wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd!

Browse Source
This commit is contained in:
David Garske
2018-07-06 16:21:43 -07:00
parent 595beb3fec
commit 9c2a5d2906
3 changed files with 10 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
src/internal.c
View File

@@ -8166,42 +8166,32 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC #ifdef HAVE_ECC
typedef struct wolfPkCbEccInfo {
WOLFSSL* ssl;
CallbackEccVerify pk;
void* ctx;
} wolfPkCbEccInfo;
static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz,
const unsigned char* hash, unsigned int hashSz, const unsigned char* hash, unsigned int hashSz,
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
int* result, void* ctx) int* result, void* ctx)
{ {
int ret = NOT_COMPILED_IN; int ret = NOT_COMPILED_IN;
wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)ctx; WOLFSSL* ssl = (WOLFSSL*)ctx;
if (info && info->pk) { if (ssl && ssl->ctx->EccVerifyCb) {
ret = info->pk(info->ssl, sig, sigSz, hash, hashSz, ret = ssl->ctx->EccVerifyCb(ssl, sig, sigSz, hash, hashSz,
keyDer, keySz, result, info->ctx); keyDer, keySz, result, ssl->EccVerifyCtx);
} }
return ret; return ret;
} }
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
typedef struct wolfPkCbRsaInfo {
WOLFSSL* ssl;
CallbackRsaVerify pk;
void* ctx;
} wolfPkCbRsaInfo;
static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz,
unsigned char** out, const unsigned char* keyDer, unsigned int keySz, unsigned char** out, const unsigned char* keyDer, unsigned int keySz,
void* ctx) void* ctx)
{ {
int ret = NOT_COMPILED_IN; int ret = NOT_COMPILED_IN;
wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)ctx; WOLFSSL* ssl = (WOLFSSL*)ctx;
if (info && info->pk) { if (ssl && ssl->ctx->RsaVerifyCb) {
ret = info->pk(info->ssl, sig, sigSz, out, keyDer, keySz, ret = ssl->ctx->RsaVerifyCb(ssl, sig, sigSz, out, keyDer, keySz,
info->ctx); ssl->RsaVerifyCtx);
} }
return ret; return ret;
} }
@@ -8215,58 +8205,21 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
/* only setup the verify callback if a PK is set */ /* only setup the verify callback if a PK is set */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->ctx->EccVerifyCb) { if (ssl->ctx->EccVerifyCb) {
wolfPkCbEccInfo* info = (wolfPkCbEccInfo*)XMALLOC(
sizeof(wolfPkCbEccInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
return MEMORY_E;
}
XMEMSET(info, 0, sizeof(wolfPkCbEccInfo));
info->ssl = ssl;
info->pk = ssl->ctx->EccVerifyCb;
info->ctx = ssl->EccVerifyCtx;
sigCtx->pkCbEcc = SigPkCbEccVerify; sigCtx->pkCbEcc = SigPkCbEccVerify;
sigCtx->pkCtxEcc = info; sigCtx->pkCtxEcc = ssl;
} }
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
/* only setup the verify callback if a PK is set */ /* only setup the verify callback if a PK is set */
if (ssl->ctx->RsaVerifyCb) { if (ssl->ctx->RsaVerifyCb) {
wolfPkCbRsaInfo* info = (wolfPkCbRsaInfo*)XMALLOC(
sizeof(wolfPkCbRsaInfo), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
FreeSigPkCb(ssl, sigCtx);
return MEMORY_E;
}
XMEMSET(info, 0, sizeof(wolfPkCbRsaInfo));
info->ssl = ssl;
info->pk = ssl->ctx->RsaVerifyCb;
info->ctx = ssl->RsaVerifyCtx;
sigCtx->pkCbRsa = SigPkCbRsaVerify; sigCtx->pkCbRsa = SigPkCbRsaVerify;
sigCtx->pkCtxRsa = info; sigCtx->pkCtxRsa = ssl;
} }
#endif #endif
return 0; return 0;
} }
void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
{
if (ssl == NULL || sigCtx == NULL)
return;
#ifdef HAVE_ECC
if (sigCtx->pkCtxEcc) {
XFREE(sigCtx->pkCtxEcc, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigCtx->pkCtxEcc = NULL;
}
#endif
#ifndef NO_RSA
if (sigCtx->pkCtxRsa) {
XFREE(sigCtx->pkCtxRsa, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigCtx->pkCtxRsa = NULL;
}
#endif
}
#endif /* HAVE_PK_CALLBACKS */ #endif /* HAVE_PK_CALLBACKS */
@@ -8321,9 +8274,6 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
#endif #endif
if (args->dCert) { if (args->dCert) {
if (args->dCertInit) { if (args->dCertInit) {
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;
} }
@@ -8628,9 +8578,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* no trusted peer cert */ /* no trusted peer cert */
WOLFSSL_MSG("No matching trusted peer cert. " WOLFSSL_MSG("No matching trusted peer cert. "
"Checking CAs"); "Checking CAs");
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@@ -8641,9 +8588,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
haveTrustPeer = 1; haveTrustPeer = 1;
} else { } else {
WOLFSSL_MSG("Trusted peer cert did not match!"); WOLFSSL_MSG("Trusted peer cert did not match!");
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@@ -8695,9 +8639,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif #endif
if (!AlreadySigner(ssl->ctx->cm, subjectHash)) if (!AlreadySigner(ssl->ctx->cm, subjectHash))
args->untrustedDepth = 1; args->untrustedDepth = 1;
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;
} }
@@ -9109,9 +9050,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = 0; /* reset error */ ret = 0; /* reset error */
} }
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;
args->count--; args->count--;
@@ -9609,9 +9547,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break; break;
} }
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb(ssl, &args->dCert->sigCtx);
#endif
FreeDecodedCert(args->dCert); FreeDecodedCert(args->dCert);
args->dCertInit = 0; args->dCertInit = 0;

6
src/ssl.c
View File

@@ -6689,9 +6689,6 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
#endif #endif
if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb((WOLFSSL*)ssl, &der.sigCtx);
#endif
FreeDecodedCert(&der); FreeDecodedCert(&der);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -6699,9 +6696,6 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
size = ssl->buffers.key->length; size = ssl->buffers.key->length;
buff = ssl->buffers.key->buffer; buff = ssl->buffers.key->buffer;
ret = wc_CheckPrivateKey(buff, size, &der); ret = wc_CheckPrivateKey(buff, size, &der);
#ifdef HAVE_PK_CALLBACKS
FreeSigPkCb((WOLFSSL*)ssl, &der.sigCtx);
#endif
FreeDecodedCert(&der); FreeDecodedCert(&der);
return ret; return ret;
} }

1
wolfssl/internal.h
View File

@@ -1531,7 +1531,6 @@ WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
#ifndef NO_ASN #ifndef NO_ASN
WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
WOLFSSL_LOCAL void FreeSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
#endif #endif
#endif #endif
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);