wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1983 from dgarske/x509small_verifycb

Browse Source 
Include current cert as X509 in verify callback for small build
This commit is contained in:
toddouska
2018-12-18 15:40:00 -08:00
committed by GitHub
parent 58a2f518e8 443dbf251b
commit 4068975190
2 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/internal.c
View File

@@ -8610,13 +8610,13 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
if (use_cb && ssl->verifyCallback) { if (use_cb && ssl->verifyCallback) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
WOLFSSL_X509_STORE_CTX* store; WOLFSSL_X509_STORE_CTX* store;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* x509; WOLFSSL_X509* x509;
#endif #endif
char* domain = NULL; char* domain = NULL;
#else #else
WOLFSSL_X509_STORE_CTX store[1]; WOLFSSL_X509_STORE_CTX store[1];
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509 x509[1]; WOLFSSL_X509 x509[1];
#endif #endif
char domain[ASN_NAME_MAX]; char domain[ASN_NAME_MAX];
@@ -8628,7 +8628,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
if (store == NULL) { if (store == NULL) {
return MEMORY_E; return MEMORY_E;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), ssl->heap, x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), ssl->heap,
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
if (x509 == NULL) { if (x509 == NULL) {
@@ -8639,7 +8639,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, DYNAMIC_TYPE_STRING); domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, DYNAMIC_TYPE_STRING);
if (domain == NULL) { if (domain == NULL) {
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509); XFREE(store, ssl->heap, DYNAMIC_TYPE_X509);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
#endif #endif
return MEMORY_E; return MEMORY_E;
@@ -8647,7 +8647,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif /* WOLFSSL_SMALL_STACK */ #endif /* WOLFSSL_SMALL_STACK */
XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX)); XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
#endif #endif
domain[0] = '\0'; domain[0] = '\0';
@@ -8680,11 +8680,14 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
store->store = &ssl->ctx->x509_store; store->store = &ssl->ctx->x509_store;
} }
#endif #endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef KEEP_PEER_CERT
if (args->certIdx == 0) { if (args->certIdx == 0) {
store->current_cert = &ssl->peerCert; /* use existing X509 */ store->current_cert = &ssl->peerCert; /* use existing X509 */
} }
else { else
#endif
{
InitX509(x509, 0, ssl->heap); InitX509(x509, 0, ssl->heap);
if (CopyDecodedToX509(x509, args->dCert) == 0) { if (CopyDecodedToX509(x509, args->dCert) == 0) {
store->current_cert = x509; store->current_cert = x509;
@@ -8710,7 +8713,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
/* mark as verify error */ /* mark as verify error */
args->verifyErr = 1; args->verifyErr = 1;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (args->certIdx > 0) if (args->certIdx > 0)
FreeX509(x509); FreeX509(x509);
#endif #endif
@@ -8729,7 +8732,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif /* SESSION_CERTS */ #endif /* SESSION_CERTS */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING); XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
#endif #endif
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE); XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);

4
wolfssl/test.h
View File

@@ -1559,7 +1559,7 @@ static int myVerifyFail = 0;
static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
{ {
char buffer[WOLFSSL_MAX_ERROR_SZ]; char buffer[WOLFSSL_MAX_ERROR_SZ];
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* peer; WOLFSSL_X509* peer;
#endif #endif
(void)preverify; (void)preverify;
@@ -1581,7 +1581,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
printf("In verification callback, error = %d, %s\n", store->error, printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL_ERR_error_string(store->error, buffer)); wolfSSL_ERR_error_string(store->error, buffer));
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
peer = store->current_cert; peer = store->current_cert;
if (peer) { if (peer) {
char* issuer = wolfSSL_X509_NAME_oneline( char* issuer = wolfSSL_X509_NAME_oneline(