From 9bd40353c235611861c7576ea785cac899ad0c67 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 26 Feb 2019 10:06:53 -0800 Subject: [PATCH] 1. Rename the parameters cert and certSz on the function wolfSSL_UseTrustedCA() to certId and certIdSz. 2. Add better parameter checking to wolfSSL_UseTrustedCA() based on the ID type. --- src/ssl.c | 23 +++++++++++++++++++++-- wolfssl/ssl.h | 2 +- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index dc9bb37f8..bb8cdf5ae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1963,12 +1963,31 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, #ifdef HAVE_TRUSTED_CA WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type, - const byte* cert, word32 certSz) + const byte* certId, word32 certIdSz) { if (ssl == NULL) return BAD_FUNC_ARG; - return TLSX_UseTrustedCA(&ssl->extensions, type, cert, certSz, ssl->heap); + if (type == WOLFSSL_TRUSTED_CA_PRE_AGREED) { + if (certId != NULL || certIdSz != 0) + return BAD_FUNC_ARG; + } + else if (type == WOLFSSL_TRUSTED_CA_X509_NAME) { + if (certId == NULL || certIdSz == 0) + return BAD_FUNC_ARG; + } + #ifndef NO_SHA + else if (type == WOLFSSL_TRUSTED_CA_KEY_SHA1 || + type == WOLFSSL_TRUSTED_CA_CERT_SHA1) { + if (certId == NULL || certIdSz != SHA_DIGEST_SIZE) + return BAD_FUNC_ARG; + } + #endif + else + return BAD_FUNC_ARG; + + return TLSX_UseTrustedCA(&ssl->extensions, + type, certId, certIdSz, ssl->heap); } #endif /* HAVE_TRUSTED_CA */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 16baa6394..ec1a0bee0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2260,7 +2260,7 @@ enum { }; WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type, - const unsigned char* cert, unsigned int certSz); + const unsigned char* certId, unsigned int certIdSz); #endif /* HAVE_TRUSTED_CA */ /* Application-Layer Protocol Negotiation */