From cc564500c1b07ba5c7d4312ae348a8b0af394d96 Mon Sep 17 00:00:00 2001 From: UnknownShadow200 Date: Thu, 26 Jun 2025 07:57:45 +1000 Subject: [PATCH] Tidy up certificate API --- src/Certs.c | 104 +++++++++++++++++++++++++++++++++------------------- src/Certs.h | 13 +++++-- src/Core.h | 7 ++++ src/SSL.c | 1 + 4 files changed, 84 insertions(+), 41 deletions(-) diff --git a/src/Certs.c b/src/Certs.c index fdfc21f67..b5c11784a 100644 --- a/src/Certs.c +++ b/src/Certs.c @@ -1,7 +1,68 @@ #include "Certs.h" + +#if CC_CTX_BACKEND == CC_CRT_BACKEND_NONE +void CertsBackend_Init(void) { } + +void Certs_BeginChain(struct X509CertContext* ctx) { } + +void Certs_FreeChain( struct X509CertContext* ctx) { } + +int Certs_VerifyChain(struct X509CertContext* ctx) { return ERR_NOT_SUPPORTED; } + +void Certs_BeginCert( struct X509CertContext* ctx, int size) { } + +void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) { } + +void Certs_FinishCert(struct X509CertContext* ctx) { } +#else #include "Platform.h" #include "String.h" #include "Stream.h" + +void Certs_BeginCert( struct X509CertContext* ctx, int size) { + void* data; + ctx->cert = NULL; + + /* Should never happen, but never know */ + if (ctx->numCerts >= X509_MAX_CERTS) return; + + data = Mem_TryAllocCleared(1, size); + if (!data) return; + + ctx->cert = &ctx->certs[ctx->numCerts++]; + ctx->cert->data = data; + ctx->cert->offset = 0; +} + +void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) { + if (!ctx->cert) return; + + Mem_Copy((char*)ctx->cert->data + ctx->cert->offset, data, len); + ctx->cert->offset += len; +} + +void Certs_FinishCert(struct X509CertContext* ctx) { + //char buffer[128]; + //cc_string buf = String_FromArray(buffer); + //String_Format1(&buf, "cert_%i.der", &ctx->numCerts); + //Stream_WriteAllTo(&buf, ctx->cert->data, ctx->cert->offset); +} + +void Certs_BeginChain(struct X509CertContext* ctx) { + ctx->cert = NULL; + ctx->numCerts = 0; +} + +void Certs_FreeChain( struct X509CertContext* ctx) { + int i; + for (i = 0; i < ctx->numCerts; i++) + { + Mem_Free(ctx->certs[i].data); + } + ctx->numCerts = 0; +} + +#if CC_CRT_BACKEND_OPENSSL #include static X509_STORE* store; @@ -12,45 +73,14 @@ void CertsBackend_Init(void) { X509_STORE_set_default_paths(store); } -void Certs_BeginChain(struct X509CertContext* ctx) { - Platform_LogConst("CHAIN"); - ctx->chain = NULL; - ctx->cert = NULL; -} - -void Certs_FreeChain( struct X509CertContext* ctx) { -} - int Certs_VerifyChain(struct X509CertContext* ctx) { + + + //const unsigned char* data = ctx->cert->data; + //X509* cert = d2i_X509(NULL, &data, ctx->cert->offset); return 0; } +#endif +#endif -void Certs_BeginCert( struct X509CertContext* ctx, int size) { - ctx->cert = Mem_TryAllocCleared(1, size); - ctx->offset = 0; -} - -void Certs_AppendCert(struct X509CertContext* ctx, const void* data, int len) { - if (!ctx->cert) return; - - Mem_Copy((char*)ctx->cert + ctx->offset, data, len); - ctx->offset += len; -} - -void Certs_FinishCert(struct X509CertContext* ctx) { - - Platform_LogConst("CERT"); static int counter; - - char buffer[128]; - cc_string buf = String_FromArray(buffer); - String_Format1(&buf, "cert_%i.der", &counter); counter++; - - //Stream_WriteAllTo(&buf, ctx->cert, ctx->offset); - - const unsigned char* data = ctx->cert; - X509* cert = d2i_X509(NULL, &data, ctx->offset); - - Mem_Free(ctx->cert); - ctx->cert = NULL; -} diff --git a/src/Certs.h b/src/Certs.h index 5bd8f50ff..327f15f83 100644 --- a/src/Certs.h +++ b/src/Certs.h @@ -10,13 +10,18 @@ Copyright 2014-2025 ClassiCube | Licensed under BSD-3 void CertsBackend_Init(void); -struct X509CertContext { - void* ctx; - void* chain; - void* cert; +#define X509_MAX_CERTS 10 +struct X509Cert { + void* data; int offset; }; +struct X509CertContext { + struct X509Cert certs[X509_MAX_CERTS]; + struct X509Cert* cert; + int numCerts; +}; + void Certs_BeginChain( struct X509CertContext* ctx); void Certs_FreeChain( struct X509CertContext* ctx); int Certs_VerifyChain(struct X509CertContext* ctx); diff --git a/src/Core.h b/src/Core.h index b4e6d6bdf..52f4243ca 100644 --- a/src/Core.h +++ b/src/Core.h @@ -153,6 +153,9 @@ typedef cc_uint8 cc_bool; #define CC_NET_BACKEND_BUILTIN 1 #define CC_NET_BACKEND_LIBCURL 2 +#define CC_CRT_BACKEND_NONE 1 +#define CC_CRT_BACKEND_OPENSSL 2 + #define CC_AUD_BACKEND_OPENAL 1 #define CC_AUD_BACKEND_WINMM 2 #define CC_AUD_BACKEND_OPENSLES 3 @@ -258,6 +261,7 @@ typedef cc_uint8 cc_bool; #define DEFAULT_NET_BACKEND CC_NET_BACKEND_LIBCURL #define DEFAULT_AUD_BACKEND CC_AUD_BACKEND_OPENAL #define DEFAULT_WIN_BACKEND CC_WIN_BACKEND_X11 + #define DEFAULT_CRT_BACKEND CC_CRT_BACKEND_OPENSSL #if defined CC_BUILD_RPI #define CC_BUILD_GLES #define CC_BUILD_EGL @@ -597,6 +601,9 @@ typedef cc_uint8 cc_bool; #if defined DEFAULT_SSL_BACKEND && !defined CC_SSL_BACKEND #define CC_SSL_BACKEND DEFAULT_SSL_BACKEND #endif +#if defined DEFAULT_CRT_BACKEND && !defined CC_CRT_BACKEND + #define CC_CRT_BACKEND DEFAULT_CRT_BACKEND +#endif #if defined DEFAULT_NET_BACKEND && !defined CC_NET_BACKEND #define CC_NET_BACKEND DEFAULT_NET_BACKEND #endif diff --git a/src/SSL.c b/src/SSL.c index ba323ff61..394d691df 100644 --- a/src/SSL.c +++ b/src/SSL.c @@ -475,6 +475,7 @@ static unsigned x509_end_chain(const br_x509_class** ctx) { unsigned r = br_x509_minimal_vtable.end_chain(ctx); r = x509_maybe_skip_verify(r); +Certs_VerifyChain(&ssl->x509); // TODO remove later /* Fallback to system specific certificate validation */ if (r == BR_ERR_X509_NOT_TRUSTED && Certs_VerifyChain(&ssl->x509) == 0) r = 0;