WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #7136 from jpbland1/x509-new-ex 

add heap hint support for a few of the x509 functions
pull/7147/head
David Garske 2024-01-19 09:29:47 -08:00 committed by GitHub
parent ac81d9d29c 66f04958e3
commit a3a7012c81
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 69 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/ssl.c
View File

@ -19031,7 +19031,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
sk = wolfSSL_sk_X509_new_null();
i = ssl->session->chain.count-1;
for (; i >= 0; i--) {
x509 = wolfSSL_X509_new();
x509 = wolfSSL_X509_new_ex(ssl->heap);
if (x509 == NULL) {
WOLFSSL_MSG("Error Creating X509");
wolfSSL_sk_X509_pop_free(sk, NULL);
@ -19399,9 +19399,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ssl->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
ssl->buffers.certificate->buffer,
ssl->buffers.certificate->length);
ssl->buffers.certificate->length,
ssl->heap);
#endif
}
return ssl->ourCert;
@ -19414,9 +19415,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
ssl->ctx->certificate->buffer,
ssl->ctx->certificate->length);
ssl->ctx->certificate->length,
ssl->heap);
#endif
ssl->ctx->ownOurCert = 1;
}
@ -19436,9 +19438,9 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ctx->ourCert = wolfSSL_X509_d2i(NULL,
ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
ctx->certificate->buffer,
ctx->certificate->length);
ctx->certificate->length, ctx->heap);
#endif
ctx->ownOurCert = 1;
}
@ -26396,7 +26398,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
}
#else
ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
x->derCert->length, ctx->heap);
if(ctx->ourCert == NULL){
return WOLFSSL_FAILURE;
}
@ -30242,8 +30245,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch
idx += 3;
/* Create a new X509 from DER encoded data. */
node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
length);
node->data.x509 = wolfSSL_X509_d2i_ex(NULL,
ctx->certChain->buffer + idx, length, ctx->heap);
if (node->data.x509 == NULL) {
XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
/* Return as much of the chain as we created. */
@ -33969,8 +33972,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
return p7->certs;
for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
p7->pkcs7.certSz[i]);
WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i],
p7->pkcs7.certSz[i], pkcs7->heap);
if (!ret)
ret = wolfSSL_sk_X509_new_null();
if (x509) {

30
src/ssl_certman.c
View File

@ -42,33 +42,33 @@
* @return A TLS method on success.
* @return NULL when no TLS method built into wolfSSL.
*/
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
{
#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_client_method();
return wolfSSLv3_client_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_client_method();
return wolfTLSv1_client_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_client_method();
return wolfTLSv1_1_client_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_client_method();
return wolfTLSv1_2_client_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_client_method();
return wolfTLSv1_3_client_method_ex(heap);
#else
return NULL;
#endif
#elif !defined(NO_WOLFSSL_SERVER)
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_server_method();
return wolfSSLv3_server_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_server_method();
return wolfTLSv1_server_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_server_method();
return wolfTLSv1_1_server_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_server_method();
return wolfTLSv1_2_server_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_server_method();
return wolfTLSv1_3_server_method_ex(heap);
#else
return NULL;
#endif
@ -513,8 +513,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
ret = WOLFSSL_FATAL_ERROR;
}
/* Allocate a temporary WOLFSSL_CTX to load with. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
== NULL)) {
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;
}
@ -876,8 +876,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
ret = WOLFSSL_FATAL_ERROR;
}
/* Create temporary WOLFSSL_CTX. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
== NULL)) {
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;
}

