mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 06:44:20 +01:00
Introduce helper function to clear peer CRT from session structure
This commit introduces a helper function `ssl_clear_peer_cert()` which frees all data related to the peer's certificate from an `mbedtls_ssl_session` structure. Currently, this is the peer's certificate itself, while eventually, it'll be its digest only.
This commit is contained in:
parent
933b9fc815
commit
22141593e1
@ -6155,6 +6155,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
|
||||
{
|
||||
if( session->peer_cert != NULL )
|
||||
{
|
||||
mbedtls_x509_crt_free( session->peer_cert );
|
||||
mbedtls_free( session->peer_cert );
|
||||
session->peer_cert = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Once the certificate message is read, parse it into a cert chain and
|
||||
* perform basic checks, but leave actual verification to the caller
|
||||
@ -6248,13 +6258,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
|
||||
/* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
|
||||
i += 3;
|
||||
|
||||
/* In case we tried to reuse a session but it failed */
|
||||
if( ssl->session_negotiate->peer_cert != NULL )
|
||||
{
|
||||
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
|
||||
mbedtls_free( ssl->session_negotiate->peer_cert );
|
||||
ssl->session_negotiate->peer_cert = NULL;
|
||||
}
|
||||
/* In case we tried to reuse a session but it failed. */
|
||||
ssl_clear_peer_cert( ssl->session_negotiate );
|
||||
|
||||
/* Iterate through and parse the CRTs in the provided chain. */
|
||||
while( i < ssl->in_hslen )
|
||||
@ -6316,9 +6321,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
|
||||
/* Now we can safely free the original chain. */
|
||||
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
|
||||
mbedtls_free( ssl->session_negotiate->peer_cert );
|
||||
ssl->session_negotiate->peer_cert = NULL;
|
||||
ssl_clear_peer_cert( ssl->session );
|
||||
|
||||
/* Intentional fallthrough. */
|
||||
}
|
||||
@ -10211,11 +10214,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( session->peer_cert != NULL )
|
||||
{
|
||||
mbedtls_x509_crt_free( session->peer_cert );
|
||||
mbedtls_free( session->peer_cert );
|
||||
}
|
||||
ssl_clear_peer_cert( session );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
|
Loading…
Reference in New Issue
Block a user