Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear #5468

Merged
merged 1 commit into from
Aug 17, 2022
Merged

Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear #5468

merged 1 commit into from
Aug 17, 2022

Conversation

SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Aug 15, 2022
edited by dgarske
Loading

Description

Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear. The ssl->arrays and ssl->rng fields (as well as a few options bits) needed to be cleared to enable this use-case.

Fixes ZD14659

Testing

Patched example server and client to use wolfSSL_clear:

diff --git a/examples/client/client.c b/examples/client/client.c
index 1d12aa6bf..152988d86 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -4190,12 +4190,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     wolfSSL_PrintStatsConn(&ssl_stats);
 #endif

-    wolfSSL_free(ssl); ssl = NULL;
+    if (!resumeSession) {
+        wolfSSL_free(ssl); ssl = NULL;
+    }
     CloseSocket(sockfd);

 #ifndef NO_SESSION_CACHE
     if (resumeSession) {
+    #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+        /* test re-use of wolfSSL session via wolfSSL_clear */
+        wolfSSL_clear(ssl);
+        sslResume = ssl;
+    #else
         sslResume = wolfSSL_new(ctx);
+    #endif
         if (sslResume == NULL) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
             err_sys("unable to get SSL object");
diff --git a/examples/server/server.c b/examples/server/server.c
index 049986b97..b1e4fcf18 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -2764,7 +2764,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         SetupPkCallbacks(ctx);
 #endif

-    ssl = SSL_new(ctx);
+    if (ssl == NULL) {
+        ssl = SSL_new(ctx);
+    }
     if (ssl == NULL)
         err_sys_ex(catastrophic, "unable to create an SSL object");

@@ -3515,7 +3517,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         wolfSSL_PrintStatsConn(&ssl_stats);

 #endif
+
+    #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+        /* test re-use of wolfSSL session via wolfSSL_clear */
+        wolfSSL_clear(ssl);
+    #else
         SSL_free(ssl); ssl = NULL;
+    #endif

         CloseSocket(clientfd);

@@ -3531,6 +3539,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         }
     } /* while(1) */

+    SSL_free(ssl); ssl = NULL;
+
     WOLFSSL_TIME(cnt);
     (void)cnt;

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@SparkiDev SparkiDev self-assigned this Aug 15, 2022
@dgarske dgarske assigned dgarske and unassigned SparkiDev Aug 15, 2022
@dgarske dgarske changed the title wolfSSL_clear: fixups Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear Aug 15, 2022
@dgarske
Copy link
Contributor

dgarske commented Aug 15, 2022

This is not ready: Need to review --enable-asynccrypt use case

And:

./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r -2
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 -2

@dgarske dgarske requested a review from cconlon August 16, 2022 21:52
@dgarske dgarske removed their assignment Aug 17, 2022
@cconlon cconlon merged commit 91a49da into wolfSSL:master Aug 17, 2022
maxammann
maxammann approved these changes Aug 18, 2022
View reviewed changes
Copy link

@maxammann maxammann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@embhorn embhorn mentioned this pull request Sep 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cconlon cconlon cconlon approved these changes

@maxammann maxammann maxammann approved these changes

Assignees

@cconlon cconlon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@SparkiDev @dgarske @cconlon @maxammann