mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.

This commit is contained in:
Daniel Pouzzner 2021-04-09 11:29:13 -05:00
parent 4458ed37c1
commit 23d8df720e
9 changed files with 424 additions and 447 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
configure.ac
View File

@ -2511,10 +2511,7 @@ AC_ARG_ENABLE([wolfsentry],
if test "$ENABLED_WOLFSENTRY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS"
ENABLED_NETWORK_INTROSPECTION_DEFAULT=yes
else
ENABLED_NETWORK_INTROSPECTION_DEFAULT=no
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
fi
AC_ARG_WITH([wolfsentry-lib],
@ -2536,25 +2533,6 @@ AC_SUBST([WOLFSENTRY_LIB])
AC_SUBST([WOLFSENTRY_INCLUDE])
# API for tracking network connection attributes
AC_ARG_ENABLE([network-introspection],
[AS_HELP_STRING([--enable-network-introspection],[Enable network connection attribute tracking and callbacks (default: disabled)])],
[ ENABLED_NETWORK_INTROSPECTION=$enableval ],
[ ENABLED_NETWORK_INTROSPECTION=$ENABLED_NETWORK_INTROSPECTION_DEFAULT ]
)
if test "$ENABLED_NETWORK_INTROSPECTION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NETWORK_INTROSPECTION"
fi
if test "$ENABLED_WOLFSENTRY" = "yes" && test "$ENABLED_NETWORK_INTROSPECTION" != "yes"
then
AC_MSG_ERROR([--enable-wolfsentry requires --enable-network-introspection])
fi
if test "$ENABLED_QT" = "yes"
then
# Requires opensslextra and opensslall
@ -6636,7 +6614,6 @@ echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * Connection tracking: $ENABLED_NETWORK_INTROSPECTION"
echo " * wolfSentry: $ENABLED_WOLFSENTRY"
echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * HAPROXY: $ENABLED_HAPROXY"

