Skip to content

Commit

Permalink
Support for building without wolfssl/openssl header files. ZD 18465
Browse files Browse the repository at this point in the history
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
  • Loading branch information
dgarske committed Nov 20, 2024
1 parent 42825e8 commit ef67b1c
Show file tree
Hide file tree
Showing 18 changed files with 542 additions and 469 deletions.
3 changes: 3 additions & 0 deletions .wolfssl_known_macro_extras
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ HAVE_AESGCM_DECRYPT
HAVE_BYTEREVERSE64
HAVE_CERTIFICATE_STATUS_V2
HAVE_COLDFIRE_SEC
HAVE_CRL_UPDATE_CB
HAVE_CSHARP
HAVE_CURL
HAVE_CURVE22519
Expand All @@ -215,6 +216,8 @@ HAVE_ECC512
HAVE_ECC_CDH_CAST
HAVE_ECC_SM2
HAVE_ESP_CLK
HAVE_EX_DATA_CRYPTO
HAVE_EX_DATA_CLEANUP_HOOKS
HAVE_FACON
HAVE_FIPS_VERSION_PORT
HAVE_FUZZER
Expand Down
1 change: 1 addition & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -9859,6 +9859,7 @@ fi
# Some of these affect build targets and objects, some trigger different
# test scripts for make check.
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
AM_CONDITIONAL([BUILD_OPENSSL_COMPAT],[test "x$ENABLED_OPENSSLEXTRA" != "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"])
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
Expand Down
3 changes: 2 additions & 1 deletion examples/client/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -3765,7 +3765,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)

#ifndef NO_PSK
if (usePsk) {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
defined(TEST_PSK_USE_SESSION)
SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
#endif
}
Expand Down
13 changes: 7 additions & 6 deletions examples/server/server.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,13 @@
#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
#undef OPENSSL_COEXIST /* can't use this option with this example */

/* Force enable the compatibility macros for this example */
#ifndef OPENSSL_EXTRA_X509_SMALL
#define OPENSSL_EXTRA_X509_SMALL
#endif
#include <wolfssl/openssl/ssl.h>

#undef OPENSSL_EXTRA_X509_SMALL
#include <wolfssl/ssl.h> /* name change portability layer */

#ifdef HAVE_ECC
Expand Down Expand Up @@ -66,12 +73,6 @@ static const char *wolfsentry_config_path = NULL;
#include <wolfssl/test.h>
#include <wolfssl/error-ssl.h>

/* Force enable the compatibility macros for this example */
#ifndef OPENSSL_EXTRA_X509_SMALL
#define OPENSSL_EXTRA_X509_SMALL
#endif
#include <wolfssl/openssl/ssl.h>

#include "examples/server/server.h"

#ifndef NO_WOLFSSL_SERVER
Expand Down
63 changes: 24 additions & 39 deletions src/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -10537,11 +10537,7 @@ int wolfSSL_Cleanup(void)
#endif
#endif

#if defined(HAVE_EX_DATA) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
defined(WOLFSSL_WPAS_SMALL)
#ifdef HAVE_EX_DATA_CRYPTO
crypto_ex_cb_free(crypto_ex_cb_ctx_session);
crypto_ex_cb_ctx_session = NULL;
#endif
Expand Down Expand Up @@ -17435,6 +17431,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
}
#endif
#endif /* OPENSSL_EXTRA */

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
#ifndef NO_CERTS
Expand Down Expand Up @@ -17893,7 +17890,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
#define WOLFSSL_OBJECT_INFO_SZ \
(sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info))
const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ;
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* Free the dynamically allocated data.
Expand Down Expand Up @@ -19676,11 +19673,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)

#endif /* OPENSSL_EXTRA */

#if defined(HAVE_EX_DATA) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
defined(WOLFSSL_WPAS_SMALL)
#ifdef HAVE_EX_DATA_CRYPTO
CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL;

static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
Expand Down Expand Up @@ -19818,14 +19811,13 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
return WOLFSSL_FATAL_ERROR;
return idx;
}
#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
#endif /* HAVE_EX_DATA_CRYPTO */

#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
#ifdef HAVE_EX_DATA
if(ctx != NULL) {
if (ctx != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
}
#else
Expand All @@ -19835,6 +19827,7 @@ void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
return NULL;
}

#ifdef HAVE_EX_DATA_CRYPTO
int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
Expand All @@ -19860,21 +19853,20 @@ int wolfSSL_get_ex_new_index(long argValue, void* arg,
return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg,
cb1, cb2, cb3);
}

#endif /* HAVE_EX_DATA_CRYPTO */

int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
#ifdef HAVE_EX_DATA
if (ctx != NULL)
{
#ifdef HAVE_EX_DATA_CRYPTO
if (ctx != NULL) {
return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
}
#else
#else
(void)ctx;
(void)idx;
(void)data;
#endif
#endif
return WOLFSSL_FAILURE;
}

Expand All @@ -19895,7 +19887,6 @@ int wolfSSL_CTX_set_ex_data_with_cleanup(
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */

#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)

Expand Down Expand Up @@ -19927,15 +19918,11 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {

#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)

int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_set_ex_data");
#ifdef HAVE_EX_DATA
if (ssl != NULL)
{
if (ssl != NULL) {
return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
}
#else
Expand Down Expand Up @@ -19979,8 +19966,6 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
return 0;
}

#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */

#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)

