mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
src/internal.c: in ProcessPeerCerts(), smallstack refactor of a span gated on HAVE_CERTIFICATE_STATUS_REQUEST_V2, to get DecodedCert off the stack.
This commit is contained in:
Daniel Pouzzner
@ -14955,44 +14955,65 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||||
if (ret == 0 && addToPendingCAs && !alreadySigner) {
|
if (ret == 0 && addToPendingCAs && !alreadySigner) {
|
||||||
DecodedCert dCertAdd;
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
DerBuffer *derBuffer;
|
DecodedCert *dCertAdd = NULL;
|
||||||
|
#else
|
||||||
|
DecodedCert dCertAdd[1];
|
||||||
|
#endif
|
||||||
|
int dCertAdd_inited = 0;
|
||||||
|
DerBuffer *derBuffer = NULL;
|
||||||
buffer* cert = &args->certs[args->certIdx];
|
buffer* cert = &args->certs[args->certIdx];
|
||||||
Signer *s;
|
Signer *s = NULL;
|
||||||
InitDecodedCert(&dCertAdd, cert->buffer, cert->length, ssl->heap);
|
|
||||||
ret = ParseCert(&dCertAdd, CA_TYPE, NO_VERIFY, SSL_CM(ssl));
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
dCertAdd = (DecodedCert *)
|
||||||
|
XMALLOC(sizeof(*dCertAdd), ssl->heap,
|
||||||
|
DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (dCertAdd == NULL) {
|
||||||
|
ret = MEMORY_E;
|
||||||
|
goto exit_req_v2;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
InitDecodedCert(dCertAdd, cert->buffer, cert->length,
|
||||||
|
ssl->heap);
|
||||||
|
dCertAdd_inited = 1;
|
||||||
|
ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY,
|
||||||
|
SSL_CM(ssl));
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
FreeDecodedCert(&dCertAdd);
|
goto exit_req_v2;
|
||||||
goto exit_ppc;
|
|
||||||
}
|
}
|
||||||
ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
|
ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
|
||||||
if (ret != 0 || derBuffer == NULL) {
|
if (ret != 0 || derBuffer == NULL) {
|
||||||
FreeDecodedCert(&dCertAdd);
|
goto exit_req_v2;
|
||||||
goto exit_ppc;
|
|
||||||
}
|
}
|
||||||
XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
|
XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
|
||||||
s = MakeSigner(SSL_CM(ssl)->heap);
|
s = MakeSigner(SSL_CM(ssl)->heap);
|
||||||
if (s == NULL) {
|
if (s == NULL) {
|
||||||
FreeDecodedCert(&dCertAdd);
|
|
||||||
FreeDer(&derBuffer);
|
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
goto exit_ppc;
|
goto exit_req_v2;
|
||||||
}
|
}
|
||||||
ret = FillSigner(s, &dCertAdd, CA_TYPE, derBuffer);
|
ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer);
|
||||||
FreeDecodedCert(&dCertAdd);
|
|
||||||
FreeDer(&derBuffer);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
FreeSigner(s, SSL_CM(ssl)->heap);
|
goto exit_req_v2;
|
||||||
goto exit_ppc;
|
|
||||||
}
|
}
|
||||||
skipAddCA = 1;
|
skipAddCA = 1;
|
||||||
ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
|
ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
|
||||||
if (ret != 0) {
|
|
||||||
FreeSigner(s, ssl->heap);
|
exit_req_v2:
|
||||||
goto exit_ppc;
|
if (s && (ret != 0))
|
||||||
}
|
FreeSigner(s, SSL_CM(ssl)->heap);
|
||||||
}
|
if (derBuffer)
|
||||||
|
FreeDer(&derBuffer);
|
||||||
|
if (dCertAdd_inited)
|
||||||
|
FreeDecodedCert(dCertAdd);
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
if (dCertAdd)
|
||||||
|
XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
#endif
|
#endif
|
||||||
|
if (ret != 0)
|
||||||
|
goto exit_ppc;
|
||||||
|
}
|
||||||
|
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
|
||||||
|
|
||||||
/* If valid CA then add to Certificate Manager */
|
/* If valid CA then add to Certificate Manager */
|
||||||
if (ret == 0 && args->dCert->isCA &&
|
if (ret == 0 && args->dCert->isCA &&
|
||||||
|
|||||||
Reference in New Issue
Block a user