mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-10 00:49:04 +08:00
refactor write certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
1bb5a1ffe3
commit
7399d0d806
@ -895,24 +895,43 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl )
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl,
|
/*
|
||||||
unsigned char *buf,
|
* enum {
|
||||||
size_t buflen,
|
* X509(0),
|
||||||
size_t *olen )
|
* RawPublicKey(2),
|
||||||
|
* (255)
|
||||||
|
* } CertificateType;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* select (certificate_type) {
|
||||||
|
* case RawPublicKey:
|
||||||
|
* // From RFC 7250 ASN.1_subjectPublicKeyInfo
|
||||||
|
* opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
|
||||||
|
*
|
||||||
|
* case X509:
|
||||||
|
* opaque cert_data<1..2^24-1>;
|
||||||
|
* };
|
||||||
|
* Extension extensions<0..2^16-1>;
|
||||||
|
* } CertificateEntry;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* opaque certificate_request_context<0..2^8-1>;
|
||||||
|
* CertificateEntry certificate_list<0..2^24-1>;
|
||||||
|
* } Certificate;
|
||||||
|
*/
|
||||||
|
static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
unsigned char *end,
|
||||||
|
size_t *olen )
|
||||||
{
|
{
|
||||||
size_t i=0, n, total_len;
|
|
||||||
const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
|
const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
|
||||||
unsigned char *start;
|
unsigned char *p = (unsigned char *)buf;
|
||||||
|
unsigned char *certificate_list;
|
||||||
|
|
||||||
/* TODO: Add bounds checks! Only then remove the next line. */
|
|
||||||
((void) buflen );
|
|
||||||
|
|
||||||
|
/* Write certificate_request_context */
|
||||||
/* empty certificate_request_context with length 0 */
|
/* empty certificate_request_context with length 0 */
|
||||||
buf[i] = 0;
|
*p++ = 0;
|
||||||
/* Skip length of certificate_request_context and
|
|
||||||
* the length of CertificateEntry
|
|
||||||
*/
|
|
||||||
i += 1;
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
/* If the server requests client authentication but no suitable
|
/* If the server requests client authentication but no suitable
|
||||||
@ -926,50 +945,43 @@ static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl,
|
|||||||
( ( crt == NULL ) || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) )
|
( ( crt == NULL ) || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) );
|
||||||
buf[i] = 0;
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3);
|
||||||
buf[i + 1] = 0;
|
MBEDTLS_PUT_UINT24_BE( 0, p, 0);
|
||||||
buf[i + 2] = 0;
|
p += 3;
|
||||||
i += 3;
|
*olen = p - buf;
|
||||||
*olen = i;
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
start = &buf[i];
|
certificate_list = p;
|
||||||
MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt );
|
/* Reserve space for certificate_list_len */
|
||||||
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3);
|
||||||
|
p += 3;
|
||||||
|
|
||||||
i += 3;
|
MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt );
|
||||||
|
|
||||||
while ( crt != NULL )
|
while ( crt != NULL )
|
||||||
{
|
{
|
||||||
n = crt->raw.len;
|
size_t cert_data_len = crt->raw.len;
|
||||||
if( n > buflen - 3 - i )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET " > %d",
|
|
||||||
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
|
||||||
}
|
|
||||||
|
|
||||||
buf[i] = (unsigned char)( n >> 16 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, cert_data_len + 3 + 2 );
|
||||||
buf[i + 1] = (unsigned char)( n >> 8 );
|
MBEDTLS_PUT_UINT24_BE( cert_data_len, p, 0 );
|
||||||
buf[i + 2] = (unsigned char)( n );
|
p += 3;
|
||||||
|
|
||||||
i += 3; memcpy( buf + i, crt->raw.p, n );
|
memcpy( p, crt->raw.p, cert_data_len );
|
||||||
i += n; crt = crt->next;
|
p += cert_data_len;
|
||||||
|
crt = crt->next;
|
||||||
|
|
||||||
/* Currently, we don't have any certificate extensions defined.
|
/* Currently, we don't have any certificate extensions defined.
|
||||||
* Hence, we are sending an empty extension with length zero.
|
* Hence, we are sending an empty extension with length zero.
|
||||||
*/
|
*/
|
||||||
buf[i] = 0;
|
MBEDTLS_PUT_UINT24_BE( 0, p, 0 );
|
||||||
buf[i + 1] = 0;
|
p += 2;
|
||||||
i += 2;
|
|
||||||
}
|
}
|
||||||
total_len = &buf[i] - start - 3;
|
|
||||||
*start++ = (unsigned char)( ( total_len ) >> 16 );
|
|
||||||
*start++ = (unsigned char)( ( total_len ) >> 8 );
|
|
||||||
*start++ = (unsigned char)( ( total_len ) );
|
|
||||||
|
|
||||||
*olen = i;
|
MBEDTLS_PUT_UINT24_BE( p - certificate_list - 3, certificate_list, 0);
|
||||||
|
|
||||||
|
*olen = p - buf;
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -1005,8 +1017,10 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl )
|
|||||||
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
|
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
|
||||||
MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
|
MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate( ssl, buf, buf_len,
|
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
|
||||||
&msg_len ) );
|
buf,
|
||||||
|
buf + buf_len,
|
||||||
|
&msg_len ) );
|
||||||
|
|
||||||
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
|
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
|
||||||
MBEDTLS_SSL_HS_CERTIFICATE,
|
MBEDTLS_SSL_HS_CERTIFICATE,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user