#include <unistd.h>
#endif
-
/**
* @def MBED_TLS_VERSION_LEN
* @brief mbedTLS version string length
{MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
};
-static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
-
typedef struct {
int code;
unsigned char alert;
return ret;
}
+/**
+ * Deinit Pki Info
+ *
+ * @param[out] inf structure with certificate, private key and crl to be free.
+ *
+ */
+static void DeInitPkixInfo(PkiInfo_t * inf)
+{
+ OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
+ if (NULL == inf)
+ {
+ OIC_LOG(ERROR, NET_SSL_TAG, "NULL passed");
+ OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
+ return;
+ }
+
+ DEINIT_BYTE_ARRAY(inf->crt);
+ DEINIT_BYTE_ARRAY(inf->key);
+ DEINIT_BYTE_ARRAY(inf->ca);
+ DEINIT_BYTE_ARRAY(inf->crl);
+
+ OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
+}
+
//Loads PKIX related information from SRM
static int InitPKIX(CATransportAdapter_t adapter)
{
OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
// load pk key, cert, trust chain and crl
+ PkiInfo_t pkiInfo = {
+ BYTE_ARRAY_INITIALIZER,
+ BYTE_ARRAY_INITIALIZER,
+ BYTE_ARRAY_INITIALIZER,
+ BYTE_ARRAY_INITIALIZER
+ };
+
if (g_getPkixInfoCallback)
{
- g_getPkixInfoCallback(&g_pkiInfo);
+ g_getPkixInfoCallback(&pkiInfo);
}
VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
// optional
int ret;
int errNum;
- int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
+ int count = ParseChain(&g_caSslContext->crt, pkiInfo.crt.data, pkiInfo.crt.len, &errNum);
if (0 >= count)
{
OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
goto required;
}
- ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
+ ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, pkiInfo.key.data, pkiInfo.key.len,
NULL, 0);
if (0 != ret)
{
}
required:
- count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
+ count = ParseChain(&g_caSslContext->ca, pkiInfo.ca.data, pkiInfo.ca.len, &errNum);
if(0 >= count)
{
OIC_LOG(ERROR, NET_SSL_TAG, "CA chain parsing error");
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
+ DeInitPkixInfo(&pkiInfo);
return -1;
}
if(0 != errNum)
OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
}
- ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
+ ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, pkiInfo.crl.data, pkiInfo.crl.len);
if(0 != ret)
{
OIC_LOG(WARNING, NET_SSL_TAG, "CRL parsing error");
&g_caSslContext->ca, &g_caSslContext->crl);
}
+ DeInitPkixInfo(&pkiInfo);
+
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return 0;
}
/* If UUID_PREFIX is present, ensure there's enough data for the prefix plus an entire
* UUID, to make sure we don't read past the end of the buffer.
*/
- if ((NULL != uuidPos) &&
+ if ((NULL != uuidPos) &&
(name->val.len >= ((uuidPos - name->val.p) + (sizeof(UUID_PREFIX) - 1) + uuidBufLen)))
{
memcpy(uuid, uuidPos + sizeof(UUID_PREFIX) - 1, uuidBufLen);
static void infoCallback_that_loads_x509(PkiInfo_t * inf)
{
- inf->crt.data = (uint8_t*)serverCert;
inf->crt.len = sizeof(serverCert);
- inf->key.data = (uint8_t*)serverPrivateKey;
+ inf->crt.data = (uint8_t*)OICMalloc(inf->crt.len);
+ ASSERT_TRUE(inf->crt.data != NULL);
+ memcpy(inf->crt.data, serverCert, inf->crt.len);
+
inf->key.len = sizeof(serverPrivateKey);
- inf->ca.data = (uint8_t*)caCert;
+ inf->key.data = (uint8_t*)OICMalloc(inf->key.len);
+ ASSERT_TRUE(inf->key.data != NULL);
+ memcpy(inf->key.data, serverPrivateKey, inf->key.len);
+
+
inf->ca.len = sizeof(caCert);
+ inf->ca.data = (uint8_t*)OICMalloc(inf->ca.len);
+ ASSERT_TRUE(inf->ca.data != NULL);
+ memcpy(inf->ca.data, caCert, inf->ca.len);
+
+
inf->crl.data = NULL;
inf->crl.len = 0;
}