mirror of https://github.com/wolfSSL/wolfssl.git
turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11
parent
9dbf6a5e10
commit
05dd84598b
|
@ -2801,6 +2801,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||
}
|
||||
|
||||
|
||||
/* Create and init an new signer */
|
||||
Signer* MakeSigner(void* heap)
|
||||
{
|
||||
Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
|
||||
|
@ -2816,18 +2817,31 @@ Signer* MakeSigner(void* heap)
|
|||
}
|
||||
|
||||
|
||||
void FreeSigners(Signer* signer, void* heap)
|
||||
/* Free an individual signer */
|
||||
void FreeSigner(Signer* signer, void* heap)
|
||||
{
|
||||
while (signer) {
|
||||
Signer* next = signer->next;
|
||||
|
||||
XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(signer, heap, DYNAMIC_TYPE_SIGNER);
|
||||
|
||||
(void)heap;
|
||||
}
|
||||
|
||||
|
||||
/* Free the whole singer table with number of rows */
|
||||
void FreeSignerTable(Signer** table, int rows, void* heap)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < rows; i++) {
|
||||
Signer* signer = table[i];
|
||||
while (signer) {
|
||||
Signer* next = signer->next;
|
||||
FreeSigner(signer, heap);
|
||||
signer = next;
|
||||
}
|
||||
(void)heap;
|
||||
table[i] = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -315,7 +315,8 @@ CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
|
|||
int hashOID);
|
||||
|
||||
CYASSL_LOCAL Signer* MakeSigner(void*);
|
||||
CYASSL_LOCAL void FreeSigners(Signer*, void*);
|
||||
CYASSL_LOCAL void FreeSigner(Signer*, void*);
|
||||
CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*);
|
||||
|
||||
|
||||
CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
|
||||
|
|
|
@ -1056,9 +1056,13 @@ struct CYASSL_CRL {
|
|||
#endif
|
||||
|
||||
|
||||
#ifndef CA_TABLE_SIZE
|
||||
#define CA_TABLE_SIZE 11
|
||||
#endif
|
||||
|
||||
/* CyaSSL Certificate Manager */
|
||||
struct CYASSL_CERT_MANAGER {
|
||||
Signer* caList; /* the CA signer list */
|
||||
Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
|
||||
CyaSSL_Mutex caLock; /* CA list lock */
|
||||
CallbackCACache caCacheCallback; /* CA cache addition callback */
|
||||
void* heap; /* heap helper */
|
||||
|
|
59
src/ssl.c
59
src/ssl.c
|
@ -664,7 +664,10 @@ CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
|
|||
cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
|
||||
DYNAMIC_TYPE_CERT_MANAGER);
|
||||
if (cm) {
|
||||
cm->caList = NULL;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < CA_TABLE_SIZE; i++)
|
||||
cm->caTable[i] = NULL;
|
||||
cm->heap = NULL;
|
||||
cm->caCacheCallback = NULL;
|
||||
cm->crl = NULL;
|
||||
|
@ -692,7 +695,7 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
|
|||
if (cm->crl)
|
||||
FreeCRL(cm->crl, 1);
|
||||
#endif
|
||||
FreeSigners(cm->caList, NULL);
|
||||
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
|
||||
FreeMutex(&cm->caLock);
|
||||
XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
|
||||
}
|
||||
|
@ -703,8 +706,6 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
|
|||
/* Unload the CA signer list */
|
||||
int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
|
||||
{
|
||||
Signer* signers;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
|
||||
|
||||
if (cm == NULL)
|
||||
|
@ -713,12 +714,10 @@ int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
|
|||
if (LockMutex(&cm->caLock) != 0)
|
||||
return BAD_MUTEX_ERROR;
|
||||
|
||||
signers = cm->caList;
|
||||
cm->caList = NULL;
|
||||
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
|
||||
|
||||
UnLockMutex(&cm->caLock);
|
||||
|
||||
FreeSigners(signers, NULL);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
@ -846,19 +845,40 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
|
|||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
#endif /* !leanpsk */
|
||||
|
||||
|
||||
#if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
|
||||
|
||||
/* Make a work from the front of random hash */
|
||||
static INLINE word32 MakeWordFromHash(const byte* hashID)
|
||||
{
|
||||
return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
|
||||
hashID[3];
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS || !NO_SESSION_CACHE */
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
/* hash is the SHA digest of name, just use first 32 bits as hash */
|
||||
static INLINE word32 HashSigner(const byte* hash)
|
||||
{
|
||||
return MakeWordFromHash(hash) % CA_TABLE_SIZE;
|
||||
}
|
||||
|
||||
|
||||
/* does CA already exist on signer list */
|
||||
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
|
||||
{
|
||||
Signer* signers;
|
||||
int ret = 0;
|
||||
word32 row = HashSigner(hash);
|
||||
|
||||
if (LockMutex(&cm->caLock) != 0)
|
||||
return ret;
|
||||
signers = cm->caList;
|
||||
signers = cm->caTable[row];
|
||||
while (signers) {
|
||||
if (XMEMCMP(hash, signers->hash, SHA_DIGEST_SIZE) == 0) {
|
||||
ret = 1;
|
||||
|
@ -878,15 +898,15 @@ Signer* GetCA(void* vp, byte* hash)
|
|||
CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
|
||||
Signer* ret = NULL;
|
||||
Signer* signers;
|
||||
word32 row = HashSigner(hash);
|
||||
|
||||
if (cm == NULL)
|
||||
return NULL;
|
||||
|
||||
|
||||
if (LockMutex(&cm->caLock) != 0)
|
||||
return ret;
|
||||
|
||||
signers = cm->caList;
|
||||
signers = cm->caTable[row];
|
||||
while (signers) {
|
||||
if (XMEMCMP(hash, signers->hash, SHA_DIGEST_SIZE) == 0) {
|
||||
ret = signers;
|
||||
|
@ -908,6 +928,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
int ret;
|
||||
DecodedCert cert;
|
||||
Signer* signer = 0;
|
||||
word32 row;
|
||||
|
||||
CYASSL_MSG("Adding a CA");
|
||||
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
|
||||
|
@ -938,9 +959,11 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
cert.publicKey = 0; /* don't free here */
|
||||
cert.subjectCN = 0;
|
||||
|
||||
row = HashSigner(signer->hash);
|
||||
|
||||
if (LockMutex(&cm->caLock) == 0) {
|
||||
signer->next = cm->caList;
|
||||
cm->caList = signer; /* takes ownership */
|
||||
signer->next = cm->caTable[row];
|
||||
cm->caTable[row] = signer; /* takes ownership */
|
||||
UnLockMutex(&cm->caLock);
|
||||
if (cm->caCacheCallback)
|
||||
cm->caCacheCallback(der.buffer, (int)der.length, type);
|
||||
|
@ -948,7 +971,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
else {
|
||||
CYASSL_MSG(" CA Mutex Lock failed");
|
||||
ret = BAD_MUTEX_ERROR;
|
||||
FreeSigners(signer, cm->heap);
|
||||
FreeSigner(signer, cm->heap);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -3330,14 +3353,6 @@ int CyaSSL_Cleanup(void)
|
|||
#ifndef NO_SESSION_CACHE
|
||||
|
||||
|
||||
/* Make a work from the front of random hash */
|
||||
static INLINE word32 MakeWordFromHash(const byte* hashID)
|
||||
{
|
||||
return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
|
||||
hashID[3];
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_MD5
|
||||
|
||||
/* some session IDs aren't random afterall, let's make them random */
|
||||
|
|
Loading…
Reference in New Issue