yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-04 17:32:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make use of acquire/release in client-side ssl_write_encrypted_pms()

Browse source
This commit is contained in:
Hanno Becker 2019-02-28 14:02:30 +00:00
parent 232f8faf00
commit 0c1681685c
1 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
library/ssl_cli.c
View file

@ -2323,7 +2323,16 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
peer_pk = &ssl->handshake->peer_pubkey; peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert != NULL ) if( ssl->session_negotiate->peer_cert != NULL )
peer_pk = &ssl->session_negotiate->peer_cert->pk; {
ret = mbedtls_x509_crt_pk_acquire( ssl->session_negotiate->peer_cert,
&peer_pk );
if( ret != 0 )
{
/* Should never happen */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( peer_pk == NULL ) if( peer_pk == NULL )
@ -2339,7 +2348,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) ) if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
goto cleanup;
} }
if( ( ret = mbedtls_pk_encrypt( peer_pk, if( ( ret = mbedtls_pk_encrypt( peer_pk,
@ -2349,7 +2359,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
return( ret ); goto cleanup;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
@ -2362,11 +2372,16 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
} }
#endif #endif
cleanup:
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it. */ /* We don't need the peer's public key anymore. Free it. */
mbedtls_pk_free( peer_pk ); mbedtls_pk_free( peer_pk );
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else
return( 0 ); mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );
} }
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */