tidy up bearssl code

2025-09-14 10:05:44 -04:00 · 2024-12-17 21:44:57 +11:00 · 2024-12-17 21:44:57 +11:00 · 073b50d6e2
commit 073b50d6e2
parent 0e1fba3d1e
2 changed files with 23 additions and 21 deletions
--- a/src/Platform_Windows.c
+++ b/src/Platform_Windows.c
@ -1084,15 +1084,15 @@ cc_result Platform_Decrypt(const void* data, int len, cc_string* dst) {
 static BOOL (WINAPI *_RtlGenRandom)(PVOID data, ULONG len);

 cc_result Platform_GetEntropy(void* data, int len) {
-	static const struct DynamicLibSym funcs[] = {
-		DynamicLib_Sym2("SystemFunction036", RtlGenRandom)
-	};
+	static const struct DynamicLibSym func =
+		DynamicLib_Sym2("SystemFunction036", RtlGenRandom);

 	if (!_RtlGenRandom) {
 		static const cc_string kernel32 = String_FromConst("ADVAPI32.DLL");
-		void* lib;
+		void* lib = DynamicLib_Load2(&kernel32);
+		if (!lib) return ERR_NOT_SUPPORTED;
 		
-		DynamicLib_LoadAll(&kernel32, funcs, Array_Elems(funcs), &lib);
+		*func.symAddr = DynamicLib_Get2(lib, func.name);
 		if (!_RtlGenRandom) return ERR_NOT_SUPPORTED;
 	}
 	
--- a/src/SSL.c
+++ b/src/SSL.c
@ -321,7 +321,7 @@ cc_result SSL_Read(void* ctx_, cc_uint8* data, cc_uint32 count, cc_uint32* read)
 			desc.pBuffers  = buffers;

 			sec = FP_DecryptMessage(&ctx->context, &desc, 0, NULL);
-			if (sec == SEC_E_OK) {				
+			if (sec == SEC_E_OK) {
 				/* After successful decryption the SecBuffers will be: */
 				/*   buffers[0] = headers */
 				/*   buffers[1] = content */
@ -411,16 +411,9 @@ cc_result SSL_Free(void* ctx_) {
 // https://github.com/unkaktus/bearssl/blob/master/samples/client_basic.c#L283
 #define SSL_ERROR_SHIFT 0xB5510000

-static unsigned fake_minimal_end_chain(const br_x509_class** ctx) {
-	unsigned r = br_x509_minimal_vtable.end_chain(ctx);
-	if (r == BR_ERR_X509_NOT_TRUSTED) r = 0;
-	if (r == BR_ERR_X509_EXPIRED)     r = 0;
-	return r;
-}
-
 typedef struct SSLContext {
-	br_ssl_client_context sc;
 	br_x509_minimal_context xc;
+	br_ssl_client_context sc;
 	unsigned char iobuf[BR_SSL_BUFSIZE_BIDI];
 	br_sslio_context ioc;
 	cc_result readError, writeError;
@ -429,9 +422,19 @@ typedef struct SSLContext {

 static cc_bool _verifyCerts;

+static unsigned cc_x509_end_chain(const br_x509_class** ctx) {
+	unsigned r = br_x509_minimal_vtable.end_chain(ctx);
+	
+	if (!_verifyCerts) {
+		if (r == BR_ERR_X509_NOT_TRUSTED) r = 0;
+		if (r == BR_ERR_X509_EXPIRED)     r = 0;
+	}
+	return r;
+}
+

 void SSLBackend_Init(cc_bool verifyCerts) {
-	_verifyCerts = verifyCerts; // TODO support
+	_verifyCerts = verifyCerts;
 }

 cc_bool SSLBackend_DescribeError(cc_result res, cc_string* dst) {
@ -512,12 +515,11 @@ cc_result SSL_Init(cc_socket socket, const cc_string* host_, void** out_ctx) {
 	}
 	
 	/* Override default certificate chain validation */
-	if (!_verifyCerts) {
-		static br_x509_class fake_minimal_vtable;
-		fake_minimal_vtable = br_x509_minimal_vtable;
-		fake_minimal_vtable.end_chain = fake_minimal_end_chain;
-		ctx->xc.vtable = &fake_minimal_vtable;
-	}
+	static br_x509_class cc_x509_vtable;
+	ctx->xc.vtable = &cc_x509_vtable;
+	
+	cc_x509_vtable = br_x509_minimal_vtable;
+	cc_x509_vtable.end_chain = cc_x509_end_chain;
 	
 	br_sslio_init(&ctx->ioc, &ctx->sc.eng, 
 			sock_read,  ctx,