mirror of
				https://github.com/espressif/esp-idf.git
				synced 2025-10-21 19:25:23 +02:00 
			
		
		
		
	components/openssl: SSL load verify data from itself structure when "new"
This commit is contained in:
		| @@ -99,6 +99,8 @@ struct stack_st { | ||||
|  | ||||
| struct evp_pkey_st { | ||||
|  | ||||
|     int ref; | ||||
|  | ||||
|     void *pkey_pm; | ||||
|  | ||||
|     const PKEY_METHOD *method; | ||||
| @@ -106,6 +108,8 @@ struct evp_pkey_st { | ||||
|  | ||||
| struct x509_st { | ||||
|  | ||||
|     int ref; | ||||
|  | ||||
|     /* X509 certification platform private point */ | ||||
|     void *x509_pm; | ||||
|  | ||||
|   | ||||
| @@ -282,6 +282,9 @@ SSL *SSL_new(SSL_CTX *ctx) | ||||
|     ssl->version = ctx->version; | ||||
|     ssl->options = ctx->options; | ||||
|  | ||||
|     ssl->cert = ctx->cert; | ||||
|     ssl->client_CA = ctx->client_CA; | ||||
|  | ||||
|     ret = SSL_METHOD_CALL(new, ssl); | ||||
|     if (ret) | ||||
|         SSL_RET(failed2, "ssl_new\n"); | ||||
|   | ||||
| @@ -177,6 +177,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, | ||||
|     if (!ret) | ||||
|         SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); | ||||
|  | ||||
|     ctx->cert->pkey->ref++; | ||||
|  | ||||
|     return 1; | ||||
|  | ||||
| failed2: | ||||
| @@ -203,7 +205,10 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, | ||||
|     int ret; | ||||
|     EVP_PKEY *pkey; | ||||
|  | ||||
|     pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); | ||||
|     if (ssl->cert->pkey->ref) | ||||
|         SSL_RET(failed1); | ||||
|  | ||||
|     pkey = d2i_PrivateKey(0, NULL, &d, len); | ||||
|     if (!pkey) | ||||
|         SSL_RET(failed1, "d2i_PrivateKey\n"); | ||||
|  | ||||
| @@ -211,6 +216,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, | ||||
|     if (!ret) | ||||
|         SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); | ||||
|  | ||||
|     ssl->cert->pkey->ref++; | ||||
|  | ||||
|     return 1; | ||||
|  | ||||
| failed2: | ||||
|   | ||||
| @@ -85,7 +85,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) | ||||
|     } else { | ||||
|         x = X509_new(); | ||||
|         if (!x) | ||||
|             SSL_RET(failed1, "sk_X509_NAME_new_null\n"); | ||||
|             SSL_RET(failed1, "X509_new\n"); | ||||
|         m = 1; | ||||
|     } | ||||
|  | ||||
| @@ -218,6 +218,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, | ||||
| { | ||||
|     int ret; | ||||
|     X509 *cert; | ||||
|     const unsigned char *pbuf; | ||||
|  | ||||
|     cert = d2i_X509(&ctx->cert->x509, d, len); | ||||
|     if (!cert) | ||||
| @@ -227,6 +228,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, | ||||
|     if (!ret) | ||||
|         SSL_RET(failed2, "SSL_CTX_use_certificate\n"); | ||||
|  | ||||
|     ctx->cert->x509->ref++; | ||||
|  | ||||
|     return 1; | ||||
|  | ||||
| failed2: | ||||
| @@ -252,7 +255,10 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, | ||||
|     int ret; | ||||
|     X509 *cert; | ||||
|  | ||||
|     cert = d2i_X509(&ssl->cert->x509, d, len); | ||||
|     if (ssl->cert->x509->ref) | ||||
|         SSL_RET(failed1); | ||||
|  | ||||
|     cert = d2i_X509(NULL, d, len); | ||||
|     if (!cert) | ||||
|         SSL_RET(failed1, "d2i_X509\n"); | ||||
|  | ||||
| @@ -260,6 +266,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, | ||||
|     if (!ret) | ||||
|         SSL_RET(failed2, "SSL_use_certificate\n"); | ||||
|  | ||||
|     ssl->cert->x509->ref++; | ||||
|  | ||||
|     return 1; | ||||
|  | ||||
| failed2: | ||||
|   | ||||
| @@ -120,7 +120,7 @@ int ssl_pm_new(SSL *ssl) | ||||
|  | ||||
|     mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); | ||||
|  | ||||
|     x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; | ||||
|     x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm; | ||||
|     if (x509_pm->load) { | ||||
|         mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); | ||||
|  | ||||
| @@ -130,9 +130,9 @@ int ssl_pm_new(SSL *ssl) | ||||
|     } | ||||
|     mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); | ||||
|  | ||||
|     pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; | ||||
|     pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; | ||||
|     if (pkey_pm->load) { | ||||
|         x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; | ||||
|         x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; | ||||
|  | ||||
|         ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); | ||||
|         if (ret) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user