mirror of https://github.com/wolfSSL/wolfssl
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
This commit is contained in:
parent
4458ed37c1
commit
23d8df720e
25
configure.ac
25
configure.ac
|
@ -2511,10 +2511,7 @@ AC_ARG_ENABLE([wolfsentry],
|
|||
|
||||
if test "$ENABLED_WOLFSENTRY" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS"
|
||||
ENABLED_NETWORK_INTROSPECTION_DEFAULT=yes
|
||||
else
|
||||
ENABLED_NETWORK_INTROSPECTION_DEFAULT=no
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
|
||||
fi
|
||||
|
||||
AC_ARG_WITH([wolfsentry-lib],
|
||||
|
@ -2536,25 +2533,6 @@ AC_SUBST([WOLFSENTRY_LIB])
|
|||
AC_SUBST([WOLFSENTRY_INCLUDE])
|
||||
|
||||
|
||||
# API for tracking network connection attributes
|
||||
AC_ARG_ENABLE([network-introspection],
|
||||
[AS_HELP_STRING([--enable-network-introspection],[Enable network connection attribute tracking and callbacks (default: disabled)])],
|
||||
[ ENABLED_NETWORK_INTROSPECTION=$enableval ],
|
||||
[ ENABLED_NETWORK_INTROSPECTION=$ENABLED_NETWORK_INTROSPECTION_DEFAULT ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_NETWORK_INTROSPECTION" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NETWORK_INTROSPECTION"
|
||||
fi
|
||||
|
||||
|
||||
if test "$ENABLED_WOLFSENTRY" = "yes" && test "$ENABLED_NETWORK_INTROSPECTION" != "yes"
|
||||
then
|
||||
AC_MSG_ERROR([--enable-wolfsentry requires --enable-network-introspection])
|
||||
fi
|
||||
|
||||
|
||||
if test "$ENABLED_QT" = "yes"
|
||||
then
|
||||
# Requires opensslextra and opensslall
|
||||
|
@ -6636,7 +6614,6 @@ echo " * Anonymous cipher: $ENABLED_ANON"
|
|||
echo " * CODING: $ENABLED_CODING"
|
||||
echo " * MEMORY: $ENABLED_MEMORY"
|
||||
echo " * I/O POOL: $ENABLED_IOPOOL"
|
||||
echo " * Connection tracking: $ENABLED_NETWORK_INTROSPECTION"
|
||||
echo " * wolfSentry: $ENABLED_WOLFSENTRY"
|
||||
echo " * LIGHTY: $ENABLED_LIGHTY"
|
||||
echo " * HAPROXY: $ENABLED_HAPROXY"
|
||||
|
|
|
@ -282,48 +282,83 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
|
||||
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
|
||||
const void *remote_addr2;
|
||||
const void *local_addr2;
|
||||
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
|
||||
int ret;
|
||||
struct {
|
||||
struct wolfsentry_sockaddr s;
|
||||
byte buf[16];
|
||||
} remote, local;
|
||||
wolfsentry_action_res_t action_results;
|
||||
struct wolfsentry_data {
|
||||
struct wolfsentry_sockaddr remote;
|
||||
byte remote_addrbuf[16];
|
||||
struct wolfsentry_sockaddr local;
|
||||
byte local_addrbuf[16];
|
||||
wolfsentry_route_flags_t flags;
|
||||
void *heap;
|
||||
int alloctype;
|
||||
};
|
||||
|
||||
(void)ssl;
|
||||
static void free_wolfsentry_data(struct wolfsentry_data *data) {
|
||||
char inet_ntop_buf[INET6_ADDRSTRLEN];
|
||||
fprintf(stderr, "free_wolfsentry_data() for remote %s:%d\n", inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf, sizeof inet_ntop_buf), data->remote.sa_port);
|
||||
XFREE(data, data->heap, data->alloctype);
|
||||
}
|
||||
|
||||
if ((ret = wolfSSL_get_endpoint_addrs(nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
|
||||
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
|
||||
static int wolfsentry_data_index = -1;
|
||||
|
||||
static int wolfsentry_store_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
SOCKADDR_IN_T *remote,
|
||||
SOCKADDR_IN_T *local,
|
||||
int proto,
|
||||
wolfsentry_route_flags_t flags)
|
||||
{
|
||||
struct wolfsentry_data *data = (struct wolfsentry_data *)XMALLOC(sizeof *data, NULL, DYNAMIC_TYPE_SOCKADDR);
|
||||
if (data == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
data->heap = NULL;
|
||||
data->alloctype = DYNAMIC_TYPE_SOCKADDR;
|
||||
|
||||
#ifdef TEST_IPV6
|
||||
if ((sizeof data->remote_addrbuf < sizeof remote->sin6_addr) ||
|
||||
(sizeof data->local_addrbuf < sizeof local->sin6_addr))
|
||||
return WOLFSSL_FAILURE;
|
||||
data->remote.sa_family = data->local.sa_family = remote->sin6_family;
|
||||
data->remote.sa_port = ntohs(remote->sin6_port);
|
||||
data->local.sa_port = ntohs(local->sin6_port);
|
||||
data->remote.addr_len = sizeof remote->sin6_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(data->remote.addr, &remote->sin6_addr, sizeof remote->sin6_addr);
|
||||
data->local.addr_len = sizeof local->sin6_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(data->local.addr, &local->sin6_addr, sizeof local->sin6_addr);
|
||||
#else
|
||||
if ((sizeof data->remote_addrbuf < sizeof remote->sin_addr) ||
|
||||
(sizeof data->local_addrbuf < sizeof local->sin_addr))
|
||||
return WOLFSSL_FAILURE;
|
||||
data->remote.sa_family = data->local.sa_family = remote->sin_family;
|
||||
data->remote.sa_port = ntohs(remote->sin_port);
|
||||
data->local.sa_port = ntohs(local->sin_port);
|
||||
data->remote.addr_len = sizeof remote->sin_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(data->remote.addr, &remote->sin_addr, sizeof remote->sin_addr);
