yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:05:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make use of acquire/release in ssl_get_ecdh_params_from_cert()

Browse Source
This commit is contained in:
Hanno Becker 2019-02-28 14:03:20 +00:00
parent 0c1681685c
commit 39ae65cf73
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
library/ssl_cli.c
View File

@ -2467,13 +2467,22 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
ret = mbedtls_x509_crt_pk_acquire( ssl->session_negotiate->peer_cert,
&peer_pk );
if( ret != 0 )
{
/* Should never happen */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
goto cleanup;
}
peer_key = mbedtls_pk_ec( *peer_pk );
@ -2482,21 +2491,26 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
MBEDTLS_ECDH_THEIRS ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
return( ret );
goto cleanup;
}
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
goto cleanup;
}
cleanup:
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
* operations like ECDHE. */
mbedtls_pk_free( peer_pk );
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#else
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );
}