From 0a928ead3f5282a9fb71139d74b26f40a2d9be93 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 22 Jun 2024 02:19:35 -0500 Subject: [PATCH] address peer review around WOLFSSL_HAVE_BIO_ADDR: refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate; add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM; refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer; add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations; enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL. --- src/bio.c | 159 +++++++++++++++++++++++++++++++----------- src/internal.c | 3 - src/ssl.c | 30 ++++---- src/ssl_load.c | 23 ++++++ src/x509.c | 2 +- tests/api.c | 71 +++++++------------ wolfssl/internal.h | 20 +++--- wolfssl/openssl/ssl.h | 15 +--- wolfssl/ssl.h | 24 +++++-- wolfssl/wolfio.h | 3 - 10 files changed, 213 insertions(+), 137 deletions(-) diff --git a/src/bio.c b/src/bio.c index 85d7b1fd8..200e5fa8f 100644 --- a/src/bio.c +++ b/src/bio.c @@ -145,7 +145,6 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); bio->rdIdx += sz; - bio->bytes_read += (word32)sz; if (bio->rdIdx >= bio->wrSz) { if (bio->flags & BIO_FLAGS_MEM_RDONLY) { @@ -291,6 +290,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -303,6 +305,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); @@ -346,7 +351,17 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + if (ret < 0) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif + } #else ret = NOT_COMPILED_IN; #endif @@ -357,17 +372,21 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; if (bio->connected) ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); else { - if (bio->peer_addr == NULL) - bio->peer_addr = wolfSSL_BIO_ADDR_new(); - else - wolfSSL_BIO_ADDR_clear(bio->peer_addr); - if (bio->peer_addr == NULL) - ret = wolfIO_RecvFrom(bio->num, bio->peer_addr, (char*)buf, len, 0); - else - ret = MEMORY_E; + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num, &bio->peer_addr, (char*)buf, len, 0); + } + if ((ret < 0) && (ret != WC_NO_ERR_TRACE(MEMORY_E))) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif } #else ret = NOT_COMPILED_IN; @@ -378,6 +397,12 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -605,7 +630,6 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, bio->num = (int)bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; - bio->bytes_written += (word32)len; return len; } @@ -673,6 +697,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -698,6 +725,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); @@ -751,7 +781,15 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Send(bio->num, (char*)data, len, 0); +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif #else ret = NOT_COMPILED_IN; #endif @@ -762,12 +800,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; if (bio->connected) ret = wolfIO_Send(bio->num, (char*)data, len, 0); - else if (bio->peer_addr != NULL) - ret = wolfIO_SendTo(bio->num, bio->peer_addr, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; else - ret = SOCKET_NOT_CONNECTED_E; + ret = wolfIO_SendTo(bio->num, &bio->peer_addr, (char*)data, len, 0); + if (ret < 0) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif + } #else ret = NOT_COMPILED_IN; #endif @@ -777,6 +825,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -841,22 +894,38 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) #ifdef WOLFSSL_HAVE_BIO_ADDR case BIO_CTRL_DGRAM_CONNECT: case BIO_CTRL_DGRAM_SET_PEER: - if (bio->peer_addr) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); ret = WOLFSSL_SUCCESS; break; + } case BIO_CTRL_DGRAM_SET_CONNECTED: - bio->connected = (parg != NULL); - if (bio->peer_addr) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + if (parg == NULL) + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + } ret = WOLFSSL_SUCCESS; break; case BIO_CTRL_DGRAM_QUERY_MTU: - return 0; /* not implemented */ + ret = 0; /* not implemented */ break; #endif /* WOLFSSL_HAVE_BIO_ADDR */ @@ -897,7 +966,8 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) #ifdef WOLFSSL_HAVE_BIO_ADDR WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { - WOLFSSL_BIO_ADDR *addr = XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); if (addr) addr->sa.sa_family = AF_UNSPEC; return addr; @@ -929,7 +999,10 @@ socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { return sizeof(addr->sa_un); #endif default: - return sizeof(*addr); + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; } } #endif /* WOLFSSL_HAVE_BIO_ADDR */ @@ -1494,7 +1567,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1573,7 +1648,9 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) } *buf = (char*)bio->ptr + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1585,33 +1662,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } -#ifdef WORD64_AVAILABLE -word64 -#else -word32 -#endif -wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) { + word64 ret = 0; if (bio == NULL) { WOLFSSL_MSG("NULL argument passed in"); return 0; } - return bio->bytes_read; + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; } -#ifdef WORD64_AVAILABLE -word64 -#else -word32 -#endif -wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) { + word64 ret = 0; if (bio == NULL) { WOLFSSL_MSG("NULL argument passed in"); return 0; } - return bio->bytes_written; + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; } +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -2897,10 +2978,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) CloseSocket(bio->num); #endif - #ifdef WOLFSSL_HAVE_BIO_ADDR - if (bio->peer_addr != NULL) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - #endif } #ifndef NO_FILESYSTEM diff --git a/src/internal.c b/src/internal.c index 31a0f011d..d6cce09d5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25639,9 +25639,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case DUPLICATE_TLS_EXT_E: return "Duplicate TLS extension in