mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 14:54:15 +01:00
Rework ssl_set_own_cert() internals
This commit is contained in:
parent
120fdbdb3d
commit
8f618a8e65
@ -677,15 +677,9 @@ struct mbedtls_ssl_handshake_params
|
|||||||
size_t psk_len; /*!< Length of PSK from callback */
|
size_t psk_len; /*!< Length of PSK from callback */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||||
* Current key/cert or key/cert list.
|
|
||||||
* On client: pointer to ssl->key_cert, only the first entry used.
|
|
||||||
* On server: starts as a pointer to ssl->key_cert, then becomes
|
|
||||||
* a pointer to the chosen key from this list or the SNI list.
|
|
||||||
*/
|
|
||||||
mbedtls_ssl_key_cert *key_cert;
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
@ -1579,8 +1573,9 @@ void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
|||||||
*
|
*
|
||||||
* \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED
|
* \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
|
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_pk_context *pk_key );
|
mbedtls_x509_crt *own_cert,
|
||||||
|
mbedtls_pk_context *pk_key );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
@ -2355,14 +2350,26 @@ int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp
|
|||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
|
static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
return( ssl->handshake->key_cert == NULL ? NULL
|
mbedtls_ssl_key_cert *key_cert;
|
||||||
: ssl->handshake->key_cert->key );
|
|
||||||
|
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
||||||
|
key_cert = ssl->handshake->key_cert;
|
||||||
|
else
|
||||||
|
key_cert = ssl->conf->key_cert;
|
||||||
|
|
||||||
|
return( key_cert == NULL ? NULL : key_cert->key );
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
return( ssl->handshake->key_cert == NULL ? NULL
|
mbedtls_ssl_key_cert *key_cert;
|
||||||
: ssl->handshake->key_cert->cert );
|
|
||||||
|
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
||||||
|
key_cert = ssl->handshake->key_cert;
|
||||||
|
else
|
||||||
|
key_cert = ssl->conf->key_cert;
|
||||||
|
|
||||||
|
return( key_cert == NULL ? NULL : key_cert->cert );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -875,7 +875,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||||||
list = ssl->handshake->sni_key_cert;
|
list = ssl->handshake->sni_key_cert;
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
list = ssl->handshake->key_cert;
|
list = ssl->conf->key_cert;
|
||||||
|
|
||||||
if( pk_alg == MBEDTLS_PK_NONE )
|
if( pk_alg == MBEDTLS_PK_NONE )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -943,7 +943,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||||||
cur = fallback;
|
cur = fallback;
|
||||||
|
|
||||||
|
|
||||||
/* Do not update ssl->handshake->key_cert unless the is a match */
|
/* Do not update ssl->handshake->key_cert unless there is a match */
|
||||||
if( cur != NULL )
|
if( cur != NULL )
|
||||||
{
|
{
|
||||||
ssl->handshake->key_cert = cur;
|
ssl->handshake->key_cert = cur;
|
||||||
|
@ -4901,10 +4901,6 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||||||
ssl_transform_init( ssl->transform_negotiate );
|
ssl_transform_init( ssl->transform_negotiate );
|
||||||
ssl_handshake_params_init( ssl->handshake );
|
ssl_handshake_params_init( ssl->handshake );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
|
||||||
ssl->handshake->key_cert = ssl->conf->key_cert;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We may not know yet if we're using DTLS,
|
* We may not know yet if we're using DTLS,
|
||||||
* so always initiliase DTLS-specific fields.
|
* so always initiliase DTLS-specific fields.
|
||||||
@ -5309,33 +5305,42 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/* Add a new (empty) key_cert entry an return a pointer to it */
|
/* Append a new keycert entry to a (possibly empty) list */
|
||||||
static mbedtls_ssl_key_cert *ssl_add_key_cert( mbedtls_ssl_context *ssl )
|
static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
|
||||||
|
mbedtls_x509_crt *cert,
|
||||||
|
mbedtls_pk_context *key )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_key_cert *key_cert, *last;
|
mbedtls_ssl_key_cert *new;
|
||||||
|
|
||||||
key_cert = mbedtls_malloc( sizeof(mbedtls_ssl_key_cert) );
|
new = mbedtls_malloc( sizeof( mbedtls_ssl_key_cert ) );
|
||||||
if( key_cert == NULL )
|
if( new == NULL )
|
||||||
return( NULL );
|
return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
|
||||||
|
|
||||||
memset( key_cert, 0, sizeof( mbedtls_ssl_key_cert ) );
|
new->cert = cert;
|
||||||
|
new->key = key;
|
||||||
|
new->next = NULL;
|
||||||
|
|
||||||
/* Append the new key_cert to the (possibly empty) current list */
|
/* Update head is the list was null, else add to the end */
|
||||||
if( ssl->conf->key_cert == NULL )
|
if( *head == NULL )
|
||||||
{
|
{
|
||||||
ssl->conf->key_cert = key_cert;
|
*head = new;
|
||||||
if( ssl->handshake != NULL )
|
|
||||||
ssl->handshake->key_cert = key_cert;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
last = ssl->conf->key_cert;
|
mbedtls_ssl_key_cert *cur = *head;
|
||||||
while( last->next != NULL )
|
while( cur->next != NULL )
|
||||||
last = last->next;
|
cur = cur->next;
|
||||||
last->next = key_cert;
|
cur->next = new;
|
||||||
}
|
}
|
||||||
|
|
||||||
return( key_cert );
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl,
|
||||||
|
mbedtls_x509_crt *own_cert,
|
||||||
|
mbedtls_pk_context *pk_key )
|
||||||
|
{
|
||||||
|
return( ssl_append_key_cert( &ssl->conf->key_cert, own_cert, pk_key ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
||||||
@ -5345,20 +5350,6 @@ void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
|||||||
conf->ca_chain = ca_chain;
|
conf->ca_chain = ca_chain;
|
||||||
conf->ca_crl = ca_crl;
|
conf->ca_crl = ca_crl;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
|
|
||||||
mbedtls_pk_context *pk_key )
|
|
||||||
{
|
|
||||||
mbedtls_ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
|
|
||||||
|
|
||||||
if( key_cert == NULL )
|
|
||||||
return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
|
|
||||||
|
|
||||||
key_cert->cert = own_cert;
|
|
||||||
key_cert->key = pk_key;
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
|
Loading…
Reference in New Issue
Block a user