From e6c369e026b70ece2a5d47d07c0202ed285a3185 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 9 Mar 2015 09:34:38 -0700 Subject: [PATCH] use memset on Init SSL for 0,NULL defaults --- src/internal.c | 191 +++---------------------------------------------- 1 file changed, 11 insertions(+), 180 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4e446c2ae..a28e228f1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1451,55 +1451,20 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) (void) haveAnon; + XMEMSET(ssl, 0, sizeof(WOLFSSL)); + ssl->ctx = ctx; /* only for passing to calls, options could change */ ssl->version = ctx->method->version; - ssl->suites = NULL; -#ifdef HAVE_LIBZ - ssl->didStreamInit = 0; -#endif #ifndef NO_RSA haveRSA = 1; #endif -#ifndef NO_CERTS - ssl->buffers.certificate.buffer = 0; - ssl->buffers.key.buffer = 0; - ssl->buffers.certChain.buffer = 0; -#endif - ssl->buffers.inputBuffer.length = 0; - ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; - ssl->buffers.inputBuffer.dynamicFlag = 0; - ssl->buffers.inputBuffer.offset = 0; - ssl->buffers.outputBuffer.length = 0; - ssl->buffers.outputBuffer.idx = 0; + ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; - ssl->buffers.outputBuffer.dynamicFlag = 0; - ssl->buffers.outputBuffer.offset = 0; - ssl->buffers.domainName.buffer = 0; -#ifndef NO_CERTS - ssl->buffers.serverDH_P.buffer = 0; - ssl->buffers.serverDH_G.buffer = 0; - ssl->buffers.serverDH_Pub.buffer = 0; - ssl->buffers.serverDH_Priv.buffer = 0; -#endif - ssl->buffers.clearOutputBuffer.buffer = 0; - ssl->buffers.clearOutputBuffer.length = 0; - ssl->buffers.prevSent = 0; - ssl->buffers.plainSz = 0; -#ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - ssl->buffers.peerEccDsaKey.buffer = 0; - ssl->buffers.peerEccDsaKey.length = 0; - #endif /* HAVE_ECC */ - #ifndef NO_RSA - ssl->buffers.peerRsaKey.buffer = 0; - ssl->buffers.peerRsaKey.length = 0; - #endif /* NO_RSA */ -#endif /* HAVE_PK_CALLBACKS */ #ifdef KEEP_PEER_CERT InitX509(&ssl->peerCert, 0); @@ -1508,77 +1473,42 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #ifdef HAVE_ECC ssl->eccTempKeySz = ctx->eccTempKeySz; ssl->pkCurveOID = ctx->pkCurveOID; - ssl->peerEccKeyPresent = 0; - ssl->peerEccDsaKeyPresent = 0; - ssl->eccTempKeyPresent = 0; - ssl->peerEccKey = NULL; - ssl->peerEccDsaKey = NULL; - ssl->eccTempKey = NULL; #endif ssl->timeout = ctx->timeout; ssl->rfd = -1; /* set to invalid descriptor */ ssl->wfd = -1; - ssl->rflags = 0; /* no user flags yet */ - ssl->wflags = 0; /* no user flags yet */ -#ifdef OPENSSL_EXTRA - ssl->biord = 0; - ssl->biowr = 0; -#endif ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ + #ifdef HAVE_NETX - ssl->nxCtx.nxSocket = NULL; - ssl->nxCtx.nxPacket = NULL; - ssl->nxCtx.nxOffset = 0; - ssl->nxCtx.nxWait = 0; ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */ ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */ #endif #ifdef WOLFSSL_DTLS - ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */ ssl->dtls_expected_rx = MAX_MTU; - ssl->keys.dtls_state.window = 0; - ssl->keys.dtls_state.nextEpoch = 0; - ssl->keys.dtls_state.nextSeq = 0; #endif - XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); - -#ifndef NO_RSA - ssl->peerRsaKey = NULL; - ssl->peerRsaKeyPresent = 0; -#endif ssl->verifyCallback = ctx->verifyCallback; - ssl->verifyCbCtx = NULL; ssl->options.side = ctx->method->side; ssl->options.downgrade = ctx->method->downgrade; ssl->options.minDowngrade = TLSv1_MINOR; /* current default */ - ssl->error = 0; - ssl->options.connReset = 0; - ssl->options.isClosed = 0; - ssl->options.closeNotify = 0; - ssl->options.sentNotify = 0; - ssl->options.usingCompression = 0; + if (ssl->options.side == WOLFSSL_SERVER_END) ssl->options.haveDH = ctx->haveDH; - else - ssl->options.haveDH = 0; + ssl->options.haveNTRU = ctx->haveNTRU; ssl->options.haveECDSAsig = ctx->haveECDSAsig; ssl->options.haveStaticECC = ctx->haveStaticECC; - ssl->options.havePeerCert = 0; - ssl->options.havePeerVerify = 0; - ssl->options.usingPSK_cipher = 0; - ssl->options.usingAnon_cipher = 0; - ssl->options.sendAlertState = 0; + #ifndef NO_PSK havePSK = ctx->havePSK; ssl->options.havePSK = ctx->havePSK; ssl->options.client_psk_cb = ctx->client_psk_cb; ssl->options.server_psk_cb = ctx->server_psk_cb; #endif /* NO_PSK */ + #ifdef HAVE_ANON haveAnon = ctx->haveAnon; ssl->options.haveAnon = ctx->haveAnon; @@ -1589,28 +1519,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.connectState = CONNECT_BEGIN; ssl->options.acceptState = ACCEPT_BEGIN; ssl->options.handShakeState = NULL_STATE; - ssl->options.handShakeDone = 0; ssl->options.processReply = doProcessInit; #ifdef WOLFSSL_DTLS - ssl->keys.dtls_sequence_number = 0; - ssl->keys.dtls_state.curSeq = 0; - ssl->keys.dtls_state.nextSeq = 0; - ssl->keys.dtls_handshake_number = 0; - ssl->keys.dtls_expected_peer_handshake_number = 0; - ssl->keys.dtls_epoch = 0; - ssl->keys.dtls_state.curEpoch = 0; - ssl->keys.dtls_state.nextEpoch = 0; ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; ssl->dtls_timeout = ssl->dtls_timeout_init; - ssl->dtls_pool = NULL; - ssl->dtls_msg_list = NULL; #endif - ssl->keys.encryptSz = 0; - ssl->keys.padSz = 0; - ssl->keys.encryptionOn = 0; /* initially off */ - ssl->keys.decryptedCur = 0; /* initially off */ + ssl->options.sessionCacheOff = ctx->sessionCacheOff; ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; @@ -1619,26 +1535,18 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.failNoCert = ctx->failNoCert; ssl->options.sendVerify = ctx->sendVerify; - ssl->options.resuming = 0; - ssl->options.haveSessionId = 0; #ifndef NO_OLD_TLS ssl->hmac = SSL_hmac; /* default to SSLv3 */ #else ssl->hmac = TLS_hmac; #endif + ssl->heap = ctx->heap; /* defaults to self */ - ssl->options.tls = 0; - ssl->options.tls1_1 = 0; + ssl->options.dtls = ssl->version.major == DTLS_MAJOR; ssl->options.partialWrite = ctx->partialWrite; ssl->options.quietShutdown = ctx->quietShutdown; - ssl->options.certOnly = 0; ssl->options.groupMessages = ctx->groupMessages; - ssl->options.usingNonblock = 0; - ssl->options.saveArrays = 0; -#ifdef HAVE_POLY1305 - ssl->options.oldPoly = 0; -#endif #ifndef NO_CERTS /* ctx still owns certificate, certChain, key, dh, and cm */ @@ -1650,72 +1558,22 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.serverDH_G = ctx->serverDH_G; } #endif - ssl->buffers.weOwnCert = 0; - ssl->buffers.weOwnCertChain = 0; - ssl->buffers.weOwnKey = 0; - ssl->buffers.weOwnDH = 0; #ifdef WOLFSSL_DTLS ssl->buffers.dtlsCtx.fd = -1; - ssl->buffers.dtlsCtx.peer.sa = NULL; - ssl->buffers.dtlsCtx.peer.sz = 0; -#endif - -#ifdef KEEP_PEER_CERT - ssl->peerCert.issuer.sz = 0; - ssl->peerCert.subject.sz = 0; -#endif - -#ifdef SESSION_CERTS - ssl->session.chain.count = 0; -#endif - -#ifndef NO_CLIENT_CACHE - ssl->session.idLen = 0; -#endif - -#ifdef HAVE_SESSION_TICKET - ssl->session.ticketLen = 0; #endif ssl->cipher.ssl = ssl; -#ifdef FORTRESS - ssl->ex_data[0] = 0; - ssl->ex_data[1] = 0; - ssl->ex_data[2] = 0; -#endif - -#ifdef WOLFSSL_CALLBACKS - ssl->hsInfoOn = 0; - ssl->toInfoOn = 0; -#endif - #ifdef HAVE_CAVIUM ssl->devId = ctx->devId; #endif #ifdef HAVE_TLS_EXTENSIONS - ssl->extensions = NULL; #ifdef HAVE_MAX_FRAGMENT ssl->max_fragment = MAX_RECORD_SIZE; #endif -#ifdef HAVE_TRUNCATED_HMAC - ssl->truncated_hmac = 0; #endif -#ifdef HAVE_SECURE_RENEGOTIATION - ssl->secure_renegotiation = NULL; -#endif -#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) - ssl->session_ticket_cb = NULL; - ssl->session_ticket_ctx = NULL; - ssl->expect_session_ticket = 0; -#endif -#endif - - ssl->rng = NULL; - ssl->arrays = NULL; - ssl->hsHashes = NULL; /* default alert state (none) */ ssl->alert_history.last_rx.code = -1; @@ -1725,26 +1583,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) InitCiphers(ssl); InitCipherSpecs(&ssl->specs); -#ifdef ATOMIC_USER - ssl->MacEncryptCtx = NULL; - ssl->DecryptVerifyCtx = NULL; -#endif -#ifdef HAVE_FUZZER - ssl->fuzzerCb = NULL; - ssl->fuzzerCtx = NULL; -#endif -#ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - ssl->EccSignCtx = NULL; - ssl->EccVerifyCtx = NULL; - #endif /* HAVE_ECC */ - #ifndef NO_RSA - ssl->RsaSignCtx = NULL; - ssl->RsaVerifyCtx = NULL; - ssl->RsaEncCtx = NULL; - ssl->RsaDecCtx = NULL; - #endif /* NO_RSA */ -#endif /* HAVE_PK_CALLBACKS */ /* all done with init, now can return errors, call other stuff */ @@ -1798,19 +1636,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) XMEMSET(ssl->arrays, 0, sizeof(Arrays)); #ifndef NO_PSK - ssl->arrays->client_identity[0] = 0; if (ctx->server_hint[0]) { /* set in CTX */ XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN); ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; } - else - ssl->arrays->server_hint[0] = 0; #endif /* NO_PSK */ -#ifdef WOLFSSL_DTLS - ssl->arrays->cookieSz = 0; -#endif - /* RNG */ ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); if (ssl->rng == NULL) {