wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

only process chain on cert_chain calls

Browse Source
This commit is contained in:
Todd A Ouska
2011-05-09 13:42:48 -07:00
parent c0d15f1245
commit cfd1946bbf
1 changed files with 30 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/ssl.c
View File

@@ -635,8 +635,12 @@ int AddCA(SSL_CTX* ctx, buffer der)
} }
/* process the buffer buff, legnth sz, into ctx of format and type
used tracks bytes consumed, userChain specifies a user cert chain
to pass during the handshake */
static int ProcessBuffer(SSL_CTX* ctx, const unsigned char* buff, static int ProcessBuffer(SSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, SSL* ssl, long* used) long sz, int format, int type, SSL* ssl,
long* used, int userChain)
{ {
EncryptedInfo info; EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */ buffer der; /* holds DER or RAW (for NTRU) */
@@ -670,8 +674,8 @@ int AddCA(SSL_CTX* ctx, buffer der)
} }
if (used) if (used)
*used = info.consumed; *used = info.consumed;
/* we may have a cert chain */ /* we may have a user cert chain, try to consume */
if (type == CERT_TYPE && info.consumed < sz) { if (userChain && type == CERT_TYPE && info.consumed < sz) {
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
byte* chainBuffer = staticBuffer; byte* chainBuffer = staticBuffer;
int dynamicBuffer = 0; int dynamicBuffer = 0;
@@ -912,7 +916,7 @@ int AddCA(SSL_CTX* ctx, buffer der)
#endif #endif
/* CA PEM file, may have multiple/chain certs to process */ /* CA PEM file for verification, may have multiple/chain certs to process */
static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff, static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, SSL* ssl) long sz, int format, int type, SSL* ssl)
{ {
@@ -925,7 +929,7 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
long left; long left;
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
&consumed); &consumed, 0);
if (ret < 0) if (ret < 0)
break; break;
@@ -942,8 +946,10 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
} }
/* process a file with name fname into ctx of format and type
userChain specifies a user certificate chain to pass during handshake */
static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type, static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type,
SSL* ssl) SSL* ssl, int userChain)
{ {
byte staticBuffer[FILE_BUFFER_SIZE]; byte staticBuffer[FILE_BUFFER_SIZE];
byte* buffer = staticBuffer; byte* buffer = staticBuffer;
@@ -973,7 +979,8 @@ static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type,
if (type == CA_TYPE && format == SSL_FILETYPE_PEM) if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
ret = ProcessChainBuffer(ctx, buffer, sz, format, type, ssl); ret = ProcessChainBuffer(ctx, buffer, sz, format, type, ssl);
else else
ret = ProcessBuffer(ctx, buffer, sz, format, type, ssl, NULL); ret = ProcessBuffer(ctx, buffer, sz, format, type, ssl, NULL,
userChain);
} }
XFCLOSE(file); XFCLOSE(file);
@@ -990,7 +997,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
CYASSL_ENTER("SSL_CTX_load_verify_locations"); CYASSL_ENTER("SSL_CTX_load_verify_locations");
(void)path; (void)path;
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE,NULL,0) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -1003,7 +1010,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
int CyaSSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, int format) int CyaSSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, int format)
{ {
CYASSL_ENTER("CyaSSL_CTX_load_verify_locations"); CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
if (ProcessFile(ctx, file, format, CA_TYPE, NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -1072,7 +1079,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format) int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
{ {
CYASSL_ENTER("SSL_CTX_use_certificate_file"); CYASSL_ENTER("SSL_CTX_use_certificate_file");
if (ProcessFile(ctx, file, format, CERT_TYPE, NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -1082,7 +1089,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format) int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format)
{ {
CYASSL_ENTER("SSL_CTX_use_PrivateKey_file"); CYASSL_ENTER("SSL_CTX_use_PrivateKey_file");
