wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4622 from douzzer/fix-wolfsentry-build

Browse Source 
wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr
This commit is contained in:
David Garske
2021-12-01 08:16:07 -08:00
committed by GitHub
parent d06ada2ccc 32db20143c
commit 5c172ca955
3 changed files with 51 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
tests/api.c
View File

@@ -50533,54 +50533,54 @@ static void test_wolfSSL_CRYPTO_get_ex_new_index(void)
printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()"); printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()");
/* test for unsupported flass index */ /* test for unsupported flass index */
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,
0,NULL, NULL, NULL, NULL ), -1); 0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1);
/* test for supported class index */ /* test for supported class index */
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1); AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1); AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2); AssertIntNE(idx1, idx2);
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1); AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1); AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2); AssertIntNE(idx1, idx2);
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL ); 0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1); AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1); AssertIntNE(idx2, -1);

2
wolfssl/ssl.h
View File

@@ -4373,7 +4373,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int); WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_EX_DATA)
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);

65
wolfssl/test.h
View File

@@ -1326,10 +1326,8 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
#endif #endif
struct wolfsentry_data { struct wolfsentry_data {
struct wolfsentry_sockaddr remote; WOLFSENTRY_SOCKADDR(128) remote;
byte remote_addrbuf[16]; WOLFSENTRY_SOCKADDR(128) local;
struct wolfsentry_sockaddr local;
byte local_addrbuf[16];
wolfsentry_route_flags_t flags; wolfsentry_route_flags_t flags;
void *heap; void *heap;
int alloctype; int alloctype;
@@ -1360,8 +1358,8 @@ static WC_INLINE int wolfsentry_store_endpoints(
wolfsentry_data->alloctype = DYNAMIC_TYPE_SOCKADDR; wolfsentry_data->alloctype = DYNAMIC_TYPE_SOCKADDR;
#ifdef TEST_IPV6 #ifdef TEST_IPV6
if ((sizeof wolfsentry_data->remote_addrbuf < sizeof remote->sin6_addr) || if ((sizeof wolfsentry_data->remote.addr < sizeof remote->sin6_addr) ||
(sizeof wolfsentry_data->local_addrbuf < sizeof local->sin6_addr)) (sizeof wolfsentry_data->local.addr < sizeof local->sin6_addr))
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin6_family; wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin6_family;
wolfsentry_data->remote.sa_port = ntohs(remote->sin6_port); wolfsentry_data->remote.sa_port = ntohs(remote->sin6_port);
@@ -1381,8 +1379,8 @@ static WC_INLINE int wolfsentry_store_endpoints(
XMEMCPY(wolfsentry_data->local.addr, &local->sin6_addr, sizeof local->sin6_addr); XMEMCPY(wolfsentry_data->local.addr, &local->sin6_addr, sizeof local->sin6_addr);
} }
#else #else
if ((sizeof wolfsentry_data->remote_addrbuf < sizeof remote->sin_addr) || if ((sizeof wolfsentry_data->remote.addr < sizeof remote->sin_addr) ||
(sizeof wolfsentry_data->local_addrbuf < sizeof local->sin_addr)) (sizeof wolfsentry_data->local.addr < sizeof local->sin_addr))
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin_family; wolfsentry_data->remote.sa_family = wolfsentry_data->local.sa_family = remote->sin_family;
wolfsentry_data->remote.sa_port = ntohs(remote->sin_port); wolfsentry_data->remote.sa_port = ntohs(remote->sin_port);
@@ -1435,8 +1433,8 @@ static int wolfSentry_NetworkFilterCallback(
ret = wolfsentry_route_event_dispatch( ret = wolfsentry_route_event_dispatch(
_wolfsentry, _wolfsentry,
&data->remote, (const struct wolfsentry_sockaddr *)&data->remote,
&data->local, (const struct wolfsentry_sockaddr *)&data->local,
data->flags, data->flags,
NULL /* event_label */, NULL /* event_label */,
0 /* event_label_len */, 0 /* event_label_len */,
@@ -1535,7 +1533,7 @@ static int wolfsentry_setup(
} }
fclose(f); fclose(f);