|
||||
data->local.addr_len = sizeof local->sin_addr * BITS_PER_BYTE;
|
||||
XMEMCPY(data->local.addr, &local->sin_addr, sizeof local->sin_addr);
|
||||
#endif
|
||||
data->remote.sa_proto = data->local.sa_proto = proto;
|
||||
data->remote.interface = data->local.interface = 0;
|
||||
data->flags = flags;
|
||||
|
||||
if (wolfSSL_set_ex_data_with_cleanup(ssl, wolfsentry_data_index, data, (wolfSSL_ex_data_cleanup_routine_t)free_wolfsentry_data) != WOLFSSL_SUCCESS) {
|
||||
free_wolfsentry_data(data);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
|
||||
nc->family,
|
||||
nc->proto,
|
||||
nc->remote_port,
|
||||
nc->local_port,
|
||||
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
|
||||
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
|
||||
nc->interface);
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
remote.s.sa_family = nc->family;
|
||||
remote.s.sa_proto = nc->proto;
|
||||
remote.s.sa_port = nc->remote_port;
|
||||
remote.s.addr_len = nc->remote_addr_len;
|
||||
remote.s.interface = nc->interface;
|
||||
memcpy(remote.s.addr, remote_addr2, nc->remote_addr_len);
|
||||
static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfsentry_context *wolfsentry, wolfSSL_netfilter_decision_t *decision) {
|
||||
struct wolfsentry_data *data;
|
||||
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
|
||||
int ret;
|
||||
wolfsentry_action_res_t action_results;
|
||||
|
||||
local.s.sa_family = nc->family;
|
||||
local.s.sa_proto = nc->proto;
|
||||
local.s.sa_port = nc->local_port;
|
||||
local.s.addr_len = nc->local_addr_len;
|
||||
local.s.interface = nc->interface;
|
||||
memcpy(local.s.addr, local_addr2, nc->local_addr_len);
|
||||
if ((data = wolfSSL_get_ex_data(ssl, wolfsentry_data_index)) == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
ret = wolfsentry_route_event_dispatch(wolfsentry, &remote.s, &local.s, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
|
||||
ret = wolfsentry_route_event_dispatch(wolfsentry, &data->remote, &data->local, data->flags, NULL /* event_label */, 0 /* event_label_len */, NULL /* caller_context */, NULL /* id */, NULL /* inexact_matches */, &action_results);
|
||||
|
||||
if (ret == 0) {
|
||||
if (WOLFSENTRY_CHECK_BITS(action_results, WOLFSENTRY_ACTION_RES_REJECT))
|
||||
|
@ -332,8 +367,20 @@ static int wolfSentry_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network
|
|||
*decision = WOLFSSL_NETFILTER_ACCEPT;
|
||||
else
|
||||
*decision = WOLFSSL_NETFILTER_PASS;
|
||||
} else
|
||||
} else {
|
||||
printf("wolfsentry_route_event_dispatch error " WOLFSENTRY_ERROR_FMT, WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
*decision = WOLFSSL_NETFILTER_PASS;
|
||||
}
|
||||
|
||||
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d; decision=%d\n",
|
||||
data->remote.sa_family,
|
||||
data->remote.sa_proto,
|
||||
data->remote.sa_port,
|
||||
data->local.sa_port,
|
||||
inet_ntop(data->remote.sa_family, data->remote.addr, inet_ntop_buf, sizeof inet_ntop_buf),
|
||||
inet_ntop(data->local.sa_family, data->local.addr, inet_ntop_buf2, sizeof inet_ntop_buf2),
|
||||
data->remote.interface,
|
||||
*decision);
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
@ -1909,12 +1956,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
err_sys_ex(catastrophic, "unable to get ctx");
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
ret = wolfsentry_init(NULL /* allocator */, NULL /* timecbs */, 0 /* route_private_data_size */, 0 /* route_private_data_alignment */, &wolfsentry);
|
||||
ret = wolfsentry_init(NULL /* allocator */, NULL /* timecbs */, NULL /* default config */, &wolfsentry);
|
||||
if (ret != 0) {
|
||||
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
err_sys_ex(catastrophic, "unable to initialize wolfSentry");
|
||||
}
|
||||
|
||||
if (wolfsentry_data_index < 0)
|
||||
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||
|
||||
{
|
||||
struct wolfsentry_route_table *table;
|
||||
|
||||
|
@ -2333,6 +2383,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
ssl = SSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys_ex(catastrophic, "unable to create an SSL object");
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
wolfSSL_KeepArrays(ssl);
|
||||
#endif
|
||||
|
@ -2659,7 +2710,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
{
|
||||
SOCKADDR_IN_T local_addr;
|
||||
socklen_t local_len = sizeof(local_addr);
|
||||
|
@ -2668,62 +2719,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
if (((struct sockaddr *)&client_addr)->sa_family != ((struct sockaddr *)&local_addr)->sa_family)
|
||||
err_sys_ex(catastrophic, "client_addr.sa_family != local_addr.sa_family");
|
||||
|
||||
#ifdef TEST_IPV6
|
||||
|
||||
if ((ret = wolfSSL_set_endpoints(
|
||||
ssl,
|
||||
0 /* interface_id */,
|
||||
client_addr.sin6_family,
|
||||
IPPROTO_TCP,
