Update WolfSSL library to the latest version.

This commit is contained in:
Richard Barry 2015-08-28 13:46:22 +00:00
parent 8af1ad9bac
commit 5a6242fbd0
443 changed files with 70230 additions and 45414 deletions

View file

@ -1,15 +1,15 @@
/* ocsp.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of CyaSSL.
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* CyaSSL is free software; you can redistribute it and/or modify
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@ -19,22 +19,24 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Name change compatibility layer no longer needs to be included here */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_OCSP
#include <cyassl/error-ssl.h>
#include <cyassl/ocsp.h>
#include <cyassl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/ocsp.h>
#include <wolfssl/internal.h>
int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
{
CYASSL_ENTER("InitOCSP");
WOLFSSL_ENTER("InitOCSP");
XMEMSET(ocsp, 0, sizeof(*ocsp));
ocsp->cm = cm;
if (InitMutex(&ocsp->ocspLock) != 0)
@ -46,7 +48,7 @@ int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
{
CYASSL_ENTER("InitOCSP_Entry");
WOLFSSL_ENTER("InitOCSP_Entry");
XMEMSET(ocspe, 0, sizeof(*ocspe));
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
@ -60,7 +62,7 @@ static void FreeOCSP_Entry(OCSP_Entry* ocspe)
{
CertStatus* tmp = ocspe->status;
CYASSL_ENTER("FreeOCSP_Entry");
WOLFSSL_ENTER("FreeOCSP_Entry");
while (tmp) {
CertStatus* next = tmp->next;
@ -70,11 +72,11 @@ static void FreeOCSP_Entry(OCSP_Entry* ocspe)
}
void FreeOCSP(CYASSL_OCSP* ocsp, int dynamic)
void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
{
OCSP_Entry* tmp = ocsp->ocspList;
CYASSL_ENTER("FreeOCSP");
WOLFSSL_ENTER("FreeOCSP");
while (tmp) {
OCSP_Entry* next = tmp->next;
@ -102,24 +104,30 @@ static int xstat2err(int stat)
}
int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert)
{
byte* ocspReqBuf = NULL;
int ocspReqSz = 2048;
byte* ocspRespBuf = NULL;
OcspRequest ocspRequest;
OcspResponse ocspResponse;
int result = -1;
OCSP_Entry* ocspe;
CertStatus* certStatus = NULL;
CertStatus newStatus;
const char *url;
int urlSz;
#ifdef WOLFSSL_SMALL_STACK
CertStatus* newStatus;
OcspRequest* ocspRequest;
OcspResponse* ocspResponse;
#else
CertStatus newStatus[1];
OcspRequest ocspRequest[1];
OcspResponse ocspResponse[1];
#endif
CYASSL_ENTER("CheckCertOCSP");
WOLFSSL_ENTER("CheckCertOCSP");
if (LockMutex(&ocsp->ocspLock) != 0) {
CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
@ -143,7 +151,7 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
}
else {
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
}
@ -164,12 +172,12 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
(certStatus->nextDate[0] == 0) ||
!ValidateDate(certStatus->nextDate,
certStatus->nextDateFormat, AFTER)) {
CYASSL_MSG("\tinvalid status date, looking up cert");
WOLFSSL_MSG("\tinvalid status date, looking up cert");
}
else {
result = xstat2err(certStatus->status);
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", result);
WOLFSSL_LEAVE("CheckCertOCSP", result);
return result;
}
}
@ -194,41 +202,62 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
if (ocspReqBuf == NULL) {
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
#ifdef WOLFSSL_SMALL_STACK
newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (newStatus == NULL || ocspRequest == NULL || ocspResponse == NULL) {
if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ocspRequest) XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_E;
}
#endif
InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
ocspReqBuf, ocspReqSz);
ocspReqSz = EncodeOcspRequest(&ocspRequest);
ocspReqSz = EncodeOcspRequest(ocspRequest);
if (ocsp->cm->ocspIOCb)
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
ocspReqBuf, ocspReqSz, &ocspRespBuf);
if (result >= 0 && ocspRespBuf) {
XMEMSET(&newStatus, 0, sizeof(CertStatus));
XMEMSET(newStatus, 0, sizeof(CertStatus));
InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result);
OcspResponseDecode(&ocspResponse);
InitOcspResponse(ocspResponse, newStatus, ocspRespBuf, result);
OcspResponseDecode(ocspResponse);
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL)
if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
result = OCSP_LOOKUP_FAIL;
else {
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) {
result = xstat2err(ocspResponse.status->status);
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
result = xstat2err(ocspResponse->status->status);
if (LockMutex(&ocsp->ocspLock) != 0)
result = BAD_MUTEX_E;
else {
if (certStatus != NULL)
/* Replace existing certificate entry with updated */
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
else {
/* Save new certificate entry */
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (certStatus != NULL) {
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
certStatus->next = ocspe->status;
ocspe->status = certStatus;
ocspe->totalStatus++;
@ -245,13 +274,18 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
else
result = OCSP_LOOKUP_FAIL;
if (ocspReqBuf != NULL)
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
CYASSL_LEAVE("CheckCertOCSP", result);
WOLFSSL_LEAVE("CheckCertOCSP", result);
return result;
}