diff --git a/src/internal.c b/src/internal.c index ef33f4f26..3fc707b3d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8165,105 +8165,107 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_PK_CALLBACKS - typedef struct wolfPkCbInfo { - WOLFSSL* ssl; - #ifdef HAVE_ECC - struct { - CallbackEccVerify pk; - void* ctx; - } ecc; - #endif - #ifndef NO_RSA - struct { - CallbackRsaVerify pk; - void* ctx; - } rsa; - #endif - } wolfPkCbInfo; - #ifdef HAVE_ECC + typedef struct wolfPkCbEccInfo { + WOLFSSL* ssl; + CallbackEccVerify pk; + void* ctx; + } wolfPkCbEccInfo; static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx) { int ret = NOT_COMPILED_IN; - wolfPkCbInfo* info = (wolfPkCbInfo*)ctx; + wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)ctx; - if (info && info->ecc.pk) { - ret = info->ecc.pk(info->ssl, sig, sigSz, hash, hashSz, - keyDer, keySz, result, info->ecc.ctx); + if (info && info->pk) { + ret = info->pk(info->ssl, sig, sigSz, hash, hashSz, + keyDer, keySz, result, info->ctx); } return ret; } #endif #ifndef NO_RSA + typedef struct wolfPkCbRsaInfo { + WOLFSSL* ssl; + CallbackRsaVerify pk; + void* ctx; + } wolfPkCbRsaInfo; static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx) { int ret = NOT_COMPILED_IN; - wolfPkCbInfo* info = (wolfPkCbInfo*)ctx; + wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)ctx; - if (info && info->rsa.pk) { - ret = info->rsa.pk(info->ssl, sig, sigSz, out, keyDer, keySz, - info->rsa.ctx); + if (info && info->pk) { + ret = info->pk(info->ssl, sig, sigSz, out, keyDer, keySz, + info->ctx); } return ret; } #endif -int InitSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx) +int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx) { - wolfPkCbInfo* info; - int setupPk = 0; - if (ssl == NULL || sigCtx == NULL) return BAD_FUNC_ARG; /* only setup the verify callback if a PK is set */ #ifdef HAVE_ECC - if (ssl->ctx->EccVerifyCb) - setupPk = 1; -#endif -#ifndef NO_RSA - if (ssl->ctx->RsaVerifyCb) - setupPk = 1; -#endif - - if (setupPk) { - info = (wolfPkCbInfo*)XMALLOC(sizeof(wolfPkCbInfo), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + if (ssl->ctx->EccVerifyCb) { + wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)XMALLOC( + sizeof(wolfPkCbEccInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { return MEMORY_E; } - - XMEMSET(info, 0, sizeof(wolfPkCbInfo)); - sigCtx->pkCtx = info; - #ifdef HAVE_ECC - info->ecc.pk = ssl->ctx->EccVerifyCb; - info->ecc.ctx = ssl->EccVerifyCtx; + XMEMSET(info, 0, sizeof(wolfPkCbEccInfo)); + info->ssl = ssl; + info->pk = ssl->ctx->EccVerifyCb; + info->ctx = ssl->EccVerifyCtx; sigCtx->pkCbEcc = SigPkCbEccVerify; - #endif - #ifndef NO_RSA - info->rsa.pk = ssl->ctx->RsaVerifyCb; - info->rsa.ctx = ssl->RsaVerifyCtx; - sigCtx->pkCbRsa = SigPkCbRsaVerify; - #endif + sigCtx->pkCtxEcc = info; } +#endif +#ifndef NO_RSA + /* only setup the verify callback if a PK is set */ + if (ssl->ctx->RsaVerifyCb) { + wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)XMALLOC( + sizeof(wolfPkCbRsaInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (info == NULL) { + FreeSigPkCb(ssl, sigCtx); + return MEMORY_E; + } + XMEMSET(info, 0, sizeof(wolfPkCbRsaInfo)); + info->ssl = ssl; + info->pk = ssl->ctx->RsaVerifyCb; + info->ctx = ssl->RsaVerifyCtx; + sigCtx->pkCbRsa = SigPkCbRsaVerify; + sigCtx->pkCtxRsa = info; + } +#endif return 0; } -void FreeSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx) +void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx) { if (ssl == NULL || sigCtx == NULL) return; - if (sigCtx->pkCtx) { - XFREE(sigCtx->pkCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - sigCtx->pkCtx = NULL; +#ifdef HAVE_ECC + if (sigCtx->pkCtxEcc) { + XFREE(sigCtx->pkCtxEcc, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + sigCtx->pkCtxEcc = NULL; } +#endif +#ifndef NO_RSA + if (sigCtx->pkCtxRsa) { + XFREE(sigCtx->pkCtxRsa, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + sigCtx->pkCtxRsa = NULL; + } +#endif } #endif /* HAVE_PK_CALLBACKS */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index aa6000720..76d05fc5a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5353,7 +5353,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, ret = sigCtx->pkCbRsa( sigCtx->plain, sigSz, &sigCtx->out, key, keySz, - sigCtx->pkCtx); + sigCtx->pkCtxRsa); } else #endif /* HAVE_PK_CALLBACKS */ @@ -5373,7 +5373,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sig, sigSz, sigCtx->digest, sigCtx->digestSz, key, keySz, &sigCtx->verify, - sigCtx->pkCtx); + sigCtx->pkCtxEcc); } else #endif /* HAVE_PK_CALLBACKS */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c4ac9f2c4..398028d3e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1530,8 +1530,8 @@ WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); #ifdef HAVE_PK_CALLBACKS WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); #ifndef NO_ASN - WOLFSSL_LOCAL int InitSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx); - WOLFSSL_LOCAL void FreeSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx); + WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); + WOLFSSL_LOCAL void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); #endif #endif WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 886c72e83..1a06a4fbe 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -543,12 +543,13 @@ struct SignatureCtx { #endif #ifdef HAVE_PK_CALLBACKS - void* pkCtx; #ifdef HAVE_ECC wc_CallbackEccVerify pkCbEcc; + void* pkCtxEcc; #endif #ifndef NO_RSA wc_CallbackRsaVerify pkCbRsa; + void* pkCtxRsa; #endif #endif /* HAVE_PK_CALLBACKS */ };