Tidy up certificate API

2025-09-17 11:35:08 -04:00 · 2025-06-26 07:57:45 +10:00 · 2025-06-26 07:57:45 +10:00 · cc564500c1
commit cc564500c1
parent 7c71e7dfe3
4 changed files with 84 additions and 41 deletions
--- a/src/Certs.c
+++ b/src/Certs.c
@ -1,7 +1,68 @@
 #include "Certs.h"
+
+#if CC_CTX_BACKEND == CC_CRT_BACKEND_NONE
+void CertsBackend_Init(void) { }
+
+void Certs_BeginChain(struct X509CertContext* ctx) { }
+
+void Certs_FreeChain( struct X509CertContext* ctx) { }
+
+int Certs_VerifyChain(struct X509CertContext* ctx) { return ERR_NOT_SUPPORTED; }
+
+void Certs_BeginCert( struct X509CertContext* ctx, int size) { }
+
+void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) { }
+
+void Certs_FinishCert(struct X509CertContext* ctx) { }
+#else
 #include "Platform.h"
 #include "String.h"
 #include "Stream.h"
+
+void Certs_BeginCert( struct X509CertContext* ctx, int size) {
+	void* data;
+	ctx->cert = NULL;
+
+	/* Should never happen, but never know */
+	if (ctx->numCerts >= X509_MAX_CERTS) return;
+
+	data = Mem_TryAllocCleared(1, size);
+	if (!data) return;
+
+	ctx->cert         = &ctx->certs[ctx->numCerts++];	
+	ctx->cert->data   = data;
+	ctx->cert->offset = 0;
+}
+
+void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) {
+	if (!ctx->cert) return;
+
+	Mem_Copy((char*)ctx->cert->data + ctx->cert->offset, data, len);
+	ctx->cert->offset += len;
+}
+
+void Certs_FinishCert(struct X509CertContext* ctx) {
+	//char buffer[128];
+	//cc_string buf = String_FromArray(buffer);
+	//String_Format1(&buf, "cert_%i.der", &ctx->numCerts);
+	//Stream_WriteAllTo(&buf, ctx->cert->data, ctx->cert->offset);
+}
+
+void Certs_BeginChain(struct X509CertContext* ctx) {
+	ctx->cert     = NULL;
+	ctx->numCerts = 0;
+}
+
+void Certs_FreeChain( struct X509CertContext* ctx) {
+	int i;
+	for (i = 0; i < ctx->numCerts; i++)
+	{
+		Mem_Free(ctx->certs[i].data);
+	}
+	ctx->numCerts = 0;
+}
+
+#if CC_CRT_BACKEND_OPENSSL
 #include <openssl/x509.h>
 static X509_STORE* store;

@ -12,45 +73,14 @@ void CertsBackend_Init(void) {
 	X509_STORE_set_default_paths(store);
 }

-void Certs_BeginChain(struct X509CertContext* ctx) {
-	Platform_LogConst("CHAIN");
-	ctx->chain = NULL;
-	ctx->cert  = NULL;
-}
-
-void Certs_FreeChain( struct X509CertContext* ctx) {
-}
-
 int Certs_VerifyChain(struct X509CertContext* ctx) {
+	
+
+	//const unsigned char* data = ctx->cert->data;
+	//X509* cert = d2i_X509(NULL, &data, ctx->cert->offset);
 	return 0;
 }
+#endif

+#endif

-void Certs_BeginCert( struct X509CertContext* ctx, int size) {
-	ctx->cert   = Mem_TryAllocCleared(1, size);
-	ctx->offset = 0;
-}
-
-void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) {
-	if (!ctx->cert) return;
-
-	Mem_Copy((char*)ctx->cert + ctx->offset, data, len);
-	ctx->offset += len;
-}
-
-void Certs_FinishCert(struct X509CertContext* ctx) {
-
-	Platform_LogConst("CERT"); static int counter;
-
-	char buffer[128];
-	cc_string buf = String_FromArray(buffer);
-	String_Format1(&buf, "cert_%i.der", &counter); counter++;
-
-	//Stream_WriteAllTo(&buf, ctx->cert, ctx->offset);
-
-	const unsigned char* data = ctx->cert;
-	X509* cert = d2i_X509(NULL, &data, ctx->offset);
-
-	Mem_Free(ctx->cert);
-	ctx->cert = NULL;
-}
--- a/src/Certs.h
+++ b/src/Certs.h
@ -10,13 +10,18 @@ Copyright 2014-2025 ClassiCube | Licensed under BSD-3

 void CertsBackend_Init(void);

-struct X509CertContext {
-	void* ctx;
-	void* chain;
-	void* cert;
+#define X509_MAX_CERTS 10
+struct X509Cert {
+	void* data;
 	int offset;
 };

+struct X509CertContext {
+	struct X509Cert certs[X509_MAX_CERTS];
+	struct X509Cert* cert;
+	int numCerts;
+};
+
 void Certs_BeginChain( struct X509CertContext* ctx);
 void Certs_FreeChain(  struct X509CertContext* ctx);
 int  Certs_VerifyChain(struct X509CertContext* ctx);
--- a/src/Core.h
+++ b/src/Core.h
@ -153,6 +153,9 @@ typedef cc_uint8  cc_bool;
 #define CC_NET_BACKEND_BUILTIN  1
 #define CC_NET_BACKEND_LIBCURL  2

+#define CC_CRT_BACKEND_NONE     1
+#define CC_CRT_BACKEND_OPENSSL  2
+
 #define CC_AUD_BACKEND_OPENAL   1
 #define CC_AUD_BACKEND_WINMM    2
 #define CC_AUD_BACKEND_OPENSLES 3
@ -258,6 +261,7 @@ typedef cc_uint8  cc_bool;
 	#define DEFAULT_NET_BACKEND CC_NET_BACKEND_LIBCURL
 	#define DEFAULT_AUD_BACKEND CC_AUD_BACKEND_OPENAL
 	#define DEFAULT_WIN_BACKEND CC_WIN_BACKEND_X11
+	#define DEFAULT_CRT_BACKEND CC_CRT_BACKEND_OPENSSL
 	#if defined CC_BUILD_RPI
 		#define CC_BUILD_GLES
 		#define CC_BUILD_EGL
@ -597,6 +601,9 @@ typedef cc_uint8  cc_bool;
 #if defined DEFAULT_SSL_BACKEND && !defined CC_SSL_BACKEND
 	#define CC_SSL_BACKEND DEFAULT_SSL_BACKEND
 #endif
+#if defined DEFAULT_CRT_BACKEND && !defined CC_CRT_BACKEND
+	#define CC_CRT_BACKEND DEFAULT_CRT_BACKEND
+#endif
 #if defined DEFAULT_NET_BACKEND && !defined CC_NET_BACKEND
 	#define CC_NET_BACKEND DEFAULT_NET_BACKEND
 #endif
--- a/src/SSL.c
+++ b/src/SSL.c
@ -475,6 +475,7 @@ static unsigned x509_end_chain(const br_x509_class** ctx) {

 	unsigned r = br_x509_minimal_vtable.end_chain(ctx);
 	r = x509_maybe_skip_verify(r);
+Certs_VerifyChain(&ssl->x509); // TODO remove later

 	/* Fallback to system specific certificate validation */
 	if (r == BR_ERR_X509_NOT_TRUSTED && Certs_VerifyChain(&ssl->x509) == 0) r = 0;