diff --git a/src/internal.c b/src/internal.c index 8694c2329..3eff4849f 100755 --- a/src/internal.c +++ b/src/internal.c @@ -643,6 +643,11 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #ifndef NO_CERTS FreeDer(&ctx->privateKey); FreeDer(&ctx->certificate); + #ifdef OPENSSL_EXTRA + if (ctx->ourCert) { + XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); + } + #endif FreeDer(&ctx->certChain); wolfSSL_CertManagerFree(ctx->cm); #endif @@ -1692,6 +1697,8 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) name->dynamicName = 0; #ifdef OPENSSL_EXTRA XMEMSET(&name->fullName, 0, sizeof(DecodedName)); + XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); + name->x509 = NULL; #endif /* OPENSSL_EXTRA */ } } @@ -4846,6 +4853,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->issuer.fullName.fullName, dCert->issuerName.fullName, dCert->issuerName.fullNameLen); } + x509->issuer.x509 = x509; #endif /* OPENSSL_EXTRA */ XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); @@ -4861,6 +4869,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->subject.fullName.fullName, dCert->subjectName.fullName, dCert->subjectName.fullNameLen); } + x509->subject.x509 = x509; #endif /* OPENSSL_EXTRA */ XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); diff --git a/src/ssl.c b/src/ssl.c index ead0271f2..0a16cf123 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3469,13 +3469,33 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* Make sure previous is free'd */ if (ssl->buffers.weOwnCert) { FreeDer(&ssl->buffers.certificate); + #ifdef OPENSSL_EXTRA + if (ssl->ourCert) { + XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); + } + #endif } XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der)); + #ifdef OPENSSL_EXTRA + ssl->ourCert = wolfSSL_X509_d2i(NULL, + ssl->buffers.certificate->buffer, + ssl->buffers.certificate->length); + #endif ssl->buffers.weOwnCert = 1; } else if (ctx) { FreeDer(&ctx->certificate); /* Make sure previous is free'd */ + #ifdef OPENSSL_EXTRA + if (ctx->ourCert) { + XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); + } + #endif XMEMCPY(&ctx->certificate, &der, sizeof(der)); + #ifdef OPENSSL_EXTRA + ctx->ourCert = wolfSSL_X509_d2i(NULL, + ctx->certificate->buffer, + ctx->certificate->length); + #endif } } else if (type == PRIVATEKEY_TYPE) { @@ -8021,6 +8041,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ssl->buffers.weOwnCert) { WOLFSSL_MSG("Unloading cert"); FreeDer(&ssl->buffers.certificate); + #ifdef OPENSSL_EXTRA + if (ssl->ourCert) { + XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); + } + #endif ssl->buffers.weOwnCert = 0; } @@ -10280,10 +10305,11 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } - WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY* in) + WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data( + WOLFSSL_X509_NAME_ENTRY* in) { WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data"); - return in->value; + return &in->value; } @@ -10735,14 +10761,21 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) { - DerBuffer* cert; - if (ssl == NULL) { return NULL; } - cert = ssl->buffers.certificate; - return wolfSSL_X509_d2i(NULL, cert->buffer, cert->length); + if (ssl->buffers.weOwnCert) { + return ssl->ourCert; + } + else { /* if cert not owned get parent ctx cert or return null */ + if (ssl->ctx) { + return ssl->ctx->ourCert; + } + else { + return NULL; + } + } } #endif /* OPENSSL_EXTRA */ #endif /* NO_CERTS */ @@ -17169,15 +17202,10 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) { + WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( + WOLFSSL_X509_NAME *name, int loc) { int maxLoc = name->fullName.fullNameLen; - char* data = NULL; - int length; - int type; - - WOLFSSL_ASN1_STRING* asnStr; - WOLFSSL_X509_NAME_ENTRY* ret; WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); @@ -17186,74 +17214,23 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - ret = XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY), NULL, DYNAMIC_TYPE_X509); - if (ret == NULL) { - return ret; - } - asnStr = XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL, - DYNAMIC_TYPE_X509); - if (asnStr == NULL) { - XFREE(ret, NULL, DYNAMIC_TYPE_X509); - ret = NULL; - } - - /* initialize both structures */ - XMEMSET(ret, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); - XMEMSET(asnStr, 0, sizeof(WOLFSSL_ASN1_STRING)); - /* common name index case */ if (loc == name->fullName.cnIdx) { - length = name->fullName.cnLen; - data = name->fullName.fullName + loc; - type = ASN_COMMON_NAME; + /* get CN shortcut from x509 since it has null terminator */ + name->cnEntry.value.data = name->x509->subjectCN; + name->cnEntry.value.length = name->fullName.cnLen; + name->cnEntry.value.type = ASN_COMMON_NAME; + name->cnEntry.set = 1; + return &(name->cnEntry); } /* additionall cases to check for go here */ - - if (data == NULL) { - WOLFSSL_MSG("Index not found"); - XFREE(asnStr, NULL, DYNAMIC_TYPE_X509); - XFREE(ret, NULL, DYNAMIC_TYPE_X509); - ret = NULL; - } - else { - asnStr->data = XMALLOC(length + 1, NULL, DYNAMIC_TYPE_X509); - if (asnStr->data == NULL) { - XFREE(asnStr, NULL, DYNAMIC_TYPE_X509); - XFREE(ret, NULL, DYNAMIC_TYPE_X509); - ret = NULL; - } - - /* check bounds before copying from fullName */ - if (loc + length > maxLoc) { - XFREE(asnStr, NULL, DYNAMIC_TYPE_X509); - XFREE(ret, NULL, DYNAMIC_TYPE_X509); - ret = NULL; - } - - if (ret != NULL) { - XMEMCPY(asnStr->data, data, length); - asnStr->data[length] = 0; - asnStr->length = length; - asnStr->type = type; - asnStr->flags = 0; - - ret->object = NULL; - ret->value = asnStr; - ret->set = 1; - ret->size = asnStr->length + sizeof(WOLFSSL_ASN1_STRING) + - sizeof(WOLFSSL_X509_NAME_ENTRY); - } - } - + WOLFSSL_MSG("Entry not found or implemented"); (void)name; (void)loc; - (void)data; - (void)type; - (void)length; - return ret; + return NULL; } #ifndef NO_CERTS diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 507f152e1..77a070a0e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -45,6 +45,9 @@ #endif #ifndef NO_ASN #include + #ifdef OPENSSL_EXTRA + #include /* for asn1 string and bit struct */ + #endif #endif #ifndef NO_MD5 #include @@ -1898,6 +1901,9 @@ struct WOLFSSL_CTX { /* chain after self, in DER, with leading size for each cert */ DerBuffer* privateKey; WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ +#endif +#ifdef OPENSSL_EXTRA + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ #endif Suites* suites; /* make dynamic, user may not need/set */ void* heap; /* for user memory overrides */ @@ -2432,6 +2438,16 @@ typedef struct Arrays { #define MAX_DATE_SZ 32 #endif +#ifdef OPENSSL_EXTRA +struct WOLFSSL_X509_NAME_ENTRY { + WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ + WOLFSSL_ASN1_STRING value; + int set; + int size; +}; +#endif /* OPENSSL_EXTRA */ + + struct WOLFSSL_X509_NAME { char *name; char staticName[ASN_NAME_MAX]; @@ -2439,6 +2455,8 @@ struct WOLFSSL_X509_NAME { int sz; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) DecodedName fullName; + WOLFSSL_X509_NAME_ENTRY cnEntry; + WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ }; @@ -2717,6 +2735,11 @@ struct WOLFSSL { #ifdef KEEP_PEER_CERT WOLFSSL_X509 peerCert; /* X509 peer cert */ #endif +#ifdef OPENSSL_EXTRA + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. + points to ctx if not owned (owned + flag found in buffers.weOwnCert) */ +#endif #if defined(FORTRESS) || defined(HAVE_STUNNEL) void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 30e33fcea..ee45e6224 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1649,14 +1649,6 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA /*lighttp compatibility */ - -typedef struct WOLFSSL_X509_NAME_ENTRY { - WOLFSSL_ASN1_OBJECT* object; - WOLFSSL_ASN1_STRING* value; - int set; - int size; -} WOLFSSL_X509_NAME_ENTRY; - #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);