yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-25 18:16:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document mbedtls_x509_crt_pk_{acquire/release}()

Browse source 
In contrast to mbedtls_x509_crt_frame_acquire(), the public key context
returned by mbedtls_x509_crt_pk_acquire() cannot be marked `const` because
the caller must be able to use it e.g. for mbedtls_pk_sign() and
mbedtls_pk_verify(), which don't have `const` input parameters.

Instead, return a non-`const` context, but explicitly state that callers
must use that context in a thread-safe way.
This commit is contained in:
Hanno Becker 2019-05-20 16:51:01 +01:00
parent b8670fcab3
commit 4b70e12dde
1 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
include/mbedtls/x509_crt.h
View file

@ -859,6 +859,33 @@ static inline void mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt )
#endif /* MBEDTLS_X509_ALWAYS_FLUSH */ #endif /* MBEDTLS_X509_ALWAYS_FLUSH */
} }
/**
* \brief Request temporary access to a public key context
* for a given certificate.
*
* Once no longer needed, the frame must be released
* through a call to mbedtls_x509_crt_pk_release().
*
* This is a copy-less version of mbedtls_x509_crt_get_pk().
* See there for more information.
*
* \param crt The certificate to use. This must be initialized and set up.
* \param dst The address at which to store the address of a public key
* context for the public key in the input certificate \p crt.
*
* \warning The public key context `**pk_ptr` returned by this function
* is owned by the X.509 module and must be used by the caller
* in a thread-safe way. In particular, the caller must only
* use the context with functions which are `const` on the input
* context, or those which are known to be thread-safe. The latter
* for example includes mbedtls_pk_sign() and mbedtls_pk_verify()
* for ECC or RSA public key contexts.
*
* \return \c 0 on success. In this case, `*pk_ptr` is updated
* to hold the address of a public key context for the given
* certificate.
* \return A negative error code on failure.
*/
static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt,
mbedtls_pk_context **pk_ptr ) mbedtls_pk_context **pk_ptr )
{ {
@ -882,6 +909,13 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt,
return( 0 ); return( 0 );
} }
/**
* \brief Release access to a public key context acquired
* through a prior call to mbedtls_x509_crt_frame_acquire().
*
* \param crt The certificate for which a certificate frame has
* previously been acquired.
*/
static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt ) static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt )
{ {
((void) crt); ((void) crt);