diff --git a/src/internal.c b/src/internal.c index 1475d1db4..0561c443f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3350,10 +3350,9 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) { int i; for (i = 0; i < MAX_NAME_ENTRIES; i++) { - /* free ASN1 string data */ - if (name->entry[i].set && name->entry[i].data.data != NULL) { + if (name->entry[i].set) { wolfSSL_ASN1_OBJECT_free(&name->entry[i].object); - XFREE(name->entry[i].data.data, heap, DYNAMIC_TYPE_OPENSSL); + wolfSSL_ASN1_STRING_free(name->entry[i].value); } } } diff --git a/src/ssl.c b/src/ssl.c index 4acabbaea..db270b7ba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -36348,7 +36348,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) void wolfSSL_cert_service(void) {} #endif -#ifdef OPENSSL_EXTRA +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) #ifndef NO_CERTS void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) { @@ -37850,7 +37851,8 @@ err: { WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_free"); if (ne != NULL) { - if (ne->value != NULL && ne->value != &(ne->data)) { + wolfSSL_ASN1_OBJECT_free(&ne->object); + if (ne->value != NULL) { wolfSSL_ASN1_STRING_free(ne->value); } XFREE(ne, NULL, DYNAMIC_TYPE_NAME_ENTRY); @@ -37866,7 +37868,6 @@ err: NULL, DYNAMIC_TYPE_NAME_ENTRY); if (ne != NULL) { XMEMSET(ne, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); - ne->value = &(ne->data); } return ne; @@ -38235,18 +38236,23 @@ err: objSz += SetLength(oidSz, objBuf + 1); XMEMCPY(objBuf + objSz, oid, oidSz); objSz += oidSz; - obj->objSz = objSz; - if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || + + if (obj->objSz == 0 || objSz != obj->objSz) { + obj->objSz = objSz; + if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || (obj->obj == NULL)) { - obj->obj = (byte*)XREALLOC((byte*)obj->obj, obj->objSz, NULL, - DYNAMIC_TYPE_ASN1); - if (obj->obj == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); - return NULL; + if (obj->obj != NULL) + XFREE((byte*)obj->obj, NULL, DYNAMIC_TYPE_ASN1); + obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) { + wolfSSL_ASN1_OBJECT_free(obj); + return NULL; + } + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; + } + else { + obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; } - obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; - } else { - obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; } XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); @@ -38361,7 +38367,7 @@ err: #endif return bufSz; } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name, @@ -47386,7 +47392,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, } #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) /* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep * copy. "to" is expected to be a fresh blank name, if not pointers could be * lost */ @@ -47407,6 +47414,7 @@ static int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, to->name = (char*)XMALLOC(from->sz, heap, DYNAMIC_TYPE_SUBJECT_CN); if (to->name == NULL) return WOLFSSL_FAILURE; + to->dynamicName = 1; } XMEMCPY(to->name, from->name, from->sz); to->sz = from->sz; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0e9cd2b06..954713439 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5043,7 +5043,8 @@ void FreeDecodedCert(DecodedCert* cert) XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); #endif /* WOLFSSL_SEP */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) if (cert->issuerName != NULL) wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName); if (cert->subjectName != NULL) @@ -5549,7 +5550,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) byte* hash; word32 idx, localIdx = 0; byte tag; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) WOLFSSL_X509_NAME* dName; int nid = NID_undef; #endif /* OPENSSL_EXTRA */ @@ -5609,7 +5611,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectRawLen = length - cert->srcIdx; } #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) dName = wolfSSL_X509_NAME_new(); if (dName == NULL) { return MEMORY_E; @@ -5631,7 +5634,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5639,7 +5643,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx); if (ret != 0) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ret; @@ -5647,7 +5652,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) /* make sure there is room for joint */ if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5661,7 +5667,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) id = joint[2]; if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen, maxIdx, 1) < 0) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5676,7 +5683,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) copy = WOLFSSL_COMMON_NAME; copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_commonName; #endif /* OPENSSL_EXTRA */ } @@ -5690,7 +5698,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectSNEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_surname; #endif /* OPENSSL_EXTRA */ } @@ -5704,7 +5714,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectCEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_countryName; #endif /* OPENSSL_EXTRA */ } @@ -5718,7 +5730,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectLEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_localityName; #endif /* OPENSSL_EXTRA */ } @@ -5732,7 +5746,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectSTEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_stateOrProvinceName; #endif /* OPENSSL_EXTRA */ } @@ -5746,7 +5762,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectOEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_organizationName; #endif /* OPENSSL_EXTRA */ } @@ -5760,7 +5778,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectOUEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_organizationalUnitName; #endif /* OPENSSL_EXTRA */ } @@ -5774,7 +5794,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectSNDEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_serialNumber; #endif /* OPENSSL_EXTRA */ } @@ -5789,7 +5811,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectBCEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_businessCategory; #endif /* OPENSSL_EXTRA */ } @@ -5808,7 +5831,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5825,7 +5849,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectJCEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_jurisdictionCountryName; #endif /* OPENSSL_EXTRA */ } @@ -5841,7 +5867,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectJSEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_jurisdictionStateOrProvinceName; #endif /* OPENSSL_EXTRA */ } @@ -5871,7 +5899,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx += oidSz + 1; if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) { - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5898,7 +5927,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectEmailLen = strLen; } #endif /* WOLFSSL_CERT_GEN */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_emailAddress; #endif /* OPENSSL_EXTRA */ #ifndef IGNORE_NAME_CONSTRAINTS @@ -5909,8 +5940,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->heap, DYNAMIC_TYPE_ALTNAME); if (emailName == NULL) { WOLFSSL_MSG("\tOut of Memory"); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return MEMORY_E; @@ -5921,8 +5953,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) if (emailName->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return MEMORY_E; @@ -5943,8 +5976,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) case ASN_USER_ID: copy = WOLFSSL_USER_ID; copyLen = sizeof(WOLFSSL_USER_ID) - 1; - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_userId; #endif /* OPENSSL_EXTRA */ break; @@ -5952,16 +5986,18 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) case ASN_DOMAIN_COMPONENT: copy = WOLFSSL_DOMAIN_COMPONENT; copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) nid = NID_domainComponent; #endif /* OPENSSL_EXTRA */ break; default: WOLFSSL_MSG("Unknown pilot attribute type"); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) wolfSSL_X509_NAME_free(dName); #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; @@ -5979,7 +6015,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); idx += strLen; } - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8, &cert->source[cert->srcIdx], strLen, -1, -1) != WOLFSSL_SUCCESS) { @@ -5992,7 +6029,8 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) full[idx++] = 0; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) if (nameType == ISSUER) { cert->issuerName = dName; } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d02deb24c..f60d408af 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3219,7 +3219,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, #include struct WOLFSSL_X509_NAME_ENTRY { WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ - WOLFSSL_ASN1_STRING data; WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ int nid; /* i.e. ASN_COMMON_NAME */ int set; @@ -3230,11 +3229,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name, const WOLFSSL_ASN1_OBJECT *obj, int idx); -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - enum { WOLFSSL_SYS_ACCEPT = 0, WOLFSSL_SYS_BIND, @@ -3306,7 +3302,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ -#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,