update uses of wolfSSL_X509_new and wolfSSL_X509_d2i

where heap doesn't require a new ex function or struct field to avoid size increase
2024-01-17 18:46:24 -05:00 · 2024-01-17 18:46:24 -05:00 · 41ea1109ec
parent 03f32b623f
commit 41ea1109ec
5 changed files with 28 additions and 23 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -18856,7 +18856,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
    sk = wolfSSL_sk_X509_new_null();
    i = ssl->session->chain.count-1;
    for (; i >= 0; i--) {
-        x509 = wolfSSL_X509_new();
+        x509 = wolfSSL_X509_new_ex(ssl->heap);
        if (x509 == NULL) {
            WOLFSSL_MSG("Error Creating X509");
            wolfSSL_sk_X509_pop_free(sk, NULL);
@ -19224,9 +19224,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                return NULL;
            }
            #ifndef WOLFSSL_X509_STORE_CERTS
-            ssl->ourCert = wolfSSL_X509_d2i(NULL,
+            ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                              ssl->buffers.certificate->buffer,
-                                              ssl->buffers.certificate->length);
+                                              ssl->buffers.certificate->length,
+                                              ssl->heap);
            #endif
        }
        return ssl->ourCert;
@ -19239,9 +19240,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                    return NULL;
                }
                #ifndef WOLFSSL_X509_STORE_CERTS
-                ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
+                ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                               ssl->ctx->certificate->buffer,
-                                               ssl->ctx->certificate->length);
+                                               ssl->ctx->certificate->length,
+                                               ssl->heap);
                #endif
                ssl->ctx->ownOurCert = 1;
            }
@ -19261,9 +19263,9 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
                return NULL;
            }
            #ifndef WOLFSSL_X509_STORE_CERTS
-            ctx->ourCert = wolfSSL_X509_d2i(NULL,
+            ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                           ctx->certificate->buffer,
-                                           ctx->certificate->length);
+                                           ctx->certificate->length, ctx->heap);
            #endif
            ctx->ownOurCert = 1;
        }
@ -26221,7 +26223,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
            return WOLFSSL_FAILURE;
        }
        #else
-        ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
+        ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
+            x->derCert->length, ctx->heap);
        if(ctx->ourCert == NULL){
            return WOLFSSL_FAILURE;
        }
@ -30057,8 +30060,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch
        idx += 3;

        /* Create a new X509 from DER encoded data. */
-        node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
-            length);
+        node->data.x509 = wolfSSL_X509_d2i_ex(NULL,
+            ctx->certChain->buffer + idx, length, ctx->heap);
        if (node->data.x509 == NULL) {
            XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
            /* Return as much of the chain as we created. */
@ -33784,8 +33787,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
        return p7->certs;

    for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
-        WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
-            p7->pkcs7.certSz[i]);
+        WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i],
+            p7->pkcs7.certSz[i], pkcs7->heap);
        if (!ret)
            ret = wolfSSL_sk_X509_new_null();
        if (x509) {
--- a/src/x509.c
+++ b/src/x509.c
@ -7582,7 +7582,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
 #endif
    }
    else {
-        localX509 = wolfSSL_X509_d2i(NULL, mem, size);
+        localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap);
    }
    if (localX509 == NULL) {
        WOLFSSL_MSG("wolfSSL_X509_d2i error");
@ -13315,7 +13315,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
 #endif

    /* Use existing CA retrieval APIs that use DecodedCert. */
-    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
+    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
            && !cert->selfSigned) {
    #ifndef NO_SKID
@ -13337,8 +13337,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,

 #ifdef WOLFSSL_SIGNER_DER_CERT
    /* populate issuer with Signer DER */
-    if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
-            ca->derCert->length) == NULL)
+    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
+            ca->derCert->length, cm->heap) == NULL)
        return WOLFSSL_FAILURE;
 #else
    /* Create an empty certificate as CA doesn't have a certificate. */
@ -13804,7 +13804,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,

    /* not checking ctx->x509 for null first since app won't have initialized
     * this X509V3_CTX before this function call */
-    ctx->x509 = wolfSSL_X509_new();
+    ctx->x509 = wolfSSL_X509_new_ex(issuer->heap);
    if (!ctx->x509)
        return;

--- a/src/x509_str.c
+++ b/src/x509_str.c
@ -63,7 +63,8 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)


 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
-     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
+     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
+     WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
    int ret = 0;
    (void)sk;
@ -75,8 +76,8 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
        ctx->current_cert = x509;
        #else
        if(x509 != NULL){
-            ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
-                    x509->derCert->length);
+            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
+                    x509->derCert->length, x509->heap);
            if(ctx->current_cert == NULL)
                return WOLFSSL_FAILURE;
        } else
--- a/tests/api.c
+++ b/tests/api.c
@ -31740,7 +31740,7 @@ static int test_wolfSSL_X509_NAME(void)
        XFCLOSE(f);

    c = buf;
-    ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
+    ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));

    /* test cmp function */
    ExpectNotNull(a = X509_get_issuer_name(x509));
@ -36869,8 +36869,8 @@ static int test_wolfSSL_X509_NID(void)
    /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */

    /* convert cert from DER to internal WOLFSSL_X509 struct */
-    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
-            sizeof_client_cert_der_2048));
+    ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
+            sizeof_client_cert_der_2048, HEAP_HINT));

    /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */

--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -6071,6 +6071,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #endif

 #ifdef WOLFSSL_HEAP_TEST
+    (void)heap;
    key->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
    key->heap = heap;