1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include <stddef.h>
16 #include "hitls_build.h"
17 #include "securec.h"
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_err_internal.h"
22 #include "hitls_error.h"
23 #include "hitls_cert_reg.h"
24 #ifdef HITLS_TLS_FEATURE_PROVIDER
25 #include "hitls_x509_adapt.h"
26 #include "hitls_pki_x509.h"
27 #endif /* HITLS_TLS_FEATURE_PROVIDER */
28 #include "tls_config.h"
29 #include "tls.h"
30 #include "cert_mgr_ctx.h"
31 #include "cert_method.h"
32 #ifndef HITLS_TLS_FEATURE_PROVIDER
33 HITLS_CERT_MgrMethod g_certMgrMethod = {0};
IsMethodValid(const HITLS_CERT_MgrMethod * method)34 static bool IsMethodValid(const HITLS_CERT_MgrMethod *method)
35 {
36 if (method == NULL ||
37 method->certStoreNew == NULL ||
38 method->certStoreDup == NULL ||
39 method->certStoreFree == NULL ||
40 method->certStoreCtrl == NULL ||
41 method->buildCertChain == NULL ||
42 method->verifyCertChain == NULL ||
43 method->certEncode == NULL ||
44 method->certParse == NULL ||
45 method->certDup == NULL ||
46 method->certFree == NULL ||
47 method->certCtrl == NULL ||
48 method->keyParse == NULL ||
49 method->keyDup == NULL ||
50 method->keyFree == NULL ||
51 method->keyCtrl == NULL ||
52 method->createSign == NULL ||
53 method->verifySign == NULL ||
54 method->checkPrivateKey == NULL) {
55 return false;
56 }
57 return true;
58 }
59
HITLS_CERT_RegisterMgrMethod(HITLS_CERT_MgrMethod * method)60 int32_t HITLS_CERT_RegisterMgrMethod(HITLS_CERT_MgrMethod *method)
61 {
62 /* check the callbacks that must be set */
63 if (IsMethodValid(method) == false) {
64 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
65 return RETURN_ERROR_NUMBER_PROCESS(HITLS_NULL_INPUT, BINLOG_ID16108, "input NULL");
66 }
67
68 if (memcpy_s(&g_certMgrMethod, sizeof(HITLS_CERT_MgrMethod), method, sizeof(HITLS_CERT_MgrMethod)) != EOK) {
69 return HITLS_MEMCPY_FAIL;
70 }
71 return HITLS_SUCCESS;
72 }
73
HITLS_CERT_DeinitMgrMethod(void)74 void HITLS_CERT_DeinitMgrMethod(void)
75 {
76 HITLS_CERT_MgrMethod mgr = {0};
77 (void)memcpy_s(&g_certMgrMethod, sizeof(HITLS_CERT_MgrMethod), &mgr, sizeof(HITLS_CERT_MgrMethod));
78 }
79
SAL_CERT_GetMgrMethod(void)80 HITLS_CERT_MgrMethod *SAL_CERT_GetMgrMethod(void)
81 {
82 return &g_certMgrMethod;
83 }
84
HITLS_CERT_GetMgrMethod(void)85 HITLS_CERT_MgrMethod *HITLS_CERT_GetMgrMethod(void)
86 {
87 return SAL_CERT_GetMgrMethod();
88 }
89
90 #endif /* HITLS_TLS_FEATURE_PROVIDER */
91
CheckCertCallBackRetVal(char * logStr,int32_t callBackRet,uint32_t bingLogId,uint32_t hitlsRet)92 int32_t CheckCertCallBackRetVal(char *logStr, int32_t callBackRet, uint32_t bingLogId, uint32_t hitlsRet)
93 {
94 if (callBackRet != HITLS_SUCCESS) {
95 BSL_LOG_BINLOG_FIXLEN(bingLogId, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
