yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 00:15:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rework ssl_set_own_cert() internals

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-10 21:13:36 +02:00
parent 120fdbdb3d
commit 8f618a8e65
3 changed files with 49 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
include/mbedtls/ssl.h
View File

@ -677,15 +677,9 @@ struct mbedtls_ssl_handshake_params
size_t psk_len; /*!< Length of PSK from callback */ size_t psk_len; /*!< Length of PSK from callback */
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
* Current key/cert or key/cert list.
* On client: pointer to ssl->key_cert, only the first entry used.
* On server: starts as a pointer to ssl->key_cert, then becomes
* a pointer to the chosen key from this list or the SNI list.
*/
mbedtls_ssl_key_cert *key_cert;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
#endif #endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1579,8 +1573,9 @@ void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
* *
* \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED * \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED
*/ */
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl,
mbedtls_pk_context *pk_key ); mbedtls_x509_crt *own_cert,
mbedtls_pk_context *pk_key );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -2355,14 +2350,26 @@ int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
{ {
return( ssl->handshake->key_cert == NULL ? NULL mbedtls_ssl_key_cert *key_cert;
: ssl->handshake->key_cert->key );
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
key_cert = ssl->handshake->key_cert;
else
key_cert = ssl->conf->key_cert;
return( key_cert == NULL ? NULL : key_cert->key );
} }
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
{ {
return( ssl->handshake->key_cert == NULL ? NULL mbedtls_ssl_key_cert *key_cert;
: ssl->handshake->key_cert->cert );
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
key_cert = ssl->handshake->key_cert;
else
key_cert = ssl->conf->key_cert;
return( key_cert == NULL ? NULL : key_cert->cert );
} }
/* /*

4
library/ssl_srv.c
View File

@ -875,7 +875,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
list = ssl->handshake->sni_key_cert; list = ssl->handshake->sni_key_cert;
else else
#endif #endif
list = ssl->handshake->key_cert; list = ssl->conf->key_cert;
if( pk_alg == MBEDTLS_PK_NONE ) if( pk_alg == MBEDTLS_PK_NONE )
return( 0 ); return( 0 );
@ -943,7 +943,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
cur = fallback; cur = fallback;
/* Do not update ssl->handshake->key_cert unless the is a match */ /* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL ) if( cur != NULL )
{ {
ssl->handshake->key_cert = cur; ssl->handshake->key_cert = cur;

61
library/ssl_tls.c
View File

@ -4901,10 +4901,6 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
ssl_transform_init( ssl->transform_negotiate ); ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake ); ssl_handshake_params_init( ssl->handshake );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
ssl->handshake->key_cert = ssl->conf->key_cert;
#endif
/* /*
* We may not know yet if we're using DTLS, * We may not know yet if we're using DTLS,
* so always initiliase DTLS-specific fields. * so always initiliase DTLS-specific fields.
@ -5309,33 +5305,42 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/* Add a new (empty) key_cert entry an return a pointer to it */ /* Append a new keycert entry to a (possibly empty) list */
static mbedtls_ssl_key_cert *ssl_add_key_cert( mbedtls_ssl_context *ssl ) static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
mbedtls_x509_crt *cert,
mbedtls_pk_context *key )
{ {
mbedtls_ssl_key_cert *key_cert, *last; mbedtls_ssl_key_cert *new;
key_cert = mbedtls_malloc( sizeof(mbedtls_ssl_key_cert) ); new = mbedtls_malloc( sizeof( mbedtls_ssl_key_cert ) );
if( key_cert == NULL ) if( new == NULL )
return( NULL ); return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
memset( key_cert, 0, sizeof( mbedtls_ssl_key_cert ) ); new->cert = cert;
new->key = key;
new->next = NULL;
/* Append the new key_cert to the (possibly empty) current list */ /* Update head is the list was null, else add to the end */
if( ssl->conf->key_cert == NULL ) if( *head == NULL )
{ {
ssl->conf->key_cert = key_cert; *head = new;
if( ssl->handshake != NULL )
ssl->handshake->key_cert = key_cert;
} }
else else
{ {
last = ssl->conf->key_cert; mbedtls_ssl_key_cert *cur = *head;
while( last->next != NULL ) while( cur->next != NULL )
last = last->next; cur = cur->next;
last->next = key_cert; cur->next = new;
} }
return( key_cert ); return( 0 );
}
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *own_cert,
mbedtls_pk_context *pk_key )
{
return( ssl_append_key_cert( &ssl->conf->key_cert, own_cert, pk_key ) );
} }
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf, void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
@ -5345,20 +5350,6 @@ void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
conf->ca_chain = ca_chain; conf->ca_chain = ca_chain;
conf->ca_crl = ca_crl; conf->ca_crl = ca_crl;
} }
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
mbedtls_pk_context *pk_key )
{
mbedtls_ssl_key_cert *key_cert = ssl_add_key_cert( ssl );
if( key_cert == NULL )
return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
key_cert->cert = own_cert;
key_cert->key = pk_key;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)