wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP

Browse Source 
- Enable ssl->async to store function arguments for non-blocking OCSP
- Remove ssl->nonblockarg
This commit is contained in:
Juliusz Sosinowicz
2022-05-17 19:08:03 +02:00
parent c151dcec50
commit 733fe1a8d3
4 changed files with 19 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/internal.c
View File

@ -11983,11 +11983,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
word32 totalSz) word32 totalSz)
{ {
int ret = 0; int ret = 0;
#ifdef WOLFSSL_ASYNC_CRYPT #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args;
WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args);
#elif defined(WOLFSSL_NONBLOCK_OCSP)
ProcPeerCertArgs* args = ssl->nonblockarg;
#elif defined(WOLFSSL_SMALL_STACK) #elif defined(WOLFSSL_SMALL_STACK)
ProcPeerCertArgs* args = NULL; ProcPeerCertArgs* args = NULL;
#else #else
@ -11998,6 +11996,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_ENTER("ProcessPeerCerts"); WOLFSSL_ENTER("ProcessPeerCerts");
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
if (ret != WC_NOT_PENDING_E) { if (ret != WC_NOT_PENDING_E) {
@ -12006,15 +12005,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
goto exit_ppc; goto exit_ppc;
} }
else else
#elif defined(WOLFSSL_NONBLOCK_OCSP) #endif
if (args == NULL) { #ifdef WOLFSSL_NONBLOCK_OCSP
args = (ProcPeerCertArgs*)XMALLOC( if (ssl->error == OCSP_WANT_READ) {
sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); /* Re-entry after non-blocking OCSP */
if (args == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
} }
if (ssl->nonblockarg == NULL) /* new args */ else
#endif
#elif defined(WOLFSSL_SMALL_STACK) #elif defined(WOLFSSL_SMALL_STACK)
args = (ProcPeerCertArgs*)XMALLOC( args = (ProcPeerCertArgs*)XMALLOC(
sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -12029,10 +12026,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
XMEMSET(args, 0, sizeof(ProcPeerCertArgs)); XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
args->idx = *inOutIdx; args->idx = *inOutIdx;
args->begin = *inOutIdx; args->begin = *inOutIdx;
#ifdef WOLFSSL_ASYNC_CRYPT #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
ssl->async.freeArgs = FreeProcPeerCertArgs; ssl->async.freeArgs = FreeProcPeerCertArgs;
#elif defined(WOLFSSL_NONBLOCK_OCSP)
ssl->nonblockarg = args;
#endif #endif
} }
@ -13360,9 +13355,6 @@ exit_ppc:
#endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP || WOLFSSL_SMALL_STACK */ #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP || WOLFSSL_SMALL_STACK */
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
#elif defined(WOLFSSL_NONBLOCK_OCSP)
XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->nonblockarg = NULL;
#elif defined(WOLFSSL_SMALL_STACK) #elif defined(WOLFSSL_SMALL_STACK)
XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@ -27776,7 +27768,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* handle generation of server_key_exchange (12) */ /* handle generation of server_key_exchange (12) */
int SendServerKeyExchange(WOLFSSL* ssl) int SendServerKeyExchange(WOLFSSL* ssl)
{ {
int ret; int ret = 0;
#ifdef WOLFSSL_ASYNC_IO #ifdef WOLFSSL_ASYNC_IO
SskeArgs* args = (SskeArgs*)ssl->async.args; SskeArgs* args = (SskeArgs*)ssl->async.args;
WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args);

2
src/tls13.c
View File

@ -8467,7 +8467,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* NO_WOLFSSL_SERVER */ #endif /* NO_WOLFSSL_SERVER */
} }
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
/* if async, offset index so this msg will be processed again */ /* if async, offset index so this msg will be processed again */
if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) { if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
*inOutIdx -= HANDSHAKE_HEADER_SZ; *inOutIdx -= HANDSHAKE_HEADER_SZ;

4
wolfssl/internal.h
View File

@ -1746,7 +1746,7 @@ WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
#endif #endif
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
@ -4301,8 +4301,6 @@ struct WOLFSSL {
/* Message building context should be stored here for functions that expect /* Message building context should be stored here for functions that expect
* to encounter encryption blocking or fragment the message. */ * to encounter encryption blocking or fragment the message. */
struct WOLFSSL_ASYNC async; struct WOLFSSL_ASYNC async;
#elif defined(WOLFSSL_NONBLOCK_OCSP)
void* nonblockarg; /* dynamic arg for handling non-block resume */
#endif #endif
void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
word32 hsType; /* Type of Handshake key (hsKey) */ word32 hsType; /* Type of Handshake key (hsKey) */

8
wolfssl/wolfcrypt/settings.h
View File

@ -2707,7 +2707,13 @@ extern void uITRON4_free(void *p) ;
#define NO_RC4 #define NO_RC4
#endif #endif
#if !defined(WOLFSSL_NO_ASYNC_IO) || defined(WOLFSSL_ASYNC_CRYPT) #if !defined(WOLFSSL_NO_ASYNC_IO) || defined(WOLFSSL_ASYNC_CRYPT) || \
defined(WOLFSSL_NONBLOCK_OCSP)
/* Enable asynchronous support in TLS functions to support one or more of
* the following:
* - re-entry after a network blocking return
* - re-entry after OCSP blocking return
* - asynchronous cryptography */
#undef WOLFSSL_ASYNC_IO #undef WOLFSSL_ASYNC_IO
#define WOLFSSL_ASYNC_IO #define WOLFSSL_ASYNC_IO
#endif #endif