mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 11:35:40 +00:00
Add field for peer's raw public key to TLS handshake param structure
When removing the (session-local) copy of the peer's CRT chain, we must keep a handshake-local copy of the peer's public key, as (naturally) every key exchange will make use of that public key at some point to verify that the peer actually owns the corresponding private key (e.g., verify signatures from ServerKeyExchange or CertificateVerify, or encrypt a PMS in a RSA-based exchange, or extract static (EC)DH parameters). This commit adds a PK context field `peer_pubkey` to the handshake parameter structure `mbedtls_handshake_params_init()` and adapts the init and free functions accordingly. It does not yet make actual use of the new field.
This commit is contained in:
parent
494dd7a6b4
commit
75173121fe
|
@ -336,6 +336,10 @@ struct mbedtls_ssl_handshake_params
|
|||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
size_t ecrs_n; /*!< place for saving a length */
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
||||
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
||||
|
|
|
@ -7173,6 +7173,11 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
|||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_init( &handshake->peer_pubkey );
|
||||
#endif
|
||||
}
|
||||
|
||||
static void ssl_transform_init( mbedtls_ssl_transform *transform )
|
||||
|
@ -9519,6 +9524,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_free( &handshake->peer_pubkey );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
mbedtls_free( handshake->verify_cookie );
|
||||
ssl_flight_free( handshake->flight );
|
||||
|
|
Loading…
Reference in a new issue