alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

components/openssl: SSL load verify data from itself structure when "new"

Browse Source
This commit is contained in:
dongheng 2016-09-22 16:41:51 +08:00
parent fa6f03f77f
commit f796b4e58e
5 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
components/openssl/include/internal/ssl_types.h
View File

@ -99,6 +99,8 @@ struct stack_st {
struct evp_pkey_st { struct evp_pkey_st {
int ref;
void *pkey_pm; void *pkey_pm;
const PKEY_METHOD *method; const PKEY_METHOD *method;
@ -106,6 +108,8 @@ struct evp_pkey_st {
struct x509_st { struct x509_st {
int ref;
/* X509 certification platform private point */ /* X509 certification platform private point */
void *x509_pm; void *x509_pm;

3
components/openssl/library/ssl_lib.c
View File

@ -282,6 +282,9 @@ SSL *SSL_new(SSL_CTX *ctx)
ssl->version = ctx->version; ssl->version = ctx->version;
ssl->options = ctx->options; ssl->options = ctx->options;
ssl->cert = ctx->cert;
ssl->client_CA = ctx->client_CA;
ret = SSL_METHOD_CALL(new, ssl); ret = SSL_METHOD_CALL(new, ssl);
if (ret) if (ret)
SSL_RET(failed2, "ssl_new\n"); SSL_RET(failed2, "ssl_new\n");

9
components/openssl/library/ssl_pkey.c
View File

@ -177,6 +177,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
if (!ret) if (!ret)
SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
ctx->cert->pkey->ref++;
return 1; return 1;
failed2: failed2:
@ -203,7 +205,10 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
int ret; int ret;
EVP_PKEY *pkey; EVP_PKEY *pkey;
pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); if (ssl->cert->pkey->ref)
SSL_RET(failed1);
pkey = d2i_PrivateKey(0, NULL, &d, len);
if (!pkey) if (!pkey)
SSL_RET(failed1, "d2i_PrivateKey\n"); SSL_RET(failed1, "d2i_PrivateKey\n");
@ -211,6 +216,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
if (!ret) if (!ret)
SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
ssl->cert->pkey->ref++;
return 1; return 1;
failed2: failed2:

12
components/openssl/library/ssl_x509.c
View File

@ -85,7 +85,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
} else { } else {
x = X509_new(); x = X509_new();
if (!x) if (!x)
SSL_RET(failed1, "sk_X509_NAME_new_null\n"); SSL_RET(failed1, "X509_new\n");
m = 1; m = 1;
} }
@ -218,6 +218,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
{ {
int ret; int ret;
X509 *cert; X509 *cert;
const unsigned char *pbuf;
cert = d2i_X509(&ctx->cert->x509, d, len); cert = d2i_X509(&ctx->cert->x509, d, len);
if (!cert) if (!cert)
@ -227,6 +228,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
if (!ret) if (!ret)
SSL_RET(failed2, "SSL_CTX_use_certificate\n"); SSL_RET(failed2, "SSL_CTX_use_certificate\n");
ctx->cert->x509->ref++;
return 1; return 1;
failed2: failed2:
@ -252,7 +255,10 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
int ret; int ret;
X509 *cert; X509 *cert;
cert = d2i_X509(&ssl->cert->x509, d, len); if (ssl->cert->x509->ref)
SSL_RET(failed1);
cert = d2i_X509(NULL, d, len);
if (!cert) if (!cert)
SSL_RET(failed1, "d2i_X509\n"); SSL_RET(failed1, "d2i_X509\n");
@ -260,6 +266,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
if (!ret) if (!ret)
SSL_RET(failed2, "SSL_use_certificate\n"); SSL_RET(failed2, "SSL_use_certificate\n");
ssl->cert->x509->ref++;
return 1; return 1;
failed2: failed2:

6
components/openssl/platform/ssl_pm.c
View File

@ -120,7 +120,7 @@ int ssl_pm_new(SSL *ssl)
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
if (x509_pm->load) { if (x509_pm->load) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
@ -130,9 +130,9 @@ int ssl_pm_new(SSL *ssl)
} }
mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
if (pkey_pm->load) { if (pkey_pm->load) {
x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
if (ret) if (ret)