From: Viktor Szakats <commit@vsz.me>
Date: Fri, 5 Dec 2025 13:53:35 +0000 (+0100)
Subject: wolfssl: fix possible assert with `!HAVE_NO_EX` wolfSSL builds
X-Git-Tag: rc-8_18_0-2~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc5c1553fbdb8c1391d0cf81134583ee32da64d4;p=thirdparty%2Fcurl.git

wolfssl: fix possible assert with `!HAVE_NO_EX` wolfSSL builds

Without this option `wolfSSL_get_app_data()` always returns NULL.
Disable codepaths using it (and its `set` pair) when curl is built
against a wolfSSL library with this option missing.

Fixing:
```
curl: ../../lib/vtls/wolfssl.c:486: wssl_vtls_new_session_cb: Assertion `cf != ((void *)0)' failed.
```

wolfSSL can be built with the `--enable-context-extra-user-data` or
`-DWOLFSSL_EX_DATA` option to enable this feature. Some higher-level
features also enable it automatically like QUIC, ASIO.

Reported-by: Yedaya Katsman
Bug: https://github.com/curl/curl/pull/19816#issuecomment-3606447845
Ref: https://github.com/curl/curl/actions/runs/19871780796/job/56949160740

Closes #19852
---

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index d4d586b0ea..0c47e9c2ee 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -414,6 +414,7 @@ static void wssl_bio_cf_free_methods(void)
 
 #endif /* !USE_BIO_CHAIN */
 
+#ifdef HAVE_EX_DATA
 CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                  struct Curl_easy *data,
                                  const char *ssl_peer_key,
@@ -497,6 +498,7 @@ static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
   }
   return 0;
 }
+#endif
 
 static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf,
                                       struct Curl_easy *data,
@@ -1260,10 +1262,12 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
   }
 #endif
 
+#ifdef HAVE_EX_DATA
   if(Curl_ssl_scache_use(cf, data) && (transport != TRNSPRT_QUIC)) {
     /* Register to get notified when a new session is received */
     wolfSSL_CTX_sess_set_new_cb(wctx->ssl_ctx, wssl_vtls_new_session_cb);
   }
+#endif
 
   if(cb_setup) {
     result = cb_setup(cf, data, cb_user_data);
@@ -1304,7 +1308,11 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
     goto out;
   }
 
+#ifdef HAVE_EX_DATA
   wolfSSL_set_app_data(wctx->ssl, ssl_user_data);
+#else
+  (void)ssl_user_data;
+#endif
 #ifdef WOLFSSL_QUIC
   if(transport == TRNSPRT_QUIC)
     wolfSSL_set_quic_use_legacy_codepoint(wctx->ssl, 0);
diff --git a/lib/vtls/wolfssl.h b/lib/vtls/wolfssl.h
index 5e3c9e2c5d..736da9a1a6 100644
--- a/lib/vtls/wolfssl.h
+++ b/lib/vtls/wolfssl.h
@@ -75,6 +75,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
                                     struct Curl_easy *data,
                                     struct wssl_ctx *wssl);
 
+#ifdef HAVE_EX_DATA
 CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                  struct Curl_easy *data,
                                  const char *ssl_peer_key,
@@ -83,6 +84,7 @@ CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                  const char *alpn,
                                  unsigned char *quic_tp,
                                  size_t quic_tp_len);
+#endif
 
 CURLcode Curl_wssl_verify_pinned(struct Curl_cfilter *cf,
                                  struct Curl_easy *data,