forked from wolfSSL/wolfssl
Code review fixes
Put back check for server end when setting DH. Add option to keep resources rather than free after handshake.
This commit is contained in:
Sean Parkinson
23
src/ssl.c
23
src/ssl.c
@ -990,10 +990,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
|
|||||||
if (pSz < ssl->options.minDhKeySz)
|
if (pSz < ssl->options.minDhKeySz)
|
||||||
return DH_KEY_SIZE_E;
|
return DH_KEY_SIZE_E;
|
||||||
|
|
||||||
#ifndef WOLFSSL_WPAS
|
|
||||||
if (ssl->options.side != WOLFSSL_SERVER_END)
|
if (ssl->options.side != WOLFSSL_SERVER_END)
|
||||||
return SIDE_ERROR;
|
return SIDE_ERROR;
|
||||||
#endif
|
|
||||||
|
|
||||||
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
|
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
|
||||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||||
@ -2063,6 +2061,20 @@ void wolfSSL_FreeArrays(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Set option to indicate that the resources are not to be freed after
|
||||||
|
* handshake.
|
||||||
|
*
|
||||||
|
* ssl The SSL/TLS object.
|
||||||
|
*/
|
||||||
|
int wolfSSL_KeepResources(WOLFSSL* ssl)
|
||||||
|
{
|
||||||
|
if (ssl == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
ssl->options.keepResources = 1;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
|
const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
|
||||||
{
|
{
|
||||||
@ -7905,16 +7917,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
|||||||
}
|
}
|
||||||
#endif /* NO_HANDSHAKE_DONE_CB */
|
#endif /* NO_HANDSHAKE_DONE_CB */
|
||||||
|
|
||||||
#ifndef WOLFSSL_WPAS
|
|
||||||
if (!ssl->options.dtls) {
|
if (!ssl->options.dtls) {
|
||||||
FreeHandshakeResources(ssl);
|
if (!ssl->options.keepResources) {
|
||||||
|
FreeHandshakeResources(ssl);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
else {
|
else {
|
||||||
ssl->options.dtlsHsRetain = 1;
|
ssl->options.dtlsHsRetain = 1;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
#endif
|
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
@ -23759,4 +23771,5 @@ int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#endif /* WOLFCRYPT_ONLY */
|
#endif /* WOLFCRYPT_ONLY */
|
||||||
|
|||||||
@ -2494,6 +2494,7 @@ typedef struct Options {
|
|||||||
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
|
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
|
||||||
word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
|
word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
|
||||||
#endif
|
#endif
|
||||||
|
word16 keepResources:1; /* Keep resources after handshake */
|
||||||
|
|
||||||
/* need full byte values for this section */
|
/* need full byte values for this section */
|
||||||
byte processReply; /* nonblocking resume */
|
byte processReply; /* nonblocking resume */
|
||||||
|
|||||||
@ -1650,6 +1650,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
|
|||||||
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
|
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
|
||||||
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
|
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
|
||||||
|
|
||||||
|
WOLFSSL_API int wolfSSL_KeepResources(WOLFSSL* ssl);
|
||||||
|
|
||||||
/* async additions */
|
/* async additions */
|
||||||
WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);
|
WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);
|
||||||
|
|||||||
Reference in New Issue
Block a user