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -1093,7 +1100,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
{ {
/* procces up to MAX_CHAIN_DEPTH plus subject cert */ /* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("SSL_CTX_use_certificate_chain_file"); CYASSL_ENTER("SSL_CTX_use_certificate_chain_file");
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -1105,7 +1112,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file) int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file)
{ {
CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL) if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0)
== SSL_SUCCESS) { == SSL_SUCCESS) {
ctx->haveNTRU = 1; ctx->haveNTRU = 1;
return SSL_SUCCESS; return SSL_SUCCESS;
@@ -1123,7 +1130,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file)
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX* ctx,const char* file,int format) int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX* ctx,const char* file,int format)
{ {
CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file"); CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE,NULL) == SSL_SUCCESS) if (ProcessFile(ctx, file,format,PRIVATEKEY_TYPE,NULL,0) == SSL_SUCCESS)
return SSL_SUCCESS; return SSL_SUCCESS;
return SSL_FAILURE; return SSL_FAILURE;
@@ -2225,7 +2232,7 @@ int CyaSSL_set_compression(SSL* ssl)
if (format == SSL_FILETYPE_PEM) if (format == SSL_FILETYPE_PEM)
return ProcessChainBuffer(ctx, buffer, sz, format, CA_TYPE, NULL); return ProcessChainBuffer(ctx, buffer, sz, format, CA_TYPE, NULL);
else else
return ProcessBuffer(ctx, buffer, sz, format, CA_TYPE, NULL, NULL); return ProcessBuffer(ctx, buffer, sz, format, CA_TYPE, NULL,NULL,0);
} }
@@ -2233,7 +2240,7 @@ int CyaSSL_set_compression(SSL* ssl)
const unsigned char* buffer,long sz,int format) const unsigned char* buffer,long sz,int format)
{ {
CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer"); CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
return ProcessBuffer(ctx, buffer, sz, format, CERT_TYPE, NULL, NULL); return ProcessBuffer(ctx, buffer, sz, format, CERT_TYPE, NULL, NULL, 0);
} }
@@ -2241,7 +2248,7 @@ int CyaSSL_set_compression(SSL* ssl)
const unsigned char* buffer,long sz,int format) const unsigned char* buffer,long sz,int format)
{ {
CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer"); CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
return ProcessBuffer(ctx, buffer, sz, format,PRIVATEKEY_TYPE,NULL,NULL); return ProcessBuffer(ctx, buffer,sz,format,PRIVATEKEY_TYPE,NULL,NULL,0);
} }
@@ -2249,15 +2256,15 @@ int CyaSSL_set_compression(SSL* ssl)
const unsigned char* buffer, long sz) const unsigned char* buffer, long sz)
{ {
CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer"); CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
return ProcessBuffer(ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE, NULL, return ProcessBuffer(ctx, buffer, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
NULL); NULL, 1);
} }
int CyaSSL_use_certificate_buffer(SSL* ssl, int CyaSSL_use_certificate_buffer(SSL* ssl,
const unsigned char* buffer,long sz,int format) const unsigned char* buffer,long sz,int format)
{ {
CYASSL_ENTER("CyaSSL_use_certificate_buffer"); CYASSL_ENTER("CyaSSL_use_certificate_buffer");
return ProcessBuffer(ssl->ctx, buffer, sz, format, CERT_TYPE, ssl,NULL); return ProcessBuffer(ssl->ctx, buffer, sz, format,CERT_TYPE,ssl,NULL,0);
} }
@@ -2266,7 +2273,7 @@ int CyaSSL_set_compression(SSL* ssl)
{ {
CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer"); CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
return ProcessBuffer(ssl->ctx, buffer, sz, format, PRIVATEKEY_TYPE, return ProcessBuffer(ssl->ctx, buffer, sz, format, PRIVATEKEY_TYPE,
ssl, NULL); ssl, NULL, 0);
} }
@@ -2274,8 +2281,8 @@ int CyaSSL_set_compression(SSL* ssl)
const unsigned char* buffer, long sz) const unsigned char* buffer, long sz)
{ {
CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer"); CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
return ProcessBuffer(ssl->ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE, return ProcessBuffer(ssl->ctx, buffer, sz, SSL_FILETYPE_PEM, CERT_TYPE,
ssl, NULL); ssl, NULL, 1);
} }
/* old NO_FILESYSTEM end */ /* old NO_FILESYSTEM end */