yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 12:24:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Introduce helper function to clear peer CRT from session structure

Browse Source 
This commit introduces a helper function `ssl_clear_peer_cert()`
which frees all data related to the peer's certificate from an
`mbedtls_ssl_session` structure. Currently, this is the peer's
certificate itself, while eventually, it'll be its digest only.
This commit is contained in:
Hanno Becker 2019-02-05 12:38:15 +00:00
parent 933b9fc815
commit 22141593e1
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
library/ssl_tls.c
View File

@ -6155,6 +6155,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
{
if( session->peer_cert != NULL )
{
mbedtls_x509_crt_free( session->peer_cert );
mbedtls_free( session->peer_cert );
session->peer_cert = NULL;
}
}
/* /*
* Once the certificate message is read, parse it into a cert chain and * Once the certificate message is read, parse it into a cert chain and
* perform basic checks, but leave actual verification to the caller * perform basic checks, but leave actual verification to the caller
@ -6248,13 +6258,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
/* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
i += 3; i += 3;
/* In case we tried to reuse a session but it failed */ /* In case we tried to reuse a session but it failed. */
if( ssl->session_negotiate->peer_cert != NULL ) ssl_clear_peer_cert( ssl->session_negotiate );
{
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
mbedtls_free( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert = NULL;
}
/* Iterate through and parse the CRTs in the provided chain. */ /* Iterate through and parse the CRTs in the provided chain. */
while( i < ssl->in_hslen ) while( i < ssl->in_hslen )
@ -6316,9 +6321,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
} }
/* Now we can safely free the original chain. */ /* Now we can safely free the original chain. */
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); ssl_clear_peer_cert( ssl->session );
mbedtls_free( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert = NULL;
/* Intentional fallthrough. */ /* Intentional fallthrough. */
} }
@ -10211,11 +10214,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
return; return;
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( session->peer_cert != NULL ) ssl_clear_peer_cert( session );
{
mbedtls_x509_crt_free( session->peer_cert );
mbedtls_free( session->peer_cert );
}
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)