forked from wolfSSL/wolfssl
persistant X509 struct with ssl session
This commit is contained in:
Jacob Barthelmeh
@@ -643,6 +643,11 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
FreeDer(&ctx->privateKey);
|
FreeDer(&ctx->privateKey);
|
||||||
FreeDer(&ctx->certificate);
|
FreeDer(&ctx->certificate);
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
if (ctx->ourCert) {
|
||||||
|
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
FreeDer(&ctx->certChain);
|
FreeDer(&ctx->certChain);
|
||||||
wolfSSL_CertManagerFree(ctx->cm);
|
wolfSSL_CertManagerFree(ctx->cm);
|
||||||
#endif
|
#endif
|
||||||
@@ -1692,6 +1697,8 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
|
|||||||
name->dynamicName = 0;
|
name->dynamicName = 0;
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
||||||
|
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
||||||
|
name->x509 = NULL;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -4846,6 +4853,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||||||
XMEMCPY(x509->issuer.fullName.fullName,
|
XMEMCPY(x509->issuer.fullName.fullName,
|
||||||
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
||||||
}
|
}
|
||||||
|
x509->issuer.x509 = x509;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||||
@@ -4861,6 +4869,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||||||
XMEMCPY(x509->subject.fullName.fullName,
|
XMEMCPY(x509->subject.fullName.fullName,
|
||||||
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
||||||
}
|
}
|
||||||
|
x509->subject.x509 = x509;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
||||||
|
|||||||
121
src/ssl.c
121
src/ssl.c
@@ -3469,13 +3469,33 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
/* Make sure previous is free'd */
|
/* Make sure previous is free'd */
|
||||||
if (ssl->buffers.weOwnCert) {
|
if (ssl->buffers.weOwnCert) {
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
if (ssl->ourCert) {
|
||||||
|
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
|
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
ssl->ourCert = wolfSSL_X509_d2i(NULL,
|
||||||
|
ssl->buffers.certificate->buffer,
|
||||||
|
ssl->buffers.certificate->length);
|
||||||
|
#endif
|
||||||
ssl->buffers.weOwnCert = 1;
|
ssl->buffers.weOwnCert = 1;
|
||||||
}
|
}
|
||||||
else if (ctx) {
|
else if (ctx) {
|
||||||
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
if (ctx->ourCert) {
|
||||||
|
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
XMEMCPY(&ctx->certificate, &der, sizeof(der));
|
XMEMCPY(&ctx->certificate, &der, sizeof(der));
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
ctx->ourCert = wolfSSL_X509_d2i(NULL,
|
||||||
|
ctx->certificate->buffer,
|
||||||
|
ctx->certificate->length);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (type == PRIVATEKEY_TYPE) {
|
else if (type == PRIVATEKEY_TYPE) {
|
||||||
@@ -8021,6 +8041,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
if (ssl->buffers.weOwnCert) {
|
if (ssl->buffers.weOwnCert) {
|
||||||
WOLFSSL_MSG("Unloading cert");
|
WOLFSSL_MSG("Unloading cert");
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
if (ssl->ourCert) {
|
||||||
|
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
ssl->buffers.weOwnCert = 0;
|
ssl->buffers.weOwnCert = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -10280,10 +10305,11 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY* in)
|
WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
|
||||||
|
WOLFSSL_X509_NAME_ENTRY* in)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
|
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
|
||||||
return in->value;
|
return &in->value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -10735,14 +10761,21 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
|
|||||||
#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
|
#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
|
||||||
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
DerBuffer* cert;
|
|
||||||
|
|
||||||
if (ssl == NULL) {
|
if (ssl == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
cert = ssl->buffers.certificate;
|
if (ssl->buffers.weOwnCert) {
|
||||||
return wolfSSL_X509_d2i(NULL, cert->buffer, cert->length);
|
return ssl->ourCert;
|
||||||
|
}
|
||||||
|
else { /* if cert not owned get parent ctx cert or return null */
|
||||||
|
if (ssl->ctx) {
|
||||||
|
return ssl->ctx->ourCert;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
#endif /* NO_CERTS */
|
#endif /* NO_CERTS */
|
||||||
@@ -17169,15 +17202,10 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
|
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
|
||||||
|
WOLFSSL_X509_NAME *name, int loc) {
|
||||||
|
|
||||||
int maxLoc = name->fullName.fullNameLen;
|
int maxLoc = name->fullName.fullNameLen;
|
||||||
char* data = NULL;
|
|
||||||
int length;
|
|
||||||
int type;
|
|
||||||
|
|
||||||
WOLFSSL_ASN1_STRING* asnStr;
|
|
||||||
WOLFSSL_X509_NAME_ENTRY* ret;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
|
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
|
||||||
|
|
||||||
@@ -17186,74 +17214,23 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY), NULL, DYNAMIC_TYPE_X509);
|
|
||||||
if (ret == NULL) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
asnStr = XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
|
|
||||||
DYNAMIC_TYPE_X509);
|
|
||||||
if (asnStr == NULL) {
|
|
||||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
ret = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* initialize both structures */
|
|
||||||
XMEMSET(ret, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
|
||||||
XMEMSET(asnStr, 0, sizeof(WOLFSSL_ASN1_STRING));
|
|
||||||
|
|
||||||
/* common name index case */
|
/* common name index case */
|
||||||
if (loc == name->fullName.cnIdx) {
|
if (loc == name->fullName.cnIdx) {
|
||||||
length = name->fullName.cnLen;
|
/* get CN shortcut from x509 since it has null terminator */
|
||||||
data = name->fullName.fullName + loc;
|
name->cnEntry.value.data = name->x509->subjectCN;
|
||||||
type = ASN_COMMON_NAME;
|
name->cnEntry.value.length = name->fullName.cnLen;
|
||||||
|
name->cnEntry.value.type = ASN_COMMON_NAME;
|
||||||
|
name->cnEntry.set = 1;
|
||||||
|
return &(name->cnEntry);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* additionall cases to check for go here */
|
/* additionall cases to check for go here */
|
||||||
|
|
||||||
|
WOLFSSL_MSG("Entry not found or implemented");
|
||||||
if (data == NULL) {
|
|
||||||
WOLFSSL_MSG("Index not found");
|
|
||||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
ret = NULL;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
asnStr->data = XMALLOC(length + 1, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
if (asnStr->data == NULL) {
|
|
||||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
ret = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check bounds before copying from fullName */
|
|
||||||
if (loc + length > maxLoc) {
|
|
||||||
XFREE(asnStr, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
XFREE(ret, NULL, DYNAMIC_TYPE_X509);
|
|
||||||
ret = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret != NULL) {
|
|
||||||
XMEMCPY(asnStr->data, data, length);
|
|
||||||
asnStr->data[length] = 0;
|
|
||||||
asnStr->length = length;
|
|
||||||
asnStr->type = type;
|
|
||||||
asnStr->flags = 0;
|
|
||||||
|
|
||||||
ret->object = NULL;
|
|
||||||
ret->value = asnStr;
|
|
||||||
ret->set = 1;
|
|
||||||
ret->size = asnStr->length + sizeof(WOLFSSL_ASN1_STRING) +
|
|
||||||
sizeof(WOLFSSL_X509_NAME_ENTRY);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
(void)name;
|
(void)name;
|
||||||
(void)loc;
|
(void)loc;
|
||||||
(void)data;
|
|
||||||
(void)type;
|
|
||||||
(void)length;
|
|
||||||
|
|
||||||
return ret;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
|
|||||||
@@ -45,6 +45,9 @@
|
|||||||
#endif
|
#endif
|
||||||
#ifndef NO_ASN
|
#ifndef NO_ASN
|
||||||
#include <wolfssl/wolfcrypt/asn.h>
|
#include <wolfssl/wolfcrypt/asn.h>
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
#include <wolfssl/openssl/asn1.h> /* for asn1 string and bit struct */
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
#include <wolfssl/wolfcrypt/md5.h>
|
#include <wolfssl/wolfcrypt/md5.h>
|
||||||
@@ -1898,6 +1901,9 @@ struct WOLFSSL_CTX {
|
|||||||
/* chain after self, in DER, with leading size for each cert */
|
/* chain after self, in DER, with leading size for each cert */
|
||||||
DerBuffer* privateKey;
|
DerBuffer* privateKey;
|
||||||
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
|
||||||
#endif
|
#endif
|
||||||
Suites* suites; /* make dynamic, user may not need/set */
|
Suites* suites; /* make dynamic, user may not need/set */
|
||||||
void* heap; /* for user memory overrides */
|
void* heap; /* for user memory overrides */
|
||||||
@@ -2432,6 +2438,16 @@ typedef struct Arrays {
|
|||||||
#define MAX_DATE_SZ 32
|
#define MAX_DATE_SZ 32
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
struct WOLFSSL_X509_NAME_ENTRY {
|
||||||
|
WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
|
||||||
|
WOLFSSL_ASN1_STRING value;
|
||||||
|
int set;
|
||||||
|
int size;
|
||||||
|
};
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
|
|
||||||
struct WOLFSSL_X509_NAME {
|
struct WOLFSSL_X509_NAME {
|
||||||
char *name;
|
char *name;
|
||||||
char staticName[ASN_NAME_MAX];
|
char staticName[ASN_NAME_MAX];
|
||||||
@@ -2439,6 +2455,8 @@ struct WOLFSSL_X509_NAME {
|
|||||||
int sz;
|
int sz;
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
|
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
|
||||||
DecodedName fullName;
|
DecodedName fullName;
|
||||||
|
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
||||||
|
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -2717,6 +2735,11 @@ struct WOLFSSL {
|
|||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
|
||||||
|
points to ctx if not owned (owned
|
||||||
|
flag found in buffers.weOwnCert) */
|
||||||
|
#endif
|
||||||
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
|
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
|
||||||
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
|
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1649,14 +1649,6 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
|
|||||||
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
|
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA /*lighttp compatibility */
|
#ifdef OPENSSL_EXTRA /*lighttp compatibility */
|
||||||
|
|
||||||
typedef struct WOLFSSL_X509_NAME_ENTRY {
|
|
||||||
WOLFSSL_ASN1_OBJECT* object;
|
|
||||||
WOLFSSL_ASN1_STRING* value;
|
|
||||||
int set;
|
|
||||||
int size;
|
|
||||||
} WOLFSSL_X509_NAME_ENTRY;
|
|
||||||
|
|
||||||
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
|
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
|
||||||
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
|
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
|
||||||
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
|
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
|
||||||
|
|||||||
Reference in New Issue
Block a user