reorganize InitSSL. Rename forcekeep->cacheOnly. Free instead of decrement

This commit is contained in:
Nickolas Lapp
2015-08-13 15:32:22 -06:00
parent 122b94ea6e
commit 0b72b28b13
2 changed files with 34 additions and 35 deletions

View File

@ -1587,13 +1587,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
/* decrement previous CTX reference count if exists.
* This should only happen if switching ctxs!*/
if (!newSSL) {
if(LockMutex(&ssl->ctx->countMutex) != 0) {
WOLFSSL_MSG("Couldn't lock on previous CTX count mutex");
return BAD_MUTEX_E;
}
WOLFSSL_MSG("Decrementing previous ctx reference count. Switching ctx.");
ssl->ctx->refCount--;
UnLockMutex(&ssl->ctx->countMutex);
WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL_CTX_free(ssl->ctx);
}
/* increment CTX reference count */
@ -1713,27 +1708,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
XMEMSET(ssl, 0, sizeof(WOLFSSL));
/* arrays */
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
DYNAMIC_TYPE_ARRAYS);
if (ssl->arrays == NULL) {
WOLFSSL_MSG("Arrays Memory error");
return MEMORY_E;
}
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
/* suites */
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
DYNAMIC_TYPE_SUITES);
if (ssl->suites == NULL) {
WOLFSSL_MSG("Suites Memory error");
return MEMORY_E;
}
/* Initialize SSL with the appropriate fields from it's ctx */
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
return ret;
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
@ -1777,7 +1751,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->hmac = TLS_hmac;
#endif
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
#ifdef WOLFSSL_DTLS
ssl->buffers.dtlsCtx.fd = -1;
@ -1802,6 +1775,29 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
/* all done with init, now can return errors, call other stuff */
/* arrays */
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
DYNAMIC_TYPE_ARRAYS);
if (ssl->arrays == NULL) {
WOLFSSL_MSG("Arrays Memory error");
return MEMORY_E;
}
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
/* suites */
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
DYNAMIC_TYPE_SUITES);
if (ssl->suites == NULL) {
WOLFSSL_MSG("Suites Memory error");
return MEMORY_E;
}
/* Initialize SSL with the appropriate fields from it's ctx */
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
return ret;
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
/* hsHashes */
ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
DYNAMIC_TYPE_HASHES);

View File

@ -1003,7 +1003,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
#ifndef NO_WOLFSSL_SERVER
word16 size = 0;
word16 offset = 0;
int forceKeep = 0;
int cacheOnly = 0;
#endif
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
@ -1015,7 +1015,10 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (!extension || !extension->data) {
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
forceKeep = 1;
/* This will keep SNI even though TLSX_UseSNI has not been called.
* Enable it so that the received sni is available to functions
* that use a custom callback when SNI is received */
cacheOnly = 1;
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
#else
return isRequest ? 0 /* not using SNI. */
@ -1052,13 +1055,13 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (offset + size > length)
return BUFFER_ERROR;
if (!forceKeep && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
continue; /* not using this type of SNI. */
switch(type) {
case WOLFSSL_SNI_HOST_NAME: {
int matchStat;
byte matched = forceKeep ||
byte matched = cacheOnly ||
((XSTRLEN(sni->data.host_name) == size)
&& (XSTRNCMP(sni->data.host_name,
(const char*)input + offset, size) == 0));
@ -1070,7 +1073,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (r != SSL_SUCCESS)
return r; /* throws error. */
if(forceKeep) {
if(cacheOnly) {
WOLFSSL_MSG("Forcing storage of SNI, Fake match");
matchStat = WOLFSSL_SNI_FORCE_KEEP;
} else if(matched) {
@ -1083,7 +1086,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
if(!forceKeep)
if(!cacheOnly)
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {