From d4abeb56db4de7ccb483abbd0090216fda8f1004 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 9 Feb 2017 16:28:32 +1000 Subject: [PATCH] Fixes required after logging changes to master. --- configure.ac | 2 +- src/ssl.c | 73 +++++++++++++++++++++--------- wolfcrypt/src/logging.c | 89 ++++++++++++++++++++++++++++++++----- wolfssl/openssl/sha.h | 1 + wolfssl/wolfcrypt/logging.h | 22 +++++---- 5 files changed, 147 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index 336b3ba27..9c4879a28 100644 --- a/configure.ac +++ b/configure.ac @@ -2351,7 +2351,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" - AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DOPENSSL_ERR_ONE -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi diff --git a/src/ssl.c b/src/ssl.c index c32c9be6c..2f0db6cc9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10583,12 +10583,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) unsigned long wolfSSL_ERR_get_error(void) { - WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); + WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#if defined(OPENSSL_ERR_ONE) - unsigned long ret = wc_last_error; - wc_last_error = 0; - return ret; +#if defined(WOLFSSL_NGINX) + { + unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, + NULL, NULL); + wc_RemoveErrorNode(-1); + return ret; + } #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif @@ -12138,8 +12141,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(OPENSSL_ERR_ONE) - wc_last_error = 0; +#if defined(WOLFSSL_NGINX) + wc_ClearErrorNodes(); #endif } @@ -15019,8 +15022,8 @@ unsigned long wolfSSL_ERR_peek_error(void) { WOLFSSL_ENTER("wolfSSL_ERR_peek_error"); -#if defined(OPENSSL_ERR_ONE) - return wc_last_error; +#ifdef WOLFSSL_NGINX + return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); #else return 0; #endif @@ -21330,7 +21333,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } #ifdef WOLFSSL_NGINX if (l == 0) - wc_last_error = ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE); + WOLFSSL_ERROR(SSL_NO_PEM_HEADER); #endif pemSz = (int)i; } @@ -21608,6 +21611,10 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; } + #ifdef WOLFSSL_NGINX + if (ret == -SSL_NO_PEM_HEADER) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + #endif return (unsigned long)ret; } #else @@ -22032,7 +22039,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); } bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); - if (bio->mem != NULL) { + if (bio->mem == NULL) { return SSL_FAILURE; } bio->memLen = pemSz; @@ -22201,8 +22208,18 @@ unsigned long wolfSSL_ERR_peek_last_error(void) { WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); -#if defined(OPENSSL_ERR_ONE) - return wc_last_error; +#ifdef WOLFSSL_NGINX + { + int ret; + + if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) { + WOLFSSL_MSG("Issue peeking at error node in queue"); + return 0; + } + if (ret == -SSL_NO_PEM_HEADER) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + return (unsigned long)ret; + } #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif @@ -22943,7 +22960,7 @@ int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags) } #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_NGINX) +#ifdef WOLFSSL_NGINX void wolfSSL_OPENSSL_config(char *config_name) { WOLFSSL_STUB("wolfSSL_OPENSSL_config"); @@ -23210,14 +23227,28 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, *flags = 0; } -#if defined(OPENSSL_ERR_ONE) - if (line != NULL) { - *line = (int)wc_last_error_line; +#if defined(WOLFSSL_NGINX) + { + int ret = 0; + + while (1) { + if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) { + WOLFSSL_MSG("Issue peeking at error node in queue"); + return 0; + } + ret = -ret; + + if (ret == SSL_NO_PEM_HEADER) + return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + if (ret != WANT_READ && ret != WANT_WRITE && + ret != ZERO_RETURN && ret != SSL_ERROR_ZERO_RETURN) + break; + + wc_RemoveErrorNode(-1); + } + + return (unsigned long)ret; } - if (file != NULL) { - *file = (char*)wc_last_error_file; - } - return wc_last_error; #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 43c5a1aad..8aecf5f0b 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -50,6 +50,7 @@ static void* wc_error_heap; struct wc_error_queue { void* heap; /* the heap hint used with nodes creation */ struct wc_error_queue* next; + struct wc_error_queue* prev; char error[WOLFSSL_MAX_ERROR_SZ]; char file[WOLFSSL_MAX_ERROR_SZ]; int value; @@ -61,10 +62,11 @@ static struct wc_error_queue* wc_last_node; #endif -#ifdef DEBUG_WOLFSSL + +#if defined(DEBUG_WOLFSSL) /* Set these to default values initially. */ -static wolfSSL_Logging_cb log_function = 0; +static wolfSSL_Logging_cb log_function = NULL; static int loggingEnabled = 0; #endif /* DEBUG_WOLFSSL */ @@ -215,21 +217,25 @@ void WOLFSSL_LEAVE(const char* msg, int ret) wolfssl_log(LEAVE_LOG , buffer); } } - +#endif /* DEBUG_WOLFSSL */ /* * When using OPENSSL_EXTRA or DEBUG_WOLFSSL_VERBOSE macro then WOLFSSL_ERROR is * mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function * name where WOLFSSL_ERROR is called at. */ -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) + #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line, const char* file, void* usrCtx) -#else + #else void WOLFSSL_ERROR(int error) -#endif + #endif { - if (loggingEnabled) { + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_NGINX) + if (loggingEnabled) + #endif + { char buffer[80]; #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) (void)usrCtx; /* a user ctx for future flexibility */ @@ -254,11 +260,13 @@ void WOLFSSL_ERROR(int error) #else sprintf(buffer, "wolfSSL error occurred, error = %d", error); #endif + #ifdef DEBUG_WOLFSSL wolfssl_log(ERROR_LOG , buffer); + #endif } } -#endif /* DEBUG_WOLFSSL */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Internal function that is called by wolfCrypt_Init() */ @@ -305,7 +313,7 @@ int wc_LoggingCleanup(void) } -#ifdef DEBUG_WOLFSSL +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) /* peek at an error node * * index : if -1 then the most recent node is looked at, otherwise search @@ -424,13 +432,74 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file) } else { wc_last_node->next = err; + err->prev = wc_last_node; wc_last_node = err; } } return 0; } -#endif /* DEBUG_WOLFSSL */ + +/* Removes the error node at the specified index. + * index : if -1 then the most recent node is looked at, otherwise search + * through queue for node at the given index + */ +void wc_RemoveErrorNode(int index) +{ + struct wc_error_queue* current; + + if (wc_LockMutex(&debug_mutex) != 0) { + WOLFSSL_MSG("Lock debug mutex failed"); + return; + } + + if (index == -1) + current = wc_last_node; + else { + current = (struct wc_error_queue*)wc_errors; + for (; current != NULL && index > 0; index--) + current = current->next; + } + if (current != NULL) { + if (current->prev != NULL) + current->prev->next = current->next; + if (wc_last_node == current) + wc_last_node = current->prev; + if (wc_errors == current) + wc_errors = current->next; + XFREE(current, current->heap, DYNAMIC_TYPE_LOG); + } + + wc_UnLockMutex(&debug_mutex); +} + +/* Clears out the list of error nodes. + */ +void wc_ClearErrorNodes(void) +{ + if (wc_LockMutex(&debug_mutex) != 0) { + WOLFSSL_MSG("Lock debug mutex failed"); + return; + } + + /* free all nodes from error queue */ + { + struct wc_error_queue* current; + struct wc_error_queue* next; + + current = (struct wc_error_queue*)wc_errors; + while (current != NULL) { + next = current->next; + XFREE(current, current->heap, DYNAMIC_TYPE_LOG); + current = next; + } + } + + wc_errors = NULL; + wc_last_node = NULL; + wc_UnLockMutex(&debug_mutex); +} +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ int wc_SetLoggingHeap(void* h) diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 632862089..d9e168129 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -5,6 +5,7 @@ #define WOLFSSL_SHA_H_ #include +#include #ifdef WOLFSSL_PREFIX #include "prefix_sha.h" diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index c8f9a657a..811b89d6e 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -53,6 +53,8 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); char* file); WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file, const char **reason, int *line); + WOLFSSL_LOCAL void wc_RemoveErrorNode(int index); + WOLFSSL_LOCAL void wc_ClearErrorNodes(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); @@ -68,13 +70,6 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_STUB(m) \ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, - const char* file, void* ctx); - #define WOLFSSL_ERROR(x) WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__,NULL) -#else - void WOLFSSL_ERROR(int); -#endif void WOLFSSL_MSG(const char* msg); void WOLFSSL_BUFFER(byte* buffer, word32 length); @@ -84,12 +79,23 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_LEAVE(m, r) #define WOLFSSL_STUB(m) - #define WOLFSSL_ERROR(e) #define WOLFSSL_MSG(m) #define WOLFSSL_BUFFER(b, l) #endif /* DEBUG_WOLFSSL */ +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) + #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) + void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, + const char* file, void* ctx); + #define WOLFSSL_ERROR(x) WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__,NULL) + #else + void WOLFSSL_ERROR(int); + #endif +#else + #define WOLFSSL_ERROR(e) +#endif + #ifdef __cplusplus } #endif