Expand Down Expand Up @@ -24048,21 +24033,17 @@ void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line)
/*******************************************************************************
* START OF EX_DATA APIs
******************************************************************************/
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
(defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH)))
void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
#ifdef HAVE_EX_DATA
void wolfSSL_CRYPTO_cleanup_all_ex_data(void)
{
WOLFSSL_ENTER("wolfSSL_CRYPTO_cleanup_all_ex_data");
}
#endif

#ifdef HAVE_EX_DATA
void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data");
#ifdef MAX_EX_DATA
if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
return ex_data->ex_data[idx];
}
#else
Expand All @@ -24080,6 +24061,8 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
if (ex_data->ex_data_cleanup_routines[idx]) {
/* call cleanup then remove cleanup callback,
* since different value is being set */
if (ex_data->ex_data[idx])
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
ex_data->ex_data_cleanup_routines[idx] = NULL;
Expand Down Expand Up @@ -24114,7 +24097,9 @@ int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* HAVE_EX_DATA */

#ifdef HAVE_EX_DATA_CRYPTO
/**
* Issues unique index for the class specified by class_index.
* Other parameter except class_index are ignored.
Expand All @@ -24140,7 +24125,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
return wolfssl_get_ex_new_index(class_index, argl, argp, new_func,
dup_func, free_func);
}
#endif /* HAVE_EX_DATA */
#endif /* HAVE_EX_DATA_CRYPTO */

/*******************************************************************************
* END OF EX_DATA APIs
Expand Down
2 changes: 1 addition & 1 deletion src/ssl_certman.c
Original file line number Diff line number Diff line change
Expand Up @@ -624,7 +624,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
cm->verifyCallback = vc;
}
}
#endif /* NO_WOLFSSL_CM_VERIFY */
#endif /* !NO_WOLFSSL_CM_VERIFY */

#ifdef WC_ASN_UNKNOWN_EXT_CB
void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
Expand Down
35 changes: 16 additions & 19 deletions src/ssl_sess.c
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@
void EvictSessionFromCache(WOLFSSL_SESSION* session)
{
#ifdef HAVE_EX_DATA
int save_ownExData = session->ownExData;
byte save_ownExData = session->ownExData;
session->ownExData = 1; /* Make sure ex_data access doesn't lead back
* into the cache. */
#endif
Expand Down Expand Up @@ -1120,7 +1120,9 @@ static int TlsSessionCacheGetAndLock(const byte *id,
#else
s = &sessRow->Sessions[idx];
#endif
if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) {
/* match session ID value and length */
if (s && s->sessionIDSz == ID_LEN && s->side == side &&
XMEMCMP(s->sessionID, id, ID_LEN) == 0) {
*sess = s;
break;
}
Expand Down Expand Up @@ -1839,7 +1841,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
}
preallocNonceLen = addSession->ticketNonce.len;
}
#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */
#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
#endif /* HAVE_SESSION_TICKET */

/* Find a position for the new session in cache and use that */
Expand Down Expand Up @@ -1916,7 +1918,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
cacheSession = &sessRow->Sessions[idx];
#endif

#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (overwrite) {
/* Figure out who owns the ex_data */
if (cacheSession->ownExData) {
Expand Down Expand Up @@ -3108,7 +3110,7 @@ long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t)
return t;
}

#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
#endif /* !NO_SESSION_CACHE && (OPENSSL_EXTRA || HAVE_EXT_CACHE) */

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_EX_DATA)
Expand Down Expand Up @@ -3682,10 +3684,12 @@ WOLFSSL_SESSION* wolfSSL_NewSession(void* heap)
#endif
#ifdef HAVE_EX_DATA
ret->ownExData = 1;
#ifdef HAVE_EX_DATA_CRYPTO
if (crypto_ex_cb_ctx_session != NULL) {
crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session,
&ret->ex_data);
}
#endif
#endif
}
return ret;
Expand Down Expand Up @@ -3739,7 +3743,7 @@ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
* @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the
* ticketNonce will happen in this pre allocated buffer
* @param ticketNonceLen @ticketNonceBuf len as input, used length on output
* @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet
* @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket nonce
* @return WOLFSSL_SUCCESS on success
* WOLFSSL_FAILURE on failure
*/
Expand Down Expand Up @@ -3964,7 +3968,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,

#endif /* HAVE_SESSION_TICKET */

#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (input->type != WOLFSSL_SESSION_TYPE_CACHE &&
output->type != WOLFSSL_SESSION_TYPE_CACHE) {
/* Not called with cache as that passes ownership of ex_data */
Expand Down Expand Up @@ -4044,7 +4048,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)

WOLFSSL_MSG("wolfSSL_FreeSession full free");

#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (session->ownExData) {
crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session,
&session->ex_data);
Expand Down Expand Up @@ -4230,8 +4234,7 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)

#endif

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_EX_DATA)
#ifdef HAVE_EX_DATA

int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
{
Expand Down Expand Up @@ -4301,13 +4304,8 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
#endif
return ret;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */

#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
(defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func)
Expand All @@ -4316,9 +4314,8 @@ int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l,
ctx_ptr, new_func, dup_func, free_func);
}
#endif
#endif

#endif /* HAVE_EX_DATA_CRYPTO */
#endif /* HAVE_EX_DATA */

#if defined(OPENSSL_ALL) || \
defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
Expand Down
Loading

0 comments on commit ef67b1c

Please sign in to comment.