Support for building without wolfssl/openssl header files #8182
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Retest this please |
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test. * Fix cast warning with `HAVE_EX_DATA` in Windows VS. * Fix openssl_extra without PKCS12. * Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`. * Grouped the EX data API's in ssl.h * Moved API's in ssl.h to separate the compatibility ones from ours.
dgarske
force-pushed
the
no_compat_headers
branch
from
3eab871
to
ef67b1c
Compare
dgarske
commented
Nov 20, 2024
| @@ -1120,7 +1120,9 @@ static int TlsSessionCacheGetAndLock(const byte *id, | |||
| #else | |||
| s = &sessRow->Sessions[idx]; | |||
| #endif | |||
| if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) { | |||
| /* match session ID value and length */ | |||
| if (s && s->sessionIDSz == ID_LEN && s->side == side && | |||
There was a problem hiding this comment.
@julek-wolfssl , please review this change. I spent over 8 hours tracking down this long standing bug. Occasionally this would be called with a session id of 0's and return an old released session and messing up the ex_data. The only solution I could find was to also check sessionIDSz since it is set to 0 when the session is released.
4 tasks
JacobBarthelmeh
previously approved these changes
Nov 20, 2024
There was a problem hiding this comment.
Nice refactor!
The only thing that I had to bring up is that this slightly increases the code size of the OPENSSL_EXTRA_X509_SMALL build. Adding the API's
wolfSSL_CTX_get_ex_data
wolfSSL_CTX_set_ex_data
Tested with ./configure --enable-opensslextra=x509small --enable-static --disable-shared && make && nm ./src/.libs/libwolfssl.a
dgarske
added a commit
to dgarske/wolfssl
that referenced
this pull request
Nov 21, 2024
…ue with wolfEngine and wolfProvider. Change behavior for openssl compatibility headers to be installed unless `--enable-opensslextra=noinstall` is used. Removed dependency on X509 small with SESSION_CERTS, KEEP_PEER_CERTS and KEEP_OUR_CERT.
dgarske
added a commit
to dgarske/wolfssl
that referenced
this pull request
Nov 21, 2024
…ue with wolfEngine and wolfProvider. Change behavior for openssl compatibility headers to be installed unless `--enable-opensslextra=noinstall` is used. Removed dependency on X509 small with SESSION_CERTS, KEEP_PEER_CERTS and KEEP_OUR_CERT.
4 tasks
bandi13
pushed a commit
to bandi13/wolfssl
that referenced
this pull request
Nov 22, 2024
In PR wolfSSL#8182 this line was accidentally wrapped in `#ifdef OPENSSL_EXTRA`
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Support for building without wolfssl/openssl header files.
TlsSessionCacheGetAndLockthat was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue withtest_wolfSSL_CTX_sess_set_remove_cbtest.HAVE_SECRET_CALLBACKonly.HAVE_EX_DATAin Windows VS.HAVE_EX_DATA_CRYPTO.Fixes ZD 18465
Testing
Support building with wolfssl/openssl/*.h files removed.
Checklist