Code review fixes

Put back check for server end when setting DH. Add option to keep resources rather than free after handshake.
2017-03-07 11:55:23 +10:00
parent 122f648fd8
commit ac713e62c5
3 changed files with 20 additions and 5 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -990,10 +990,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
    if (pSz < ssl->options.minDhKeySz)
        return DH_KEY_SIZE_E;

-    #ifndef WOLFSSL_WPAS
    if (ssl->options.side != WOLFSSL_SERVER_END)
        return SIDE_ERROR;
-    #endif

    if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
@ -2063,6 +2061,20 @@ void wolfSSL_FreeArrays(WOLFSSL* ssl)
    }
 }

+/* Set option to indicate that the resources are not to be freed after
+ * handshake.
+ *
+ * ssl  The SSL/TLS object.
+ */
+int wolfSSL_KeepResources(WOLFSSL* ssl)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    ssl->options.keepResources = 1;
+
+    return 0;
+}

 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
 {
@ -7905,16 +7917,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
            }
 #endif /* NO_HANDSHAKE_DONE_CB */

-#ifndef WOLFSSL_WPAS
            if (!ssl->options.dtls) {
-                FreeHandshakeResources(ssl);
+                if (!ssl->options.keepResources) {
+                    FreeHandshakeResources(ssl);
+                }
            }
 #ifdef WOLFSSL_DTLS
            else {
                ssl->options.dtlsHsRetain = 1;
            }
 #endif /* WOLFSSL_DTLS */
-#endif

            WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
            return SSL_SUCCESS;
@ -23759,4 +23771,5 @@ int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
 }
 #endif

+
 #endif /* WOLFCRYPT_ONLY */
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2494,6 +2494,7 @@ typedef struct Options {
 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
    word16            userCurves:1;       /* indicates user called wolfSSL_UseSupportedCurve */
 #endif
+    word16            keepResources:1;    /* Keep resources after handshake */

    /* need full byte values for this section */
    byte            processReply;           /* nonblocking resume */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -1650,6 +1650,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
 WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
 WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);

+WOLFSSL_API int wolfSSL_KeepResources(WOLFSSL* ssl);

 /* async additions */
 WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);