_BUFFER_INFO buffer;
|
|||||||
typedef struct Suites Suites;
|
typedef struct Suites Suites;
|
||||||
|
|
||||||
/* Declare opaque struct for API to use */
|
/* Declare opaque struct for API to use */
|
||||||
|
#ifndef WOLFSSL_CLIENT_SESSION_DEFINED
|
||||||
typedef struct ClientSession ClientSession;
|
typedef struct ClientSession ClientSession;
|
||||||
|
#define WOLFSSL_CLIENT_SESSION_DEFINED
|
||||||
|
#endif
|
||||||
|
|
||||||
/* defaults to client */
|
/* defaults to client */
|
||||||
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
|
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
|
||||||
@@ -4619,13 +4622,13 @@ struct WOLFSSL {
|
|||||||
*/
|
*/
|
||||||
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
|
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
|
||||||
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \
|
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \
|
||||||
err = wolfSSL_ERR_peek_last_error(); \
|
(err) = wolfSSL_ERR_peek_last_error(); \
|
||||||
if (ERR_GET_LIB(err) == ERR_LIB_PEM && \
|
if (ERR_GET_LIB(err) == ERR_LIB_PEM && \
|
||||||
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \
|
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \
|
||||||
wc_RemoveErrorNode(-1); \
|
wc_RemoveErrorNode(-1); \
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)err;
|
#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@@ -2852,7 +2852,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
|
|||||||
WOLFSSL_API int wolfSSL_Unload_trust_peers(WOLFSSL* ssl);
|
WOLFSSL_API int wolfSSL_Unload_trust_peers(WOLFSSL* ssl);
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
|
WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
|
||||||
const unsigned char*, long, int);
|
const unsigned char* in,
|
||||||
|
long sz, int format);
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
|
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
|
||||||
const unsigned char* in, long sz, int format,
|
const unsigned char* in, long sz, int format,
|
||||||
|
|||||||
Reference in New Issue
Block a user