forked from wolfSSL/wolfssl
persistant X509 struct with ssl session
This commit is contained in:
Jacob Barthelmeh
@@ -643,6 +643,11 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
||||
#ifndef NO_CERTS
|
||||
FreeDer(&ctx->privateKey);
|
||||
FreeDer(&ctx->certificate);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ctx->ourCert) {
|
||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||
}
|
||||
#endif
|
||||
FreeDer(&ctx->certChain);
|
||||
wolfSSL_CertManagerFree(ctx->cm);
|
||||
#endif
|
||||
@@ -1692,6 +1697,8 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
|
||||
name->dynamicName = 0;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
||||
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
||||
name->x509 = NULL;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
}
|
||||
@@ -4846,6 +4853,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
XMEMCPY(x509->issuer.fullName.fullName,
|
||||
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
||||
}
|
||||
x509->issuer.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||
@@ -4861,6 +4869,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
XMEMCPY(x509->subject.fullName.fullName,
|
||||
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
||||
}
|
||||
x509->subject.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
||||
|
||||
121
src/ssl.c
121
src/ssl.c
@@ -3469,13 +3469,33 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
/* Make sure previous is free'd */
|
||||
if (ssl->buffers.weOwnCert) {
|
||||
FreeDer(&ssl->buffers.certificate);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ssl->ourCert) {
|
||||
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
|
||||
#ifdef OPENSSL_EXTRA
|
||||
ssl->ourCert = wolfSSL_X509_d2i(NULL,
|
||||
ssl->buffers.certificate->buffer,
|
||||
ssl->buffers.certificate->length);
|
||||
#endif
|
||||
ssl->buffers.weOwnCert = 1;
|
||||
}
|
||||
else if (ctx) {
|
||||
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ctx->ourCert) {
|
||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||
}
|
||||
#endif
|
||||
XMEMCPY(&ctx->certificate, &der, sizeof(der));
|
||||
#ifdef OPENSSL_EXTRA
|
||||
ctx->ourCert = wolfSSL_X509_d2i(NULL,
|
||||
ctx->certificate->buffer,
|
||||
ctx->certificate->length);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else if (type == PRIVATEKEY_TYPE) {
|
||||
@@ -8021,6 +8041,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
if (ssl->buffers.weOwnCert) {
|
||||
WOLFSSL_MSG("Unloading cert");
|
||||
FreeDer(&ssl->buffers.certificate);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ssl->ourCert) {
|
||||
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
}
|
||||
#endif
|
||||
ssl->buffers.weOwnCert = 0;
|
||||
}
|
||||
|
||||
@@ -10280,10 +10305,11 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
|
||||
}
|
||||
|
||||
|
||||
WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY* in)
|
||||
WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
|
||||
WOLFSSL_X509_NAME_ENTRY* in)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
|
||||
return in->value;
|
||||
return &in->value;
|
||||
}
|
||||
|
||||
|
||||
@@ -10735,14 +10761,21 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
|
||||
#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
|
||||
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||
{
|
||||
DerBuffer* cert;
|
||||
|
||||
if (ssl == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cert = ssl->buffers.certificate;
|
||||
return wolfSSL_X509_d2i(NULL, cert->buffer, cert->length);
|
||||
if (ssl->buffers.weOwnCert) {
|
||||
return ssl->ourCert;
|
||||
}
|
||||
else { /* if cert not owned get parent ctx cert or return null */
|
||||
if (ssl->ctx) {
|
||||
return ssl->ctx->ourCert;
|
||||
}
|
||||
else {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#endif /* NO_CERTS */
|
||||
@@ -17169,15 +17202,10 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
|
||||
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
|
||||
WOLFSSL_X509_NAME *name, int loc) {
|
||||
|
||||
int maxLoc = name->fullName.fullNameLen;
|
||||
char* data = NULL;
|
||||
int length;
|
||||
int type;
|
||||
|
||||
WOLFSSL_ASN1_STRING* asnStr;
|
||||
WOLFSSL_X509_NAME_ENTRY* ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
|
||||
|
||||
@@ -17186,74 +17214,23 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY), NULL, DYNAMIC_TYPE_X509);
|
||||
