mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-10-17 18:27:47 -04:00
Update WolfSSL library to the latest version.
This commit is contained in:
parent
8af1ad9bac
commit
5a6242fbd0
443 changed files with 70230 additions and 45414 deletions
|
@ -1,15 +1,15 @@
|
|||
/* ocsp.c
|
||||
*
|
||||
* Copyright (C) 2006-2014 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2015 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of CyaSSL.
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* CyaSSL is free software; you can redistribute it and/or modify
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* CyaSSL is distributed in the hope that it will be useful,
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
@ -19,22 +19,24 @@
|
|||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
/* Name change compatibility layer no longer needs to be included here */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <cyassl/ctaocrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
|
||||
#include <cyassl/error-ssl.h>
|
||||
#include <cyassl/ocsp.h>
|
||||
#include <cyassl/internal.h>
|
||||
#include <wolfssl/error-ssl.h>
|
||||
#include <wolfssl/ocsp.h>
|
||||
#include <wolfssl/internal.h>
|
||||
|
||||
|
||||
int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
|
||||
int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
|
||||
{
|
||||
CYASSL_ENTER("InitOCSP");
|
||||
WOLFSSL_ENTER("InitOCSP");
|
||||
XMEMSET(ocsp, 0, sizeof(*ocsp));
|
||||
ocsp->cm = cm;
|
||||
if (InitMutex(&ocsp->ocspLock) != 0)
|
||||
|
@ -46,7 +48,7 @@ int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
|
|||
|
||||
static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
|
||||
{
|
||||
CYASSL_ENTER("InitOCSP_Entry");
|
||||
WOLFSSL_ENTER("InitOCSP_Entry");
|
||||
|
||||
XMEMSET(ocspe, 0, sizeof(*ocspe));
|
||||
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
|
||||
|
@ -60,7 +62,7 @@ static void FreeOCSP_Entry(OCSP_Entry* ocspe)
|
|||
{
|
||||
CertStatus* tmp = ocspe->status;
|
||||
|
||||
CYASSL_ENTER("FreeOCSP_Entry");
|
||||
WOLFSSL_ENTER("FreeOCSP_Entry");
|
||||
|
||||
while (tmp) {
|
||||
CertStatus* next = tmp->next;
|
||||
|
@ -70,11 +72,11 @@ static void FreeOCSP_Entry(OCSP_Entry* ocspe)
|
|||
}
|
||||
|
||||
|
||||
void FreeOCSP(CYASSL_OCSP* ocsp, int dynamic)
|
||||
void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
|
||||
{
|
||||
OCSP_Entry* tmp = ocsp->ocspList;
|
||||
|
||||
CYASSL_ENTER("FreeOCSP");
|
||||
WOLFSSL_ENTER("FreeOCSP");
|
||||
|
||||
while (tmp) {
|
||||
OCSP_Entry* next = tmp->next;
|
||||
|
@ -102,24 +104,30 @@ static int xstat2err(int stat)
|
|||
}
|
||||
|
||||
|
||||
int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
||||
int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert)
|
||||
{
|
||||
byte* ocspReqBuf = NULL;
|
||||
int ocspReqSz = 2048;
|
||||
byte* ocspRespBuf = NULL;
|
||||
OcspRequest ocspRequest;
|
||||
OcspResponse ocspResponse;
|
||||
int result = -1;
|
||||
OCSP_Entry* ocspe;
|
||||
CertStatus* certStatus = NULL;
|
||||
CertStatus newStatus;
|
||||
const char *url;
|
||||
int urlSz;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
CertStatus* newStatus;
|
||||
OcspRequest* ocspRequest;
|
||||
OcspResponse* ocspResponse;
|
||||
#else
|
||||
CertStatus newStatus[1];
|
||||
OcspRequest ocspRequest[1];
|
||||
OcspResponse ocspResponse[1];
|
||||
#endif
|
||||
|
||||
CYASSL_ENTER("CheckCertOCSP");
|
||||
WOLFSSL_ENTER("CheckCertOCSP");
|
||||
|
||||
if (LockMutex(&ocsp->ocspLock) != 0) {
|
||||
CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
|
||||
|
@ -143,7 +151,7 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||
}
|
||||
else {
|
||||
UnLockMutex(&ocsp->ocspLock);
|
||||
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||
return MEMORY_ERROR;
|
||||
}
|
||||
}
|
||||
|
@ -164,12 +172,12 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||
(certStatus->nextDate[0] == 0) ||
|
||||
!ValidateDate(certStatus->nextDate,
|
||||
certStatus->nextDateFormat, AFTER)) {
|
||||
CYASSL_MSG("\tinvalid status date, looking up cert");
|
||||
WOLFSSL_MSG("\tinvalid status date, looking up cert");
|
||||
}
|
||||
else {
|
||||
result = xstat2err(certStatus->status);
|
||||
UnLockMutex(&ocsp->ocspLock);
|
||||
CYASSL_LEAVE("CheckCertOCSP", result);
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", result);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
@ -194,41 +202,62 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||
|
||||
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (ocspReqBuf == NULL) {
|
||||
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||
return MEMORY_ERROR;
|
||||
}
|
||||
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (newStatus == NULL || ocspRequest == NULL || ocspResponse == NULL) {
|
||||
if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (ocspRequest) XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
|
||||
ocspReqBuf, ocspReqSz);
|
||||
ocspReqSz = EncodeOcspRequest(&ocspRequest);
|
||||
ocspReqSz = EncodeOcspRequest(ocspRequest);
|
||||
|
||||
if (ocsp->cm->ocspIOCb)
|
||||
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
|
||||
ocspReqBuf, ocspReqSz, &ocspRespBuf);
|
||||
|
||||
if (result >= 0 && ocspRespBuf) {
|
||||
XMEMSET(&newStatus, 0, sizeof(CertStatus));
|
||||
XMEMSET(newStatus, 0, sizeof(CertStatus));
|
||||
|
||||
InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result);
|
||||
OcspResponseDecode(&ocspResponse);
|
||||
InitOcspResponse(ocspResponse, newStatus, ocspRespBuf, result);
|
||||
OcspResponseDecode(ocspResponse);
|
||||
|
||||
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL)
|
||||
if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
|
||||
result = OCSP_LOOKUP_FAIL;
|
||||
else {
|
||||
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) {
|
||||
result = xstat2err(ocspResponse.status->status);
|
||||
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
|
||||
result = xstat2err(ocspResponse->status->status);
|
||||
|
||||
if (LockMutex(&ocsp->ocspLock) != 0)
|
||||
result = BAD_MUTEX_E;
|
||||
else {
|
||||
if (certStatus != NULL)
|
||||
/* Replace existing certificate entry with updated */
|
||||
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
|
||||
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
|
||||
else {
|
||||
/* Save new certificate entry */
|
||||
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
|
||||
NULL, DYNAMIC_TYPE_OCSP_STATUS);
|
||||
if (certStatus != NULL) {
|
||||
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
|
||||
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
|
||||
certStatus->next = ocspe->status;
|
||||
ocspe->status = certStatus;
|
||||
ocspe->totalStatus++;
|
||||
|
@ -245,13 +274,18 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||
else
|
||||
result = OCSP_LOOKUP_FAIL;
|
||||
|
||||
if (ocspReqBuf != NULL)
|
||||
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
||||
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
|
||||
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
|
||||
|
||||
CYASSL_LEAVE("CheckCertOCSP", result);
|
||||
WOLFSSL_LEAVE("CheckCertOCSP", result);
|
||||
return result;
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue