From db2da43fc178a5a9e1bb2c2a13681d5be919533e Mon Sep 17 00:00:00 2001 From: dongheng Date: Wed, 14 Sep 2016 19:39:24 +0800 Subject: [PATCH 01/52] components/openssl: add API header for openssl compatibility layer --- components/openssl/include/openssl/ssl.h | 1651 ++++++++++++++++++++++ 1 file changed, 1651 insertions(+) create mode 100644 components/openssl/include/openssl/ssl.h diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h new file mode 100644 index 0000000000..b7b784fe71 --- /dev/null +++ b/components/openssl/include/openssl/ssl.h @@ -0,0 +1,1651 @@ +#ifndef HEADER_SSL_H +#define HEADER_SSL_H + +#include "ssl_types.h" + +/* +{ +*/ + +/* + * SSL_CTX_new - create a SSL context + * + * @param method - the SSL context method point + * + * @return the context point, if create failed return NULL + */ +SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); + +/* + * SSL_CTX_free - free a SSL context + * + * @param method - the SSL context point + * + * @return none + */ +void SSL_CTX_free(SSL_CTX *ctx); + +/* + * SSL_new - create a SSL + * + * @param ctx - the SSL context point + * + * @return the SSL point or NULL if failed + */ +SSL* SSL_new(SSL_CTX *ctx); + +/* + * SSL_free - free the SSL + * + * @param ssl - the SSL point + * + * @return none + */ +void SSL_free(SSL *ssl); + +/* + * SSL_connect - connect to the remote SSL server + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * -1 : failed + */ +int SSL_connect(SSL *ssl); + +/* + * SSL_accept - accept the remote connection + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * -1 : failed + */ +int SSL_accept(SSL *ssl); + +/* + * SSL_read - read data from to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the received data buffer point + * @param len - the received data length + * + * @return + * > 0 : OK, and return received data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_read(SSL *ssl, void *buffer, int len); + +/* + * SSL_write - send the data to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the send data buffer point + * @param len - the send data length + * + * @return + * > 0 : OK, and return sent data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_write(SSL *ssl, const void *buffer, int len); + +/* + * SSL_get_verify_result - get the verifying result of the SSL certification + * + * @param ssl - the SSL point + * + * @return the result of verifying + */ +long SSL_get_verify_result(const SSL *ssl); + +/* + * SSL_shutdown - shutdown the connection + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * 0 : shutdown is not finished + * -1 : an error catch + */ +int SSL_shutdown(SSL *ssl); + +/* + * SSL_set_fd - bind the socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_fd(SSL *ssl, int fd); + +/* + * SSL_CTX_use_PrivateKey - These functions load the private key into the SSL_CTX or SSL object + * + * @param ctx - the SSL context point + * @param pkey - private key object point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); + +/* + * SSL_CTX_use_PrivateKey - These functions load the certification into the SSL_CTX or SSL object + * + * @param ctx - the SSL context point + * @param pkey - certification object point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); + +/* + * SSLv23_client_method - create the target SSL context client method + * + * @param none + * + * @return the SSLV2.3 version SSL context client method + */ +const SSL_METHOD* SSLv23_client_method(void); + +/* + * TLSv1_client_method - create the target SSL context client method + * + * @param none + * + * @return the TLSV1.0 version SSL context client method + */ +const SSL_METHOD* TLSv1_client_method(void); + +/* + * SSLv3_client_method - create the target SSL context client method + * + * @param none + * + * @return the SSLV1.0 version SSL context client method + */ +const SSL_METHOD* SSLv3_client_method(void); + +/* + * TLSv1_1_client_method - create the target SSL context client method + * + * @param none + * + * @return the TLSV1.1 version SSL context client method + */ +const SSL_METHOD* TLSv1_1_client_method(void); + + +/* + * SSLv23_server_method - create the target SSL context server method + * + * @param none + * + * @return the SSLV2.3 version SSL context server method + */ +const SSL_METHOD* SSLv23_server_method(void); + +/* + * TLSv1_1_server_method - create the target SSL context server method + * + * @param none + * + * @return the TLSV1.1 version SSL context server method + */ +const SSL_METHOD* TLSv1_1_server_method(void); + +/* + * TLSv1_server_method - create the target SSL context server method + * + * @param none + * + * @return the TLSV1.0 version SSL context server method + */ +const SSL_METHOD* TLSv1_server_method(void); + +/* + * SSLv3_server_method - create the target SSL context server method + * + * @param none + * + * @return the SSLV3.0 version SSL context server method + */ +const SSL_METHOD* SSLv3_server_method(void); + +/* + * SSL_CTX_set_alpn_select_cb - set the SSL context ALPN select callback function + * + * @param ctx - SSL context point + * @param cb - ALPN select callback function + * @param arg - ALPN select callback function entry private data point + * + * @return none + */ +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), + void *arg); + + +/* + * SSL_CTX_set_alpn_protos - set the SSL context ALPN select protocol + * + * @param ctx - SSL context point + * @param protos - ALPN protocol name + * @param protos_len - ALPN protocol name bytes + * + * @return + * 0 : OK + * 1 : failed + */ +int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); + +/* + * SSL_CTX_set_next_proto_select_cb - set the SSL context next ALPN select callback function + * + * @param ctx - SSL context point + * @param cb - ALPN select callback function + * @param arg - ALPN select callback function entry private data point + * + * @return none + */ +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), + void *arg); + +/* + * SSL_get_error - get SSL error code + * + * @param ssl - SSL point + * @param ret_code - SSL return code + * + * @return SSL error number + */ +int SSL_get_error(const SSL *ssl, int ret_code); + +/* + * ERR_clear_error - clear the SSL error code + * + * @param none + * + * @return none + */ +void ERR_clear_error(void); + +/* + * ERR_get_error - get the current SSL error code + * + * @param none + * + * @return current SSL error number + */ +int ERR_get_error(void); + +/* + * ERR_load_SSL_strings - register the SSL error strings + * + * @param none + * + * @return none + */ +void ERR_load_SSL_strings(void); + +/* + * SSL_library_init - initialize the SSL library + * + * @param none + * + * @return none + */ +void SSL_library_init(void); + +/* + * ERR_error_string - generates a human-readable string representing the error code e + * and store it into the "ret" point memory + * + * @param e - error code + * @param ret - memory point to store the string + * + * @return the result string point + */ +char *ERR_error_string(unsigned long e, char *ret); + +/* + * SSL_CTX_set_options - add the SSL context option + * + * @param ctx - SSL context point + * @param opt - new SSL context option + * + * @return the SSL context option + */ +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt); + +/* + * SSL_CTX_set_options - add the SSL context mode + * + * @param ctx - SSL context point + * @param mod - new SSL context mod + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); + +/* +} +*/ + +/* + * SSL_do_handshake - perform the SSL handshake + * + * @param ssl - SSL point + * + * @return + * 1 : OK + * 0 : failed + * -1 : a error catch + */ +int SSL_do_handshake(SSL *ssl); + +/* + * SSL_get_version - get the SSL current version + * + * @param ssl - SSL point + * + * @return the version string + */ +const char *SSL_get_version(const SSL *ssl); + +/* + * SSL_CTX_set_ssl_version - set the SSL context version + * + * @param ctx - SSL context point + * @param meth - SSL method point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +/* + * SSL_CTX_get_ssl_method - get the SSL context current method + * + * @param ctx - SSL context point + * + * @return the SSL context current method + */ +const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); + +/* + * SSL_CTX_get_ssl_method - get the SSL current method + * + * @param ssl - SSL point + * + * @return the SSL current method + */ +const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + +/* + * SSL_set_ssl_method - set the SSL method + * + * @param ssl - SSL point + * @param meth - SSL method point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); + +/* + * SSL_add_client_CA - add CA client certification into the SSL + * + * @param ssl - SSL point + * @param x - CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_add_client_CA(SSL *ssl, X509 *x); + +/* + * SSL_add_client_CA - add CA client certification into the SSL context + * + * @param ctx - SSL context point + * @param x - CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +/* + * SSL_set_client_CA_list - set the SSL CA certification list + * + * @param ssl - SSL point + * @param name_list - CA certification list + * + * @return none + */ +void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); + +/* + * SSL_CTX_set_client_CA_list - set the SSL context CA certification list + * + * @param ctx - SSL context point + * @param name_list - CA certification list + * + * @return none + */ +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); + +/* + * SSL_get_client_CA_list - get the SSL CA certification list + * + * @param ssl - SSL point + * + * @return CA certification list + */ +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); + +/* + * SSL_CTX_get_client_CA_list - get the SSL context CA certification list + * + * @param ctx - SSL context point + * + * @return CA certification list + */ +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); + +/* + * SSL_get_certificate - get the SSL certification point + * + * @param ssl - SSL point + * + * @return SSL certification point + */ +X509 *SSL_get_certificate(const SSL *ssl); + +/* + * SSL_get_privatekey - get the SSL private key point + * + * @param ssl - SSL point + * + * @return SSL private key point + */ +EVP_PKEY *SSL_get_privatekey(const SSL *ssl); + +/* + * SSL_set_info_callback - set the SSL information callback function + * + * @param ssl - SSL point + * @param cb - information callback function + * + * @return none + */ +void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); + +/* + * SSL_get_state - get the SSL state + * + * @param ssl - SSL point + * + * @return SSL state + */ +OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +/* + * SSL_CTX_set_default_read_buffer_len - set the SSL context read buffer length + * + * @param ctx - SSL context point + * @param len - read buffer length + * + * @return none + */ +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); + +/* + * SSL_set_default_read_buffer_len - set the SSL read buffer length + * + * @param ssl - SSL point + * @param len - read buffer length + * + * @return none + */ +void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); + +/* + * SSL_set_security_level - set the SSL security level + * + * @param ssl - SSL point + * @param level - security level + * + * @return none + */ +void SSL_set_security_level(SSL *ssl, int level); + +/* + * SSL_get_security_level - get the SSL security level + * + * @param ssl - SSL point + * + * @return security level + */ +int SSL_get_security_level(const SSL *ssl); + +/* + * SSL_CTX_get_verify_mode - get the SSL verifying mode of the SSL context + * + * @param ctx - SSL context point + * + * @return verifying mode + */ +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); + +/* + * SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context + * + * @param ctx - SSL context point + * + * @return verifying depth + */ +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); + +/* + * SSL_CTX_set_verify - set the SSL context verifying of the SSL context + * + * @param ctx - SSL context point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); + +/* + * SSL_set_verify - set the SSL verifying of the SSL context + * + * @param ctx - SSL point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); + +/* + * SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context + * + * @param ctx - SSL context point + * @param depth - verifying depth + * + * @return one + */ +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); + +/* + * verify_callback - certification verifying callback function + * + * @param preverify_ok - verifying result + * @param x509_ctx - X509 certification point + * + * @return verifying result + */ +int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * SSL_CTX_set_timeout - set the session timeout time + * + * @param ctx - SSL context point + * @param t - new session timeout time + * + * @return old session timeout time + */ +long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); + +/* + * SSL_CTX_get_timeout - get the session timeout time + * + * @param ctx - SSL context point + * + * @return current session timeout time + */ +long SSL_CTX_get_timeout(const SSL_CTX *ctx); + +/* + * SSL_CTX_set_cipher_list - set the SSL context cipher through the list string + * + * @param ctx - SSL context point + * @param str - cipher controller list string + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); + +/* + * SSL_set_cipher_list - set the SSL cipher through the list string + * + * @param ssl - SSL point + * @param str - cipher controller list string + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_cipher_list(SSL *ssl, const char *str); + +/* + * SSL_get_cipher_list - get the SSL cipher list string + * + * @param ssl - SSL point + * + * @return cipher controller list string + */ +const char *SSL_get_cipher_list(const SSL *ssl, int n); + +/* + * SSL_get_current_cipher - get the SSL cipher + * + * @param ssl - SSL point + * + * @return current cipher + */ +const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); + +/* + * SSL_get_cipher - get the SSL cipher string + * + * @param ssl - SSL point + * + * @return cipher string + */ +const char *SSL_get_cipher(const SSL *ssl); + +/* + * SSL_CTX_get_cert_store - get the SSL context object X509 certification storage + * + * @param ctx - SSL context point + * + * @return x509 certification storage + */ +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); + +/* + * SSL_CTX_set_cert_store - set the SSL context object X509 certification store + * + * @param ctx - SSL context point + * @param store - X509 certification store + * + * @return none + */ +void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); + +/* + * SSL_want - get the SSL specifical statement + * + * @param ssl - SSL point + * + * @return specifical statement + */ +int SSL_want(const SSL *ssl); + +/* + * SSL_want_x509_lookup - check if the SSL is SSL_X509_LOOKUP state + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_want_x509_lookup(const SSL *ssl); + +/* + * SSL_clear - reset the SSL + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_clear(SSL *ssl); + +/* + * SSL_get_fd - get the socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_fd(const SSL *ssl); + +/* + * SSL_get_rfd - get the read only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_rfd(const SSL *ssl); + +/* + * SSL_get_wfd - get the write only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_wfd(const SSL *ssl); + +/* + * SSL_set_read_ahead - set the SSL if we can read as many as data + * + * @param ssl - SSL point + * @param yes - enbale the function + * + * @return none + */ +void SSL_set_read_ahead(SSL *s, int yes); + +/* + * SSL_set_read_ahead - set the SSL context if we can read as many as data + * + * @param ctx - SSL context point + * @param yes - enbale the function + * + * @return none + */ +void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); + +/* + * SSL_set_read_ahead - get the SSL ahead signal if we can read as many as data + * + * @param ssl - SSL point + * + * @return SSL context ahead signal + */ +int SSL_get_read_ahead(const SSL *ssl); + +/* + * SSL_set_read_ahead - get the SSL context ahead signal if we can read as many as data + * + * @param ctx - SSL context point + * + * @return SSL context ahead signal + */ +long SSL_CTX_get_read_ahead(SSL_CTX *ctx); + +/* + * SSL_has_pending - check if some data can be read + * + * @param ssl - SSL point + * + * @return SSL context ahead signal + */ +int SSL_has_pending(const SSL *ssl); + +/* + * SSL_CTX_use_certificate - load the X509 certification into SSL context + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx + +/* + * SSL_CTX_use_certificate_ASN1 - load the ASN1 certification into SSL context + * + * @param ctx - SSL context point + * @param len - certification length + * @param d - data point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); + +/* + * SSL_CTX_use_certificate_file - load the certification file into SSL context + * + * @param ctx - SSL context point + * @param file - certification file name + * @param type - certification encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); + +/* + * SSL_CTX_use_certificate_chain_file - load the certification chain file into SSL context + * + * @param ctx - SSL context point + * @param file - certification chain file name + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); + + +/* + * SSL_CTX_use_certificate_ASN1 - load the ASN1 private key into SSL context + * + * @param ctx - SSL context point + * @param d - data point + * @param len - private key length + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx + +/* + * SSL_CTX_use_certificate_file - load the private key file into SSL context + * + * @param ctx - SSL context point + * @param file - private key file name + * @param type - private key encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);//adds the first private key found in file to ctx, The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. + +/* + * SSL_CTX_use_certificate - load the RSA private key into SSL context + * + * @param ctx - SSL context point + * @param x - RSA private key point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); + +/* + * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context + * + * @param ctx - SSL context point + * @param d - data point + * @param len - RSA private key length + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); + +/* + * SSL_CTX_use_certificate_file - load the RSA private key file into SSL context + * + * @param ctx - SSL context point + * @param file - RSA private key file name + * @param type - private key encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); + + +/* + * SSL_CTX_check_private_key - check if the private key and certification is matched + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_check_private_key(const SSL_CTX *ctx); + +/* + * SSL_CTX_use_serverinfo - set the SSL context server information + * + * @param ctx - SSL context point + * @param serverinfo - server information string + * @param serverinfo_length - server information length + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); + +/* + * SSL_CTX_use_serverinfo - load the SSL context server infomation file into SSL context + * + * @param ctx - SSL context point + * @param file - server information file + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +/* + * SSL_select_next_proto - SSL select next function + * + * @param out - point of output data point + * @param outlen - output data length + * @param in - input data + * @param inlen - input data length + * @param client - client data point + * @param client_len -client data length + * + * @return + * OPENSSL_NPN_UNSUPPORTED : not support + * OPENSSL_NPN_NEGOTIATED : negotiated + * OPENSSL_NPN_NO_OVERLAP : no overlap + */ +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, unsigned int client_len); + +/* + * SSL_CTX_add_extra_chain_cert - load the extra certification chain into the SSL context + * + * @param ctx - SSL context point + * @param x509 - X509 certification + * + * @return + * 1 : OK + * 0 : failed + */ +long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *); + +/* + * SSL_CTX_ctrl - control the SSL context + * + * @param ctx - SSL context point + * @param cmd - command + * @param larg - parameter length + * @param parg - parameter point + * + * @return + * 1 : OK + * 0 : failed + */ +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); + +/* + * SSL_CTX_get_ciphers - get the SSL context cipher + * + * @param ctx - SSL context point + * + * @return SSL context cipher + */ +STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx); + +/* + * SSL_CTX_get_ciphers - check if the SSL context can read as many as data + * + * @param ctx - SSL context point + * + * @return + * 1 : Yes + * 0 : No + */ +long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); + +/* + * SSL_CTX_get_ex_data - get the SSL context extra data + * + * @param ctx - SSL context point + * @param idx - index + * + * @return data point + */ +char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); + +/* + * SSL_CTX_get_quiet_shutdown - get the SSL context quiet shutdown option + * + * @param ctx - SSL context point + * + * @return quiet shutdown option + */ +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); + +/* + * SSL_CTX_get_quiet_shutdown - load the SSL context CA file + * + * @param ctx - SSL context point + * @param CAfile - CA certification file + * @param CApath - CA certification file path + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); + +/* + * SSL_CTX_up_ref - add SSL context reference count by '1' + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_up_ref(SSL_CTX *ctx); + +/* + * SSL_CTX_set_app_data - set SSL context application private data + * + * @param ctx - SSL context point + * @param arg - private data + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); + +/* + * SSL_CTX_set_client_cert_cb - set SSL context client certification callback function + * + * @param ctx - SSL context point + * @param cb - callback function + * + * @return none + */ +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); + +/* + * SSL_CTX_set_default_read_ahead - set the SSL context if we can read as many as data + * + * @param ctx - SSL context point + * @param m - enable the fuction + * + * @return none + */ +void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); + +/* + * SSL_CTX_set_default_verify_paths - set SSL context default verifying path + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); + +/* + * SSL_CTX_set_default_verify_paths - set SSL context default verifying directory + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); + +/* + * SSL_CTX_set_default_verify_paths - set SSL context default verifying file + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); + +/* + * SSL_CTX_set_ex_data - set SSL context extra data + * + * @param ctx - SSL context point + * @param idx - data index + * @param arg - data point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); + +/* + * SSL_CTX_clear_options - clear the SSL context option bit of "op" + * + * @param ctx - SSL context point + * @param op - option + * + * @return SSL context option + */ +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); + +/* + * SSL_CTX_clear_options - get the SSL context option + * + * @param ctx - SSL context point + * @param op - option + * + * @return SSL context option + */ +unsigned long SSL_CTX_get_options(SSL_CTX *ctx); + +/* + * SSL_CTX_set_quiet_shutdown - set the SSL context quiet shutdown mode + * + * @param ctx - SSL context point + * @param mode - mode + * + * @return none + */ +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); + +/* + * SSL_CTX_get0_certificate - get the SSL context X509 certification + * + * @param ctx - SSL context point + * + * @return X509 certification + */ +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); + +/* + * SSL_CTX_get0_certificate - get the SSL context private key + * + * @param ctx - SSL context point + * + * @return private key + */ +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +/* + * SSL_CTX_use_psk_identity_hint - set SSL context PSK identity hint + * + * @param ctx - SSL context point + * @param hint - PSK identity hint + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + +/* + * SSL_CTX_set_psk_server_callback - set SSL context PSK server callback function + * + * @param ctx - SSL context point + * @param callback - callback function + * + */ +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*callback)(SSL *ssl, + const char *identity, + unsigned char *psk, + int max_psk_len)); +/* + * SSL_alert_desc_string - get alert description string + * + * @param value - alert value + * + * @return alert description string + */ +const char *SSL_alert_desc_string(int value); + +/* + * SSL_alert_desc_string - get alert description long string + * + * @param value - alert value + * + * @return alert description long string + */ +const char *SSL_alert_desc_string_long(int value); + +/* + * SSL_alert_type_string - get alert type string + * + * @param value - alert value + * + * @return alert type string + */ +const char *SSL_alert_type_string(int value); + +/* + * SSL_alert_type_string_long - get alert type long string + * + * @param value - alert value + * + * @return alert type long string + */ +const char *SSL_alert_type_string_long(int value); + +/* + * SSL_get_SSL_CTX - get SSL context of the SSL + * + * @param ssl - SSL point + * + * @return SSL context + */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); + +/* + * SSL_get_app_data - get SSL application data + * + * @param ssl - SSL point + * + * @return application data + */ +char *SSL_get_app_data(SSL *ssl); + +/* + * SSL_get_cipher_bits - get SSL cipher bits + * + * @param ssl - SSL point + * @param alg_bits - algorithm bits + * + * @return strength bits + */ +int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); + +/* + * SSL_get_cipher_name - get SSL cipher name + * + * @param ssl - SSL point + * + * @return SSL cipher name + */ +char *SSL_get_cipher_name(const SSL *ssl); + +/* + * SSL_get_cipher_version - get SSL cipher version + * + * @param ssl - SSL point + * + * @return SSL cipher version + */ +char *SSL_get_cipher_version(const SSL *ssl); + +/* + * SSL_get_ex_data - get SSL extra data + * + * @param ssl - SSL point + * @param idx - data index + * + * @return extra data + */ +char *SSL_get_ex_data(const SSL *ssl, int idx); + +/* + * SSL_get_ex_data_X509_STORE_CTX_idx - get index of the SSL extra data X509 storage context + * + * @param none + * + * @return data index + */ +int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +/* + * SSL_get_peer_cert_chain - get peer certification chain + * + * @param ssl - SSL point + * + * @return certification chain + */ +STACK *SSL_get_peer_cert_chain(const SSL *ssl); + +/* + * SSL_get_peer_certificate - get peer certification + * + * @param ssl - SSL point + * + * @return certification + */ +X509 *SSL_get_peer_certificate(const SSL *ssl); + +/* + * SSL_get_quiet_shutdown - get SSL quiet shutdown mode + * + * @param ssl - SSL point + * + * @return quiet shutdown mode + */ +int SSL_get_quiet_shutdown(const SSL *ssl); + +/* + * SSL_get_rbio - get SSL read only IO handle + * + * @param ssl - SSL point + * + * @return IO handle + */ +BIO *SSL_get_rbio(const SSL *ssl); + +/* + * SSL_get_shared_ciphers - get SSL shared ciphers + * + * @param ssl - SSL point + * @param buf - buffer to store the ciphers + * @param len - buffer len + * + * @return shared ciphers or NULL if failed + */ +char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); + +/* + * SSL_get_shutdown - get SSL shutdown mode + * + * @param ssl - SSL point + * + * @return shutdown mode + */ +int SSL_get_shutdown(const SSL *ssl); + +/* + * SSL_get_time - get SSL session time + * + * @param ssl - SSL point + * + * @return session time + */ +long SSL_get_time(const SSL *ssl); + +/* + * SSL_get_timeout - get SSL session timeout time + * + * @param ssl - SSL point + * + * @return session timeout time + */ +long SSL_get_timeout(const SSL *ssl); + +/* + * SSL_get_verify_mode - get SSL verifying mode + * + * @param ssl - SSL point + * + * @return verifying mode + */ +int SSL_get_verify_mode(const SSL *ssl); + +/* + * SSL_get_wbio - get SSL write only IO handle + * + * @param ssl - SSL point + * + * @return IO handle + */ +BIO *SSL_get_wbio(const SSL *ssl); + +/* + * SSL_load_client_CA_file - load SSL client CA certification file + * + * @param file - file name + * + * @return certification loading object + */ +STACK *SSL_load_client_CA_file(const char *file); + +/* + * SSL_up_ref - add SSL reference by '1' + * + * @param ssl - SSL point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_up_ref(SSL *ssl); + +/* + * SSL_peek - read and put data into buf, but not clear the SSL low-level storage + * + * @param ssl - SSL point + * @param buf - storage buffer point + * @param num - data bytes + * + * @return + * > 0 : OK, and return read bytes + * = 0 : connect is closed + * < 0 : a error catch + */ +int SSL_peek(SSL *ssl, void *buf, int num); + +/* + * SSL_renegotiate - make SSL renegotiate + * + * @param ssl - SSL point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_renegotiate(SSL *ssl); + +/* + * SSL_rstate_string - get the state string where SSL is reading + * + * @param ssl - SSL point + * + * @return state string + */ +const char *SSL_rstate_string(SSL *ssl); + +/* + * SSL_rstate_string_long - get the statement long string where SSL is reading + * + * @param ssl - SSL point + * + * @return statement long string + */ +const char *SSL_rstate_string_long(SSL *ssl); + +/* + * SSL_set_accept_state - set SSL accept statement + * + * @param ssl - SSL point + * + * @return none + */ +void SSL_set_accept_state(SSL *ssl); + +/* + * SSL_set_app_data - set SSL application data + * + * @param ssl - SSL point + * @param arg - SSL application data point + * + * @return none + */ +void SSL_set_app_data(SSL *ssl, char *arg); + +/* + * SSL_set_bio - set SSL BIO + * + * @param ssl - SSL point + * @param rbio - read only IO + * @param wbio - write only IO + * + * @return none + */ +void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); + +/* + * SSL_clear_options - clear SSL option + * + * @param ssl - SSL point + * @param op - clear option + * + * @return SSL option + */ +unsigned long SSL_clear_options(SSL *ssl, unsigned long op); + +/* + * SSL_clear_options - get SSL option + * + * @param ssl - SSL point + * + * @return SSL option + */ +unsigned long SSL_get_options(SSL *ssl); + +/* + * SSL_clear_options - clear SSL option + * + * @param ssl - SSL point + * @param op - setting option + * + * @return SSL option + */ +unsigned long SSL_set_options(SSL *ssl, unsigned long op); + +/* + * SSL_set_quiet_shutdown - set SSL quiet shutdown mode + * + * @param ssl - SSL point + * @param mode - quiet shutdown mode + * + * @return none + */ +void SSL_set_quiet_shutdown(SSL *ssl, int mode); + +/* + * SSL_set_quiet_shutdown - set SSL shutdown mode + * + * @param ssl - SSL point + * @param mode - shutdown mode + * + * @return none + */ +void SSL_set_shutdown(SSL *ssl, int mode); + +/* + * SSL_set_time - set SSL session time + * + * @param ssl - SSL point + * @param t - session time + * + * @return session time + */ +void SSL_set_time(SSL *ssl, long t); + +/* + * SSL_set_time - set SSL session timeout time + * + * @param ssl - SSL point + * @param t - session timeout time + * + * @return session timeout time + */ +void SSL_set_timeout(SSL *ssl, long t); + +/* + * SSL_state_string - get SSL statement string + * + * @param ssl - SSL point + * + * @return SSL statement string + */ +char *SSL_state_string(const SSL *ssl); + +/* + * SSL_state_string_long - get SSL statement long string + * + * @param ssl - SSL point + * + * @return SSL statement long string + */ +char *SSL_state_string_long(const SSL *ssl); + +/* + * SSL_total_renegotiations - get SSL renegotiation count + * + * @param ssl - SSL point + * + * @return renegotiation count + */ +long SSL_total_renegotiations(SSL *ssl); + +/* + * SSL_version - get SSL version + * + * @param ssl - SSL point + * + * @return SSL version + */ +int SSL_version(const SSL *ssl); + +/* + * SSL_use_psk_identity_hint - set SSL PSK identity hint + * + * @param ssl - SSL point + * @param hint - identity hint + * + * @return + * 1 : oK + * 0 : failed + */ +int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); + +/* + * SSL_get_psk_identity_hint - get SSL PSK identity hint + * + * @param ssl - SSL point + * + * @return identity hint + */ +const char *SSL_get_psk_identity_hint(SSL *ssl); + +/* + * SSL_get_psk_identity - get SSL PSK identity + * + * @param ssl - SSL point + * + * @return identity + */ +const char *SSL_get_psk_identity(SSL *ssl); + +#endif From 44c466c0ea077a28fa138edfdaed400c2b3bd416 Mon Sep 17 00:00:00 2001 From: dongheng Date: Tue, 20 Sep 2016 16:58:46 +0800 Subject: [PATCH 02/52] components/openssl: add base function version --- components/openssl/Makefile | 50 + components/openssl/include/internal/ssl3.h | 22 + .../openssl/include/internal/ssl_cert.h | 11 + .../openssl/include/internal/ssl_code.h | 95 + components/openssl/include/internal/ssl_dbg.h | 33 + components/openssl/include/internal/ssl_lib.h | 11 + .../openssl/include/internal/ssl_methods.h | 46 + .../openssl/include/internal/ssl_pkey.h | 11 + components/openssl/include/internal/ssl_rsa.h | 14 + .../openssl/include/internal/ssl_types.h | 190 ++ .../openssl/include/internal/ssl_x509.h | 12 + components/openssl/include/internal/tls1.h | 33 + components/openssl/include/openssl/ssl.h | 31 +- components/openssl/include/platform/ssl_pm.h | 41 + components/openssl/library/Makefile | 46 + components/openssl/library/ssl_cert.c | 28 + components/openssl/library/ssl_lib.c | 1622 +++++++++++++++++ components/openssl/library/ssl_methods.c | 43 + components/openssl/library/ssl_pkey.c | 50 + components/openssl/library/ssl_rsa.c | 70 + components/openssl/library/ssl_x509.c | 54 + components/openssl/platform/Makefile | 46 + components/openssl/platform/ssl_pm.c | 422 +++++ 23 files changed, 2976 insertions(+), 5 deletions(-) create mode 100644 components/openssl/Makefile create mode 100644 components/openssl/include/internal/ssl3.h create mode 100644 components/openssl/include/internal/ssl_cert.h create mode 100644 components/openssl/include/internal/ssl_code.h create mode 100644 components/openssl/include/internal/ssl_dbg.h create mode 100644 components/openssl/include/internal/ssl_lib.h create mode 100644 components/openssl/include/internal/ssl_methods.h create mode 100644 components/openssl/include/internal/ssl_pkey.h create mode 100644 components/openssl/include/internal/ssl_rsa.h create mode 100644 components/openssl/include/internal/ssl_types.h create mode 100644 components/openssl/include/internal/ssl_x509.h create mode 100644 components/openssl/include/internal/tls1.h create mode 100644 components/openssl/include/platform/ssl_pm.h create mode 100644 components/openssl/library/Makefile create mode 100644 components/openssl/library/ssl_cert.c create mode 100644 components/openssl/library/ssl_lib.c create mode 100644 components/openssl/library/ssl_methods.c create mode 100644 components/openssl/library/ssl_pkey.c create mode 100644 components/openssl/library/ssl_rsa.c create mode 100644 components/openssl/library/ssl_x509.c create mode 100644 components/openssl/platform/Makefile create mode 100644 components/openssl/platform/ssl_pm.c diff --git a/components/openssl/Makefile b/components/openssl/Makefile new file mode 100644 index 0000000000..bdd8a0e932 --- /dev/null +++ b/components/openssl/Makefile @@ -0,0 +1,50 @@ + +############################################################# +# Required variables for each makefile +# Discard this section from all parent makefiles +# Expected variables (with automatic defaults): +# CSRCS (all "C" files in the dir) +# SUBDIRS (all subdirs with a Makefile) +# GEN_LIBS - list of libs to be generated () +# GEN_IMAGES - list of images to be generated () +# COMPONENTS_xxx - a list of libs/objs in the form +# subdir/lib to be extracted and rolled up into +# a generated lib/image xxx.a () +# +ifndef PDIR + +UP_EXTRACT_DIR = .. +GEN_LIBS = libopenssl.a +COMPONENTS_libopenssl = library/liblibrary.a platform/libplatform.a + +endif + + +############################################################# +# Configuration i.e. compile options etc. +# Target specific stuff (defines etc.) goes in here! +# Generally values applying to a tree are captured in the +# makefile at its root level - these are then overridden +# for a subtree within the makefile rooted therein +# +#DEFINES += + +############################################################# +# Recursion Magic - Don't touch this!! +# +# Each subtree potentially has an include directory +# corresponding to the common APIs applicable to modules +# rooted at that subtree. Accordingly, the INCLUDE PATH +# of a module can only contain the include directories up +# its parent path, and not its siblings +# +# Required for each makefile to inherit from the parent +# + +INCLUDES := $(INCLUDES) -I $(PDIR)include -I $(PDIR)include/platform -I $(PDIR)include/internal +INCLUDES += -I ./inlcude +INCLUDES += -I $(SDK_PATH)/include/openssl/internal +INCLUDES += -I ./ +PDIR := ../$(PDIR) +sinclude $(PDIR)Makefile + diff --git a/components/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h new file mode 100644 index 0000000000..d7c254563b --- /dev/null +++ b/components/openssl/include/internal/ssl3.h @@ -0,0 +1,22 @@ +#ifndef _SSL3_H_ +#define _SSL3_H_ + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +#define SSL3_VERSION 0x0300 + +#endif diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h new file mode 100644 index 0000000000..e0b3ea75dc --- /dev/null +++ b/components/openssl/include/internal/ssl_cert.h @@ -0,0 +1,11 @@ +#ifndef _SSL_CERT_H_ +#define _SSL_CERT_H_ + +#include "ssl_pkey.h" +#include "ssl_x509.h" + +CERT *ssl_cert_new(void); + +void ssl_cert_free(CERT *c); + +#endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h new file mode 100644 index 0000000000..d45abff680 --- /dev/null +++ b/components/openssl/include/internal/ssl_code.h @@ -0,0 +1,95 @@ +#ifndef _SSL_CODE_H_ +#define _SSL_CODE_H_ + +#include "ssl3.h" +#include "tls1.h" + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 + + +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 + +/* Message flow states */ +typedef enum { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are about to renegotiate */ + MSG_FLOW_RENEGOTIATE, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +} MSG_FLOW_STATE; + +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED +} OSSL_HANDSHAKE_STATE; + +#endif diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h new file mode 100644 index 0000000000..436d33132f --- /dev/null +++ b/components/openssl/include/internal/ssl_dbg.h @@ -0,0 +1,33 @@ +#ifndef _SSL_DEBUG_H_ +#define _SSL_DEBUG_H_ + +#define SSL_DEBUG_ENBALE 0 +#define SSL_DEBUG_LEVEL 0 +#define SSL_ASSERT_ENABLE 1 +#define SSL_DEBUG_LOCATION_ENABLE 1 + +#if SSL_DEBUG_ENBALE + #define SSL_PRINT os_printf +#else + #define SSL_PRINT(...) +#endif + +#if SSL_DEBUG_LOCATION_ENABLE + #define SSL_DEBUG_LOCATION() SSL_PRINT("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__) +#else + #define SSL_DEBUG_LOCATION() +#endif + +#if SSL_ASSERT_ENABLE + #define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } } +#else + #define SSL_ASSERT(s) +#endif + +#define SSL_ERR(err, go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); ret = err; goto go; } + +#define SSL_RET(go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); goto go; } + +#define SSL_DEBUG(level, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(__VA_ARGS__);} } + +#endif diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h new file mode 100644 index 0000000000..d95d219556 --- /dev/null +++ b/components/openssl/include/internal/ssl_lib.h @@ -0,0 +1,11 @@ +#ifndef _SSL_LIB_H_ +#define _SSL_LIB_H_ + +#include "ssl_types.h" + +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_WRITING) + +#endif diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h new file mode 100644 index 0000000000..e2806f177a --- /dev/null +++ b/components/openssl/include/internal/ssl_methods.h @@ -0,0 +1,46 @@ +#ifndef _SSL_METHODS_H_ +#define _SSL_METHODS_H_ + +#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \ + new, free, \ + handshake, shutdown, clear, \ + read, send, pending, \ + set_fd, get_fd, \ + set_bufflen, \ + get_state) \ + static const SSL_METHOD_FUNC func_name = { \ + new, \ + free, \ + handshake, \ + shutdown, \ + clear, \ + read, \ + send, \ + pending, \ + set_fd, \ + get_fd, \ + set_bufflen, \ + get_state \ + }; + +#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ + const SSL_METHOD* func_name(void) { \ + static const SSL_METHOD func_name##_data = { \ + ver, \ + mode, \ + &(fun), \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ + const SSL_METHOD* func_name(void) { \ + static const SSL_METHOD func_name##_data = { \ + ver, \ + mode, \ + &(fun), \ + }; \ + return &func_name##_data; \ + } + +#endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h new file mode 100644 index 0000000000..cc870e18ed --- /dev/null +++ b/components/openssl/include/internal/ssl_pkey.h @@ -0,0 +1,11 @@ +#ifndef _SSL_PKEY_H_ +#define _SSL_PKEY_H_ + +#include "ssl_types.h" + +EVP_PKEY *d2i_PrivateKey(int type, + EVP_PKEY **a, + const unsigned char **pp, + long length); + +#endif diff --git a/components/openssl/include/internal/ssl_rsa.h b/components/openssl/include/internal/ssl_rsa.h new file mode 100644 index 0000000000..7530bde734 --- /dev/null +++ b/components/openssl/include/internal/ssl_rsa.h @@ -0,0 +1,14 @@ +#ifndef _SSL_RSA_H_ +#define _SSL_RSA_H_ + +#include "ssl_lib.h" + +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); + +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, + const unsigned char *d, long len); + +#endif diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h new file mode 100644 index 0000000000..19eb6cb165 --- /dev/null +++ b/components/openssl/include/internal/ssl_types.h @@ -0,0 +1,190 @@ +#ifndef _SSL_TYPES_H_ +#define _SSL_TYPES_H_ + +#include "ssl_code.h" +#include + +typedef void SSL_CIPHER; + +typedef void X509_STORE_CTX; +typedef void X509_NAME; +typedef void X509_STORE; + +typedef void RSA; + +typedef void STACK; +typedef void BIO; + +#define STACK_OF(x) x + +struct ssl_method_st; +typedef struct ssl_method_st SSL_METHOD; + +struct ssl_method_func_st; +typedef struct ssl_method_func_st SSL_METHOD_FUNC; + +struct record_layer_st; +typedef struct record_layer_st RECORD_LAYER; + +struct ossl_statem_st; +typedef struct ossl_statem_st OSSL_STATEM; + +struct ssl_session_st; +typedef struct ssl_session_st SSL_SESSION; + +struct ssl_ctx_st; +typedef struct ssl_ctx_st SSL_CTX; + +struct ssl_st; +typedef struct ssl_st SSL; + +struct cert_st; +typedef struct cert_st CERT; + +struct x509_st; +typedef struct x509_st X509; + +struct evp_pkey_st; +typedef struct evp_pkey_st EVP_PKEY; + +struct evp_pkey_st { + + void *pkey_pm; +}; + +struct x509_st { + + /* X509 certification platform private point */ + void *x509_pm; +}; + +struct cert_st { + + int sec_level; + + X509 *x509; + + EVP_PKEY *pkey; + +}; + +struct ossl_statem_st { + MSG_FLOW_STATE state; + + int hand_state; +}; + +struct record_layer_st { + + int rstate; + + int read_ahead; +}; + +struct ssl_session_st { + + long timeout; + + long time; +}; + +struct ssl_ctx_st +{ + int version; + + int references; + + unsigned long options; + + #if 0 + struct alpn_protocols alpn_protocol; + #endif + + const SSL_METHOD *method; + + CERT *cert; + + X509 *client_CA; + + int verify_mode; + + long session_timeout; + + int read_ahead; +}; + +struct ssl_st +{ + /* protocol version(one of SSL3.0, TLS1.0, etc.) */ + int version; + + unsigned long options; + + /* shut things down(0x01 : sent, 0x02 : received) */ + int shutdown; + + CERT *cert; + + SSL_CTX *ctx; + + const SSL_METHOD *method; + + RECORD_LAYER rlayer; + + /* where we are */ + OSSL_STATEM statem; + + SSL_SESSION session; + + int rwstate; + + int err; + + void (*info_callback) (const SSL *ssl, int type, int val); + + /* SSL low-level system arch point */ + void *ssl_pm; +}; + +struct ssl_method_st { + /* protocol version(one of SSL3.0, TLS1.0, etc.) */ + int version; + + /* SSL mode(client(0) , server(1), not known(-1)) */ + int endpoint; + + const SSL_METHOD_FUNC *func; +}; + +struct ssl_method_func_st { + + int (*ssl_new)(SSL *ssl); + + void (*ssl_free)(SSL *ssl); + + int (*ssl_handshake)(SSL *ssl); + + int (*ssl_shutdown)(SSL *ssl); + + int (*ssl_clear)(SSL *ssl); + + int (*ssl_read)(SSL *ssl, void *buffer, int len); + + int (*ssl_send)(SSL *ssl, const void *buffer, int len); + + int (*ssl_pending)(const SSL *ssl); + + void (*ssl_set_fd)(SSL *ssl, int fd, int mode); + + int (*ssl_get_fd)(const SSL *ssl, int mode); + + void (*ssl_set_bufflen)(SSL *ssl, int len); + + OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); +}; + +typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg); + +#endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h new file mode 100644 index 0000000000..28a7baf513 --- /dev/null +++ b/components/openssl/include/internal/ssl_x509.h @@ -0,0 +1,12 @@ +#ifndef _SSL_X509_H_ +#define _SSL_X509_H_ + +#include "ssl_types.h" + +X509* sk_X509_NAME_new_null(void); + +X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); + +void X509_free(X509 *cert); + +#endif diff --git a/components/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h new file mode 100644 index 0000000000..70de22bb5b --- /dev/null +++ b/components/openssl/include/internal/tls1.h @@ -0,0 +1,33 @@ +#ifndef _TLS1_H_ +#define _TLS1_H_ + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* Special value for method supporting multiple versions */ +#define TLS_ANY_VERSION 0x10000 + +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 + +#endif diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index b7b784fe71..89cb5bb9f7 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -1,7 +1,7 @@ #ifndef HEADER_SSL_H #define HEADER_SSL_H -#include "ssl_types.h" +#include "internal/ssl_types.h" /* { @@ -186,6 +186,15 @@ const SSL_METHOD* SSLv3_client_method(void); */ const SSL_METHOD* TLSv1_1_client_method(void); +/* + * TLSv1_1_client_method - create the target SSL context client method + * + * @param none + * + * @return the TLSV1.2 version SSL context client method + */ +const SSL_METHOD* TLSv1_2_client_method(void); + /* * SSLv23_server_method - create the target SSL context server method @@ -205,6 +214,15 @@ const SSL_METHOD* SSLv23_server_method(void); */ const SSL_METHOD* TLSv1_1_server_method(void); +/* + * TLSv1_1_server_method - create the target SSL context server method + * + * @param none + * + * @return the TLSV1.2 version SSL context server method + */ +const SSL_METHOD* TLSv1_2_server_method(void); + /* * TLSv1_server_method - create the target SSL context server method * @@ -774,7 +792,7 @@ int SSL_get_wfd(const SSL *ssl); * SSL_set_read_ahead - set the SSL if we can read as many as data * * @param ssl - SSL point - * @param yes - enbale the function + * @param yes - enable the function * * @return none */ @@ -813,7 +831,9 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx); * * @param ssl - SSL point * - * @return SSL context ahead signal + * @return + * 1 : there are bytes to be read + * 0 : no data */ int SSL_has_pending(const SSL *ssl); @@ -840,7 +860,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x int * 1 : OK * 0 : failed */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); /* * SSL_CTX_use_certificate_file - load the certification file into SSL context @@ -879,7 +899,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); * 1 : OK * 0 : failed */ -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx /* * SSL_CTX_use_certificate_file - load the private key file into SSL context @@ -1648,4 +1668,5 @@ const char *SSL_get_psk_identity_hint(SSL *ssl); */ const char *SSL_get_psk_identity(SSL *ssl); + #endif diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h new file mode 100644 index 0000000000..c75ae95af5 --- /dev/null +++ b/components/openssl/include/platform/ssl_pm.h @@ -0,0 +1,41 @@ +#ifndef _SSL_PM_H_ +#define _SSL_PM_H_ + +#include "ssl_types.h" +#include "esp_common.h" + +void* ssl_zalloc(size_t size); +void *ssl_malloc(size_t size); +void ssl_free(void *p); +void* ssl_memcpy(void *to, const void *from, size_t size); + +int ssl_pm_new(SSL *ssl); +void ssl_pm_free(SSL *ssl); + +int ssl_pm_handshake(SSL *ssl); +int ssl_pm_shutdown(SSL *ssl); +int ssl_pm_clear(SSL *ssl); + +int ssl_pm_read(SSL *ssl, void *buffer, int len); +int ssl_pm_send(SSL *ssl, const void *buffer, int len); +int ssl_pm_pending(const SSL *ssl); + +void ssl_pm_set_fd(SSL *ssl, int fd, int mode); +int ssl_pm_get_fd(const SSL *ssl, int mode); + +OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); + +void ssl_pm_set_bufflen(SSL *ssl, int len); + +void* x509_pm_new(void); +void x509_pm_free(void *pm); +int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len); +void x509_pm_unload_crt(void *pm); +void x509_pm_start_ca(void *ssl, void *pm); + +void* pkey_pm_new(void); +void pkey_pm_free(void *pm); +int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len); +void pkey_pm_unload_crt(void *pm); + +#endif diff --git a/components/openssl/library/Makefile b/components/openssl/library/Makefile new file mode 100644 index 0000000000..10f4067c64 --- /dev/null +++ b/components/openssl/library/Makefile @@ -0,0 +1,46 @@ + +############################################################# +# Required variables for each makefile +# Discard this section from all parent makefiles +# Expected variables (with automatic defaults): +# CSRCS (all "C" files in the dir) +# SUBDIRS (all subdirs with a Makefile) +# GEN_LIBS - list of libs to be generated () +# GEN_IMAGES - list of images to be generated () +# COMPONENTS_xxx - a list of libs/objs in the form +# subdir/lib to be extracted and rolled up into +# a generated lib/image xxx.a () +# +ifndef PDIR + +GEN_LIBS = liblibrary.a + +endif + + +############################################################# +# Configuration i.e. compile options etc. +# Target specific stuff (defines etc.) goes in here! +# Generally values applying to a tree are captured in the +# makefile at its root level - these are then overridden +# for a subtree within the makefile rooted therein +# +#DEFINES += + +############################################################# +# Recursion Magic - Don't touch this!! +# +# Each subtree potentially has an include directory +# corresponding to the common APIs applicable to modules +# rooted at that subtree. Accordingly, the INCLUDE PATH +# of a module can only contain the include directories up +# its parent path, and not its siblings +# +# Required for each makefile to inherit from the parent +# + +INCLUDES := $(INCLUDES) -I $(PDIR)include +INCLUDES += -I ./ +PDIR := ../$(PDIR) +sinclude $(PDIR)Makefile + diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c new file mode 100644 index 0000000000..10f723bfcb --- /dev/null +++ b/components/openssl/library/ssl_cert.c @@ -0,0 +1,28 @@ +#include "ssl_cert.h" +#include "ssl_pm.h" + +CERT *ssl_cert_new(void) +{ + return ssl_zalloc(sizeof(CERT)); +} + +void ssl_cert_free(CERT *c) +{ + if (c->x509) + X509_free(c->x509); + + if (c->pkey) + EVP_PKEY_free(c->pkey); + + ssl_free(c); +} + +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->client_CA = x; + + return 1; +} diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c new file mode 100644 index 0000000000..ad78f3961a --- /dev/null +++ b/components/openssl/library/ssl_lib.c @@ -0,0 +1,1622 @@ +#include "ssl_lib.h" +#include "ssl_pkey.h" +#include "ssl_cert.h" +#include "ssl_dbg.h" +#include "ssl_pm.h" + +#define SSL_SEND_DATA_MAX_LENGTH 1460 + +static int ossl_statem_in_error(const SSL *ssl) +{ + if (ssl->statem.state == MSG_FLOW_ERROR) + return 1; + + return 0; +} + +/* + * SSL_get_error - get SSL error code + * + * @param ssl - SSL point + * @param ret_code - SSL return code + * + * @return SSL error number + */ +int SSL_get_error(const SSL *ssl, int ret_code) +{ + int ret = SSL_ERROR_SYSCALL; + + SSL_ASSERT(ssl); + + if (ret_code > 0) + ret = SSL_ERROR_NONE; + else if (ret_code < 0) + { + if (SSL_want_read(ssl)) + ret = SSL_ERROR_WANT_READ; + else if (SSL_want_write(ssl)) + ret = SSL_ERROR_WANT_WRITE; + else + ret = SSL_ERROR_SYSCALL; //unknown + } + else // ret_code == 0 + { + if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) + ret = SSL_ERROR_ZERO_RETURN; + else + ret = SSL_ERROR_SYSCALL; + } + + return ret; +} + +/* + * SSL_get_state - get the SSL state + * + * @param ssl - SSL point + * + * @return SSL state + */ +OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) +{ + OSSL_HANDSHAKE_STATE state; + + SSL_ASSERT(ssl); + + state = ssl->method->func->ssl_get_state(ssl); + + return state; +} + +/* + * SSL_CTX_new - create a SSL context + * + * @param method - the SSL context configuration file + * + * @return the context point, if create failed return NULL + */ +SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) +{ + int ret; + SSL_CTX *ctx; + CERT *cert; + X509 *client_ca; + + if (!method) SSL_RET(go_failed1, "method\n"); + + client_ca = sk_X509_NAME_new_null(); + if (!client_ca) + SSL_ERR(-2, go_failed1, "ssl_ctx_new:ctx:[%d]\n", ret); + + cert = ssl_cert_new(); + if (!cert) + SSL_ERR(-2, go_failed2, "ssl_ctx_new:ctx:[%d]\n", ret); + + ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); + if (!ctx) + SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx:[%d]\n", ret); + + ctx->method = method; + ctx->cert = cert; + ctx->client_CA = client_ca; + + ctx->version = method->version; + + return ctx; + +go_failed3: + ssl_cert_free(cert); +go_failed2: + X509_free(client_ca); +go_failed1: + return NULL; +} + +/* + * SSL_CTX_free - free a SSL context + * + * @param method - the SSL context point + * + * @return none + */ +void SSL_CTX_free(SSL_CTX* ctx) +{ + SSL_ASSERT(ctx); + + ssl_cert_free(ctx->cert); + + X509_free(ctx->client_CA); + + ssl_free(ctx); +} + +/* + * SSL_CTX_set_ssl_version - set the SSL context version + * + * @param ctx - SSL context point + * @param meth - SSL method point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(meth); + + ctx->method = meth; + + return 1; +} + +/* + * SSL_CTX_get_ssl_method - get the SSL context current method + * + * @param ctx - SSL context point + * + * @return the SSL context current method + */ +const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->method; +} + +/* + * SSL_new - create a SSL + * + * @param ctx - the SSL context point + * + * @return the SSL point or NULL if failed + */ +SSL *SSL_new(SSL_CTX *ctx) +{ + int ret; + void *ssl_pm; + SSL *ssl; + + if (!ctx) + SSL_RET(failed1, "ctx:NULL\n"); + + ssl = (SSL *)ssl_zalloc(sizeof(SSL)); + if (!ssl) + SSL_RET(failed1, "ssl_zalloc\n"); + + ssl->ctx = ctx; + ssl->method = ctx->method; + + ssl->version = ctx->version; + ssl->options = ctx->options; + + ret = ssl->method->func->ssl_new(ssl); + if (ret) + SSL_RET(failed2, "ssl_new\n"); + + return ssl; + +failed2: + ssl_free(ssl); +failed1: + return NULL; +} + +/* + * SSL_free - free the SSL + * + * @param ssl - the SSL point + * + * @return none + */ +void SSL_free(SSL *ssl) +{ + SSL_ASSERT(ssl); + + ssl->method->func->ssl_free(ssl); + + ssl_free(ssl); +} + +/* + * SSL_do_handshake - perform the SSL handshake + * + * @param ssl - SSL point + * + * @return + * 1 : OK + * 0 : failed + * -1 : a error catch + */ +int SSL_do_handshake(SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = ssl->method->func->ssl_handshake(ssl); + + return ret; +} + +/* + * SSL_connect - connect to the remote SSL server + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * -1 : failed + */ +int SSL_connect(SSL *ssl) +{ + SSL_ASSERT(ssl); + + return SSL_do_handshake(ssl); +} + +/* + * SSL_accept - accept the remote connection + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * -1 : failed + */ +int SSL_accept(SSL *ssl) +{ + SSL_ASSERT(ssl); + + return SSL_do_handshake(ssl); +} + +/* + * SSL_shutdown - shutdown the connection + * + * @param ssl - the SSL point + * + * @return + * 1 : OK + * 0 : shutdown is not finished + * -1 : an error catch + */ +int SSL_shutdown(SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + if (SSL_get_state(ssl) != TLS_ST_OK) return 0; + + ret = ssl->method->func->ssl_shutdown(ssl); + + return ret; +} + +/* + * SSL_clear - reset the SSL + * + * @param ssl - SSL point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_clear(SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = SSL_shutdown(ssl); + if (1 != ret) + SSL_ERR(0, go_failed1, "SSL_shutdown\n"); + + ssl->method->func->ssl_free(ssl); + + ret = ssl->method->func->ssl_new(ssl); + if (!ret) + SSL_ERR(0, go_failed1, "ssl_new\n"); + + return 1; + +go_failed1: + return ret; +} + +/* + * SSL_read - read data from to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the received data buffer point + * @param len - the received data length + * + * @return + * > 0 : OK, and return received data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_read(SSL *ssl, void *buffer, int len) +{ + int ret; + + SSL_ASSERT(ssl); + SSL_ASSERT(buffer); + SSL_ASSERT(len); + + ret = ssl->method->func->ssl_read(ssl, buffer, len); + + return ret; +} + +/* + * SSL_write - send the data to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the send data buffer point + * @param len - the send data length + * + * @return + * > 0 : OK, and return sent data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_write(SSL *ssl, const void *buffer, int len) +{ + int ret; + int send_bytes; + const unsigned char *pbuf; + + SSL_ASSERT(ssl); + SSL_ASSERT(buffer); + SSL_ASSERT(len); + + send_bytes = len; + pbuf = (const unsigned char *)buffer; + + do { + int bytes; + + if (send_bytes > SSL_SEND_DATA_MAX_LENGTH) + bytes = SSL_SEND_DATA_MAX_LENGTH; + else + bytes = send_bytes; + + ret = ssl->method->func->ssl_send(ssl, buffer, len); + if (ret > 0) { + pbuf += ret; + send_bytes -= ret; + } + } while (ret > 0 && send_bytes); + + send_bytes = len - send_bytes; + if (send_bytes >= 0) + ret = send_bytes; + else + ret = -1; + + return ret; +} + +/* + * SSL_get_SSL_CTX - get SSL context of the SSL + * + * @param ssl - SSL point + * + * @return SSL context + */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->ctx; +} + +/* + * SSL_CTX_get_ssl_method - get the SSL current method + * + * @param ssl - SSL point + * + * @return the SSL current method + */ +const SSL_METHOD *SSL_get_ssl_method(SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->method; +} + +/* + * SSL_set_ssl_method - set the SSL method + * + * @param ssl - SSL point + * @param meth - SSL method point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) +{ + int ret; + + SSL_ASSERT(ssl); + SSL_ASSERT(method); + + if (ssl->version != method->version) { + + ret = SSL_shutdown(ssl); + if (1 != ret) + SSL_ERR(0, go_failed1, "SSL_shutdown\n"); + + ssl->method->func->ssl_free(ssl); + + ssl->method = method; + + ret = ssl->method->func->ssl_new(ssl); + if (!ret) + SSL_ERR(0, go_failed1, "ssl_new\n"); + } else { + ssl->method = method; + } + + + return 1; + +go_failed1: + return ret; +} + +/* + * SSL_get_shutdown - get SSL shutdown mode + * + * @param ssl - SSL point + * + * @return shutdown mode + */ +int SSL_get_shutdown(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->shutdown; +} + +/* + * SSL_set_quiet_shutdown - set SSL shutdown mode + * + * @param ssl - SSL point + * @param mode - shutdown mode + * + * @return none + */ +void SSL_set_shutdown(SSL *ssl, int mode) +{ + SSL_ASSERT(ssl); + + ssl->shutdown = mode; +} + + +/* + * SSL_pending - get the number of the bytes to be read + * + * @param ssl - SSL point + * + * @return number of the bytes + */ +int SSL_pending(const SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = ssl->method->func->ssl_pending(ssl); + + return ret; +} + +/* + * SSL_has_pending - check if some data can be read + * + * @param ssl - SSL point + * + * @return + * 1 : there are bytes to be read + * 0 : no data + */ +int SSL_has_pending(const SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + if (SSL_pending(ssl)) + ret = 1; + else + ret = 0; + + return ret; +} + +/* + * SSL_CTX_clear_options - clear the SSL context option bit of "op" + * + * @param ctx - SSL context point + * @param op - option + * + * @return SSL context option + */ +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) +{ + return ctx->options &= ~op; +} + +/* + * SSL_CTX_clear_options - get the SSL context option + * + * @param ctx - SSL context point + * @param op - option + * + * @return SSL context option + */ +unsigned long SSL_CTX_get_options(SSL_CTX *ctx) +{ + return ctx->options; +} + +/* + * SSL_CTX_set_option - set the option of the SSL context + * + * @param ctx - the SSL context + * + * @return the SSL context option + * + */ +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt) +{ + return ctx->options |= opt; +} + +/* + * SSL_clear_options - clear SSL option + * + * @param ssl - SSL point + * @param op - clear option + * + * @return SSL option + */ +unsigned long SSL_clear_options(SSL *ssl, unsigned long op) +{ + SSL_ASSERT(ssl); + + return ssl->options & ~op; +} + +/* + * SSL_clear_options - get SSL option + * + * @param ssl - SSL point + * + * @return SSL option + */ +unsigned long SSL_get_options(SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->options; +} + +/* + * SSL_clear_options - clear SSL option + * + * @param ssl - SSL point + * @param op - setting option + * + * @return SSL option + */ +unsigned long SSL_set_options(SSL *ssl, unsigned long op) +{ + SSL_ASSERT(ssl); + + return ssl->options |= op; +} + +/* + * SSL_get_fd - get the socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_fd(const SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = ssl->method->func->ssl_get_fd(ssl, 0); + + return ret; +} + +/* + * SSL_get_rfd - get the read only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_rfd(const SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = ssl->method->func->ssl_get_fd(ssl, 0); + + return ret; +} + +/* + * SSL_get_wfd - get the write only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_wfd(const SSL *ssl) +{ + int ret; + + SSL_ASSERT(ssl); + + ret = ssl->method->func->ssl_get_fd(ssl, 0); + + return ret; +} + +/* + * SSL_set_fd - bind the socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_fd(SSL *ssl, int fd) +{ + int ret; + + SSL_ASSERT(ssl); + SSL_ASSERT(fd >= 0); + + ssl->method->func->ssl_set_fd(ssl, fd, 0); + + return 1; +} + +/* + * SSL_set_fd - bind the read only socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_rfd(SSL *ssl, int fd) +{ + int ret; + + SSL_ASSERT(ssl); + SSL_ASSERT(fd >= 0); + + ssl->method->func->ssl_set_fd(ssl, fd, 0); + + return 1; +} + +/* + * SSL_set_fd - bind the write only socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_set_wfd(SSL *ssl, int fd) +{ + int ret; + + SSL_ASSERT(ssl); + SSL_ASSERT(fd >= 0); + + ssl->method->func->ssl_set_fd(ssl, fd, 0); + + return 1; +} + +/* + * SSL_version - get SSL version + * + * @param ssl - SSL point + * + * @return SSL version + */ +int SSL_version(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->version; +} + +/* + * ssl_protocol_to_string - get the SSL version string + * + * @param version - the SSL version + * + * @return the SSL version string + */ +static const char* ssl_protocol_to_string(int version) +{ + const char *str; + + if (version == TLS1_2_VERSION) + str = "TLSv1.2"; + else if (version == TLS1_1_VERSION) + str = "TLSv1.1"; + else if (version == TLS1_VERSION) + str = "TLSv1"; + else if (version == SSL3_VERSION) + str = "SSLv3"; + else + str = "unknown"; + + return str; +} + +/* + * SSL_get_version - get the SSL current version + * + * @param ssl - SSL point + * + * @return the version string + */ +const char *SSL_get_version(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl_protocol_to_string(SSL_version(ssl)); +} + +/* + * SSL_alert_desc_string - get alert description string + * + * @param value - alert value + * + * @return alert description string + */ +const char* SSL_alert_desc_string(int value) +{ + const char *str; + + switch (value & 0xff) + { + case SSL3_AD_CLOSE_NOTIFY: + str = "CN"; + break; + case SSL3_AD_UNEXPECTED_MESSAGE: + str = "UM"; + break; + case SSL3_AD_BAD_RECORD_MAC: + str = "BM"; + break; + case SSL3_AD_DECOMPRESSION_FAILURE: + str = "DF"; + break; + case SSL3_AD_HANDSHAKE_FAILURE: + str = "HF"; + break; + case SSL3_AD_NO_CERTIFICATE: + str = "NC"; + break; + case SSL3_AD_BAD_CERTIFICATE: + str = "BC"; + break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + str = "UC"; + break; + case SSL3_AD_CERTIFICATE_REVOKED: + str = "CR"; + break; + case SSL3_AD_CERTIFICATE_EXPIRED: + str = "CE"; + break; + case SSL3_AD_CERTIFICATE_UNKNOWN: + str = "CU"; + break; + case SSL3_AD_ILLEGAL_PARAMETER: + str = "IP"; + break; + case TLS1_AD_DECRYPTION_FAILED: + str = "DC"; + break; + case TLS1_AD_RECORD_OVERFLOW: + str = "RO"; + break; + case TLS1_AD_UNKNOWN_CA: + str = "CA"; + break; + case TLS1_AD_ACCESS_DENIED: + str = "AD"; + break; + case TLS1_AD_DECODE_ERROR: + str = "DE"; + break; + case TLS1_AD_DECRYPT_ERROR: + str = "CY"; + break; + case TLS1_AD_EXPORT_RESTRICTION: + str = "ER"; + break; + case TLS1_AD_PROTOCOL_VERSION: + str = "PV"; + break; + case TLS1_AD_INSUFFICIENT_SECURITY: + str = "IS"; + break; + case TLS1_AD_INTERNAL_ERROR: + str = "IE"; + break; + case TLS1_AD_USER_CANCELLED: + str = "US"; + break; + case TLS1_AD_NO_RENEGOTIATION: + str = "NR"; + break; + case TLS1_AD_UNSUPPORTED_EXTENSION: + str = "UE"; + break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + str = "CO"; + break; + case TLS1_AD_UNRECOGNIZED_NAME: + str = "UN"; + break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + str = "BR"; + break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + str = "BH"; + break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + str = "UP"; + break; + default: + str = "UK"; + break; + } + + return str; +} + +/* + * SSL_alert_desc_string - get alert description long string + * + * @param value - alert value + * + * @return alert description long string + */ +const char* SSL_alert_desc_string_long(int value) +{ + const char *str; + + switch (value & 0xff) + { + case SSL3_AD_CLOSE_NOTIFY: + str = "close notify"; + break; + case SSL3_AD_UNEXPECTED_MESSAGE: + str = "unexpected_message"; + break; + case SSL3_AD_BAD_RECORD_MAC: + str = "bad record mac"; + break; + case SSL3_AD_DECOMPRESSION_FAILURE: + str = "decompression failure"; + break; + case SSL3_AD_HANDSHAKE_FAILURE: + str = "handshake failure"; + break; + case SSL3_AD_NO_CERTIFICATE: + str = "no certificate"; + break; + case SSL3_AD_BAD_CERTIFICATE: + str = "bad certificate"; + break; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + str = "unsupported certificate"; + break; + case SSL3_AD_CERTIFICATE_REVOKED: + str = "certificate revoked"; + break; + case SSL3_AD_CERTIFICATE_EXPIRED: + str = "certificate expired"; + break; + case SSL3_AD_CERTIFICATE_UNKNOWN: + str = "certificate unknown"; + break; + case SSL3_AD_ILLEGAL_PARAMETER: + str = "illegal parameter"; + break; + case TLS1_AD_DECRYPTION_FAILED: + str = "decryption failed"; + break; + case TLS1_AD_RECORD_OVERFLOW: + str = "record overflow"; + break; + case TLS1_AD_UNKNOWN_CA: + str = "unknown CA"; + break; + case TLS1_AD_ACCESS_DENIED: + str = "access denied"; + break; + case TLS1_AD_DECODE_ERROR: + str = "decode error"; + break; + case TLS1_AD_DECRYPT_ERROR: + str = "decrypt error"; + break; + case TLS1_AD_EXPORT_RESTRICTION: + str = "export restriction"; + break; + case TLS1_AD_PROTOCOL_VERSION: + str = "protocol version"; + break; + case TLS1_AD_INSUFFICIENT_SECURITY: + str = "insufficient security"; + break; + case TLS1_AD_INTERNAL_ERROR: + str = "internal error"; + break; + case TLS1_AD_USER_CANCELLED: + str = "user canceled"; + break; + case TLS1_AD_NO_RENEGOTIATION: + str = "no renegotiation"; + break; + case TLS1_AD_UNSUPPORTED_EXTENSION: + str = "unsupported extension"; + break; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + str = "certificate unobtainable"; + break; + case TLS1_AD_UNRECOGNIZED_NAME: + str = "unrecognized name"; + break; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + str = "bad certificate status response"; + break; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + str = "bad certificate hash value"; + break; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + str = "unknown PSK identity"; + break; + default: + str = "unknown"; + break; + } + + return str; +} + +/* + * SSL_alert_type_string - get alert type string + * + * @param value - alert value + * + * @return alert type string + */ +const char *SSL_alert_type_string(int value) +{ + const char *str; + + switch (value >> 8) + { + case SSL3_AL_WARNING: + str = "W"; + break; + case SSL3_AL_FATAL: + str = "F"; + break; + default: + str = "U"; + break; + } + + return str; +} + +/* + * SSL_alert_type_string_long - get alert type long string + * + * @param value - alert value + * + * @return alert type long string + */ +const char *SSL_alert_type_string_long(int value) +{ + const char *str; + + switch (value >> 8) + { + case SSL3_AL_WARNING: + str = "warning"; + break; + case SSL3_AL_FATAL: + str = "fatal"; + break; + default: + str = "unknown"; + break; + } + + return str; +} + +/* + * SSL_rstate_string - get the state string where SSL is reading + * + * @param ssl - SSL point + * + * @return state string + */ +const char *SSL_rstate_string(SSL *ssl) +{ + const char *str; + + SSL_ASSERT(ssl); + + switch (ssl->rlayer.rstate) + { + case SSL_ST_READ_HEADER: + str = "RH"; + break; + case SSL_ST_READ_BODY: + str = "RB"; + break; + case SSL_ST_READ_DONE: + str = "RD"; + break; + default: + str = "unknown"; + break; + } + + return str; +} + +/* + * SSL_rstate_string_long - get the statement long string where SSL is reading + * + * @param ssl - SSL point + * + * @return statement long string + */ +const char *SSL_rstate_string_long(SSL *ssl) +{ + const char *str = "unknown"; + + SSL_ASSERT(ssl); + + switch (ssl->rlayer.rstate) + { + case SSL_ST_READ_HEADER: + str = "read header"; + break; + case SSL_ST_READ_BODY: + str = "read body"; + break; + case SSL_ST_READ_DONE: + str = "read done"; + break; + default: + break; + } + + return str; +} + +/* + * SSL_state_string - get SSL statement string + * + * @param ssl - SSL point + * + * @return SSL statement string + */ +char *SSL_state_string(const SSL *ssl) +{ + char *str = "UNKWN "; + + SSL_ASSERT(ssl); + + if (ossl_state_in_error(ssl)) + str = "SSLERR"; + else + { + switch (SSL_get_state(ssl)) + { + case TLS_ST_BEFORE: + str = "PINIT "; + break; + case TLS_ST_OK: + str = "SSLOK "; + break; + case TLS_ST_CW_CLNT_HELLO: + str = "TWCH"; + break; + case TLS_ST_CR_SRVR_HELLO: + str = "TRSH"; + break; + case TLS_ST_CR_CERT: + str = "TRSC"; + break; + case TLS_ST_CR_KEY_EXCH: + str = "TRSKE"; + break; + case TLS_ST_CR_CERT_REQ: + str = "TRCR"; + break; + case TLS_ST_CR_SRVR_DONE: + str = "TRSD"; + break; + case TLS_ST_CW_CERT: + str = "TWCC"; + break; + case TLS_ST_CW_KEY_EXCH: + str = "TWCKE"; + break; + case TLS_ST_CW_CERT_VRFY: + str = "TWCV"; + break; + case TLS_ST_SW_CHANGE: + case TLS_ST_CW_CHANGE: + str = "TWCCS"; + break; + case TLS_ST_SW_FINISHED: + case TLS_ST_CW_FINISHED: + str = "TWFIN"; + break; + case TLS_ST_SR_CHANGE: + case TLS_ST_CR_CHANGE: + str = "TRCCS"; + break; + case TLS_ST_SR_FINISHED: + case TLS_ST_CR_FINISHED: + str = "TRFIN"; + break; + case TLS_ST_SW_HELLO_REQ: + str = "TWHR"; + break; + case TLS_ST_SR_CLNT_HELLO: + str = "TRCH"; + break; + case TLS_ST_SW_SRVR_HELLO: + str = "TWSH"; + break; + case TLS_ST_SW_CERT: + str = "TWSC"; + break; + case TLS_ST_SW_KEY_EXCH: + str = "TWSKE"; + break; + case TLS_ST_SW_CERT_REQ: + str = "TWCR"; + break; + case TLS_ST_SW_SRVR_DONE: + str = "TWSD"; + break; + case TLS_ST_SR_CERT: + str = "TRCC"; + break; + case TLS_ST_SR_KEY_EXCH: + str = "TRCKE"; + break; + case TLS_ST_SR_CERT_VRFY: + str = "TRCV"; + break; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: + str = "DRCHV"; + break; + case DTLS_ST_SW_HELLO_VERIFY_REQUEST: + str = "DWCHV"; + break; + default: + break; + } + } + + return str; +} + +/* + * SSL_state_string_long - get SSL statement long string + * + * @param ssl - SSL point + * + * @return SSL statement long string + */ +char *SSL_state_string_long(const SSL *ssl) +{ + char *str = "UNKWN "; + + SSL_ASSERT(ssl); + + if (ossl_statem_in_error(ssl)) + str = "SSLERR"; + else + { + switch (SSL_get_state(ssl)) + { + case TLS_ST_BEFORE: + str = "before SSL initialization"; + break; + case TLS_ST_OK: + str = "SSL negotiation finished successfully"; + break; + case TLS_ST_CW_CLNT_HELLO: + str = "SSLv3/TLS write client hello"; + break; + case TLS_ST_CR_SRVR_HELLO: + str = "SSLv3/TLS read server hello"; + break; + case TLS_ST_CR_CERT: + str = "SSLv3/TLS read server certificate"; + break; + case TLS_ST_CR_KEY_EXCH: + str = "SSLv3/TLS read server key exchange"; + break; + case TLS_ST_CR_CERT_REQ: + str = "SSLv3/TLS read server certificate request"; + break; + case TLS_ST_CR_SESSION_TICKET: + str = "SSLv3/TLS read server session ticket"; + break; + case TLS_ST_CR_SRVR_DONE: + str = "SSLv3/TLS read server done"; + break; + case TLS_ST_CW_CERT: + str = "SSLv3/TLS write client certificate"; + break; + case TLS_ST_CW_KEY_EXCH: + str = "SSLv3/TLS write client key exchange"; + break; + case TLS_ST_CW_CERT_VRFY: + str = "SSLv3/TLS write certificate verify"; + break; + case TLS_ST_CW_CHANGE: + case TLS_ST_SW_CHANGE: + str = "SSLv3/TLS write change cipher spec"; + break; + case TLS_ST_CW_FINISHED: + case TLS_ST_SW_FINISHED: + str = "SSLv3/TLS write finished"; + break; + case TLS_ST_CR_CHANGE: + case TLS_ST_SR_CHANGE: + str = "SSLv3/TLS read change cipher spec"; + break; + case TLS_ST_CR_FINISHED: + case TLS_ST_SR_FINISHED: + str = "SSLv3/TLS read finished"; + break; + case TLS_ST_SR_CLNT_HELLO: + str = "SSLv3/TLS read client hello"; + break; + case TLS_ST_SW_HELLO_REQ: + str = "SSLv3/TLS write hello request"; + break; + case TLS_ST_SW_SRVR_HELLO: + str = "SSLv3/TLS write server hello"; + break; + case TLS_ST_SW_CERT: + str = "SSLv3/TLS write certificate"; + break; + case TLS_ST_SW_KEY_EXCH: + str = "SSLv3/TLS write key exchange"; + break; + case TLS_ST_SW_CERT_REQ: + str = "SSLv3/TLS write certificate request"; + break; + case TLS_ST_SW_SESSION_TICKET: + str = "SSLv3/TLS write session ticket"; + break; + case TLS_ST_SW_SRVR_DONE: + str = "SSLv3/TLS write server done"; + break; + case TLS_ST_SR_CERT: + str = "SSLv3/TLS read client certificate"; + break; + case TLS_ST_SR_KEY_EXCH: + str = "SSLv3/TLS read client key exchange"; + break; + case TLS_ST_SR_CERT_VRFY: + str = "SSLv3/TLS read certificate verify"; + break; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: + str = "DTLS1 read hello verify request"; + break; + case DTLS_ST_SW_HELLO_VERIFY_REQUEST: + str = "DTLS1 write hello verify request"; + break; + default: + break; + } + } + + return str; +} + +/* + * SSL_CTX_set_default_read_buffer_len - set the SSL context read buffer length + * + * @param ctx - SSL context point + * @param len - read buffer length + * + * @return none + */ +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(len); + + ctx->method->func->ssl_set_bufflen(NULL, len); +} + +/* + * SSL_set_default_read_buffer_len - set the SSL read buffer length + * + * @param ssl - SSL point + * @param len - read buffer length + * + * @return none + */ +void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) +{ + SSL_ASSERT(ssl); + SSL_ASSERT(len); + + ssl->method->func->ssl_set_bufflen(ssl, len); +} + +/* + * SSL_set_info_callback - set the SSL information callback function + * + * @param ssl - SSL point + * @param cb - information callback function + * + * @return none + */ +void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) +{ + SSL_ASSERT(ssl); + + ssl->info_callback = cb; +} + +/* + * SSL_CTX_up_ref - add SSL context reference count by '1' + * + * @param ctx - SSL context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_up_ref(SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + /* no support multi-thread SSL here */ + ctx->references++; + + return 1; +} + +/* + * SSL_set_security_level - set the SSL security level + * + * @param ssl - SSL point + * @param level - security level + * + * @return none + */ +void SSL_set_security_level(SSL *ssl, int level) +{ + SSL_ASSERT(ssl); + + ssl->cert->sec_level = level; +} + +/* + * SSL_get_security_level - get the SSL security level + * + * @param ssl - SSL point + * + * @return security level + */ +int SSL_get_security_level(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->cert->sec_level; +} + +/* + * SSL_CTX_get_verify_mode - get the SSL verifying mode of the SSL context + * + * @param ctx - SSL context point + * + * @return verifying mode + */ +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->verify_mode; +} + +/* + * SSL_CTX_set_timeout - set the session timeout time + * + * @param ctx - SSL context point + * @param t - new session timeout time + * + * @return old session timeout time + */ +long SSL_CTX_set_timeout(SSL_CTX *ctx, long t) +{ + long l; + + SSL_ASSERT(ctx); + + l = ctx->session_timeout; + ctx->session_timeout = t; + + return l; +} + +/* + * SSL_CTX_get_timeout - get the session timeout time + * + * @param ctx - SSL context point + * + * @return current session timeout time + */ +long SSL_CTX_get_timeout(const SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->session_timeout; +} + +/* + * SSL_set_read_ahead - set the SSL if we can read as many as data + * + * @param ssl - SSL point + * @param yes - enable the function + * + * @return none + */ +void SSL_set_read_ahead(SSL *ssl, int yes) +{ + SSL_ASSERT(ssl); + + ssl->rlayer.read_ahead = yes; +} + +/* + * SSL_set_read_ahead - set the SSL context if we can read as many as data + * + * @param ctx - SSL context point + * @param yes - enable the function + * + * @return none + */ +void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) +{ + SSL_ASSERT(ctx); + + ctx->read_ahead = yes; +} + +/* + * SSL_set_read_ahead - get the SSL ahead signal if we can read as many as data + * + * @param ssl - SSL point + * + * @return SSL context ahead signal + */ +int SSL_get_read_ahead(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->rlayer.read_ahead; +} + +/* + * SSL_set_read_ahead - get the SSL context ahead signal if we can read as many as data + * + * @param ctx - SSL context point + * + * @return SSL context ahead signal + */ +long SSL_CTX_get_read_ahead(SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->read_ahead; +} + +/* + * SSL_CTX_get_ciphers - check if the SSL context can read as many as data + * + * @param ctx - SSL context point + * + * @return + * 1 : Yes + * 0 : No + */ +long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->read_ahead; +} + +/* + * SSL_set_time - set SSL session time + * + * @param ssl - SSL point + * @param t - session time + * + * @return session time + */ +long SSL_set_time(SSL *ssl, long t) +{ + SSL_ASSERT(ssl); + + ssl->session.time = t; + + return t; +} + +/* + * SSL_set_time - set SSL session timeout time + * + * @param ssl - SSL point + * @param t - session timeout time + * + * @return session timeout time + */ +long SSL_set_timeout(SSL *ssl, long t) +{ + SSL_ASSERT(ssl); + + ssl->session.timeout = t; + + return t; +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c new file mode 100644 index 0000000000..502262f7e9 --- /dev/null +++ b/components/openssl/library/ssl_methods.c @@ -0,0 +1,43 @@ +#include "ssl_lib.h" +#include "ssl_methods.h" +#include "ssl_pm.h" + +IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, + ssl_pm_new, ssl_pm_free, + ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, + ssl_pm_read, ssl_pm_send, ssl_pm_pending, + ssl_pm_set_fd, ssl_pm_get_fd, + ssl_pm_set_bufflen, + ssl_pm_get_state); + +IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); + +IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); + +IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method); + +IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); + +IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); + + +IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); + +IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); + +IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method); + +IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); + +IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); + + +IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); + +IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); + +IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); + +IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); + +IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c new file mode 100644 index 0000000000..2a170716c0 --- /dev/null +++ b/components/openssl/library/ssl_pkey.c @@ -0,0 +1,50 @@ +#include "ssl_lib.h" +#include "ssl_pkey.h" +#include "ssl_dbg.h" +#include "ssl_pm.h" + +EVP_PKEY *d2i_PrivateKey(int type, + EVP_PKEY **a, + const unsigned char **pp, + long length) +{ + EVP_PKEY *pkey; + void *pkey_pm; + int ret; + + SSL_ASSERT(pp); + SSL_ASSERT(*pp); + SSL_ASSERT(length); + + pkey = ssl_malloc(sizeof(EVP_PKEY)); + if (!pkey) + SSL_RET(failed1, "ssl_malloc\n"); + + pkey_pm = pkey_pm_new(); + if (!pkey_pm) + SSL_RET(failed2, "pkey_pm_new\n"); + + ret = pkey_pm_load_crt(pkey_pm, *pp, length); + if (ret) + SSL_RET(failed3, "pkey_pm_load_crt\n"); + + pkey->pkey_pm = pkey_pm; + if (a) + *a = pkey; + + return pkey; + +failed3: + pkey_pm_free(pkey_pm); +failed2: + ssl_free(pkey); +failed1: + return NULL; +} + +void EVP_PKEY_free(EVP_PKEY *x) +{ + pkey_pm_unload_crt(x->pkey_pm); + pkey_pm_free(x->pkey_pm); + ssl_free(x); +} diff --git a/components/openssl/library/ssl_rsa.c b/components/openssl/library/ssl_rsa.c new file mode 100644 index 0000000000..9088f67f57 --- /dev/null +++ b/components/openssl/library/ssl_rsa.c @@ -0,0 +1,70 @@ +#include "ssl_lib.h" +#include "ssl_rsa.h" +#include "ssl_pkey.h" +#include "ssl_x509.h" +#include "ssl_dbg.h" +#include "ssl_pm.h" + +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->cert->x509 = x; + + return 1; +} + +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d) +{ + int ret; + X509 *cert; + + cert = d2i_X509(NULL, d, len); + if (!cert) + SSL_RET(failed1, "d2i_X509\n"); + + ret = SSL_CTX_use_certificate(ctx, cert); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_certificate\n"); + + return 1; + +failed2: + X509_free(cert); +failed1: + return 0; +} + +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(pkey); + + ctx->cert->pkey = pkey; + + return 1; +} + +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, + const unsigned char *d, long len) +{ + int ret; + EVP_PKEY *pkey; + + pkey = d2i_PrivateKey(0, NULL, &d, len); + if (!pkey) + SSL_RET(failed1, "d2i_PrivateKey\n"); + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + + return 1; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return 0; +} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c new file mode 100644 index 0000000000..23aa00681e --- /dev/null +++ b/components/openssl/library/ssl_x509.c @@ -0,0 +1,54 @@ +#include "ssl_x509.h" +#include "ssl_dbg.h" +#include "ssl_pm.h" + +X509* sk_X509_NAME_new_null(void) +{ + return ssl_malloc(sizeof(X509)); +} + +X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) +{ + X509 *x509_crt; + void *x509_pm; + int ret; + + SSL_ASSERT(cert); + SSL_ASSERT(buffer); + SSL_ASSERT(len); + + x509_crt = sk_X509_NAME_new_null(); + if (!x509_crt) + SSL_RET(failed1, ""); + + x509_pm = x509_pm_new(); + if (!x509_pm) + SSL_RET(failed2, ""); + + ret = x509_pm_load_crt(x509_pm, buffer, len); + if (ret) + SSL_RET(failed3, ""); + + x509_crt->x509_pm = x509_pm; + if (cert) + *cert = x509_crt; + + return x509_crt; + +failed3: + x509_pm_free(x509_pm); +failed2: + ssl_free(x509_crt); +failed1: + return NULL; +} + +void X509_free(X509 *cert) +{ + if (cert->x509_pm) { + x509_pm_unload_crt(cert->x509_pm); + x509_pm_free(cert->x509_pm); + } + ssl_free(cert); +}; + diff --git a/components/openssl/platform/Makefile b/components/openssl/platform/Makefile new file mode 100644 index 0000000000..749b4787ca --- /dev/null +++ b/components/openssl/platform/Makefile @@ -0,0 +1,46 @@ + +############################################################# +# Required variables for each makefile +# Discard this section from all parent makefiles +# Expected variables (with automatic defaults): +# CSRCS (all "C" files in the dir) +# SUBDIRS (all subdirs with a Makefile) +# GEN_LIBS - list of libs to be generated () +# GEN_IMAGES - list of images to be generated () +# COMPONENTS_xxx - a list of libs/objs in the form +# subdir/lib to be extracted and rolled up into +# a generated lib/image xxx.a () +# +ifndef PDIR + +GEN_LIBS = libplatform.a + +endif + + +############################################################# +# Configuration i.e. compile options etc. +# Target specific stuff (defines etc.) goes in here! +# Generally values applying to a tree are captured in the +# makefile at its root level - these are then overridden +# for a subtree within the makefile rooted therein +# +#DEFINES += + +############################################################# +# Recursion Magic - Don't touch this!! +# +# Each subtree potentially has an include directory +# corresponding to the common APIs applicable to modules +# rooted at that subtree. Accordingly, the INCLUDE PATH +# of a module can only contain the include directories up +# its parent path, and not its siblings +# +# Required for each makefile to inherit from the parent +# + +INCLUDES := $(INCLUDES) -I $(PDIR)include +INCLUDES += -I ./ +PDIR := ../$(PDIR) +sinclude $(PDIR)Makefile + diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c new file mode 100644 index 0000000000..831420180c --- /dev/null +++ b/components/openssl/platform/ssl_pm.c @@ -0,0 +1,422 @@ +#include "ssl_pm.h" +#include "ssl_dbg.h" + +/* mbedtls include */ +#include "mbedtls/platform.h" +#include "mbedtls/net.h" +#include "mbedtls/debug.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/error.h" +#include "mbedtls/certs.h" + +struct ssl_pm +{ + /* local socket file description */ + mbedtls_net_context fd; + /* remote client socket file description */ + mbedtls_net_context cl_fd; + + mbedtls_ssl_config conf; + + mbedtls_ctr_drbg_context ctr_drbg; + + mbedtls_ssl_context ssl; + + mbedtls_entropy_context entropy; +}; + +struct x509_pm +{ + mbedtls_x509_crt x509_crt; +}; + +struct pkey_pm +{ + mbedtls_pk_context pkey; +}; + + +unsigned int max_content_len; + + +/*********************************************************************************************/ +/********************************* SSL general interface *************************************/ + +void* ssl_zalloc(size_t size) +{ + void *p = malloc(size); + + if (p) + memset(p, 0, size); + + return p; +} + +void *ssl_malloc(size_t size) +{ + return zalloc(size); +} + +void ssl_free(void *p) +{ + free(p); +} + +void* ssl_memcpy(void *to, const void *from, size_t size) +{ + return memcpy(to, from, size); +} + +void ssl_speed_up_enter(void) +{ + +} + +void ssl_speed_up_exit(void) +{ + +} + +/*********************************************************************************************/ +/************************************ SSL arch interface *************************************/ + +int ssl_pm_new(SSL *ssl) +{ + struct ssl_pm *ssl_pm; + int ret; + + char *pers; + int endpoint; + + SSL_CTX *ctx = ssl->ctx; + const SSL_METHOD *method = ssl->method; + + ssl_pm = malloc(sizeof(struct ssl_pm)); + if (!ssl_pm) + return -1; + + if (method->endpoint) { + pers = "server"; + endpoint = MBEDTLS_SSL_IS_SERVER; + } else { + pers = "client"; + endpoint = MBEDTLS_SSL_IS_CLIENT; + } + + //max_content_len = 4096; + + mbedtls_net_init(&ssl_pm->fd); + mbedtls_net_init(&ssl_pm->cl_fd); + + mbedtls_ssl_config_init(&ssl_pm->conf); + mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg); + mbedtls_entropy_init(&ssl_pm->entropy); + mbedtls_ssl_init(&ssl_pm->ssl); + + ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, (const unsigned char *)pers, strlen(pers)); + if (ret) + SSL_ERR(ret, failed1, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); + + ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + if (ret) + SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); + + mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); + mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); + + if (ctx->client_CA->x509_pm) { + struct x509_pm *x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); + mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_REQUIRED); + } else { + mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_NONE); + } + if (ctx->cert->x509 && + ctx->cert->pkey) { + struct x509_pm *x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); + if (ret) + SSL_ERR(ret, failed4, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); + } + + ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); + if (ret) + SSL_ERR(ret, failed4, "mbedtls_ssl_setup:[-0x%x]\n", -ret); + + mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); + + ssl->ssl_pm = ssl_pm; + + return 0; + +failed4: + mbedtls_ssl_config_free(&ssl_pm->conf); +failed3: + mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); +failed2: + mbedtls_entropy_free(&ssl_pm->entropy); +failed1: + return -1; +} + +void ssl_pm_free(SSL *ssl) +{ + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + mbedtls_ssl_config_free(&ssl_pm->conf); + mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); + mbedtls_entropy_free(&ssl_pm->entropy); + mbedtls_ssl_free(&ssl_pm->ssl); + + mbedtls_net_free(&ssl_pm->fd); + mbedtls_net_free(&ssl_pm->cl_fd); +} + +int ssl_pm_handshake(SSL *ssl) +{ + int ret, mbed_ret; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + ssl_speed_up_enter(); + while((mbed_ret = mbedtls_ssl_handshake(&ssl_pm->ssl)) != 0) { + if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + break; + } + } + ssl_speed_up_exit(); + + if (!mbed_ret) + ret = 1; + else { + ret = 0; + SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret); + } + + return ret; +} + +int ssl_pm_shutdown(SSL *ssl) +{ + int ret, mbed_ret; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + mbed_ret = mbedtls_ssl_close_notify(&ssl_pm->ssl); + if (!mbed_ret) + ret = 0; + else + ret = -1; + + return ret; +} + +int ssl_pm_clear(SSL *ssl) +{ + return ssl_pm_shutdown(ssl); +} + + +int ssl_pm_read(SSL *ssl, void *buffer, int len) +{ + int ret, mbed_ret; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + mbed_ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len); + if (mbed_ret < 0) + ret = -1; + else if (mbed_ret == 0) + ret = 0; + else + ret = mbed_ret; + + return ret; +} + +int ssl_pm_send(SSL *ssl, const void *buffer, int len) +{ + int ret, mbed_ret; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + mbed_ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len); + if (mbed_ret < 0) + ret = -1; + else if (mbed_ret == 0) + ret = 0; + else + ret = mbed_ret; + + return ret; +} + +int ssl_pm_pending(const SSL *ssl) +{ + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl); +} + +void ssl_pm_set_fd(SSL *ssl, int fd, int mode) +{ + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + ssl_pm->fd.fd = fd; +} + +int ssl_pm_get_fd(const SSL *ssl, int mode) +{ + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + return ssl_pm->fd.fd; +} + +OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) +{ + OSSL_HANDSHAKE_STATE state; + + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + switch (ssl_pm->ssl.state) + { + case MBEDTLS_SSL_CLIENT_HELLO: + state = TLS_ST_CW_CLNT_HELLO; + break; + case MBEDTLS_SSL_SERVER_HELLO: + state = TLS_ST_SW_SRVR_HELLO; + break; + case MBEDTLS_SSL_SERVER_CERTIFICATE: + state = TLS_ST_SW_CERT; + break; + case MBEDTLS_SSL_SERVER_HELLO_DONE: + state = TLS_ST_SW_SRVR_DONE; + break; + case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: + state = TLS_ST_CW_KEY_EXCH; + break; + case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: + state = TLS_ST_CW_CHANGE; + break; + case MBEDTLS_SSL_CLIENT_FINISHED: + state = TLS_ST_CW_FINISHED; + break; + case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: + state = TLS_ST_SW_CHANGE; + break; + case MBEDTLS_SSL_SERVER_FINISHED: + state = TLS_ST_SW_FINISHED; + break; + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + state = TLS_ST_CW_CERT; + break; + case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: + state = TLS_ST_SR_KEY_EXCH; + break; + case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + state = TLS_ST_SW_SESSION_TICKET; + break; + case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: + state = TLS_ST_SW_CERT_REQ; + break; + case MBEDTLS_SSL_HANDSHAKE_OVER: + state = TLS_ST_OK; + break; + default : + state = TLS_ST_BEFORE; + break; + } + + return state; +} + +void* x509_pm_new(void) +{ + return ssl_malloc(sizeof(struct x509_pm)); +} + +void x509_pm_free(void *pm) +{ + ssl_free(pm); +} + +int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len) +{ + int ret; + unsigned char *load_buf; + struct x509_pm *x509_pm = (struct x509_pm *)pm; + + load_buf = ssl_malloc(len + 1); + if (!load_buf) + SSL_RET(failed1, ""); + + ssl_memcpy(load_buf, buffer, len); + load_buf[len] = '\0'; + + mbedtls_x509_crt_init(&x509_pm->x509_crt); + ret = mbedtls_x509_crt_parse(&x509_pm->x509_crt, load_buf, len); + ssl_free(load_buf); + + if (ret) + SSL_RET(failed1, ""); + + return 0; + +failed1: + return -1; +} + +void x509_pm_unload_crt(void *pm) +{ + struct x509_pm *x509_pm = (struct x509_pm *)pm; + + mbedtls_x509_crt_free(&x509_pm->x509_crt); +} + +void* pkey_pm_new(void) +{ + return ssl_malloc(sizeof(struct pkey_pm)); +} + +void pkey_pm_free(void *pm) +{ + ssl_free(pm); +} + +int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len) +{ + int ret; + unsigned char *load_buf; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + + load_buf = ssl_malloc(len + 1); + if (!load_buf) + SSL_RET(failed1, ""); + + ssl_memcpy(load_buf, buffer, len); + load_buf[len] = '\0'; + + mbedtls_pk_init(&pkey_pm->pkey); + ret = mbedtls_pk_parse_key(&pkey_pm->pkey, load_buf, len, NULL, 0); + ssl_free(load_buf); + + if (ret) + SSL_RET(failed1, ""); + + return 0; + +failed1: + return -1; +} + +void pkey_pm_unload_crt(void *pm) +{ + struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + + mbedtls_pk_free(&pkey_pm->pkey); +} + +void ssl_pm_set_bufflen(SSL *ssl, int len) +{ + max_content_len = len; +} From 5adc661d05ea0ab75e68674aae3ba6b2a7795824 Mon Sep 17 00:00:00 2001 From: dongheng Date: Wed, 21 Sep 2016 09:23:29 +0800 Subject: [PATCH 03/52] components/openssl: add more interface for application --- components/openssl/Makefile | 50 ------------- components/openssl/Makefile.projbuild | 4 ++ components/openssl/component.mk | 9 +++ components/openssl/include/internal/ssl_lib.h | 5 -- .../openssl/include/internal/ssl_pkey.h | 2 + components/openssl/include/platform/ssl_pm.h | 3 +- components/openssl/library/Makefile | 46 ------------ components/openssl/library/ssl_cert.c | 1 + components/openssl/library/ssl_lib.c | 72 ++++++++++++++++++- components/openssl/platform/Makefile | 46 ------------ components/openssl/platform/ssl_pm.c | 6 +- 11 files changed, 92 insertions(+), 152 deletions(-) delete mode 100644 components/openssl/Makefile create mode 100644 components/openssl/Makefile.projbuild create mode 100644 components/openssl/component.mk delete mode 100644 components/openssl/library/Makefile delete mode 100644 components/openssl/platform/Makefile diff --git a/components/openssl/Makefile b/components/openssl/Makefile deleted file mode 100644 index bdd8a0e932..0000000000 --- a/components/openssl/Makefile +++ /dev/null @@ -1,50 +0,0 @@ - -############################################################# -# Required variables for each makefile -# Discard this section from all parent makefiles -# Expected variables (with automatic defaults): -# CSRCS (all "C" files in the dir) -# SUBDIRS (all subdirs with a Makefile) -# GEN_LIBS - list of libs to be generated () -# GEN_IMAGES - list of images to be generated () -# COMPONENTS_xxx - a list of libs/objs in the form -# subdir/lib to be extracted and rolled up into -# a generated lib/image xxx.a () -# -ifndef PDIR - -UP_EXTRACT_DIR = .. -GEN_LIBS = libopenssl.a -COMPONENTS_libopenssl = library/liblibrary.a platform/libplatform.a - -endif - - -############################################################# -# Configuration i.e. compile options etc. -# Target specific stuff (defines etc.) goes in here! -# Generally values applying to a tree are captured in the -# makefile at its root level - these are then overridden -# for a subtree within the makefile rooted therein -# -#DEFINES += - -############################################################# -# Recursion Magic - Don't touch this!! -# -# Each subtree potentially has an include directory -# corresponding to the common APIs applicable to modules -# rooted at that subtree. Accordingly, the INCLUDE PATH -# of a module can only contain the include directories up -# its parent path, and not its siblings -# -# Required for each makefile to inherit from the parent -# - -INCLUDES := $(INCLUDES) -I $(PDIR)include -I $(PDIR)include/platform -I $(PDIR)include/internal -INCLUDES += -I ./inlcude -INCLUDES += -I $(SDK_PATH)/include/openssl/internal -INCLUDES += -I ./ -PDIR := ../$(PDIR) -sinclude $(PDIR)Makefile - diff --git a/components/openssl/Makefile.projbuild b/components/openssl/Makefile.projbuild new file mode 100644 index 0000000000..51300efd11 --- /dev/null +++ b/components/openssl/Makefile.projbuild @@ -0,0 +1,4 @@ +# Anyone compiling mbedTLS code needs the name of the +# alternative config file +CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' + diff --git a/components/openssl/component.mk b/components/openssl/component.mk new file mode 100644 index 0000000000..97de6975c9 --- /dev/null +++ b/components/openssl/component.mk @@ -0,0 +1,9 @@ +# +# Component Makefile +# + +COMPONENT_ADD_INCLUDEDIRS := include include/internal include/platform include/oepnssl + +COMPONENT_SRCDIRS := library platform + +include $(IDF_PATH)/make/component_common.mk diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h index d95d219556..0881fbbfdb 100644 --- a/components/openssl/include/internal/ssl_lib.h +++ b/components/openssl/include/internal/ssl_lib.h @@ -3,9 +3,4 @@ #include "ssl_types.h" -#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -#define SSL_want_read(s) (SSL_want(s) == SSL_READING) -#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_WRITING) - #endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index cc870e18ed..c7170244a6 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -8,4 +8,6 @@ EVP_PKEY *d2i_PrivateKey(int type, const unsigned char **pp, long length); +void EVP_PKEY_free(EVP_PKEY *x); + #endif diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index c75ae95af5..a6731cff7f 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -2,7 +2,8 @@ #define _SSL_PM_H_ #include "ssl_types.h" -#include "esp_common.h" +#include "esp_types.h" +#include "esp_system.h" void* ssl_zalloc(size_t size); void *ssl_malloc(size_t size); diff --git a/components/openssl/library/Makefile b/components/openssl/library/Makefile deleted file mode 100644 index 10f4067c64..0000000000 --- a/components/openssl/library/Makefile +++ /dev/null @@ -1,46 +0,0 @@ - -############################################################# -# Required variables for each makefile -# Discard this section from all parent makefiles -# Expected variables (with automatic defaults): -# CSRCS (all "C" files in the dir) -# SUBDIRS (all subdirs with a Makefile) -# GEN_LIBS - list of libs to be generated () -# GEN_IMAGES - list of images to be generated () -# COMPONENTS_xxx - a list of libs/objs in the form -# subdir/lib to be extracted and rolled up into -# a generated lib/image xxx.a () -# -ifndef PDIR - -GEN_LIBS = liblibrary.a - -endif - - -############################################################# -# Configuration i.e. compile options etc. -# Target specific stuff (defines etc.) goes in here! -# Generally values applying to a tree are captured in the -# makefile at its root level - these are then overridden -# for a subtree within the makefile rooted therein -# -#DEFINES += - -############################################################# -# Recursion Magic - Don't touch this!! -# -# Each subtree potentially has an include directory -# corresponding to the common APIs applicable to modules -# rooted at that subtree. Accordingly, the INCLUDE PATH -# of a module can only contain the include directories up -# its parent path, and not its siblings -# -# Required for each makefile to inherit from the parent -# - -INCLUDES := $(INCLUDES) -I $(PDIR)include -INCLUDES += -I ./ -PDIR := ../$(PDIR) -sinclude $(PDIR)Makefile - diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 10f723bfcb..5332592460 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -1,4 +1,5 @@ #include "ssl_cert.h" +#include "ssl_dbg.h" #include "ssl_pm.h" CERT *ssl_cert_new(void) diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ad78f3961a..e1e112cc7b 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -6,7 +6,7 @@ #define SSL_SEND_DATA_MAX_LENGTH 1460 -static int ossl_statem_in_error(const SSL *ssl) +int ossl_statem_in_error(const SSL *ssl) { if (ssl->statem.state == MSG_FLOW_ERROR) return 1; @@ -14,6 +14,74 @@ static int ossl_statem_in_error(const SSL *ssl) return 0; } +/* + * SSL_want - get the SSL specifical statement + * + * @param ssl - SSL point + * + * @return specifical statement + */ +int SSL_want(const SSL *ssl) +{ + return 0; +} + +/* + * SSL_want_nothing - check if SSL want nothing + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_want_nothing(const SSL *ssl) +{ + return (SSL_want(ssl) == SSL_NOTHING); +} + +/* + * SSL_want_read - check if SSL want to read + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_want_read(const SSL *ssl) +{ + return (SSL_want(ssl) == SSL_READING); +} + +/* + * SSL_want_read - check if SSL want to write + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_want_write(const SSL *ssl) +{ + return (SSL_want(ssl) == SSL_WRITING); +} + +/* + * SSL_want_read - check if SSL want to lookup X509 certification + * + * @param ssl - SSL point + * + * @return + * 1 : yes + * 0 : no + */ +int SSL_want_x509_lookup(const SSL *ssl) +{ + return (SSL_want(ssl) == SSL_WRITING); +} + /* * SSL_get_error - get SSL error code * @@ -1153,7 +1221,7 @@ char *SSL_state_string(const SSL *ssl) SSL_ASSERT(ssl); - if (ossl_state_in_error(ssl)) + if (ossl_statem_in_error(ssl)) str = "SSLERR"; else { diff --git a/components/openssl/platform/Makefile b/components/openssl/platform/Makefile deleted file mode 100644 index 749b4787ca..0000000000 --- a/components/openssl/platform/Makefile +++ /dev/null @@ -1,46 +0,0 @@ - -############################################################# -# Required variables for each makefile -# Discard this section from all parent makefiles -# Expected variables (with automatic defaults): -# CSRCS (all "C" files in the dir) -# SUBDIRS (all subdirs with a Makefile) -# GEN_LIBS - list of libs to be generated () -# GEN_IMAGES - list of images to be generated () -# COMPONENTS_xxx - a list of libs/objs in the form -# subdir/lib to be extracted and rolled up into -# a generated lib/image xxx.a () -# -ifndef PDIR - -GEN_LIBS = libplatform.a - -endif - - -############################################################# -# Configuration i.e. compile options etc. -# Target specific stuff (defines etc.) goes in here! -# Generally values applying to a tree are captured in the -# makefile at its root level - these are then overridden -# for a subtree within the makefile rooted therein -# -#DEFINES += - -############################################################# -# Recursion Magic - Don't touch this!! -# -# Each subtree potentially has an include directory -# corresponding to the common APIs applicable to modules -# rooted at that subtree. Accordingly, the INCLUDE PATH -# of a module can only contain the include directories up -# its parent path, and not its siblings -# -# Required for each makefile to inherit from the parent -# - -INCLUDES := $(INCLUDES) -I $(PDIR)include -INCLUDES += -I ./ -PDIR := ../$(PDIR) -sinclude $(PDIR)Makefile - diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 831420180c..9d207b3a0e 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -1,6 +1,8 @@ #include "ssl_pm.h" #include "ssl_dbg.h" +#include + /* mbedtls include */ #include "mbedtls/platform.h" #include "mbedtls/net.h" @@ -55,7 +57,7 @@ void* ssl_zalloc(size_t size) void *ssl_malloc(size_t size) { - return zalloc(size); + return ssl_zalloc(size); } void ssl_free(void *p) @@ -140,7 +142,7 @@ int ssl_pm_new(SSL *ssl) ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); if (ret) - SSL_ERR(ret, failed4, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); + SSL_ERR(ret, failed3, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); } ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); From b89168d0f1be251fce1b37bfe0684ae097da30f7 Mon Sep 17 00:00:00 2001 From: dongheng Date: Wed, 21 Sep 2016 17:51:12 +0800 Subject: [PATCH 04/52] components/openssl: add ssl_port.c & .h file --- .../openssl/include/platform/ssl_port.h | 29 ++++++++++ components/openssl/platform/ssl_port.c | 56 +++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 components/openssl/include/platform/ssl_port.h create mode 100644 components/openssl/platform/ssl_port.c diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h new file mode 100644 index 0000000000..252e2566c3 --- /dev/null +++ b/components/openssl/include/platform/ssl_port.h @@ -0,0 +1,29 @@ +/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _SSL_PORT_H_ +#define _SSL_PORT_H_ + +#include "esp_types.h" + +void* ssl_zalloc(size_t size); +void *ssl_malloc(size_t size); +void ssl_free(void *p); +void* ssl_memcpy(void *to, const void *from, size_t size); + +void ssl_speed_up_enter(void); +void ssl_speed_up_exit(void); + +#endif diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c new file mode 100644 index 0000000000..66aac5f6d9 --- /dev/null +++ b/components/openssl/platform/ssl_port.c @@ -0,0 +1,56 @@ +/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "ssl_port.h" +#include "malloc.h" + +/*********************************************************************************************/ +/********************************* SSL general interface *************************************/ + +void* ssl_zalloc(size_t size) +{ + void *p = malloc(size); + + if (p) + memset(p, 0, size); + + return p; +} + +void *ssl_malloc(size_t size) +{ + return ssl_zalloc(size); +} + +void ssl_free(void *p) +{ + free(p); +} + +void* ssl_memcpy(void *to, const void *from, size_t size) +{ + return memcpy(to, from, size); +} + +void ssl_speed_up_enter(void) +{ + +} + +void ssl_speed_up_exit(void) +{ + +} From 6bd3d62d7ceadb11c814459dfbe68160aa511409 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 10:28:08 +0800 Subject: [PATCH 05/52] components/openssl: add license header --- components/openssl/Makefile.projbuild | 1 - components/openssl/include/internal/ssl3.h | 14 ++ .../openssl/include/internal/ssl_cert.h | 20 ++- .../openssl/include/internal/ssl_code.h | 14 ++ components/openssl/include/internal/ssl_dbg.h | 20 ++- components/openssl/include/internal/ssl_lib.h | 14 ++ .../openssl/include/internal/ssl_methods.h | 53 +++++- .../openssl/include/internal/ssl_pkey.h | 18 +- components/openssl/include/internal/ssl_rsa.h | 14 ++ .../openssl/include/internal/ssl_types.h | 53 +++++- .../openssl/include/internal/ssl_x509.h | 14 ++ components/openssl/include/internal/tls1.h | 14 ++ components/openssl/include/openssl/ssl.h | 19 +- components/openssl/include/platform/ssl_pm.h | 40 +++-- .../openssl/include/platform/ssl_port.h | 27 ++- components/openssl/library/ssl_cert.c | 75 ++++++-- components/openssl/library/ssl_lib.c | 101 ++++++++--- components/openssl/library/ssl_methods.c | 42 ++++- components/openssl/library/ssl_pkey.c | 111 +++++++++--- components/openssl/library/ssl_rsa.c | 82 ++++++++- components/openssl/library/ssl_x509.c | 118 +++++++++---- components/openssl/platform/ssl_pm.c | 163 ++++++++++-------- components/openssl/platform/ssl_port.c | 27 ++- 23 files changed, 819 insertions(+), 235 deletions(-) diff --git a/components/openssl/Makefile.projbuild b/components/openssl/Makefile.projbuild index 51300efd11..b1d5641231 100644 --- a/components/openssl/Makefile.projbuild +++ b/components/openssl/Makefile.projbuild @@ -1,4 +1,3 @@ # Anyone compiling mbedTLS code needs the name of the # alternative config file -CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' diff --git a/components/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h index d7c254563b..c90d546df0 100644 --- a/components/openssl/include/internal/ssl3.h +++ b/components/openssl/include/internal/ssl3.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL3_H_ #define _SSL3_H_ diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h index e0b3ea75dc..109012a194 100644 --- a/components/openssl/include/internal/ssl_cert.h +++ b/components/openssl/include/internal/ssl_cert.h @@ -1,11 +1,23 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_CERT_H_ #define _SSL_CERT_H_ -#include "ssl_pkey.h" -#include "ssl_x509.h" - -CERT *ssl_cert_new(void); +#include "ssl_types.h" +CERT* ssl_cert_new(void); void ssl_cert_free(CERT *c); #endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index d45abff680..1510ce6ff4 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_CODE_H_ #define _SSL_CODE_H_ diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 436d33132f..27a192b28f 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -1,13 +1,29 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ -#define SSL_DEBUG_ENBALE 0 +#define SSL_DEBUG_ENBALE 1 #define SSL_DEBUG_LEVEL 0 #define SSL_ASSERT_ENABLE 1 #define SSL_DEBUG_LOCATION_ENABLE 1 #if SSL_DEBUG_ENBALE - #define SSL_PRINT os_printf + extern int ets_printf(const char *fmt, ...); + + #define SSL_PRINT ets_printf #else #define SSL_PRINT(...) #endif diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h index 0881fbbfdb..6ea547a7c5 100644 --- a/components/openssl/include/internal/ssl_lib.h +++ b/components/openssl/include/internal/ssl_lib.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_LIB_H_ #define _SSL_LIB_H_ diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index e2806f177a..b72b17ad3d 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_METHODS_H_ #define _SSL_METHODS_H_ @@ -8,7 +22,7 @@ set_fd, get_fd, \ set_bufflen, \ get_state) \ - static const SSL_METHOD_FUNC func_name = { \ + static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ free, \ handshake, \ @@ -25,7 +39,7 @@ #define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data = { \ + static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ ver, \ mode, \ &(fun), \ @@ -35,7 +49,7 @@ #define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data = { \ + static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ ver, \ mode, \ &(fun), \ @@ -43,4 +57,37 @@ return &func_name##_data; \ } +#define IMPLEMENT_X509_METHOD(func_name, \ + new, \ + free, \ + load, \ + unload) \ + const X509_METHOD* func_name(void) { \ + static const X509_METHOD func_name##_data LOCAL_ATRR = { \ + new, \ + free, \ + load, \ + unload, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_PKEY_METHOD(func_name, \ + new, \ + free, \ + load, \ + unload) \ + const PKEY_METHOD* func_name(void) { \ + static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \ + new, \ + free, \ + load, \ + unload, \ + }; \ + return &func_name##_data; \ + } + +const X509_METHOD* X509_method(void); +const PKEY_METHOD* EVP_PKEY_method(void); + #endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index c7170244a6..34be294efe 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -1,9 +1,25 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_PKEY_H_ #define _SSL_PKEY_H_ #include "ssl_types.h" -EVP_PKEY *d2i_PrivateKey(int type, +EVP_PKEY* EVP_PKEY_new(void); + +EVP_PKEY* d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); diff --git a/components/openssl/include/internal/ssl_rsa.h b/components/openssl/include/internal/ssl_rsa.h index 7530bde734..d0ce40312c 100644 --- a/components/openssl/include/internal/ssl_rsa.h +++ b/components/openssl/include/internal/ssl_rsa.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_RSA_H_ #define _SSL_RSA_H_ diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 19eb6cb165..417350627c 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -1,8 +1,21 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_TYPES_H_ #define _SSL_TYPES_H_ #include "ssl_code.h" -#include typedef void SSL_CIPHER; @@ -47,15 +60,25 @@ typedef struct x509_st X509; struct evp_pkey_st; typedef struct evp_pkey_st EVP_PKEY; +struct x509_method_st; +typedef struct x509_method_st X509_METHOD; + +struct pkey_method_st; +typedef struct pkey_method_st PKEY_METHOD; + struct evp_pkey_st { void *pkey_pm; + + const PKEY_METHOD *method; }; struct x509_st { /* X509 certification platform private point */ void *x509_pm; + + const X509_METHOD *method; }; struct cert_st { @@ -111,6 +134,8 @@ struct ssl_ctx_st long session_timeout; int read_ahead; + + int read_buffer_len; }; struct ssl_st @@ -183,8 +208,34 @@ struct ssl_method_func_st { OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; +struct x509_method_st { + + int (*x509_new)(X509 *x); + + void (*x509_free)(X509 *x); + + int (*x509_load)(X509 *x, const unsigned char *buf, int len); + + void (*x509_unload)(X509 *x); +}; + +struct pkey_method_st { + + int (*pkey_new)(EVP_PKEY *pkey); + + void (*pkey_free)(EVP_PKEY *pkey); + + int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); + + void (*pkey_unload)(EVP_PKEY *pkey); +}; + typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg); +#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) +#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) +#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) + #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 28a7baf513..a169352bac 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_X509_H_ #define _SSL_X509_H_ diff --git a/components/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h index 70de22bb5b..b2da639194 100644 --- a/components/openssl/include/internal/tls1.h +++ b/components/openssl/include/internal/tls1.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _TLS1_H_ #define _TLS1_H_ diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 89cb5bb9f7..0d4c9c2080 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -1,6 +1,21 @@ -#ifndef HEADER_SSL_H -#define HEADER_SSL_H +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _SSL_H_ +#define _SSL_H_ + +#include "ssl_port.h" #include "internal/ssl_types.h" /* diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index a6731cff7f..783ba5445e 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -1,14 +1,24 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_PM_H_ #define _SSL_PM_H_ #include "ssl_types.h" -#include "esp_types.h" -#include "esp_system.h" +#include "ssl_port.h" -void* ssl_zalloc(size_t size); -void *ssl_malloc(size_t size); -void ssl_free(void *p); -void* ssl_memcpy(void *to, const void *from, size_t size); +#define LOCAL_ATRR int ssl_pm_new(SSL *ssl); void ssl_pm_free(SSL *ssl); @@ -28,15 +38,15 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); void ssl_pm_set_bufflen(SSL *ssl, int len); -void* x509_pm_new(void); -void x509_pm_free(void *pm); -int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len); -void x509_pm_unload_crt(void *pm); -void x509_pm_start_ca(void *ssl, void *pm); +int x509_pm_new(X509 *x); +void x509_pm_free(X509 *x); +int x509_pm_load(X509 *x, const unsigned char *buffer, int len); +void x509_pm_unload(X509 *x); +void x509_pm_start_ca(X509 *x); -void* pkey_pm_new(void); -void pkey_pm_free(void *pm); -int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len); -void pkey_pm_unload_crt(void *pm); +int pkey_pm_new(EVP_PKEY *pkey); +void pkey_pm_free(EVP_PKEY *pkey); +int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len); +void pkey_pm_unload(EVP_PKEY *pkey); #endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 252e2566c3..48a7c7ca97 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -1,17 +1,16 @@ -/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. #ifndef _SSL_PORT_H_ #define _SSL_PORT_H_ diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 5332592460..0bdba459d3 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -1,29 +1,68 @@ -#include "ssl_cert.h" -#include "ssl_dbg.h" -#include "ssl_pm.h" +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "ssl_cert.h" +#include "ssl_pkey.h" +#include "ssl_x509.h" +#include "ssl_dbg.h" +#include "ssl_port.h" + +/* + * ssl_cert_new - create a certification object include private key object + * + * @param none + * + * @return certification object point or NULL if failed + */ CERT *ssl_cert_new(void) { - return ssl_zalloc(sizeof(CERT)); + CERT *cert; + + cert = ssl_zalloc(sizeof(CERT)); + if (!cert) + SSL_RET(failed1, "ssl_zalloc\n"); + + cert->pkey = EVP_PKEY_new(); + if (!cert->pkey) + SSL_RET(failed2, "EVP_PKEY_new\n"); + + cert->x509 = sk_X509_NAME_new_null(); + if (!cert->x509) + SSL_RET(failed3, "sk_X509_NAME_new_null\n"); + + return cert; + +failed3: + EVP_PKEY_free(cert->pkey); +failed2: + ssl_free(cert); +failed1: + return NULL; } +/* + * ssl_cert_free - free a certification object + * + * @param c - certification object point + * + * @return none + */ void ssl_cert_free(CERT *c) { - if (c->x509) - X509_free(c->x509); + X509_free(c->x509); - if (c->pkey) - EVP_PKEY_free(c->pkey); + EVP_PKEY_free(c->pkey); ssl_free(c); } - -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->client_CA = x; - - return 1; -} diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index e1e112cc7b..331ed17bd5 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1,11 +1,35 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_pkey.h" +#include "ssl_x509.h" #include "ssl_cert.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +#include "ssl_port.h" #define SSL_SEND_DATA_MAX_LENGTH 1460 +/* + * ossl_statem_in_error - Discover whether the current connection is in the error state + * + * @param ssl - SSL point + * + * @return + * 1 : Yes + * 0 : no + */ int ossl_statem_in_error(const SSL *ssl) { if (ssl->statem.state == MSG_FLOW_ERROR) @@ -23,7 +47,7 @@ int ossl_statem_in_error(const SSL *ssl) */ int SSL_want(const SSL *ssl) { - return 0; + return ssl->rwstate; } /* @@ -131,7 +155,7 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) SSL_ASSERT(ssl); - state = ssl->method->func->ssl_get_state(ssl); + state = SSL_METHOD_CALL(get_state, ssl); return state; } @@ -154,15 +178,15 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) client_ca = sk_X509_NAME_new_null(); if (!client_ca) - SSL_ERR(-2, go_failed1, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed1, "sk_X509_NAME_new_null\n"); cert = ssl_cert_new(); if (!cert) - SSL_ERR(-2, go_failed2, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed2, "ssl_cert_new\n"); ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx\n"); ctx->method = method; ctx->cert = cert; @@ -215,6 +239,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; + ctx->version = meth->version; + return 1; } @@ -258,10 +284,12 @@ SSL *SSL_new(SSL_CTX *ctx) ssl->version = ctx->version; ssl->options = ctx->options; - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (ret) SSL_RET(failed2, "ssl_new\n"); + ssl->rwstate = SSL_NOTHING; + return ssl; failed2: @@ -281,7 +309,7 @@ void SSL_free(SSL *ssl) { SSL_ASSERT(ssl); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); ssl_free(ssl); } @@ -302,7 +330,7 @@ int SSL_do_handshake(SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_handshake(ssl); + ret = SSL_METHOD_CALL(handshake, ssl); return ret; } @@ -357,7 +385,7 @@ int SSL_shutdown(SSL *ssl) if (SSL_get_state(ssl) != TLS_ST_OK) return 0; - ret = ssl->method->func->ssl_shutdown(ssl); + ret = SSL_METHOD_CALL(shutdown, ssl); return ret; } @@ -381,9 +409,9 @@ int SSL_clear(SSL *ssl) if (1 != ret) SSL_ERR(0, go_failed1, "SSL_shutdown\n"); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (!ret) SSL_ERR(0, go_failed1, "ssl_new\n"); @@ -413,7 +441,11 @@ int SSL_read(SSL *ssl, void *buffer, int len) SSL_ASSERT(buffer); SSL_ASSERT(len); - ret = ssl->method->func->ssl_read(ssl, buffer, len); + ssl->rwstate = SSL_READING; + + ret = SSL_METHOD_CALL(read, ssl, buffer, len); + + ssl->rwstate = SSL_NOTHING; return ret; } @@ -440,6 +472,8 @@ int SSL_write(SSL *ssl, const void *buffer, int len) SSL_ASSERT(buffer); SSL_ASSERT(len); + ssl->rwstate = SSL_WRITING; + send_bytes = len; pbuf = (const unsigned char *)buffer; @@ -451,13 +485,15 @@ int SSL_write(SSL *ssl, const void *buffer, int len) else bytes = send_bytes; - ret = ssl->method->func->ssl_send(ssl, buffer, len); + ret = SSL_METHOD_CALL(send, ssl, buffer, len); if (ret > 0) { pbuf += ret; send_bytes -= ret; } } while (ret > 0 && send_bytes); + ssl->rwstate = SSL_NOTHING; + send_bytes = len - send_bytes; if (send_bytes >= 0) ret = send_bytes; @@ -518,11 +554,11 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) if (1 != ret) SSL_ERR(0, go_failed1, "SSL_shutdown\n"); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); ssl->method = method; - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (!ret) SSL_ERR(0, go_failed1, "ssl_new\n"); } else { @@ -579,7 +615,7 @@ int SSL_pending(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_pending(ssl); + ret = SSL_METHOD_CALL(pending, ssl); return ret; } @@ -705,7 +741,7 @@ int SSL_get_fd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -725,7 +761,7 @@ int SSL_get_rfd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -745,7 +781,7 @@ int SSL_get_wfd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -767,7 +803,7 @@ int SSL_set_fd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -789,7 +825,7 @@ int SSL_set_rfd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -811,7 +847,7 @@ int SSL_set_wfd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -1451,7 +1487,7 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) SSL_ASSERT(ctx); SSL_ASSERT(len); - ctx->method->func->ssl_set_bufflen(NULL, len); + ctx->read_buffer_len = len; } /* @@ -1467,7 +1503,7 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) SSL_ASSERT(ssl); SSL_ASSERT(len); - ssl->method->func->ssl_set_bufflen(ssl, len); + SSL_METHOD_CALL(set_bufflen, ssl, len); } /* @@ -1688,3 +1724,18 @@ long SSL_set_timeout(SSL *ssl, long t) return t; } + +/* + * SSL_set_verify - set the SSL verifying of the SSL context + * + * @param ctx - SSL point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) +{ + SSL_ASSERT(ssl); + SSL_ASSERT(verify_callback); +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 502262f7e9..0c5c6e7fa4 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -1,7 +1,24 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_methods.h" #include "ssl_pm.h" +/* + * TLS method function collection + */ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_new, ssl_pm_free, ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, @@ -10,6 +27,9 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_set_bufflen, ssl_pm_get_state); +/* + * TLS or SSL client method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); @@ -20,7 +40,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); - +/* + * TLS or SSL server method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); @@ -31,7 +53,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); - +/* + * TLS or SSL method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); @@ -41,3 +65,17 @@ IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); + +/* + * X509 certification method collection + */ +IMPLEMENT_X509_METHOD(X509_method, + x509_pm_new, x509_pm_free, + x509_pm_load, x509_pm_unload); + +/* + * private key method collection + */ +IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, + pkey_pm_new, pkey_pm_free, + pkey_pm_load, pkey_pm_unload); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 2a170716c0..785ebf41db 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -1,50 +1,109 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_pkey.h" +#include "ssl_methods.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +#include "ssl_port.h" -EVP_PKEY *d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length) +/* + * EVP_PKEY_new - create a private key object + * + * @param none + * + * @return private key object point or NULL if failed + */ +EVP_PKEY* EVP_PKEY_new(void) { - EVP_PKEY *pkey; - void *pkey_pm; int ret; - - SSL_ASSERT(pp); - SSL_ASSERT(*pp); - SSL_ASSERT(length); + EVP_PKEY *pkey; pkey = ssl_malloc(sizeof(EVP_PKEY)); if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); - pkey_pm = pkey_pm_new(); - if (!pkey_pm) - SSL_RET(failed2, "pkey_pm_new\n"); + pkey->method = EVP_PKEY_method(); - ret = pkey_pm_load_crt(pkey_pm, *pp, length); + ret = EVP_PKEY_METHOD_CALL(new, pkey); if (ret) - SSL_RET(failed3, "pkey_pm_load_crt\n"); - - pkey->pkey_pm = pkey_pm; - if (a) - *a = pkey; + SSL_RET(failed2, "pkey_new\n"); return pkey; -failed3: - pkey_pm_free(pkey_pm); failed2: ssl_free(pkey); failed1: return NULL; } -void EVP_PKEY_free(EVP_PKEY *x) +/* + * EVP_PKEY_free - free a private key object + * + * @param pkey - private key object point + * + * @return none + */ +void EVP_PKEY_free(EVP_PKEY *pkey) { - pkey_pm_unload_crt(x->pkey_pm); - pkey_pm_free(x->pkey_pm); - ssl_free(x); + EVP_PKEY_METHOD_CALL(free, pkey); + + ssl_free(pkey); +} + +/* + * d2i_PrivateKey - load a character key context into system context. If '*a' is pointed to the + * private key, then load key into it. Or create a new private key object + * + * @param type - private key type + * @param a - a point pointed to a private key point + * @param pp - a point pointed to the key context memory point + * @param length - key bytes + * + * @return private key object point or NULL if failed + */ +EVP_PKEY *d2i_PrivateKey(int type, + EVP_PKEY **a, + const unsigned char **pp, + long length) +{ + int ret; + EVP_PKEY *pkey; + + SSL_ASSERT(pp); + SSL_ASSERT(*pp); + SSL_ASSERT(length); + + if (a && *a) { + pkey = *a; + } else { + pkey = EVP_PKEY_new();; + if (!pkey) + SSL_RET(failed1, "ssl_malloc\n"); + } + + ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); + if (ret) + SSL_RET(failed2, "pkey_pm_load_crt\n"); + + if (a) + *a = pkey; + + return pkey; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return NULL; } diff --git a/components/openssl/library/ssl_rsa.c b/components/openssl/library/ssl_rsa.c index 9088f67f57..75a2d3baa7 100644 --- a/components/openssl/library/ssl_rsa.c +++ b/components/openssl/library/ssl_rsa.c @@ -1,10 +1,33 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_rsa.h" #include "ssl_pkey.h" #include "ssl_x509.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +/* + * SSL_CTX_use_certificate - set the SSL context certification + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { SSL_ASSERT(ctx); @@ -15,13 +38,24 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) return 1; } +/* + * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context + * + * @param ctx - SSL context point + * @param len - certification context bytes + * @param d - certification context point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) { int ret; X509 *cert; - cert = d2i_X509(NULL, d, len); + cert = d2i_X509(&ctx->cert->x509, d, len); if (!cert) SSL_RET(failed1, "d2i_X509\n"); @@ -37,6 +71,16 @@ failed1: return 0; } +/* + * SSL_CTX_use_certificate - set the SSL context private key + * + * @param ctx - SSL context point + * @param x - private key point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { SSL_ASSERT(ctx); @@ -47,13 +91,25 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) return 1; } +/* + * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context + * + * @param type - private key type + * @param ctx - SSL context point + * @param d - private key context point + * @param len - private key context bytes + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; EVP_PKEY *pkey; - pkey = d2i_PrivateKey(0, NULL, &d, len); + pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); if (!pkey) SSL_RET(failed1, "d2i_PrivateKey\n"); @@ -68,3 +124,23 @@ failed2: failed1: return 0; } + +/* + * SSL_CTX_add_client_CA - set SSL context client CA certification + * + * @param ctx - SSL context point + * @param x - client CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->client_CA = x; + + return 1; +} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 23aa00681e..fd2643e6b7 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -1,54 +1,100 @@ -#include "ssl_x509.h" -#include "ssl_dbg.h" -#include "ssl_pm.h" +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "ssl_x509.h" +#include "ssl_methods.h" +#include "ssl_dbg.h" +#include "ssl_port.h" + +/* + * sk_X509_NAME_new_null - create a X509 certification object + * + * @param none + * + * @return X509 certification object point or NULL if failed + */ X509* sk_X509_NAME_new_null(void) { - return ssl_malloc(sizeof(X509)); -} - -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) -{ - X509 *x509_crt; - void *x509_pm; int ret; + X509 *x; - SSL_ASSERT(cert); - SSL_ASSERT(buffer); - SSL_ASSERT(len); + x = ssl_malloc(sizeof(X509)); + if (!x) + SSL_RET(failed1, "ssl_malloc\n"); - x509_crt = sk_X509_NAME_new_null(); - if (!x509_crt) - SSL_RET(failed1, ""); + x->method = X509_method(); - x509_pm = x509_pm_new(); - if (!x509_pm) - SSL_RET(failed2, ""); - - ret = x509_pm_load_crt(x509_pm, buffer, len); + ret = x->method->x509_new(x); if (ret) - SSL_RET(failed3, ""); + SSL_RET(failed2, "x509_new\n"); - x509_crt->x509_pm = x509_pm; - if (cert) - *cert = x509_crt; + return x; - return x509_crt; - -failed3: - x509_pm_free(x509_pm); failed2: - ssl_free(x509_crt); + ssl_free(x); failed1: return NULL; } -void X509_free(X509 *cert) +/* + * X509_free - free a X509 certification object + * + * @param x - X509 certification object point + * + * @return none + */ +void X509_free(X509 *x) { - if (cert->x509_pm) { - x509_pm_unload_crt(cert->x509_pm); - x509_pm_free(cert->x509_pm); - } - ssl_free(cert); + X509_METHOD_CALL(free, x); + + ssl_free(x); }; +/* + * d2i_X509 - load a character certification context into system context. If '*cert' is pointed to the + * certification, then load certification into it. Or create a new X509 certification object + * + * @param cert - a point pointed to X509 certification + * @param buffer - a point pointed to the certification context memory point + * @param length - certification bytes + * + * @return X509 certification object point or NULL if failed + */ +X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) +{ + int ret; + X509 *x; + + SSL_ASSERT(buffer); + SSL_ASSERT(len); + + if (cert && *cert) { + x = *cert; + } else { + x = sk_X509_NAME_new_null(); + if (!x) + SSL_RET(failed1, "sk_X509_NAME_new_null\n"); + } + + ret = X509_METHOD_CALL(load, x, buffer, len); + if (ret) + SSL_RET(failed2, "x509_load\n"); + + return x; + +failed2: + X509_free(x); +failed1: + return NULL; +} diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 9d207b3a0e..b8a046aa1e 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -1,4 +1,19 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_pm.h" +#include "ssl_port.h" #include "ssl_dbg.h" #include @@ -30,11 +45,15 @@ struct ssl_pm struct x509_pm { + int load; + mbedtls_x509_crt x509_crt; }; struct pkey_pm { + int load; + mbedtls_pk_context pkey; }; @@ -42,44 +61,6 @@ struct pkey_pm unsigned int max_content_len; -/*********************************************************************************************/ -/********************************* SSL general interface *************************************/ - -void* ssl_zalloc(size_t size) -{ - void *p = malloc(size); - - if (p) - memset(p, 0, size); - - return p; -} - -void *ssl_malloc(size_t size) -{ - return ssl_zalloc(size); -} - -void ssl_free(void *p) -{ - free(p); -} - -void* ssl_memcpy(void *to, const void *from, size_t size) -{ - return memcpy(to, from, size); -} - -void ssl_speed_up_enter(void) -{ - -} - -void ssl_speed_up_exit(void) -{ - -} - /*********************************************************************************************/ /************************************ SSL arch interface *************************************/ @@ -90,13 +71,18 @@ int ssl_pm_new(SSL *ssl) char *pers; int endpoint; + int mode; + int version; SSL_CTX *ctx = ssl->ctx; const SSL_METHOD *method = ssl->method; - ssl_pm = malloc(sizeof(struct ssl_pm)); + struct x509_pm *x509_pm; + struct pkey_pm *pkey_pm; + + ssl_pm = ssl_malloc(sizeof(struct ssl_pm)); if (!ssl_pm) - return -1; + SSL_ERR(ret, failed1, "ssl_malloc\n"); if (method->endpoint) { pers = "server"; @@ -124,21 +110,34 @@ int ssl_pm_new(SSL *ssl) if (ret) SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); + if (TLS1_2_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_3; + else if (TLS1_1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_2; + else if (TLS1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_1; + else + version = MBEDTLS_SSL_MINOR_VERSION_0; + + mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); + mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); - if (ctx->client_CA->x509_pm) { - struct x509_pm *x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + if (x509_pm->load) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_REQUIRED); + mode = MBEDTLS_SSL_VERIFY_REQUIRED; } else { - mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_NONE); + mode = MBEDTLS_SSL_VERIFY_NONE; } - if (ctx->cert->x509 && - ctx->cert->pkey) { - struct x509_pm *x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; - struct pkey_pm *pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); + + pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + if (pkey_pm->load) { + x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); if (ret) @@ -332,21 +331,24 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) return state; } -void* x509_pm_new(void) +int x509_pm_new(X509 *x) { - return ssl_malloc(sizeof(struct x509_pm)); + struct x509_pm *x509_pm; + + x509_pm = ssl_malloc(sizeof(struct x509_pm)); + if (!x509_pm) + return -1; + + x->x509_pm = x509_pm; + + return 0; } -void x509_pm_free(void *pm) -{ - ssl_free(pm); -} - -int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len) +int x509_pm_load(X509 *x, const unsigned char *buffer, int len) { int ret; unsigned char *load_buf; - struct x509_pm *x509_pm = (struct x509_pm *)pm; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; load_buf = ssl_malloc(len + 1); if (!load_buf) @@ -362,34 +364,48 @@ int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len) if (ret) SSL_RET(failed1, ""); + x509_pm->load = 1; + return 0; failed1: return -1; } -void x509_pm_unload_crt(void *pm) +void x509_pm_unload(X509 *x) { - struct x509_pm *x509_pm = (struct x509_pm *)pm; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; mbedtls_x509_crt_free(&x509_pm->x509_crt); + + x509_pm->load = 0; } -void* pkey_pm_new(void) +void x509_pm_free(X509 *x) { - return ssl_malloc(sizeof(struct pkey_pm)); + x509_pm_unload(x); + + ssl_free(x->x509_pm); } -void pkey_pm_free(void *pm) +int pkey_pm_new(EVP_PKEY *pkey) { - ssl_free(pm); + struct pkey_pm *pkey_pm; + + pkey_pm = ssl_malloc(sizeof(struct pkey_pm)); + if (!pkey_pm) + return -1; + + pkey->pkey_pm = pkey_pm; + + return 0; } -int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len) +int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) { int ret; unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; load_buf = ssl_malloc(len + 1); if (!load_buf) @@ -405,17 +421,28 @@ int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len) if (ret) SSL_RET(failed1, ""); + pkey_pm->load = 1; + return 0; failed1: return -1; } -void pkey_pm_unload_crt(void *pm) +void pkey_pm_unload(EVP_PKEY *pkey) { - struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; mbedtls_pk_free(&pkey_pm->pkey); + + pkey_pm->load = 0; +} + +void pkey_pm_free(EVP_PKEY *pkey) +{ + pkey_pm_unload(pkey); + + ssl_free(pkey->pkey_pm); } void ssl_pm_set_bufflen(SSL *ssl, int len) diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 66aac5f6d9..4045e29116 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -1,17 +1,16 @@ -/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. #include #include "ssl_port.h" From 845ca8b34ffce008f8992b5799964da14209739f Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 11:43:59 +0800 Subject: [PATCH 06/52] components/openssl: delete ssl_rsa.c & .h file --- components/openssl/include/internal/ssl_rsa.h | 28 ---- .../openssl/include/platform/ssl_port.h | 2 + components/openssl/library/ssl_pkey.c | 55 +++++++ components/openssl/library/ssl_rsa.c | 146 ------------------ components/openssl/library/ssl_x509.c | 74 +++++++++ components/openssl/platform/ssl_pm.c | 23 ++- components/openssl/platform/ssl_port.c | 7 +- 7 files changed, 146 insertions(+), 189 deletions(-) delete mode 100644 components/openssl/include/internal/ssl_rsa.h delete mode 100644 components/openssl/library/ssl_rsa.c diff --git a/components/openssl/include/internal/ssl_rsa.h b/components/openssl/include/internal/ssl_rsa.h deleted file mode 100644 index d0ce40312c..0000000000 --- a/components/openssl/include/internal/ssl_rsa.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_RSA_H_ -#define _SSL_RSA_H_ - -#include "ssl_lib.h" - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); - -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len); - -#endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 48a7c7ca97..23ef5a8757 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -20,7 +20,9 @@ void* ssl_zalloc(size_t size); void *ssl_malloc(size_t size); void ssl_free(void *p); + void* ssl_memcpy(void *to, const void *from, size_t size); +size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 785ebf41db..0c8d9de8fa 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -107,3 +107,58 @@ failed2: failed1: return NULL; } + +/* + * SSL_CTX_use_certificate - set the SSL context private key + * + * @param ctx - SSL context point + * @param x - private key point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(pkey); + + ctx->cert->pkey = pkey; + + return 1; +} + +/* + * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context + * + * @param type - private key type + * @param ctx - SSL context point + * @param d - private key context point + * @param len - private key context bytes + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, + const unsigned char *d, long len) +{ + int ret; + EVP_PKEY *pkey; + + pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); + if (!pkey) + SSL_RET(failed1, "d2i_PrivateKey\n"); + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + + return 1; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return 0; +} + diff --git a/components/openssl/library/ssl_rsa.c b/components/openssl/library/ssl_rsa.c deleted file mode 100644 index 75a2d3baa7..0000000000 --- a/components/openssl/library/ssl_rsa.c +++ /dev/null @@ -1,146 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_lib.h" -#include "ssl_rsa.