mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-01 19:54:40 +02:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into unitTest_api_dev
This commit is contained in:
jrblixt
47
src/ocsp.c
47
src/ocsp.c
@@ -244,6 +244,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* 0 on success */
|
||||||
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
||||||
buffer* responseBuffer)
|
buffer* responseBuffer)
|
||||||
{
|
{
|
||||||
@@ -251,10 +252,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
|||||||
CertStatus* status = NULL;
|
CertStatus* status = NULL;
|
||||||
byte* request = NULL;
|
byte* request = NULL;
|
||||||
int requestSz = 2048;
|
int requestSz = 2048;
|
||||||
|
int responseSz = 0;
|
||||||
byte* response = NULL;
|
byte* response = NULL;
|
||||||
const char* url = NULL;
|
const char* url = NULL;
|
||||||
int urlSz = 0;
|
int urlSz = 0;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
int validated = 0; /* ocsp validation flag */
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
CertStatus* newStatus;
|
CertStatus* newStatus;
|
||||||
@@ -319,32 +322,38 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
|
requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
|
||||||
|
if (requestSz > 0 && ocsp->cm->ocspIOCb) {
|
||||||
|
responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
|
||||||
|
request, requestSz, &response);
|
||||||
|
}
|
||||||
|
|
||||||
if (ocsp->cm->ocspIOCb)
|
if (responseSz >= 0 && response) {
|
||||||
ret = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
|
|
||||||
request, requestSz, &response);
|
|
||||||
|
|
||||||
if (ret >= 0 && response) {
|
|
||||||
XMEMSET(newStatus, 0, sizeof(CertStatus));
|
XMEMSET(newStatus, 0, sizeof(CertStatus));
|
||||||
|
|
||||||
InitOcspResponse(ocspResponse, newStatus, response, ret);
|
InitOcspResponse(ocspResponse, newStatus, response, responseSz);
|
||||||
OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap);
|
if (OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap) != 0) {
|
||||||
|
WOLFSSL_MSG("OcspResponseDecode failed");
|
||||||
if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
|
}
|
||||||
ret = OCSP_LOOKUP_FAIL;
|
else if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
|
||||||
|
WOLFSSL_MSG("OcspResponse status bad");
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
|
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
|
||||||
if (responseBuffer) {
|
if (responseBuffer) {
|
||||||
responseBuffer->buffer = (byte*)XMALLOC(ret, ocsp->cm->heap,
|
responseBuffer->buffer = (byte*)XMALLOC(responseSz,
|
||||||
DYNAMIC_TYPE_TMP_BUFFER);
|
ocsp->cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
if (responseBuffer->buffer) {
|
if (responseBuffer->buffer) {
|
||||||
responseBuffer->length = ret;
|
responseBuffer->length = responseSz;
|
||||||
XMEMCPY(responseBuffer->buffer, response, ret);
|
XMEMCPY(responseBuffer->buffer, response, responseSz);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* only way to get to good state */
|
||||||
ret = xstat2err(ocspResponse->status->status);
|
ret = xstat2err(ocspResponse->status->status);
|
||||||
|
if (ret == 0) {
|
||||||
|
validated = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if (wc_LockMutex(&ocsp->ocspLock) != 0)
|
if (wc_LockMutex(&ocsp->ocspLock) != 0)
|
||||||
ret = BAD_MUTEX_E;
|
ret = BAD_MUTEX_E;
|
||||||
@@ -386,12 +395,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
|||||||
wc_UnLockMutex(&ocsp->ocspLock);
|
wc_UnLockMutex(&ocsp->ocspLock);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = OCSP_LOOKUP_FAIL;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = OCSP_LOOKUP_FAIL;
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
@@ -401,6 +406,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
|||||||
if (response != NULL && ocsp->cm->ocspRespFreeCb)
|
if (response != NULL && ocsp->cm->ocspRespFreeCb)
|
||||||
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
|
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
|
||||||
|
|
||||||
|
if (ret == 0 && validated == 1) {
|
||||||
|
WOLFSSL_MSG("New OcspResponse validated");
|
||||||
|
} else {
|
||||||
|
ret = OCSP_LOOKUP_FAIL;
|
||||||
|
}
|
||||||
|
|
||||||
WOLFSSL_LEAVE("CheckOcspRequest", ret);
|
