wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 00:19:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2557 from tmael/cert_store_ls_x509

Browse Source 
Retrieve a stack of X509 certs
This commit is contained in:
toddouska
2019-11-26 15:16:09 -08:00
committed by GitHub
parent edb07cf68e 8bc3b7df35
commit 9ecafa7afe
5 changed files with 300 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/internal.c
View File

@@ -9506,6 +9506,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
}
#if defined(OPENSSL_EXTRA)
store->depth = args->count;
store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
ssl->heap, DYNAMIC_TYPE_OPENSSL);

225
src/ssl.c
View File

@@ -3472,6 +3472,204 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
}
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
#if defined(WOLFSSL_SIGNER_DER_CERT)
/******************************************************************************
* wolfSSL_CertManagerGetCerts - retrieve stack of X509 certificates in a
* certificate manager (CM).
*
* RETURNS:
* returns stack of X509 certs on success, otherwise returns a NULL.
*/
WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_STACK* sk = NULL;
Signer* signers = NULL;
word32 row = 0;
DecodedCert* dCert = NULL;
WOLFSSL_X509* x509 = NULL;
int found = 0;
if (cm == NULL)
return NULL;
sk = wolfSSL_sk_X509_new();
if (sk == NULL) {
return NULL;
}
if (wc_LockMutex(&cm->caLock) != 0) {
goto error_init;
}
for (row = 0; row < CA_TABLE_SIZE; row++) {
signers = cm->caTable[row];
while (signers && signers->derCert && signers->derCert->buffer) {
dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
DYNAMIC_TYPE_DCERT);
if (dCert == NULL) {
goto error;
}
XMEMSET(dCert, 0, sizeof(DecodedCert));
InitDecodedCert(dCert, signers->derCert->buffer,
signers->derCert->length, cm->heap);
/* Parse Certificate */
if (ParseCert(dCert, CERT_TYPE, NO_VERIFY, cm)) {
goto error;
}
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), cm->heap,
DYNAMIC_TYPE_X509);
if (x509 == NULL) {
goto error;
}
InitX509(x509, 1, NULL);
if (CopyDecodedToX509(x509, dCert) == 0) {
if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
WOLFSSL_MSG("Unable to load x509 into stack");
FreeX509(x509);
XFREE(x509, cm->heap, DYNAMIC_TYPE_X509);
goto error;
}
}
else {
goto error;
}
found = 1;
signers = signers->next;
FreeDecodedCert(dCert);
XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
dCert = NULL;
}
}
wc_UnLockMutex(&cm->caLock);
if (!found) {
goto error_init;
}
return sk;
error:
wc_UnLockMutex(&cm->caLock);
error_init:
if (dCert) {
FreeDecodedCert(dCert);
XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
}
if (sk)
wolfSSL_sk_X509_free(sk);
return NULL;
}
#endif /* WOLFSSL_SIGNER_DER_CERT */
/******************************************************************************
* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
*
* This API can be used in SSL verify callback function to view cert chain
* See examples/client/client.c and myVerify() function in test.h
*
* RETURNS:
* returns stack of X509 certs on success, otherwise returns a NULL.
*/
WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
{
int certIdx = 0;
WOLFSSL_BUFFER_INFO* cert = NULL;
DecodedCert* dCert = NULL;
WOLFSSL_X509* x509 = NULL;
WOLFSSL_STACK* sk = NULL;
int found = 0;
if (s == NULL) {
return NULL;
}
sk = wolfSSL_sk_X509_new();
if (sk == NULL) {
return NULL;
}
for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
/* get certificate buffer */
cert = &s->certs[certIdx];
if (cert == NULL)
break;
dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (dCert == NULL) {
goto error;
}
XMEMSET(dCert, 0, sizeof(DecodedCert));
InitDecodedCert(dCert, cert->buffer, cert->length, NULL);
/* Parse Certificate */
if (ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL)){
goto error;
}
x509 = wolfSSL_X509_new();
if (x509 == NULL) {
goto error;
}
InitX509(x509, 1, NULL);
if (CopyDecodedToX509(x509, dCert) == 0) {
if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL_X509_free(x509);
goto error;
}
}
else {
goto error;
}
found = 1;
FreeDecodedCert(dCert);
XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
dCert = NULL;
}
if (!found) {
wolfSSL_sk_X509_free(sk);
sk = NULL;
}
return sk;
error:
if (dCert) {
FreeDecodedCert(dCert);
XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
}
if (sk)
wolfSSL_sk_X509_free(sk);
return NULL;
}
#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
/* Unload the CA signer list */
int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
@@ -14315,10 +14513,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
}
#ifndef NO_CERTS
WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
{
if (ctx == NULL) {
@@ -38781,15 +38977,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
return ret;
}
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
if (s == NULL)
return -1;
return (int)s->num;
}
#if defined(OPENSSL_ALL)
WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void)
{
@@ -39574,6 +39761,16 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a)
#if defined(OPENSSL_EXTRA)
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
if (s == NULL)
return -1;
return (int)s->num;
}
unsigned long wolfSSL_ERR_peek_last_error(void)
{
WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
@@ -44262,9 +44459,9 @@ error:
}
return WOLFSSL_FAILURE;
}
#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */
#endif /* OPENSSL_ALL && HAVE_PKCS7 */
#ifdef OPENSSL_ALL
#if defined(OPENSSL_EXTRA)
WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
{
WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,