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_dbg.h" - -/* - * SSL_CTX_use_certificate - set the SSL context certification - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->cert->x509 = x; - - return 1; -} - -/* - * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context - * - * @param ctx - SSL context point - * @param len - certification context bytes - * @param d - certification context point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d) -{ - int ret; - X509 *cert; - - cert = d2i_X509(&ctx->cert->x509, d, len); - if (!cert) - SSL_RET(failed1, "d2i_X509\n"); - - ret = SSL_CTX_use_certificate(ctx, cert); - if (!ret) - SSL_RET(failed2, "SSL_CTX_use_certificate\n"); - - return 1; - -failed2: - X509_free(cert); -failed1: - return 0; -} - -/* - * SSL_CTX_use_certificate - set the SSL context private key - * - * @param ctx - SSL context point - * @param x - private key point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(pkey); - - ctx->cert->pkey = pkey; - - return 1; -} - -/* - * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context - * - * @param type - private key type - * @param ctx - SSL context point - * @param d - private key context point - * @param len - private key context bytes - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pkey; - - pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); - if (!pkey) - SSL_RET(failed1, "d2i_PrivateKey\n"); - - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - if (!ret) - SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - - return 1; - -failed2: - EVP_PKEY_free(pkey); -failed1: - return 0; -} - -/* - * SSL_CTX_add_client_CA - set SSL context client CA certification - * - * @param ctx - SSL context point - * @param x - client CA certification point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->client_CA = x; - - return 1; -} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index fd2643e6b7..219f283991 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -98,3 +98,77 @@ failed2: failed1: return NULL; } + +/* + * SSL_CTX_add_client_CA - set SSL context client CA certification + * + * @param ctx - SSL context point + * @param x - client CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->client_CA = x; + + return 1; +} + +/* + * SSL_CTX_use_certificate - set the SSL context certification + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->cert->x509 = x; + + return 1; +} + +/* + * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context + * + * @param ctx - SSL context point + * @param len - certification context bytes + * @param d - certification context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d) +{ + int ret; + X509 *cert; + + cert = d2i_X509(&ctx->cert->x509, d, len); + if (!cert) + SSL_RET(failed1, "d2i_X509\n"); + + ret = SSL_CTX_use_certificate(ctx, cert); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_certificate\n"); + + return 1; + +failed2: + X509_free(cert); +failed1: + return 0; +} + diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index b8a046aa1e..948c1bc4ee 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -16,8 +16,6 @@ #include "ssl_port.h" #include "ssl_dbg.h" -#include - /* mbedtls include */ #include "mbedtls/platform.h" #include "mbedtls/net.h" @@ -69,7 +67,9 @@ int ssl_pm_new(SSL *ssl) struct ssl_pm *ssl_pm; int ret; - char *pers; + const unsigned char pers[] = "OpenSSL PM"; + size_t pers_len = sizeof(pers); + int endpoint; int mode; int version; @@ -84,16 +84,6 @@ int ssl_pm_new(SSL *ssl) if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_malloc\n"); - if (method->endpoint) { - pers = "server"; - endpoint = MBEDTLS_SSL_IS_SERVER; - } else { - pers = "client"; - endpoint = MBEDTLS_SSL_IS_CLIENT; - } - - //max_content_len = 4096; - mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -102,10 +92,15 @@ int ssl_pm_new(SSL *ssl) mbedtls_entropy_init(&ssl_pm->entropy); mbedtls_ssl_init(&ssl_pm->ssl); - ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, (const unsigned char *)pers, strlen(pers)); + ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); if (ret) SSL_ERR(ret, failed1, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); + if (method->endpoint) { + endpoint = MBEDTLS_SSL_IS_SERVER; + } else { + endpoint = MBEDTLS_SSL_IS_CLIENT; + } ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 4045e29116..3e6ada5cc9 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include #include "ssl_port.h" +#include "string.h" #include "malloc.h" /*********************************************************************************************/ @@ -44,6 +44,11 @@ void* ssl_memcpy(void *to, const void *from, size_t size) return memcpy(to, from, size); } +size_t ssl_strlen(const char *src) +{ + return strlen(src); +} + void ssl_speed_up_enter(void) { From c504fe4856ed259b995dc1eb3cfa72b7dade21aa Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 12:57:39 +0800 Subject: [PATCH 07/52] components/openssl: 1. add stack_st structure and its advanced defination including its derived child defination 2. add SSL_add_client_CA & SSL_get_certificate --- .../openssl/include/internal/ssl_types.h | 19 +++++++++++-- .../openssl/include/internal/ssl_x509.h | 2 ++ components/openssl/library/ssl_x509.c | 27 +++++++++++++++++++ 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 417350627c..7f8503e2ab 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -20,7 +20,6 @@ typedef void SSL_CIPHER; typedef void X509_STORE_CTX; -typedef void X509_NAME; typedef void X509_STORE; typedef void RSA; @@ -28,7 +27,19 @@ typedef void RSA; typedef void STACK; typedef void BIO; -#define STACK_OF(x) x +#define STACK_OF(type) struct stack_st_##type + +#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + +#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) + +struct stack_st; +typedef struct stack_st OPENSSL_STACK; struct ssl_method_st; typedef struct ssl_method_st SSL_METHOD; @@ -66,6 +77,10 @@ typedef struct x509_method_st X509_METHOD; struct pkey_method_st; typedef struct pkey_method_st PKEY_METHOD; +struct stack_st { + char *data; +}; + struct evp_pkey_st { void *pkey_pm; diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index a169352bac..0583cd94e4 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -17,6 +17,8 @@ #include "ssl_types.h" +DEFINE_STACK_OF(X509_NAME) + X509* sk_X509_NAME_new_null(void); X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 219f283991..e322b6ad3d 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -119,6 +119,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return 1; } +/* + * SSL_add_client_CA - add CA client certification into the SSL + * + * @param ssl - SSL point + * @param x - CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_add_client_CA(SSL *ssl, X509 *x) +{ + +} + /* * SSL_CTX_use_certificate - set the SSL context certification * @@ -139,6 +154,18 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) return 1; } +/* + * SSL_get_certificate - get the SSL certification point + * + * @param ssl - SSL point + * + * @return SSL certification point + */ +X509 *SSL_get_certificate(const SSL *ssl) +{ + return ssl->cert->x509; +} + /* * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context * From 2cc32db52dd4d4de8a0521153f5dbd598106ec19 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 14:42:49 +0800 Subject: [PATCH 08/52] component/openssl: add openssl stack function and clear unused variate 1. add openssl 'new' and 'free' function 2. add clear unused variate to void warning to appear when compile 3. add internal function 'X509_new' to take the place of 'sk_X509_NAME_new_null' function whitch is openssl stack function --- components/openssl/include/internal/ssl_dbg.h | 6 ++--- .../openssl/include/internal/ssl_types.h | 21 ++++++++++++---- .../openssl/include/internal/ssl_x509.h | 10 +++++++- components/openssl/include/openssl/ssl.h | 4 ++-- components/openssl/library/ssl_cert.c | 2 +- components/openssl/library/ssl_lib.c | 20 +++++----------- components/openssl/library/ssl_pkey.c | 5 +++- components/openssl/library/ssl_x509.c | 24 ++++++++++++++++--- 8 files changed, 62 insertions(+), 30 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 27a192b28f..745de536ff 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -15,10 +15,10 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ -#define SSL_DEBUG_ENBALE 1 +#define SSL_DEBUG_ENBALE 0 #define SSL_DEBUG_LEVEL 0 -#define SSL_ASSERT_ENABLE 1 -#define SSL_DEBUG_LOCATION_ENABLE 1 +#define SSL_ASSERT_ENABLE 0 +#define SSL_DEBUG_LOCATION_ENABLE 0 #if SSL_DEBUG_ENBALE extern int ets_printf(const char *fmt, ...); diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 7f8503e2ab..133feb9dc1 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -27,6 +27,12 @@ typedef void RSA; typedef void STACK; typedef void BIO; +#define ossl_inline inline + +#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) +#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) +#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) + #define STACK_OF(type) struct stack_st_##type #define SKM_DEFINE_STACK_OF(t1, t2, t3) \ @@ -38,6 +44,8 @@ typedef void BIO; #define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); + struct stack_st; typedef struct stack_st OPENSSL_STACK; @@ -78,7 +86,12 @@ struct pkey_method_st; typedef struct pkey_method_st PKEY_METHOD; struct stack_st { - char *data; + + char **data; + + int num_alloc; + + OPENSSL_sk_compfunc c; }; struct evp_pkey_st { @@ -178,6 +191,8 @@ struct ssl_st int rwstate; + X509 *client_CA; + int err; void (*info_callback) (const SSL *ssl, int type, int val); @@ -249,8 +264,4 @@ typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg); -#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) -#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) -#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) - #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 0583cd94e4..ee3448544b 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -16,10 +16,18 @@ #define _SSL_X509_H_ #include "ssl_types.h" +#include "ssl_stack.h" DEFINE_STACK_OF(X509_NAME) -X509* sk_X509_NAME_new_null(void); +/* + * sk_X509_NAME_new_null - create a X509 certification object + * + * @param none + * + * @return X509 certification object point or NULL if failed + */ +X509* X509_new(void); X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 0d4c9c2080..b7506c8fb0 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -15,8 +15,8 @@ #ifndef _SSL_H_ #define _SSL_H_ -#include "ssl_port.h" -#include "internal/ssl_types.h" +#include "platform/ssl_port.h" +#include "internal/ssl_x509.h" /* { diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 0bdba459d3..caa901b660 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -37,7 +37,7 @@ CERT *ssl_cert_new(void) if (!cert->pkey) SSL_RET(failed2, "EVP_PKEY_new\n"); - cert->x509 = sk_X509_NAME_new_null(); + cert->x509 = X509_new(); if (!cert->x509) SSL_RET(failed3, "sk_X509_NAME_new_null\n"); diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 331ed17bd5..36e8cdf794 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -169,28 +169,27 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) */ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) { - int ret; SSL_CTX *ctx; CERT *cert; X509 *client_ca; if (!method) SSL_RET(go_failed1, "method\n"); - client_ca = sk_X509_NAME_new_null(); + client_ca = X509_new(); if (!client_ca) - SSL_ERR(-2, go_failed1, "sk_X509_NAME_new_null\n"); + SSL_RET(go_failed1, "sk_X509_NAME_new_null\n"); cert = ssl_cert_new(); if (!cert) - SSL_ERR(-2, go_failed2, "ssl_cert_new\n"); + SSL_RET(go_failed2, "ssl_cert_new\n"); ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx\n"); + SSL_RET(go_failed3, "ssl_ctx_new:ctx\n"); ctx->method = method; - ctx->cert = cert; ctx->client_CA = client_ca; + ctx->cert = cert; ctx->version = method->version; @@ -268,7 +267,6 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) SSL *SSL_new(SSL_CTX *ctx) { int ret; - void *ssl_pm; SSL *ssl; if (!ctx) @@ -485,7 +483,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len) else bytes = send_bytes; - ret = SSL_METHOD_CALL(send, ssl, buffer, len); + ret = SSL_METHOD_CALL(send, ssl, buffer, bytes); if (ret > 0) { pbuf += ret; send_bytes -= ret; @@ -798,8 +796,6 @@ int SSL_get_wfd(const SSL *ssl) */ int SSL_set_fd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); @@ -820,8 +816,6 @@ int SSL_set_fd(SSL *ssl, int fd) */ int SSL_set_rfd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); @@ -842,8 +836,6 @@ int SSL_set_rfd(SSL *ssl, int fd) */ int SSL_set_wfd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 0c8d9de8fa..c9866e27b5 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -78,6 +78,7 @@ EVP_PKEY *d2i_PrivateKey(int type, const unsigned char **pp, long length) { + int m = 0; int ret; EVP_PKEY *pkey; @@ -91,6 +92,7 @@ EVP_PKEY *d2i_PrivateKey(int type, pkey = EVP_PKEY_new();; if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); + m = 1; } ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); @@ -103,7 +105,8 @@ EVP_PKEY *d2i_PrivateKey(int type, return pkey; failed2: - EVP_PKEY_free(pkey); + if (m) + EVP_PKEY_free(pkey); failed1: return NULL; } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index e322b6ad3d..9c38849dd6 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -24,7 +24,7 @@ * * @return X509 certification object point or NULL if failed */ -X509* sk_X509_NAME_new_null(void) +X509* X509_new(void) { int ret; X509 *x; @@ -73,6 +73,7 @@ void X509_free(X509 *x) */ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) { + int m = 0; int ret; X509 *x; @@ -82,9 +83,10 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) if (cert && *cert) { x = *cert; } else { - x = sk_X509_NAME_new_null(); + x = X509_new(); if (!x) SSL_RET(failed1, "sk_X509_NAME_new_null\n"); + m = 1; } ret = X509_METHOD_CALL(load, x, buffer, len); @@ -94,7 +96,8 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) return x; failed2: - X509_free(x); + if (m) + X509_free(x); failed1: return NULL; } @@ -111,9 +114,14 @@ failed1: */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { + int ret; + SSL_ASSERT(ctx); SSL_ASSERT(x); + if (ctx->client_CA) + X509_free(ctx->client_CA); + ctx->client_CA = x; return 1; @@ -131,7 +139,17 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { + int ret; + SSL_ASSERT(ssl); + SSL_ASSERT(x); + + if (ssl->client_CA) + X509_free(ssl->client_CA); + + ssl->client_CA = x; + + return 1; } /* From b3145446aa31118a3ab8d58f771ebc3998cd10cb Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 15:15:16 +0800 Subject: [PATCH 09/52] components/openssl: add function "ssl_pm_get_verify_result" 1. add function ssl_pm_get_verify_result 2. add its platform low-level interface --- components/openssl/include/internal/ssl_code.h | 1 + .../openssl/include/internal/ssl_methods.h | 2 ++ components/openssl/include/internal/ssl_types.h | 4 ++++ components/openssl/include/platform/ssl_pm.h | 2 ++ components/openssl/library/ssl_lib.c | 14 ++++++++++++++ components/openssl/library/ssl_methods.c | 1 + components/openssl/library/ssl_x509.c | 4 ---- components/openssl/platform/ssl_pm.c | 16 ++++++++++++++++ 8 files changed, 40 insertions(+), 4 deletions(-) diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index 1510ce6ff4..de86e07df1 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -17,6 +17,7 @@ #include "ssl3.h" #include "tls1.h" +#include "x509_vfy.h" /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index b72b17ad3d..244eec38dd 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -21,6 +21,7 @@ read, send, pending, \ set_fd, get_fd, \ set_bufflen, \ + get_verify_result, \ get_state) \ static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ @@ -34,6 +35,7 @@ set_fd, \ get_fd, \ set_bufflen, \ + get_verify_result, \ get_state \ }; diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 133feb9dc1..761250eef7 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -193,6 +193,8 @@ struct ssl_st X509 *client_CA; + long verify_result; + int err; void (*info_callback) (const SSL *ssl, int type, int val); @@ -235,6 +237,8 @@ struct ssl_method_func_st { void (*ssl_set_bufflen)(SSL *ssl, int len); + long (*ssl_get_verify_result)(const SSL *ssl); + OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 783ba5445e..3f64a4ae32 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -49,4 +49,6 @@ void pkey_pm_free(EVP_PKEY *pkey); int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len); void pkey_pm_unload(EVP_PKEY *pkey); +long ssl_pm_get_verify_result(const SSL *ssl); + #endif diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 36e8cdf794..ac41be6276 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1731,3 +1731,17 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C SSL_ASSERT(ssl); SSL_ASSERT(verify_callback); } + +/* + * SSL_get_verify_result - get the verifying result of the SSL certification + * + * @param ssl - the SSL point + * + * @return the result of verifying + */ +long SSL_get_verify_result(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return SSL_METHOD_CALL(get_verify_result, ssl); +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 0c5c6e7fa4..c6fb40e59c 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -25,6 +25,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_read, ssl_pm_send, ssl_pm_pending, ssl_pm_set_fd, ssl_pm_get_fd, ssl_pm_set_bufflen, + ssl_pm_get_verify_result, ssl_pm_get_state); /* diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 9c38849dd6..102e5a543a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -114,8 +114,6 @@ failed1: */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { - int ret; - SSL_ASSERT(ctx); SSL_ASSERT(x); @@ -139,8 +137,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(x); diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 948c1bc4ee..ebb9687ea8 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -444,3 +444,19 @@ void ssl_pm_set_bufflen(SSL *ssl, int len) { max_content_len = len; } + +long ssl_pm_get_verify_result(const SSL *ssl) +{ + long ret; + long verify_result; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl); + + if (!ret) + verify_result = X509_V_OK; + else + verify_result = X509_V_ERR_UNSPECIFIED; + + return verify_result; +} From 6f07409d7c639bfa9a6eecbf97a74d4c8d762861 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 15:30:25 +0800 Subject: [PATCH 10/52] components/openssl: add function to set and get verify depth 1. add function to set and get SSL verify depth 2. add function to set and get SSL context verify depth 3. add X509_VERIFY_PARAM structure --- .../openssl/include/internal/ssl_types.h | 13 +++++ components/openssl/library/ssl_lib.c | 58 +++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 761250eef7..d001befdb9 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -76,6 +76,9 @@ typedef struct cert_st CERT; struct x509_st; typedef struct x509_st X509; +struct X509_VERIFY_PARAM_st; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + struct evp_pkey_st; typedef struct evp_pkey_st EVP_PKEY; @@ -139,6 +142,12 @@ struct ssl_session_st { long time; }; +struct X509_VERIFY_PARAM_st { + + int depth; + +}; + struct ssl_ctx_st { int version; @@ -164,6 +173,8 @@ struct ssl_ctx_st int read_ahead; int read_buffer_len; + + X509_VERIFY_PARAM param; }; struct ssl_st @@ -195,6 +206,8 @@ struct ssl_st long verify_result; + X509_VERIFY_PARAM param; + int err; void (*info_callback) (const SSL *ssl, int type, int val); diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ac41be6276..442920f119 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1745,3 +1745,61 @@ long SSL_get_verify_result(const SSL *ssl) return SSL_METHOD_CALL(get_verify_result, ssl); } + +/* + * SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context + * + * @param ctx - SSL context point + * + * @return verifying depth + */ +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->param.depth; +} + +/* + * SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context + * + * @param ctx - SSL context point + * @param depth - verifying depth + * + * @return one + */ +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) +{ + SSL_ASSERT(ctx); + + ctx->param.depth = depth; +} + +/* + * SSL_get_verify_depth - get the SSL verifying depth of the SSL + * + * @param ctx - SSL point + * + * @return verifying depth + */ +int SSL_get_verify_depth(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->param.depth; +} + +/* + * SSL_set_verify_depth - set the SSL verify depth of the SSL + * + * @param ctx - SSL point + * @param depth - verifying depth + * + * @return one + */ +void SSL_set_verify_depth(SSL *ssl, int depth) +{ + SSL_ASSERT(ssl); + + ssl->param.depth = depth; +} From 2faa2376a0de66af42ff2c55e00106472090677a Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 15:39:28 +0800 Subject: [PATCH 11/52] components/openssl: add empty function to load verify file into SSL context 1. add empty function to load private key into SSL context 2. add empty function to load certification into SSL context 3. add function to load RSA private key --- components/openssl/include/openssl/ssl.h | 4 +-- components/openssl/library/ssl_pkey.c | 31 ++++++++++++++++++++++++ components/openssl/library/ssl_x509.c | 15 ++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index b7506c8fb0..865405d868 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -927,7 +927,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, l * 1 : OK * 0 : failed */ -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);//adds the first private key found in file to ctx, The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); /* * SSL_CTX_use_certificate - load the RSA private key into SSL context @@ -952,7 +952,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); * 1 : OK * 0 : failed */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); /* * SSL_CTX_use_certificate_file - load the RSA private key file into SSL context diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index c9866e27b5..1ab080ac28 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -165,3 +165,34 @@ failed1: return 0; } +/* + * SSL_CTX_use_certificate_file - load the private key file into SSL context + * + * @param ctx - SSL context point + * @param file - private key file name + * @param type - private key encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + return 0; +} + +/* + * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context + * + * @param ctx - SSL context point + * @param d - data point + * @param len - RSA private key length + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) +{ + return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len); +} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 102e5a543a..b0ddd42593 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -213,3 +213,18 @@ failed1: return 0; } +/* + * SSL_CTX_use_certificate_file - load the certification file into SSL context + * + * @param ctx - SSL context point + * @param file - certification file name + * @param type - certification encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) +{ + return 0; +} From a99f6bd727cea8d8cdee32d2f28b09c6cf4fae99 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 15:56:56 +0800 Subject: [PATCH 12/52] components/openssl: add function load verify data into SSL 1. add function to load private key into SSL 1. add function to load certification into SSL --- components/openssl/library/ssl_pkey.c | 70 ++++++++++++++++++++++++++ components/openssl/library/ssl_x509.c | 71 +++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 1ab080ac28..a86a257e98 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -131,6 +131,26 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) return 1; } +/* + * SSL_CTX_use_certificate - set the SSL private key + * + * @param ctx - SSL point + * @param x - private key point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(pkey); + + ssl->cert->pkey = pkey; + + return 1; +} + /* * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context * @@ -165,6 +185,40 @@ failed1: return 0; } +/* + * SSL_use_PrivateKey_ASN1 - load private key into the SSL + * + * @param type - private key type + * @param ctx - SSL context point + * @param d - private key context point + * @param len - private key context bytes + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, + const unsigned char *d, long len) +{ + int ret; + EVP_PKEY *pkey; + + pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); + if (!pkey) + SSL_RET(failed1, "d2i_PrivateKey\n"); + + ret = SSL_use_PrivateKey(ssl, pkey); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + + return 1; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return 0; +} + /* * SSL_CTX_use_certificate_file - load the private key file into SSL context * @@ -181,6 +235,22 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) return 0; } +/* + * SSL_use_PrivateKey_file - load the private key file into SSL + * + * @param ctx - SSL point + * @param file - private key file name + * @param type - private key encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + return 0; +} + /* * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context * diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index b0ddd42593..ba5c924e75 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -168,6 +168,26 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) return 1; } +/* + * SSL_CTX_use_certificate - set the SSL certification + * + * @param ctx - SSL point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_certificate(SSL *ssl, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ssl->cert->x509 = x; + + return 1; +} + /* * SSL_get_certificate - get the SSL certification point * @@ -177,6 +197,8 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) */ X509 *SSL_get_certificate(const SSL *ssl) { + SSL_ASSERT(ssl); + return ssl->cert->x509; } @@ -213,6 +235,39 @@ failed1: return 0; } +/* + * SSL_use_certificate_ASN1 - load certification into the SSL + * + * @param ctx - SSL point + * @param len - certification context bytes + * @param d - certification context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_certificate_ASN1(SSL *ssl, int len, + const unsigned char *d) +{ + int ret; + X509 *cert; + + cert = d2i_X509(&ssl->cert->x509, d, len); + if (!cert) + SSL_RET(failed1, "d2i_X509\n"); + + ret = SSL_use_certificate(ssl, cert); + if (!ret) + SSL_RET(failed2, "SSL_use_certificate\n"); + + return 1; + +failed2: + X509_free(cert); +failed1: + return 0; +} + /* * SSL_CTX_use_certificate_file - load the certification file into SSL context * @@ -228,3 +283,19 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { return 0; } + +/* + * SSL_use_certificate_file - load the certification file into SSL + * + * @param ctx - SSL point + * @param file - certification file name + * @param type - certification encoding type + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_use_certificate_file(SSL *ssl, const char *file, int type) +{ + return 0; +} From fa6f03f77f3ff81f676d6bad017194c50d7cc2a1 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 16:08:36 +0800 Subject: [PATCH 13/52] components/openssl: add function to load certification or private key more than one time --- components/openssl/platform/ssl_pm.c | 42 ++++++++++++++++------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index ebb9687ea8..17cc080bb6 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -339,6 +339,16 @@ int x509_pm_new(X509 *x) return 0; } +void x509_pm_unload(X509 *x) +{ + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; + + if (x509_pm->load) + mbedtls_x509_crt_free(&x509_pm->x509_crt); + + x509_pm->load = 0; +} + int x509_pm_load(X509 *x, const unsigned char *buffer, int len) { int ret; @@ -352,6 +362,8 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; + x509_pm_unload(x); + mbedtls_x509_crt_init(&x509_pm->x509_crt); ret = mbedtls_x509_crt_parse(&x509_pm->x509_crt, load_buf, len); ssl_free(load_buf); @@ -367,15 +379,6 @@ failed1: return -1; } -void x509_pm_unload(X509 *x) -{ - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - mbedtls_x509_crt_free(&x509_pm->x509_crt); - - x509_pm->load = 0; -} - void x509_pm_free(X509 *x) { x509_pm_unload(x); @@ -396,6 +399,16 @@ int pkey_pm_new(EVP_PKEY *pkey) return 0; } +void pkey_pm_unload(EVP_PKEY *pkey) +{ + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; + + if (pkey_pm->load) + mbedtls_pk_free(&pkey_pm->pkey); + + pkey_pm->load = 0; +} + int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) { int ret; @@ -409,6 +422,8 @@ int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; + pkey_pm_unload(pkey); + mbedtls_pk_init(&pkey_pm->pkey); ret = mbedtls_pk_parse_key(&pkey_pm->pkey, load_buf, len, NULL, 0); ssl_free(load_buf); @@ -424,15 +439,6 @@ failed1: return -1; } -void pkey_pm_unload(EVP_PKEY *pkey) -{ - struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; - - mbedtls_pk_free(&pkey_pm->pkey); - - pkey_pm->load = 0; -} - void pkey_pm_free(EVP_PKEY *pkey) { pkey_pm_unload(pkey); From f796b4e58ef2311e11b51f15ef5e8807c84c5272 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 16:41:51 +0800 Subject: [PATCH 14/52] components/openssl: SSL load verify data from itself structure when "new" --- components/openssl/include/internal/ssl_types.h | 4 ++++ components/openssl/library/ssl_lib.c | 3 +++ components/openssl/library/ssl_pkey.c | 9 ++++++++- components/openssl/library/ssl_x509.c | 12 ++++++++++-- components/openssl/platform/ssl_pm.c | 6 +++--- 5 files changed, 28 insertions(+), 6 deletions(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index d001befdb9..6f2fb5a2f2 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -99,6 +99,8 @@ struct stack_st { struct evp_pkey_st { + int ref; + void *pkey_pm; const PKEY_METHOD *method; @@ -106,6 +108,8 @@ struct evp_pkey_st { struct x509_st { + int ref; + /* X509 certification platform private point */ void *x509_pm; diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 442920f119..7e3b4554d6 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -282,6 +282,9 @@ SSL *SSL_new(SSL_CTX *ctx) ssl->version = ctx->version; ssl->options = ctx->options; + ssl->cert = ctx->cert; + ssl->client_CA = ctx->client_CA; + ret = SSL_METHOD_CALL(new, ssl); if (ret) SSL_RET(failed2, "ssl_new\n"); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index a86a257e98..15c4977b0f 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -177,6 +177,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + ctx->cert->pkey->ref++; + return 1; failed2: @@ -203,7 +205,10 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, int ret; EVP_PKEY *pkey; - pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); + if (ssl->cert->pkey->ref) + SSL_RET(failed1); + + pkey = d2i_PrivateKey(0, NULL, &d, len); if (!pkey) SSL_RET(failed1, "d2i_PrivateKey\n"); @@ -211,6 +216,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + ssl->cert->pkey->ref++; + return 1; failed2: diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index ba5c924e75..6e249eef58 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -85,7 +85,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) } else { x = X509_new(); if (!x) - SSL_RET(failed1, "sk_X509_NAME_new_null\n"); + SSL_RET(failed1, "X509_new\n"); m = 1; } @@ -218,6 +218,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, { int ret; X509 *cert; + const unsigned char *pbuf; cert = d2i_X509(&ctx->cert->x509, d, len); if (!cert) @@ -227,6 +228,8 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, if (!ret) SSL_RET(failed2, "SSL_CTX_use_certificate\n"); + ctx->cert->x509->ref++; + return 1; failed2: @@ -252,7 +255,10 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, int ret; X509 *cert; - cert = d2i_X509(&ssl->cert->x509, d, len); + if (ssl->cert->x509->ref) + SSL_RET(failed1); + + cert = d2i_X509(NULL, d, len); if (!cert) SSL_RET(failed1, "d2i_X509\n"); @@ -260,6 +266,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, if (!ret) SSL_RET(failed2, "SSL_use_certificate\n"); + ssl->cert->x509->ref++; + return 1; failed2: diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 17cc080bb6..d4ed2ececb 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -120,7 +120,7 @@ int ssl_pm_new(SSL *ssl) mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); - x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm; if (x509_pm->load) { mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); @@ -130,9 +130,9 @@ int ssl_pm_new(SSL *ssl) } mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; if (pkey_pm->load) { - x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; + x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); if (ret) From 18787fd4fc9e1a0defb66cb29541432b8c76c4a9 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 17:20:07 +0800 Subject: [PATCH 15/52] components/openssl: add empty fucntion to get peer certification and fix ref overflow --- .../openssl/include/internal/ssl_types.h | 2 ++ components/openssl/library/ssl_pkey.c | 4 ++-- components/openssl/library/ssl_x509.c | 19 ++++++++++++++++--- components/openssl/platform/ssl_pm.c | 5 ++--- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 6f2fb5a2f2..7a0bd0d76f 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -144,6 +144,8 @@ struct ssl_session_st { long timeout; long time; + + X509 *peer; }; struct X509_VERIFY_PARAM_st { diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 15c4977b0f..7278287a63 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -177,7 +177,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - ctx->cert->pkey->ref++; + ctx->cert->pkey->ref = 1; return 1; @@ -216,7 +216,7 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - ssl->cert->pkey->ref++; + ssl->cert->pkey->ref = 1; return 1; diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 6e249eef58..19c94c3eca 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -218,7 +218,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, { int ret; X509 *cert; - const unsigned char *pbuf; cert = d2i_X509(&ctx->cert->x509, d, len); if (!cert) @@ -228,7 +227,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, if (!ret) SSL_RET(failed2, "SSL_CTX_use_certificate\n"); - ctx->cert->x509->ref++; + ctx->cert->x509->ref = 1; return 1; @@ -266,7 +265,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, if (!ret) SSL_RET(failed2, "SSL_use_certificate\n"); - ssl->cert->x509->ref++; + ssl->cert->x509->ref = 1; return 1; @@ -307,3 +306,17 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { return 0; } + +/* + * SSL_get_peer_certificate - get peer certification + * + * @param ssl - SSL point + * + * @return certification + */ +X509 *SSL_get_peer_certificate(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->session.peer; +} diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index d4ed2ececb..1ddd1f30d2 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -74,7 +74,6 @@ int ssl_pm_new(SSL *ssl) int mode; int version; - SSL_CTX *ctx = ssl->ctx; const SSL_METHOD *method = ssl->method; struct x509_pm *x509_pm; @@ -185,9 +184,9 @@ int ssl_pm_handshake(SSL *ssl) } ssl_speed_up_exit(); - if (!mbed_ret) + if (!mbed_ret) { ret = 1; - else { + } else { ret = 0; SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret); } From 1bfedf9816a12581a35a053b964b40b8182c44d9 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 18:33:55 +0800 Subject: [PATCH 16/52] components/openssl: fix the SSL_free memory leak --- components/openssl/library/ssl_lib.c | 2 +- components/openssl/platform/ssl_pm.c | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 7e3b4554d6..20c8931457 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -266,7 +266,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) */ SSL *SSL_new(SSL_CTX *ctx) { - int ret; + int ret = 0; SSL *ssl; if (!ctx) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 1ddd1f30d2..04e370f9fc 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -162,13 +162,13 @@ void ssl_pm_free(SSL *ssl) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); mbedtls_entropy_free(&ssl_pm->entropy); + mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); - mbedtls_net_free(&ssl_pm->fd); - mbedtls_net_free(&ssl_pm->cl_fd); + ssl_free(ssl_pm); + ssl->ssl_pm = NULL; } int ssl_pm_handshake(SSL *ssl) @@ -383,6 +383,7 @@ void x509_pm_free(X509 *x) x509_pm_unload(x); ssl_free(x->x509_pm); + x->x509_pm = NULL; } int pkey_pm_new(EVP_PKEY *pkey) @@ -443,6 +444,7 @@ void pkey_pm_free(EVP_PKEY *pkey) pkey_pm_unload(pkey); ssl_free(pkey->pkey_pm); + pkey->pkey_pm = NULL; } void ssl_pm_set_bufflen(SSL *ssl, int len) From 9fc054bb553c3df68eb3f956c4496ac178422c3f Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 10:33:31 +0800 Subject: [PATCH 17/52] components/openssl: SSL load cert with creating new cert object 1. when 'SSL_new' SSL's cert is pointed to SSL context cert If SSL load new cert, it will create a new cert object 2. change some debug informaion --- .../openssl/include/internal/ssl_types.h | 13 ++--- components/openssl/library/ssl_cert.c | 2 +- components/openssl/library/ssl_lib.c | 6 +++ components/openssl/library/ssl_pkey.c | 44 +++++++++++----- components/openssl/library/ssl_x509.c | 50 +++++++++++++------ components/openssl/platform/ssl_pm.c | 32 +++++++----- 6 files changed, 100 insertions(+), 47 deletions(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 7a0bd0d76f..c872c5191c 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -99,8 +99,6 @@ struct stack_st { struct evp_pkey_st { - int ref; - void *pkey_pm; const PKEY_METHOD *method; @@ -108,8 +106,6 @@ struct evp_pkey_st { struct x509_st { - int ref; - /* X509 certification platform private point */ void *x509_pm; @@ -127,6 +123,7 @@ struct cert_st { }; struct ossl_statem_st { + MSG_FLOW_STATE state; int hand_state; @@ -193,8 +190,14 @@ struct ssl_st /* shut things down(0x01 : sent, 0x02 : received) */ int shutdown; + int crt_reload; + CERT *cert; + int ca_reload; + + X509 *client_CA; + SSL_CTX *ctx; const SSL_METHOD *method; @@ -208,8 +211,6 @@ struct ssl_st int rwstate; - X509 *client_CA; - long verify_result; X509_VERIFY_PARAM param; diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index caa901b660..2d82e62aaa 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -39,7 +39,7 @@ CERT *ssl_cert_new(void) cert->x509 = X509_new(); if (!cert->x509) - SSL_RET(failed3, "sk_X509_NAME_new_null\n"); + SSL_RET(failed3, "X509_new\n"); return cert; diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 20c8931457..cc218f9a26 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -312,6 +312,12 @@ void SSL_free(SSL *ssl) SSL_METHOD_CALL(free, ssl); + if (ssl->ca_reload) + X509_free(ssl->client_CA); + + if (ssl->crt_reload) + ssl_cert_free(ssl->cert); + ssl_free(ssl); } diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 7278287a63..c77785f473 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -14,6 +14,7 @@ #include "ssl_lib.h" #include "ssl_pkey.h" +#include "ssl_cert.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" @@ -38,7 +39,7 @@ EVP_PKEY* EVP_PKEY_new(void) ret = EVP_PKEY_METHOD_CALL(new, pkey); if (ret) - SSL_RET(failed2, "pkey_new\n"); + SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n"); return pkey; @@ -91,13 +92,13 @@ EVP_PKEY *d2i_PrivateKey(int type, } else { pkey = EVP_PKEY_new();; if (!pkey) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "EVP_PKEY_new\n"); m = 1; } ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); if (ret) - SSL_RET(failed2, "pkey_pm_load_crt\n"); + SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n"); if (a) *a = pkey; @@ -177,8 +178,6 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - ctx->cert->pkey->ref = 1; - return 1; failed2: @@ -203,25 +202,44 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) { int ret; + int reload; EVP_PKEY *pkey; + CERT *cert; + CERT *old_cert; - if (ssl->cert->pkey->ref) - SSL_RET(failed1); + if (!ssl->crt_reload) { + cert = ssl_cert_new(); + if (!cert) + SSL_RET(failed1, "ssl_cert_new\n"); - pkey = d2i_PrivateKey(0, NULL, &d, len); + old_cert = ssl->cert ; + ssl->cert = cert; + + ssl->crt_reload = 1; + + reload = 1; + } else { + reload = 0; + } + + pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); if (!pkey) - SSL_RET(failed1, "d2i_PrivateKey\n"); + SSL_RET(failed2, "d2i_PrivateKey\n"); ret = SSL_use_PrivateKey(ssl, pkey); if (!ret) - SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - - ssl->cert->pkey->ref = 1; + SSL_RET(failed3, "SSL_use_PrivateKey\n"); return 1; -failed2: +failed3: EVP_PKEY_free(pkey); +failed2: + if (reload) { + ssl->cert = old_cert; + ssl_cert_free(cert); + ssl->crt_reload = 0; + } failed1: return 0; } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 19c94c3eca..9ca60d8b31 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -13,6 +13,7 @@ // limitations under the License. #include "ssl_x509.h" +#include "ssl_cert.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" @@ -91,7 +92,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) ret = X509_METHOD_CALL(load, x, buffer, len); if (ret) - SSL_RET(failed2, "x509_load\n"); + SSL_RET(failed2, "X509_METHOD_CALL\n"); return x; @@ -140,7 +141,9 @@ int SSL_add_client_CA(SSL *ssl, X509 *x) SSL_ASSERT(ssl); SSL_ASSERT(x); - if (ssl->client_CA) + if (!ssl->ca_reload) + ssl->ca_reload = 1; + else X509_free(ssl->client_CA); ssl->client_CA = x; @@ -227,8 +230,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, if (!ret) SSL_RET(failed2, "SSL_CTX_use_certificate\n"); - ctx->cert->x509->ref = 1; - return 1; failed2: @@ -252,25 +253,44 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d) { int ret; - X509 *cert; + int reload; + X509 *x; + CERT *cert; + CERT *old_cert; - if (ssl->cert->x509->ref) - SSL_RET(failed1); + if (!ssl->crt_reload) { + cert = ssl_cert_new(); + if (!cert) + SSL_RET(failed1, "ssl_cert_new\n"); - cert = d2i_X509(NULL, d, len); - if (!cert) - SSL_RET(failed1, "d2i_X509\n"); + old_cert = ssl->cert ; + ssl->cert = cert; - ret = SSL_use_certificate(ssl, cert); + ssl->crt_reload = 1; + + reload = 1; + } else { + reload = 0; + } + + x = d2i_X509(&ssl->cert->x509, d, len); + if (!x) + SSL_RET(failed2, "d2i_X509\n"); + + ret = SSL_use_certificate(ssl, x); if (!ret) - SSL_RET(failed2, "SSL_use_certificate\n"); - - ssl->cert->x509->ref = 1; + SSL_RET(failed3, "SSL_use_certificate\n"); return 1; +failed3: + X509_free(x); failed2: - X509_free(cert); + if (reload) { + ssl->cert = old_cert; + ssl_cert_free(cert); + ssl->crt_reload = 0; + } failed1: return 0; } diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 04e370f9fc..54e6cba25c 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -43,16 +43,16 @@ struct ssl_pm struct x509_pm { - int load; - mbedtls_x509_crt x509_crt; + + int load; }; struct pkey_pm { - int load; - mbedtls_pk_context pkey; + + int load; }; @@ -79,9 +79,13 @@ int ssl_pm_new(SSL *ssl) struct x509_pm *x509_pm; struct pkey_pm *pkey_pm; + ssl->session.peer = ssl_malloc(sizeof(X509)); + if (!ssl->session.peer) + SSL_ERR(ret, failed1, "ssl_malloc\n"); + ssl_pm = ssl_malloc(sizeof(struct ssl_pm)); if (!ssl_pm) - SSL_ERR(ret, failed1, "ssl_malloc\n"); + SSL_ERR(ret, failed2, "ssl_malloc\n"); mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -93,7 +97,7 @@ int ssl_pm_new(SSL *ssl) ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); if (ret) - SSL_ERR(ret, failed1, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); + SSL_ERR(ret, failed3, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); if (method->endpoint) { endpoint = MBEDTLS_SSL_IS_SERVER; @@ -102,7 +106,7 @@ int ssl_pm_new(SSL *ssl) } ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) - SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); + SSL_ERR(ret, failed3, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); if (TLS1_2_VERSION == ssl->version) version = MBEDTLS_SSL_MINOR_VERSION_3; @@ -135,12 +139,12 @@ int ssl_pm_new(SSL *ssl) ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); if (ret) - SSL_ERR(ret, failed3, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); + SSL_ERR(ret, failed4, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); } ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); if (ret) - SSL_ERR(ret, failed4, "mbedtls_ssl_setup:[-0x%x]\n", -ret); + SSL_ERR(ret, failed5, "mbedtls_ssl_setup:[-0x%x]\n", -ret); mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); @@ -148,12 +152,14 @@ int ssl_pm_new(SSL *ssl) return 0; -failed4: +failed5: mbedtls_ssl_config_free(&ssl_pm->conf); -failed3: +failed4: mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); -failed2: +failed3: mbedtls_entropy_free(&ssl_pm->entropy); +failed2: + ssl_free(ssl->session.peer); failed1: return -1; } @@ -186,6 +192,8 @@ int ssl_pm_handshake(SSL *ssl) if (!mbed_ret) { ret = 1; + + ssl->session.peer = (X509 *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); } else { ret = 0; SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret); From 07c8bbca6c70836b46cf040a472eb348b1d9f59d Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 10:53:18 +0800 Subject: [PATCH 18/52] components/openssl: SSL low-level reload cert when user add new cert --- .../openssl/include/internal/ssl_methods.h | 2 ++ .../openssl/include/internal/ssl_types.h | 2 ++ components/openssl/include/platform/ssl_pm.h | 2 ++ components/openssl/library/ssl_methods.c | 1 + components/openssl/library/ssl_pkey.c | 19 +++++++++++- components/openssl/library/ssl_x509.c | 11 ++++++- components/openssl/platform/ssl_pm.c | 30 +++++++++++++++++++ 7 files changed, 65 insertions(+), 2 deletions(-) diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 244eec38dd..2893db1888 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -22,6 +22,7 @@ set_fd, get_fd, \ set_bufflen, \ get_verify_result, \ + ssl_reload_crt, \ get_state) \ static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ @@ -36,6 +37,7 @@ get_fd, \ set_bufflen, \ get_verify_result, \ + ssl_reload_crt, \ get_state \ }; diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index c872c5191c..47e6b0bf65 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -259,6 +259,8 @@ struct ssl_method_func_st { long (*ssl_get_verify_result)(const SSL *ssl); + int (*ssl_reload_crt)(SSL *ssl); + OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 3f64a4ae32..53bff0d80e 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -51,4 +51,6 @@ void pkey_pm_unload(EVP_PKEY *pkey); long ssl_pm_get_verify_result(const SSL *ssl); +int ssl_pm_reload_crt(SSL *ssl); + #endif diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index c6fb40e59c..0674f40587 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -26,6 +26,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_set_fd, ssl_pm_get_fd, ssl_pm_set_bufflen, ssl_pm_get_verify_result, + ssl_pm_reload_crt, ssl_pm_get_state); /* diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index c77785f473..893a391dd8 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -127,6 +127,9 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSL_ASSERT(ctx); SSL_ASSERT(pkey); + if (ctx->cert->pkey) + EVP_PKEY_free(ctx->cert->pkey); + ctx->cert->pkey = pkey; return 1; @@ -144,12 +147,26 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { + int ret; + int ssl_ret; + SSL_ASSERT(ctx); SSL_ASSERT(pkey); + if (!ssl->ca_reload) + ssl->ca_reload = 1; + else + EVP_PKEY_free(ssl->cert->pkey); + ssl->cert->pkey = pkey; - return 1; + ssl_ret = SSL_METHOD_CALL(reload_crt, ssl); + if (ssl_ret) + ret = 0; + else + ret = 1; + + return ret; } /* diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 9ca60d8b31..2368344a7a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -138,6 +138,9 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { + int ret; + int ssl_ret; + SSL_ASSERT(ssl); SSL_ASSERT(x); @@ -148,7 +151,13 @@ int SSL_add_client_CA(SSL *ssl, X509 *x) ssl->client_CA = x; - return 1; + ssl_ret = SSL_METHOD_CALL(reload_crt, ssl); + if (ssl_ret) + ret = 0; + else + ret = 1; + + return ret; } /* diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 54e6cba25c..00c8f83020 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -475,3 +475,33 @@ long ssl_pm_get_verify_result(const SSL *ssl) return verify_result; } + +int ssl_pm_reload_crt(SSL *ssl) +{ + int ret; + int mode; + struct ssl_pm *ssl_pm = ssl->ssl_pm; + struct x509_pm *x509_pm; + struct pkey_pm *pkey_pm; + + x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm; + if (x509_pm->load) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); + + mode = MBEDTLS_SSL_VERIFY_REQUIRED; + } else { + mode = MBEDTLS_SSL_VERIFY_NONE; + } + mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); + + pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; + if (pkey_pm->load) { + x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; + + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); + if (ret) + return -1; + } + + return 0; +} From f5d9bfc7aecdda78f849e0f9bd7dd4b228feb8ab Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 11:03:13 +0800 Subject: [PATCH 19/52] components/openssl: fix SSL get peer cert struct point type error 1. fix SSL get peer cert struct point type error 2. some function use "zalloc" instead of "malloc" --- components/openssl/library/ssl_pkey.c | 2 +- components/openssl/library/ssl_x509.c | 2 +- components/openssl/platform/ssl_pm.c | 18 +++++++++--------- components/openssl/platform/ssl_port.c | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 893a391dd8..ab56fe789d 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -31,7 +31,7 @@ EVP_PKEY* EVP_PKEY_new(void) int ret; EVP_PKEY *pkey; - pkey = ssl_malloc(sizeof(EVP_PKEY)); + pkey = ssl_zalloc(sizeof(EVP_PKEY)); if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 2368344a7a..431f03caa9 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -30,7 +30,7 @@ X509* X509_new(void) int ret; X509 *x; - x = ssl_malloc(sizeof(X509)); + x = ssl_zalloc(sizeof(X509)); if (!x) SSL_RET(failed1, "ssl_malloc\n"); diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 00c8f83020..10b736aa9c 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -79,13 +79,13 @@ int ssl_pm_new(SSL *ssl) struct x509_pm *x509_pm; struct pkey_pm *pkey_pm; - ssl->session.peer = ssl_malloc(sizeof(X509)); + ssl->session.peer = ssl_zalloc(sizeof(X509)); if (!ssl->session.peer) - SSL_ERR(ret, failed1, "ssl_malloc\n"); + SSL_ERR(ret, failed1, "ssl_zalloc\n"); - ssl_pm = ssl_malloc(sizeof(struct ssl_pm)); + ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) - SSL_ERR(ret, failed2, "ssl_malloc\n"); + SSL_ERR(ret, failed2, "ssl_zalloc\n"); mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -193,7 +193,7 @@ int ssl_pm_handshake(SSL *ssl) if (!mbed_ret) { ret = 1; - ssl->session.peer = (X509 *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); + ssl->session.peer->x509_pm = (struct x509_pm *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); } else { ret = 0; SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret); @@ -337,7 +337,7 @@ int x509_pm_new(X509 *x) { struct x509_pm *x509_pm; - x509_pm = ssl_malloc(sizeof(struct x509_pm)); + x509_pm = ssl_zalloc(sizeof(struct x509_pm)); if (!x509_pm) return -1; @@ -364,7 +364,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) load_buf = ssl_malloc(len + 1); if (!load_buf) - SSL_RET(failed1, ""); + SSL_RET(failed1); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; @@ -398,7 +398,7 @@ int pkey_pm_new(EVP_PKEY *pkey) { struct pkey_pm *pkey_pm; - pkey_pm = ssl_malloc(sizeof(struct pkey_pm)); + pkey_pm = ssl_zalloc(sizeof(struct pkey_pm)); if (!pkey_pm) return -1; @@ -425,7 +425,7 @@ int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) load_buf = ssl_malloc(len + 1); if (!load_buf) - SSL_RET(failed1, ""); + SSL_RET(failed1); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 3e6ada5cc9..b57e703a17 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -31,7 +31,7 @@ void* ssl_zalloc(size_t size) void *ssl_malloc(size_t size) { - return ssl_zalloc(size); + return malloc(size); } void ssl_free(void *p) From e475d0539eb8c960f7996d0ec6c0842f4534a235 Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 11:41:57 +0800 Subject: [PATCH 20/52] components/openssl: add SSL and SSL context verify mode selection --- .../openssl/include/internal/ssl_code.h | 5 + .../openssl/include/internal/ssl_methods.h | 2 - .../openssl/include/internal/ssl_types.h | 8 +- components/openssl/include/platform/ssl_pm.h | 2 - components/openssl/library/ssl_lib.c | 50 +++++++--- components/openssl/library/ssl_methods.c | 1 - components/openssl/library/ssl_pkey.c | 8 +- components/openssl/library/ssl_x509.c | 11 +-- components/openssl/platform/ssl_pm.c | 96 ++++++++----------- 9 files changed, 88 insertions(+), 95 deletions(-) diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index de86e07df1..e76b35abe9 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -23,6 +23,11 @@ # define SSL_SENT_SHUTDOWN 1 # define SSL_RECEIVED_SHUTDOWN 2 +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 + /* * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you * should not need these diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 2893db1888..244eec38dd 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -22,7 +22,6 @@ set_fd, get_fd, \ set_bufflen, \ get_verify_result, \ - ssl_reload_crt, \ get_state) \ static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ @@ -37,7 +36,6 @@ get_fd, \ set_bufflen, \ get_verify_result, \ - ssl_reload_crt, \ get_state \ }; diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 47e6b0bf65..6da6076148 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -171,6 +171,8 @@ struct ssl_ctx_st int verify_mode; + int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); + long session_timeout; int read_ahead; @@ -209,6 +211,10 @@ struct ssl_st SSL_SESSION session; + int verify_mode; + + int (*verify_callback) (int ok, X509_STORE_CTX *ctx); + int rwstate; long verify_result; @@ -259,8 +265,6 @@ struct ssl_method_func_st { long (*ssl_get_verify_result)(const SSL *ssl); - int (*ssl_reload_crt)(SSL *ssl); - OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 53bff0d80e..3f64a4ae32 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -51,6 +51,4 @@ void pkey_pm_unload(EVP_PKEY *pkey); long ssl_pm_get_verify_result(const SSL *ssl); -int ssl_pm_reload_crt(SSL *ssl); - #endif diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index cc218f9a26..ae517b0a40 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -284,6 +284,7 @@ SSL *SSL_new(SSL_CTX *ctx) ssl->cert = ctx->cert; ssl->client_CA = ctx->client_CA; + ssl->verify_mode = ctx->verify_mode; ret = SSL_METHOD_CALL(new, ssl); if (ret) @@ -1726,21 +1727,6 @@ long SSL_set_timeout(SSL *ssl, long t) return t; } -/* - * SSL_set_verify - set the SSL verifying of the SSL context - * - * @param ctx - SSL point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none - */ -void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) -{ - SSL_ASSERT(ssl); - SSL_ASSERT(verify_callback); -} - /* * SSL_get_verify_result - get the verifying result of the SSL certification * @@ -1812,3 +1798,37 @@ void SSL_set_verify_depth(SSL *ssl, int depth) ssl->param.depth = depth; } + +/* + * SSL_CTX_set_verify - set the SSL context verifying of the SSL context + * + * @param ctx - SSL context point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) +{ + SSL_ASSERT(ctx); + + ctx->verify_mode = mode; + ctx->default_verify_callback = verify_callback; +} + +/* + * SSL_set_verify - set the SSL verifying of the SSL context + * + * @param ctx - SSL point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) +{ + SSL_ASSERT(ctx); + + ssl->verify_mode = mode; + ssl->verify_callback = verify_callback; +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 0674f40587..c6fb40e59c 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -26,7 +26,6 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_set_fd, ssl_pm_get_fd, ssl_pm_set_bufflen, ssl_pm_get_verify_result, - ssl_pm_reload_crt, ssl_pm_get_state); /* diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index ab56fe789d..e13870344f 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -160,13 +160,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) ssl->cert->pkey = pkey; - ssl_ret = SSL_METHOD_CALL(reload_crt, ssl); - if (ssl_ret) - ret = 0; - else - ret = 1; - - return ret; + return 1; } /* diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 431f03caa9..6eb3c1d461 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -138,9 +138,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - int ret; - int ssl_ret; - SSL_ASSERT(ssl); SSL_ASSERT(x); @@ -151,13 +148,7 @@ int SSL_add_client_CA(SSL *ssl, X509 *x) ssl->client_CA = x; - ssl_ret = SSL_METHOD_CALL(reload_crt, ssl); - if (ssl_ret) - ret = 0; - else - ret = 1; - - return ret; + return 1; } /* diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 10b736aa9c..cd29882dfa 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -71,14 +71,10 @@ int ssl_pm_new(SSL *ssl) size_t pers_len = sizeof(pers); int endpoint; - int mode; int version; const SSL_METHOD *method = ssl->method; - struct x509_pm *x509_pm; - struct pkey_pm *pkey_pm; - ssl->session.peer = ssl_zalloc(sizeof(X509)); if (!ssl->session.peer) SSL_ERR(ret, failed1, "ssl_zalloc\n"); @@ -123,28 +119,9 @@ int ssl_pm_new(SSL *ssl) mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); - x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm; - if (x509_pm->load) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - - mode = MBEDTLS_SSL_VERIFY_REQUIRED; - } else { - mode = MBEDTLS_SSL_VERIFY_NONE; - } - mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - - pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; - if (pkey_pm->load) { - x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; - - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); - if (ret) - SSL_ERR(ret, failed4, "mbedtls_ssl_conf_own_cert:[%d]\n", ret); - } - ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); if (ret) - SSL_ERR(ret, failed5, "mbedtls_ssl_setup:[-0x%x]\n", -ret); + SSL_ERR(ret, failed4, "mbedtls_ssl_setup:[-0x%x]\n", -ret); mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); @@ -152,9 +129,8 @@ int ssl_pm_new(SSL *ssl) return 0; -failed5: - mbedtls_ssl_config_free(&ssl_pm->conf); failed4: + mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); failed3: mbedtls_entropy_free(&ssl_pm->entropy); @@ -177,11 +153,49 @@ void ssl_pm_free(SSL *ssl) ssl->ssl_pm = NULL; } +static int ssl_pm_reload_crt(SSL *ssl) +{ + int ret; + int mode; + struct ssl_pm *ssl_pm = ssl->ssl_pm; + struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm; + + struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; + struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; + + if (ssl->verify_mode == SSL_VERIFY_PEER) + mode = MBEDTLS_SSL_VERIFY_REQUIRED; + else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT) + mode = MBEDTLS_SSL_VERIFY_NONE; + else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE) + mode = MBEDTLS_SSL_VERIFY_UNSET; + else + mode = MBEDTLS_SSL_VERIFY_NONE; + + mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); + + if (ca_pm->load) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &ca_pm->x509_crt, NULL); + } + + if (pkey_pm->load) { + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &crt_pm->x509_crt, &pkey_pm->pkey); + if (ret) + return -1; + } + + return 0; +} + int ssl_pm_handshake(SSL *ssl) { int ret, mbed_ret; struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + mbed_ret = ssl_pm_reload_crt(ssl); + if (mbed_ret) + return 0; + ssl_speed_up_enter(); while((mbed_ret = mbedtls_ssl_handshake(&ssl_pm->ssl)) != 0) { if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) { @@ -475,33 +489,3 @@ long ssl_pm_get_verify_result(const SSL *ssl) return verify_result; } - -int ssl_pm_reload_crt(SSL *ssl) -{ - int ret; - int mode; - struct ssl_pm *ssl_pm = ssl->ssl_pm; - struct x509_pm *x509_pm; - struct pkey_pm *pkey_pm; - - x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm; - if (x509_pm->load) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - - mode = MBEDTLS_SSL_VERIFY_REQUIRED; - } else { - mode = MBEDTLS_SSL_VERIFY_NONE; - } - mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - - pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; - if (pkey_pm->load) { - x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; - - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); - if (ret) - return -1; - } - - return 0; -} From db9becfa744b651080c435eefe48adc0cf24cdba Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 13:38:11 +0800 Subject: [PATCH 21/52] components/openssl: free peer cert X509 object when SSL_free --- components/openssl/platform/ssl_pm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index cd29882dfa..b03aee3e37 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -149,6 +149,9 @@ void ssl_pm_free(SSL *ssl) mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); + ssl_free(ssl->session.peer); + ssl->session.peer = NULL; + ssl_free(ssl_pm); ssl->ssl_pm = NULL; } From 59bb9a9a011050c2a9af55c6da2f37a22337b527 Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 14:50:27 +0800 Subject: [PATCH 22/52] components/openssl: [TW7411] supply doxygen type note --- .../openssl/include/internal/ssl_cert.h | 17 +- .../openssl/include/internal/ssl_code.h | 1 + .../openssl/include/internal/ssl_methods.h | 18 + .../openssl/include/internal/ssl_pkey.h | 25 + .../openssl/include/internal/ssl_x509.h | 25 +- components/openssl/include/openssl/ssl.h | 953 +++++++++--------- components/openssl/library/ssl_cert.c | 24 +- components/openssl/library/ssl_lib.c | 677 +++---------- components/openssl/library/ssl_methods.c | 16 +- components/openssl/library/ssl_pkey.c | 113 +-- components/openssl/library/ssl_x509.c | 136 +-- components/openssl/platform/ssl_pm.c | 9 + 12 files changed, 782 insertions(+), 1232 deletions(-) diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h index 109012a194..b0bd09d480 100644 --- a/components/openssl/include/internal/ssl_cert.h +++ b/components/openssl/include/internal/ssl_cert.h @@ -17,7 +17,22 @@ #include "ssl_types.h" +/** + * @brief create a certification object include private key object + * + * @param none + * + * @return certification object point + */ CERT* ssl_cert_new(void); -void ssl_cert_free(CERT *c); + +/** + * @brief free a certification object + * + * @param cert - certification object point + * + * @return none + */ +void ssl_cert_free(CERT *cert); #endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index e76b35abe9..34107d432d 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -72,6 +72,7 @@ typedef enum { MSG_FLOW_FINISHED } MSG_FLOW_STATE; +/* SSL subsystem states */ typedef enum { TLS_ST_BEFORE, TLS_ST_OK, diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 244eec38dd..68737b4381 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -15,6 +15,9 @@ #ifndef _SSL_METHODS_H_ #define _SSL_METHODS_H_ +/** + * TLS method function implement + */ #define IMPLEMENT_TLS_METHOD_FUNC(func_name, \ new, free, \ handshake, shutdown, clear, \ @@ -89,7 +92,22 @@ return &func_name##_data; \ } +/** + * @brief get X509 object method + * + * @param none + * + * @return X509 object method point + */ const X509_METHOD* X509_method(void); + +/** + * @brief get private key object method + * + * @param none + * + * @return private key object method point + */ const PKEY_METHOD* EVP_PKEY_method(void); #endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index 34be294efe..d9a22ee02c 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -17,13 +17,38 @@ #include "ssl_types.h" +/** + * @brief create a private key object + * + * @param none + * + * @return private key object point + */ EVP_PKEY* EVP_PKEY_new(void); +/** + * @brief load a character key context into system context. If '*a' is pointed to the + * private key, then load key into it. Or create a new private key object + * + * @param type - private key type + * @param a - a point pointed to a private key point + * @param pp - a point pointed to the key context memory point + * @param length - key bytes + * + * @return private key object point + */ EVP_PKEY* d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); +/** + * @brief free a private key object + * + * @param pkey - private key object point + * + * @return none + */ void EVP_PKEY_free(EVP_PKEY *x); #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index ee3448544b..9359073b69 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -20,17 +20,34 @@ DEFINE_STACK_OF(X509_NAME) -/* - * sk_X509_NAME_new_null - create a X509 certification object +/** + * @brief create a X509 certification object * * @param none * - * @return X509 certification object point or NULL if failed + * @return X509 certification object point */ X509* X509_new(void); +/** + * @brief load a character certification context into system context. If '*cert' is pointed to the + * certification, then load certification into it. Or create a new X509 certification object + * + * @param cert - a point pointed to X509 certification + * @param buffer - a point pointed to the certification context memory point + * @param length - certification bytes + * + * @return X509 certification object point + */ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); -void X509_free(X509 *cert); +/** + * @brief free a X509 certification object + * + * @param x - X509 certification object point + * + * @return none + */ +void X509_free(X509 *x); #endif diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 865405d868..3f92a68d70 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -22,17 +22,17 @@ { */ -/* - * SSL_CTX_new - create a SSL context +/** + * @brief create a SSL context * * @param method - the SSL context method point * - * @return the context point, if create failed return NULL + * @return the context point */ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); -/* - * SSL_CTX_free - free a SSL context +/** + * @brief free a SSL context * * @param method - the SSL context point * @@ -40,17 +40,17 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); */ void SSL_CTX_free(SSL_CTX *ctx); -/* - * SSL_new - create a SSL +/** + * @brief create a SSL * * @param ctx - the SSL context point * - * @return the SSL point or NULL if failed + * @return the SSL point */ SSL* SSL_new(SSL_CTX *ctx); -/* - * SSL_free - free the SSL +/** + * @brief free the SSL * * @param ssl - the SSL point * @@ -58,58 +58,58 @@ SSL* SSL_new(SSL_CTX *ctx); */ void SSL_free(SSL *ssl); -/* - * SSL_connect - connect to the remote SSL server +/** + * @brief connect to the remote SSL server * * @param ssl - the SSL point * - * @return - * 1 : OK - * -1 : failed + * @return result + * 1 : OK + * -1 : failed */ int SSL_connect(SSL *ssl); -/* - * SSL_accept - accept the remote connection +/** + * @brief accept the remote connection * * @param ssl - the SSL point * - * @return - * 1 : OK - * -1 : failed + * @return result + * 1 : OK + * -1 : failed */ int SSL_accept(SSL *ssl); -/* - * SSL_read - read data from to remote +/** + * @brief read data from to remote * * @param ssl - the SSL point which has been connected * @param buffer - the received data buffer point * @param len - the received data length * - * @return - * > 0 : OK, and return received data bytes - * = 0 : connection is closed - * < 0 : an error catch + * @return result + * > 0 : OK, and return received data bytes + * = 0 : connection is closed + * < 0 : an error catch */ int SSL_read(SSL *ssl, void *buffer, int len); -/* - * SSL_write - send the data to remote +/** + * @brief send the data to remote * * @param ssl - the SSL point which has been connected * @param buffer - the send data buffer point * @param len - the send data length * - * @return - * > 0 : OK, and return sent data bytes - * = 0 : connection is closed - * < 0 : an error catch + * @return result + * > 0 : OK, and return sent data bytes + * = 0 : connection is closed + * < 0 : an error catch */ int SSL_write(SSL *ssl, const void *buffer, int len); -/* - * SSL_get_verify_result - get the verifying result of the SSL certification +/** + * @brief get the verifying result of the SSL certification * * @param ssl - the SSL point * @@ -117,56 +117,56 @@ int SSL_write(SSL *ssl, const void *buffer, int len); */ long SSL_get_verify_result(const SSL *ssl); -/* - * SSL_shutdown - shutdown the connection +/** + * @brief shutdown the connection * * @param ssl - the SSL point * - * @return - * 1 : OK - * 0 : shutdown is not finished - * -1 : an error catch + * @return result + * 1 : OK + * 0 : shutdown is not finished + * -1 : an error catch */ int SSL_shutdown(SSL *ssl); -/* - * SSL_set_fd - bind the socket file description into the SSL +/** + * @brief bind the socket file description into the SSL * * @param ssl - the SSL point * @param fd - socket handle * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_set_fd(SSL *ssl, int fd); -/* - * SSL_CTX_use_PrivateKey - These functions load the private key into the SSL_CTX or SSL object +/** + * @brief These functions load the private key into the SSL_CTX or SSL object * * @param ctx - the SSL context point * @param pkey - private key object point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -/* - * SSL_CTX_use_PrivateKey - These functions load the certification into the SSL_CTX or SSL object +/** + * @brief These functions load the certification into the SSL_CTX or SSL object * * @param ctx - the SSL context point * @param pkey - certification object point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -/* - * SSLv23_client_method - create the target SSL context client method +/** + * @brief create the target SSL context client method * * @param none * @@ -174,8 +174,8 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); */ const SSL_METHOD* SSLv23_client_method(void); -/* - * TLSv1_client_method - create the target SSL context client method +/** + * @brief create the target SSL context client method * * @param none * @@ -183,8 +183,8 @@ const SSL_METHOD* SSLv23_client_method(void); */ const SSL_METHOD* TLSv1_client_method(void); -/* - * SSLv3_client_method - create the target SSL context client method +/** + * @brief create the target SSL context client method * * @param none * @@ -192,8 +192,8 @@ const SSL_METHOD* TLSv1_client_method(void); */ const SSL_METHOD* SSLv3_client_method(void); -/* - * TLSv1_1_client_method - create the target SSL context client method +/** + * @brief create the target SSL context client method * * @param none * @@ -201,8 +201,8 @@ const SSL_METHOD* SSLv3_client_method(void); */ const SSL_METHOD* TLSv1_1_client_method(void); -/* - * TLSv1_1_client_method - create the target SSL context client method +/** + * @brief create the target SSL context client method * * @param none * @@ -211,8 +211,8 @@ const SSL_METHOD* TLSv1_1_client_method(void); const SSL_METHOD* TLSv1_2_client_method(void); -/* - * SSLv23_server_method - create the target SSL context server method +/** + * @brief create the target SSL context server method * * @param none * @@ -220,8 +220,8 @@ const SSL_METHOD* TLSv1_2_client_method(void); */ const SSL_METHOD* SSLv23_server_method(void); -/* - * TLSv1_1_server_method - create the target SSL context server method +/** + * @brief create the target SSL context server method * * @param none * @@ -229,8 +229,8 @@ const SSL_METHOD* SSLv23_server_method(void); */ const SSL_METHOD* TLSv1_1_server_method(void); -/* - * TLSv1_1_server_method - create the target SSL context server method +/** + * @brief create the target SSL context server method * * @param none * @@ -238,8 +238,8 @@ const SSL_METHOD* TLSv1_1_server_method(void); */ const SSL_METHOD* TLSv1_2_server_method(void); -/* - * TLSv1_server_method - create the target SSL context server method +/** + * @brief create the target SSL context server method * * @param none * @@ -247,8 +247,8 @@ const SSL_METHOD* TLSv1_2_server_method(void); */ const SSL_METHOD* TLSv1_server_method(void); -/* - * SSLv3_server_method - create the target SSL context server method +/** + * @brief create the target SSL context server method * * @param none * @@ -256,8 +256,8 @@ const SSL_METHOD* TLSv1_server_method(void); */ const SSL_METHOD* SSLv3_server_method(void); -/* - * SSL_CTX_set_alpn_select_cb - set the SSL context ALPN select callback function +/** + * @brief set the SSL context ALPN select callback function * * @param ctx - SSL context point * @param cb - ALPN select callback function @@ -275,21 +275,21 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void *arg); -/* - * SSL_CTX_set_alpn_protos - set the SSL context ALPN select protocol +/** + * @brief set the SSL context ALPN select protocol * * @param ctx - SSL context point * @param protos - ALPN protocol name * @param protos_len - ALPN protocol name bytes * - * @return - * 0 : OK - * 1 : failed + * @return result + * 0 : OK + * 1 : failed */ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); -/* - * SSL_CTX_set_next_proto_select_cb - set the SSL context next ALPN select callback function +/** + * @brief set the SSL context next ALPN select callback function * * @param ctx - SSL context point * @param cb - ALPN select callback function @@ -306,8 +306,8 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, void *arg), void *arg); -/* - * SSL_get_error - get SSL error code +/** + * @brief get SSL error code * * @param ssl - SSL point * @param ret_code - SSL return code @@ -316,8 +316,8 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, */ int SSL_get_error(const SSL *ssl, int ret_code); -/* - * ERR_clear_error - clear the SSL error code +/** + * @brief clear the SSL error code * * @param none * @@ -325,8 +325,8 @@ int SSL_get_error(const SSL *ssl, int ret_code); */ void ERR_clear_error(void); -/* - * ERR_get_error - get the current SSL error code +/** + * @brief get the current SSL error code * * @param none * @@ -334,8 +334,8 @@ void ERR_clear_error(void); */ int ERR_get_error(void); -/* - * ERR_load_SSL_strings - register the SSL error strings +/** + * @brief register the SSL error strings * * @param none * @@ -343,8 +343,8 @@ int ERR_get_error(void); */ void ERR_load_SSL_strings(void); -/* - * SSL_library_init - initialize the SSL library +/** + * @brief initialize the SSL library * * @param none * @@ -352,9 +352,9 @@ void ERR_load_SSL_strings(void); */ void SSL_library_init(void); -/* - * ERR_error_string - generates a human-readable string representing the error code e - * and store it into the "ret" point memory +/** + * @brief generates a human-readable string representing the error code e + * and store it into the "ret" point memory * * @param e - error code * @param ret - memory point to store the string @@ -363,8 +363,8 @@ void SSL_library_init(void); */ char *ERR_error_string(unsigned long e, char *ret); -/* - * SSL_CTX_set_options - add the SSL context option +/** + * @brief add the SSL context option * * @param ctx - SSL context point * @param opt - new SSL context option @@ -373,15 +373,15 @@ char *ERR_error_string(unsigned long e, char *ret); */ unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt); -/* - * SSL_CTX_set_options - add the SSL context mode +/** + * @brief add the SSL context mode * * @param ctx - SSL context point * @param mod - new SSL context mod * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); @@ -389,20 +389,20 @@ int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); } */ -/* - * SSL_do_handshake - perform the SSL handshake +/** + * @brief perform the SSL handshake * * @param ssl - SSL point * - * @return - * 1 : OK - * 0 : failed - * -1 : a error catch + * @return result + * 1 : OK + * 0 : failed + * -1 : a error catch */ int SSL_do_handshake(SSL *ssl); -/* - * SSL_get_version - get the SSL current version +/** + * @brief get the SSL current version * * @param ssl - SSL point * @@ -410,20 +410,20 @@ int SSL_do_handshake(SSL *ssl); */ const char *SSL_get_version(const SSL *ssl); -/* - * SSL_CTX_set_ssl_version - set the SSL context version +/** + * @brief set the SSL context version * * @param ctx - SSL context point * @param meth - SSL method point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -/* - * SSL_CTX_get_ssl_method - get the SSL context current method +/** + * @brief get the SSL context current method * * @param ctx - SSL context point * @@ -431,8 +431,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); */ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -/* - * SSL_CTX_get_ssl_method - get the SSL current method +/** + * @brief get the SSL current method * * @param ssl - SSL point * @@ -440,44 +440,44 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); */ const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); -/* - * SSL_set_ssl_method - set the SSL method +/** + * @brief set the SSL method * * @param ssl - SSL point * @param meth - SSL method point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); -/* - * SSL_add_client_CA - add CA client certification into the SSL +/** + * @brief add CA client certification into the SSL * * @param ssl - SSL point * @param x - CA certification point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_add_client_CA(SSL *ssl, X509 *x); -/* - * SSL_add_client_CA - add CA client certification into the SSL context +/** + * @brief add CA client certification into the SSL context * * @param ctx - SSL context point * @param x - CA certification point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); -/* - * SSL_set_client_CA_list - set the SSL CA certification list +/** + * @brief set the SSL CA certification list * * @param ssl - SSL point * @param name_list - CA certification list @@ -486,8 +486,8 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); */ void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); -/* - * SSL_CTX_set_client_CA_list - set the SSL context CA certification list +/** + * @brief set the SSL context CA certification list * * @param ctx - SSL context point * @param name_list - CA certification list @@ -496,8 +496,8 @@ void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); */ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -/* - * SSL_get_client_CA_list - get the SSL CA certification list +/** + * @briefget the SSL CA certification list * * @param ssl - SSL point * @@ -505,8 +505,8 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); */ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); -/* - * SSL_CTX_get_client_CA_list - get the SSL context CA certification list +/** + * @brief get the SSL context CA certification list * * @param ctx - SSL context point * @@ -514,8 +514,8 @@ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); */ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); -/* - * SSL_get_certificate - get the SSL certification point +/** + * @brief get the SSL certification point * * @param ssl - SSL point * @@ -523,8 +523,8 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); */ X509 *SSL_get_certificate(const SSL *ssl); -/* - * SSL_get_privatekey - get the SSL private key point +/** + * @brief get the SSL private key point * * @param ssl - SSL point * @@ -532,8 +532,8 @@ X509 *SSL_get_certificate(const SSL *ssl); */ EVP_PKEY *SSL_get_privatekey(const SSL *ssl); -/* - * SSL_set_info_callback - set the SSL information callback function +/** + * @brief set the SSL information callback function * * @param ssl - SSL point * @param cb - information callback function @@ -542,8 +542,8 @@ EVP_PKEY *SSL_get_privatekey(const SSL *ssl); */ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); -/* - * SSL_get_state - get the SSL state +/** + * @brief get the SSL state * * @param ssl - SSL point * @@ -551,8 +551,8 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int v */ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); -/* - * SSL_CTX_set_default_read_buffer_len - set the SSL context read buffer length +/** + * @brief set the SSL context read buffer length * * @param ctx - SSL context point * @param len - read buffer length @@ -561,8 +561,8 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); */ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); -/* - * SSL_set_default_read_buffer_len - set the SSL read buffer length +/** + * @brief set the SSL read buffer length * * @param ssl - SSL point * @param len - read buffer length @@ -571,8 +571,8 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); */ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); -/* - * SSL_set_security_level - set the SSL security level +/** + * @brief set the SSL security level * * @param ssl - SSL point * @param level - security level @@ -581,8 +581,8 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); */ void SSL_set_security_level(SSL *ssl, int level); -/* - * SSL_get_security_level - get the SSL security level +/** + * @brief get the SSL security level * * @param ssl - SSL point * @@ -590,8 +590,8 @@ void SSL_set_security_level(SSL *ssl, int level); */ int SSL_get_security_level(const SSL *ssl); -/* - * SSL_CTX_get_verify_mode - get the SSL verifying mode of the SSL context +/** + * @brief get the SSL verifying mode of the SSL context * * @param ctx - SSL context point * @@ -599,8 +599,8 @@ int SSL_get_security_level(const SSL *ssl); */ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -/* - * SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context +/** + * @brief get the SSL verifying depth of the SSL context * * @param ctx - SSL context point * @@ -608,8 +608,8 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); */ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -/* - * SSL_CTX_set_verify - set the SSL context verifying of the SSL context +/** + * @brief set the SSL context verifying of the SSL context * * @param ctx - SSL context point * @param mode - verifying mode @@ -619,8 +619,8 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); */ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); -/* - * SSL_set_verify - set the SSL verifying of the SSL context +/** + * @brief set the SSL verifying of the SSL context * * @param ctx - SSL point * @param mode - verifying mode @@ -630,18 +630,18 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509 */ void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); -/* - * SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context +/** + * @brief set the SSL verify depth of the SSL context * * @param ctx - SSL context point * @param depth - verifying depth * - * @return one + * @return none */ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); -/* - * verify_callback - certification verifying callback function +/** + * @brief certification verifying callback function * * @param preverify_ok - verifying result * @param x509_ctx - X509 certification point @@ -650,8 +650,8 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); */ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); -/* - * SSL_CTX_set_timeout - set the session timeout time +/** + * @brief set the session timeout time * * @param ctx - SSL context point * @param t - new session timeout time @@ -660,8 +660,8 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); */ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -/* - * SSL_CTX_get_timeout - get the session timeout time +/** + * @brief get the session timeout time * * @param ctx - SSL context point * @@ -669,32 +669,32 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); */ long SSL_CTX_get_timeout(const SSL_CTX *ctx); -/* - * SSL_CTX_set_cipher_list - set the SSL context cipher through the list string +/** + * @brief set the SSL context cipher through the list string * * @param ctx - SSL context point * @param str - cipher controller list string * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); -/* - * SSL_set_cipher_list - set the SSL cipher through the list string +/** + * @brief set the SSL cipher through the list string * * @param ssl - SSL point * @param str - cipher controller list string * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_set_cipher_list(SSL *ssl, const char *str); -/* - * SSL_get_cipher_list - get the SSL cipher list string +/** + * @brief get the SSL cipher list string * * @param ssl - SSL point * @@ -702,8 +702,8 @@ int SSL_set_cipher_list(SSL *ssl, const char *str); */ const char *SSL_get_cipher_list(const SSL *ssl, int n); -/* - * SSL_get_current_cipher - get the SSL cipher +/** + * @brief get the SSL cipher * * @param ssl - SSL point * @@ -711,8 +711,8 @@ const char *SSL_get_cipher_list(const SSL *ssl, int n); */ const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); -/* - * SSL_get_cipher - get the SSL cipher string +/** + * @brief get the SSL cipher string * * @param ssl - SSL point * @@ -720,8 +720,8 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); */ const char *SSL_get_cipher(const SSL *ssl); -/* - * SSL_CTX_get_cert_store - get the SSL context object X509 certification storage +/** + * @brief get the SSL context object X509 certification storage * * @param ctx - SSL context point * @@ -729,8 +729,8 @@ const char *SSL_get_cipher(const SSL *ssl); */ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); -/* - * SSL_CTX_set_cert_store - set the SSL context object X509 certification store +/** + * @brief set the SSL context object X509 certification store * * @param ctx - SSL context point * @param store - X509 certification store @@ -739,8 +739,8 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); */ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); -/* - * SSL_want - get the SSL specifical statement +/** + * @brief get the SSL specifical statement * * @param ssl - SSL point * @@ -748,63 +748,63 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); */ int SSL_want(const SSL *ssl); -/* - * SSL_want_x509_lookup - check if the SSL is SSL_X509_LOOKUP state +/** + * @brief check if the SSL is SSL_X509_LOOKUP state * * @param ssl - SSL point * - * @return - * 1 : yes - * 0 : no + * @return result + * 1 : OK + * 0 : failed */ int SSL_want_x509_lookup(const SSL *ssl); -/* - * SSL_clear - reset the SSL +/** + * @brief reset the SSL * * @param ssl - SSL point * - * @return - * 1 : yes - * 0 : no + * @return result + * 1 : OK + * 0 : failed */ int SSL_clear(SSL *ssl); -/* - * SSL_get_fd - get the socket handle of the SSL +/** + * @brief get the socket handle of the SSL * * @param ssl - SSL point * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch */ int SSL_get_fd(const SSL *ssl); -/* - * SSL_get_rfd - get the read only socket handle of the SSL +/** + * @brief get the read only socket handle of the SSL * * @param ssl - SSL point * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch */ int SSL_get_rfd(const SSL *ssl); -/* - * SSL_get_wfd - get the write only socket handle of the SSL +/** + * @brief get the write only socket handle of the SSL * * @param ssl - SSL point * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch */ int SSL_get_wfd(const SSL *ssl); -/* - * SSL_set_read_ahead - set the SSL if we can read as many as data +/** + * @brief set the SSL if we can read as many as data * * @param ssl - SSL point * @param yes - enable the function @@ -813,8 +813,8 @@ int SSL_get_wfd(const SSL *ssl); */ void SSL_set_read_ahead(SSL *s, int yes); -/* - * SSL_set_read_ahead - set the SSL context if we can read as many as data +/** + * @brief set the SSL context if we can read as many as data * * @param ctx - SSL context point * @param yes - enbale the function @@ -823,8 +823,8 @@ void SSL_set_read_ahead(SSL *s, int yes); */ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); -/* - * SSL_set_read_ahead - get the SSL ahead signal if we can read as many as data +/** + * @brief get the SSL ahead signal if we can read as many as data * * @param ssl - SSL point * @@ -832,8 +832,8 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); */ int SSL_get_read_ahead(const SSL *ssl); -/* - * SSL_set_read_ahead - get the SSL context ahead signal if we can read as many as data +/** + * @brief get the SSL context ahead signal if we can read as many as data * * @param ctx - SSL context point * @@ -841,8 +841,8 @@ int SSL_get_read_ahead(const SSL *ssl); */ long SSL_CTX_get_read_ahead(SSL_CTX *ctx); -/* - * SSL_has_pending - check if some data can be read +/** + * @brief check if some data can be read * * @param ssl - SSL point * @@ -852,160 +852,160 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx); */ int SSL_has_pending(const SSL *ssl); -/* - * SSL_CTX_use_certificate - load the X509 certification into SSL context +/** + * @brief load the X509 certification into SSL context * * @param ctx - SSL context point * @param x - X509 certification point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx -/* - * SSL_CTX_use_certificate_ASN1 - load the ASN1 certification into SSL context +/** + * @brief load the ASN1 certification into SSL context * * @param ctx - SSL context point * @param len - certification length * @param d - data point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); -/* - * SSL_CTX_use_certificate_file - load the certification file into SSL context +/** + * @brief load the certification file into SSL context * * @param ctx - SSL context point * @param file - certification file name * @param type - certification encoding type * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -/* - * SSL_CTX_use_certificate_chain_file - load the certification chain file into SSL context +/** + * @brief load the certification chain file into SSL context * * @param ctx - SSL context point * @param file - certification chain file name * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); -/* - * SSL_CTX_use_certificate_ASN1 - load the ASN1 private key into SSL context +/** + * @brief load the ASN1 private key into SSL context * * @param ctx - SSL context point * @param d - data point * @param len - private key length * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx -/* - * SSL_CTX_use_certificate_file - load the private key file into SSL context +/** + * @brief load the private key file into SSL context * * @param ctx - SSL context point * @param file - private key file name * @param type - private key encoding type * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -/* - * SSL_CTX_use_certificate - load the RSA private key into SSL context +/** + * @brief load the RSA private key into SSL context * * @param ctx - SSL context point * @param x - RSA private key point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -/* - * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context +/** + * @brief load the RSA ASN1 private key into SSL context * * @param ctx - SSL context point * @param d - data point * @param len - RSA private key length * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); -/* - * SSL_CTX_use_certificate_file - load the RSA private key file into SSL context +/** + * @brief load the RSA private key file into SSL context * * @param ctx - SSL context point * @param file - RSA private key file name * @param type - private key encoding type * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -/* - * SSL_CTX_check_private_key - check if the private key and certification is matched +/** + * @brief check if the private key and certification is matched * * @param ctx - SSL context point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_check_private_key(const SSL_CTX *ctx); -/* - * SSL_CTX_use_serverinfo - set the SSL context server information +/** + * @brief set the SSL context server information * * @param ctx - SSL context point * @param serverinfo - server information string * @param serverinfo_length - server information length * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); -/* - * SSL_CTX_use_serverinfo - load the SSL context server infomation file into SSL context +/** + * @brief load the SSL context server infomation file into SSL context * * @param ctx - SSL context point * @param file - server information file * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -/* - * SSL_select_next_proto - SSL select next function +/** + * @brief SSL select next function * * @param out - point of output data point * @param outlen - output data length @@ -1014,7 +1014,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); * @param client - client data point * @param client_len -client data length * - * @return + * @return NPN state * OPENSSL_NPN_UNSUPPORTED : not support * OPENSSL_NPN_NEGOTIATED : negotiated * OPENSSL_NPN_NO_OVERLAP : no overlap @@ -1023,34 +1023,34 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -/* - * SSL_CTX_add_extra_chain_cert - load the extra certification chain into the SSL context +/** + * @brief load the extra certification chain into the SSL context * * @param ctx - SSL context point * @param x509 - X509 certification * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *); -/* - * SSL_CTX_ctrl - control the SSL context +/** + * @brief control the SSL context * * @param ctx - SSL context point * @param cmd - command * @param larg - parameter length * @param parg - parameter point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); -/* - * SSL_CTX_get_ciphers - get the SSL context cipher +/** + * @brief get the SSL context cipher * * @param ctx - SSL context point * @@ -1058,19 +1058,19 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); */ STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx); -/* - * SSL_CTX_get_ciphers - check if the SSL context can read as many as data +/** + * @brief check if the SSL context can read as many as data * * @param ctx - SSL context point * - * @return - * 1 : Yes - * 0 : No + * @return result + * 1 : OK + * 0 : failed */ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); -/* - * SSL_CTX_get_ex_data - get the SSL context extra data +/** + * @brief get the SSL context extra data * * @param ctx - SSL context point * @param idx - index @@ -1079,8 +1079,8 @@ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); */ char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); -/* - * SSL_CTX_get_quiet_shutdown - get the SSL context quiet shutdown option +/** + * @brief get the SSL context quiet shutdown option * * @param ctx - SSL context point * @@ -1088,44 +1088,44 @@ char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); */ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); -/* - * SSL_CTX_get_quiet_shutdown - load the SSL context CA file +/** + * @brief load the SSL context CA file * * @param ctx - SSL context point * @param CAfile - CA certification file * @param CApath - CA certification file path * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); -/* - * SSL_CTX_up_ref - add SSL context reference count by '1' +/** + * @brief add SSL context reference count by '1' * * @param ctx - SSL context point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_up_ref(SSL_CTX *ctx); -/* - * SSL_CTX_set_app_data - set SSL context application private data +/** + * @brief set SSL context application private data * * @param ctx - SSL context point * @param arg - private data * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); -/* - * SSL_CTX_set_client_cert_cb - set SSL context client certification callback function +/** + * @brief set SSL context client certification callback function * * @param ctx - SSL context point * @param cb - callback function @@ -1134,8 +1134,8 @@ int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); */ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); -/* - * SSL_CTX_set_default_read_ahead - set the SSL context if we can read as many as data +/** + * @brief set the SSL context if we can read as many as data * * @param ctx - SSL context point * @param m - enable the fuction @@ -1144,54 +1144,54 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, E */ void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); -/* - * SSL_CTX_set_default_verify_paths - set SSL context default verifying path +/** + * @brief set SSL context default verifying path * * @param ctx - SSL context point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -/* - * SSL_CTX_set_default_verify_paths - set SSL context default verifying directory +/** + * @brief set SSL context default verifying directory * * @param ctx - SSL context point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); -/* - * SSL_CTX_set_default_verify_paths - set SSL context default verifying file +/** + * @brief set SSL context default verifying file * * @param ctx - SSL context point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); -/* - * SSL_CTX_set_ex_data - set SSL context extra data +/** + * @brief set SSL context extra data * * @param ctx - SSL context point * @param idx - data index * @param arg - data point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); -/* - * SSL_CTX_clear_options - clear the SSL context option bit of "op" +/** + * @brief clear the SSL context option bit of "op" * * @param ctx - SSL context point * @param op - option @@ -1200,8 +1200,8 @@ int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); */ unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); -/* - * SSL_CTX_clear_options - get the SSL context option +/** + * @brief get the SSL context option * * @param ctx - SSL context point * @param op - option @@ -1210,8 +1210,8 @@ unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); */ unsigned long SSL_CTX_get_options(SSL_CTX *ctx); -/* - * SSL_CTX_set_quiet_shutdown - set the SSL context quiet shutdown mode +/** + * @brief set the SSL context quiet shutdown mode * * @param ctx - SSL context point * @param mode - mode @@ -1220,8 +1220,8 @@ unsigned long SSL_CTX_get_options(SSL_CTX *ctx); */ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -/* - * SSL_CTX_get0_certificate - get the SSL context X509 certification +/** + * @brief get the SSL context X509 certification * * @param ctx - SSL context point * @@ -1229,8 +1229,8 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); */ X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); -/* - * SSL_CTX_get0_certificate - get the SSL context private key +/** + * @brief get the SSL context private key * * @param ctx - SSL context point * @@ -1238,32 +1238,33 @@ X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); */ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); -/* - * SSL_CTX_use_psk_identity_hint - set SSL context PSK identity hint +/** + * @brief set SSL context PSK identity hint * * @param ctx - SSL context point * @param hint - PSK identity hint * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); -/* - * SSL_CTX_set_psk_server_callback - set SSL context PSK server callback function +/** + * @brief set SSL context PSK server callback function * * @param ctx - SSL context point * @param callback - callback function * + * @return none */ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)); -/* - * SSL_alert_desc_string - get alert description string +/** + * @brief get alert description string * * @param value - alert value * @@ -1271,8 +1272,8 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, */ const char *SSL_alert_desc_string(int value); -/* - * SSL_alert_desc_string - get alert description long string +/** + * @brief get alert description long string * * @param value - alert value * @@ -1280,8 +1281,8 @@ const char *SSL_alert_desc_string(int value); */ const char *SSL_alert_desc_string_long(int value); -/* - * SSL_alert_type_string - get alert type string +/** + * @brief get alert type string * * @param value - alert value * @@ -1289,8 +1290,8 @@ const char *SSL_alert_desc_string_long(int value); */ const char *SSL_alert_type_string(int value); -/* - * SSL_alert_type_string_long - get alert type long string +/** + * @brief get alert type long string * * @param value - alert value * @@ -1298,8 +1299,8 @@ const char *SSL_alert_type_string(int value); */ const char *SSL_alert_type_string_long(int value); -/* - * SSL_get_SSL_CTX - get SSL context of the SSL +/** + * @brief get SSL context of the SSL * * @param ssl - SSL point * @@ -1307,8 +1308,8 @@ const char *SSL_alert_type_string_long(int value); */ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -/* - * SSL_get_app_data - get SSL application data +/** + * @brief get SSL application data * * @param ssl - SSL point * @@ -1316,8 +1317,8 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); */ char *SSL_get_app_data(SSL *ssl); -/* - * SSL_get_cipher_bits - get SSL cipher bits +/** + * @brief get SSL cipher bits * * @param ssl - SSL point * @param alg_bits - algorithm bits @@ -1326,8 +1327,8 @@ char *SSL_get_app_data(SSL *ssl); */ int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); -/* - * SSL_get_cipher_name - get SSL cipher name +/** + * @brief get SSL cipher name * * @param ssl - SSL point * @@ -1335,8 +1336,8 @@ int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); */ char *SSL_get_cipher_name(const SSL *ssl); -/* - * SSL_get_cipher_version - get SSL cipher version +/** + * @brief get SSL cipher version * * @param ssl - SSL point * @@ -1344,8 +1345,8 @@ char *SSL_get_cipher_name(const SSL *ssl); */ char *SSL_get_cipher_version(const SSL *ssl); -/* - * SSL_get_ex_data - get SSL extra data +/** + * @brief get SSL extra data * * @param ssl - SSL point * @param idx - data index @@ -1354,8 +1355,8 @@ char *SSL_get_cipher_version(const SSL *ssl); */ char *SSL_get_ex_data(const SSL *ssl, int idx); -/* - * SSL_get_ex_data_X509_STORE_CTX_idx - get index of the SSL extra data X509 storage context +/** + * @brief get index of the SSL extra data X509 storage context * * @param none * @@ -1363,8 +1364,8 @@ char *SSL_get_ex_data(const SSL *ssl, int idx); */ int SSL_get_ex_data_X509_STORE_CTX_idx(void); -/* - * SSL_get_peer_cert_chain - get peer certification chain +/** + * @brief get peer certification chain * * @param ssl - SSL point * @@ -1372,8 +1373,8 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void); */ STACK *SSL_get_peer_cert_chain(const SSL *ssl); -/* - * SSL_get_peer_certificate - get peer certification +/** + * @brief get peer certification * * @param ssl - SSL point * @@ -1381,8 +1382,8 @@ STACK *SSL_get_peer_cert_chain(const SSL *ssl); */ X509 *SSL_get_peer_certificate(const SSL *ssl); -/* - * SSL_get_quiet_shutdown - get SSL quiet shutdown mode +/** + * @brief get SSL quiet shutdown mode * * @param ssl - SSL point * @@ -1390,8 +1391,8 @@ X509 *SSL_get_peer_certificate(const SSL *ssl); */ int SSL_get_quiet_shutdown(const SSL *ssl); -/* - * SSL_get_rbio - get SSL read only IO handle +/** + * @brief get SSL read only IO handle * * @param ssl - SSL point * @@ -1399,19 +1400,19 @@ int SSL_get_quiet_shutdown(const SSL *ssl); */ BIO *SSL_get_rbio(const SSL *ssl); -/* - * SSL_get_shared_ciphers - get SSL shared ciphers +/** + * @brief get SSL shared ciphers * * @param ssl - SSL point * @param buf - buffer to store the ciphers * @param len - buffer len * - * @return shared ciphers or NULL if failed + * @return shared ciphers */ char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); -/* - * SSL_get_shutdown - get SSL shutdown mode +/** + * @brief get SSL shutdown mode * * @param ssl - SSL point * @@ -1419,8 +1420,8 @@ char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); */ int SSL_get_shutdown(const SSL *ssl); -/* - * SSL_get_time - get SSL session time +/** + * @brief get SSL session time * * @param ssl - SSL point * @@ -1428,8 +1429,8 @@ int SSL_get_shutdown(const SSL *ssl); */ long SSL_get_time(const SSL *ssl); -/* - * SSL_get_timeout - get SSL session timeout time +/** + * @brief get SSL session timeout time * * @param ssl - SSL point * @@ -1437,8 +1438,8 @@ long SSL_get_time(const SSL *ssl); */ long SSL_get_timeout(const SSL *ssl); -/* - * SSL_get_verify_mode - get SSL verifying mode +/** + * @brief get SSL verifying mode * * @param ssl - SSL point * @@ -1446,8 +1447,8 @@ long SSL_get_timeout(const SSL *ssl); */ int SSL_get_verify_mode(const SSL *ssl); -/* - * SSL_get_wbio - get SSL write only IO handle +/** + * @brief get SSL write only IO handle * * @param ssl - SSL point * @@ -1455,8 +1456,8 @@ int SSL_get_verify_mode(const SSL *ssl); */ BIO *SSL_get_wbio(const SSL *ssl); -/* - * SSL_load_client_CA_file - load SSL client CA certification file +/** + * @brief load SSL client CA certification file * * @param file - file name * @@ -1464,44 +1465,44 @@ BIO *SSL_get_wbio(const SSL *ssl); */ STACK *SSL_load_client_CA_file(const char *file); -/* - * SSL_up_ref - add SSL reference by '1' +/** + * @brief add SSL reference by '1' * * @param ssl - SSL point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_up_ref(SSL *ssl); -/* - * SSL_peek - read and put data into buf, but not clear the SSL low-level storage +/** + * @brief read and put data into buf, but not clear the SSL low-level storage * * @param ssl - SSL point * @param buf - storage buffer point * @param num - data bytes * - * @return - * > 0 : OK, and return read bytes - * = 0 : connect is closed - * < 0 : a error catch + * @return result + * > 0 : OK, and return read bytes + * = 0 : connect is closed + * < 0 : a error catch */ int SSL_peek(SSL *ssl, void *buf, int num); -/* - * SSL_renegotiate - make SSL renegotiate +/** + * @brief make SSL renegotiate * * @param ssl - SSL point * - * @return - * 1 : OK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_renegotiate(SSL *ssl); -/* - * SSL_rstate_string - get the state string where SSL is reading +/** + * @brief get the state string where SSL is reading * * @param ssl - SSL point * @@ -1509,8 +1510,8 @@ int SSL_renegotiate(SSL *ssl); */ const char *SSL_rstate_string(SSL *ssl); -/* - * SSL_rstate_string_long - get the statement long string where SSL is reading +/** + * @brief get the statement long string where SSL is reading * * @param ssl - SSL point * @@ -1518,8 +1519,8 @@ const char *SSL_rstate_string(SSL *ssl); */ const char *SSL_rstate_string_long(SSL *ssl); -/* - * SSL_set_accept_state - set SSL accept statement +/** + * @brief set SSL accept statement * * @param ssl - SSL point * @@ -1527,8 +1528,8 @@ const char *SSL_rstate_string_long(SSL *ssl); */ void SSL_set_accept_state(SSL *ssl); -/* - * SSL_set_app_data - set SSL application data +/** + * @brief set SSL application data * * @param ssl - SSL point * @param arg - SSL application data point @@ -1537,8 +1538,8 @@ void SSL_set_accept_state(SSL *ssl); */ void SSL_set_app_data(SSL *ssl, char *arg); -/* - * SSL_set_bio - set SSL BIO +/** + * @brief set SSL BIO * * @param ssl - SSL point * @param rbio - read only IO @@ -1548,8 +1549,8 @@ void SSL_set_app_data(SSL *ssl, char *arg); */ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); -/* - * SSL_clear_options - clear SSL option +/** + * @brief clear SSL option * * @param ssl - SSL point * @param op - clear option @@ -1558,8 +1559,8 @@ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); */ unsigned long SSL_clear_options(SSL *ssl, unsigned long op); -/* - * SSL_clear_options - get SSL option +/** + * @brief get SSL option * * @param ssl - SSL point * @@ -1567,8 +1568,8 @@ unsigned long SSL_clear_options(SSL *ssl, unsigned long op); */ unsigned long SSL_get_options(SSL *ssl); -/* - * SSL_clear_options - clear SSL option +/** + * @brief clear SSL option * * @param ssl - SSL point * @param op - setting option @@ -1577,8 +1578,8 @@ unsigned long SSL_get_options(SSL *ssl); */ unsigned long SSL_set_options(SSL *ssl, unsigned long op); -/* - * SSL_set_quiet_shutdown - set SSL quiet shutdown mode +/** + * @brief set SSL quiet shutdown mode * * @param ssl - SSL point * @param mode - quiet shutdown mode @@ -1587,8 +1588,8 @@ unsigned long SSL_set_options(SSL *ssl, unsigned long op); */ void SSL_set_quiet_shutdown(SSL *ssl, int mode); -/* - * SSL_set_quiet_shutdown - set SSL shutdown mode +/** + * @brief set SSL shutdown mode * * @param ssl - SSL point * @param mode - shutdown mode @@ -1597,8 +1598,8 @@ void SSL_set_quiet_shutdown(SSL *ssl, int mode); */ void SSL_set_shutdown(SSL *ssl, int mode); -/* - * SSL_set_time - set SSL session time +/** + * @brief set SSL session time * * @param ssl - SSL point * @param t - session time @@ -1607,8 +1608,8 @@ void SSL_set_shutdown(SSL *ssl, int mode); */ void SSL_set_time(SSL *ssl, long t); -/* - * SSL_set_time - set SSL session timeout time +/** + * @brief set SSL session timeout time * * @param ssl - SSL point * @param t - session timeout time @@ -1617,8 +1618,8 @@ void SSL_set_time(SSL *ssl, long t); */ void SSL_set_timeout(SSL *ssl, long t); -/* - * SSL_state_string - get SSL statement string +/** + * @brief get SSL statement string * * @param ssl - SSL point * @@ -1626,8 +1627,8 @@ void SSL_set_timeout(SSL *ssl, long t); */ char *SSL_state_string(const SSL *ssl); -/* - * SSL_state_string_long - get SSL statement long string +/** + * @brief get SSL statement long string * * @param ssl - SSL point * @@ -1635,8 +1636,8 @@ char *SSL_state_string(const SSL *ssl); */ char *SSL_state_string_long(const SSL *ssl); -/* - * SSL_total_renegotiations - get SSL renegotiation count +/** + * @brief get SSL renegotiation count * * @param ssl - SSL point * @@ -1644,8 +1645,8 @@ char *SSL_state_string_long(const SSL *ssl); */ long SSL_total_renegotiations(SSL *ssl); -/* - * SSL_version - get SSL version +/** + * @brief get SSL version * * @param ssl - SSL point * @@ -1653,20 +1654,20 @@ long SSL_total_renegotiations(SSL *ssl); */ int SSL_version(const SSL *ssl); -/* - * SSL_use_psk_identity_hint - set SSL PSK identity hint +/** + * @brief set SSL PSK identity hint * * @param ssl - SSL point * @param hint - identity hint * - * @return - * 1 : oK - * 0 : failed + * @return result + * 1 : OK + * 0 : failed */ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); -/* - * SSL_get_psk_identity_hint - get SSL PSK identity hint +/** + * @brief get SSL PSK identity hint * * @param ssl - SSL point * @@ -1674,8 +1675,8 @@ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); */ const char *SSL_get_psk_identity_hint(SSL *ssl); -/* - * SSL_get_psk_identity - get SSL PSK identity +/** + * @brief get SSL PSK identity * * @param ssl - SSL point * diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 2d82e62aaa..fd05bc8315 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -18,12 +18,8 @@ #include "ssl_dbg.h" #include "ssl_port.h" -/* - * ssl_cert_new - create a certification object include private key object - * - * @param none - * - * @return certification object point or NULL if failed +/** + * @brief create a certification object include private key object */ CERT *ssl_cert_new(void) { @@ -51,18 +47,14 @@ failed1: return NULL; } -/* - * ssl_cert_free - free a certification object - * - * @param c - certification object point - * - * @return none +/** + * @brief free a certification object */ -void ssl_cert_free(CERT *c) +void ssl_cert_free(CERT *cert) { - X509_free(c->x509); + X509_free(cert->x509); - EVP_PKEY_free(c->pkey); + EVP_PKEY_free(cert->pkey); - ssl_free(c); + ssl_free(cert); } diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ae517b0a40..a84b89e06c 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -21,14 +21,8 @@ #define SSL_SEND_DATA_MAX_LENGTH 1460 -/* - * ossl_statem_in_error - Discover whether the current connection is in the error state - * - * @param ssl - SSL point - * - * @return - * 1 : Yes - * 0 : no +/** + * @brief Discover whether the current connection is in the error state */ int ossl_statem_in_error(const SSL *ssl) { @@ -38,81 +32,48 @@ int ossl_statem_in_error(const SSL *ssl) return 0; } -/* - * SSL_want - get the SSL specifical statement - * - * @param ssl - SSL point - * - * @return specifical statement +/** + * @brief get the SSL specifical statement */ int SSL_want(const SSL *ssl) { return ssl->rwstate; } -/* - * SSL_want_nothing - check if SSL want nothing - * - * @param ssl - SSL point - * - * @return - * 1 : yes - * 0 : no +/** + * @brief check if SSL want nothing */ int SSL_want_nothing(const SSL *ssl) { return (SSL_want(ssl) == SSL_NOTHING); } -/* - * SSL_want_read - check if SSL want to read - * - * @param ssl - SSL point - * - * @return - * 1 : yes - * 0 : no +/** + * @brief check if SSL want to read */ int SSL_want_read(const SSL *ssl) { return (SSL_want(ssl) == SSL_READING); } -/* - * SSL_want_read - check if SSL want to write - * - * @param ssl - SSL point - * - * @return - * 1 : yes - * 0 : no +/** + * @brief check if SSL want to write */ int SSL_want_write(const SSL *ssl) { return (SSL_want(ssl) == SSL_WRITING); } -/* - * SSL_want_read - check if SSL want to lookup X509 certification - * - * @param ssl - SSL point - * - * @return - * 1 : yes - * 0 : no +/** + * @brief check if SSL want to lookup X509 certification */ int SSL_want_x509_lookup(const SSL *ssl) { return (SSL_want(ssl) == SSL_WRITING); } -/* - * SSL_get_error - get SSL error code - * - * @param ssl - SSL point - * @param ret_code - SSL return code - * - * @return SSL error number +/** + * @brief get SSL error code */ int SSL_get_error(const SSL *ssl, int ret_code) { @@ -142,12 +103,8 @@ int SSL_get_error(const SSL *ssl, int ret_code) return ret; } -/* - * SSL_get_state - get the SSL state - * - * @param ssl - SSL point - * - * @return SSL state +/** + * @brief get the SSL state */ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) { @@ -160,12 +117,8 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) return state; } -/* - * SSL_CTX_new - create a SSL context - * - * @param method - the SSL context configuration file - * - * @return the context point, if create failed return NULL +/** + * @brief create a SSL context */ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) { @@ -203,12 +156,8 @@ go_failed1: return NULL; } -/* - * SSL_CTX_free - free a SSL context - * - * @param method - the SSL context point - * - * @return none +/** + * @brief free a SSL context */ void SSL_CTX_free(SSL_CTX* ctx) { @@ -221,15 +170,8 @@ void SSL_CTX_free(SSL_CTX* ctx) ssl_free(ctx); } -/* - * SSL_CTX_set_ssl_version - set the SSL context version - * - * @param ctx - SSL context point - * @param meth - SSL method point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL context version */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { @@ -243,12 +185,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) return 1; } -/* - * SSL_CTX_get_ssl_method - get the SSL context current method - * - * @param ctx - SSL context point - * - * @return the SSL context current method +/** + * @brief get the SSL context current method */ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { @@ -257,12 +195,8 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) return ctx->method; } -/* - * SSL_new - create a SSL - * - * @param ctx - the SSL context point - * - * @return the SSL point or NULL if failed +/** + * @brief create a SSL */ SSL *SSL_new(SSL_CTX *ctx) { @@ -300,12 +234,8 @@ failed1: return NULL; } -/* - * SSL_free - free the SSL - * - * @param ssl - the SSL point - * - * @return none +/** + * @brief free the SSL */ void SSL_free(SSL *ssl) { @@ -322,15 +252,8 @@ void SSL_free(SSL *ssl) ssl_free(ssl); } -/* - * SSL_do_handshake - perform the SSL handshake - * - * @param ssl - SSL point - * - * @return - * 1 : OK - * 0 : failed - * -1 : a error catch +/** + * @brief perform the SSL handshake */ int SSL_do_handshake(SSL *ssl) { @@ -343,14 +266,8 @@ int SSL_do_handshake(SSL *ssl) return ret; } -/* - * SSL_connect - connect to the remote SSL server - * - * @param ssl - the SSL point - * - * @return - * 1 : OK - * -1 : failed +/** + * @brief connect to the remote SSL server */ int SSL_connect(SSL *ssl) { @@ -359,14 +276,8 @@ int SSL_connect(SSL *ssl) return SSL_do_handshake(ssl); } -/* - * SSL_accept - accept the remote connection - * - * @param ssl - the SSL point - * - * @return - * 1 : OK - * -1 : failed +/** + * @brief accept the remote connection */ int SSL_accept(SSL *ssl) { @@ -375,15 +286,8 @@ int SSL_accept(SSL *ssl) return SSL_do_handshake(ssl); } -/* - * SSL_shutdown - shutdown the connection - * - * @param ssl - the SSL point - * - * @return - * 1 : OK - * 0 : shutdown is not finished - * -1 : an error catch +/** + * @brief shutdown the connection */ int SSL_shutdown(SSL *ssl) { @@ -398,14 +302,8 @@ int SSL_shutdown(SSL *ssl) return ret; } -/* - * SSL_clear - reset the SSL - * - * @param ssl - SSL point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief reset the SSL */ int SSL_clear(SSL *ssl) { @@ -429,17 +327,8 @@ go_failed1: return ret; } -/* - * SSL_read - read data from to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the received data buffer point - * @param len - the received data length - * - * @return - * > 0 : OK, and return received data bytes - * = 0 : connection is closed - * < 0 : an error catch +/** + * @brief read data from to remote */ int SSL_read(SSL *ssl, void *buffer, int len) { @@ -458,17 +347,8 @@ int SSL_read(SSL *ssl, void *buffer, int len) return ret; } -/* - * SSL_write - send the data to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the send data buffer point - * @param len - the send data length - * - * @return - * > 0 : OK, and return sent data bytes - * = 0 : connection is closed - * < 0 : an error catch +/** + * @brief send the data to remote */ int SSL_write(SSL *ssl, const void *buffer, int len) { @@ -511,12 +391,8 @@ int SSL_write(SSL *ssl, const void *buffer, int len) return ret; } -/* - * SSL_get_SSL_CTX - get SSL context of the SSL - * - * @param ssl - SSL point - * - * @return SSL context +/** + * @brief get SSL context of the SSL */ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { @@ -525,12 +401,8 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) return ssl->ctx; } -/* - * SSL_CTX_get_ssl_method - get the SSL current method - * - * @param ssl - SSL point - * - * @return the SSL current method +/** + * @brief get the SSL current method */ const SSL_METHOD *SSL_get_ssl_method(SSL *ssl) { @@ -539,15 +411,8 @@ const SSL_METHOD *SSL_get_ssl_method(SSL *ssl) return ssl->method; } -/* - * SSL_set_ssl_method - set the SSL method - * - * @param ssl - SSL point - * @param meth - SSL method point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL method */ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) { @@ -580,12 +445,8 @@ go_failed1: return ret; } -/* - * SSL_get_shutdown - get SSL shutdown mode - * - * @param ssl - SSL point - * - * @return shutdown mode +/** + * @brief get SSL shutdown mode */ int SSL_get_shutdown(const SSL *ssl) { @@ -594,13 +455,8 @@ int SSL_get_shutdown(const SSL *ssl) return ssl->shutdown; } -/* - * SSL_set_quiet_shutdown - set SSL shutdown mode - * - * @param ssl - SSL point - * @param mode - shutdown mode - * - * @return none +/** + * @brief set SSL shutdown mode */ void SSL_set_shutdown(SSL *ssl, int mode) { @@ -610,12 +466,8 @@ void SSL_set_shutdown(SSL *ssl, int mode) } -/* - * SSL_pending - get the number of the bytes to be read - * - * @param ssl - SSL point - * - * @return number of the bytes +/** + * @brief get the number of the bytes to be read */ int SSL_pending(const SSL *ssl) { @@ -628,14 +480,8 @@ int SSL_pending(const SSL *ssl) return ret; } -/* - * SSL_has_pending - check if some data can be read - * - * @param ssl - SSL point - * - * @return - * 1 : there are bytes to be read - * 0 : no data +/** + * @brief check if some data can be read */ int SSL_has_pending(const SSL *ssl) { @@ -651,52 +497,32 @@ int SSL_has_pending(const SSL *ssl) return ret; } -/* - * SSL_CTX_clear_options - clear the SSL context option bit of "op" - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option +/** + * @brief clear the SSL context option bit of "op" */ unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) { return ctx->options &= ~op; } -/* - * SSL_CTX_clear_options - get the SSL context option - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option +/** + * @brief get the SSL context option */ unsigned long SSL_CTX_get_options(SSL_CTX *ctx) { return ctx->options; } -/* - * SSL_CTX_set_option - set the option of the SSL context - * - * @param ctx - the SSL context - * - * @return the SSL context option - * +/** + * @brief set the option of the SSL context */ unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt) { return ctx->options |= opt; } -/* - * SSL_clear_options - clear SSL option - * - * @param ssl - SSL point - * @param op - clear option - * - * @return SSL option +/** + * @brief clear SSL option */ unsigned long SSL_clear_options(SSL *ssl, unsigned long op) { @@ -705,12 +531,8 @@ unsigned long SSL_clear_options(SSL *ssl, unsigned long op) return ssl->options & ~op; } -/* - * SSL_clear_options - get SSL option - * - * @param ssl - SSL point - * - * @return SSL option +/** + * @brief get SSL option */ unsigned long SSL_get_options(SSL *ssl) { @@ -719,13 +541,8 @@ unsigned long SSL_get_options(SSL *ssl) return ssl->options; } -/* - * SSL_clear_options - clear SSL option - * - * @param ssl - SSL point - * @param op - setting option - * - * @return SSL option +/** + * @brief clear SSL option */ unsigned long SSL_set_options(SSL *ssl, unsigned long op) { @@ -734,14 +551,8 @@ unsigned long SSL_set_options(SSL *ssl, unsigned long op) return ssl->options |= op; } -/* - * SSL_get_fd - get the socket handle of the SSL - * - * @param ssl - SSL point - * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch +/** + * @brief get the socket handle of the SSL */ int SSL_get_fd(const SSL *ssl) { @@ -754,14 +565,8 @@ int SSL_get_fd(const SSL *ssl) return ret; } -/* - * SSL_get_rfd - get the read only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch +/** + * @brief get the read only socket handle of the SSL */ int SSL_get_rfd(const SSL *ssl) { @@ -774,14 +579,8 @@ int SSL_get_rfd(const SSL *ssl) return ret; } -/* - * SSL_get_wfd - get the write only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return - * >= 0 : yes, and return socket handle - * < 0 : a error catch +/** + * @brief get the write only socket handle of the SSL */ int SSL_get_wfd(const SSL *ssl) { @@ -794,15 +593,8 @@ int SSL_get_wfd(const SSL *ssl) return ret; } -/* - * SSL_set_fd - bind the socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief bind the socket file description into the SSL */ int SSL_set_fd(SSL *ssl, int fd) { @@ -814,15 +606,8 @@ int SSL_set_fd(SSL *ssl, int fd) return 1; } -/* - * SSL_set_fd - bind the read only socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief bind the read only socket file description into the SSL */ int SSL_set_rfd(SSL *ssl, int fd) { @@ -834,15 +619,8 @@ int SSL_set_rfd(SSL *ssl, int fd) return 1; } -/* - * SSL_set_fd - bind the write only socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief bind the write only socket file description into the SSL */ int SSL_set_wfd(SSL *ssl, int fd) { @@ -854,12 +632,8 @@ int SSL_set_wfd(SSL *ssl, int fd) return 1; } -/* - * SSL_version - get SSL version - * - * @param ssl - SSL point - * - * @return SSL version +/** + * @brief get SSL version */ int SSL_version(const SSL *ssl) { @@ -868,12 +642,8 @@ int SSL_version(const SSL *ssl) return ssl->version; } -/* - * ssl_protocol_to_string - get the SSL version string - * - * @param version - the SSL version - * - * @return the SSL version string +/** + * @brief get the SSL version string */ static const char* ssl_protocol_to_string(int version) { @@ -893,12 +663,8 @@ static const char* ssl_protocol_to_string(int version) return str; } -/* - * SSL_get_version - get the SSL current version - * - * @param ssl - SSL point - * - * @return the version string +/** + * @brief get the SSL current version */ const char *SSL_get_version(const SSL *ssl) { @@ -907,12 +673,8 @@ const char *SSL_get_version(const SSL *ssl) return ssl_protocol_to_string(SSL_version(ssl)); } -/* - * SSL_alert_desc_string - get alert description string - * - * @param value - alert value - * - * @return alert description string +/** + * @brief get alert description string */ const char* SSL_alert_desc_string(int value) { @@ -1018,12 +780,8 @@ const char* SSL_alert_desc_string(int value) return str; } -/* - * SSL_alert_desc_string - get alert description long string - * - * @param value - alert value - * - * @return alert description long string +/** + * @brief get alert description long string */ const char* SSL_alert_desc_string_long(int value) { @@ -1129,12 +887,8 @@ const char* SSL_alert_desc_string_long(int value) return str; } -/* - * SSL_alert_type_string - get alert type string - * - * @param value - alert value - * - * @return alert type string +/** + * @brief get alert type string */ const char *SSL_alert_type_string(int value) { @@ -1156,12 +910,8 @@ const char *SSL_alert_type_string(int value) return str; } -/* - * SSL_alert_type_string_long - get alert type long string - * - * @param value - alert value - * - * @return alert type long string +/** + * @brief get alert type long string */ const char *SSL_alert_type_string_long(int value) { @@ -1183,12 +933,8 @@ const char *SSL_alert_type_string_long(int value) return str; } -/* - * SSL_rstate_string - get the state string where SSL is reading - * - * @param ssl - SSL point - * - * @return state string +/** + * @brief get the state string where SSL is reading */ const char *SSL_rstate_string(SSL *ssl) { @@ -1215,12 +961,8 @@ const char *SSL_rstate_string(SSL *ssl) return str; } -/* - * SSL_rstate_string_long - get the statement long string where SSL is reading - * - * @param ssl - SSL point - * - * @return statement long string +/** + * @brief get the statement long string where SSL is reading */ const char *SSL_rstate_string_long(SSL *ssl) { @@ -1246,12 +988,8 @@ const char *SSL_rstate_string_long(SSL *ssl) return str; } -/* - * SSL_state_string - get SSL statement string - * - * @param ssl - SSL point - * - * @return SSL statement string +/** + * @brief get SSL statement string */ char *SSL_state_string(const SSL *ssl) { @@ -1358,12 +1096,8 @@ char *SSL_state_string(const SSL *ssl) return str; } -/* - * SSL_state_string_long - get SSL statement long string - * - * @param ssl - SSL point - * - * @return SSL statement long string +/** + * @brief get SSL statement long string */ char *SSL_state_string_long(const SSL *ssl) { @@ -1476,13 +1210,8 @@ char *SSL_state_string_long(const SSL *ssl) return str; } -/* - * SSL_CTX_set_default_read_buffer_len - set the SSL context read buffer length - * - * @param ctx - SSL context point - * @param len - read buffer length - * - * @return none +/** + * @brief set the SSL context read buffer length */ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) { @@ -1492,13 +1221,8 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) ctx->read_buffer_len = len; } -/* - * SSL_set_default_read_buffer_len - set the SSL read buffer length - * - * @param ssl - SSL point - * @param len - read buffer length - * - * @return none +/** + * @brief set the SSL read buffer length */ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) { @@ -1508,13 +1232,8 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) SSL_METHOD_CALL(set_bufflen, ssl, len); } -/* - * SSL_set_info_callback - set the SSL information callback function - * - * @param ssl - SSL point - * @param cb - information callback function - * - * @return none +/** + * @brief set the SSL information callback function */ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) { @@ -1523,32 +1242,23 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int v ssl->info_callback = cb; } -/* - * SSL_CTX_up_ref - add SSL context reference count by '1' - * - * @param ctx - SSL context point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief add SSL context reference count by '1' */ int SSL_CTX_up_ref(SSL_CTX *ctx) { SSL_ASSERT(ctx); - /* no support multi-thread SSL here */ + /** + * no support multi-thread SSL here + */ ctx->references++; return 1; } -/* - * SSL_set_security_level - set the SSL security level - * - * @param ssl - SSL point - * @param level - security level - * - * @return none +/** + * @brief set the SSL security level */ void SSL_set_security_level(SSL *ssl, int level) { @@ -1557,12 +1267,8 @@ void SSL_set_security_level(SSL *ssl, int level) ssl->cert->sec_level = level; } -/* - * SSL_get_security_level - get the SSL security level - * - * @param ssl - SSL point - * - * @return security level +/** + * @brief get the SSL security level */ int SSL_get_security_level(const SSL *ssl) { @@ -1571,12 +1277,8 @@ int SSL_get_security_level(const SSL *ssl) return ssl->cert->sec_level; } -/* - * SSL_CTX_get_verify_mode - get the SSL verifying mode of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying mode +/** + * @brief get the SSL verifying mode of the SSL context */ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { @@ -1585,13 +1287,8 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) return ctx->verify_mode; } -/* - * SSL_CTX_set_timeout - set the session timeout time - * - * @param ctx - SSL context point - * @param t - new session timeout time - * - * @return old session timeout time +/** + * @brief set the session timeout time */ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t) { @@ -1605,12 +1302,8 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t) return l; } -/* - * SSL_CTX_get_timeout - get the session timeout time - * - * @param ctx - SSL context point - * - * @return current session timeout time +/** + * @brief get the session timeout time */ long SSL_CTX_get_timeout(const SSL_CTX *ctx) { @@ -1619,13 +1312,8 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx) return ctx->session_timeout; } -/* - * SSL_set_read_ahead - set the SSL if we can read as many as data - * - * @param ssl - SSL point - * @param yes - enable the function - * - * @return none +/** + * @brief set the SSL if we can read as many as data */ void SSL_set_read_ahead(SSL *ssl, int yes) { @@ -1634,13 +1322,8 @@ void SSL_set_read_ahead(SSL *ssl, int yes) ssl->rlayer.read_ahead = yes; } -/* - * SSL_set_read_ahead - set the SSL context if we can read as many as data - * - * @param ctx - SSL context point - * @param yes - enable the function - * - * @return none +/** + * @brief set the SSL context if we can read as many as data */ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { @@ -1649,12 +1332,8 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) ctx->read_ahead = yes; } -/* - * SSL_set_read_ahead - get the SSL ahead signal if we can read as many as data - * - * @param ssl - SSL point - * - * @return SSL context ahead signal +/** + * @brief get the SSL ahead signal if we can read as many as data */ int SSL_get_read_ahead(const SSL *ssl) { @@ -1663,12 +1342,8 @@ int SSL_get_read_ahead(const SSL *ssl) return ssl->rlayer.read_ahead; } -/* - * SSL_set_read_ahead - get the SSL context ahead signal if we can read as many as data - * - * @param ctx - SSL context point - * - * @return SSL context ahead signal +/** + * @brief get the SSL context ahead signal if we can read as many as data */ long SSL_CTX_get_read_ahead(SSL_CTX *ctx) { @@ -1677,14 +1352,8 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx) return ctx->read_ahead; } -/* - * SSL_CTX_get_ciphers - check if the SSL context can read as many as data - * - * @param ctx - SSL context point - * - * @return - * 1 : Yes - * 0 : No +/** + * @brief check if the SSL context can read as many as data */ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx) { @@ -1693,13 +1362,8 @@ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx) return ctx->read_ahead; } -/* - * SSL_set_time - set SSL session time - * - * @param ssl - SSL point - * @param t - session time - * - * @return session time +/** + * @brief set SSL session time */ long SSL_set_time(SSL *ssl, long t) { @@ -1710,13 +1374,8 @@ long SSL_set_time(SSL *ssl, long t) return t; } -/* - * SSL_set_time - set SSL session timeout time - * - * @param ssl - SSL point - * @param t - session timeout time - * - * @return session timeout time +/** + * @brief set SSL session timeout time */ long SSL_set_timeout(SSL *ssl, long t) { @@ -1727,12 +1386,8 @@ long SSL_set_timeout(SSL *ssl, long t) return t; } -/* - * SSL_get_verify_result - get the verifying result of the SSL certification - * - * @param ssl - the SSL point - * - * @return the result of verifying +/** + * @brief get the verifying result of the SSL certification */ long SSL_get_verify_result(const SSL *ssl) { @@ -1741,12 +1396,8 @@ long SSL_get_verify_result(const SSL *ssl) return SSL_METHOD_CALL(get_verify_result, ssl); } -/* - * SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying depth +/** + * @brief get the SSL verifying depth of the SSL context */ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { @@ -1755,13 +1406,8 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) return ctx->param.depth; } -/* - * SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context - * - * @param ctx - SSL context point - * @param depth - verifying depth - * - * @return one +/** + * @brief set the SSL verify depth of the SSL context */ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) { @@ -1770,12 +1416,8 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) ctx->param.depth = depth; } -/* - * SSL_get_verify_depth - get the SSL verifying depth of the SSL - * - * @param ctx - SSL point - * - * @return verifying depth +/** + * @brief get the SSL verifying depth of the SSL */ int SSL_get_verify_depth(const SSL *ssl) { @@ -1784,13 +1426,8 @@ int SSL_get_verify_depth(const SSL *ssl) return ssl->param.depth; } -/* - * SSL_set_verify_depth - set the SSL verify depth of the SSL - * - * @param ctx - SSL point - * @param depth - verifying depth - * - * @return one +/** + * @brief set the SSL verify depth of the SSL */ void SSL_set_verify_depth(SSL *ssl, int depth) { @@ -1799,14 +1436,8 @@ void SSL_set_verify_depth(SSL *ssl, int depth) ssl->param.depth = depth; } -/* - * SSL_CTX_set_verify - set the SSL context verifying of the SSL context - * - * @param ctx - SSL context point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none +/** + * @brief set the SSL context verifying of the SSL context */ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) { @@ -1816,14 +1447,8 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509 ctx->default_verify_callback = verify_callback; } -/* - * SSL_set_verify - set the SSL verifying of the SSL context - * - * @param ctx - SSL point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none +/** + * @brief set the SSL verifying of the SSL context */ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) { diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index c6fb40e59c..042d670ab9 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -16,7 +16,7 @@ #include "ssl_methods.h" #include "ssl_pm.h" -/* +/** * TLS method function collection */ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, @@ -28,7 +28,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_get_verify_result, ssl_pm_get_state); -/* +/** * TLS or SSL client method collection */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); @@ -41,7 +41,7 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); -/* +/** * TLS or SSL server method collection */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); @@ -54,7 +54,7 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); -/* +/** * TLS or SSL method collection */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); @@ -67,15 +67,15 @@ IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); -/* - * X509 certification method collection +/** + * @brief get X509 object method */ IMPLEMENT_X509_METHOD(X509_method, x509_pm_new, x509_pm_free, x509_pm_load, x509_pm_unload); -/* - * private key method collection +/** + * @brief get private key object method */ IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, pkey_pm_new, pkey_pm_free, diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index e13870344f..6f51963eb0 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -19,12 +19,8 @@ #include "ssl_dbg.h" #include "ssl_port.h" -/* - * EVP_PKEY_new - create a private key object - * - * @param none - * - * @return private key object point or NULL if failed +/** + * @brief create a private key object */ EVP_PKEY* EVP_PKEY_new(void) { @@ -49,12 +45,8 @@ failed1: return NULL; } -/* - * EVP_PKEY_free - free a private key object - * - * @param pkey - private key object point - * - * @return none +/** + * @brief free a private key object */ void EVP_PKEY_free(EVP_PKEY *pkey) { @@ -63,16 +55,9 @@ void EVP_PKEY_free(EVP_PKEY *pkey) ssl_free(pkey); } -/* - * d2i_PrivateKey - load a character key context into system context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - * - * @param type - private key type - * @param a - a point pointed to a private key point - * @param pp - a point pointed to the key context memory point - * @param length - key bytes - * - * @return private key object point or NULL if failed +/** + * @brief load a character key context into system context. If '*a' is pointed to the + * private key, then load key into it. Or create a new private key object */ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, @@ -112,15 +97,8 @@ failed1: return NULL; } -/* - * SSL_CTX_use_certificate - set the SSL context private key - * - * @param ctx - SSL context point - * @param x - private key point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL context private key */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { @@ -135,15 +113,8 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) return 1; } -/* - * SSL_CTX_use_certificate - set the SSL private key - * - * @param ctx - SSL point - * @param x - private key point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL private key */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { @@ -163,17 +134,8 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) return 1; } -/* - * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context - * - * @param type - private key type - * @param ctx - SSL context point - * @param d - private key context point - * @param len - private key context bytes - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load private key into the SSL context */ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) @@ -197,17 +159,8 @@ failed1: return 0; } -/* - * SSL_use_PrivateKey_ASN1 - load private key into the SSL - * - * @param type - private key type - * @param ctx - SSL context point - * @param d - private key context point - * @param len - private key context bytes - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load private key into the SSL */ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) @@ -255,48 +208,24 @@ failed1: return 0; } -/* - * SSL_CTX_use_certificate_file - load the private key file into SSL context - * - * @param ctx - SSL context point - * @param file - private key file name - * @param type - private key encoding type - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load the private key file into SSL context */ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { return 0; } -/* - * SSL_use_PrivateKey_file - load the private key file into SSL - * - * @param ctx - SSL point - * @param file - private key file name - * @param type - private key encoding type - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load the private key file into SSL */ int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { return 0; } -/* - * SSL_CTX_use_certificate_ASN1 - load the RSA ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - RSA private key length - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load the RSA ASN1 private key into SSL context */ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) { diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 6eb3c1d461..e96511dc4a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -18,12 +18,8 @@ #include "ssl_dbg.h" #include "ssl_port.h" -/* - * sk_X509_NAME_new_null - create a X509 certification object - * - * @param none - * - * @return X509 certification object point or NULL if failed +/** + * @brief create a X509 certification object */ X509* X509_new(void) { @@ -48,12 +44,8 @@ failed1: return NULL; } -/* - * X509_free - free a X509 certification object - * - * @param x - X509 certification object point - * - * @return none +/** + * @brief free a X509 certification object */ void X509_free(X509 *x) { @@ -62,15 +54,9 @@ void X509_free(X509 *x) ssl_free(x); }; -/* - * d2i_X509 - load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - * - * @param cert - a point pointed to X509 certification - * @param buffer - a point pointed to the certification context memory point - * @param length - certification bytes - * - * @return X509 certification object point or NULL if failed +/** + * @brief load a character certification context into system context. If '*cert' is pointed to the + * certification, then load certification into it. Or create a new X509 certification object */ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) { @@ -103,15 +89,8 @@ failed1: return NULL; } -/* - * SSL_CTX_add_client_CA - set SSL context client CA certification - * - * @param ctx - SSL context point - * @param x - client CA certification point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set SSL context client CA certification */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { @@ -126,15 +105,8 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return 1; } -/* - * SSL_add_client_CA - add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - CA certification point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief add CA client certification into the SSL */ int SSL_add_client_CA(SSL *ssl, X509 *x) { @@ -151,15 +123,8 @@ int SSL_add_client_CA(SSL *ssl, X509 *x) return 1; } -/* - * SSL_CTX_use_certificate - set the SSL context certification - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL context certification */ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { @@ -171,15 +136,8 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) return 1; } -/* - * SSL_CTX_use_certificate - set the SSL certification - * - * @param ctx - SSL point - * @param x - X509 certification point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief set the SSL certification */ int SSL_use_certificate(SSL *ssl, X509 *x) { @@ -191,12 +149,8 @@ int SSL_use_certificate(SSL *ssl, X509 *x) return 1; } -/* - * SSL_get_certificate - get the SSL certification point - * - * @param ssl - SSL point - * - * @return SSL certification point +/** + * @brief get the SSL certification point */ X509 *SSL_get_certificate(const SSL *ssl) { @@ -205,16 +159,8 @@ X509 *SSL_get_certificate(const SSL *ssl) return ssl->cert->x509; } -/* - * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context - * - * @param ctx - SSL context point - * @param len - certification context bytes - * @param d - certification context point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load certification into the SSL context */ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) @@ -238,16 +184,8 @@ failed1: return 0; } -/* - * SSL_use_certificate_ASN1 - load certification into the SSL - * - * @param ctx - SSL point - * @param len - certification context bytes - * @param d - certification context point - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load certification into the SSL */ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d) @@ -295,44 +233,24 @@ failed1: return 0; } -/* - * SSL_CTX_use_certificate_file - load the certification file into SSL context - * - * @param ctx - SSL context point - * @param file - certification file name - * @param type - certification encoding type - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load the certification file into SSL context */ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { return 0; } -/* - * SSL_use_certificate_file - load the certification file into SSL - * - * @param ctx - SSL point - * @param file - certification file name - * @param type - certification encoding type - * - * @return - * 1 : OK - * 0 : failed +/** + * @brief load the certification file into SSL */ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { return 0; } -/* - * SSL_get_peer_certificate - get peer certification - * - * @param ssl - SSL point - * - * @return certification +/** + * @brief get peer certification */ X509 *SSL_get_peer_certificate(const SSL *ssl) { diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index b03aee3e37..9abfc212ec 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -62,6 +62,9 @@ unsigned int max_content_len; /*********************************************************************************************/ /************************************ SSL arch interface *************************************/ +/** + * @brief create SSL low-level object + */ int ssl_pm_new(SSL *ssl) { struct ssl_pm *ssl_pm; @@ -140,6 +143,9 @@ failed1: return -1; } +/** + * @brief free SSL low-level object + */ void ssl_pm_free(SSL *ssl) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; @@ -156,6 +162,9 @@ void ssl_pm_free(SSL *ssl) ssl->ssl_pm = NULL; } +/** + * @brief reload SSL low-level certification object + */ static int ssl_pm_reload_crt(SSL *ssl) { int ret; From f9fd5b6c72b6a08579f17317ab997306393516b1 Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 14:52:33 +0800 Subject: [PATCH 23/52] components/openssl: add X509 verify result errno --- .../openssl/include/internal/x509_vfy.h | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 components/openssl/include/internal/x509_vfy.h diff --git a/components/openssl/include/internal/x509_vfy.h b/components/openssl/include/internal/x509_vfy.h new file mode 100644 index 0000000000..cab110e421 --- /dev/null +++ b/components/openssl/include/internal/x509_vfy.h @@ -0,0 +1,103 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _X509_VFY_H_ +#define _X509_VFY_H_ + +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_INVALID_CA 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +#define X509_V_ERR_UNNESTED_RESOURCE 46 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +#define X509_V_ERR_APPLICATION_VERIFICATION 50 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +#define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +#define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +#define X509_V_ERR_EE_KEY_TOO_SMALL 66 +#define X509_V_ERR_CA_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +#define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +#define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +#define X509_V_ERR_NO_VALID_SCTS 71 + +#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 + +#endif From 5c5f7eb7feb16ba2632ad4701d7ef283a3371fec Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 14:53:19 +0800 Subject: [PATCH 24/52] components/openssl: add openssl stack object function --- .../openssl/include/internal/ssl_stack.h | 33 +++++++++ components/openssl/library/ssl_stack.c | 70 +++++++++++++++++++ 2 files changed, 103 insertions(+) create mode 100644 components/openssl/include/internal/ssl_stack.h create mode 100644 components/openssl/library/ssl_stack.c diff --git a/components/openssl/include/internal/ssl_stack.h b/components/openssl/include/internal/ssl_stack.h new file mode 100644 index 0000000000..b97015bd95 --- /dev/null +++ b/components/openssl/include/internal/ssl_stack.h @@ -0,0 +1,33 @@ +#ifndef _SSL_STACK_H_ +#define _SSL_STACK_H_ + +#include "ssl_types.h" + +/** + * @brief create a openssl stack object + * + * @param c - stack function + * + * @return openssl stack object point + */ +OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c); + +/** + * @brief create a NULL function openssl stack object + * + * @param none + * + * @return openssl stack object point + */ +OPENSSL_STACK *OPENSSL_sk_new_null(void); + +/** + * @brief free openssl stack object + * + * @param openssl stack object point + * + * @return none + */ +void OPENSSL_sk_free(OPENSSL_STACK *stack); + +#endif diff --git a/components/openssl/library/ssl_stack.c b/components/openssl/library/ssl_stack.c new file mode 100644 index 0000000000..46e6f7efd8 --- /dev/null +++ b/components/openssl/library/ssl_stack.c @@ -0,0 +1,70 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "ssl_stack.h" +#include "ssl_dbg.h" +#include "ssl_port.h" + +#ifndef CONFIG_MIN_NODES + #define MIN_NODES 4 +#else + #define MIN_NODES CONFIG_MIN_NODES +#endif + +/** + * @brief create a openssl stack object + */ +OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) +{ + OPENSSL_STACK *stack; + char **data; + + stack = ssl_malloc(sizeof(OPENSSL_STACK)); + if (!stack) + SSL_RET(failed1); + + data = ssl_malloc(sizeof(*data) * MIN_NODES); + if (!data) + SSL_RET(failed2); + + stack->data = data; + stack->num_alloc = MIN_NODES; + stack->c = c; + + return stack; + +failed2: + ssl_free(stack); +failed1: + return NULL; +} + +/** + * @brief create a NULL function openssl stack object + */ +OPENSSL_STACK *OPENSSL_sk_new_null(void) +{ + return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); +} + +/** + * @brief free openssl stack object + */ +void OPENSSL_sk_free(OPENSSL_STACK *stack) +{ + SSL_ASSERT(stack); + + ssl_free(stack->data); + ssl_free(stack); +} From 12b72e91afb384d975a5abfe0eeedcec560345b6 Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 14:58:14 +0800 Subject: [PATCH 25/52] components/openssl: remove unused variate --- components/openssl/library/ssl_pkey.