|
||||
sizeof(client_addr.sin6_addr),
|
||||
(byte *)&client_addr.sin6_addr,
|
||||
(byte *)&local_addr.sin6_addr,
|
||||
client_addr.sin6_port,
|
||||
local_addr.sin6_port) != WOLFSSL_SUCCESS)) {
|
||||
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
|
||||
}
|
||||
|
||||
#else /* !TEST_IPV6 */
|
||||
|
||||
if ((ret = wolfSSL_set_endpoints(
|
||||
ssl,
|
||||
0 /* interface_id */,
|
||||
client_addr.sin_family,
|
||||
IPPROTO_TCP,
|
||||
sizeof(struct in_addr),
|
||||
(byte *)&client_addr.sin_addr,
|
||||
(byte *)&local_addr.sin_addr,
|
||||
client_addr.sin_port,
|
||||
local_addr.sin_port) != WOLFSSL_SUCCESS)) {
|
||||
printf("wolfSSL_set_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||
err_sys_ex(catastrophic, "error in wolfSSL_set_endpoints()");
|
||||
}
|
||||
|
||||
#endif /* TEST_IPV6 */
|
||||
|
||||
{
|
||||
const struct wolfSSL_network_connection *nc;
|
||||
const void *remote_addr2;
|
||||
const void *local_addr2;
|
||||
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
|
||||
|
||||
if ((ret = wolfSSL_get_endpoints(ssl, &nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
|
||||
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
|
||||
}
|
||||
|
||||
printf("stored connection attrs: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
|
||||
nc->family,
|
||||
nc->proto,
|
||||
nc->remote_port,
|
||||
nc->local_port,
|
||||
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
|
||||
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
|
||||
nc->interface);
|
||||
if (wolfsentry_store_endpoints(ssl, &client_addr, &local_addr, dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) != WOLFSSL_SUCCESS) {
|
||||
printf("wolfsentry_store_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||
err_sys_ex(catastrophic, "error in wolfsentry_store_endpoints()");
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
|
||||
|| needDH == 1) {
|
||||
|
|
|
@ -1892,6 +1892,14 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
|||
int i;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
wolfEventQueue_Free(&ctx->event_queue);
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
@ -6423,6 +6431,14 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
|||
* example with the RNG, it isn't used beyond the handshake except when
|
||||
* using stream ciphers where it is retained. */
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
FreeCiphers(ssl);
|
||||
FreeArrays(ssl, 0);
|
||||
FreeKeyExchange(ssl);
|
||||
|
@ -6465,12 +6481,6 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
|||
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
#endif
|
||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection))
|
||||
XFREE(ssl->buffers.network_connection.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection_layer2))
|
||||
XFREE(ssl->buffers.network_connection_layer2.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
XFREE(ssl->peerTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
|
|
468
src/ssl.c
468
src/ssl.c
|
@ -1013,215 +1013,6 @@ int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
|
|||
}
|
||||
#endif /* NO_CERTS */
|
||||
|
||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||
|
||||
/* all ints in host byte order, addresses in network order (big endian). */
|
||||
static WC_INLINE int wolfSSL_set_endpoints_1(
|
||||
WOLFSSL* ssl,
|
||||
struct wolfSSL_network_connection *nc,
|
||||
unsigned int interface_id,
|
||||
unsigned int family,
|
||||
unsigned int proto,
|
||||
unsigned int remote_addr_len,
|
||||
const byte *remote_addr,
|
||||
unsigned int local_addr_len,
|
||||
const byte *local_addr,
|
||||
unsigned int remote_port,
|
||||
unsigned int local_port)
|
||||
{
|
||||
size_t current_dynamic_alloc, needed_dynamic_alloc;
|
||||
|
||||
if ((ssl == NULL) || (nc == NULL) || (remote_addr_len == 0) || (local_addr_len == 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc))
|
||||
current_dynamic_alloc = nc->local_addr_len + nc->remote_addr_len;
|
||||
else
|
||||
current_dynamic_alloc = 0;
|
||||
|
||||
if (local_addr_len + remote_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
|
||||
needed_dynamic_alloc = local_addr_len + remote_addr_len;
|
||||
else
|
||||
needed_dynamic_alloc = 0;
|
||||
|
||||
nc->local_addr_len = nc->remote_addr_len = 0;
|
||||
|
||||
if (current_dynamic_alloc != needed_dynamic_alloc) {
|
||||
if (current_dynamic_alloc > 0)
|
||||
XFREE(nc->addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||
if (needed_dynamic_alloc > 0) {
|
||||
nc->addr_buffer_dynamic = (byte *)XMALLOC
|
||||
(needed_dynamic_alloc,
|
||||
ssl->heap,
|
||||
DYNAMIC_TYPE_SOCKADDR);
|
||||
if (nc->addr_buffer_dynamic == NULL)
|
||||
return MEMORY_E;
|
||||
}
|
||||
}
|
||||
|
||||
nc->family = family;
|
||||
nc->proto = proto;
|
||||
nc->remote_addr_len = remote_addr_len;
|
||||
nc->local_addr_len = local_addr_len;
|
||||