185
examples/server/server.c
View File

@ -282,48 +282,83 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
const void *remote_addr2;
const void *local_addr2;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
int ret;
struct {
struct wolfsentry_sockaddr s;
byte buf[16];
} remote, local;
wolfsentry_action_res_t action_results;
struct wolfsentry_data {
struct wolfsentry_sockaddr remote;
byte remote_addrbuf[16];
struct wolfsentry_sockaddr local;
byte local_addrbuf[16];
wolfsentry_route_flags_t flags;
void *heap;
int alloctype;
};
(void)ssl;
static void free_wolfsentry_data(struct wolfsentry_data *data) {
char inet_ntop_buf[INET6_ADDRSTRLEN];
fprintf(stderr, "free_wolfsentry_data() for remote %s:%d\n", inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf, sizeof inet_ntop_buf), data->remote.sa_port);
XFREE(data, data->heap, data->alloctype);
}
if ((ret = wolfSSL_get_endpoint_addrs(nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
static int wolfsentry_data_index = -1;
static int wolfsentry_store_endpoints(
WOLFSSL *ssl,
SOCKADDR_IN_T *remote,
SOCKADDR_IN_T *local,
int proto,
wolfsentry_route_flags_t flags)
{
struct wolfsentry_data *data = (struct wolfsentry_data *)XMALLOC(sizeof *data, NULL, DYNAMIC_TYPE_SOCKADDR);
if (data == NULL)
return WOLFSSL_FAILURE;
data->heap = NULL;
data->alloctype = DYNAMIC_TYPE_SOCKADDR;
#ifdef TEST_IPV6
if ((sizeof data->remote_addrbuf < sizeof remote->sin6_addr) ||
(sizeof data->local_addrbuf < sizeof local->sin6_addr))
return WOLFSSL_FAILURE;
data->remote.sa_family = data->local.sa_family = remote->sin6_family;
data->remote.sa_port = ntohs(remote->sin6_port);
data->local.sa_port = ntohs(local->sin6_port);
data->remote.addr_len = sizeof remote->sin6_addr * BITS_PER_BYTE;
XMEMCPY(data->remote.addr, &remote->sin6_addr, sizeof remote->sin6_addr);
data->local.addr_len = sizeof local->sin6_addr * BITS_PER_BYTE;
XMEMCPY(data->local.addr, &local->sin6_addr, sizeof local->sin6_addr);
#else
if ((sizeof data->remote_addrbuf < sizeof remote->sin_addr) ||
(sizeof data->local_addrbuf < sizeof local->sin_addr))
return WOLFSSL_FAILURE;
data->remote.sa_family = data->local.sa_family = remote->sin_family;
data->remote.sa_port = ntohs(remote->sin_port);
data->local.sa_port = ntohs(local->sin_port);
data->remote.addr_len = sizeof remote->sin_addr * BITS_PER_BYTE;
XMEMCPY(data->remote.addr, &remote->sin_addr, sizeof remote->sin_addr);
data->local.addr_len = sizeof local->sin_addr * BITS_PER_BYTE;
XMEMCPY(data->local.addr, &local->sin_addr, sizeof local->sin_addr);
#endif
data->remote.sa_proto = data->local.sa_proto = proto;
data->remote.interface = data->local.interface = 0;
data->flags = flags;
if (wolfSSL_set_ex_data_with_cleanup(ssl, wolfsentry_data_index, data, (wolfSSL_ex_data_cleanup_routine_t)free_wolfsentry_data) != WOLFSSL_SUCCESS) {
free_wolfsentry_data(data);
return WOLFSSL_FAILURE;
}
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
nc->family,
nc->proto,
nc->remote_port,
nc->local_port,
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
nc->interface);
return WOLFSSL_SUCCESS;
}
remote.s.sa_family = nc->family;
remote.s.sa_proto = nc->proto;
remote.s.sa_port = nc->remote_port;
remote.s.addr_len = nc->remote_addr_len;
remote.s.interface = nc->interface;
memcpy(remote.s.addr, remote_addr2, nc->remote_addr_len);
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
struct wolfsentry_data *data;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
int ret;
wolfsentry_action_res_t action_results;
local.s.sa_family = nc->family;
local.s.sa_proto = nc->proto;
local.s.sa_port = nc->local_port;
local.s.addr_len = nc->local_addr_len;
local.s.interface = nc->interface;
memcpy(local.s.addr, local_addr2, nc->local_addr_len);
if ((data = wolfSSL_get_ex_data(ssl, wolfsentry_data_index)) == NULL)
return WOLFSSL_FAILURE;
ret = wolfsentry_route_event_dispatch(wolfsentry, &remote.s, &local.s, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
ret = wolfsentry_route_event_dispatch(wolfsentry, &data->remote, &data->local, data->flags, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
if (ret == 0) {
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
@ -332,8 +367,20 @@ static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network
*decision = WOLFSSL_NETFILTER_ACCEPT;
else
*decision = WOLFSSL_NETFILTER_PASS;
} else
} else {
printf("wolfsentry_route_event_dispatch error " WOLFSENTRY_ERROR_FMT, WOLFSENTRY_ERROR_FMT_ARGS(ret));
*decision = WOLFSSL_NETFILTER_PASS;
}
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d; decision=%d\n",
data->remote.sa_family,
data->remote.sa_proto,
data->remote.sa_port,
data->local.sa_port,
inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(data->local.sa_family, data->local.addr, inet_ntop_buf2, sizeof inet_ntop_buf2),
data->remote.interface,
*decision);
return WOLFSSL_SUCCESS;
}
@ -1909,12 +1956,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
err_sys_ex(catastrophic, "unable to get ctx");
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
ret = wolfsentry_init(NULL /* allocator */, NULL /* timecbs */, 0 /* route_private_data_size */, 0 /* route_private_data_alignment */, &wolfsentry);
ret = wolfsentry_init(NULL /* allocator */, NULL /* timecbs */, NULL /* default config */, &wolfsentry);
if (ret != 0) {
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
err_sys_ex(catastrophic, "unable to initialize wolfSentry");
}
if (wolfsentry_data_index < 0)
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
{
struct wolfsentry_route_table *table;
@ -2333,6 +2383,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys_ex(catastrophic, "unable to create an SSL object");
#ifdef OPENSSL_EXTRA
wolfSSL_KeepArrays(ssl);
#endif
@ -2659,7 +2710,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#endif
#ifdef WOLFSSL_NETWORK_INTROSPECTION
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
{
SOCKADDR_IN_T local_addr;
socklen_t local_len = sizeof(local_addr);
@ -2668,62 +2719,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (((struct sockaddr *)&client_addr)->sa_family != ((struct sockaddr *)&local_addr)->sa_family)
err_sys_ex(catastrophic, "client_addr.sa_family != local_addr.sa_family");
#ifdef TEST_IPV6
if ((ret = wolfSSL_set_endpoints(
ssl,
0 /* interface_id */,
client_addr.sin6_family,
IPPROTO_TCP,
sizeof(client_addr.sin6_addr),
(byte *)&client_addr.sin6_addr,
(byte *)&local_addr.sin6_addr,
client_addr.sin6_port,
local_addr.sin6_port) != WOLFSSL_SUCCESS)) {
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
}
#else /* !TEST_IPV6 */
if ((ret = wolfSSL_set_endpoints(
ssl,
0 /* interface_id */,
client_addr.sin_family,
IPPROTO_TCP,
sizeof(struct in_addr),
(byte *)&client_addr.sin_addr,
(byte *)&local_addr.sin_addr,
client_addr.sin_port,
local_addr.sin_port) != WOLFSSL_SUCCESS)) {
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
}
#endif /* TEST_IPV6 */
{
const struct wolfSSL_network_connection *nc;
const void *remote_addr2;
const void *local_addr2;
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
if ((ret = wolfSSL_get_endpoints(ssl, &nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
}
printf("stored connection attrs: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
nc->family,
nc->proto,
nc->remote_port,
nc->local_port,
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
nc->interface);
if (wolfsentry_store_endpoints(ssl, &client_addr, &local_addr, dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) != WOLFSSL_SUCCESS) {
printf("wolfsentry_store_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
err_sys_ex(catastrophic, "error in wolfsentry_store_endpoints()");
}
}
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
|| needDH == 1) {

