Changeset 464 for azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/ocsp.c
- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/ocsp.c
r457 r464 76 76 CertStatus *status, *next; 77 77 78 if (entry == NULL) 79 return; 80 78 81 WOLFSSL_ENTER("FreeOcspEntry"); 79 82 … … 83 86 if (status->rawOcspResponse) 84 87 XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS); 88 89 #ifdef OPENSSL_EXTRA 90 if (status->serialInt) { 91 if (status->serialInt->isDynamic) { 92 XFREE(status->serialInt->data, NULL, DYNAMIC_TYPE_OPENSSL); 93 } 94 XFREE(status->serialInt, NULL, DYNAMIC_TYPE_OPENSSL); 95 } 96 status->serialInt = NULL; 97 #endif 85 98 86 99 XFREE(status, heap, DYNAMIC_TYPE_OCSP_STATUS); … … 273 286 #ifdef WOLFSSL_SMALL_STACK 274 287 CertStatus* newStatus; 288 OcspEntry* newSingle; 275 289 OcspResponse* ocspResponse; 276 290 #else 277 291 CertStatus newStatus[1]; 292 OcspEntry newSingle[1]; 278 293 OcspResponse ocspResponse[1]; 279 294 #endif … … 283 298 #ifdef WOLFSSL_SMALL_STACK 284 299 newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, 285 DYNAMIC_TYPE_TMP_BUFFER); 300 DYNAMIC_TYPE_OCSP_STATUS); 301 newSingle = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, 302 DYNAMIC_TYPE_OCSP_ENTRY); 286 303 ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, 287 DYNAMIC_TYPE_TMP_BUFFER); 288 289 if (newStatus == NULL || ocspResponse == NULL) { 290 if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); 291 if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); 304 DYNAMIC_TYPE_OCSP_REQUEST); 305 306 if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) { 307 if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); 308 if (newSingle) XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); 309 if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 292 310 293 311 WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); … … 295 313 } 296 314 #endif 297 XMEMSET(newStatus, 0, sizeof(CertStatus));298 299 InitOcspResponse(ocspResponse, newStatus, response, responseSz); 315 InitOcspResponse(ocspResponse, newSingle, newStatus, response, responseSz, 316 ocsp->cm->heap); 317 300 318 ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0); 301 319 if (ret != 0) { … … 326 344 } 327 345 328 ret = xstat2err(ocspResponse->s tatus->status);346 ret = xstat2err(ocspResponse->single->status->status); 329 347 if (ret == 0) { 330 348 validated = 1; … … 343 361 344 362 /* Replace existing certificate entry with updated */ 345 newS tatus->next = status->next;346 XMEMCPY(status, newS tatus, sizeof(CertStatus));363 newSingle->status->next = status->next; 364 XMEMCPY(status, newSingle->status, sizeof(CertStatus)); 347 365 } 348 366 else { … … 351 369 ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); 352 370 if (status != NULL) { 353 XMEMCPY(status, newS tatus, sizeof(CertStatus));371 XMEMCPY(status, newSingle->status, sizeof(CertStatus)); 354 372 status->next = entry->status; 355 373 entry->status = status; … … 380 398 381 399 #ifdef WOLFSSL_SMALL_STACK 382 XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); 383 XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); 400 XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); 401 XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); 402 XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 384 403 #endif 385 404 return ret; … … 454 473 else { 455 474 /* cert doesn't have extAuthInfo, assuming CERT_GOOD */ 475 WOLFSSL_MSG("Cert has no OCSP URL, assuming CERT_GOOD"); 456 476 return 0; 457 477 } … … 493 513 494 514 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ 495 defined(WOLFSSL_APACHE_HTTPD) 515 defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) 496 516 497 517 int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, … … 500 520 WOLFSSL_ASN1_TIME** nextupd) 501 521 { 522 WOLFSSL_OCSP_SINGLERESP* single; 523 502 524 if (bs == NULL || id == NULL) 503 525 return WOLFSSL_FAILURE; 504 526 505 /* Only supporting one certificate status in asn.c. */ 506 if (CompareOcspReqResp(id, bs) != 0) 527 single = bs->single; 528 while (single != NULL) { 529 if ((XMEMCMP(single->status->serial, id->status->serial, single->status->serialSz) == 0) 530 && (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0) 531 && (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) { 532 break; 533 } 534 single = single->next; 535 } 536 537 if (single == NULL) 507 538 return WOLFSSL_FAILURE; 508 539 509 540 if (status != NULL) 510 *status = bs->status->status;541 *status = single->status->status; 511 542 if (thisupd != NULL) 512 *thisupd = & bs->status->thisDateParsed;543 *thisupd = &single->status->thisDateParsed; 513 544 if (nextupd != NULL) 514 *nextupd = & bs->status->nextDateParsed;515 516 /* TODO: Not needed for Nginx .*/545 *nextupd = &single->status->nextDateParsed; 546 547 /* TODO: Not needed for Nginx or httpd */ 517 548 if (reason != NULL) 518 549 *reason = 0; … … 550 581 void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId) 551 582 { 552 FreeOcsp Request(certId);583 FreeOcspEntry(certId, NULL); 553 584 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); 554 585 } … … 559 590 { 560 591 WOLFSSL_OCSP_CERTID* certId; 592 CertStatus* certStatus; 561 593 DecodedCert cert; 562 594 WOLFSSL_CERT_MANAGER* cm; … … 581 613 certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, 582 614 DYNAMIC_TYPE_OPENSSL); 583 if (certId != NULL) { 584 InitDecodedCert(&cert, subject->derCert->buffer, 585 subject->derCert->length, NULL); 586 if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { 615 certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, 616 DYNAMIC_TYPE_OPENSSL); 617 618 if (certId == NULL || certStatus == NULL) { 619 if (certId) 587 620 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); 588 certId = NULL; 589 } 590 else { 591 ret = InitOcspRequest(certId, &cert, 0, NULL); 592 if (ret != 0) { 593 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); 594 certId = NULL; 595 } 596 } 597 FreeDecodedCert(&cert); 598 } 621 if (certStatus) 622 XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL); 623 624 return NULL; 625 } 626 627 XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); 628 XMEMSET(certStatus, 0, sizeof(CertStatus)); 629 630 certId->status = certStatus; 631 632 InitDecodedCert(&cert, subject->derCert->buffer, 633 subject->derCert->length, NULL); 634 if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { 635 XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); 636 certId = NULL; 637 } 638 else { 639 XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE); 640 XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE); 641 XMEMCPY(certId->status->serial, cert.serial, cert.serialSz); 642 certId->status->serialSz = cert.serialSz; 643 } 644 FreeDecodedCert(&cert); 599 645 600 646 wolfSSL_CertManagerFree(cm); … … 636 682 void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response) 637 683 { 638 if (response->status != NULL) 639 XFREE(response->status, NULL, DYNAMIC_TYPE_TMP_BUFFER); 684 if (response == NULL) 685 return; 686 687 if (response->single != NULL) { 688 FreeOcspEntry(response->single, NULL); 689 XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); 690 } 691 640 692 if (response->source != NULL) 641 693 XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); 642 XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); 643 } 644 694 695 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 696 } 697 698 #ifndef NO_BIO 645 699 OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, 646 700 OcspResponse** response) … … 707 761 return ret; 708 762 } 763 #endif /* !NO_BIO */ 709 764 710 765 OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, … … 722 777 if (resp == NULL) { 723 778 resp = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, 724 DYNAMIC_TYPE_O PENSSL);779 DYNAMIC_TYPE_OCSP_REQUEST); 725 780 if (resp == NULL) 726 781 return NULL; … … 730 785 resp->source = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); 731 786 if (resp->source == NULL) { 732 XFREE(resp, NULL, DYNAMIC_TYPE_O PENSSL);787 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 733 788 return NULL; 734 789 } 735 resp->s tatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,736 DYNAMIC_TYPE_TMP_BUFFER);737 if (resp->s tatus== NULL) {790 resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, 791 DYNAMIC_TYPE_OCSP_ENTRY); 792 if (resp->single == NULL) { 738 793 XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); 739 XFREE(resp, NULL, DYNAMIC_TYPE_O PENSSL);794 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 740 795 return NULL; 741 796 } 797 XMEMSET(resp->single, 0, sizeof(OcspEntry)); 798 resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, 799 DYNAMIC_TYPE_OCSP_STATUS); 800 if (resp->single->status == NULL) { 801 XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); 802 XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 803 XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); 804 return NULL; 805 } 806 XMEMSET(resp->single->status, 0, sizeof(CertStatus)); 742 807 743 808 XMEMCPY(resp->source, *data, len); … … 795 860 796 861 bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL, 797 DYNAMIC_TYPE_O PENSSL);862 DYNAMIC_TYPE_OCSP_REQUEST); 798 863 if (bs == NULL) 799 864 return NULL; 800 865 801 866 XMEMCPY(bs, response, sizeof(OcspResponse)); 802 bs->s tatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,803 DYNAMIC_TYPE_TMP_BUFFER);867 bs->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, 868 DYNAMIC_TYPE_OCSP_ENTRY); 804 869 bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); 805 if (bs->s tatus== NULL || bs->source == NULL) {806 if (bs->s tatus) XFREE(bs->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);870 if (bs->single == NULL || bs->source == NULL) { 871 if (bs->single) XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); 807 872 if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); 808 873 wolfSSL_OCSP_RESPONSE_free(bs); … … 810 875 } 811 876 