wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

X509_STORE_add_crl

Browse Source
This commit is contained in:
Takashi Kojo
2018-05-19 09:22:44 +09:00
parent 4efe8740ad
commit c275dfc5ab
5 changed files with 101 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/crl.c
View File

@@ -490,6 +490,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
} }
#if defined(OPENSSL_EXTRA) || defined(HAVE_CRL)
int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
{
CRL_Entry *crle;
WOLFSSL_CRL *crl;
WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
if (store == NULL || newcrl == NULL)
return BAD_FUNC_ARG;
crl = store->crl;
crle = newcrl->crlList;
if (wc_LockMutex(&crl->crlLock) != 0)
{
WOLFSSL_MSG("wc_LockMutex failed");
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;
newcrl->crlList = NULL;
wc_UnLockMutex(&crl->crlLock);
WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
}
#endif
#ifdef HAVE_CRL_MONITOR #ifdef HAVE_CRL_MONITOR

44
src/ssl.c
View File

@@ -17817,24 +17817,42 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
return result; return result;
} }
WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
{ {
WOLFSSL_X509_STORE* store = NULL; WOLFSSL_X509_STORE* store = NULL;
store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
DYNAMIC_TYPE_X509_STORE); DYNAMIC_TYPE_X509_STORE)) == NULL)
if (store != NULL) { goto err_exit;
store->cm = wolfSSL_CertManagerNew();
if (store->cm == NULL) { if((store->cm = wolfSSL_CertManagerNew()) == NULL)
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); goto err_exit;
store = NULL;
}
else
store->isDynamic = 1; store->isDynamic = 1;
}
#ifdef HAVE_CRL
store->crl = NULL;
if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL),
NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
goto err_exit;
if(InitCRL(store->crl, NULL) < 0)
goto err_exit;
#endif
return store; return store;
err_exit:
if(store == NULL)
return NULL;
if(store->cm != NULL)
wolfSSL_CertManagerFree(store->cm);
#ifdef HAVE_CRL
if(store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
wolfSSL_X509_STORE_free(store);
return NULL;
} }
@@ -17843,6 +17861,10 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
if (store != NULL && store->isDynamic) { if (store != NULL && store->isDynamic) {
if (store->cm != NULL) if (store->cm != NULL)
wolfSSL_CertManagerFree(store->cm); wolfSSL_CertManagerFree(store->cm);
#ifdef HAVE_CRL
if (store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
} }
} }

31
tests/api.c
View File

@@ -9855,7 +9855,8 @@ static int test_wc_RsaKeyToDer (void)
static int test_wc_RsaKeyToPublicDer (void) static int test_wc_RsaKeyToPublicDer (void)
{ {
int ret = 0; int ret = 0;
#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
RsaKey key; RsaKey key;
WC_RNG rng; WC_RNG rng;
byte* der; byte* der;
@@ -15985,6 +15986,33 @@ static void test_wolfSSL_CTX_set_srp_password(void)
/* && !NO_SHA256 && !WC_NO_RNG */ /* && !NO_SHA256 && !WC_NO_RNG */
} }
static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
X509_STORE *store;
X509_CRL *crl;
X509 *x509;
const char crl_pem[] = "./certs/crl/crl.pem";
const char svrCert[] = "./certs/server-cert.pem";
XFILE fp;
printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
X509_free(x509);
AssertNotNull(fp = XFOPEN(crl_pem, "rb"));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
XFCLOSE(fp);
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
X509_CRL_free(crl);
X509_STORE_free(store);
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_BN(void) static void test_wolfSSL_BN(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
@@ -18738,6 +18766,7 @@ void ApiTest(void)
test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_NID(); test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time(); test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_X509_STORE();
test_wolfSSL_BN(); test_wolfSSL_BN();
test_wolfSSL_PEM_read_bio(); test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO(); test_wolfSSL_BIO();

2
wolfssl/openssl/ssl.h
View File

@@ -322,6 +322,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
@@ -349,6 +350,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
#define X509_STORE_new wolfSSL_X509_STORE_new #define X509_STORE_new wolfSSL_X509_STORE_new
#define X509_STORE_free wolfSSL_X509_STORE_free
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup

4
wolfssl/ssl.h
View File

@@ -300,6 +300,9 @@ struct WOLFSSL_X509_STORE {
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
int isDynamic; int isDynamic;
#endif #endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl;
#endif
}; };
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@@ -2883,6 +2886,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);