96 "%s error: callback ret = 0x%x.", logStr, callBackRet, 0, 0);
97 BSL_ERR_PUSH_ERROR((int32_t)hitlsRet);
98 return (int32_t)hitlsRet;
99 }
100 return HITLS_SUCCESS;
101 }
102
SAL_CERT_StoreNew(const CERT_MgrCtx * mgrCtx)103 HITLS_CERT_Store *SAL_CERT_StoreNew(const CERT_MgrCtx *mgrCtx)
104 {
105 #ifdef HITLS_TLS_FEATURE_PROVIDER
106 return HITLS_X509_ProviderStoreCtxNew(LIBCTX_FROM_CERT_MGR_CTX(mgrCtx), ATTRIBUTE_FROM_CERT_MGR_CTX(mgrCtx));
107 #else
108 return mgrCtx->method.certStoreNew();
109 #endif
110 }
111
SAL_CERT_StoreDup(const CERT_MgrCtx * mgrCtx,HITLS_CERT_Store * store)112 HITLS_CERT_Store *SAL_CERT_StoreDup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store)
113 {
114 #ifdef HITLS_TLS_FEATURE_PROVIDER
115 (void)mgrCtx;
116 return HITLS_X509_Adapt_StoreDup(store);
117 #else
118 return mgrCtx->method.certStoreDup(store);
119 #endif
120 }
121
SAL_CERT_StoreFree(const CERT_MgrCtx * mgrCtx,HITLS_CERT_Store * store)122 void SAL_CERT_StoreFree(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store)
123 {
124 #ifdef HITLS_TLS_FEATURE_PROVIDER
125 (void)mgrCtx;
126 return HITLS_X509_StoreCtxFree(store);
127 #else
128 mgrCtx->method.certStoreFree(store);
129 #endif
130 }
131
SAL_CERT_BuildChain(HITLS_Config * config,HITLS_CERT_Store * store,HITLS_CERT_X509 * cert,HITLS_CERT_X509 ** certList,uint32_t * num)132 int32_t SAL_CERT_BuildChain(HITLS_Config *config, HITLS_CERT_Store *store, HITLS_CERT_X509 *cert,
133 HITLS_CERT_X509 **certList, uint32_t *num)
134 {
135 int32_t ret;
136 #ifdef HITLS_TLS_FEATURE_PROVIDER
137 ret = HITLS_X509_Adapt_BuildCertChain(config, store, cert, certList, num);
138 #else
139 ret = config->certMgrCtx->method.buildCertChain(config, store, cert, certList, num);
140 #endif
141 return CheckCertCallBackRetVal("cert store build chain by cert", ret, BINLOG_ID16083, HITLS_CERT_ERR_BUILD_CHAIN);
142 }
143
SAL_CERT_VerifyChain(HITLS_Ctx * ctx,HITLS_CERT_Store * store,HITLS_CERT_X509 ** certList,uint32_t num)144 int32_t SAL_CERT_VerifyChain(HITLS_Ctx *ctx, HITLS_CERT_Store *store, HITLS_CERT_X509 **certList, uint32_t num)
145 {
146 int32_t ret;
147 #ifdef HITLS_TLS_FEATURE_PROVIDER
148 ret = HITLS_X509_Adapt_VerifyCertChain(ctx, store, certList, num);
149 #else
150 ret = ctx->config.tlsConfig.certMgrCtx->method.verifyCertChain(ctx, store, certList, num);
151 #endif
152 return CheckCertCallBackRetVal("cert store verify chain", ret, BINLOG_ID16084, HITLS_CERT_ERR_VERIFY_CERT_CHAIN);
153 }
154
SAL_CERT_X509Encode(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert,uint8_t * buf,uint32_t len,uint32_t * usedLen)155 int32_t SAL_CERT_X509Encode(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, uint8_t *buf, uint32_t len, uint32_t *usedLen)
156 {
157 int32_t ret;
158 #ifdef HITLS_TLS_FEATURE_PROVIDER
159 ret = HITLS_X509_Adapt_CertEncode(ctx, cert, buf, len, usedLen);
