From 7b44fbe2653bfb173c1c3a6fdde0e3845bd9d6bb Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 22 Feb 2019 09:23:06 +0900 Subject: [PATCH 1/4] OCSP, CRL request with "Cache-Control: no-cache" for proxy --- src/wolfio.c | 33 ++++++++++++++++++++++++++++----- wolfssl/wolfio.h | 2 +- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/src/wolfio.c b/src/wolfio.c index 122d65d18..6976b959a 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1142,9 +1142,9 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, const char* path, int pathLen, int reqSz, const char* contentType, - byte* buf, int bufSize) + const char* exHdrs, byte* buf, int bufSize) { - word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen; + word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, exHdrsLen, maxLen; char reqSzStr[6]; char* req = (char*)buf; const char* blankStr = " "; @@ -1152,9 +1152,10 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, const char* hostStr = "\r\nHost: "; const char* contentLenStr = "\r\nContent-Length: "; const char* contentTypeStr = "\r\nContent-Type: "; + const char *singleCrLfStr = "\r\n"; const char* doubleCrLfStr = "\r\n\r\n"; word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen, - contentTypeStrLen, doubleCrLfStrLen; + contentTypeStrLen, singleCrLfStrLen, doubleCrLfStrLen; reqTypeLen = (word32)XSTRLEN(reqType); domainNameLen = (word32)XSTRLEN(domainName); @@ -1166,6 +1167,15 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, hostStrLen = (word32)XSTRLEN(hostStr); contentLenStrLen = (word32)XSTRLEN(contentLenStr); contentTypeStrLen = (word32)XSTRLEN(contentTypeStr); + + if(exHdrs){ + singleCrLfStrLen = (word32)XSTRLEN(singleCrLfStr); + exHdrsLen = (word32)XSTRLEN(exHdrs); + } else { + singleCrLfStrLen = 0; + exHdrsLen = 0; + } + doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr); /* determine max length and check it */ @@ -1180,6 +1190,8 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, reqSzStrLen + contentTypeStrLen + contentTypeLen + + singleCrLfStrLen + + exHdrsLen + doubleCrLfStrLen + 1 /* null term */; if (maxLen > (word32)bufSize) @@ -1211,6 +1223,15 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, XSTRNCPY((char*)buf, contentType, bufSize); buf += contentTypeLen; bufSize -= contentTypeLen; } + if (exHdrsLen > 0) + { + XSTRNCPY((char *)buf, singleCrLfStr, bufSize); + buf += singleCrLfStrLen; + bufSize -= singleCrLfStrLen; + XSTRNCPY((char *)buf, exHdrs, bufSize); + buf += exHdrsLen; + bufSize -= exHdrsLen; + } XSTRNCPY((char*)buf, doubleCrLfStr, bufSize); buf += doubleCrLfStrLen; @@ -1228,8 +1249,9 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path, int ocspReqSz, byte* buf, int bufSize) { + const char *cacheCtl = "Cache-Control: no-cache"; return wolfIO_HttpBuildRequest("POST", domainName, path, (int)XSTRLEN(path), - ocspReqSz, "application/ocsp-request", buf, bufSize); + ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize); } /* return: >0 OCSP Response Size @@ -1341,7 +1363,8 @@ void EmbedOcspRespFree(void* ctx, byte *resp) int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz, const char* domainName, byte* buf, int bufSize) { - return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, 0, "", + const char *cacheCtl = "Cache-Control: no-cache"; + return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, cacheCtl, 0, "", buf, bufSize); } diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index a92f27d90..28c944950 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -392,7 +392,7 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, const char* path, int pathLen, int reqSz, - const char* contentType, unsigned char* buf, int bufSize); + const char* contentType, const char* exHdrs, unsigned char* buf, int bufSize); WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, int dynType, void* heap); From 2e41d25bca415c1cf2f1696584f502181f8e299e Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 28 Feb 2019 07:23:35 +0900 Subject: [PATCH 2/4] fix wolfIO_HttpBuildRequestCrl --- src/wolfio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wolfio.c b/src/wolfio.c index 6976b959a..50a51de5a 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1364,8 +1364,8 @@ int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz, const char* domainName, byte* buf, int bufSize) { const char *cacheCtl = "Cache-Control: no-cache"; - return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, cacheCtl, 0, "", - buf, bufSize); + return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, 0, "", + cacheCtl, buf, bufSize); } int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, byte* httpBuf, From 9e93bd1000188497d1c6fd7ba5bc6fceef80e952 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 28 Feb 2019 07:34:26 +0900 Subject: [PATCH 3/4] fix memory leak for multiple status --- src/ocsp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ocsp.c b/src/ocsp.c index 6afb8e458..76c47f186 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -341,6 +341,7 @@ static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz, } /* Replace existing certificate entry with updated */ + newStatus->next = status->next; XMEMCPY(status, newStatus, sizeof(CertStatus)); } else { From ea13e0482a173bf5f7f58b6084a7355e80da586b Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 9 Mar 2019 06:31:52 +0900 Subject: [PATCH 4/4] wolfIO_HttpBuildRequest_ex --- src/wolfio.c | 20 +++++++++++++------- wolfssl/wolfio.h | 5 ++++- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/wolfio.c b/src/wolfio.c index 50a51de5a..205043142 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1139,11 +1139,17 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, return result; } - -int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, - const char* path, int pathLen, int reqSz, const char* contentType, - const char* exHdrs, byte* buf, int bufSize) +int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName, + const char *path, int pathLen, int reqSz, const char *contentType, + byte *buf, int bufSize) { + return wolfIO_HttpBuildRequest_ex(reqType, domainName, path, pathLen, reqSz, contentType, "", buf, bufSize); +} + + int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName, + const char *path, int pathLen, int reqSz, const char *contentType, + const char *exHdrs, byte *buf, int bufSize) + { word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, exHdrsLen, maxLen; char reqSzStr[6]; char* req = (char*)buf; @@ -1152,7 +1158,7 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, const char* hostStr = "\r\nHost: "; const char* contentLenStr = "\r\nContent-Length: "; const char* contentTypeStr = "\r\nContent-Type: "; - const char *singleCrLfStr = "\r\n"; + const char* singleCrLfStr = "\r\n"; const char* doubleCrLfStr = "\r\n\r\n"; word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen, contentTypeStrLen, singleCrLfStrLen, doubleCrLfStrLen; @@ -1250,7 +1256,7 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path, int ocspReqSz, byte* buf, int bufSize) { const char *cacheCtl = "Cache-Control: no-cache"; - return wolfIO_HttpBuildRequest("POST", domainName, path, (int)XSTRLEN(path), + return wolfIO_HttpBuildRequest_ex("POST", domainName, path, (int)XSTRLEN(path), ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize); } @@ -1364,7 +1370,7 @@ int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz, const char* domainName, byte* buf, int bufSize) { const char *cacheCtl = "Cache-Control: no-cache"; - return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, 0, "", + return wolfIO_HttpBuildRequest_ex("GET", domainName, url, urlSz, 0, "", cacheCtl, buf, bufSize); } diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 28c944950..9cf8e18ab 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -392,7 +392,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, const char* path, int pathLen, int reqSz, - const char* contentType, const char* exHdrs, unsigned char* buf, int bufSize); + const char* contentType, unsigned char* buf, int bufSize); + WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType, + const char* domainName, const char* path, int pathLen, int reqSz, + const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize); WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, int dynType, void* heap);