nc->interface = interface_id;
|
||||
nc->remote_port = remote_port;
|
||||
nc->local_port = local_port;
|
||||
|
||||
if (needed_dynamic_alloc == 0) {
|
||||
XMEMCPY(nc->addr_buffer, remote_addr, remote_addr_len);
|
||||
XMEMCPY(nc->addr_buffer + remote_addr_len, local_addr, local_addr_len);
|
||||
} else {
|
||||
XMEMCPY(nc->addr_buffer_dynamic, remote_addr, remote_addr_len);
|
||||
XMEMCPY((nc->addr_buffer_dynamic) + remote_addr_len, local_addr, local_addr_len);
|
||||
}
|
||||
nc->remote_addr_len = remote_addr_len;
|
||||
nc->local_addr_len = local_addr_len;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
int wolfSSL_set_endpoints(
|
||||
WOLFSSL* ssl,
|
||||
unsigned int interface_id,
|
||||
unsigned int family,
|
||||
unsigned int proto,
|
||||
unsigned int addr_len,
|
||||
const byte *remote_addr,
|
||||
const byte *local_addr,
|
||||
unsigned int remote_port,
|
||||
unsigned int local_port)
|
||||
{
|
||||
return wolfSSL_set_endpoints_1(
|
||||
ssl,
|
||||
&ssl->buffers.network_connection,
|
||||
interface_id,
|
||||
family,
|
||||
proto,
|
||||
addr_len,
|
||||
remote_addr,
|
||||
addr_len,
|
||||
local_addr,
|
||||
remote_port,
|
||||
local_port);
|
||||
}
|
||||
|
||||
int wolfSSL_set_endpoints_layer2(
|
||||
WOLFSSL* ssl,
|
||||
unsigned int interface_id,
|
||||
unsigned int family,
|
||||
unsigned int addr_len,
|
||||
const byte *remote_addr,
|
||||
const byte *local_addr)
|
||||
{
|
||||
return wolfSSL_set_endpoints_1(
|
||||
ssl,
|
||||
&ssl->buffers.network_connection_layer2,
|
||||
interface_id,
|
||||
family,
|
||||
0 /* proto */,
|
||||
addr_len,
|
||||
remote_addr,
|
||||
addr_len,
|
||||
local_addr,
|
||||
0 /* remote_port */,
|
||||
0 /* local_port */);
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
|
||||
const struct wolfSSL_network_connection *nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
if ((remote_addr == NULL) || (local_addr == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
if (nc->remote_addr_len == 0)
|
||||
return INCOMPLETE_DATA;
|
||||
|
||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc)) {
|
||||
*remote_addr = nc->addr_buffer_dynamic;
|
||||
*local_addr = nc->addr_buffer_dynamic + nc->remote_addr_len;
|
||||
} else {
|
||||
*remote_addr = nc->addr_buffer;
|
||||
*local_addr = nc->addr_buffer + nc->remote_addr_len;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
const struct wolfSSL_network_connection **nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
*nc = &ssl->buffers.network_connection;
|
||||
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
|
||||
WOLFSSL *ssl,
|
||||
const struct wolfSSL_network_connection **nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
*nc = &ssl->buffers.network_connection_layer2;
|
||||
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
|
||||
}
|
||||
|
||||
static WC_INLINE int wolfSSL_copy_endpoints_1(
|
||||
struct wolfSSL_network_connection *nc_src,
|
||||
struct wolfSSL_network_connection *nc_dst,
|
||||
size_t nc_dst_size,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
size_t nc_bufsiz;
|
||||
|
||||
if ((nc_dst == NULL) || (remote_addr == NULL) || (local_addr == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
if (nc_src->remote_addr_len == 0)
|
||||
return INCOMPLETE_DATA;
|
||||
|
||||
nc_bufsiz = WOLFSSL_NETWORK_CONNECTION_BUFSIZ(nc_src->remote_addr_len, nc_src->local_addr_len);
|
||||
if (nc_dst_size < nc_bufsiz)
|
||||
return BUFFER_E;
|
||||
XMEMCPY(nc_dst, nc_src, ((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0])));
|
||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc_src))
|
||||
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer_dynamic, nc_src->remote_addr_len + nc_src->local_addr_len);
|
||||
else
|
||||
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer, nc_src->remote_addr_len + nc_src->local_addr_len);
|
||||
*remote_addr = nc_dst->addr_buffer;
|
||||
*local_addr = nc_dst->addr_buffer + nc_dst->remote_addr_len;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_copy_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
struct wolfSSL_network_connection *nc,
|
||||
size_t nc_size,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection, nc, nc_size, remote_addr, local_addr);
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
|
||||
WOLFSSL *ssl,
|
||||
struct wolfSSL_network_connection *nc,
|
||||
size_t nc_size,
|
||||
const void **remote_addr,
|
||||
const void **local_addr)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection_layer2, nc, nc_size, remote_addr, local_addr);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
|
||||
|
@ -1238,8 +1029,6 @@ WOLFSSL_API int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t A
|
|||
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||
|
||||
#ifndef WOLFSSL_LEANPSK
|
||||
int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
|
||||
{
|
||||
|
@ -13126,17 +12915,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
|||
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
if (ssl->AcceptFilter && (ssl->buffers.network_connection.remote_addr_len > 0)) {
|
||||
if (ssl->AcceptFilter) {
|
||||
wolfSSL_netfilter_decision_t res;
|
||||
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
(res == WOLFSSL_NETFILTER_REJECT)) {
|
||||
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
if (ssl->AcceptFilter && (ssl->buffers.network_connection_layer2.remote_addr_len > 0)) {
|
||||
wolfSSL_netfilter_decision_t res;
|
||||
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection_layer2, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
(res == WOLFSSL_NETFILTER_REJECT)) {
|
||||
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
@ -16522,6 +16303,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||
/* unchain?, doesn't matter in goahead since from free all */
|
||||
WOLFSSL_ENTER("wolfSSL_BIO_free");
|
||||
if (bio) {
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&bio->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (bio->infoCb) {
|
||||
/* info callback is called before free */
|
||||
|
@ -18967,6 +18755,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
|
|||
|
||||
WOLFSSL_ENTER("ExternalFreeX509");
|
||||
if (x509) {
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&x509->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
if (x509->dynamicMemory) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
if (wc_LockMutex(&x509->refMutex) != 0) {
|
||||
|
@ -22167,6 +21962,14 @@ void FreeSession(WOLFSSL_SESSION* session, int isAlloced)
|
|||
if (session == NULL)
|
||||
return;
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
|
||||
if (session->peer) {
|
||||
wolfSSL_X509_free(session->peer);
|
||||
|
@ -24944,6 +24747,31 @@ int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
/* Set ex_data for WOLFSSL_BIO
|
||||
*
|
||||
* bio : BIO structure to set ex_data in
|
||||
* idx : Index of ex_data to set
|
||||
* data : Data to set in ex_data
|
||||
* cleanup_routine : Function pointer to clean up data
|
||||
*
|
||||
* Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
|
||||
*/
|
||||
int wolfSSL_BIO_set_ex_data_with_cleanup(
|
||||
WOLFSSL_BIO *bio,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_BIO_set_ex_data_with_cleanup");
|
||||
if (bio != NULL && idx < MAX_EX_DATA) {
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&bio->ex_data, idx, data,
|
||||
cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
/* Get ex_data in WOLFSSL_BIO at given index
|
||||
*
|
||||
* bio : BIO structure to get ex_data from
|
||||
|
@ -26263,7 +26091,18 @@ err_exit:
|
|||
|
||||
void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
|
||||
{
|
||||
if (store != NULL && store->isDynamic) {
|
||||
if (store == NULL)
|
||||
return;
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&store->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (store->isDynamic) {
|
||||
if (store->cm != NULL) {
|
||||
wolfSSL_CertManagerFree(store->cm);
|
||||
store->cm = NULL;
|
||||
|
@ -26288,6 +26127,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
|
|||
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get ex_data in WOLFSSL_STORE at given index
|
||||
* @param store a pointer to WOLFSSL_X509_STORE structure
|
||||
|
@ -26307,6 +26147,7 @@ void* wolfSSL_X509_STORE_get_ex_data(WOLFSSL_X509_STORE* store, int idx)
|
|||
#endif
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set ex_data for WOLFSSL_STORE
|
||||
* @param store a pointer to WOLFSSL_X509_STORE structure
|
||||
|
@ -26329,6 +26170,31 @@ int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
|
|||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
/**
|
||||
* Set ex_data for WOLFSSL_STORE
|
||||
* @param store a pointer to WOLFSSL_X509_STORE structure
|
||||
* @param idx Index of ex data to set
|
||||
* @param data Data to set in ex data
|
||||
* @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
|
||||
*/
|
||||
int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
|
||||
WOLFSSL_X509_STORE* store,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data_with_cleanup");
|
||||
if (store != NULL && idx < MAX_EX_DATA) {
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&store->ex_data, idx,
|
||||
data, cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
@ -26450,6 +26316,13 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
|
|||
{
|
||||
WOLFSSL_ENTER("X509_STORE_CTX_free");
|
||||
if (ctx != NULL) {
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ctx->param != NULL){
|
||||
XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
|
||||
|
@ -27808,6 +27681,25 @@ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
/* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
|
||||
* on success, WOLFSSL_FAILURE on error. */
|
||||
int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
|
||||
WOLFSSL_X509_STORE_CTX* ctx,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
|
||||
if (ctx != NULL)
|
||||
{
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
|
||||
cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
|
||||
void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
|
||||
{
|
||||
|
@ -40532,6 +40424,22 @@ int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data)
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_RSA_set_ex_data_with_cleanup(
|
||||
WOLFSSL_RSA *rsa,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data_with_cleanup");
|
||||
if (rsa) {
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, data,
|
||||
cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
|
||||
WOLFSSL_BIGNUM *d)
|
||||
{
|
||||
|
@ -44915,9 +44823,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
|
|||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if ((defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && defined(HAVE_EX_DATA)) || \
|
||||
defined(FORTRESS) || \
|
||||
defined(WOLFSSL_WPAS_SMALL)
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
|
||||
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
|
||||
|
@ -44985,7 +44891,24 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#endif /* ((OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && HAVE_EX_DATA) || FORTRESS || WOLFSSL_WPAS_SMALL */
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_CTX_set_ex_data_with_cleanup(
|
||||
WOLFSSL_CTX* ctx,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup");
|
||||
if (ctx != NULL)
|
||||
{
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
|
||||
cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
#endif /* defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL) */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
|
@ -45037,6 +44960,23 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_set_ex_data_with_cleanup(
|
||||
WOLFSSL* ssl,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_set_ex_data_with_cleanup");
|
||||
if (ssl != NULL)
|
||||
{
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ssl->ex_data, idx, data,
|
||||
cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_get_ex_data");
|
||||
|
@ -46663,6 +46603,22 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
|
|||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_SESSION_set_ex_data_with_cleanup(
|
||||
WOLFSSL_SESSION* session,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup");
|
||||
if(session != NULL) {
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx,
|
||||
data, cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
|
||||
|
@ -48869,8 +48825,8 @@ void wolfSSL_OPENSSL_config(char *config_name)
|
|||
#endif /* !NO_WOLFSSL_STUB */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
#if defined(HAVE_EX_DATA) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
|
||||
int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
|
||||
{
|
||||
|
@ -48887,8 +48843,6 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(WOLFSSL_WPAS_SMALL)
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
|
||||
void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
|
||||
{
|
||||
|
@ -48909,6 +48863,13 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *d
|
|||
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
|
||||
#ifdef MAX_EX_DATA
|
||||
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
if (ex_data->ex_data_cleanup_routines[idx]) {
|
||||
if (ex_data->ex_data[idx])
|
||||
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
|
||||
ex_data->ex_data_cleanup_routines[idx] = NULL;
|
||||
}
|
||||
#endif
|
||||
ex_data->ex_data[idx] = data;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
@ -48919,8 +48880,30 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *d
|
|||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
|
||||
WOLFSSL_CRYPTO_EX_DATA* ex_data,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data_with_cleanup");
|
||||
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
||||
if (ex_data->ex_data_cleanup_routines[idx] && ex_data->ex_data[idx])
|
||||
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
|
||||
ex_data->ex_data[idx] = data;
|
||||
ex_data->ex_data_cleanup_routines[idx] = cleanup_routine;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
#endif /* HAVE_EX_DATA || FORTRESS */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(WOLFSSL_WPAS_SMALL)
|
||||
void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
|
||||
|
@ -48950,6 +48933,24 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
|
|||
#endif
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
int wolfSSL_X509_set_ex_data_with_cleanup(
|
||||
X509 *x509,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_set_ex_data_with_cleanup");
|
||||
if (x509 != NULL)
|
||||
{
|
||||
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&x509->ex_data, idx,
|
||||
data, cleanup_routine);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
|
||||
|
@ -53457,6 +53458,13 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
|
|||
WOLFSSL_ENTER("wolfSSL_RSA_free");
|
||||
|
||||
if (rsa) {
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < MAX_EX_DATA; ++idx)
|
||||
(void)wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, NULL, NULL);
|
||||
}
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
int doFree = 0;
|
||||
if (wc_LockMutex(&rsa->refMutex) != 0) {
|
||||
|
|
12
src/tls13.c
12
src/tls13.c
|
@ -8357,17 +8357,9 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||
}
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
if (ssl->AcceptFilter && (ssl->buffers.network_connection.remote_addr_len > 0)) {
|
||||
if (ssl->AcceptFilter) {
|
||||
wolfSSL_netfilter_decision_t res;
|
||||
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
(res == WOLFSSL_NETFILTER_REJECT)) {
|
||||
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
if (ssl->AcceptFilter && (ssl->buffers.network_connection_layer2.remote_addr_len > 0)) {
|
||||
wolfSSL_netfilter_decision_t res;
|
||||
if ((ssl->AcceptFilter(ssl, &ssl->buffers.network_connection_layer2, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&
|
||||
(res == WOLFSSL_NETFILTER_REJECT)) {
|
||||
WOLFSSL_ERROR(ssl->error = SOCKET_FILTERED_E);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
|
|
@ -3449,11 +3449,6 @@ typedef struct Buffers {
|
|||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||
buffer tls13CookieSecret; /* HRR cookie secret */
|
||||
#endif
|
||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||
struct wolfSSL_network_connection network_connection;
|
||||
struct wolfSSL_network_connection network_connection_layer2;
|
||||
#define WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(x) ((x).remote_addr_len + (x).local_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
|
|
@ -152,7 +152,13 @@ WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa);
|
|||
|
||||
WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx);
|
||||
WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data);
|
||||
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
|
||||
WOLFSSL_RSA *rsa,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
|
||||
#define WOLFSSL_RSA_LOAD_PRIVATE 1
|
||||
#define WOLFSSL_RSA_LOAD_PUBLIC 2
|
||||
|
|
140
wolfssl/ssl.h
140
wolfssl/ssl.h
|
@ -1141,79 +1141,7 @@ WOLFSSL_API int wolfSSL_export_keying_material(WOLFSSL *ssl,
|
|||
int use_context);
|
||||
#endif /* HAVE_KEYING_MATERIAL */
|
||||
|
||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||
|
||||
#ifndef WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES
|
||||
#define WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES 32 /* enough for 2 IPv6 addresses. */
|
||||
#endif
|
||||
|
||||
struct wolfSSL_network_connection {
|
||||
word16 family;
|
||||
word16 proto;
|
||||
word16 remote_port;
|
||||
word16 local_port;
|
||||
word16 remote_addr_len;
|
||||
word16 local_addr_len;
|
||||
byte interface;
|
||||
union {
|
||||
byte addr_buffer[WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES];
|
||||
byte *addr_buffer_dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
#define WOLFSSL_NETWORK_CONNECTION_BUFSIZ(remote_addr_len, local_addr_len) \
|
||||
((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0]) + \
|
||||
(remote_addr_len) + (local_addr_len));
|
||||
|
||||
WOLFSSL_API int wolfSSL_set_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
unsigned int interface_id,
|
||||
unsigned int family,
|
||||
unsigned int proto,
|
||||
unsigned int addr_len,
|
||||
const byte *remote_addr,
|
||||
const byte *local_addr,
|
||||
unsigned int remote_port,
|
||||
unsigned int local_port);
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
|
||||
const struct wolfSSL_network_connection *nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr);
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
const struct wolfSSL_network_connection **nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr);
|
||||
|
||||
WOLFSSL_API int wolfSSL_copy_endpoints(
|
||||
WOLFSSL *ssl,
|
||||
struct wolfSSL_network_connection *nc,
|
||||
size_t nc_size,
|
||||
const void **remote_addr,
|
||||
const void **local_addr);
|
||||
|
||||
WOLFSSL_API int wolfSSL_set_endpoints_layer2(
|
||||
WOLFSSL *ssl,
|
||||
unsigned int interface_id,
|
||||
unsigned int family,
|
||||
unsigned int addr_len,
|
||||
const byte *remote_addr,
|
||||
const byte *local_addr);
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
|
||||
WOLFSSL *ssl,
|
||||
const struct wolfSSL_network_connection **nc,
|
||||
const void **remote_addr,
|
||||
const void **local_addr);
|
||||
|
||||
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
|
||||