22
src/internal.c
View File

@ -1892,6 +1892,14 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
int i;
#endif
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, NULL, NULL);
}
#endif
#ifdef HAVE_WOLF_EVENT
wolfEventQueue_Free(&ctx->event_queue);
#endif /* HAVE_WOLF_EVENT */
@ -6423,6 +6431,14 @@ void SSL_ResourceFree(WOLFSSL* ssl)
* example with the RNG, it isn't used beyond the handshake except when
* using stream ciphers where it is retained. */
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, NULL, NULL);
}
#endif
FreeCiphers(ssl);
FreeArrays(ssl, 0);
FreeKeyExchange(ssl);
@ -6465,12 +6481,6 @@ void SSL_ResourceFree(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#endif
#ifdef WOLFSSL_NETWORK_INTROSPECTION
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection))
XFREE(ssl->buffers.network_connection.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection_layer2))
XFREE(ssl->buffers.network_connection_layer2.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
XFREE(ssl->peerTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
#endif

468
src/ssl.c
View File

@ -1013,215 +1013,6 @@ int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
}
#endif /* NO_CERTS */
#ifdef WOLFSSL_NETWORK_INTROSPECTION
/* all ints in host byte order, addresses in network order (big endian). */
static WC_INLINE int wolfSSL_set_endpoints_1(
WOLFSSL* ssl,
struct wolfSSL_network_connection *nc,
unsigned int interface_id,
unsigned int family,
unsigned int proto,
unsigned int remote_addr_len,
const byte *remote_addr,
unsigned int local_addr_len,
const byte *local_addr,
unsigned int remote_port,
unsigned int local_port)
{
size_t current_dynamic_alloc, needed_dynamic_alloc;
if ((ssl == NULL) || (nc == NULL) || (remote_addr_len == 0) || (local_addr_len == 0))
return BAD_FUNC_ARG;
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc))
current_dynamic_alloc = nc->local_addr_len + nc->remote_addr_len;
else
current_dynamic_alloc = 0;
if (local_addr_len + remote_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
needed_dynamic_alloc = local_addr_len + remote_addr_len;
else
needed_dynamic_alloc = 0;
nc->local_addr_len = nc->remote_addr_len = 0;
if (current_dynamic_alloc != needed_dynamic_alloc) {
if (current_dynamic_alloc > 0)
XFREE(nc->addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
if (needed_dynamic_alloc > 0) {
nc->addr_buffer_dynamic = (byte *)XMALLOC
(needed_dynamic_alloc,
ssl->heap,
DYNAMIC_TYPE_SOCKADDR);
if (nc->addr_buffer_dynamic == NULL)
return MEMORY_E;
}
}
nc->family = family;
nc->proto = proto;
nc->remote_addr_len = remote_addr_len;
nc->local_addr_len = local_addr_len;
nc->interface = interface_id;
nc->remote_port = remote_port;
nc->local_port = local_port;
if (needed_dynamic_alloc == 0) {
XMEMCPY(nc->addr_buffer, remote_addr, remote_addr_len);
XMEMCPY(nc->addr_buffer + remote_addr_len, local_addr, local_addr_len);
} else {
XMEMCPY(nc->addr_buffer_dynamic, remote_addr, remote_addr_len);
XMEMCPY((nc->addr_buffer_dynamic) + remote_addr_len, local_addr, local_addr_len);
}
nc->remote_addr_len = remote_addr_len;
nc->local_addr_len = local_addr_len;
return WOLFSSL_SUCCESS;
}
int wolfSSL_set_endpoints(
WOLFSSL* ssl,
unsigned int interface_id,
unsigned int family,
unsigned int proto,
unsigned int addr_len,
const byte *remote_addr,
const byte *local_addr,
unsigned int remote_port,
unsigned int local_port)
{
return wolfSSL_set_endpoints_1(
ssl,
&ssl->buffers.network_connection,
interface_id,
family,
proto,
addr_len,
remote_addr,
addr_len,
local_addr,
remote_port,
local_port);
}
int wolfSSL_set_endpoints_layer2(
WOLFSSL* ssl,
unsigned int interface_id,
unsigned int family,
unsigned int addr_len,
const byte *remote_addr,
const byte *local_addr)
{
return wolfSSL_set_endpoints_1(
ssl,
&ssl->buffers.network_connection_layer2,
interface_id,
family,
0 /* proto */,
addr_len,
remote_addr,
addr_len,
local_addr,
0 /* remote_port */,
0 /* local_port */);
}
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
const struct wolfSSL_network_connection *nc,
const void **remote_addr,
const void **local_addr)
{
if ((remote_addr == NULL) || (local_addr == NULL))
return BAD_FUNC_ARG;
if (nc->remote_addr_len == 0)
return INCOMPLETE_DATA;
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc)) {
*remote_addr = nc->addr_buffer_dynamic;
*local_addr = nc->addr_buffer_dynamic + nc->remote_addr_len;
} else {
*remote_addr = nc->addr_buffer;
*local_addr = nc->addr_buffer + nc->remote_addr_len;
}
return WOLFSSL_SUCCESS;
}
WOLFSSL_API int wolfSSL_get_endpoints(
WOLFSSL *ssl,
const struct wolfSSL_network_connection **nc,
const void **remote_addr,
const void **local_addr)
{
*nc = &ssl->buffers.network_connection;
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
}
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
WOLFSSL *ssl,
const struct wolfSSL_network_connection **nc,
const void **remote_addr,
const void **local_addr)
{
*nc = &ssl->buffers.network_connection_layer2;
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
}
static WC_INLINE int wolfSSL_copy_endpoints_1(
struct wolfSSL_network_connection *nc_src,
struct wolfSSL_network_connection *nc_dst,