40
src/x509.c
View File

@ -3593,7 +3593,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
}
static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
const byte* in, int len, int req)
const byte* in, int len, int req, void* heap)
{
WOLFSSL_X509 *newX509 = NULL;
int type = req ? CERTREQ_TYPE : CERT_TYPE;
@ -3620,12 +3620,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
return NULL;
#endif
InitDecodedCert(cert, (byte*)in, len, NULL);
InitDecodedCert(cert, (byte*)in, len, heap);
#ifdef WOLFSSL_CERT_REQ
cert->isCSR = (byte)req;
#endif
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
newX509 = wolfSSL_X509_new();
newX509 = wolfSSL_X509_new_ex(heap);
if (newX509 != NULL) {
if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL_X509_free(newX509);
@ -3659,16 +3659,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
return isCA;
}
WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
void* heap)
{
return d2i_X509orX509REQ(x509, in, len, 0, heap);
}
WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 0);
return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
}
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
const unsigned char* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 1);
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
}
#endif
@ -5319,19 +5325,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
* fail
*/
WOLFSSL_X509* wolfSSL_X509_new(void)
WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
{
WOLFSSL_X509* x509;
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
DYNAMIC_TYPE_X509);
if (x509 != NULL) {
InitX509(x509, 1, NULL);
InitX509(x509, 1, heap);
}
return x509;
}
WOLFSSL_X509* wolfSSL_X509_new(void)
{
return wolfSSL_X509_new_ex(NULL);
}
WOLFSSL_ABI
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
{
@ -7610,7 +7621,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
#endif
}
else {
localX509 = wolfSSL_X509_d2i(NULL, mem, size);
localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap);
}
if (localX509 == NULL) {
WOLFSSL_MSG("wolfSSL_X509_d2i error");
@ -13353,7 +13364,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
#endif
/* Use existing CA retrieval APIs that use DecodedCert. */
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
&& !cert->selfSigned) {
#ifndef NO_SKID
@ -13375,8 +13386,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
#ifdef WOLFSSL_SIGNER_DER_CERT
/* populate issuer with Signer DER */
if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
ca->derCert->length) == NULL)
if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
ca->derCert->length, cm->heap) == NULL)
return WOLFSSL_FAILURE;
#else
/* Create an empty certificate as CA doesn't have a certificate. */
@ -13471,7 +13482,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
return NULL;
}
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
x->heap);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@ -13841,7 +13853,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
/* not checking ctx->x509 for null first since app won't have initialized
* this X509V3_CTX before this function call */
ctx->x509 = wolfSSL_X509_new();
ctx->x509 = wolfSSL_X509_new_ex(issuer->heap);
if (!ctx->x509)
return;

9
src/x509_str.c
View File

@ -63,7 +63,8 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
WOLF_STACK_OF(WOLFSSL_X509)* sk)
{
int ret = 0;
(void)sk;
@ -75,8 +76,8 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
ctx->current_cert = x509;
#else
if(x509 != NULL){
ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
x509->derCert->length);
ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
x509->derCert->length, x509->heap);
if(ctx->current_cert == NULL)
return WOLFSSL_FAILURE;
} else
@ -1035,7 +1036,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
return WOLFSSL_FAILURE;
/* tmp ctx for setting our cert manager */
ctx = wolfSSL_CTX_new(cm_pick_method());
ctx = wolfSSL_CTX_new_ex(cm_pick_method(str->cm->heap), str->cm->heap);
if (ctx == NULL)
return WOLFSSL_FAILURE;

6
tests/api.c
View File

@ -32048,7 +32048,7 @@ static int test_wolfSSL_X509_NAME(void)
XFCLOSE(f);
c = buf;
ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
/* test cmp function */
ExpectNotNull(a = X509_get_issuer_name(x509));
@ -37177,8 +37177,8 @@ static int test_wolfSSL_X509_NID(void)
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
/* convert cert from DER to internal WOLFSSL_X509 struct */
ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048));
ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048, HEAP_HINT));
/* ------ EXTRACT CERTIFICATE ELEMENTS ------ */

1
wolfcrypt/src/ecc.c
View File

@ -6071,6 +6071,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
#endif
#ifdef WOLFSSL_HEAP_TEST
(void)heap;
key->heap = (void*)WOLFSSL_HEAP_TEST;
#else
key->heap = heap;

4
wolfssl/ssl.h
View File

@ -1684,6 +1684,7 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
@ -2888,6 +2889,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
void* heap);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);