wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

add user cert chain functionality at SSL level instead of just CTX

Browse Source
This commit is contained in:
toddouska
2014-06-20 10:49:21 -07:00
parent 0c12f7c9ac
commit e6d9151f47
3 changed files with 42 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cyassl/internal.h
View File

@@ -1631,7 +1631,7 @@ typedef struct Buffers {
#ifndef NO_CERTS #ifndef NO_CERTS
buffer certificate; /* CYASSL_CTX owns, unless we own */ buffer certificate; /* CYASSL_CTX owns, unless we own */
buffer key; /* CYASSL_CTX owns, unless we own */ buffer key; /* CYASSL_CTX owns, unless we own */
buffer certChain; /* CYASSL_CTX owns */ buffer certChain; /* CYASSL_CTX owns, unless we own */
/* chain after self, in DER, with leading size for each cert */ /* chain after self, in DER, with leading size for each cert */
buffer serverDH_P; /* CYASSL_CTX owns, unless we own */ buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
buffer serverDH_G; /* CYASSL_CTX owns, unless we own */ buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
@@ -1647,6 +1647,7 @@ typedef struct Buffers {
int plainSz; /* plain text bytes in buffer to send int plainSz; /* plain text bytes in buffer to send
when got WANT_WRITE */ when got WANT_WRITE */
byte weOwnCert; /* SSL own cert flag */ byte weOwnCert; /* SSL own cert flag */
byte weOwnCertChain; /* SSL own cert chain flag */
byte weOwnKey; /* SSL own key flag */ byte weOwnKey; /* SSL own key flag */
byte weOwnDH; /* SSL own dh (p,g) flag */ byte weOwnDH; /* SSL own dh (p,g) flag */
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS

10
src/internal.c
View File

@@ -1647,9 +1647,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->buffers.serverDH_G = ctx->serverDH_G; ssl->buffers.serverDH_G = ctx->serverDH_G;
} }
#endif #endif
ssl->buffers.weOwnCert = 0; ssl->buffers.weOwnCert = 0;
ssl->buffers.weOwnKey = 0; ssl->buffers.weOwnCertChain = 0;
ssl->buffers.weOwnDH = 0; ssl->buffers.weOwnKey = 0;
ssl->buffers.weOwnDH = 0;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
ssl->buffers.dtlsCtx.fd = -1; ssl->buffers.dtlsCtx.fd = -1;
@@ -1874,9 +1875,10 @@ void SSL_ResourceFree(CYASSL* ssl)
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
} }
/* CYASSL_CTX always owns certChain */
if (ssl->buffers.weOwnCert) if (ssl->buffers.weOwnCert)
XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
if (ssl->buffers.weOwnCertChain)
XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
if (ssl->buffers.weOwnKey) if (ssl->buffers.weOwnKey)
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
#endif #endif

47
src/ssl.c
View File

@@ -1905,6 +1905,9 @@ int CyaSSL_Init(void)
&& format != SSL_FILETYPE_RAW) && format != SSL_FILETYPE_RAW)
return SSL_BAD_FILETYPE; return SSL_BAD_FILETYPE;
if (ctx == NULL && ssl == NULL)
return BAD_FUNC_ARG;
if (type == CA_TYPE) if (type == CA_TYPE)
dynamicType = DYNAMIC_TYPE_CA; dynamicType = DYNAMIC_TYPE_CA;
else if (type == CERT_TYPE) else if (type == CERT_TYPE)
@@ -1924,6 +1927,8 @@ int CyaSSL_Init(void)
if (userChain && type == CERT_TYPE && info.consumed < sz) { if (userChain && type == CERT_TYPE && info.consumed < sz) {
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
byte* chainBuffer = staticBuffer; byte* chainBuffer = staticBuffer;
byte* shrinked = NULL; /* shrinked to size chainBuffer
* or staticBuffer */
int dynamicBuffer = 0; int dynamicBuffer = 0;
word32 bufferSz = sizeof(staticBuffer); word32 bufferSz = sizeof(staticBuffer);
long consumed = info.consumed; long consumed = info.consumed;
@@ -1986,22 +1991,30 @@ int CyaSSL_Init(void)
} }
CYASSL_MSG("Finished Processing Cert Chain"); CYASSL_MSG("Finished Processing Cert Chain");
if (ctx == NULL) { /* only retain actual size used */
CYASSL_MSG("certChain needs context"); shrinked = (byte*)XMALLOC(idx, heap, dynamicType);
if (dynamicBuffer) if (shrinked) {
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); if (ssl) {
XFREE(der.buffer, heap, dynamicType); if (ssl->buffers.certChain.buffer &&
return BAD_FUNC_ARG; ssl->buffers.weOwnCertChain) {
} XFREE(ssl->buffers.certChain.buffer, heap,
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap, dynamicType);
dynamicType); }
if (ctx->certChain.buffer) { ssl->buffers.certChain.buffer = shrinked;
ctx->certChain.length = idx; ssl->buffers.certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx);
ssl->buffers.weOwnCertChain = 1;
} else if (ctx) {
if (ctx->certChain.buffer)
XFREE(ctx->certChain.buffer, heap, dynamicType);
ctx->certChain.buffer = shrinked;
ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
}
} }
if (dynamicBuffer) if (dynamicBuffer)
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (ctx->certChain.buffer == NULL) { if (shrinked == NULL) {
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return MEMORY_E; return MEMORY_E;
} }
@@ -5866,6 +5879,14 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->buffers.certificate.buffer = NULL; ssl->buffers.certificate.buffer = NULL;
} }
if (ssl->buffers.weOwnCertChain) {
CYASSL_MSG("Unloading cert chain");
XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
ssl->buffers.weOwnCertChain = 0;
ssl->buffers.certChain.length = 0;
ssl->buffers.certChain.buffer = NULL;
}
if (ssl->buffers.weOwnKey) { if (ssl->buffers.weOwnKey) {
CYASSL_MSG("Unloading key"); CYASSL_MSG("Unloading key");
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);