size_t nc_dst_size,
const void **remote_addr,
const void **local_addr)
{
size_t nc_bufsiz;
if ((nc_dst == NULL) || (remote_addr == NULL) || (local_addr == NULL))
return BAD_FUNC_ARG;
if (nc_src->remote_addr_len == 0)
return INCOMPLETE_DATA;
nc_bufsiz = WOLFSSL_NETWORK_CONNECTION_BUFSIZ(nc_src->remote_addr_len, nc_src->local_addr_len);
if (nc_dst_size < nc_bufsiz)
return BUFFER_E;
XMEMCPY(nc_dst, nc_src, ((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0])));
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc_src))
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer_dynamic, nc_src->remote_addr_len + nc_src->local_addr_len);
else
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer, nc_src->remote_addr_len + nc_src->local_addr_len);
*remote_addr = nc_dst->addr_buffer;
*local_addr = nc_dst->addr_buffer + nc_dst->remote_addr_len;
return WOLFSSL_SUCCESS;
}
WOLFSSL_API int wolfSSL_copy_endpoints(
WOLFSSL *ssl,
struct wolfSSL_network_connection *nc,
size_t nc_size,
const void **remote_addr,
const void **local_addr)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection, nc, nc_size, remote_addr, local_addr);
}
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
WOLFSSL *ssl,
struct wolfSSL_network_connection *nc,
size_t nc_size,
const void **remote_addr,
const void **local_addr)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection_layer2, nc, nc_size, remote_addr, local_addr);
}
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
@ -1238,8 +1029,6 @@ WOLFSSL_API int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t A
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
#ifndef WOLFSSL_LEANPSK
int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
{
@ -13126,17 +12915,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
if (ssl->AcceptFilter && (ssl->buffers.network_connection.remote_addr_len > 0)) {
if (ssl->AcceptFilter) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;
}
}
if (ssl->AcceptFilter && (ssl->buffers.network_connection_layer2.remote_addr_len > 0)) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection_layer2, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;
@ -16522,6 +16303,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* unchain?, doesn't matter in goahead since from free all */
WOLFSSL_ENTER("wolfSSL_BIO_free");
if (bio) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&bio->ex_data, idx, NULL, NULL);
}
#endif
if (bio->infoCb) {
/* info callback is called before free */
@ -18967,6 +18755,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
WOLFSSL_ENTER("ExternalFreeX509");
if (x509) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&x509->ex_data, idx, NULL, NULL);
}
#endif
if (x509->dynamicMemory) {
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
if (wc_LockMutex(&x509->refMutex) != 0) {
@ -22167,6 +21962,14 @@ void FreeSession(WOLFSSL_SESSION* session, int isAlloced)
if (session == NULL)
return;
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx, NULL, NULL);
}
#endif
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
if (session->peer) {
wolfSSL_X509_free(session->peer);
@ -24944,6 +24747,31 @@ int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
/* Set ex_data for WOLFSSL_BIO
*
* bio : BIO structure to set ex_data in
* idx : Index of ex_data to set
* data : Data to set in ex_data
* cleanup_routine : Function pointer to clean up data
*
* Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
*/
int wolfSSL_BIO_set_ex_data_with_cleanup(
WOLFSSL_BIO *bio,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_BIO_set_ex_data_with_cleanup");
if (bio != NULL && idx < MAX_EX_DATA) {
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&bio->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
/* Get ex_data in WOLFSSL_BIO at given index
*
* bio : BIO structure to get ex_data from
@ -26263,7 +26091,18 @@ err_exit:
void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
{
if (store != NULL && store->isDynamic) {
if (store == NULL)
return;
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&store->ex_data, idx, NULL, NULL);
}
#endif
if (store->isDynamic) {
if (store->cm != NULL) {
wolfSSL_CertManagerFree(store->cm);
store->cm = NULL;
@ -26288,6 +26127,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
}
/**
* Get ex_data in WOLFSSL_STORE at given index
* @param store a pointer to WOLFSSL_X509_STORE structure
@ -26307,6 +26147,7 @@ void* wolfSSL_X509_STORE_get_ex_data(WOLFSSL_X509_STORE* store, int idx)
#endif
return NULL;
}
/**
* Set ex_data for WOLFSSL_STORE
* @param store a pointer to WOLFSSL_X509_STORE structure
@ -26329,6 +26170,31 @@ int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
#endif
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
/**
* Set ex_data for WOLFSSL_STORE
* @param store a pointer to WOLFSSL_X509_STORE structure
* @param idx Index of ex data to set
* @param data Data to set in ex data
* @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
*/
int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
WOLFSSL_X509_STORE* store,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data_with_cleanup");
if (store != NULL && idx < MAX_EX_DATA) {
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&store->ex_data, idx,
data, cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
@ -26450,6 +26316,13 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
{
WOLFSSL_ENTER("X509_STORE_CTX_free");
if (ctx != NULL) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, NULL, NULL);
}
#endif
#ifdef OPENSSL_EXTRA
if (ctx->param != NULL){
XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
@ -27808,6 +27681,25 @@ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
/* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
* on success, WOLFSSL_FAILURE on error. */
int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
WOLFSSL_X509_STORE_CTX* ctx,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
if (ctx != NULL)
{
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
{
@ -40532,6 +40424,22 @@ int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data)
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_RSA_set_ex_data_with_cleanup(
WOLFSSL_RSA *rsa,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data_with_cleanup");
if (rsa) {
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
WOLFSSL_BIGNUM *d)
{
@ -44915,9 +44823,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
#endif /* OPENSSL_EXTRA */
#if ((defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && defined(HAVE_EX_DATA)) || \
defined(FORTRESS) || \
defined(WOLFSSL_WPAS_SMALL)
#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
@ -44985,7 +44891,24 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
return WOLFSSL_FAILURE;
}
#endif /* ((OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && HAVE_EX_DATA) || FORTRESS || WOLFSSL_WPAS_SMALL */
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_CTX_set_ex_data_with_cleanup(
WOLFSSL_CTX* ctx,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup");
if (ctx != NULL)
{
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL) */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@ -45037,6 +44960,23 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_set_ex_data_with_cleanup(
WOLFSSL* ssl,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_set_ex_data_with_cleanup");
if (ssl != NULL)
{
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
{
WOLFSSL_ENTER("wolfSSL_get_ex_data");
@ -46663,6 +46603,22 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_SESSION_set_ex_data_with_cleanup(
WOLFSSL_SESSION* session,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup");
if(session != NULL) {
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx,
data, cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
{
WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
@ -48869,8 +48825,8 @@ void wolfSSL_OPENSSL_config(char *config_name)
#endif /* !NO_WOLFSSL_STUB */
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
#if defined(HAVE_EX_DATA) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
{
@ -48887,8 +48843,6 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
}
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_WPAS_SMALL)
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
{
@ -48909,6 +48863,13 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *d
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
#ifdef MAX_EX_DATA
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
if (ex_data->ex_data_cleanup_routines[idx]) {
if (ex_data->ex_data[idx])
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
ex_data->ex_data_cleanup_routines[idx] = NULL;
}
#endif
ex_data->ex_data[idx] = data;
return WOLFSSL_SUCCESS;
}
@ -48919,8 +48880,30 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *d
#endif
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data_with_cleanup");
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
if (ex_data->ex_data_cleanup_routines[idx] && ex_data->ex_data[idx])
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
ex_data->ex_data[idx] = data;
ex_data->ex_data_cleanup_routines[idx] = cleanup_routine;
return WOLFSSL_SUCCESS;
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* HAVE_EX_DATA || FORTRESS */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_WPAS_SMALL)
void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
@ -48950,6 +48933,24 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
#endif
return WOLFSSL_FAILURE;
}
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
int wolfSSL_X509_set_ex_data_with_cleanup(
X509 *x509,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_X509_set_ex_data_with_cleanup");
if (x509 != NULL)
{
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&x509->ex_data, idx,
data, cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
@ -53457,6 +53458,13 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
WOLFSSL_ENTER("wolfSSL_RSA_free");
if (rsa) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
{
int idx;
for (idx = 0; idx < MAX_EX_DATA; ++idx)
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, NULL, NULL);
}
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
int doFree = 0;
if (wc_LockMutex(&rsa->refMutex) != 0) {