160 #else
161 ret = ctx->config.tlsConfig.certMgrCtx->method.certEncode(ctx, cert, buf, len, usedLen);
162 #endif
163 return CheckCertCallBackRetVal("encode cert", ret, BINLOG_ID16086, HITLS_CERT_ERR_ENCODE_CERT);
164 }
165
SAL_CERT_X509Parse(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_Config * config,const uint8_t * buf,uint32_t len,HITLS_ParseType type,HITLS_ParseFormat format)166 HITLS_CERT_X509 *SAL_CERT_X509Parse(HITLS_Lib_Ctx *libCtx, const char *attrName,
167 HITLS_Config *config, const uint8_t *buf, uint32_t len,
168 HITLS_ParseType type, HITLS_ParseFormat format)
169 {
170 #ifdef HITLS_TLS_FEATURE_PROVIDER
171 (void)config;
172 return HITLS_CERT_ProviderCertParse(libCtx, attrName, buf, len, type, SAL_CERT_GetParseFormatStr(format));
173 #else
174 (void)libCtx;
175 (void)attrName;
176 return config->certMgrCtx->method.certParse(config, buf, len, type, format);
177 #endif
178 }
179
SAL_CERT_X509Dup(const CERT_MgrCtx * mgrCtx,HITLS_CERT_X509 * cert)180 HITLS_CERT_X509 *SAL_CERT_X509Dup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert)
181 {
182 #ifdef HITLS_TLS_FEATURE_PROVIDER
183 (void)mgrCtx;
184 return (HITLS_CERT_X509 *)HITLS_X509_CertDup(cert);
185 #else
186 return mgrCtx->method.certDup(cert);
187 #endif
188 }
189
SAL_CERT_X509Free(HITLS_CERT_X509 * cert)190 void SAL_CERT_X509Free(HITLS_CERT_X509 *cert)
191 {
192 #ifdef HITLS_TLS_FEATURE_PROVIDER
193 HITLS_X509_CertFree(cert);
194 #else
195 if (cert == NULL) {
196 return;
197 }
198 g_certMgrMethod.certFree(cert);
199 #endif
200 }
201
SAL_CERT_X509Ref(const CERT_MgrCtx * mgrCtx,HITLS_CERT_X509 * cert)202 HITLS_CERT_X509 *SAL_CERT_X509Ref(const CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert)
203 {
204 #ifdef HITLS_TLS_FEATURE_PROVIDER
205 (void)mgrCtx;
206 return HITLS_X509_Adapt_CertRef(cert);
207 #else
208 if (mgrCtx->method.certRef == NULL) {
209 return NULL;
210 }
211 return mgrCtx->method.certRef(cert);
212 #endif
213 }
214
215 typedef struct {
216 const char *name;
217 HITLS_ParseFormat format;
218 } ParseFormatMap;
219
220 static const ParseFormatMap g_parseFormatMap[] = {
221 {"PEM", TLS_PARSE_FORMAT_PEM},
222 {"ASN1", TLS_PARSE_FORMAT_ASN1},
223 {"PFX_COM", TLS_PARSE_FORMAT_PFX_COM},
224 {"PKCS12", TLS_PARSE_FORMAT_PKCS12}
225 };
226
SAL_CERT_GetParseFormatStr(HITLS_ParseFormat format)227 const char *SAL_CERT_GetParseFormatStr(HITLS_ParseFormat format)
228 {
229 for (size_t i = 0; i < sizeof(g_parseFormatMap) / sizeof(g_parseFormatMap[0]); i++) {
230 if (g_parseFormatMap[i].format == format) {
231 return g_parseFormatMap[i].name;
232 }
233 }
234 return NULL;
235 }
236
237 #ifndef HITLS_TLS_FEATURE_PROVIDER
GetTlsParseFormat(const char * format)238 static HITLS_ParseFormat GetTlsParseFormat(const char *format)
239 {
240 if (format == NULL) {
