forked from wolfSSL/wolfssl
add heap hint support for a few of the x509 functions
This commit is contained in:
John Bland
@@ -18758,13 +18758,13 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
|
|||||||
WOLFSSL_ENTER("wolfSSL_get_peer_certificate");
|
WOLFSSL_ENTER("wolfSSL_get_peer_certificate");
|
||||||
if (ssl != NULL) {
|
if (ssl != NULL) {
|
||||||
if (ssl->peerCert.issuer.sz)
|
if (ssl->peerCert.issuer.sz)
|
||||||
ret = wolfSSL_X509_dup(&ssl->peerCert);
|
ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
|
||||||
#ifdef SESSION_CERTS
|
#ifdef SESSION_CERTS
|
||||||
else if (ssl->session->chain.count > 0) {
|
else if (ssl->session->chain.count > 0) {
|
||||||
if (DecodeToX509(&ssl->peerCert,
|
if (DecodeToX509(&ssl->peerCert,
|
||||||
ssl->session->chain.certs[0].buffer,
|
ssl->session->chain.certs[0].buffer,
|
||||||
ssl->session->chain.certs[0].length) == 0) {
|
ssl->session->chain.certs[0].length) == 0) {
|
||||||
ret = wolfSSL_X509_dup(&ssl->peerCert);
|
ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -42,33 +42,33 @@
|
|||||||
* @return A TLS method on success.
|
* @return A TLS method on success.
|
||||||
* @return NULL when no TLS method built into wolfSSL.
|
* @return NULL when no TLS method built into wolfSSL.
|
||||||
*/
|
*/
|
||||||
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
|
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
|
||||||
{
|
{
|
||||||
#ifndef NO_WOLFSSL_CLIENT
|
#ifndef NO_WOLFSSL_CLIENT
|
||||||
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
|
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
|
||||||
return wolfSSLv3_client_method();
|
return wolfSSLv3_client_method_ex(heap);
|
||||||
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
|
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
|
||||||
return wolfTLSv1_client_method();
|
return wolfTLSv1_client_method_ex(heap);
|
||||||
#elif !defined(NO_OLD_TLS)
|
#elif !defined(NO_OLD_TLS)
|
||||||
return wolfTLSv1_1_client_method();
|
return wolfTLSv1_1_client_method_ex(heap);
|
||||||
#elif !defined(WOLFSSL_NO_TLS12)
|
#elif !defined(WOLFSSL_NO_TLS12)
|
||||||
return wolfTLSv1_2_client_method();
|
return wolfTLSv1_2_client_method_ex(heap);
|
||||||
#elif defined(WOLFSSL_TLS13)
|
#elif defined(WOLFSSL_TLS13)
|
||||||
return wolfTLSv1_3_client_method();
|
return wolfTLSv1_3_client_method_ex(heap);
|
||||||
#else
|
#else
|
||||||
return NULL;
|
return NULL;
|
||||||
#endif
|
#endif
|
||||||
#elif !defined(NO_WOLFSSL_SERVER)
|
#elif !defined(NO_WOLFSSL_SERVER)
|
||||||
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
|
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
|
||||||
return wolfSSLv3_server_method();
|
return wolfSSLv3_server_method_ex(heap);
|
||||||
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
|
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
|
||||||
return wolfTLSv1_server_method();
|
return wolfTLSv1_server_method_ex(heap);
|
||||||
#elif !defined(NO_OLD_TLS)
|
#elif !defined(NO_OLD_TLS)
|
||||||
return wolfTLSv1_1_server_method();
|
return wolfTLSv1_1_server_method_ex(heap);
|
||||||
#elif !defined(WOLFSSL_NO_TLS12)
|
#elif !defined(WOLFSSL_NO_TLS12)
|
||||||
return wolfTLSv1_2_server_method();
|
return wolfTLSv1_2_server_method_ex(heap);
|
||||||
#elif defined(WOLFSSL_TLS13)
|
#elif defined(WOLFSSL_TLS13)
|
||||||
return wolfTLSv1_3_server_method();
|
return wolfTLSv1_3_server_method_ex(heap);
|
||||||
#else
|
#else
|
||||||
return NULL;
|
return NULL;
|
||||||
#endif
|
#endif
|
||||||
@@ -513,8 +513,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
|
|||||||
ret = WOLFSSL_FATAL_ERROR;
|
ret = WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
/* Allocate a temporary WOLFSSL_CTX to load with. */
|
/* Allocate a temporary WOLFSSL_CTX to load with. */
|
||||||
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
|
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
|
||||||
== NULL)) {
|
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
|
||||||
WOLFSSL_MSG("CTX new failed");
|
WOLFSSL_MSG("CTX new failed");
|
||||||
ret = WOLFSSL_FATAL_ERROR;
|
ret = WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
@@ -876,7 +876,7 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
|
|||||||
ret = WOLFSSL_FATAL_ERROR;
|
ret = WOLFSSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
/* Create temporary WOLFSSL_CTX. */
|
/* Create temporary WOLFSSL_CTX. */
|
||||||
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
|
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method(cm->heap)))
|
||||||
== NULL)) {
|
== NULL)) {
|
||||||
WOLFSSL_MSG("CTX new failed");
|
WOLFSSL_MSG("CTX new failed");
|
||||||
ret = WOLFSSL_FATAL_ERROR;
|
ret = WOLFSSL_FATAL_ERROR;
|
||||||
|
|||||||
37
src/x509.c
37
src/x509.c
@@ -3593,7 +3593,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
|
static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
|
||||||
const byte* in, int len, int req)
|
const byte* in, int len, int req, void* heap)
|
||||||
{
|
{
|
||||||
WOLFSSL_X509 *newX509 = NULL;
|
WOLFSSL_X509 *newX509 = NULL;
|
||||||
int type = req ? CERTREQ_TYPE : CERT_TYPE;
|
int type = req ? CERTREQ_TYPE : CERT_TYPE;
|
||||||
@@ -3620,12 +3620,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
|
|||||||
return NULL;
|
return NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitDecodedCert(cert, (byte*)in, len, NULL);
|
InitDecodedCert(cert, (byte*)in, len, heap);
|
||||||
#ifdef WOLFSSL_CERT_REQ
|
#ifdef WOLFSSL_CERT_REQ
|
||||||
cert->isCSR = (byte)req;
|
cert->isCSR = (byte)req;
|
||||||
#endif
|
#endif
|
||||||
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
|
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
|
||||||
newX509 = wolfSSL_X509_new();
|
newX509 = wolfSSL_X509_new_ex(heap);
|
||||||
if (newX509 != NULL) {
|
if (newX509 != NULL) {
|
||||||
if (CopyDecodedToX509(newX509, cert) != 0) {
|
if (CopyDecodedToX509(newX509, cert) != 0) {
|
||||||
wolfSSL_X509_free(newX509);
|
wolfSSL_X509_free(newX509);
|
||||||
@@ -3659,16 +3659,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
|
|||||||
return isCA;
|
return isCA;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
|
||||||
|
void* heap)
|
||||||
|
{
|
||||||
|
return d2i_X509orX509REQ(x509, in, len, 0, heap);
|
||||||
|
}
|
||||||
|
|
||||||
WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
|
WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
|
||||||
{
|
{
|
||||||
return d2i_X509orX509REQ(x509, in, len, 0);
|
return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_CERT_REQ
|
#ifdef WOLFSSL_CERT_REQ
|
||||||
WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
|
WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
|
||||||
const unsigned char* in, int len)
|
const unsigned char* in, int len)
|
||||||
{
|
{
|
||||||
return d2i_X509orX509REQ(x509, in, len, 1);
|
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -5319,19 +5325,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
|
|||||||
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
|
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
|
||||||
* fail
|
* fail
|
||||||
*/
|
*/
|
||||||
WOLFSSL_X509* wolfSSL_X509_new(void)
|
WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
|
||||||
{
|
{
|
||||||
WOLFSSL_X509* x509;
|
WOLFSSL_X509* x509;
|
||||||
|
|
||||||
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
|
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
|
||||||
DYNAMIC_TYPE_X509);
|
DYNAMIC_TYPE_X509);
|
||||||
if (x509 != NULL) {
|
if (x509 != NULL) {
|
||||||
InitX509(x509, 1, NULL);
|
InitX509(x509, 1, heap);
|
||||||
}
|
}
|
||||||
|
|
||||||
return x509;
|
return x509;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WOLFSSL_X509* wolfSSL_X509_new(void)
|
||||||
|
{
|
||||||
|
return wolfSSL_X509_new_ex(NULL);
|
||||||
|
}
|
||||||
|
|
||||||
WOLFSSL_ABI
|
WOLFSSL_ABI
|
||||||
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
||||||
{
|
{
|
||||||
@@ -13408,7 +13419,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
|
|||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
|
||||||
defined(KEEP_PEER_CERT)
|
defined(KEEP_PEER_CERT)
|
||||||
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
|
WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_dup");
|
WOLFSSL_ENTER("wolfSSL_X509_dup");
|
||||||
|
|
||||||
@@ -13422,7 +13433,13 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
|
return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
|
||||||
|
heap);
|
||||||
|
}
|
||||||
|
|
||||||
|
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
|
||||||
|
{
|
||||||
|
return wolfSSL_X509_dup_ex(x, NULL);
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||||
|
|
||||||
|
|||||||
@@ -1035,7 +1035,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
/* tmp ctx for setting our cert manager */
|
/* tmp ctx for setting our cert manager */
|
||||||
ctx = wolfSSL_CTX_new(cm_pick_method());
|
ctx = wolfSSL_CTX_new(cm_pick_method(NULL));
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
|
|||||||
@@ -1681,7 +1681,9 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
|
|||||||
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
|
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
|
||||||
|
|
||||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
|
||||||
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
|
||||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
|
||||||
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509* x, void* heap);
|
||||||
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
|
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
|
||||||
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
|
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
|
||||||
WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
|
WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
|
||||||
@@ -2885,6 +2887,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
|
|||||||
const unsigned char** in, int len);
|
const unsigned char** in, int len);
|
||||||
WOLFSSL_API WOLFSSL_X509*
|
WOLFSSL_API WOLFSSL_X509*
|
||||||
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
|
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
|
||||||
|
WOLFSSL_API WOLFSSL_X509*
|
||||||
|
wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
|
||||||
|
void* heap);
|
||||||
#ifdef WOLFSSL_CERT_REQ
|
#ifdef WOLFSSL_CERT_REQ
|
||||||
WOLFSSL_API WOLFSSL_X509*
|
WOLFSSL_API WOLFSSL_X509*
|
||||||
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
|
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
|
||||||
|
|||||||
Reference in New Issue
Block a user