From 705fcca409777ac730952375106c081654ba8901 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 23 Sep 2013 20:04:20 +0200 Subject: [PATCH] Adapt support for SNI to recent changes --- include/polarssl/ssl.h | 1 + library/ssl_srv.c | 22 +++++++++++++++++++- library/ssl_tls.c | 47 +++++++++++++++++++++++++----------------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 144c85256..d6db97807 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -494,6 +494,7 @@ struct _ssl_handshake_params #endif #if defined(POLARSSL_X509_CRT_PARSE_C) ssl_key_cert *key_cert; /*!< Own key/cert in use */ + int free_key_cert; /*!< Shall we free key_cert? */ #endif /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index df7709bd4..e291c53d1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -338,6 +338,26 @@ static int ssl_parse_ticket( ssl_context *ssl, #endif /* POLARSSL_SSL_SESSION_TICKETS */ #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) +/* + * Wrapper around f_sni, allowing use of + * ssl_set_own_cert() but making it act on ssl->hanshake->key_cert instead. + */ +static int ssl_sni_wrapper( ssl_context *ssl, + const unsigned char* name, size_t len ) +{ + int ret; + ssl_key_cert *key_cert_ori = ssl->key_cert; + + ssl->key_cert = NULL; + ret = ssl->f_sni( ssl->p_sni, ssl, name, len ); + ssl->handshake->key_cert = ssl->key_cert; + ssl->handshake->free_key_cert = 1; + + ssl->key_cert = key_cert_ori; + + return( ret ); +} + static int ssl_parse_servername_ext( ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -365,7 +385,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl, if( p[0] == TLS_EXT_SERVERNAME_HOSTNAME ) { - ret = ssl->f_sni( ssl->p_sni, ssl, p + 3, hostname_len ); + ret = ssl_sni_wrapper( ssl, p + 3, hostname_len ); if( ret != 0 ) { ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cafdcf092..a94751ba2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4136,6 +4136,27 @@ void ssl_transform_free( ssl_transform *transform ) memset( transform, 0, sizeof( ssl_transform ) ); } +#if defined(POLARSSL_X509_CRT_PARSE_C) +static void ssl_key_cert_free( ssl_key_cert *key_cert ) +{ + ssl_key_cert *cur = key_cert, *next; + + while( cur != NULL ) + { + next = cur->next; + + if( cur->key_own_alloc ) + { + pk_free( cur->key ); + polarssl_free( cur->key ); + } + polarssl_free( cur ); + + cur = next; + } +} +#endif /* POLARSSL_X509_CRT_PARSE_C */ + void ssl_handshake_free( ssl_handshake_params *handshake ) { #if defined(POLARSSL_DHM_C) @@ -4149,6 +4170,11 @@ void ssl_handshake_free( ssl_handshake_params *handshake ) polarssl_free( handshake->curves ); #endif +#if defined(POLARSSL_X509_CRT_PARSE_C) + if( handshake->free_key_cert != 0 ) + ssl_key_cert_free( handshake->key_cert ); +#endif + memset( handshake, 0, sizeof( ssl_handshake_params ) ); } @@ -4242,25 +4268,8 @@ void ssl_free( ssl_context *ssl ) #endif #if defined(POLARSSL_X509_CRT_PARSE_C) - if( ssl->key_cert != NULL ) - { - ssl_key_cert *cur = ssl->key_cert, *next; - - while( cur != NULL ) - { - next = cur->next; - - if( cur->key_own_alloc ) - { - pk_free( cur->key ); - polarssl_free( cur->key ); - } - polarssl_free( cur ); - - cur = next; - } - } -#endif /* POLARSSL_X509_CRT_PARSE_C */ + ssl_key_cert_free( ssl->key_cert ); +#endif #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) if( ssl_hw_record_finish != NULL )