From 665fc2cedafe3fa204c4c10f50364bec74e7226c Mon Sep 17 00:00:00 2001 From: Keeyou Date: Tue, 23 Jan 2024 11:08:55 +0800 Subject: [PATCH] ssl: use X509_parse_from_buffer --- src/net/asio.cpp | 16 ++++++++++------ src/net/x509_util.cpp | 6 ++++++ src/net/x509_util.hpp | 3 +++ 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/net/asio.cpp b/src/net/asio.cpp index 0c1f62487..5492bc8bf 100644 --- a/src/net/asio.cpp +++ b/src/net/asio.cpp @@ -5,6 +5,7 @@ #include "core/utils.hpp" #include "config/config.hpp" +#include "net/x509_util.hpp" #include #include @@ -84,9 +85,8 @@ static void print_openssl_error() { } #ifdef HAVE_BUILTIN_CA_BUNDLE_CRT -static bool load_ca_to_x509_trust(X509_STORE* store, const uint8_t *data, size_t len) { - bssl::UniquePtr bio(BIO_new(BIO_s_mem())); - BIO_write(bio.get(), data, len); +static bool load_ca_to_x509_trust(X509_STORE* store, const char *data, size_t len) { + bssl::UniquePtr bio(BIO_new_mem_buf(data, len)); bssl::UniquePtr cert(PEM_read_bio_X509(bio.get(), nullptr, 0, nullptr)); if (!cert) { print_openssl_error(); @@ -127,7 +127,7 @@ static int load_ca_to_ssl_ctx_from_mem(SSL_CTX* ssl_ctx, const std::string_view& end += sizeof(kEndCertificateMark) -1; std::string_view cacert(cadata.data() + pos, end - pos); - if (load_ca_to_x509_trust(store, (const uint8_t*)cacert.data(), cacert.size())) { + if (load_ca_to_x509_trust(store, cacert.data(), cacert.size())) { ++count; } } @@ -275,7 +275,9 @@ static int load_ca_to_ssl_ctx_system(SSL_CTX* ssl_ctx) { while((cert = CertEnumCertificatesInStore(cert_store, cert))) { const char* data = (const char *)cert->pbCertEncoded; size_t len = cert->cbCertEncoded; - bssl::UniquePtr cert(d2i_X509(nullptr, (const unsigned char**)&data, len)); + bssl::UniquePtr buffer = net::x509_util::CreateCryptoBuffer( + std::string_view(data, len)); + bssl::UniquePtr cert(X509_parse_from_buffer(buffer.get())); if (!cert) { print_openssl_error(); continue; @@ -346,7 +348,9 @@ static int load_ca_to_ssl_ctx_system(SSL_CTX* ssl_ctx) { } else { const char* data = (const char *)CFDataGetBytePtr(data_ref); CFIndex len = CFDataGetLength(data_ref); - bssl::UniquePtr cert(d2i_X509(nullptr, (const unsigned char**)&data, len)); + bssl::UniquePtr buffer = net::x509_util::CreateCryptoBuffer( + std::string_view(data, len)); + bssl::UniquePtr cert(X509_parse_from_buffer(buffer.get())); if (!cert) { print_openssl_error(); continue; diff --git a/src/net/x509_util.cpp b/src/net/x509_util.cpp index 2990965c1..ebaef4d5b 100644 --- a/src/net/x509_util.cpp +++ b/src/net/x509_util.cpp @@ -24,4 +24,10 @@ CRYPTO_BUFFER_POOL* GetBufferPool() { return g_buffer_pool_singleton.pool(); } +bssl::UniquePtr CreateCryptoBuffer(std::string_view data) { + return bssl::UniquePtr( + CRYPTO_BUFFER_new(reinterpret_cast(data.data()), + data.size(), GetBufferPool())); +} + } // namespace net::x509_util diff --git a/src/net/x509_util.hpp b/src/net/x509_util.hpp index e80e91a96..a50a52256 100644 --- a/src/net/x509_util.hpp +++ b/src/net/x509_util.hpp @@ -4,6 +4,7 @@ #ifndef H_NET_X509_UTIL #define H_NET_X509_UTIL +#include #include #include @@ -12,6 +13,8 @@ namespace net::x509_util { // Returns a CRYPTO_BUFFER_POOL for deduplicating certificates. CRYPTO_BUFFER_POOL* GetBufferPool(); +bssl::UniquePtr CreateCryptoBuffer(std::string_view data); + } // namespace net::x509_util #endif // H_NET_X509_UTIL