WOLFSSL_LEAVE("CheckOcspRequest", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -389,10 +389,19 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag)
|
|||||||
|
|
||||||
/* creating only IO buffers from memory passed in, max TLS is 16k */
|
/* creating only IO buffers from memory passed in, max TLS is 16k */
|
||||||
if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
|
if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
|
||||||
ava = sz % (memSz + padSz + WOLFMEM_IO_SZ);
|
if (ava < (memSz + padSz + WOLFMEM_IO_SZ)) {
|
||||||
|
return 0; /* not enough room for even one bucket */
|
||||||
|
}
|
||||||
|
|
||||||
|
ava = ava % (memSz + padSz + WOLFMEM_IO_SZ);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
int i, k;
|
int i, k;
|
||||||
|
|
||||||
|
if (ava < (bucketSz[0] + padSz + memSz)) {
|
||||||
|
return 0; /* not enough room for even one bucket */
|
||||||
|
}
|
||||||
|
|
||||||
while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) {
|
while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) {
|
||||||
/* start at largest and move to smaller buckets */
|
/* start at largest and move to smaller buckets */
|
||||||
for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
|
for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
|
||||||
|
|||||||
@@ -4338,6 +4338,9 @@ int memory_test(void)
|
|||||||
word32 size[] = { WOLFMEM_BUCKETS };
|
word32 size[] = { WOLFMEM_BUCKETS };
|
||||||
word32 dist[] = { WOLFMEM_DIST };
|
word32 dist[] = { WOLFMEM_DIST };
|
||||||
byte buffer[30000]; /* make large enough to involve many bucket sizes */
|
byte buffer[30000]; /* make large enough to involve many bucket sizes */
|
||||||
|
int pad = -(int)((wolfssl_word)&(buffer[0])) & (WOLFSSL_STATIC_ALIGN - 1);
|
||||||
|
/* pad to account for if head of buffer is not at set memory
|
||||||
|
* alignment when tests are ran */
|
||||||
|
|
||||||
/* check macro settings */
|
/* check macro settings */
|
||||||
if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
|
if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
|
||||||
@@ -4362,7 +4365,7 @@ int memory_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check that padding size returned is possible */
|
/* check that padding size returned is possible */
|
||||||
if (wolfSSL_MemoryPaddingSz() <= WOLFSSL_STATIC_ALIGN) {
|
if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
|
||||||
return -101; /* no room for wc_Memory struct */
|
return -101; /* no room for wc_Memory struct */
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4375,8 +4378,8 @@ int memory_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check function to return optimum buffer size (rounded down) */
|
/* check function to return optimum buffer size (rounded down) */
|
||||||
if ((ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL))
|
ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
|
||||||
% WOLFSSL_STATIC_ALIGN != 0) {
|
if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
|
||||||
return -104; /* not aligned! */
|
return -104; /* not aligned! */
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4393,21 +4396,22 @@ int memory_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = wolfSSL_MemoryPaddingSz();
|
ret = wolfSSL_MemoryPaddingSz();
|
||||||
|
ret += pad; /* add space that is going to be needed if buffer not aligned */
|
||||||
if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
|
if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
|
||||||
(ret + (int)size[0])) {
|
(ret + (int)size[0])) {
|
||||||
return -108; /* did not round down to nearest bucket value */
|
return -108; /* did not round down to nearest bucket value */
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
|
ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
|
||||||
if (ret < 0) {
|
if ((ret - pad) < 0) {
|
||||||
return -109;
|
return -109;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
|
if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
|
||||||
return -110; /* not even chunks of memory for IO size */
|
return -110; /* not even chunks of memory for IO size */
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret % WOLFSSL_STATIC_ALIGN) != 0) {
|
if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
|
||||||
return -111; /* memory not aligned */
|
return -111; /* memory not aligned */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user