wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small.

Browse Source
This commit is contained in:
David Garske
2018-12-14 15:25:24 -08:00
parent b60918b8cd
commit 443dbf251b
2 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/internal.c
View File

@@ -8608,13 +8608,13 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
if (use_cb && ssl->verifyCallback) { if (use_cb && ssl->verifyCallback) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
WOLFSSL_X509_STORE_CTX* store; WOLFSSL_X509_STORE_CTX* store;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* x509; WOLFSSL_X509* x509;
#endif #endif
char* domain = NULL; char* domain = NULL;
#else #else
WOLFSSL_X509_STORE_CTX store[1]; WOLFSSL_X509_STORE_CTX store[1];
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509 x509[1]; WOLFSSL_X509 x509[1];
#endif #endif
char domain[ASN_NAME_MAX]; char domain[ASN_NAME_MAX];
@@ -8626,7 +8626,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
if (store == NULL) { if (store == NULL) {
return MEMORY_E; return MEMORY_E;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), ssl->heap, x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), ssl->heap,
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
if (x509 == NULL) { if (x509 == NULL) {
@@ -8637,7 +8637,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, DYNAMIC_TYPE_STRING); domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, DYNAMIC_TYPE_STRING);
if (domain == NULL) { if (domain == NULL) {
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509); XFREE(store, ssl->heap, DYNAMIC_TYPE_X509);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
#endif #endif
return MEMORY_E; return MEMORY_E;
@@ -8645,7 +8645,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif /* WOLFSSL_SMALL_STACK */ #endif /* WOLFSSL_SMALL_STACK */
XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX)); XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
#endif #endif
domain[0] = '\0'; domain[0] = '\0';
@@ -8678,11 +8678,14 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
store->store = &ssl->ctx->x509_store; store->store = &ssl->ctx->x509_store;
} }
#endif #endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef KEEP_PEER_CERT
if (args->certIdx == 0) { if (args->certIdx == 0) {
store->current_cert = &ssl->peerCert; /* use existing X509 */ store->current_cert = &ssl->peerCert; /* use existing X509 */
} }
else { else
#endif
{
InitX509(x509, 0, ssl->heap); InitX509(x509, 0, ssl->heap);
if (CopyDecodedToX509(x509, args->dCert) == 0) { if (CopyDecodedToX509(x509, args->dCert) == 0) {
store->current_cert = x509; store->current_cert = x509;
@@ -8708,7 +8711,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
/* mark as verify error */ /* mark as verify error */
args->verifyErr = 1; args->verifyErr = 1;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (args->certIdx > 0) if (args->certIdx > 0)
FreeX509(x509); FreeX509(x509);
#endif #endif
@@ -8727,7 +8730,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif /* SESSION_CERTS */ #endif /* SESSION_CERTS */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING); XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
#endif #endif
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE); XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);

4
wolfssl/test.h
View File

@@ -1559,7 +1559,7 @@ static int myVerifyFail = 0;
static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
{ {
char buffer[WOLFSSL_MAX_ERROR_SZ]; char buffer[WOLFSSL_MAX_ERROR_SZ];
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* peer; WOLFSSL_X509* peer;
#endif #endif
(void)preverify; (void)preverify;
@@ -1581,7 +1581,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
printf("In verification callback, error = %d, %s\n", store->error, printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL_ERR_error_string(store->error, buffer)); wolfSSL_ERR_error_string(store->error, buffer));
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
peer = store->current_cert; peer = store->current_cert;
if (peer) { if (peer) {
char* issuer = wolfSSL_X509_NAME_oneline( char* issuer = wolfSSL_X509_NAME_oneline(