From ecfd1174bbe9d65005da74d2fdcbac15d94d4ca6 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 7 Apr 2026 14:10:25 -0600 Subject: [PATCH] refactor sanity pointer set of session and clean up macro guards --- src/ssl_sess.c | 85 ++++++++++++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 45 deletions(-) diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 1f9e75132d..d28d28976c 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -483,16 +483,42 @@ int wolfSSL_memsave_session_cache(void* mem, int sz) } +#if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) +static void SessionSanityPointerSet(SessionRow* row) +{ + int j; + + /* Reset pointers to safe values after raw copy */ + for (j = 0; j < SESSIONS_PER_ROW; j++) { + WOLFSSL_SESSION* s = &row->Sessions[j]; +#ifdef HAVE_SESSION_TICKET + s->ticket = s->staticTicket; + s->ticketLenAlloc = 0; + if (s->ticketLen > SESSION_TICKET_LEN) { + s->ticketLen = SESSION_TICKET_LEN; + } +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + s->ticketNonce.data = s->ticketNonce.dataStatic; + if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) { + s->ticketNonce.len = MAX_TICKET_NONCE_STATIC_SZ; + } +#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + s->peer = NULL; +#endif + } +} +#endif + /* Restore the persistent session cache from memory */ int wolfSSL_memrestore_session_cache(const void* mem, int sz) { int i; - #ifndef SESSION_CACHE_DYNAMIC_MEM - #if defined(HAVE_SESSION_TICKET) || \ - (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)) - int j; - #endif - #endif cache_header_t cache_header; SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); @@ -528,24 +554,10 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz) #endif XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW); - #ifndef SESSION_CACHE_DYNAMIC_MEM - #if defined(HAVE_SESSION_TICKET) || \ - (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)) - /* Reset pointers to safe values after raw copy */ - for (j = 0; j < SESSIONS_PER_ROW; j++) { - WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j]; - #ifdef HAVE_SESSION_TICKET - s->ticket = s->staticTicket; - s->ticketLenAlloc = 0; - if (s->ticketLen > SESSION_TICKET_LEN) { - s->ticketLen = SESSION_TICKET_LEN; - } - #endif - #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - s->peer = NULL; - #endif - } - #endif + #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) + SessionSanityPointerSet(&SessionCache[i]); #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK SESSION_ROW_UNLOCK(&SessionCache[i]); @@ -706,27 +718,10 @@ int wolfSSL_restore_session_cache(const char *fname) #endif ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); - #ifndef SESSION_CACHE_DYNAMIC_MEM - #if defined(HAVE_SESSION_TICKET) || \ - (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)) - /* Reset pointers to safe values after raw copy */ - { - int j; - for (j = 0; j < SESSIONS_PER_ROW; j++) { - WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j]; - #ifdef HAVE_SESSION_TICKET - s->ticket = s->staticTicket; - s->ticketLenAlloc = 0; - if (s->ticketLen > SESSION_TICKET_LEN) { - s->ticketLen = SESSION_TICKET_LEN; - } - #endif - #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - s->peer = NULL; - #endif - } - } - #endif + #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) + SessionSanityPointerSet(&SessionCache[i]); #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK SESSION_ROW_UNLOCK(&SessionCache[i]);