if ((ret = wolfsentry_config_json_fini(jps, err_buf, sizeof err_buf)) < 0) { if ((ret = wolfsentry_config_json_fini(&jps, err_buf, sizeof err_buf)) < 0) {
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf); fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
err_sys("error while loading wolfSentry config file"); err_sys("error while loading wolfSentry config file");
} }
@@ -1555,10 +1553,7 @@ static int wolfsentry_setup(
return ret; return ret;
if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) { if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) {
struct { WOLFSENTRY_SOCKADDR(128) remote, local;
struct wolfsentry_sockaddr sa;
byte buf[16];
} remote, local;
wolfsentry_ent_id_t id; wolfsentry_ent_id_t id;
wolfsentry_action_res_t action_results; wolfsentry_action_res_t action_results;
@@ -1576,17 +1571,19 @@ static int wolfsentry_setup(
XMEMSET(&remote, 0, sizeof remote); XMEMSET(&remote, 0, sizeof remote);
XMEMSET(&local, 0, sizeof local); XMEMSET(&local, 0, sizeof local);
#ifdef TEST_IPV6 #ifdef TEST_IPV6
remote.sa.sa_family = local.sa.sa_family = AF_INET6; remote.sa_family = local.sa_family = AF_INET6;
remote.sa.addr_len = 128; remote.addr_len = 128;
XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16); XMEMCPY(remote.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
#else #else
remote.sa.sa_family = local.sa.sa_family = AF_INET; remote.sa_family = local.sa_family = AF_INET;
remote.sa.addr_len = 32; remote.addr_len = 32;
XMEMCPY(remote.sa.addr, "\177\000\000\001", 4); XMEMCPY(remote.addr, "\177\000\000\001", 4);
#endif #endif
if ((ret = wolfsentry_route_insert_static if ((ret = wolfsentry_route_insert_static
(*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa, (*_wolfsentry, NULL /* caller_context */,
(const struct wolfsentry_sockaddr *)&remote,
(const struct wolfsentry_sockaddr *)&local,
route_flags | route_flags |
WOLFSENTRY_ROUTE_FLAG_GREENLISTED | WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD | WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
@@ -1604,10 +1601,7 @@ static int wolfsentry_setup(
return ret; return ret;
} }
} else if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) { } else if (WOLFSENTRY_MASKIN_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) {
struct { WOLFSENTRY_SOCKADDR(128) remote, local;
struct wolfsentry_sockaddr sa;
byte buf[16];
} remote, local;
wolfsentry_ent_id_t id; wolfsentry_ent_id_t id;
wolfsentry_action_res_t action_results; wolfsentry_action_res_t action_results;
@@ -1625,17 +1619,18 @@ static int wolfsentry_setup(
XMEMSET(&remote, 0, sizeof remote); XMEMSET(&remote, 0, sizeof remote);
XMEMSET(&local, 0, sizeof local); XMEMSET(&local, 0, sizeof local);
#ifdef TEST_IPV6 #ifdef TEST_IPV6
remote.sa.sa_family = local.sa.sa_family = AF_INET6; remote.sa_family = local.sa_family = AF_INET6;
remote.sa.addr_len = 128; remote.addr_len = 128;
XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16); XMEMCPY(remote.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
#else #else
remote.sa.sa_family = local.sa.sa_family = AF_INET; remote.sa_family = local.sa_family = AF_INET;
remote.sa.addr_len = 32; remote.addr_len = 32;
XMEMCPY(remote.sa.addr, "\177\000\000\001", 4); XMEMCPY(remote.addr, "\177\000\000\001", 4);
#endif #endif
if ((ret = wolfsentry_route_insert_static if ((ret = wolfsentry_route_insert_static
(*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa, (*_wolfsentry, NULL /* caller_context */,
(const struct wolfsentry_sockaddr *)&remote, (const struct wolfsentry_sockaddr *)&local,
route_flags | route_flags |
WOLFSENTRY_ROUTE_FLAG_GREENLISTED | WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD | WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
@@ -1696,8 +1691,8 @@ static WC_INLINE int tcp_connect_with_wolfSentry(
ret = wolfsentry_route_event_dispatch( ret = wolfsentry_route_event_dispatch(
_wolfsentry, _wolfsentry,
&wolfsentry_data->remote, (const struct wolfsentry_sockaddr *)&wolfsentry_data->remote,
&wolfsentry_data->local, (const struct wolfsentry_sockaddr *)&wolfsentry_data->local,
wolfsentry_data->flags, wolfsentry_data->flags,
NULL /* event_label */, NULL /* event_label */,
0 /* event_label_len */, 0 /* event_label_len */,