feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

return code of sk num, X509 store peer chain, and get text by NID fix

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-06-21 10:15:48 -06:00
parent 19244fc0c9
commit a643ae1907
4 changed files with 54 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/internal.c
View File

@@ -8374,6 +8374,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(OPENSSL_EXTRA) #if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(OPENSSL_EXTRA)
if (ssl->verifyCallback) { if (ssl->verifyCallback) {
int ok; int ok;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC( WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap, sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,
@@ -8410,6 +8411,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (CopyDecodedToX509(x509, args->dCert) == 0) { if (CopyDecodedToX509(x509, args->dCert) == 0) {
store->current_cert = x509; store->current_cert = x509;
} }
#endif
#ifdef SESSION_CERTS
store->sesChain = &(ssl->session.chain);
#endif #endif
store->ex_data = ssl; store->ex_data = ssl;
@@ -8423,6 +8427,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifndef NO_CERTS #ifndef NO_CERTS
FreeX509(x509); FreeX509(x509);
#endif #endif
#ifdef SESSION_CERTS
wolfSSL_sk_X509_free(store->chain);
store->chain = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
@@ -8957,6 +8965,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* KEEP_PEER_CERT */ #endif /* KEEP_PEER_CERT */
#if defined(HAVE_EX_DATA) || defined(HAVE_FORTRESS) #if defined(HAVE_EX_DATA) || defined(HAVE_FORTRESS)
store->ex_data = ssl; store->ex_data = ssl;
#endif
#ifdef SESSION_CERTS
store->sesChain = &(ssl->session.chain);
#endif #endif
ok = ssl->verifyCallback(0, store); ok = ssl->verifyCallback(0, store);
if (ok) { if (ok) {
@@ -9003,6 +9014,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
store->current_cert = NULL; store->current_cert = NULL;
#endif #endif
store->ex_data = ssl; store->ex_data = ssl;
#ifdef SESSION_CERTS
store->sesChain = &(ssl->session.chain);
#endif
ok = ssl->verifyCallback(1, store); ok = ssl->verifyCallback(1, store);
if (!ok) { if (!ok) {
@@ -9038,6 +9052,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->idx += ssl->keys.padSz; args->idx += ssl->keys.padSz;
} }
#ifdef SESSION_CERTS
wolfSSL_sk_X509_free(store->chain);
store->chain = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE); XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
#endif #endif

36
src/ssl.c
View File

@@ -16342,14 +16342,14 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int i)
* *
* sk stack to get the number of nodes from * sk stack to get the number of nodes from
* *
* returns the number of nodes * returns the number of nodes, -1 if no nodes
*/ */
int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
{ {
WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num");
if (sk == NULL) { if (sk == NULL) {
return 0; return -1;
} }
return (int)sk->num; return (int)sk->num;
@@ -18209,6 +18209,38 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
return NULL; return NULL;
} }
#ifdef SESSION_CERTS
/* if chain is null but sesChain is available then populate stack */
if (ctx->chain == NULL && ctx->sesChain != NULL) {
int i;
WOLFSSL_X509_CHAIN* c = ctx->sesChain;
WOLFSSL_STACK* sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),
NULL, DYNAMIC_TYPE_X509);
if (sk == NULL) {
return NULL;
}
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
ctx->chain = sk;
for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
if (x509 == NULL) {
WOLFSSL_MSG("Unable to get x509 from chain");
wolfSSL_sk_X509_free(sk);
return NULL;
}
if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL_sk_X509_free(sk);
return NULL;
}
}
}
#endif /* SESSION_CERTS */
return ctx->chain; return ctx->chain;
} }

2
tests/api.c
View File

@@ -15900,7 +15900,7 @@ static void test_wolfSSL_sk_GENERAL_NAME(void)
/* current cert has no alt names */ /* current cert has no alt names */
AssertNull(sk = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL)); AssertNull(sk = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL));
AssertIntEQ(sk_GENERAL_NAME_num(sk), 0); AssertIntEQ(sk_GENERAL_NAME_num(sk), -1);
#if 0 #if 0
for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i); GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i);

1
wolfssl/ssl.h
View File

@@ -334,6 +334,7 @@ typedef struct WOLFSSL_BUFFER_INFO {
typedef struct WOLFSSL_X509_STORE_CTX { typedef struct WOLFSSL_X509_STORE_CTX {
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* stunnel dereference */ WOLFSSL_X509* current_cert; /* stunnel dereference */
WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
WOLFSSL_STACK* chain; WOLFSSL_STACK* chain;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */