Skip to content

add heap hint support for a few of the x509 functions #7136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 4 commits into from
Jan 19, 2024
Merged

add heap hint support for a few of the x509 functions #7136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d1a3646
add heap hint support for a few of the x509 functions
jpbland1 Jan 17, 2024
03f32b6
update based on PR comments
jpbland1 Jan 17, 2024
41ea110
update uses of wolfSSL_X509_new and wolfSSL_X509_d2i
jpbland1 Jan 17, 2024
66f0495
use wolfSSL_CTX_new_ex for heap hint support
jpbland1 Jan 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 15 additions & 12 deletions src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18856,7 +18856,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
sk = wolfSSL_sk_X509_new_null();
i = ssl->session->chain.count-1;
for (; i >= 0; i--) {
x509 = wolfSSL_X509_new();
x509 = wolfSSL_X509_new_ex(ssl->heap);
if (x509 == NULL) {
WOLFSSL_MSG("Error Creating X509");
wolfSSL_sk_X509_pop_free(sk, NULL);
Expand Down Expand Up @@ -19224,9 +19224,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ssl->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
ssl->buffers.certificate->buffer,
ssl->buffers.certificate->length);
ssl->buffers.certificate->length,
ssl->heap);
#endif
}
return ssl->ourCert;
Expand All @@ -19239,9 +19240,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
ssl->ctx->certificate->buffer,
ssl->ctx->certificate->length);
ssl->ctx->certificate->length,
ssl->heap);
#endif
ssl->ctx->ownOurCert = 1;
}
Expand All @@ -19261,9 +19263,9 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
return NULL;
}
#ifndef WOLFSSL_X509_STORE_CERTS
ctx->ourCert = wolfSSL_X509_d2i(NULL,
ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
ctx->certificate->buffer,
ctx->certificate->length);
ctx->certificate->length, ctx->heap);
#endif
ctx->ownOurCert = 1;
}
Expand Down Expand Up @@ -26221,7 +26223,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
}
#else
ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
x->derCert->length, ctx->heap);
if(ctx->ourCert == NULL){
return WOLFSSL_FAILURE;
}
Expand Down Expand Up @@ -30057,8 +30060,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch
idx += 3;

/* Create a new X509 from DER encoded data. */
node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
length);
node->data.x509 = wolfSSL_X509_d2i_ex(NULL,
ctx->certChain->buffer + idx, length, ctx->heap);
if (node->data.x509 == NULL) {
XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
/* Return as much of the chain as we created. */
Expand Down Expand Up @@ -33784,8 +33787,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
return p7->certs;

for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
p7->pkcs7.certSz[i]);
WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i],
p7->pkcs7.certSz[i], pkcs7->heap);
if (!ret)
ret = wolfSSL_sk_X509_new_null();
if (x509) {
Expand Down
30 changes: 15 additions & 15 deletions src/ssl_certman.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,33 +42,33 @@
* @return A TLS method on success.
* @return NULL when no TLS method built into wolfSSL.
*/
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
{
#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_client_method();
return wolfSSLv3_client_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_client_method();
return wolfTLSv1_client_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_client_method();
return wolfTLSv1_1_client_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_client_method();
return wolfTLSv1_2_client_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_client_method();
return wolfTLSv1_3_client_method_ex(heap);
#else
return NULL;
#endif
#elif !defined(NO_WOLFSSL_SERVER)
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
return wolfSSLv3_server_method();
return wolfSSLv3_server_method_ex(heap);
#elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return wolfTLSv1_server_method();
return wolfTLSv1_server_method_ex(heap);
#elif !defined(NO_OLD_TLS)
return wolfTLSv1_1_server_method();
return wolfTLSv1_1_server_method_ex(heap);
#elif !defined(WOLFSSL_NO_TLS12)
return wolfTLSv1_2_server_method();
return wolfTLSv1_2_server_method_ex(heap);
#elif defined(WOLFSSL_TLS13)
return wolfTLSv1_3_server_method();
return wolfTLSv1_3_server_method_ex(heap);
#else
return NULL;
#endif
Expand Down Expand Up @@ -513,8 +513,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
ret = WOLFSSL_FATAL_ERROR;
}
/* Allocate a temporary WOLFSSL_CTX to load with. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
== NULL)) {
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;
}
Expand Down Expand Up @@ -876,8 +876,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
ret = WOLFSSL_FATAL_ERROR;
}
/* Create temporary WOLFSSL_CTX. */
if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
== NULL)) {
if ((ret == WOLFSSL_SUCCESS) && ((tmp =
wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
WOLFSSL_MSG("CTX new failed");
ret = WOLFSSL_FATAL_ERROR;
}
Expand Down
40 changes: 26 additions & 14 deletions src/x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3593,7 +3593,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
}

static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
const byte* in, int len, int req)
const byte* in, int len, int req, void* heap)
{
WOLFSSL_X509 *newX509 = NULL;
int type = req ? CERTREQ_TYPE : CERT_TYPE;
Expand All @@ -3620,12 +3620,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
return NULL;
#endif

InitDecodedCert(cert, (byte*)in, len, NULL);
InitDecodedCert(cert, (byte*)in, len, heap);
#ifdef WOLFSSL_CERT_REQ
cert->isCSR = (byte)req;
#endif
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
newX509 = wolfSSL_X509_new();
newX509 = wolfSSL_X509_new_ex(heap);
if (newX509 != NULL) {
if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL_X509_free(newX509);
Expand Down Expand Up @@ -3659,16 +3659,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
return isCA;
}

WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
void* heap)
{
return d2i_X509orX509REQ(x509, in, len, 0, heap);
}

WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 0);
return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
}

#ifdef WOLFSSL_CERT_REQ
WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
const unsigned char* in, int len)
{
return d2i_X509orX509REQ(x509, in, len, 1);
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
}
#endif

Expand Down Expand Up @@ -5319,19 +5325,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
* fail
*/
WOLFSSL_X509* wolfSSL_X509_new(void)
WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
{
WOLFSSL_X509* x509;

x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
DYNAMIC_TYPE_X509);
if (x509 != NULL) {
InitX509(x509, 1, NULL);
InitX509(x509, 1, heap);
}

return x509;
}

WOLFSSL_X509* wolfSSL_X509_new(void)
{
return wolfSSL_X509_new_ex(NULL);
}

WOLFSSL_ABI
WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
{
Expand Down Expand Up @@ -7571,7 +7582,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
#endif
}
else {
localX509 = wolfSSL_X509_d2i(NULL, mem, size);
localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap);
}
if (localX509 == NULL) {
WOLFSSL_MSG("wolfSSL_X509_d2i error");
Expand Down Expand Up @@ -13304,7 +13315,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
#endif

/* Use existing CA retrieval APIs that use DecodedCert. */
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
&& !cert->selfSigned) {
#ifndef NO_SKID
Expand All @@ -13326,8 +13337,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,

#ifdef WOLFSSL_SIGNER_DER_CERT
/* populate issuer with Signer DER */
if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
ca->derCert->length) == NULL)
if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
ca->derCert->length, cm->heap) == NULL)
return WOLFSSL_FAILURE;
#else
/* Create an empty certificate as CA doesn't have a certificate. */
Expand Down Expand Up @@ -13422,7 +13433,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
return NULL;
}

return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
x->heap);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */

Expand Down Expand Up @@ -13792,7 +13804,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,

/* not checking ctx->x509 for null first since app won't have initialized
* this X509V3_CTX before this function call */
ctx->x509 = wolfSSL_X509_new();
ctx->x509 = wolfSSL_X509_new_ex(issuer->heap);
if (!ctx->x509)
return;

Expand Down
9 changes: 5 additions & 4 deletions src/x509_str.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)


int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
WOLF_STACK_OF(WOLFSSL_X509)* sk)
{
int ret = 0;
(void)sk;
Expand All @@ -75,8 +76,8 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
ctx->current_cert = x509;
#else
if(x509 != NULL){
ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
x509->derCert->length);
ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
x509->derCert->length, x509->heap);
if(ctx->current_cert == NULL)
return WOLFSSL_FAILURE;
} else
Expand Down Expand Up @@ -1035,7 +1036,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
return WOLFSSL_FAILURE;

/* tmp ctx for setting our cert manager */
ctx = wolfSSL_CTX_new(cm_pick_method());
ctx = wolfSSL_CTX_new_ex(cm_pick_method(str->cm->heap), str->cm->heap);
if (ctx == NULL)
return WOLFSSL_FAILURE;

Expand Down
6 changes: 3 additions & 3 deletions tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31740,7 +31740,7 @@ static int test_wolfSSL_X509_NAME(void)
XFCLOSE(f);

c = buf;
ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));

/* test cmp function */
ExpectNotNull(a = X509_get_issuer_name(x509));
Expand Down Expand Up @@ -36869,8 +36869,8 @@ static int test_wolfSSL_X509_NID(void)
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */

/* convert cert from DER to internal WOLFSSL_X509 struct */
ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048));
ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048, HEAP_HINT));

/* ------ EXTRACT CERTIFICATE ELEMENTS ------ */

Expand Down
1 change: 1 addition & 0 deletions wolfcrypt/src/ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6071,6 +6071,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
#endif

#ifdef WOLFSSL_HEAP_TEST
(void)heap;
key->heap = (void*)WOLFSSL_HEAP_TEST;
#else
key->heap = heap;
Expand Down
4 changes: 4 additions & 0 deletions wolfssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1681,6 +1681,7 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);

WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
Expand Down Expand Up @@ -2885,6 +2886,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
void* heap);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
Expand Down