Skip to content

Commit b7a7bc0

Browse files
vikramdattuvikramdattu
committed
Tls_mbedtls: Read the cert with readFile before parse
 - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API
1 parent cf817bc commit b7a7bc0

File tree

1 file changed

+34
-1
lines changed

1 file changed

+34
-1
lines changed

src/source/Crypto/Tls_mbedtls.c

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,37 @@
44
#define LOG_CLASS "TLS_mbedtls"
55
#include "../Include_i.h"
66

7+
// Read and parse CA certificate
8+
PRIVATE_API STATUS readAndParseCACertificate(PTlsSession pTlsSession)
9+
{
10+
ENTERS();
11+
STATUS retStatus = STATUS_SUCCESS;
12+
UINT64 cert_len = 0;
13+
PBYTE cert_buf = NULL;
14+
CHAR errBuf[128];
15+
16+
CHK(pTlsSession != NULL && pTlsSession->cacert != NULL, STATUS_NULL_ARG);
17+
18+
CHK_STATUS(readFile(KVS_CA_CERT_PATH, FALSE, NULL, &cert_len));
19+
CHK(cert_len > 0, STATUS_INVALID_CERT_PATH_LENGTH);
20+
cert_buf = (PBYTE) MEMCALLOC(1, cert_len + 1);
21+
CHK(cert_buf != NULL, STATUS_NOT_ENOUGH_MEMORY);
22+
CHK_STATUS(readFile(KVS_CA_CERT_PATH, FALSE, cert_buf, &cert_len));
23+
int ret = mbedtls_x509_crt_parse(&pTlsSession->cacert, cert_buf, (SIZE_T) (cert_len + 1));
24+
if (ret != 0) {
25+
mbedtls_strerror(ret, errBuf, SIZEOF(errBuf));
26+
DLOGE("mbedtls_x509_crt_parse failed: %s", errBuf);
27+
}
28+
CHK(ret == 0, STATUS_INVALID_CA_CERT_PATH);
29+
30+
CleanUp:
31+
CHK_LOG_ERR(retStatus);
32+
SAFE_MEMFREE(cert_buf);
33+
34+
LEAVES();
35+
return retStatus;
36+
}
37+
738
STATUS createTlsSession(PTlsSessionCallbacks pCallbacks, PTlsSession* ppTlsSession)
839
{
940
ENTERS();
@@ -26,9 +57,11 @@ STATUS createTlsSession(PTlsSessionCallbacks pCallbacks, PTlsSession* ppTlsSessi
2657
mbedtls_ssl_config_init(&pTlsSession->sslCtxConfig);
2758
mbedtls_ssl_init(&pTlsSession->sslCtx);
2859
CHK(mbedtls_ctr_drbg_seed(&pTlsSession->ctrDrbg, mbedtls_entropy_func, &pTlsSession->entropy, NULL, 0) == 0, STATUS_CREATE_SSL_FAILED);
29-
CHK(mbedtls_x509_crt_parse_file(&pTlsSession->cacert, KVS_CA_CERT_PATH) == 0, STATUS_INVALID_CA_CERT_PATH);
60+
61+
CHK_STATUS(readAndParseCACertificate(pTlsSession));
3062

3163
CleanUp:
64+
3265
if (STATUS_FAILED(retStatus) && pTlsSession != NULL) {
3366
freeTlsSession(&pTlsSession);
3467
}

0 commit comments

Comments
 (0)