WOLFSSL *ssl,
|
||||
struct wolfSSL_network_connection *nc,
|
||||
size_t nc_size,
|
||||
const void **remote_addr,
|
||||
const void **local_addr);
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
|
||||
typedef enum {
|
||||
WOLFSSL_NETFILTER_PASS = 0,
|
||||
|
@ -1221,13 +1149,11 @@ typedef enum {
|
|||
WOLFSSL_NETFILTER_REJECT = 2
|
||||
} wolfSSL_netfilter_decision_t;
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
typedef int (*NetworkFilterCallback_t)(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, void *ctx, wolfSSL_netfilter_decision_t *decision);
|
||||
typedef int (*NetworkFilterCallback_t)(WOLFSSL *ssl, void *AcceptFilter_arg, wolfSSL_netfilter_decision_t *decision);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
|
||||
WOLFSSL_API int wolfSSL_set_AcceptFilter(WOLFSSL *ssl, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg);
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
/* Nonblocking DTLS helper functions */
|
||||
WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
|
||||
|
@ -1355,6 +1281,13 @@ WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSI
|
|||
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
|
||||
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
|
||||
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
|
||||
WOLFSSL* ssl,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int);
|
||||
WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int);
|
||||
|
@ -1437,6 +1370,13 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
|
|||
WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
|
||||
WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags);
|
||||
WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup(
|
||||
WOLFSSL_BIO *bio,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx);
|
||||
WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long);
|
||||
|
||||
|
@ -1761,10 +1701,24 @@ WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
|
|||
WOLFSSL_X509_STORE_CTX* ctx, int idx);
|
||||
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
|
||||
int idx, void *data);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
|
||||
WOLFSSL_X509_STORE_CTX* ctx,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API void* wolfSSL_X509_STORE_get_ex_data(
|
||||
WOLFSSL_X509_STORE* store, int idx);
|
||||
WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store,
|
||||
int idx, void *data);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
|
||||
WOLFSSL_X509_STORE* store,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
|
||||
int depth);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
|
||||
|
@ -2323,10 +2277,17 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *s
|
|||
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
|
||||
|
||||
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
|
||||
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL))
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL)
|
||||
|
||||
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
|
||||
int idx);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
|
||||
WOLFSSL_CRYPTO_EX_DATA* ex_data,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
|
||||
void *data);
|
||||
#endif
|
||||
|
@ -2334,6 +2295,13 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int
|
|||
/* stunnel 4.28 needs */
|
||||
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
|
||||
WOLFSSL_CTX* ctx,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
|
||||
WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
|
||||
WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
|
||||
|
@ -3992,6 +3960,13 @@ WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT
|
|||
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
|
||||
WOLFSSL_SESSION* session,
|
||||
int idx,
|
||||
void* data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|
||||
|
@ -4141,6 +4116,13 @@ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
|
|||
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
|
||||
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
|
||||
void *data);
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
|
||||
X509 *x509,
|
||||
int idx,
|
||||
void *data,
|
||||
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
|
||||
#endif
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|
|
|
@ -48,8 +48,14 @@ decouple library dependencies with standard string, memory and so on.
|
|||
* (with minimal depencencies).
|
||||
*/
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data);
|
||||
#endif
|
||||
typedef struct WOLFSSL_CRYPTO_EX_DATA {
|
||||
void* ex_data[MAX_EX_DATA];
|
||||
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
|
||||
wolfSSL_ex_data_cleanup_routine_t ex_data_cleanup_routines[MAX_EX_DATA];
|
||||
#endif
|
||||
} WOLFSSL_CRYPTO_EX_DATA;
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in New Issue