if (ret == NULL) {
|
||||
return ret;
|
||||
}
|
||||
asnStr = XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
|
||||
DYNAMIC_TYPE_X509);
|
||||
if (asnStr == NULL) {
|
||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
||||
ret = NULL;
|
||||
}
|
||||
|
||||
/* initialize both structures */
|
||||
XMEMSET(ret, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
||||
XMEMSET(asnStr, 0, sizeof(WOLFSSL_ASN1_STRING));
|
||||
|
||||
/* common name index case */
|
||||
if (loc == name->fullName.cnIdx) {
|
||||
length = name->fullName.cnLen;
|
||||
data = name->fullName.fullName + loc;
|
||||
type = ASN_COMMON_NAME;
|
||||
/* get CN shortcut from x509 since it has null terminator */
|
||||
name->cnEntry.value.data = name->x509->subjectCN;
|
||||
name->cnEntry.value.length = name->fullName.cnLen;
|
||||
name->cnEntry.value.type = ASN_COMMON_NAME;
|
||||
name->cnEntry.set = 1;
|
||||
return &(name->cnEntry);
|
||||
}
|
||||
|
||||
/* additionall cases to check for go here */
|
||||
|
||||
|
||||
if (data == NULL) {
|
||||
WOLFSSL_MSG("Index not found");
|
||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
||||
ret = NULL;
|
||||
}
|
||||
else {
|
||||
asnStr->data = XMALLOC(length + 1, NULL, DYNAMIC_TYPE_X509);
|
||||
if (asnStr->data == NULL) {
|
||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
||||
ret = NULL;
|
||||
}
|
||||
|
||||
/* check bounds before copying from fullName */
|
||||
if (loc + length > maxLoc) {
|
||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
||||
ret = NULL;
|
||||
}
|
||||
|
||||
if (ret != NULL) {
|
||||
XMEMCPY(asnStr->data, data, length);
|
||||
asnStr->data[length] = 0;
|
||||
asnStr->length = length;
|
||||
asnStr->type = type;
|
||||
asnStr->flags = 0;
|
||||
|
||||
ret->object = NULL;
|
||||
ret->value = asnStr;
|
||||
ret->set = 1;
|
||||
ret->size = asnStr->length + sizeof(WOLFSSL_ASN1_STRING) +
|
||||
sizeof(WOLFSSL_X509_NAME_ENTRY);
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Entry not found or implemented");
|
||||
(void)name;
|
||||
(void)loc;
|
||||
(void)data;
|
||||
(void)type;
|
||||
(void)length;
|
||||
|
||||
return ret;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
@@ -45,6 +45,9 @@
|
||||
#endif
|
||||
#ifndef NO_ASN
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#include <wolfssl/openssl/asn1.h> /* for asn1 string and bit struct */
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
#include <wolfssl/wolfcrypt/md5.h>
|
||||
@@ -1898,6 +1901,9 @@ struct WOLFSSL_CTX {
|
||||
/* chain after self, in DER, with leading size for each cert */
|
||||
DerBuffer* privateKey;
|
||||
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
|
||||
#endif
|
||||
Suites* suites; /* make dynamic, user may not need/set */
|
||||
void* heap; /* for user memory overrides */
|
||||
@@ -2432,6 +2438,16 @@ typedef struct Arrays {
|
||||
#define MAX_DATE_SZ 32
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
struct WOLFSSL_X509_NAME_ENTRY {
|
||||
WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
|
||||
WOLFSSL_ASN1_STRING value;
|
||||
int set;
|
||||
int size;
|
||||
};
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
|
||||
struct WOLFSSL_X509_NAME {
|
||||
char *name;
|
||||
char staticName[ASN_NAME_MAX];
|
||||
@@ -2439,6 +2455,8 @@ struct WOLFSSL_X509_NAME {
|
||||
int sz;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
|
||||
DecodedName fullName;
|
||||
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
};
|
||||
|
||||
@@ -2717,6 +2735,11 @@ struct WOLFSSL {
|
||||
#ifdef KEEP_PEER_CERT
|
||||
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
|
||||
points to ctx if not owned (owned
|
||||
flag found in buffers.weOwnCert) */
|
||||
#endif
|
||||
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
|
||||
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
|
||||
#endif
|
||||
|
||||
@@ -1649,14 +1649,6 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
|
||||
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
|
||||
|
||||
#ifdef OPENSSL_EXTRA /*lighttp compatibility */
|
||||
|
||||
typedef struct WOLFSSL_X509_NAME_ENTRY {
|
||||
WOLFSSL_ASN1_OBJECT* object;
|
||||
WOLFSSL_ASN1_STRING* value;
|
||||
int set;
|
||||
int size;
|
||||
} WOLFSSL_X509_NAME_ENTRY;
|
||||
|
||||
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
|
||||
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
|
||||
|
||||
Reference in New Issue
Block a user