241 return TLS_PARSE_FORMAT_BUTT;
242 }
243 for (size_t i = 0; i < sizeof(g_parseFormatMap) / sizeof(g_parseFormatMap[0]); i++) {
244 if (BSL_SAL_StrcaseCmp(format, g_parseFormatMap[i].name) == 0) {
245 return g_parseFormatMap[i].format;
246 }
247 }
248 return TLS_PARSE_FORMAT_BUTT;
249 }
250 #endif
251
SAL_CERT_KeyParse(HITLS_Config * config,const uint8_t * buf,uint32_t len,HITLS_ParseType type,const char * format,const char * encodeType)252 HITLS_CERT_Key *SAL_CERT_KeyParse(HITLS_Config *config, const uint8_t *buf, uint32_t len,
253 HITLS_ParseType type, const char *format, const char *encodeType)
254 {
255 #ifdef HITLS_TLS_FEATURE_PROVIDER
256 return HITLS_X509_Adapt_ProviderKeyParse(config, buf, len, type, format, encodeType);
257 #else
258 (void)encodeType;
259 return config->certMgrCtx->method.keyParse(config, buf, len, type, GetTlsParseFormat(format));
260 #endif
261 }
262
SAL_CERT_KeyDup(const CERT_MgrCtx * mgrCtx,HITLS_CERT_Key * key)263 HITLS_CERT_Key *SAL_CERT_KeyDup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Key *key)
264 {
265 #ifdef HITLS_TLS_FEATURE_PROVIDER
266 (void)mgrCtx;
267 return (HITLS_CERT_Key *)CRYPT_EAL_PkeyDupCtx(key);
268 #else
269 return mgrCtx->method.keyDup(key);
270 #endif
271 }
272
SAL_CERT_KeyFree(const CERT_MgrCtx * mgrCtx,HITLS_CERT_Key * key)273 void SAL_CERT_KeyFree(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Key *key)
274 {
275 #ifdef HITLS_TLS_FEATURE_PROVIDER
276 (void)mgrCtx;
277 CRYPT_EAL_PkeyFreeCtx(key);
278 #else
279 if (key == NULL) {
280 return;
281 }
282 mgrCtx->method.keyFree(key);
283 #endif
284 }
285
286 /* change the error code when modifying the ctrl command */
287 uint32_t g_tlsCertCtrlErrorCode[] = {
288 HITLS_CERT_STORE_CTRL_ERR_SET_VERIFY_DEPTH,
289 HITLS_CERT_STORE_CTRL_ERR_ADD_CERT_LIST,
290 HITLS_CERT_CTRL_ERR_GET_ENCODE_LEN,
291 HITLS_CERT_CTRL_ERR_GET_PUB_KEY,
292 HITLS_CERT_CTRL_ERR_GET_SIGN_ALGO,
293 HITLS_CERT_KEY_CTRL_ERR_GET_SIGN_LEN,
294 HITLS_CERT_KEY_CTRL_ERR_GET_TYPE,
295 HITLS_CERT_KEY_CTRL_ERR_GET_CURVE_NAME,
296 HITLS_CERT_KEY_CTRL_ERR_GET_POINT_FORMAT,
297 HITLS_CERT_KEY_CTRL_ERR_GET_SECBITS,
298 HITLS_CERT_KEY_CTRL_ERR_IS_ENC_USAGE,
299 HITLS_CERT_KEY_CTRL_ERR_IS_DIGITAL_SIGN_USAGE,
300 HITLS_CERT_KEY_CTRL_ERR_IS_KEY_CERT_SIGN_USAGE,
301 HITLS_CERT_KEY_CTRL_ERR_IS_KEY_AGREEMENT_USAGE,
302 HITLS_CERT_KEY_CTRL_ERR_GET_PARAM_ID,
303 HITLS_CERT_KEY_CTRL_ERR_IS_DATA_ENC_USAGE,
304 HITLS_CERT_KEY_CTRL_ERR_IS_NON_REPUDIATION_USAGE,
305 };
306
SAL_CERT_StoreCtrl(HITLS_Config * config,HITLS_CERT_Store * store,HITLS_CERT_CtrlCmd cmd,void * in,void * out)307 int32_t SAL_CERT_StoreCtrl(HITLS_Config *config, HITLS_CERT_Store *store, HITLS_CERT_CtrlCmd cmd, void *in, void *out)
308 {
309 int32_t ret;
310 #ifdef HITLS_TLS_FEATURE_PROVIDER
311 ret = HITLS_X509_Adapt_StoreCtrl(config, store, cmd, in, out);
