mirror of
https://libwebsockets.org/repo/libwebsockets
synced 2024-11-24 09:46:44 +00:00
4b089788bc
Adapt mbedtls support for compatibility with v3, while maintaining compatibility with v2. Notice v3 has removed the ability to encrypt with pubkey and decrypt with privkey. Openssl still has it, atm with v3 these fall back to encrypt with privkey and decrypt with pubkey. > The RSA module no longer supports private-key operations with the > public key or vice versa. As a consequence, RSA operation functions > no longer have a mode parameter. If you were calling RSA operations > with the normal mode (public key for verification or encryption, > private key for signature or decryption), remove the > MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were > calling RSA operations with the wrong mode, which rarely makes sense >from a security perspective, this is no longer supported.
90 lines
2.0 KiB
C
90 lines
2.0 KiB
C
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include "private-lib-core.h"
|
|
|
|
#include "ssl_cert.h"
|
|
#include "ssl_pkey.h"
|
|
#include "ssl_x509.h"
|
|
#include "ssl_dbg.h"
|
|
#include "ssl_port.h"
|
|
|
|
/**
|
|
* @brief create a certification object according to input certification
|
|
*/
|
|
CERT *__ssl_cert_new(CERT *ic, void *rngctx)
|
|
{
|
|
CERT *cert;
|
|
|
|
X509 *ix;
|
|
EVP_PKEY *ipk;
|
|
|
|
cert = ssl_mem_zalloc(sizeof(CERT));
|
|
if (!cert) {
|
|
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
|
|
goto no_mem;
|
|
}
|
|
|
|
if (ic) {
|
|
ipk = ic->pkey;
|
|
ix = ic->x509;
|
|
} else {
|
|
ipk = NULL;
|
|
ix = NULL;
|
|
}
|
|
|
|
cert->pkey = __EVP_PKEY_new(ipk, rngctx);
|
|
if (!cert->pkey) {
|
|
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
|
|
goto pkey_err;
|
|
}
|
|
|
|
cert->x509 = __X509_new(ix);
|
|
if (!cert->x509) {
|
|
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
|
|
goto x509_err;
|
|
}
|
|
|
|
return cert;
|
|
|
|
x509_err:
|
|
EVP_PKEY_free(cert->pkey);
|
|
pkey_err:
|
|
ssl_mem_free(cert);
|
|
no_mem:
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* @brief create a certification object include private key object
|
|
*/
|
|
CERT *ssl_cert_new(void *rngctx)
|
|
{
|
|
return __ssl_cert_new(NULL, rngctx);
|
|
}
|
|
|
|
/**
|
|
* @brief free a certification object
|
|
*/
|
|
void ssl_cert_free(CERT *cert)
|
|
{
|
|
SSL_ASSERT3(cert);
|
|
|
|
X509_free(cert->x509);
|
|
|
|
EVP_PKEY_free(cert->pkey);
|
|
|
|
ssl_mem_free(cert);
|
|
}
|