12
src/tls13.c
View File

@ -8357,17 +8357,9 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
}
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
if (ssl->AcceptFilter && (ssl->buffers.network_connection.remote_addr_len > 0)) {
if (ssl->AcceptFilter) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;
}
}
if (ssl->AcceptFilter && (ssl->buffers.network_connection_layer2.remote_addr_len > 0)) {
wolfSSL_netfilter_decision_t res;
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection_layer2, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
(res == WOLFSSL_NETFILTER_REJECT)) {
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
return WOLFSSL_FATAL_ERROR;

5
wolfssl/internal.h
View File

@ -3449,11 +3449,6 @@ typedef struct Buffers {
#ifdef WOLFSSL_SEND_HRR_COOKIE
buffer tls13CookieSecret; /* HRR cookie secret */
#endif
#ifdef WOLFSSL_NETWORK_INTROSPECTION
struct wolfSSL_network_connection network_connection;
struct wolfSSL_network_connection network_connection_layer2;
#define WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(x) ((x).remote_addr_len + (x).local_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
#endif
#ifdef WOLFSSL_DTLS
WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
#ifndef NO_WOLFSSL_SERVER

8
wolfssl/openssl/rsa.h
View File

@ -152,7 +152,13 @@ WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa);
WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx);
WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
WOLFSSL_RSA *rsa,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#define WOLFSSL_RSA_LOAD_PRIVATE 1
#define WOLFSSL_RSA_LOAD_PUBLIC 2

140
wolfssl/ssl.h
View File

@ -1141,79 +1141,7 @@ WOLFSSL_API int wolfSSL_export_keying_material(WOLFSSL *ssl,
int use_context);
#endif /* HAVE_KEYING_MATERIAL */
#ifdef WOLFSSL_NETWORK_INTROSPECTION
#ifndef WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES
#define WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES 32 /* enough for 2 IPv6 addresses. */
#endif
struct wolfSSL_network_connection {
word16 family;
word16 proto;
word16 remote_port;
word16 local_port;
word16 remote_addr_len;
word16 local_addr_len;
byte interface;
union {
byte addr_buffer[WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES];
byte *addr_buffer_dynamic;
};
};
#define WOLFSSL_NETWORK_CONNECTION_BUFSIZ(remote_addr_len, local_addr_len) \
((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0]) + \
(remote_addr_len) + (local_addr_len));
WOLFSSL_API int wolfSSL_set_endpoints(
WOLFSSL *ssl,
unsigned int interface_id,
unsigned int family,
unsigned int proto,
unsigned int addr_len,
const byte *remote_addr,
const byte *local_addr,
unsigned int remote_port,
unsigned int local_port);
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
const struct wolfSSL_network_connection *nc,
const void **remote_addr,
const void **local_addr);
WOLFSSL_API int wolfSSL_get_endpoints(
WOLFSSL *ssl,
const struct wolfSSL_network_connection **nc,
const void **remote_addr,
const void **local_addr);
WOLFSSL_API int wolfSSL_copy_endpoints(
WOLFSSL *ssl,
struct wolfSSL_network_connection *nc,
size_t nc_size,
const void **remote_addr,
const void **local_addr);
WOLFSSL_API int wolfSSL_set_endpoints_layer2(
WOLFSSL *ssl,
unsigned int interface_id,
unsigned int family,
unsigned int addr_len,
const byte *remote_addr,
const byte *local_addr);
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
WOLFSSL *ssl,
const struct wolfSSL_network_connection **nc,
const void **remote_addr,
const void **local_addr);
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
WOLFSSL *ssl,
struct wolfSSL_network_connection *nc,
size_t nc_size,
const void **remote_addr,
const void **local_addr);
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
typedef enum {
WOLFSSL_NETFILTER_PASS = 0,
@ -1221,13 +1149,11 @@ typedef enum {
WOLFSSL_NETFILTER_REJECT = 2
} wolfSSL_netfilter_decision_t;
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
typedef int (*NetworkFilterCallback_t)(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, void *ctx, wolfSSL_netfilter_decision_t *decision);
typedef int (*NetworkFilterCallback_t)(WOLFSSL *ssl, void *AcceptFilter_arg, wolfSSL_netfilter_decision_t *decision);
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
WOLFSSL_API int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
#endif
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
/* Nonblocking DTLS helper functions */
WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
@ -1355,6 +1281,13 @@ WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSI
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
WOLFSSL* ssl,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
@ -1437,6 +1370,13 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags);
WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup(
WOLFSSL_BIO *bio,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx);
WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long);
@ -1761,10 +1701,24 @@ WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
WOLFSSL_X509_STORE_CTX* ctx, int idx);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
int idx, void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
WOLFSSL_X509_STORE_CTX* ctx,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API void* wolfSSL_X509_STORE_get_ex_data(
WOLFSSL_X509_STORE* store, int idx);
WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store,
int idx, void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
WOLFSSL_X509_STORE* store,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
int depth);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
@ -2323,10 +2277,17 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *s
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL))
#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
void *data);
#endif
@ -2334,6 +2295,13 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int
/* stunnel 4.28 needs */
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
WOLFSSL_CTX* ctx,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
@ -3992,6 +3960,13 @@ WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
WOLFSSL_SESSION* session,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
@ -4141,6 +4116,13 @@ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
X509 *x509,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \

6
wolfssl/wolfcrypt/types.h
View File

@ -48,8 +48,14 @@ decouple library dependencies with standard string, memory and so on.
* (with minimal depencencies).
*/
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data);
#endif
typedef struct WOLFSSL_CRYPTO_EX_DATA {
void* ex_data[MAX_EX_DATA];
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
wolfSSL_ex_data_cleanup_routine_t ex_data_cleanup_routines[MAX_EX_DATA];
#endif
} WOLFSSL_CRYPTO_EX_DATA;
#endif