312 #else
313 ret = config->certMgrCtx->method.certStoreCtrl(config, store, cmd, in, out);
314 #endif
315 return CheckCertCallBackRetVal("cert store ctrl", ret, BINLOG_ID16094, g_tlsCertCtrlErrorCode[cmd]);
316 }
317
SAL_CERT_X509Ctrl(HITLS_Config * config,HITLS_CERT_X509 * cert,HITLS_CERT_CtrlCmd cmd,void * in,void * out)318 int32_t SAL_CERT_X509Ctrl(HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_CtrlCmd cmd, void *in, void *out)
319 {
320 if (cert == NULL) {
321 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16279, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
322 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
323 return HITLS_NULL_INPUT;
324 }
325 int32_t ret;
326 #ifdef HITLS_TLS_FEATURE_PROVIDER
327 ret = HITLS_X509_Adapt_CertCtrl(config, cert, cmd, in, out);
328 #else
329 ret = config->certMgrCtx->method.certCtrl(config, cert, cmd, in, out);
330 #endif
331 return CheckCertCallBackRetVal("cert ctrl", ret, BINLOG_ID16096, g_tlsCertCtrlErrorCode[cmd]);
332 }
333
SAL_CERT_KeyCtrl(HITLS_Config * config,HITLS_CERT_Key * key,HITLS_CERT_CtrlCmd cmd,void * in,void * out)334 int32_t SAL_CERT_KeyCtrl(HITLS_Config *config, HITLS_CERT_Key *key, HITLS_CERT_CtrlCmd cmd, void *in, void *out)
335 {
336 if (key == NULL) {
337 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16280, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
338 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
339 return HITLS_NULL_INPUT;
340 }
341 int32_t ret;
342 #ifdef HITLS_TLS_FEATURE_PROVIDER
343 ret = HITLS_X509_Adapt_KeyCtrl(config, key, cmd, in, out);
344 #else
345 ret = config->certMgrCtx->method.keyCtrl(config, key, cmd, in, out);
346 #endif
347 return CheckCertCallBackRetVal("key ctrl", ret, BINLOG_ID16098, g_tlsCertCtrlErrorCode[cmd]);
348 }
349
SAL_CERT_CreateSign(HITLS_Ctx * ctx,HITLS_CERT_Key * key,CERT_SignParam * signParam)350 int32_t SAL_CERT_CreateSign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, CERT_SignParam *signParam)
351 {
352 if (key == NULL) {
353 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16281, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
354 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
355 return HITLS_NULL_INPUT;
356 }
357 int32_t ret;
358 #ifdef HITLS_TLS_FEATURE_PROVIDER
359 ret = HITLS_X509_Adapt_CreateSign(ctx, key, signParam->signAlgo, signParam->hashAlgo, signParam->data,
360 signParam->dataLen, signParam->sign, &signParam->signLen);
361 #else
362 ret = ctx->config.tlsConfig.certMgrCtx->method.createSign(ctx, key, signParam->signAlgo,
363 signParam->hashAlgo, signParam->data, signParam->dataLen, signParam->sign, &signParam->signLen);
364 #endif
365 return CheckCertCallBackRetVal("create signature", ret, BINLOG_ID16103, HITLS_CERT_ERR_CREATE_SIGN);
366 }
367
