wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context.

Browse Source
This commit is contained in:
David Garske
2018-07-06 09:28:46 -07:00
parent 3cbcc872c1
commit 32f1b0a9c2
4 changed files with 63 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
src/internal.c
View File

@@ -8165,105 +8165,107 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
typedef struct wolfPkCbInfo {
WOLFSSL* ssl;
#ifdef HAVE_ECC #ifdef HAVE_ECC
struct { typedef struct wolfPkCbEccInfo {
WOLFSSL* ssl;
CallbackEccVerify pk; CallbackEccVerify pk;
void* ctx; void* ctx;
} ecc; } wolfPkCbEccInfo;
#endif
#ifndef NO_RSA
struct {
CallbackRsaVerify pk;
void* ctx;
} rsa;
#endif
} wolfPkCbInfo;
#ifdef HAVE_ECC
static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz,
const unsigned char* hash, unsigned int hashSz, const unsigned char* hash, unsigned int hashSz,
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
int* result, void* ctx) int* result, void* ctx)
{ {
int ret = NOT_COMPILED_IN; int ret = NOT_COMPILED_IN;
wolfPkCbInfo* info = (wolfPkCbInfo*)ctx; wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)ctx;
if (info && info->ecc.pk) { if (info && info->pk) {
ret = info->ecc.pk(info->ssl, sig, sigSz, hash, hashSz, ret = info->pk(info->ssl, sig, sigSz, hash, hashSz,
keyDer, keySz, result, info->ecc.ctx); keyDer, keySz, result, info->ctx);
} }
return ret; return ret;
} }
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
typedef struct wolfPkCbRsaInfo {
WOLFSSL* ssl;
CallbackRsaVerify pk;
void* ctx;
} wolfPkCbRsaInfo;
static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz,
unsigned char** out, const unsigned char* keyDer, unsigned int keySz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz,
void* ctx) void* ctx)
{ {
int ret = NOT_COMPILED_IN; int ret = NOT_COMPILED_IN;
wolfPkCbInfo* info = (wolfPkCbInfo*)ctx; wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)ctx;
if (info && info->rsa.pk) { if (info && info->pk) {
ret = info->rsa.pk(info->ssl, sig, sigSz, out, keyDer, keySz, ret = info->pk(info->ssl, sig, sigSz, out, keyDer, keySz,
info->rsa.ctx); info->ctx);
} }
return ret; return ret;
} }
#endif #endif
int InitSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx) int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
{ {
wolfPkCbInfo* info;
int setupPk = 0;
if (ssl == NULL || sigCtx == NULL) if (ssl == NULL || sigCtx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
/* only setup the verify callback if a PK is set */ /* only setup the verify callback if a PK is set */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->ctx->EccVerifyCb) if (ssl->ctx->EccVerifyCb) {
setupPk = 1; wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)XMALLOC(
#endif sizeof(wolfPkCbEccInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef NO_RSA
if (ssl->ctx->RsaVerifyCb)
setupPk = 1;
#endif
if (setupPk) {
info = (wolfPkCbInfo*)XMALLOC(sizeof(wolfPkCbInfo), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) { if (info == NULL) {
return MEMORY_E; return MEMORY_E;
} }
XMEMSET(info, 0, sizeof(wolfPkCbEccInfo));
XMEMSET(info, 0, sizeof(wolfPkCbInfo)); info->ssl = ssl;
sigCtx->pkCtx = info; info->pk = ssl->ctx->EccVerifyCb;
#ifdef HAVE_ECC info->ctx = ssl->EccVerifyCtx;
info->ecc.pk = ssl->ctx->EccVerifyCb;
info->ecc.ctx = ssl->EccVerifyCtx;
sigCtx->pkCbEcc = SigPkCbEccVerify; sigCtx->pkCbEcc = SigPkCbEccVerify;
sigCtx->pkCtxEcc = info;
}
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
info->rsa.pk = ssl->ctx->RsaVerifyCb; /* only setup the verify callback if a PK is set */
info->rsa.ctx = ssl->RsaVerifyCtx; if (ssl->ctx->RsaVerifyCb) {
sigCtx->pkCbRsa = SigPkCbRsaVerify; wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)XMALLOC(
#endif sizeof(wolfPkCbRsaInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
FreeSigPkCb(ssl, sigCtx);
return MEMORY_E;
} }
XMEMSET(info, 0, sizeof(wolfPkCbRsaInfo));
info->ssl = ssl;
info->pk = ssl->ctx->RsaVerifyCb;
info->ctx = ssl->RsaVerifyCtx;
sigCtx->pkCbRsa = SigPkCbRsaVerify;
sigCtx->pkCtxRsa = info;
}
#endif
return 0; return 0;
} }
void FreeSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx) void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
{ {
if (ssl == NULL || sigCtx == NULL) if (ssl == NULL || sigCtx == NULL)
return; return;
if (sigCtx->pkCtx) { #ifdef HAVE_ECC
XFREE(sigCtx->pkCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sigCtx->pkCtxEcc) {
sigCtx->pkCtx = NULL; XFREE(sigCtx->pkCtxEcc, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigCtx->pkCtxEcc = NULL;
} }
#endif
#ifndef NO_RSA
if (sigCtx->pkCtxRsa) {
XFREE(sigCtx->pkCtxRsa, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigCtx->pkCtxRsa = NULL;
}
#endif
} }
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */

4
wolfcrypt/src/asn.c
View File

@@ -5353,7 +5353,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
ret = sigCtx->pkCbRsa( ret = sigCtx->pkCbRsa(
sigCtx->plain, sigSz, &sigCtx->out, sigCtx->plain, sigSz, &sigCtx->out,
key, keySz, key, keySz,
sigCtx->pkCtx); sigCtx->pkCtxRsa);
} }
else else
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */
@@ -5373,7 +5373,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
sig, sigSz, sig, sigSz,
sigCtx->digest, sigCtx->digestSz, sigCtx->digest, sigCtx->digestSz,
key, keySz, &sigCtx->verify, key, keySz, &sigCtx->verify,
sigCtx->pkCtx); sigCtx->pkCtxEcc);
} }
else else
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */

4
wolfssl/internal.h
View File

@@ -1530,8 +1530,8 @@ WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
#ifndef NO_ASN #ifndef NO_ASN
WOLFSSL_LOCAL int InitSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx); WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
WOLFSSL_LOCAL void FreeSigPkCb(const WOLFSSL* ssl, SignatureCtx* sigCtx); WOLFSSL_LOCAL void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
#endif #endif
#endif #endif
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);

3
wolfssl/wolfcrypt/asn.h
View File

@@ -543,12 +543,13 @@ struct SignatureCtx {
#endif #endif
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
void* pkCtx;
#ifdef HAVE_ECC #ifdef HAVE_ECC
wc_CallbackEccVerify pkCbEcc; wc_CallbackEccVerify pkCbEcc;
void* pkCtxEcc;
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
wc_CallbackRsaVerify pkCbRsa; wc_CallbackRsaVerify pkCbRsa;
void* pkCtxRsa;
#endif #endif
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */
}; };