components/openssl: SSL load verify data from itself structure when "new"

2024-10-05 20:47:46 -04:00 · 2016-09-22 16:41:51 +08:00 · 2016-09-22 16:41:51 +08:00 · f796b4e58e
commit f796b4e58e
parent fa6f03f77f
5 changed files with 28 additions and 6 deletions
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@ -99,6 +99,8 @@ struct stack_st {

 struct evp_pkey_st {

+    int ref;
+
    void *pkey_pm;

    const PKEY_METHOD *method;
@ -106,6 +108,8 @@ struct evp_pkey_st {

 struct x509_st {

+    int ref;
+
    /* X509 certification platform private point */
    void *x509_pm;

--- a/components/openssl/library/ssl_lib.c
+++ b/components/openssl/library/ssl_lib.c
@ -282,6 +282,9 @@ SSL *SSL_new(SSL_CTX *ctx)
    ssl->version = ctx->version;
    ssl->options = ctx->options;

+    ssl->cert = ctx->cert;
+    ssl->client_CA = ctx->client_CA;
+
    ret = SSL_METHOD_CALL(new, ssl);
    if (ret)
        SSL_RET(failed2, "ssl_new\n");
--- a/components/openssl/library/ssl_pkey.c
+++ b/components/openssl/library/ssl_pkey.c
@ -177,6 +177,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
    if (!ret)
        SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");

+    ctx->cert->pkey->ref++;
+
    return 1;

 failed2:
@ -203,7 +205,10 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
    int ret;
    EVP_PKEY *pkey;

-    pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len);
+    if (ssl->cert->pkey->ref)
+        SSL_RET(failed1);
+
+    pkey = d2i_PrivateKey(0, NULL, &d, len);
    if (!pkey)
        SSL_RET(failed1, "d2i_PrivateKey\n");

@ -211,6 +216,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
    if (!ret)
        SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");

+    ssl->cert->pkey->ref++;
+
    return 1;

 failed2:
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@ -85,7 +85,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
    } else {
        x = X509_new();
        if (!x)
-            SSL_RET(failed1, "sk_X509_NAME_new_null\n");
+            SSL_RET(failed1, "X509_new\n");
        m = 1;
    }

@ -218,6 +218,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
 {
    int ret;
    X509 *cert;
+    const unsigned char *pbuf;

    cert = d2i_X509(&ctx->cert->x509, d, len);
    if (!cert)
@ -227,6 +228,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
    if (!ret)
        SSL_RET(failed2, "SSL_CTX_use_certificate\n");

+    ctx->cert->x509->ref++;
+
    return 1;

 failed2:
@ -252,7 +255,10 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
    int ret;
    X509 *cert;

-    cert = d2i_X509(&ssl->cert->x509, d, len);
+    if (ssl->cert->x509->ref)
+        SSL_RET(failed1);
+
+    cert = d2i_X509(NULL, d, len);
    if (!cert)
        SSL_RET(failed1, "d2i_X509\n");

@ -260,6 +266,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
    if (!ret)
        SSL_RET(failed2, "SSL_use_certificate\n");

+    ssl->cert->x509->ref++;
+
    return 1;

 failed2:
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@ -120,7 +120,7 @@ int ssl_pm_new(SSL *ssl)

    mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);

-    x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm;
+    x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
    if (x509_pm->load) {
        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);

@ -130,9 +130,9 @@ int ssl_pm_new(SSL *ssl)
    }
    mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);

-    pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm;
+    pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
    if (pkey_pm->load) {
-        x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm;
+        x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;

        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
        if (ret)