SAL_CERT_VerifySign(HITLS_Ctx * ctx,HITLS_CERT_Key * key,CERT_SignParam * signParam)368 int32_t SAL_CERT_VerifySign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, CERT_SignParam *signParam)
369 {
370 int32_t ret;
371 #ifdef HITLS_TLS_FEATURE_PROVIDER
372 ret = HITLS_X509_Adapt_VerifySign(ctx, key, signParam->signAlgo,
373 signParam->hashAlgo, signParam->data, signParam->dataLen, signParam->sign, signParam->signLen);
374 #else
375 ret = ctx->config.tlsConfig.certMgrCtx->method.verifySign(ctx, key, signParam->signAlgo,
376 signParam->hashAlgo, signParam->data, signParam->dataLen, signParam->sign, signParam->signLen);
377 #endif
378 return CheckCertCallBackRetVal("verify signature", ret, BINLOG_ID16101, HITLS_CERT_ERR_VERIFY_SIGN);
379 }
380
381 #if defined(HITLS_TLS_SUITE_KX_RSA) || defined(HITLS_TLS_PROTO_TLCP11)
SAL_CERT_KeyEncrypt(HITLS_Ctx * ctx,HITLS_CERT_Key * key,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)382 int32_t SAL_CERT_KeyEncrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,
383 uint8_t *out, uint32_t *outLen)
384 {
385 int32_t ret;
386 #ifdef HITLS_TLS_FEATURE_PROVIDER
387 ret = HITLS_X509_Adapt_Encrypt(ctx, key, in, inLen, out, outLen);
388 #else
389 if (ctx->config.tlsConfig.certMgrCtx->method.encrypt == NULL) {
390 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID15333, "unregistered encrypt");
391 }
392 ret = ctx->config.tlsConfig.certMgrCtx->method.encrypt(ctx, key, in, inLen, out, outLen);
393 #endif
394 return CheckCertCallBackRetVal("pubkey encrypt", ret, BINLOG_ID15059, HITLS_CERT_ERR_ENCRYPT);
395 }
396
SAL_CERT_KeyDecrypt(HITLS_Ctx * ctx,HITLS_CERT_Key * key,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)397 int32_t SAL_CERT_KeyDecrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,
398 uint8_t *out, uint32_t *outLen)
399 {
400 #ifdef HITLS_TLS_FEATURE_PROVIDER
401 return HITLS_X509_Adapt_Decrypt(ctx, key, in, inLen, out, outLen);
402 #else
403 if (ctx->config.tlsConfig.certMgrCtx->method.decrypt == NULL) {
404 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID15334, "unregistered decrypt");
405 }
406 return ctx->config.tlsConfig.certMgrCtx->method.decrypt(ctx, key, in, inLen, out, outLen);
407 #endif
408 }
409 #endif /* HITLS_TLS_SUITE_KX_RSA || HITLS_TLS_PROTO_TLCP11 */
410
SAL_CERT_CheckPrivateKey(HITLS_Config * config,HITLS_CERT_X509 * cert,HITLS_CERT_Key * key)411 int32_t SAL_CERT_CheckPrivateKey(HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key)
412 {
413 int32_t ret;
414 #ifdef HITLS_TLS_FEATURE_PROVIDER
415 ret = HITLS_X509_Adapt_CheckPrivateKey(config, cert, key);
416 #else
417 ret = config->certMgrCtx->method.checkPrivateKey(config, cert, key);
418 #endif
419 return CheckCertCallBackRetVal(
420 "check cert and private key", ret, BINLOG_ID15538, HITLS_CERT_ERR_CHECK_CERT_AND_KEY);
421 }
422