else { 812 XMEMCPY(bs->s tatus, response->status, sizeof(CertStatus));877 XMEMCPY(bs->single, response->single, sizeof(OcspEntry)); 813 878 XMEMCPY(bs->source, response->source, response->maxIdx); 814 879 } … … 851 916 return NULL; 852 917 853 FreeOcspRequest(req); 854 XMEMCPY(req, cid, sizeof(OcspRequest)); 855 856 if (cid->serial != NULL) { 857 req->serial = (byte*)XMALLOC(cid->serialSz, NULL, 858 DYNAMIC_TYPE_OCSP_REQUEST); 859 req->url = (byte*)XMALLOC(cid->urlSz, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 860 if (req->serial == NULL || req->url == NULL) { 861 FreeOcspRequest(req); 862 return NULL; 863 } 864 865 XMEMCPY(req->serial, cid->serial, cid->serialSz); 866 XMEMCPY(req->url, cid->url, cid->urlSz); 867 } 868 869 wolfSSL_OCSP_REQUEST_free(cid); 918 XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE); 919 XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE); 920 XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz); 921 req->serialSz = cid->status->serialSz; 870 922 871 923 return req; … … 876 928 WOLFSSL_OCSP_CERTID* certId; 877 929 878 if (id == NULL) {930 if (id == NULL) 879 931 return NULL; 880 }881 932 882 933 certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), 883 id->heap, DYNAMIC_TYPE_OPENSSL);934 NULL, DYNAMIC_TYPE_OPENSSL); 884 935 if (certId) { 885 936 XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID)); … … 890 941 891 942 #if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) 943 #ifndef NO_BIO 892 944 int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, 893 945 WOLFSSL_OCSP_REQUEST *req) … … 923 975 return WOLFSSL_FAILURE; 924 976 } 977 #endif /* !NO_BIO */ 978 979 int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data) 980 { 981 if (id == NULL || data == NULL) 982 return WOLFSSL_FAILURE; 983 984 if (*data != NULL) { 985 XMEMCPY(*data, id->rawCertId, id->rawCertIdSize); 986 *data = *data + id->rawCertIdSize; 987 } 988 else { 989 *data = (unsigned char*)XMALLOC(id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL); 990 if (*data == NULL) { 991 return WOLFSSL_FAILURE; 992 } 993 XMEMCPY(*data, id->rawCertId, id->rawCertIdSize); 994 } 995 996 return id->rawCertIdSize; 997 } 998 999 const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) 1000 { 1001 return single; 1002 } 1003 1004 int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, 1005 int *reason, 1006 WOLFSSL_ASN1_TIME **revtime, 1007 WOLFSSL_ASN1_TIME **thisupd, 1008 WOLFSSL_ASN1_TIME **nextupd) 1009 { 1010 if (single == NULL) 1011 return WOLFSSL_FAILURE; 1012 1013 if (thisupd != NULL) 1014 *thisupd = &single->status->thisDateParsed; 1015 if (nextupd != NULL) 1016 *nextupd = &single->status->nextDateParsed; 1017 1018 if (reason != NULL) 1019 *reason = 0; 1020 if (revtime != NULL) 1021 *revtime = NULL; 1022 1023 return single->status->status; 1024 } 1025 1026 int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs) 1027 { 1028 WOLFSSL_OCSP_SINGLERESP* single; 1029 int count = 0; 1030 1031 if (bs == NULL) 1032 return WOLFSSL_FAILURE; 1033 1034 single = bs->single; 1035 while(single != NULL) 1036 { 1037 ++count; 1038 single = single->next; 1039 } 1040 1041 return count; 1042 } 1043 1044 WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx) 1045 { 1046 WOLFSSL_OCSP_SINGLERESP* single; 1047 int currIdx = 0; 1048 1049 if (bs == NULL) 1050 return NULL; 1051 1052 single = bs->single; 1053 while(single != NULL && currIdx != idx) 1054 { 1055 single = single->next; 1056 ++currIdx; 1057 } 1058 1059 return single; 1060 } 1061 925 1062 #endif /* OPENSSL_ALL || APACHE_HTTPD */ 926 1063 … … 980 1117 return 0; 981 1118 982 if (cid->s erialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) {1119 if (cid->status->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) { 983 1120 /* allocate data buffer, +2 for type and length */ 984 ser->data = (unsigned char*)XMALLOC(cid->s erialSz + 2, NULL,1121 ser->data = (unsigned char*)XMALLOC(cid->status->serialSz + 2, NULL, 985 1122 DYNAMIC_TYPE_OPENSSL); 986 1123 if (ser->data == NULL) { … … 988 1125 return 0; 989 1126 } 990 ser->dataMax = cid->s erialSz + 2;1127 ser->dataMax = cid->status->serialSz + 2; 991 1128 ser->isDynamic = 1; 992 1129 } else { … … 998 1135 #ifdef WOLFSSL_QT 999 1136 /* Serial number starts at 0 index of ser->data */ 1000 XMEMCPY(&ser->data[i], cid->s erial, cid->serialSz);1001 ser->length = cid->s erialSz;1137 XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz); 1138 ser->length = cid->status->serialSz; 1002 1139 #else 1003 1140 ser->data[i++] = ASN_INTEGER; 1004 i += SetLength(cid->s erialSz, ser->data + i);1005 XMEMCPY(&ser->data[i], cid->s erial, cid->serialSz);1141 i += SetLength(cid->status->serialSz, ser->data + i); 1142 XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz); 1006 1143 #endif 1007 1144 1008 cid->s erialInt = ser;1009 *serial = cid->serialInt;1145 cid->status->serialInt = ser; 1146 *serial = ser; 1010 1147 } 1011 1148
Note:
See TracChangeset
for help on using the changeset viewer.