feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add heap hint support for a few of the x509 functions

Browse Source
This commit is contained in:
John Bland
2024-01-17 11:26:52 -05:00
parent 089468fbf1
commit d1a3646d5c
5 changed files with 49 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl.c
View File

@@ -18758,13 +18758,13 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
WOLFSSL_ENTER("wolfSSL_get_peer_certificate");
if (ssl != NULL) {
if (ssl->peerCert.issuer.sz)
ret = wolfSSL_X509_dup(&ssl->peerCert);
ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
#ifdef SESSION_CERTS
else if (ssl->session->chain.count > 0) {
if (DecodeToX509(&ssl->peerCert,
ssl->session->chain.certs[0].buffer,
ssl->session->chain.certs[0].length) == 0) {
ret = wolfSSL_X509_dup(&ssl->peerCert);
ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
}
}
#endif

28
src/ssl_certman.c
View File

@@ -42,33 +42,33 @@
* @return A TLS method on success.
* @return NULL when no TLS method built into wolfSSL.
*/
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
{
#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_client_method();
return wolfSSLv3_client_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_client_method();
return wolfTLSv1_client_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_client_method();
return wolfTLSv1_1_client_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_client_method();
return wolfTLSv1_2_client_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_client_method();
return wolfTLSv1_3_client_method_ex(heap);
#else
return NULL;
#endif
#elif !defined(NO_WOLFSSL_SERVER)
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_server_method();
return wolfSSLv3_server_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_server_method();
return wolfTLSv1_server_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_server_method();
return wolfTLSv1_1_server_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_server_method();
return wolfTLSv1_2_server_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_server_method();
return wolfTLSv1_3_server_method_ex(heap);
#else
return NULL;
#endif
@@ -513,8 +513,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
ret = WOLFSSL_FATAL_ERROR;
}
/* Allocate a temporary WOLFSSL_CTX to load with. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
== NULL)) {
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;
}
@@ -876,7 +876,7 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
ret = WOLFSSL_FATAL_ERROR;
}
/* Create temporary WOLFSSL_CTX. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method(cm->heap)))
== NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;

37
src/x509.c
View File

@@ -3593,7 +3593,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
}
static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
const byte* in, int len, int req)
const byte* in, int len, int req, void* heap)
{
WOLFSSL_X509 *newX509 = NULL;
int type = req ? CERTREQ_TYPE : CERT_TYPE;
@@ -3620,12 +3620,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
return NULL;
#endif
InitDecodedCert(cert, (byte*)in, len, NULL);
InitDecodedCert(cert, (byte*)in, len, heap);
#ifdef WOLFSSL_CERT_REQ
cert->isCSR = (byte)req;
#endif
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
newX509 = wolfSSL_X509_new();
newX509 = wolfSSL_X509_new_ex(heap);
if (newX509 != NULL) {
if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL_X509_free(newX509);
@@ -3659,16 +3659,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
return isCA;
}
WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
void* heap)
{
return d2i_X509orX509REQ(x509, in, len, 0, heap);
}
WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 0);
return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
}
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
const unsigned char* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 1);
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
}
#endif
@@ -5319,19 +5325,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
* fail
*/
WOLFSSL_X509* wolfSSL_X509_new(void)
WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
{
WOLFSSL_X509* x509;
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
DYNAMIC_TYPE_X509);
if (x509 != NULL) {
InitX509(x509, 1, NULL);
InitX509(x509, 1, heap);
}
return x509;
}
WOLFSSL_X509* wolfSSL_X509_new(void)
{
return wolfSSL_X509_new_ex(NULL);
}
WOLFSSL_ABI
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
{
@@ -13408,7 +13419,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(KEEP_PEER_CERT)
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap)
{
WOLFSSL_ENTER("wolfSSL_X509_dup");
@@ -13422,7 +13433,13 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
return NULL;
}
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
heap);
}
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
{
return wolfSSL_X509_dup_ex(x, NULL);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */

2
src/x509_str.c
View File

@@ -1035,7 +1035,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
return WOLFSSL_FAILURE;
/* tmp ctx for setting our cert manager */
ctx = wolfSSL_CTX_new(cm_pick_method());
ctx = wolfSSL_CTX_new(cm_pick_method(NULL));
if (ctx == NULL)
return WOLFSSL_FAILURE;

5
wolfssl/ssl.h
View File

@@ -1681,7 +1681,9 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509* x, void* heap);
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
@@ -2885,6 +2887,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
void* heap);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);