message."; - case SOCKET_NOT_CONNECTED_E: - return "Socket has no associated peer."; - default : return "unknown error number"; } diff --git a/src/ssl.c b/src/ssl.c index 34d8d6913..b7a9f3c8c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1954,6 +1954,15 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { + if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) + return SSL_SUCCESS; + else + return SSL_FAILURE; +} +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ + #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ #ifdef WOLFSSL_SRTP @@ -7340,6 +7349,8 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) { + if (x509_PubKey == NULL) + return WOLFSSL_FATAL_ERROR; return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); } @@ -10954,7 +10965,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA #ifndef NO_BIO - static void wolfSSL_set_bio_1(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) + static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) { WOLFSSL_ENTER("wolfSSL_set_bio"); @@ -11017,17 +11028,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) { - wolfSSL_set_bio_1(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); + ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); } void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd) { - wolfSSL_set_bio_1(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); + ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); } void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr) { - wolfSSL_set_bio_1(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); + ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); } #endif /* !NO_BIO */ @@ -14982,12 +14993,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) return 0; } -const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) -{ - (void)comp; - return NULL; -} - const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) { (void)ssl; return NULL; @@ -14998,10 +15003,7 @@ const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) { return NULL; } -#endif /* NO_WOLFSSL_STUB */ - -#ifndef NO_WOLFSSL_STUB -const char* wolfSSL_COMP_get_name(const void* comp) +const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) { static const char ret[] = "not supported"; diff --git a/src/ssl_load.c b/src/ssl_load.c index 562ab81bb..269002c1f 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2871,6 +2871,29 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, WOLFSSL_ABI int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) +{ + /* Load using default flags/options. */ + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + + /* Return 1 on success or 0 on failure. */ + return WS_RETURN_CODE(ret, 0); +} + +/* Load a file and/or files in path, with OpenSSL-compatible semantics. + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_API +int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file, + const char* path) { /* We want to keep trying to load more CA certs even if one cert in the * directory is bad and can't be used (e.g. if one is expired), and we diff --git a/src/x509.c b/src/x509.c index 6c7ba863c..f03e7cfb8 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8798,7 +8798,7 @@ const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *na const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; while (param < param_end) { - if (! XSTRCMP(name, param->name)) + if (XSTRCMP(name, param->name) == 0) return param; ++param; } diff --git a/tests/api.c b/tests/api.c index 51b8f99f3..af15b89a3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56973,7 +56973,7 @@ static int test_wolfSSL_BIO_datagram(void) EXPECT_DECLS; #if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) int ret; - SOCKET_T fd1 = 0, fd2 = 0; /* SOCKET_T is unsigned on Windows */ + SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID; WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL; SOCKADDR_IN sin1, sin2; @@ -56991,12 +56991,12 @@ static int test_wolfSSL_BIO_datagram(void) #endif if (EXPECT_SUCCESS()) { - fd1 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGT(fd1, 0); + fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd1, SOCKET_INVALID); } if (EXPECT_SUCCESS()) { - fd2 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGT(fd2, 0); + fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd2, SOCKET_INVALID); } if (EXPECT_SUCCESS()) { @@ -57029,16 +57029,21 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); } + if (EXPECT_SUCCESS()) { + bio_addr1 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + if (EXPECT_SUCCESS()) { bio_addr2 = wolfSSL_BIO_ADDR_new(); ExpectNotNull(bio_addr2); } if (EXPECT_SUCCESS()) { + /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */ XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } test_msg_recvd[0] = 0; @@ -57046,6 +57051,11 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg)); +#endif + /* bio2 should now have bio1's addr stored as its peer_addr, because the * BIOs aren't "connected" yet. use it to send a reply. */ @@ -57056,47 +57066,26 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); - -#ifdef USE_WINDOWS_API - ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); -#else - ExpectIntEQ(errno, EAGAIN); -#endif + ExpectIntNE(BIO_should_retry(bio1), 0); ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); -#ifdef USE_WINDOWS_API - ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); -#else - ExpectIntEQ(errno, EAGAIN); -#endif + ExpectIntNE(BIO_should_retry(bio2), 0); /* now "connect" the sockets. */ - if (EXPECT_SUCCESS()) { - bio_addr1 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr1); - } - - if (EXPECT_SUCCESS()) { - bio_addr2 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr2); - } - ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr1 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr1); } test_msg_recvd[0] = 0; @@ -57120,23 +57109,17 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) { - bio_addr2 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr2); - } - if (EXPECT_SUCCESS()) { sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } test_msg_recvd[0] = 0; errno = 0; ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1); - ExpectIntEQ(errno, EINVAL); + ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH)); #endif /* __linux__ */ @@ -57144,12 +57127,12 @@ static int test_wolfSSL_BIO_datagram(void) if (bio1) { ret = wolfSSL_BIO_free(bio1); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } else if (fd1 > 0) + } else if (fd1 != SOCKET_INVALID) CloseSocket(fd1); if (bio2) { ret = wolfSSL_BIO_free(bio2); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } else if (fd2 > 0) + } else if (fd2 != SOCKET_INVALID) CloseSocket(fd2); if (bio_addr1) wolfSSL_BIO_ADDR_free(bio_addr1); @@ -73724,13 +73707,13 @@ static int test_stubs_are_stubs(void) /* when implemented this should take WOLFSSL object insted, right now * always returns 0 */ - ExpectIntEQ(SSL_get_current_expansion(NULL), 0); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); wolfSSL_CTX_free(ctx); ctx = NULL; ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported"); - ExpectIntEQ(SSL_get_current_expansion(), 0); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT || * !NO_WOLFSSL_SERVER) */ return EXPECT_RESULT(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8424956dc..5a5db113f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2771,19 +2771,17 @@ struct WOLFSSL_BIO { * struct WOLFSSL_DTLS_CTX, when set, sendto and * recvfrom leave the peer_addr unchanged. */ #ifdef WOLFSSL_HAVE_BIO_ADDR - union WOLFSSL_BIO_ADDR *peer_addr; /* for datagram BIOs, the socket address stored - * with BIO_CTRL_DGRAM_CONNECT, - * BIO_CTRL_DGRAM_SET_CONNECTED, or - * BIO_CTRL_DGRAM_SET_PEER, or stored when a - * packet was received on an unconnected BIO. */ + union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored + * with BIO_CTRL_DGRAM_CONNECT, + * BIO_CTRL_DGRAM_SET_CONNECTED, or + * BIO_CTRL_DGRAM_SET_PEER, or stored when a + * packet was received on an unconnected BIO. */ #endif -#ifdef WORD64_AVAILABLE - word64 bytes_read; - word64 bytes_written; -#else - word32 bytes_read; - word32 bytes_written; +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) + #define WOLFSSL_BIO_HAVE_FLOW_STATS + word64 bytes_read; + word64 bytes_written; #endif #ifdef HAVE_EX_DATA diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ecec0735a..4c11280dd 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -268,13 +268,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #ifndef NO_FILESYSTEM #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file -#ifdef WOLFSSL_APACHE_HTTPD - #define SSL_CTX_load_verify_locations(ctx,file,path) \ - wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\ - WOLFSSL_LOAD_FLAG_IGNORE_ERR) -#else - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations -#endif + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations_compat #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -851,10 +845,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_get_current_compression wolfSSL_get_current_compression #define SSL_get_current_expansion wolfSSL_get_current_expansion -#define SSL_get_current_compression(ssl) 0 -#define SSL_get_current_expansion(ssl) 0 -#define SSL_COMP_get_name wolfSSL_COMP_get_name - #define SSL_get_ex_new_index wolfSSL_get_ex_new_index #define RSA_get_ex_new_index wolfSSL_get_ex_new_index @@ -1164,8 +1154,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft)) #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration - -#define SSL_set_mtu(ssl, mtu) ((wolfSSL_dtls_set_mtu(ssl, mtu) == 0) ? SSL_SUCCESS : SSL_FAILURE) +#define SSL_set_mtu wolfSSL_set_mtu_compat /* DTLS SRTP */ #ifdef WOLFSSL_SRTP diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d3f3a0165..89c145049 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -67,6 +67,15 @@ #undef OCSP_RESPONSE #endif +#ifdef OPENSSL_ALL + #ifndef WOLFSSL_HAVE_BIO_ADDR + #define WOLFSSL_HAVE_BIO_ADDR + #endif + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU) + #define WOLFSSL_DTLS_MTU + #endif +#endif + #ifdef OPENSSL_COEXIST /* mode to allow wolfSSL and OpenSSL to exist together */ #ifdef TEST_OPENSSL_COEXIST @@ -1074,6 +1083,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_CTX* ctx, const char* file, const char* path); +WOLFSSL_API WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( + WOLFSSL_CTX* ctx, const char* file, const char* path); #ifndef _WIN32 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); #endif /* !_WIN32 */ @@ -1459,8 +1470,11 @@ WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); #endif #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ defined(WOLFSSL_DTLS) -WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); -WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu); +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu); +#endif #endif #ifdef WOLFSSL_SRTP @@ -1824,12 +1838,9 @@ WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); -#ifdef WORD64_AVAILABLE +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); -#else -WOLFSSL_API word32 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); -WOLFSSL_API word32 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); #endif WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); @@ -5218,7 +5229,6 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -WOLFSSL_API const char* wolfSSL_COMP_get_name(const void* comp); WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 28259e622..712942b02 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -473,9 +473,6 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); #error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible. #endif -#ifndef WOLFSSL_NO_BIO_ADDR_UN -#endif - union WOLFSSL_BIO_ADDR { SOCKADDR sa; SOCKADDR_IN sa_in;