components/openssl: SSL load verify data from itself structure when "new"

author dongheng <dongheng@espressif.com>

Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)

committer dongheng <dongheng@espressif.com>

Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)
author dongheng <dongheng@espressif.com>
Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)
committer dongheng <dongheng@espressif.com>
Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)
diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h

index d001befdb90aee7b216e04f10a6ad7754fbeeb97..6f2fb5a2f2292ab8a134cf9527192c5387488e8c 100644 (file)
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@@ -99,6 +99,8 @@ struct stack_st {
  
  struct evp_pkey_st {
  
+    int ref;
+
      void *pkey_pm;
  
      const PKEY_METHOD *method;
@@ -106,6 +108,8 @@ struct evp_pkey_st {
  
  struct x509_st {
  
+    int ref;
+
      /* X509 certification platform private point */
      void *x509_pm;
  
diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c

index 442920f1193d337d266390e3e58c4f7eed0625b8..7e3b4554d696cb097f7d9584424438e249afacfe 100644 (file)
--- a/components/openssl/library/ssl_lib.c
+++ b/components/openssl/library/ssl_lib.c
@@ -282,6 +282,9 @@ SSL *SSL_new(SSL_CTX *ctx)
      ssl->version = ctx->version;
      ssl->options = ctx->options;
  
+    ssl->cert = ctx->cert;
+    ssl->client_CA = ctx->client_CA;
+
      ret = SSL_METHOD_CALL(new, ssl);
      if (ret)
          SSL_RET(failed2, "ssl_new\n");
diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c

index a86a257e989ceab548beb96cf26b486794f7b75d..15c4977b0f23962bf574a1e4d826a7ae9b3bf171 100644 (file)
--- a/components/openssl/library/ssl_pkey.c
+++ b/components/openssl/library/ssl_pkey.c
@@ -177,6 +177,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
      if (!ret)
          SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
  
+    ctx->cert->pkey->ref++;
+
      return 1;
  
  failed2:
@@ -203,7 +205,10 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
      int ret;
      EVP_PKEY *pkey;
  
-    pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len);
+    if (ssl->cert->pkey->ref)
+        SSL_RET(failed1);
+
+    pkey = d2i_PrivateKey(0, NULL, &d, len);
      if (!pkey)
          SSL_RET(failed1, "d2i_PrivateKey\n");
  
@@ -211,6 +216,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
      if (!ret)
          SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
  
+    ssl->cert->pkey->ref++;
+
      return 1;
  
  failed2:
diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c

index ba5c924e7535f0fe8c95b21c60aa7db6d2e1d2e1..6e249eef584f74ca8f71a5bf1cca31f7f77c1bc6 100644 (file)
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -85,7 +85,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
      } else {
          x = X509_new();
          if (!x)
-            SSL_RET(failed1, "sk_X509_NAME_new_null\n");
+            SSL_RET(failed1, "X509_new\n");
          m = 1;
      }
  
@@ -218,6 +218,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
  {
      int ret;
      X509 *cert;
+    const unsigned char *pbuf;
  
      cert = d2i_X509(&ctx->cert->x509, d, len);
      if (!cert)
@@ -227,6 +228,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
      if (!ret)
          SSL_RET(failed2, "SSL_CTX_use_certificate\n");
  
+    ctx->cert->x509->ref++;
+
      return 1;
  
  failed2:
@@ -252,7 +255,10 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
      int ret;
      X509 *cert;
  
-    cert = d2i_X509(&ssl->cert->x509, d, len);
+    if (ssl->cert->x509->ref)
+        SSL_RET(failed1);
+
+    cert = d2i_X509(NULL, d, len);
      if (!cert)
          SSL_RET(failed1, "d2i_X509\n");
  
@@ -260,6 +266,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
      if (!ret)
          SSL_RET(failed2, "SSL_use_certificate\n");
  
+    ssl->cert->x509->ref++;
+
      return 1;
  
  failed2:
diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c

index 17cc080bb69a8ba2b98fa50e1ce51b851d404e6f..d4ed2ececb018978cfd773680825f78365f43464 100644 (file)
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -120,7 +120,7 @@ int ssl_pm_new(SSL *ssl)
  
      mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
  
-    x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm;
+    x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
      if (x509_pm->load) {
          mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
  
@@ -130,9 +130,9 @@ int ssl_pm_new(SSL *ssl)
      }
      mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
  
-    pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm;
+    pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
      if (pkey_pm->load) {
-        x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm;
+        x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
  
          ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
          if (ret)
author	dongheng <dongheng@espressif.com>
	Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)
committer	dongheng <dongheng@espressif.com>
	Thu, 22 Sep 2016 08:41:51 +0000 (16:41 +0800)
components/openssl/include/internal/ssl_types.h		patch \| blob \| history
components/openssl/library/ssl_lib.c		patch \| blob \| history
components/openssl/library/ssl_pkey.c		patch \| blob \| history
components/openssl/library/ssl_x509.c		patch \| blob \| history
components/openssl/platform/ssl_pm.c		patch \| blob \| history