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 6f51963eb0..6891b69eb3 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -118,9 +118,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { - int ret; - int ssl_ret; - SSL_ASSERT(ctx); SSL_ASSERT(pkey); From 83aea6c833c399757d3c740bcd23b0f6ba912859 Mon Sep 17 00:00:00 2001 From: dongheng Date: Fri, 23 Sep 2016 15:18:14 +0800 Subject: [PATCH 26/52] components/openssl: add extern C symbol --- components/openssl/include/internal/ssl3.h | 8 ++++++++ components/openssl/include/internal/ssl_cert.h | 8 ++++++++ components/openssl/include/internal/ssl_code.h | 8 ++++++++ components/openssl/include/internal/ssl_dbg.h | 8 ++++++++ components/openssl/include/internal/ssl_lib.h | 8 ++++++++ components/openssl/include/internal/ssl_methods.h | 8 ++++++++ components/openssl/include/internal/ssl_pkey.h | 8 ++++++++ components/openssl/include/internal/ssl_stack.h | 8 ++++++++ components/openssl/include/internal/ssl_types.h | 8 ++++++++ components/openssl/include/internal/ssl_x509.h | 8 ++++++++ components/openssl/include/internal/tls1.h | 8 ++++++++ components/openssl/include/internal/x509_vfy.h | 8 ++++++++ components/openssl/include/openssl/ssl.h | 7 +++++++ components/openssl/include/platform/ssl_pm.h | 4 ++++ components/openssl/include/platform/ssl_port.h | 4 ++++ 15 files changed, 111 insertions(+) diff --git a/components/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h index c90d546df0..007b392f3e 100644 --- a/components/openssl/include/internal/ssl3.h +++ b/components/openssl/include/internal/ssl3.h @@ -15,6 +15,10 @@ #ifndef _SSL3_H_ #define _SSL3_H_ +#ifdef __cplusplus + extern "C" { +#endif + # define SSL3_AD_CLOSE_NOTIFY 0 # define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ # define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ @@ -33,4 +37,8 @@ #define SSL3_VERSION 0x0300 +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h index b0bd09d480..6441aaf521 100644 --- a/components/openssl/include/internal/ssl_cert.h +++ b/components/openssl/include/internal/ssl_cert.h @@ -15,6 +15,10 @@ #ifndef _SSL_CERT_H_ #define _SSL_CERT_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" /** @@ -35,4 +39,8 @@ CERT* ssl_cert_new(void); */ void ssl_cert_free(CERT *cert); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index 34107d432d..80fdbb20f3 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -15,6 +15,10 @@ #ifndef _SSL_CODE_H_ #define _SSL_CODE_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl3.h" #include "tls1.h" #include "x509_vfy.h" @@ -113,4 +117,8 @@ typedef enum { TLS_ST_SW_FINISHED } OSSL_HANDSHAKE_STATE; +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 745de536ff..27a4bc4db5 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -15,6 +15,10 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ +#ifdef __cplusplus + extern "C" { +#endif + #define SSL_DEBUG_ENBALE 0 #define SSL_DEBUG_LEVEL 0 #define SSL_ASSERT_ENABLE 0 @@ -46,4 +50,8 @@ #define SSL_DEBUG(level, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(__VA_ARGS__);} } +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h index 6ea547a7c5..bf7de22fdf 100644 --- a/components/openssl/include/internal/ssl_lib.h +++ b/components/openssl/include/internal/ssl_lib.h @@ -15,6 +15,14 @@ #ifndef _SSL_LIB_H_ #define _SSL_LIB_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 68737b4381..a20b7c768e 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -15,6 +15,10 @@ #ifndef _SSL_METHODS_H_ #define _SSL_METHODS_H_ +#ifdef __cplusplus + extern "C" { +#endif + /** * TLS method function implement */ @@ -110,4 +114,8 @@ const X509_METHOD* X509_method(void); */ const PKEY_METHOD* EVP_PKEY_method(void); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index d9a22ee02c..5b7f341de9 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -15,6 +15,10 @@ #ifndef _SSL_PKEY_H_ #define _SSL_PKEY_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" /** @@ -51,4 +55,8 @@ EVP_PKEY* d2i_PrivateKey(int type, */ void EVP_PKEY_free(EVP_PKEY *x); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_stack.h b/components/openssl/include/internal/ssl_stack.h index b97015bd95..b37c8dffa9 100644 --- a/components/openssl/include/internal/ssl_stack.h +++ b/components/openssl/include/internal/ssl_stack.h @@ -1,6 +1,10 @@ #ifndef _SSL_STACK_H_ #define _SSL_STACK_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" /** @@ -30,4 +34,8 @@ OPENSSL_STACK *OPENSSL_sk_new_null(void); */ void OPENSSL_sk_free(OPENSSL_STACK *stack); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 6da6076148..1dc31f5a53 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -15,6 +15,10 @@ #ifndef _SSL_TYPES_H_ #define _SSL_TYPES_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_code.h" typedef void SSL_CIPHER; @@ -294,4 +298,8 @@ typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 9359073b69..5dac46137b 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -15,6 +15,10 @@ #ifndef _SSL_X509_H_ #define _SSL_X509_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" #include "ssl_stack.h" @@ -50,4 +54,8 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); */ void X509_free(X509 *x); +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h index b2da639194..a9da53e063 100644 --- a/components/openssl/include/internal/tls1.h +++ b/components/openssl/include/internal/tls1.h @@ -15,6 +15,10 @@ #ifndef _TLS1_H_ #define _TLS1_H_ +#ifdef __cplusplus + extern "C" { +#endif + # define TLS1_AD_DECRYPTION_FAILED 21 # define TLS1_AD_RECORD_OVERFLOW 22 # define TLS1_AD_UNKNOWN_CA 48/* fatal */ @@ -44,4 +48,8 @@ #define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/internal/x509_vfy.h b/components/openssl/include/internal/x509_vfy.h index cab110e421..d5b0d1a213 100644 --- a/components/openssl/include/internal/x509_vfy.h +++ b/components/openssl/include/internal/x509_vfy.h @@ -15,6 +15,10 @@ #ifndef _X509_VFY_H_ #define _X509_VFY_H_ +#ifdef __cplusplus + extern "C" { +#endif + #define X509_V_OK 0 #define X509_V_ERR_UNSPECIFIED 1 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 @@ -100,4 +104,8 @@ #define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +#ifdef __cplusplus +} +#endif + #endif diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 3f92a68d70..3e8e88e67c 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -15,6 +15,10 @@ #ifndef _SSL_H_ #define _SSL_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "platform/ssl_port.h" #include "internal/ssl_x509.h" @@ -1684,5 +1688,8 @@ const char *SSL_get_psk_identity_hint(SSL *ssl); */ const char *SSL_get_psk_identity(SSL *ssl); +#ifdef __cplusplus +} +#endif #endif diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 3f64a4ae32..47a7331b7e 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -15,6 +15,10 @@ #ifndef _SSL_PM_H_ #define _SSL_PM_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "ssl_types.h" #include "ssl_port.h" diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 23ef5a8757..995d33e0e5 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -15,6 +15,10 @@ #ifndef _SSL_PORT_H_ #define _SSL_PORT_H_ +#ifdef __cplusplus + extern "C" { +#endif + #include "esp_types.h" void* ssl_zalloc(size_t size); From d2bc170b869be45772c0889f0c2a8af751222510 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Fri, 23 Sep 2016 18:13:10 +0800 Subject: [PATCH 27/52] components/openssl: add SSL session function 1. add SSL session new and free function 2. add SSL session peer cert get and free operation 3. above all, change low-level cert object to be object point not object --- .../openssl/include/internal/ssl_types.h | 2 +- components/openssl/library/ssl_lib.c | 46 +++- components/openssl/library/ssl_x509.c | 4 +- components/openssl/platform/ssl_pm.c | 207 ++++++++++-------- 4 files changed, 161 insertions(+), 98 deletions(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 1dc31f5a53..34249ea054 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -213,7 +213,7 @@ struct ssl_st /* where we are */ OSSL_STATEM statem; - SSL_SESSION session; + SSL_SESSION *session; int verify_mode; diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index a84b89e06c..ded30a33ac 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -117,6 +117,38 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) return state; } +/** + * @brief create a new SSL session object + */ +SSL_SESSION* SSL_SESSION_new(void) +{ + SSL_SESSION *session; + + session = ssl_zalloc(sizeof(SSL_SESSION)); + if (!session) + SSL_RET(failed1); + + session->peer = X509_new(); + if (!session->peer) + SSL_RET(failed2); + + return session; + +failed2: + ssl_free(session); +failed1: + return NULL; +} + +/** + * @brief free a new SSL session object + */ +void SSL_SESSION_free(SSL_SESSION *session) +{ + X509_free(session->peer); + ssl_free(session); +} + /** * @brief create a SSL context */ @@ -210,6 +242,10 @@ SSL *SSL_new(SSL_CTX *ctx) if (!ssl) SSL_RET(failed1, "ssl_zalloc\n"); + ssl->session = SSL_SESSION_new(); + if (!ssl->session) + SSL_RET(failed2, "ssl_zalloc\n"); + ssl->ctx = ctx; ssl->method = ctx->method; @@ -222,12 +258,14 @@ SSL *SSL_new(SSL_CTX *ctx) ret = SSL_METHOD_CALL(new, ssl); if (ret) - SSL_RET(failed2, "ssl_new\n"); + SSL_RET(failed3, "ssl_new\n"); ssl->rwstate = SSL_NOTHING; return ssl; +failed3: + SSL_SESSION_free(ssl->session); failed2: ssl_free(ssl); failed1: @@ -243,6 +281,8 @@ void SSL_free(SSL *ssl) SSL_METHOD_CALL(free, ssl); + SSL_SESSION_free(ssl->session); + if (ssl->ca_reload) X509_free(ssl->client_CA); @@ -1369,7 +1409,7 @@ long SSL_set_time(SSL *ssl, long t) { SSL_ASSERT(ssl); - ssl->session.time = t; + ssl->session->time = t; return t; } @@ -1381,7 +1421,7 @@ long SSL_set_timeout(SSL *ssl, long t) { SSL_ASSERT(ssl); - ssl->session.timeout = t; + ssl->session->timeout = t; return t; } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index e96511dc4a..c3fa0b307a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -32,7 +32,7 @@ X509* X509_new(void) x->method = X509_method(); - ret = x->method->x509_new(x); + ret = X509_METHOD_CALL(new, x); if (ret) SSL_RET(failed2, "x509_new\n"); @@ -256,5 +256,5 @@ X509 *SSL_get_peer_certificate(const SSL *ssl) { SSL_ASSERT(ssl); - return ssl->session.peer; + return ssl->session->peer; } diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 9abfc212ec..0cf8f6c0a9 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -43,16 +43,16 @@ struct ssl_pm struct x509_pm { - mbedtls_x509_crt x509_crt; + mbedtls_x509_crt *x509_crt; - int load; + mbedtls_x509_crt *ex_crt; }; struct pkey_pm { - mbedtls_pk_context pkey; + mbedtls_pk_context *pkey; - int load; + mbedtls_pk_context *ex_pkey; }; @@ -78,13 +78,9 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; - ssl->session.peer = ssl_zalloc(sizeof(X509)); - if (!ssl->session.peer) - SSL_ERR(ret, failed1, "ssl_zalloc\n"); - ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) - SSL_ERR(ret, failed2, "ssl_zalloc\n"); + SSL_ERR(ret, failed1, "ssl_zalloc\n"); mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -96,7 +92,7 @@ int ssl_pm_new(SSL *ssl) ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); if (ret) - SSL_ERR(ret, failed3, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); + SSL_ERR(ret, failed2, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); if (method->endpoint) { endpoint = MBEDTLS_SSL_IS_SERVER; @@ -105,7 +101,7 @@ int ssl_pm_new(SSL *ssl) } ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) - SSL_ERR(ret, failed3, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); + SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); if (TLS1_2_VERSION == ssl->version) version = MBEDTLS_SSL_MINOR_VERSION_3; @@ -124,7 +120,7 @@ int ssl_pm_new(SSL *ssl) ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); if (ret) - SSL_ERR(ret, failed4, "mbedtls_ssl_setup:[-0x%x]\n", -ret); + SSL_ERR(ret, failed3, "mbedtls_ssl_setup:[-0x%x]\n", -ret); mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); @@ -132,13 +128,11 @@ int ssl_pm_new(SSL *ssl) return 0; -failed4: +failed3: mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); -failed3: - mbedtls_entropy_free(&ssl_pm->entropy); failed2: - ssl_free(ssl->session.peer); + mbedtls_entropy_free(&ssl_pm->entropy); failed1: return -1; } @@ -155,9 +149,6 @@ void ssl_pm_free(SSL *ssl) mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); - ssl_free(ssl->session.peer); - ssl->session.peer = NULL; - ssl_free(ssl_pm); ssl->ssl_pm = NULL; } @@ -186,12 +177,12 @@ static int ssl_pm_reload_crt(SSL *ssl) mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - if (ca_pm->load) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &ca_pm->x509_crt, NULL); + if (ca_pm->x509_crt) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); } - if (pkey_pm->load) { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &crt_pm->x509_crt, &pkey_pm->pkey); + if (crt_pm->x509_crt && pkey_pm->pkey) { + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); if (ret) return -1; } @@ -217,9 +208,11 @@ int ssl_pm_handshake(SSL *ssl) ssl_speed_up_exit(); if (!mbed_ret) { + struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; + ret = 1; - ssl->session.peer->x509_pm = (struct x509_pm *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); + x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); } else { ret = 0; SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret); @@ -234,8 +227,13 @@ int ssl_pm_shutdown(SSL *ssl) struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; mbed_ret = mbedtls_ssl_close_notify(&ssl_pm->ssl); - if (!mbed_ret) + if (!mbed_ret) { + struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; + ret = 0; + + x509_pm->ex_crt = NULL; + } else ret = -1; @@ -365,51 +363,26 @@ int x509_pm_new(X509 *x) x509_pm = ssl_zalloc(sizeof(struct x509_pm)); if (!x509_pm) - return -1; + SSL_RET(failed1); x->x509_pm = x509_pm; return 0; + +failed1: + return -1; } void x509_pm_unload(X509 *x) { struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - if (x509_pm->load) - mbedtls_x509_crt_free(&x509_pm->x509_crt); + if (x509_pm->x509_crt) { + mbedtls_x509_crt_free(x509_pm->x509_crt); - x509_pm->load = 0; -} - -int x509_pm_load(X509 *x, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - load_buf = ssl_malloc(len + 1); - if (!load_buf) - SSL_RET(failed1); - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - x509_pm_unload(x); - - mbedtls_x509_crt_init(&x509_pm->x509_crt); - ret = mbedtls_x509_crt_parse(&x509_pm->x509_crt, load_buf, len); - ssl_free(load_buf); - - if (ret) - SSL_RET(failed1, ""); - - x509_pm->load = 1; - - return 0; - -failed1: - return -1; + ssl_free(x509_pm->x509_crt); + x509_pm->x509_crt = NULL; + } } void x509_pm_free(X509 *x) @@ -420,6 +393,44 @@ void x509_pm_free(X509 *x) x->x509_pm = NULL; } +int x509_pm_load(X509 *x, const unsigned char *buffer, int len) +{ + int ret; + unsigned char *load_buf; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; + + if (!x509_pm->x509_crt) { + x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt)); + if (!x509_pm->x509_crt) + SSL_RET(failed1); + } + + load_buf = ssl_malloc(len + 1); + if (!load_buf) + SSL_RET(failed2); + + ssl_memcpy(load_buf, buffer, len); + load_buf[len] = '\0'; + + if (x509_pm->x509_crt) + mbedtls_x509_crt_free(x509_pm->x509_crt); + + mbedtls_x509_crt_init(x509_pm->x509_crt); + ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len); + ssl_free(load_buf); + + if (ret) + SSL_RET(failed2); + + return 0; + +failed2: + ssl_free(x509_pm->x509_crt); + x509_pm->x509_crt = NULL; +failed1: + return -1; +} + int pkey_pm_new(EVP_PKEY *pkey) { struct pkey_pm *pkey_pm; @@ -437,40 +448,12 @@ void pkey_pm_unload(EVP_PKEY *pkey) { struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; - if (pkey_pm->load) - mbedtls_pk_free(&pkey_pm->pkey); + if (pkey_pm->pkey) { + mbedtls_pk_free(pkey_pm->pkey); - pkey_pm->load = 0; -} - -int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; - - load_buf = ssl_malloc(len + 1); - if (!load_buf) - SSL_RET(failed1); - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - pkey_pm_unload(pkey); - - mbedtls_pk_init(&pkey_pm->pkey); - ret = mbedtls_pk_parse_key(&pkey_pm->pkey, load_buf, len, NULL, 0); - ssl_free(load_buf); - - if (ret) - SSL_RET(failed1, ""); - - pkey_pm->load = 1; - - return 0; - -failed1: - return -1; + ssl_free(pkey_pm->pkey); + pkey_pm->pkey = NULL; + } } void pkey_pm_free(EVP_PKEY *pkey) @@ -481,6 +464,46 @@ void pkey_pm_free(EVP_PKEY *pkey) pkey->pkey_pm = NULL; } +int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) +{ + int ret; + unsigned char *load_buf; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; + + if (!pkey_pm->pkey) { + pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); + if (!pkey_pm->pkey) + SSL_RET(failed1); + } + + load_buf = ssl_malloc(len + 1); + if (!load_buf) + SSL_RET(failed2); + + ssl_memcpy(load_buf, buffer, len); + load_buf[len] = '\0'; + + if (pkey_pm->pkey) + mbedtls_pk_free(pkey_pm->pkey); + + mbedtls_pk_init(pkey_pm->pkey); + ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len, NULL, 0); + ssl_free(load_buf); + + if (ret) + SSL_RET(failed2); + + return 0; + +failed2: + ssl_free(pkey_pm->pkey); + pkey_pm->pkey = NULL; +failed1: + return -1; +} + + + void ssl_pm_set_bufflen(SSL *ssl, int len) { max_content_len = len; From e1c4a4bfa3e9a929c42e40238878c1bce83db76a Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Fri, 23 Sep 2016 18:47:09 +0800 Subject: [PATCH 28/52] components/openssl: add cert and pkey extra object point the point is pointed to its father's object and should not free just set NULL if not use --- components/openssl/library/ssl_lib.c | 26 +++++++++++++++++--------- components/openssl/platform/ssl_pm.c | 23 +++++++++++++++++++++-- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ded30a33ac..06bbe270c5 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -246,24 +246,34 @@ SSL *SSL_new(SSL_CTX *ctx) if (!ssl->session) SSL_RET(failed2, "ssl_zalloc\n"); + ssl->cert = ssl_cert_new(); + if (!ssl->cert) + SSL_RET(failed3, "ssl_cert_new\n"); + + ssl->client_CA = X509_new(); + if (!ssl->client_CA) + SSL_RET(failed4, "ssl_cert_new\n"); + ssl->ctx = ctx; ssl->method = ctx->method; ssl->version = ctx->version; ssl->options = ctx->options; - ssl->cert = ctx->cert; - ssl->client_CA = ctx->client_CA; ssl->verify_mode = ctx->verify_mode; ret = SSL_METHOD_CALL(new, ssl); if (ret) - SSL_RET(failed3, "ssl_new\n"); + SSL_RET(failed5, "ssl_new\n"); ssl->rwstate = SSL_NOTHING; return ssl; +failed5: + X509_free(ssl->client_CA); +failed4: + ssl_cert_free(ssl->cert); failed3: SSL_SESSION_free(ssl->session); failed2: @@ -281,14 +291,12 @@ void SSL_free(SSL *ssl) SSL_METHOD_CALL(free, ssl); + X509_free(ssl->client_CA); + + ssl_cert_free(ssl->cert); + SSL_SESSION_free(ssl->session); - if (ssl->ca_reload) - X509_free(ssl->client_CA); - - if (ssl->crt_reload) - ssl_cert_free(ssl->cert); - ssl_free(ssl); } diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 0cf8f6c0a9..311c3a4b6f 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -78,6 +78,14 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; + struct x509_pm *ctx_ca = (struct x509_pm *)ssl->ctx->client_CA->x509_pm; + struct x509_pm *ctx_crt = (struct x509_pm *)ssl->ctx->cert->x509->x509_pm; + struct pkey_pm *ctx_pkey = (struct pkey_pm *)ssl->ctx->cert->pkey->pkey_pm; + + struct x509_pm *ssl_ca = (struct x509_pm *)ssl->client_CA->x509_pm; + struct x509_pm *ssl_crt = (struct x509_pm *)ssl->cert->x509->x509_pm; + struct pkey_pm *ssl_pkey = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; + ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_zalloc\n"); @@ -126,6 +134,10 @@ int ssl_pm_new(SSL *ssl) ssl->ssl_pm = ssl_pm; + ssl_ca->ex_crt = ctx_ca->x509_crt; + ssl_crt->ex_crt = ctx_crt->x509_crt; + ssl_pkey->ex_pkey = ctx_pkey->pkey; + return 0; failed3: @@ -179,14 +191,21 @@ static int ssl_pm_reload_crt(SSL *ssl) if (ca_pm->x509_crt) { mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); + } else if (ca_pm->ex_crt) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); } if (crt_pm->x509_crt && pkey_pm->pkey) { ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); - if (ret) - return -1; + } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) { + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey); + } else { + ret = 0; } + if (ret) + return -1; + return 0; } From cf4aaf639714f4d479dd38ea396ff0a66d5a5981 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 26 Sep 2016 11:14:19 +0800 Subject: [PATCH 29/52] components/openssl: optimize the SSL certification and private key function 1. add inheritance function 2. remove low-level platform unload cert & pkey function 3. optimize the cert load and free function --- .../openssl/include/internal/ssl_cert.h | 9 ++ .../openssl/include/internal/ssl_methods.h | 12 +-- .../openssl/include/internal/ssl_pkey.h | 9 ++ .../openssl/include/internal/ssl_types.h | 12 +-- .../openssl/include/internal/ssl_x509.h | 9 ++ components/openssl/include/platform/ssl_pm.h | 11 +-- components/openssl/library/ssl_cert.c | 33 +++++-- components/openssl/library/ssl_lib.c | 16 ++-- components/openssl/library/ssl_methods.c | 4 +- components/openssl/library/ssl_pkey.c | 82 ++++++++--------- components/openssl/library/ssl_x509.c | 89 ++++++++++--------- components/openssl/platform/ssl_pm.c | 56 +++++------- 12 files changed, 178 insertions(+), 164 deletions(-) diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h index 6441aaf521..86cf31ad51 100644 --- a/components/openssl/include/internal/ssl_cert.h +++ b/components/openssl/include/internal/ssl_cert.h @@ -21,6 +21,15 @@ #include "ssl_types.h" +/** + * @brief create a certification object include private key object according to input certification + * + * @param ic - input certification point + * + * @return certification object point + */ +CERT *__ssl_cert_new(CERT *ic); + /** * @brief create a certification object include private key object * diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index a20b7c768e..9fd9ce9068 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -69,14 +69,12 @@ #define IMPLEMENT_X509_METHOD(func_name, \ new, \ free, \ - load, \ - unload) \ + load) \ const X509_METHOD* func_name(void) { \ static const X509_METHOD func_name##_data LOCAL_ATRR = { \ new, \ free, \ - load, \ - unload, \ + load \ }; \ return &func_name##_data; \ } @@ -84,14 +82,12 @@ #define IMPLEMENT_PKEY_METHOD(func_name, \ new, \ free, \ - load, \ - unload) \ + load) \ const PKEY_METHOD* func_name(void) { \ static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \ new, \ free, \ - load, \ - unload, \ + load \ }; \ return &func_name##_data; \ } diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index 5b7f341de9..f4da041681 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -21,6 +21,15 @@ #include "ssl_types.h" +/** + * @brief create a private key object according to input private key + * + * @param ipk - input private key point + * + * @return new private key object point + */ +EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk); + /** * @brief create a private key object * diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 34249ea054..c571865c1e 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -196,12 +196,8 @@ struct ssl_st /* shut things down(0x01 : sent, 0x02 : received) */ int shutdown; - int crt_reload; - CERT *cert; - int ca_reload; - X509 *client_CA; SSL_CTX *ctx; @@ -274,24 +270,20 @@ struct ssl_method_func_st { struct x509_method_st { - int (*x509_new)(X509 *x); + int (*x509_new)(X509 *x, X509 *m_x); void (*x509_free)(X509 *x); int (*x509_load)(X509 *x, const unsigned char *buf, int len); - - void (*x509_unload)(X509 *x); }; struct pkey_method_st { - int (*pkey_new)(EVP_PKEY *pkey); + int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey); void (*pkey_free)(EVP_PKEY *pkey); int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); - - void (*pkey_unload)(EVP_PKEY *pkey); }; typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 5dac46137b..2c72980b07 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -24,6 +24,15 @@ DEFINE_STACK_OF(X509_NAME) +/** + * @brief create a X509 certification object according to input X509 certification + * + * @param ix - input X509 certification point + * + * @return new X509 certification object point + */ +X509* __X509_new(X509 *ix); + /** * @brief create a X509 certification object * diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 47a7331b7e..cf1d213799 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -42,16 +42,13 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); void ssl_pm_set_bufflen(SSL *ssl, int len); -int x509_pm_new(X509 *x); +int x509_pm_new(X509 *x, X509 *m_x); void x509_pm_free(X509 *x); int x509_pm_load(X509 *x, const unsigned char *buffer, int len); -void x509_pm_unload(X509 *x); -void x509_pm_start_ca(X509 *x); -int pkey_pm_new(EVP_PKEY *pkey); -void pkey_pm_free(EVP_PKEY *pkey); -int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len); -void pkey_pm_unload(EVP_PKEY *pkey); +int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk); +void pkey_pm_free(EVP_PKEY *pk); +int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len); long ssl_pm_get_verify_result(const SSL *ssl); diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index fd05bc8315..e4fd4d7785 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -19,23 +19,34 @@ #include "ssl_port.h" /** - * @brief create a certification object include private key object + * @brief create a certification object according to input certification */ -CERT *ssl_cert_new(void) +CERT *__ssl_cert_new(CERT *ic) { CERT *cert; + X509 *ix; + EVP_PKEY *ipk; + cert = ssl_zalloc(sizeof(CERT)); if (!cert) SSL_RET(failed1, "ssl_zalloc\n"); - cert->pkey = EVP_PKEY_new(); - if (!cert->pkey) - SSL_RET(failed2, "EVP_PKEY_new\n"); + if (ic) { + ipk = ic->pkey; + ix = ic->x509; + } else { + ipk = NULL; + ix = NULL; + } - cert->x509 = X509_new(); + cert->pkey = __EVP_PKEY_new(ipk); + if (!cert->pkey) + SSL_RET(failed2, "__EVP_PKEY_new\n"); + + cert->x509 = __X509_new(ix); if (!cert->x509) - SSL_RET(failed3, "X509_new\n"); + SSL_RET(failed3, "__X509_new\n"); return cert; @@ -47,6 +58,14 @@ failed1: return NULL; } +/** + * @brief create a certification object include private key object + */ +CERT *ssl_cert_new(void) +{ + return __ssl_cert_new(NULL); +} + /** * @brief free a certification object */ diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 06bbe270c5..b82d54cd26 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -158,11 +158,11 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) CERT *cert; X509 *client_ca; - if (!method) SSL_RET(go_failed1, "method\n"); + if (!method) SSL_RET(go_failed1, "method:NULL\n"); client_ca = X509_new(); if (!client_ca) - SSL_RET(go_failed1, "sk_X509_NAME_new_null\n"); + SSL_RET(go_failed1, "X509_new\n"); cert = ssl_cert_new(); if (!cert) @@ -170,7 +170,7 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_RET(go_failed3, "ssl_ctx_new:ctx\n"); + SSL_RET(go_failed3, "ssl_zalloc:ctx\n"); ctx->method = method; ctx->client_CA = client_ca; @@ -244,15 +244,15 @@ SSL *SSL_new(SSL_CTX *ctx) ssl->session = SSL_SESSION_new(); if (!ssl->session) - SSL_RET(failed2, "ssl_zalloc\n"); + SSL_RET(failed2, "SSL_SESSION_new\n"); - ssl->cert = ssl_cert_new(); + ssl->cert = __ssl_cert_new(ctx->cert); if (!ssl->cert) - SSL_RET(failed3, "ssl_cert_new\n"); + SSL_RET(failed3, "__ssl_cert_new\n"); - ssl->client_CA = X509_new(); + ssl->client_CA = __X509_new(ctx->client_CA); if (!ssl->client_CA) - SSL_RET(failed4, "ssl_cert_new\n"); + SSL_RET(failed4, "__X509_new\n"); ssl->ctx = ctx; ssl->method = ctx->method; diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 042d670ab9..e363b5e46d 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -72,11 +72,11 @@ IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); */ IMPLEMENT_X509_METHOD(X509_method, x509_pm_new, x509_pm_free, - x509_pm_load, x509_pm_unload); + x509_pm_load); /** * @brief get private key object method */ IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, pkey_pm_new, pkey_pm_free, - pkey_pm_load, pkey_pm_unload); + pkey_pm_load); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 6891b69eb3..573b1f2e8f 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -20,20 +20,24 @@ #include "ssl_port.h" /** - * @brief create a private key object + * @brief create a private key object according to input private key */ -EVP_PKEY* EVP_PKEY_new(void) +EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) { int ret; EVP_PKEY *pkey; pkey = ssl_zalloc(sizeof(EVP_PKEY)); if (!pkey) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_zalloc\n"); - pkey->method = EVP_PKEY_method(); + if (ipk) { + pkey->method = ipk->method; + } else { + pkey->method = EVP_PKEY_method(); + } - ret = EVP_PKEY_METHOD_CALL(new, pkey); + ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk); if (ret) SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n"); @@ -45,6 +49,14 @@ failed1: return NULL; } +/** + * @brief create a private key object + */ +EVP_PKEY* EVP_PKEY_new(void) +{ + return __EVP_PKEY_new(NULL); +} + /** * @brief free a private key object */ @@ -105,6 +117,9 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSL_ASSERT(ctx); SSL_ASSERT(pkey); + if (ctx->cert->pkey == pkey) + return 1; + if (ctx->cert->pkey) EVP_PKEY_free(ctx->cert->pkey); @@ -118,12 +133,13 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { - SSL_ASSERT(ctx); + SSL_ASSERT(ssl); SSL_ASSERT(pkey); - if (!ssl->ca_reload) - ssl->ca_reload = 1; - else + if (ssl->cert->pkey == pkey) + return 1; + + if (ssl->cert->pkey) EVP_PKEY_free(ssl->cert->pkey); ssl->cert->pkey = pkey; @@ -138,20 +154,20 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; - EVP_PKEY *pkey; + EVP_PKEY *pk; - pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); - if (!pkey) + pk = d2i_PrivateKey(0, NULL, &d, len); + if (!pk) SSL_RET(failed1, "d2i_PrivateKey\n"); - ret = SSL_CTX_use_PrivateKey(ctx, pkey); + ret = SSL_CTX_use_PrivateKey(ctx, pk); if (!ret) SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); return 1; failed2: - EVP_PKEY_free(pkey); + EVP_PKEY_free(pk); failed1: return 0; } @@ -163,44 +179,20 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) { int ret; - int reload; - EVP_PKEY *pkey; - CERT *cert; - CERT *old_cert; + EVP_PKEY *pk; - if (!ssl->crt_reload) { - cert = ssl_cert_new(); - if (!cert) - SSL_RET(failed1, "ssl_cert_new\n"); + pk = d2i_PrivateKey(0, NULL, &d, len); + if (!pk) + SSL_RET(failed1, "d2i_PrivateKey\n"); - old_cert = ssl->cert ; - ssl->cert = cert; - - ssl->crt_reload = 1; - - reload = 1; - } else { - reload = 0; - } - - pkey = d2i_PrivateKey(0, &ssl->cert->pkey, &d, len); - if (!pkey) - SSL_RET(failed2, "d2i_PrivateKey\n"); - - ret = SSL_use_PrivateKey(ssl, pkey); + ret = SSL_use_PrivateKey(ssl, pk); if (!ret) - SSL_RET(failed3, "SSL_use_PrivateKey\n"); + SSL_RET(failed2, "SSL_use_PrivateKey\n"); return 1; -failed3: - EVP_PKEY_free(pkey); failed2: - if (reload) { - ssl->cert = old_cert; - ssl_cert_free(cert); - ssl->crt_reload = 0; - } + EVP_PKEY_free(pk); failed1: return 0; } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index c3fa0b307a..b57cc0dfb9 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -19,9 +19,9 @@ #include "ssl_port.h" /** - * @brief create a X509 certification object + * @brief create a X509 certification object according to input X509 certification */ -X509* X509_new(void) +X509* __X509_new(X509 *ix) { int ret; X509 *x; @@ -30,9 +30,12 @@ X509* X509_new(void) if (!x) SSL_RET(failed1, "ssl_malloc\n"); - x->method = X509_method(); + if (ix) + x->method = ix->method; + else + x->method = X509_method(); - ret = X509_METHOD_CALL(new, x); + ret = X509_METHOD_CALL(new, x, ix); if (ret) SSL_RET(failed2, "x509_new\n"); @@ -44,6 +47,14 @@ failed1: return NULL; } +/** + * @brief create a X509 certification object + */ +X509* X509_new(void) +{ + return __X509_new(NULL); +} + /** * @brief free a X509 certification object */ @@ -78,7 +89,7 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) ret = X509_METHOD_CALL(load, x, buffer, len); if (ret) - SSL_RET(failed2, "X509_METHOD_CALL\n"); + SSL_RET(failed2, "x509_load\n"); return x; @@ -97,8 +108,10 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) SSL_ASSERT(ctx); SSL_ASSERT(x); - if (ctx->client_CA) - X509_free(ctx->client_CA); + if (ctx->client_CA == x) + return 1; + + X509_free(ctx->client_CA); ctx->client_CA = x; @@ -113,10 +126,10 @@ int SSL_add_client_CA(SSL *ssl, X509 *x) SSL_ASSERT(ssl); SSL_ASSERT(x); - if (!ssl->ca_reload) - ssl->ca_reload = 1; - else - X509_free(ssl->client_CA); + if (ssl->client_CA == x) + return 1; + + X509_free(ssl->client_CA); ssl->client_CA = x; @@ -131,6 +144,11 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSL_ASSERT(ctx); SSL_ASSERT(x); + if (ctx->cert->x509 == x) + return 1; + + X509_free(ctx->cert->x509); + ctx->cert->x509 = x; return 1; @@ -141,9 +159,14 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) */ int SSL_use_certificate(SSL *ssl, X509 *x) { - SSL_ASSERT(ctx); + SSL_ASSERT(ssl); SSL_ASSERT(x); + if (ssl->cert->x509 == x) + return 1; + + X509_free(ssl->cert->x509); + ssl->cert->x509 = x; return 1; @@ -166,20 +189,20 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) { int ret; - X509 *cert; + X509 *x; - cert = d2i_X509(&ctx->cert->x509, d, len); - if (!cert) + x = d2i_X509(NULL, d, len); + if (!x) SSL_RET(failed1, "d2i_X509\n"); - ret = SSL_CTX_use_certificate(ctx, cert); + ret = SSL_CTX_use_certificate(ctx, x); if (!ret) SSL_RET(failed2, "SSL_CTX_use_certificate\n"); return 1; failed2: - X509_free(cert); + X509_free(x); failed1: return 0; } @@ -193,42 +216,20 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, int ret; int reload; X509 *x; - CERT *cert; - CERT *old_cert; + int m = 0; - if (!ssl->crt_reload) { - cert = ssl_cert_new(); - if (!cert) - SSL_RET(failed1, "ssl_cert_new\n"); - - old_cert = ssl->cert ; - ssl->cert = cert; - - ssl->crt_reload = 1; - - reload = 1; - } else { - reload = 0; - } - - x = d2i_X509(&ssl->cert->x509, d, len); + x = d2i_X509(NULL, d, len); if (!x) - SSL_RET(failed2, "d2i_X509\n"); + SSL_RET(failed1, "d2i_X509\n"); ret = SSL_use_certificate(ssl, x); if (!ret) - SSL_RET(failed3, "SSL_use_certificate\n"); + SSL_RET(failed2, "SSL_use_certificate\n"); return 1; -failed3: - X509_free(x); failed2: - if (reload) { - ssl->cert = old_cert; - ssl_cert_free(cert); - ssl->crt_reload = 0; - } + X509_free(x); failed1: return 0; } diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 311c3a4b6f..9f5290cc52 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -78,14 +78,6 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; - struct x509_pm *ctx_ca = (struct x509_pm *)ssl->ctx->client_CA->x509_pm; - struct x509_pm *ctx_crt = (struct x509_pm *)ssl->ctx->cert->x509->x509_pm; - struct pkey_pm *ctx_pkey = (struct pkey_pm *)ssl->ctx->cert->pkey->pkey_pm; - - struct x509_pm *ssl_ca = (struct x509_pm *)ssl->client_CA->x509_pm; - struct x509_pm *ssl_crt = (struct x509_pm *)ssl->cert->x509->x509_pm; - struct pkey_pm *ssl_pkey = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; - ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_zalloc\n"); @@ -134,10 +126,6 @@ int ssl_pm_new(SSL *ssl) ssl->ssl_pm = ssl_pm; - ssl_ca->ex_crt = ctx_ca->x509_crt; - ssl_crt->ex_crt = ctx_crt->x509_crt; - ssl_pkey->ex_pkey = ctx_pkey->pkey; - return 0; failed3: @@ -376,7 +364,7 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) return state; } -int x509_pm_new(X509 *x) +int x509_pm_new(X509 *x, X509 *m_x) { struct x509_pm *x509_pm; @@ -386,13 +374,19 @@ int x509_pm_new(X509 *x) x->x509_pm = x509_pm; + if (m_x) { + struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm; + + x509_pm->ex_crt = m_x509_pm->x509_crt; + } + return 0; failed1: return -1; } -void x509_pm_unload(X509 *x) +void x509_pm_free(X509 *x) { struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; @@ -402,11 +396,6 @@ void x509_pm_unload(X509 *x) ssl_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; } -} - -void x509_pm_free(X509 *x) -{ - x509_pm_unload(x); ssl_free(x->x509_pm); x->x509_pm = NULL; @@ -450,7 +439,7 @@ failed1: return -1; } -int pkey_pm_new(EVP_PKEY *pkey) +int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) { struct pkey_pm *pkey_pm; @@ -458,14 +447,20 @@ int pkey_pm_new(EVP_PKEY *pkey) if (!pkey_pm) return -1; - pkey->pkey_pm = pkey_pm; + pk->pkey_pm = pkey_pm; + + if (m_pkey) { + struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm; + + pkey_pm->ex_pkey = m_pkey_pm->pkey; + } return 0; } -void pkey_pm_unload(EVP_PKEY *pkey) +void pkey_pm_free(EVP_PKEY *pk) { - struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; if (pkey_pm->pkey) { mbedtls_pk_free(pkey_pm->pkey); @@ -473,21 +468,16 @@ void pkey_pm_unload(EVP_PKEY *pkey) ssl_free(pkey_pm->pkey); pkey_pm->pkey = NULL; } + + ssl_free(pk->pkey_pm); + pk->pkey_pm = NULL; } -void pkey_pm_free(EVP_PKEY *pkey) -{ - pkey_pm_unload(pkey); - - ssl_free(pkey->pkey_pm); - pkey->pkey_pm = NULL; -} - -int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) +int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) { int ret; unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; if (!pkey_pm->pkey) { pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); From 3882937427e7cd3fe60ee78ff7b5d583cfb84fec Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 27 Sep 2016 10:06:24 +0800 Subject: [PATCH 30/52] components/openssl: add debug message and change verifying mode --- components/openssl/include/internal/ssl_dbg.h | 6 ++-- .../openssl/include/internal/ssl_methods.h | 2 ++ .../openssl/include/internal/ssl_x509.h | 24 ++++++++++++++++ components/openssl/library/ssl_lib.c | 6 ++-- components/openssl/library/ssl_methods.c | 1 - components/openssl/library/ssl_pkey.c | 2 -- components/openssl/library/ssl_stack.c | 8 +++--- components/openssl/library/ssl_x509.c | 3 -- components/openssl/platform/ssl_pm.c | 28 ++++++++++--------- 9 files changed, 51 insertions(+), 29 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 27a4bc4db5..d6ae47499e 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -19,10 +19,10 @@ extern "C" { #endif -#define SSL_DEBUG_ENBALE 0 +#define SSL_DEBUG_ENBALE 1 #define SSL_DEBUG_LEVEL 0 -#define SSL_ASSERT_ENABLE 0 -#define SSL_DEBUG_LOCATION_ENABLE 0 +#define SSL_ASSERT_ENABLE 1 +#define SSL_DEBUG_LOCATION_ENABLE 1 #if SSL_DEBUG_ENBALE extern int ets_printf(const char *fmt, ...); diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 9fd9ce9068..7a63b9e949 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -15,6 +15,8 @@ #ifndef _SSL_METHODS_H_ #define _SSL_METHODS_H_ +#include "ssl_types.h" + #ifdef __cplusplus extern "C" { #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 2c72980b07..b5fea34f1a 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -63,6 +63,30 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); */ void X509_free(X509 *x); +/** + * @brief set SSL context client CA certification + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return result + * 0 : failed + * 1 : OK + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +/** + * @brief add CA client certification into the SSL + * + * @param ssl - SSL point + * @param x - X509 certification point + * + * @return result + * 0 : failed + * 1 : OK + */ +int SSL_add_client_CA(SSL *ssl, X509 *x); + #ifdef __cplusplus } #endif diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index b82d54cd26..267d23f25f 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -126,11 +126,11 @@ SSL_SESSION* SSL_SESSION_new(void) session = ssl_zalloc(sizeof(SSL_SESSION)); if (!session) - SSL_RET(failed1); + SSL_RET(failed1, "ssl_zalloc\n"); session->peer = X509_new(); if (!session->peer) - SSL_RET(failed2); + SSL_RET(failed2, "X509_new\n"); return session; @@ -1500,7 +1500,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509 */ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) { - SSL_ASSERT(ctx); + SSL_ASSERT(ssl); ssl->verify_mode = mode; ssl->verify_callback = verify_callback; diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index e363b5e46d..8159511c49 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "ssl_lib.h" #include "ssl_methods.h" #include "ssl_pm.h" diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 573b1f2e8f..20debfbcfc 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -12,9 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "ssl_lib.h" #include "ssl_pkey.h" -#include "ssl_cert.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" diff --git a/components/openssl/library/ssl_stack.c b/components/openssl/library/ssl_stack.c index 46e6f7efd8..4ea40e7259 100644 --- a/components/openssl/library/ssl_stack.c +++ b/components/openssl/library/ssl_stack.c @@ -30,13 +30,13 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) OPENSSL_STACK *stack; char **data; - stack = ssl_malloc(sizeof(OPENSSL_STACK)); + stack = ssl_zalloc(sizeof(OPENSSL_STACK)); if (!stack) - SSL_RET(failed1); + SSL_RET(failed1, "ssl_zalloc\n"); - data = ssl_malloc(sizeof(*data) * MIN_NODES); + data = ssl_zalloc(sizeof(*data) * MIN_NODES); if (!data) - SSL_RET(failed2); + SSL_RET(failed2, "ssl_zalloc\n"); stack->data = data; stack->num_alloc = MIN_NODES; diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index b57cc0dfb9..d060419e6a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -13,7 +13,6 @@ // limitations under the License. #include "ssl_x509.h" -#include "ssl_cert.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" @@ -214,9 +213,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d) { int ret; - int reload; X509 *x; - int m = 0; x = d2i_X509(NULL, d, len); if (!x) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 9f5290cc52..151adbaf81 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -112,7 +112,7 @@ int ssl_pm_new(SSL *ssl) else version = MBEDTLS_SSL_MINOR_VERSION_0; - mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + //mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); @@ -169,7 +169,7 @@ static int ssl_pm_reload_crt(SSL *ssl) if (ssl->verify_mode == SSL_VERIFY_PEER) mode = MBEDTLS_SSL_VERIFY_REQUIRED; else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - mode = MBEDTLS_SSL_VERIFY_NONE; + mode = MBEDTLS_SSL_VERIFY_OPTIONAL; else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE) mode = MBEDTLS_SSL_VERIFY_UNSET; else @@ -370,7 +370,7 @@ int x509_pm_new(X509 *x, X509 *m_x) x509_pm = ssl_zalloc(sizeof(struct x509_pm)); if (!x509_pm) - SSL_RET(failed1); + SSL_RET(failed1, "ssl_zalloc\n"); x->x509_pm = x509_pm; @@ -408,27 +408,28 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt)); + x509_pm->x509_crt = ssl_zalloc(sizeof(mbedtls_x509_crt)); if (!x509_pm->x509_crt) - SSL_RET(failed1); + SSL_RET(failed1, "ssl_zalloc\n"); } load_buf = ssl_malloc(len + 1); if (!load_buf) - SSL_RET(failed2); + SSL_RET(failed2, "ssl_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; + mbedtls_x509_crt_init(x509_pm->x509_crt); + if (x509_pm->x509_crt) mbedtls_x509_crt_free(x509_pm->x509_crt); - mbedtls_x509_crt_init(x509_pm->x509_crt); ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len); ssl_free(load_buf); if (ret) - SSL_RET(failed2); + SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret); return 0; @@ -480,27 +481,28 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); + pkey_pm->pkey = ssl_zalloc(sizeof(mbedtls_pk_context)); if (!pkey_pm->pkey) - SSL_RET(failed1); + SSL_RET(failed1, "ssl_zalloc\n"); } load_buf = ssl_malloc(len + 1); if (!load_buf) - SSL_RET(failed2); + SSL_RET(failed2, "ssl_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; + mbedtls_pk_init(pkey_pm->pkey); + if (pkey_pm->pkey) mbedtls_pk_free(pkey_pm->pkey); - mbedtls_pk_init(pkey_pm->pkey); ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len, NULL, 0); ssl_free(load_buf); if (ret) - SSL_RET(failed2); + SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret); return 0; From 652ddae44f7fe78ab45f7efc524204f2e6ad5ee8 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 27 Sep 2016 14:28:39 +0800 Subject: [PATCH 31/52] components/openssl: change low-level certification loading sequence --- components/openssl/platform/ssl_pm.c | 34 ++++++++++++++++++---------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 151adbaf81..9df8b6481e 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -25,6 +25,12 @@ #include "mbedtls/error.h" #include "mbedtls/certs.h" +#if 0 + #define DEBUG_LOAD_BUF_STRING(str) SSL_DEBUG(1, "%s\n", str) +#else + #define DEBUG_LOAD_BUF_STRING(str) +#endif + struct ssl_pm { /* local socket file description */ @@ -407,10 +413,13 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) unsigned char *load_buf; struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; + if (x509_pm->x509_crt) + mbedtls_x509_crt_free(x509_pm->x509_crt); + if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_zalloc(sizeof(mbedtls_x509_crt)); + x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt)); if (!x509_pm->x509_crt) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_malloc\n"); } load_buf = ssl_malloc(len + 1); @@ -420,12 +429,11 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; - mbedtls_x509_crt_init(x509_pm->x509_crt); + DEBUG_LOAD_BUF_STRING(load_buf); - if (x509_pm->x509_crt) - mbedtls_x509_crt_free(x509_pm->x509_crt); + mbedtls_x509_crt_init(x509_pm->x509_crt); - ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len); + ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); ssl_free(load_buf); if (ret) @@ -480,10 +488,13 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) unsigned char *load_buf; struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; + if (pkey_pm->pkey) + mbedtls_pk_free(pkey_pm->pkey); + if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_zalloc(sizeof(mbedtls_pk_context)); + pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); if (!pkey_pm->pkey) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_malloc\n"); } load_buf = ssl_malloc(len + 1); @@ -493,12 +504,11 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; + DEBUG_LOAD_BUF_STRING(load_buf); + mbedtls_pk_init(pkey_pm->pkey); - if (pkey_pm->pkey) - mbedtls_pk_free(pkey_pm->pkey); - - ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len, NULL, 0); + ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0); ssl_free(load_buf); if (ret) From 877adaab7a0365ab2a85f9df8073332a38fd9232 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 27 Sep 2016 18:50:57 +0800 Subject: [PATCH 32/52] components/openssl: add some function description --- .../openssl/include/internal/ssl_pkey.h | 15 +++++++++++++ .../openssl/include/internal/ssl_x509.h | 14 +++++++++++++ components/openssl/include/openssl/ssl.h | 21 +++++++++++++++++++ 3 files changed, 50 insertions(+) diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index f4da041681..e790fcc995 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -64,6 +64,21 @@ EVP_PKEY* d2i_PrivateKey(int type, */ void EVP_PKEY_free(EVP_PKEY *x); +/** + * @brief load private key into the SSL + * + * @param type - private key type + * @param ssl - SSL point + * @param len - data bytes + * @param d - data point + * + * @return result + * 0 : failed + * 1 : OK + */ + int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len); + + #ifdef __cplusplus } #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index b5fea34f1a..840fbf1ec1 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -87,6 +87,20 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); */ int SSL_add_client_CA(SSL *ssl, X509 *x); +/** + * @brief load certification into the SSL + * + * @param ssl - SSL point + * @param len - data bytes + * @param d - data point + * + * @return result + * 0 : failed + * 1 : OK + * + */ +int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); + #ifdef __cplusplus } #endif diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 3e8e88e67c..1d115214fd 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -21,6 +21,7 @@ #include "platform/ssl_port.h" #include "internal/ssl_x509.h" +#include "internal/ssl_pkey.h" /* { @@ -426,6 +427,26 @@ const char *SSL_get_version(const SSL *ssl); */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); +/** + * @brief get the bytes numbers which are to be read + * + * @param ssl - SSL point + * + * @return bytes number + */ +int SSL_pending(const SSL *ssl); + +/** + * @brief check if SSL want nothing + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_nothing(const SSL *ssl); + /** * @brief get the SSL context current method * From 6941b5871a73086786191a9d73a21d8c64dbec82 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 27 Sep 2016 18:52:31 +0800 Subject: [PATCH 33/52] components/openssl: add OpenSSL APIs description --- components/openssl/OpenSSL_APIs.rst | 688 ++++++++++++++++++++++++++++ 1 file changed, 688 insertions(+) create mode 100644 components/openssl/OpenSSL_APIs.rst diff --git a/components/openssl/OpenSSL_APIs.rst b/components/openssl/OpenSSL_APIs.rst new file mode 100644 index 0000000000..e130d8398b --- /dev/null +++ b/components/openssl/OpenSSL_APIs.rst @@ -0,0 +1,688 @@ +OpenSSL APIs +====================== + +/** + * @brief create the target SSL context client method + * + * @param none + * + * @return the SSLV2.3 version SSL context client method + */ +const SSL_METHOD* SSLv23_client_method(void); + + +/** + * @brief create the target SSL context client method + * + * @param none + * + * @return the TLSV1.0 version SSL context client method + */ +const SSL_METHOD* TLSv1_client_method(void); + + +/** + * @brief create the target SSL context client method + * + * @param none + * + * @return the SSLV1.0 version SSL context client method + */ +const SSL_METHOD* SSLv3_client_method(void); + + +/** + * @brief create the target SSL context client method + * + * @param none + * + * @return the TLSV1.1 version SSL context client method + */ +const SSL_METHOD* TLSv1_1_client_method(void); + + +/** + * @brief create the target SSL context client method + * + * @param none + * + * @return the TLSV1.2 version SSL context client method + */ +const SSL_METHOD* TLSv1_2_client_method(void); + + +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the SSLV2.3 version SSL context server method + */ +const SSL_METHOD* SSLv23_server_method(void); + +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the TLSV1.1 version SSL context server method + */ +const SSL_METHOD* TLSv1_1_server_method(void); + +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the TLSV1.2 version SSL context server method + */ +const SSL_METHOD* TLSv1_2_server_method(void); + +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the TLSV1.0 version SSL context server method + */ +const SSL_METHOD* TLSv1_server_method(void); + +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the SSLV3.0 version SSL context server method + */ +const SSL_METHOD* SSLv3_server_method(void); + +/** + * @brief create a SSL context + * + * @param method - the SSL context method point + * + * @return the context point + */ +SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); + +/** + * @brief free a SSL context + * + * @param method - the SSL context point + * + * @return none + */ +void SSL_CTX_free(SSL_CTX *ctx); + +/** + * @brief set the SSL context version + * + * @param ctx - SSL context point + * @param meth - SSL method point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +/** + * @brief get the SSL context current method + * + * @param ctx - SSL context point + * + * @return the SSL context current method + */ +const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); + +/** + * @brief create a SSL + * + * @param ctx - the SSL context point + * + * @return the SSL point + */ +SSL* SSL_new(SSL_CTX *ctx); + +/** + * @brief free the SSL + * + * @param ssl - the SSL point + * + * @return none + */ +void SSL_free(SSL *ssl); + +/** + * @brief perform the SSL handshake + * + * @param ssl - SSL point + * + * @return result + * 1 : OK + * 0 : failed + * -1 : a error catch + */ +int SSL_do_handshake(SSL *ssl); + +/** + * @brief connect to the remote SSL server + * + * @param ssl - the SSL point + * + * @return result + * 1 : OK + * -1 : failed + */ +int SSL_connect(SSL *ssl); + +/** + * @brief accept the remote connection + * + * @param ssl - the SSL point + * + * @return result + * 1 : OK + * -1 : failed + */ +int SSL_accept(SSL *ssl); + +/** + * @brief shutdown the connection + * + * @param ssl - the SSL point + * + * @return result + * 1 : OK + * 0 : shutdown is not finished + * -1 : an error catch + */ +int SSL_shutdown(SSL *ssl); + +/** + * @brief reset the SSL + * + * @param ssl - SSL point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_clear(SSL *ssl); + +/** + * @brief read data from to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the received data buffer point + * @param len - the received data length + * + * @return result + * > 0 : OK, and return received data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_read(SSL *ssl, void *buffer, int len); + +/** + * @brief send the data to remote + * + * @param ssl - the SSL point which has been connected + * @param buffer - the send data buffer point + * @param len - the send data length + * + * @return result + * > 0 : OK, and return sent data bytes + * = 0 : connection is closed + * < 0 : an error catch + */ +int SSL_write(SSL *ssl, const void *buffer, int len); + +/** + * @brief get SSL context of the SSL + * + * @param ssl - SSL point + * + * @return SSL context + */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); + +/** + * @brief get SSL shutdown mode + * + * @param ssl - SSL point + * + * @return shutdown mode + */ +int SSL_get_shutdown(const SSL *ssl); + +/** + * @brief set SSL shutdown mode + * + * @param ssl - SSL point + * @param mode - shutdown mode + * + * @return none + */ +void SSL_set_shutdown(SSL *ssl, int mode); + +/** + * @brief get the SSL current method + * + * @param ssl - SSL point + * + * @return the SSL current method + */ +const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + +/** + * @brief set the SSL method + * + * @param ssl - SSL point + * @param meth - SSL method point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); + +/** + * @brief get the bytes numbers which are to be read + * + * @param ssl - SSL point + * + * @return bytes number + */ +int SSL_pending(const SSL *ssl); + +/** + * @brief check if some data can be read + * + * @param ssl - SSL point + * + * @return + * 1 : there are bytes to be read + * 0 : no data + */ +int SSL_has_pending(const SSL *ssl); + +/** + * @brief get the socket handle of the SSL + * + * @param ssl - SSL point + * + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_fd(const SSL *ssl); + +/** + * @brief get the read only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_rfd(const SSL *ssl); + +/** + * @brief get the write only socket handle of the SSL + * + * @param ssl - SSL point + * + * @return result + * >= 0 : yes, and return socket handle + * < 0 : a error catch + */ +int SSL_get_wfd(const SSL *ssl); + +/** + * @brief bind the socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_set_fd(SSL *ssl, int fd); + +/** + * @brief bind the read only socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_set_rfd(SSL *ssl, int fd); + +/** + * @brief bind the write only socket file description into the SSL + * + * @param ssl - the SSL point + * @param fd - socket handle + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_set_wfd(SSL *ssl, int fd); + +/** + * @brief get SSL version + * + * @param ssl - SSL point + * + * @return SSL version + */ +int SSL_version(const SSL *ssl); + +/** + * @brief get the SSL current version + * + * @param ssl - SSL point + * + * @return the version string + */ +const char *SSL_get_version(const SSL *ssl); + +/** + * @brief get the SSL state + * + * @param ssl - SSL point + * + * @return SSL state + */ +OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +/** + * @brief get alert description string + * + * @param value - alert value + * + * @return alert description string + */ +const char *SSL_alert_desc_string(int value); + +/** + * @brief get alert description long string + * + * @param value - alert value + * + * @return alert description long string + */ +const char *SSL_alert_desc_string_long(int value); + +/** + * @brief get alert type string + * + * @param value - alert value + * + * @return alert type string + */ +const char *SSL_alert_type_string(int value); + +/** + * @brief get alert type long string + * + * @param value - alert value + * + * @return alert type long string + */ +const char *SSL_alert_type_string_long(int value); + +/** + * @brief get the state string where SSL is reading + * + * @param ssl - SSL point + * + * @return state string + */ +const char *SSL_rstate_string(SSL *ssl); + +/** + * @brief get the statement long string where SSL is reading + * + * @param ssl - SSL point + * + * @return statement long string + */ +const char *SSL_rstate_string_long(SSL *ssl); + +/** + * @brief get SSL statement string + * + * @param ssl - SSL point + * + * @return SSL statement string + */ +char *SSL_state_string(const SSL *ssl); + +/** + * @brief get SSL statement long string + * + * @param ssl - SSL point + * + * @return SSL statement long string + */ +char *SSL_state_string_long(const SSL *ssl); + +/** + * @brief get SSL error code + * + * @param ssl - SSL point + * @param ret_code - SSL return code + * + * @return SSL error number + */ +int SSL_get_error(const SSL *ssl, int ret_code); + +/** + * @brief load a character certification context into system context. If '*cert' is pointed to the + * certification, then load certification into it. Or create a new X509 certification object + * + * @param cert - a point pointed to X509 certification + * @param buffer - a point pointed to the certification context memory point + * @param length - certification bytes + * + * @return X509 certification object point + */ +X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); + +/** + * @brief add CA client certification into the SSL + * + * @param ssl - SSL point + * @param x - CA certification point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_add_client_CA(SSL *ssl, X509 *x); + +/** + * @brief add CA client certification into the SSL context + * + * @param ctx - SSL context point + * @param x - CA certification point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +/** + * @brief get the SSL certification point + * + * @param ssl - SSL point + * + * @return SSL certification point + */ +X509 *SSL_get_certificate(const SSL *ssl); + +/** + * @brief get the verifying result of the SSL certification + * + * @param ssl - the SSL point + * + * @return the result of verifying + */ +long SSL_get_verify_result(const SSL *ssl); + +/** + * @brief These functions load the certification into the SSL_CTX or SSL object + * + * @param ctx - the SSL context point + * @param pkey - certification object point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); + +/** + * @brief load the ASN1 certification into SSL context + * + * @param ctx - SSL context point + * @param len - certification length + * @param d - data point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + +/** + * @brief These functions load the private key into the SSL_CTX or SSL object + * + * @param ctx - the SSL context point + * @param pkey - private key object point + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); + +/** + * @brief load the ASN1 private key into SSL context + * + * @param ctx - SSL context point + * @param d - data point + * @param len - private key length + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); + +/** + * @brief load the RSA ASN1 private key into SSL context + * + * @param ctx - SSL context point + * @param d - data point + * @param len - RSA private key length + * + * @return result + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); + +/** + * @brief load certification into the SSL + * + * @param ssl - SSL point + * @param len - data bytes + * @param d - data point + * + * @return result + * 0 : failed + * 1 : OK + * + */ +int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); + +/** + * @brief get peer certification + * + * @param ssl - SSL point + * + * @return certification + */ +X509 *SSL_get_peer_certificate(const SSL *ssl); + +/** + * @brief set the SSL context read buffer length + * + * @param ctx - SSL context point + * @param len - read buffer length + * + * @return none + */ +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); + +/** + * @brief set the SSL read buffer length + * + * @param ssl - SSL point + * @param len - read buffer length + * + * @return none + */ +void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); + +/** + * @brief get the SSL specifical statement + * + * @param ssl - SSL point + * + * @return specifical statement + */ +int SSL_want(const SSL *ssl); + +/** + * @brief check if SSL want nothing + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_nothing(const SSL *ssl); + +/** + * @brief check if SSL want to read + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_read(const SSL *ssl); + +/** + * @brief check if SSL want to write + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_write(const SSL *ssl); From 9e20d31f898ef561c908d3db14887a8e68dd9bb4 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 27 Sep 2016 19:06:07 +0800 Subject: [PATCH 34/52] components/openssl: fix extra certification loading --- components/openssl/platform/ssl_pm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 9df8b6481e..4bc631382f 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -186,7 +186,7 @@ static int ssl_pm_reload_crt(SSL *ssl) if (ca_pm->x509_crt) { mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); } else if (ca_pm->ex_crt) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL); } if (crt_pm->x509_crt && pkey_pm->pkey) { From 9c4e43a3a5becc441642edbbbf06b90a06bfa5eb Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 28 Sep 2016 16:46:27 +0800 Subject: [PATCH 35/52] components/openssl: optimize the OpenSSL APIs brief document 1. change document name 2. change function introduction template --- components/openssl/OpenSSL-APIs.rst | 1478 +++++++++++++++++++++++++++ components/openssl/OpenSSL_APIs.rst | 688 ------------- 2 files changed, 1478 insertions(+), 688 deletions(-) create mode 100644 components/openssl/OpenSSL-APIs.rst delete mode 100644 components/openssl/OpenSSL_APIs.rst diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst new file mode 100644 index 0000000000..ff91d2ebb7 --- /dev/null +++ b/components/openssl/OpenSSL-APIs.rst @@ -0,0 +1,1478 @@ +OpenSSL-APIs +====================== + +Chapter 1. SSL Context Method Create +Chapter 2. SSL Context Fucntion +Chapter 3. SSL Fucntion +Chapter 4. SSL X509 Certification and Private Key Function + +====================== +Chapter 1. SSL Context Method Create + +1.1 const SSL_METHOD* SSLv23_client_method(void); + + Arguments : none + + Return : SSLV2 and 3 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv23_client_method(); + + ... + } + + +1.2 const SSL_METHOD* TLSv1_client_method(void); + + Arguments : none + + Return : TLSV1.0 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_client_method(); + + ... + } + + +1.3 const SSL_METHOD* SSLv3_client_method(void); + + Arguments : none + + Return : SSLV3.0 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv3_client_method(); + + ... + } + + +1.4 const SSL_METHOD* TLSv1_1_client_method(void); + + Arguments : none + + Return : TLSV1.1 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_1_client_method(); + + ... + } + + +1.5 const SSL_METHOD* TLSv1_2_client_method(void); + + Arguments : none + + Return : TLSV1.2 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_2_client_method(); + + ... + } + + +1.6 const SSL_METHOD* SSLv23_server_method(void); + + Arguments : none + + Return : SSLV2 and 3 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv23_server_method(); + + ... + } + + +1.7 const SSL_METHOD* TLSv1_1_server_method(void); + + Arguments : none + + Return : TLSV1.1 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_1_server_method(); + + ... + } + + +1.8 const SSL_METHOD* TLSv1_2_server_method(void); + + Arguments : none + + Return : TLSV1.2 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_2_server_method(); + + ... + } + + +1.9 const SSL_METHOD* TLSv1_server_method(void); + + Arguments : none + + Return : TLSV1.0 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_server_method(); + + ... + } + + +1.10 const SSL_METHOD* SSLv3_server_method(void); + + Arguments : none + + Return : SSLV3.0 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv3_server_method(); + + ... + } + + +====================== +Chapter 2. SSL Context Fucntion + +2.1 SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); + + Arguments : method - the SSL context method point + + Return : context point + + Description : create a SSL context + + Example : + + void example(void) + { + SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method()); + + ... + } + + +2.2 void SSL_CTX_free(SSL_CTX *ctx); + + Arguments : ctx - the SSL context point + + Return : none + + Description : free a SSL context + + Example : + + void example(void) + { + SSL_CTX *ctx; + + ... ... + + SSL_CTX_free(ctx); + } + + +2.3 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + + Arguments : ctx - SSL context point + meth - SSL method point + + Return : result + 1 : OK + 0 : failed + + Description : set the SSL context version + + Example : + + void example(void) + { + SSL_CTX *ctx; + const SSL_METHOD *meth; + + ... ... + + SSL_CTX_set_ssl_version(ctx, meth); + } + + +2.4 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); + + Arguments : ctx - SSL context point + + Return : SSL context method + + Description : get the SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method; + SSL_CTX *ctx; + + ... ... + + method = SSL_CTX_get_ssl_method(ctx); + } + + +====================== +Chapter 3. SSL Fucntion + +3.1 SSL* SSL_new(SSL_CTX *ctx); + + Arguments : ctx - SSL context point + + Return : SSL method + + Description : create a SSL + + Example : + + void example(void) + { + SSL *ssl; + SSL_CTX *ctx; + + ... ... + + ssl = SSL_new(ctx); + } + + +3.2 void SSL_free(SSL *ssl); + + Arguments : ssl - SSL point + + Return : none + + Description : free SSL + + Example : + + void example(void) + { + SSL *ssl; + + ... ... + + SSL_free(ssl); + } + + +3.3 int SSL_do_handshake(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : perform the SSL handshake + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_do_handshake(ssl); + } + + +3.4 int SSL_connect(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : connect to the remote SSL server + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_connect(ssl); + } + + +3.5 int SSL_accept(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : accept the remote connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_accept(ssl); + } + + +3.6 int SSL_shutdown(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : shutdown the connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_shutdown(ssl); + } + + +3.7 int SSL_clear(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed + + Description : shutdown the connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_clear(ssl); + } + + +3.8 int SSL_read(SSL *ssl, void *buffer, int len); + + Arguments : ssl - point + buffer - data buffer point + len - data length + + Return : result + > 0 : OK, and return received data bytes + = 0 : no data received or connection is closed + < 0 : an error catch + + Description : read data from remote + + Example : + + void example(void) + { + SSL *ssl; + char *buf; + int len; + int ret; + + ... ... + + ret = SSL_read(ssl, buf, len); + } + +3.9 int SSL_write(SSL *ssl, const void *buffer, int len); + + Arguments : ssl - SSL point + buffer - data buffer point + len - data length + + Return : result + > 0 : OK, and return received data bytes + = 0 : no data sent or connection is closed + < 0 : an error catch + + Description : send the data to remote + + Example : + + void example(void) + { + SSL *ssl; + char *buf; + int len; + int ret; + + ... ... + + ret = SSL_write(ssl, buf, len); + } + + +3.10 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL context + + Description : get SSL context of the SSL + + Example : + + void example(void) + { + SSL *ssl; + SSL_CTX *ctx; + + ... ... + + ctx = SSL_get_SSL_CTX(ssl); + } + + +3.11 int SSL_get_shutdown(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : shutdown mode + + Description : get SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + int mode; + + ... ... + + mode = SSL_get_SSL_CTX(ssl); + } + + +3.12 void SSL_set_shutdown(SSL *ssl, int mode); + + Arguments : ssl - SSL point + + Return : shutdown mode + + Description : set SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + int mode = 0; + + ... ... + + SSL_set_shutdown(ssl, mode); + } + + +3.13 const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL method + + Description : set SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + const SSL_METHOD *method; + + ... ... + + method = SSL_get_ssl_method(ssl); + } + + +3.14 int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); + + Arguments : ssl - SSL point + meth - SSL method point + + Return : result + 1 : OK + 0 : failed + + Description : set the SSL method + + Example : + + void example(void) + { + int ret; + SSL *ssl; + const SSL_METHOD *method; + + ... ... + + ret = SSL_set_ssl_method(ssl, method); + } + + +3.15 int SSL_pending(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : data bytes + + Description : get received data bytes + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_pending(ssl); + } + + +3.16 int SSL_has_pending(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : Yes + 0 : No + + Description : check if data is received + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_has_pending(ssl); + } + + +3.17 int SSL_get_fd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_fd(ssl); + } + + +3.18 int SSL_get_rfd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the read only socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_rfd(ssl); + } + + +3.19 int SSL_get_wfd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the write only socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_wfd(ssl); + } + + +3.20 int SSL_set_fd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_fd(ssl, socket); + } + + +3.21 int SSL_set_rfd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set read only socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_rfd(ssl, socket); + } + + +3.22 int SSL_set_wfd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set write only socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_wfd(ssl, socket); + } + + +3.23 int SSL_version(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL version + + Description : get SSL version + + Example : + + void example(void) + { + int version; + SSL *ssl; + + ... ... + + version = SSL_version(ssl); + } + + +3.24 const char *SSL_get_version(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL version string + + Description : get the SSL current version string + + Example : + + void example(void) + { + char *version; + SSL *ssl; + + ... ... + + version = SSL_get_version(ssl); + } + + +3.25 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL state + + Description : get the SSL state + + Example : + + void example(void) + { + OSSL_HANDSHAKE_STATE state; + SSL *ssl; + + ... ... + + state = SSL_get_state(ssl); + } + + +3.26 const char *SSL_alert_desc_string(int value); + + Arguments : value - SSL description + + Return : alert value string + + Description : get alert description string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_desc_string(val); + } + + +3.27 const char *SSL_alert_desc_string_long(int value); + + Arguments : value - SSL description + + Return : alert value long string + + Description : get alert description long string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_desc_string_long(val); + } + + +3.28 const char *SSL_alert_type_string(int value); + + Arguments : value - SSL type description + + Return : alert type string + + Description : get alert type string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_type_string(val); + } + + +3.29 const char *SSL_alert_type_string_long(int value); + + Arguments : value - SSL type description + + Return : alert type long string + + Description : get alert type long string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_type_string_long(val); + } + +3.30 const char *SSL_rstate_string(SSL *ssl); + + Arguments : ssl - SSL point + + Return : state string + + Description : get the state string where SSL is reading + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_rstate_string(ssl); + } + + +3.31 const char *SSL_rstate_string_long(SSL *ssl); + + Arguments : ssl - SSL point + + Return : state long string + + Description : get the state long string where SSL is reading + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_rstate_string_long(ssl); + } + + +3.32 char *SSL_state_string(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : state string + + Description : get the state string + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_state_string(ssl); + } + + +3.33 char *SSL_state_string_long(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : state long string + + Description : get the state long string + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_state_string(ssl); + } + + +3.34 int SSL_get_error(const SSL *ssl, int ret_code); + + Arguments : ssl - SSL point + ret_code - SSL return code + + Return : SSL error number + + Description : get SSL error code + + Example : + + void example(void) + { + SSL *ssl; + int ret; + int err; + + ... ... + + err = SSL_get_error(ssl, ret); + } + +3.35 void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); + + Arguments : ctx - SSL context point + len - read buffer length + + Return : none + + Description : set the SSL context read buffer length + + Example : + + void example(void) + { + SSL_CTX *ctx; + size_t len; + + ... ... + + SSL_CTX_set_default_read_buffer_len(ctx, len); + } + + +3.36 void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); + + Arguments : ssl - SSL point + len - read buffer length + + Return : none + + Description : set the SSL read buffer length + + Example : + + void example(void) + { + SSL *ssl; + size_t len; + + ... ... + + SSL_set_default_read_buffer_len(ctx, len); + } + + +3.37 int SSL_want(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : specifical statement + + Description : get the SSL specifical statement + + Example : + + void example(void) + { + SSL *ssl; + int state; + + ... ... + + state = SSL_want(ssl); + } + + +3.38 int SSL_want_nothing(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want nothing + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want(ssl); + } + + +3.39 int SSL_want_read(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want to read + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want_read(ssl); + } + + +3.40 int SSL_want_write(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want to write + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want_write(ssl); + } + +====================== +Chapter 4. SSL X509 Certification and Private Key Function + +4.1 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); + + Arguments : cert - a point pointed to X509 certification + buffer - a point pointed to the certification context memory point + length - certification bytes + + Return : X509 certification object point + + Description : load a character certification context into system context. If '*cert' is pointed to the + certification, then load certification into it. Or create a new X509 certification object + + Example : + + void example(void) + { + X509 *new; + X509 *cert; + unsigned char *buffer; + long len; + ... ... + + new = d2i_X509(&cert, buffer, len); + } + + +4.2 int SSL_add_client_CA(SSL *ssl, X509 *x); + + Arguments : ssl - SSL point + x - CA certification point + + Return : result + 1 : OK + 0 : failed + + Description : add CA client certification into the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + X509 *new; + + ... ... + + ret = SSL_add_client_CA(ssl, new); + } + + +4.3 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + + Arguments : ctx - SSL context point + x - CA certification point + + Return : result + 1 : OK + 0 : failed + + Description : add CA client certification into the SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + X509 *new; + + ... ... + + ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new); + } + + +4.4 X509 *SSL_get_certificate(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL certification point + + Description : get the SSL certification point + + Example : + + void example(void) + { + SSL *ssl; + X509 *cert; + + ... ... + + cert = SSL_get_certificate(ssl); + } + + +4.5 long SSL_get_verify_result(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : the result of verifying + + Description : get the verifying result of the SSL certification + + Example : + + void example(void) + { + SSL *ssl; + long ret; + + ... ... + + ret = SSL_get_verify_result(ssl); + } + + +4.6 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); + + Arguments : ctx - the SSL context point + pkey - certification object point + + Return : result + 1 : OK + 0 : failed + + Description : load the certification into the SSL_CTX or SSL object + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx + X509 *new; + + ... ... + + ret = SSL_CTX_use_certificate(ctx, new); + } + + +4.7 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + + Arguments : ctx - SSL context point + len - certification length + d - data point + + Return : result + 1 : OK + 0 : failed + + Description : load the ASN1 certification into SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + const unsigned char *buf; + int len; + + ... ... + + ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf); + } + + +4.8 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); + + Arguments : ctx - SSL context point + pkey - private key object point + + Return : result + 1 : OK + 0 : failed + + Description : load the private key into the context object + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + EVP_PKEY *pkey; + + ... ... + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + } + + +4.9 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); + + Arguments : ctx - SSL context point + d - data point + len - private key length + + Return : result + 1 : OK + 0 : failed + + Description : load the ASN1 private key into SSL context + + Example : + + void example(void) + { + int ret; + int pk; + SSL_CTX *ctx; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len); + } + + +4.10 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); + + Arguments : ctx - SSL context point + d - data point + len - private key length + + Return : result + 1 : OK + 0 : failed + + Description : load the RSA ASN1 private key into SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len); + } + + +4.11 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); + + Arguments : ssl - SSL point + len - data bytes + d - data point + + Return : result + 1 : OK + 0 : failed + + Description : load certification into the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_use_certificate_ASN1(ssl, len, buf); + } + + +4.12 X509 *SSL_get_peer_certificate(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : peer certification + + Description : get peer certification + + Example : + + void example(void) + { + SSL *ssl; + X509 *peer; + + ... ... + + peer = SSL_get_peer_certificate(ssl); + } + +====================== +END \ No newline at end of file diff --git a/components/openssl/OpenSSL_APIs.rst b/components/openssl/OpenSSL_APIs.rst deleted file mode 100644 index e130d8398b..0000000000 --- a/components/openssl/OpenSSL_APIs.rst +++ /dev/null @@ -1,688 +0,0 @@ -OpenSSL APIs -====================== - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV2.3 version SSL context client method - */ -const SSL_METHOD* SSLv23_client_method(void); - - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.0 version SSL context client method - */ -const SSL_METHOD* TLSv1_client_method(void); - - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV1.0 version SSL context client method - */ -const SSL_METHOD* SSLv3_client_method(void); - - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.1 version SSL context client method - */ -const SSL_METHOD* TLSv1_1_client_method(void); - - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.2 version SSL context client method - */ -const SSL_METHOD* TLSv1_2_client_method(void); - - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV2.3 version SSL context server method - */ -const SSL_METHOD* SSLv23_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.1 version SSL context server method - */ -const SSL_METHOD* TLSv1_1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.2 version SSL context server method - */ -const SSL_METHOD* TLSv1_2_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.0 version SSL context server method - */ -const SSL_METHOD* TLSv1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV3.0 version SSL context server method - */ -const SSL_METHOD* SSLv3_server_method(void); - -/** - * @brief create a SSL context - * - * @param method - the SSL context method point - * - * @return the context point - */ -SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); - -/** - * @brief free a SSL context - * - * @param method - the SSL context point - * - * @return none - */ -void SSL_CTX_free(SSL_CTX *ctx); - -/** - * @brief set the SSL context version - * - * @param ctx - SSL context point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -/** - * @brief get the SSL context current method - * - * @param ctx - SSL context point - * - * @return the SSL context current method - */ -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); - -/** - * @brief create a SSL - * - * @param ctx - the SSL context point - * - * @return the SSL point - */ -SSL* SSL_new(SSL_CTX *ctx); - -/** - * @brief free the SSL - * - * @param ssl - the SSL point - * - * @return none - */ -void SSL_free(SSL *ssl); - -/** - * @brief perform the SSL handshake - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - * -1 : a error catch - */ -int SSL_do_handshake(SSL *ssl); - -/** - * @brief connect to the remote SSL server - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_connect(SSL *ssl); - -/** - * @brief accept the remote connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_accept(SSL *ssl); - -/** - * @brief shutdown the connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * 0 : shutdown is not finished - * -1 : an error catch - */ -int SSL_shutdown(SSL *ssl); - -/** - * @brief reset the SSL - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_clear(SSL *ssl); - -/** - * @brief read data from to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the received data buffer point - * @param len - the received data length - * - * @return result - * > 0 : OK, and return received data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_read(SSL *ssl, void *buffer, int len); - -/** - * @brief send the data to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the send data buffer point - * @param len - the send data length - * - * @return result - * > 0 : OK, and return sent data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_write(SSL *ssl, const void *buffer, int len); - -/** - * @brief get SSL context of the SSL - * - * @param ssl - SSL point - * - * @return SSL context - */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - -/** - * @brief get SSL shutdown mode - * - * @param ssl - SSL point - * - * @return shutdown mode - */ -int SSL_get_shutdown(const SSL *ssl); - -/** - * @brief set SSL shutdown mode - * - * @param ssl - SSL point - * @param mode - shutdown mode - * - * @return none - */ -void SSL_set_shutdown(SSL *ssl, int mode); - -/** - * @brief get the SSL current method - * - * @param ssl - SSL point - * - * @return the SSL current method - */ -const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); - -/** - * @brief set the SSL method - * - * @param ssl - SSL point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); - -/** - * @brief get the bytes numbers which are to be read - * - * @param ssl - SSL point - * - * @return bytes number - */ -int SSL_pending(const SSL *ssl); - -/** - * @brief check if some data can be read - * - * @param ssl - SSL point - * - * @return - * 1 : there are bytes to be read - * 0 : no data - */ -int SSL_has_pending(const SSL *ssl); - -/** - * @brief get the socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_fd(const SSL *ssl); - -/** - * @brief get the read only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_rfd(const SSL *ssl); - -/** - * @brief get the write only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_wfd(const SSL *ssl); - -/** - * @brief bind the socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_fd(SSL *ssl, int fd); - -/** - * @brief bind the read only socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_rfd(SSL *ssl, int fd); - -/** - * @brief bind the write only socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_wfd(SSL *ssl, int fd); - -/** - * @brief get SSL version - * - * @param ssl - SSL point - * - * @return SSL version - */ -int SSL_version(const SSL *ssl); - -/** - * @brief get the SSL current version - * - * @param ssl - SSL point - * - * @return the version string - */ -const char *SSL_get_version(const SSL *ssl); - -/** - * @brief get the SSL state - * - * @param ssl - SSL point - * - * @return SSL state - */ -OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); - -/** - * @brief get alert description string - * - * @param value - alert value - * - * @return alert description string - */ -const char *SSL_alert_desc_string(int value); - -/** - * @brief get alert description long string - * - * @param value - alert value - * - * @return alert description long string - */ -const char *SSL_alert_desc_string_long(int value); - -/** - * @brief get alert type string - * - * @param value - alert value - * - * @return alert type string - */ -const char *SSL_alert_type_string(int value); - -/** - * @brief get alert type long string - * - * @param value - alert value - * - * @return alert type long string - */ -const char *SSL_alert_type_string_long(int value); - -/** - * @brief get the state string where SSL is reading - * - * @param ssl - SSL point - * - * @return state string - */ -const char *SSL_rstate_string(SSL *ssl); - -/** - * @brief get the statement long string where SSL is reading - * - * @param ssl - SSL point - * - * @return statement long string - */ -const char *SSL_rstate_string_long(SSL *ssl); - -/** - * @brief get SSL statement string - * - * @param ssl - SSL point - * - * @return SSL statement string - */ -char *SSL_state_string(const SSL *ssl); - -/** - * @brief get SSL statement long string - * - * @param ssl - SSL point - * - * @return SSL statement long string - */ -char *SSL_state_string_long(const SSL *ssl); - -/** - * @brief get SSL error code - * - * @param ssl - SSL point - * @param ret_code - SSL return code - * - * @return SSL error number - */ -int SSL_get_error(const SSL *ssl, int ret_code); - -/** - * @brief load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - * - * @param cert - a point pointed to X509 certification - * @param buffer - a point pointed to the certification context memory point - * @param length - certification bytes - * - * @return X509 certification object point - */ -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); - -/** - * @brief add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_add_client_CA(SSL *ssl, X509 *x); - -/** - * @brief add CA client certification into the SSL context - * - * @param ctx - SSL context point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -/** - * @brief get the SSL certification point - * - * @param ssl - SSL point - * - * @return SSL certification point - */ -X509 *SSL_get_certificate(const SSL *ssl); - -/** - * @brief get the verifying result of the SSL certification - * - * @param ssl - the SSL point - * - * @return the result of verifying - */ -long SSL_get_verify_result(const SSL *ssl); - -/** - * @brief These functions load the certification into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - certification object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); - -/** - * @brief load the ASN1 certification into SSL context - * - * @param ctx - SSL context point - * @param len - certification length - * @param d - data point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - -/** - * @brief These functions load the private key into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - private key object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - -/** - * @brief load the ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); - -/** - * @brief load the RSA ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - RSA private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); - -/** - * @brief load certification into the SSL - * - * @param ssl - SSL point - * @param len - data bytes - * @param d - data point - * - * @return result - * 0 : failed - * 1 : OK - * - */ -int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); - -/** - * @brief get peer certification - * - * @param ssl - SSL point - * - * @return certification - */ -X509 *SSL_get_peer_certificate(const SSL *ssl); - -/** - * @brief set the SSL context read buffer length - * - * @param ctx - SSL context point - * @param len - read buffer length - * - * @return none - */ -void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); - -/** - * @brief set the SSL read buffer length - * - * @param ssl - SSL point - * @param len - read buffer length - * - * @return none - */ -void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); - -/** - * @brief get the SSL specifical statement - * - * @param ssl - SSL point - * - * @return specifical statement - */ -int SSL_want(const SSL *ssl); - -/** - * @brief check if SSL want nothing - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_nothing(const SSL *ssl); - -/** - * @brief check if SSL want to read - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_read(const SSL *ssl); - -/** - * @brief check if SSL want to write - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_write(const SSL *ssl); From 1bcc5438ec51e3755b4fe98e18891e96335e1a57 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 28 Sep 2016 19:40:05 +0800 Subject: [PATCH 36/52] components/openssl: fix .rst file encoding type --- components/openssl/OpenSSL-APIs.rst | 2965 ++++++++++++++------------- 1 file changed, 1487 insertions(+), 1478 deletions(-) diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index ff91d2ebb7..5a44794cd2 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -1,1478 +1,1487 @@ -OpenSSL-APIs -====================== - -Chapter 1. SSL Context Method Create -Chapter 2. SSL Context Fucntion -Chapter 3. SSL Fucntion -Chapter 4. SSL X509 Certification and Private Key Function - -====================== -Chapter 1. SSL Context Method Create - -1.1 const SSL_METHOD* SSLv23_client_method(void); - - Arguments : none - - Return : SSLV2 and 3 version SSL context client method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = SSLv23_client_method(); - - ... - } - - -1.2 const SSL_METHOD* TLSv1_client_method(void); - - Arguments : none - - Return : TLSV1.0 version SSL context client method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_client_method(); - - ... - } - - -1.3 const SSL_METHOD* SSLv3_client_method(void); - - Arguments : none - - Return : SSLV3.0 version SSL context client method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = SSLv3_client_method(); - - ... - } - - -1.4 const SSL_METHOD* TLSv1_1_client_method(void); - - Arguments : none - - Return : TLSV1.1 version SSL context client method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_1_client_method(); - - ... - } - - -1.5 const SSL_METHOD* TLSv1_2_client_method(void); - - Arguments : none - - Return : TLSV1.2 version SSL context client method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_client_method(); - - ... - } - - -1.6 const SSL_METHOD* SSLv23_server_method(void); - - Arguments : none - - Return : SSLV2 and 3 version SSL context server method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = SSLv23_server_method(); - - ... - } - - -1.7 const SSL_METHOD* TLSv1_1_server_method(void); - - Arguments : none - - Return : TLSV1.1 version SSL context server method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_1_server_method(); - - ... - } - - -1.8 const SSL_METHOD* TLSv1_2_server_method(void); - - Arguments : none - - Return : TLSV1.2 version SSL context server method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_server_method(); - - ... - } - - -1.9 const SSL_METHOD* TLSv1_server_method(void); - - Arguments : none - - Return : TLSV1.0 version SSL context server method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = TLSv1_server_method(); - - ... - } - - -1.10 const SSL_METHOD* SSLv3_server_method(void); - - Arguments : none - - Return : SSLV3.0 version SSL context server method point - - Description : create the target SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method = SSLv3_server_method(); - - ... - } - - -====================== -Chapter 2. SSL Context Fucntion - -2.1 SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); - - Arguments : method - the SSL context method point - - Return : context point - - Description : create a SSL context - - Example : - - void example(void) - { - SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method()); - - ... - } - - -2.2 void SSL_CTX_free(SSL_CTX *ctx); - - Arguments : ctx - the SSL context point - - Return : none - - Description : free a SSL context - - Example : - - void example(void) - { - SSL_CTX *ctx; - - ... ... - - SSL_CTX_free(ctx); - } - - -2.3 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - - Arguments : ctx - SSL context point - meth - SSL method point - - Return : result - 1 : OK - 0 : failed - - Description : set the SSL context version - - Example : - - void example(void) - { - SSL_CTX *ctx; - const SSL_METHOD *meth; - - ... ... - - SSL_CTX_set_ssl_version(ctx, meth); - } - - -2.4 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); - - Arguments : ctx - SSL context point - - Return : SSL context method - - Description : get the SSL context method - - Example : - - void example(void) - { - const SSL_METHOD *method; - SSL_CTX *ctx; - - ... ... - - method = SSL_CTX_get_ssl_method(ctx); - } - - -====================== -Chapter 3. SSL Fucntion - -3.1 SSL* SSL_new(SSL_CTX *ctx); - - Arguments : ctx - SSL context point - - Return : SSL method - - Description : create a SSL - - Example : - - void example(void) - { - SSL *ssl; - SSL_CTX *ctx; - - ... ... - - ssl = SSL_new(ctx); - } - - -3.2 void SSL_free(SSL *ssl); - - Arguments : ssl - SSL point - - Return : none - - Description : free SSL - - Example : - - void example(void) - { - SSL *ssl; - - ... ... - - SSL_free(ssl); - } - - -3.3 int SSL_do_handshake(SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description : perform the SSL handshake - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_do_handshake(ssl); - } - - -3.4 int SSL_connect(SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description : connect to the remote SSL server - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_connect(ssl); - } - - -3.5 int SSL_accept(SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description : accept the remote connection - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_accept(ssl); - } - - -3.6 int SSL_shutdown(SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description : shutdown the connection - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_shutdown(ssl); - } - - -3.7 int SSL_clear(SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : OK - 0 : failed - - Description : shutdown the connection - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_clear(ssl); - } - - -3.8 int SSL_read(SSL *ssl, void *buffer, int len); - - Arguments : ssl - point - buffer - data buffer point - len - data length - - Return : result - > 0 : OK, and return received data bytes - = 0 : no data received or connection is closed - < 0 : an error catch - - Description : read data from remote - - Example : - - void example(void) - { - SSL *ssl; - char *buf; - int len; - int ret; - - ... ... - - ret = SSL_read(ssl, buf, len); - } - -3.9 int SSL_write(SSL *ssl, const void *buffer, int len); - - Arguments : ssl - SSL point - buffer - data buffer point - len - data length - - Return : result - > 0 : OK, and return received data bytes - = 0 : no data sent or connection is closed - < 0 : an error catch - - Description : send the data to remote - - Example : - - void example(void) - { - SSL *ssl; - char *buf; - int len; - int ret; - - ... ... - - ret = SSL_write(ssl, buf, len); - } - - -3.10 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL context - - Description : get SSL context of the SSL - - Example : - - void example(void) - { - SSL *ssl; - SSL_CTX *ctx; - - ... ... - - ctx = SSL_get_SSL_CTX(ssl); - } - - -3.11 int SSL_get_shutdown(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : shutdown mode - - Description : get SSL shutdown mode - - Example : - - void example(void) - { - SSL *ssl; - int mode; - - ... ... - - mode = SSL_get_SSL_CTX(ssl); - } - - -3.12 void SSL_set_shutdown(SSL *ssl, int mode); - - Arguments : ssl - SSL point - - Return : shutdown mode - - Description : set SSL shutdown mode - - Example : - - void example(void) - { - SSL *ssl; - int mode = 0; - - ... ... - - SSL_set_shutdown(ssl, mode); - } - - -3.13 const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL method - - Description : set SSL shutdown mode - - Example : - - void example(void) - { - SSL *ssl; - const SSL_METHOD *method; - - ... ... - - method = SSL_get_ssl_method(ssl); - } - - -3.14 int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); - - Arguments : ssl - SSL point - meth - SSL method point - - Return : result - 1 : OK - 0 : failed - - Description : set the SSL method - - Example : - - void example(void) - { - int ret; - SSL *ssl; - const SSL_METHOD *method; - - ... ... - - ret = SSL_set_ssl_method(ssl, method); - } - - -3.15 int SSL_pending(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : data bytes - - Description : get received data bytes - - Example : - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_pending(ssl); - } - - -3.16 int SSL_has_pending(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 1 : Yes - 0 : No - - Description : check if data is received - - Example : - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_has_pending(ssl); - } - - -3.17 int SSL_get_fd(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - >= 0 : socket id - < 0 : a error catch - - Description : get the socket of the SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_fd(ssl); - } - - -3.18 int SSL_get_rfd(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - >= 0 : socket id - < 0 : a error catch - - Description : get the read only socket of the SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_rfd(ssl); - } - - -3.19 int SSL_get_wfd(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - >= 0 : socket id - < 0 : a error catch - - Description : get the write only socket of the SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_wfd(ssl); - } - - -3.20 int SSL_set_fd(SSL *ssl, int fd); - - Arguments : ssl - SSL point - fd - socket id - - Return : result - 1 : OK - 0 : failed - - Description : set socket to SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_fd(ssl, socket); - } - - -3.21 int SSL_set_rfd(SSL *ssl, int fd); - - Arguments : ssl - SSL point - fd - socket id - - Return : result - 1 : OK - 0 : failed - - Description : set read only socket to SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_rfd(ssl, socket); - } - - -3.22 int SSL_set_wfd(SSL *ssl, int fd); - - Arguments : ssl - SSL point - fd - socket id - - Return : result - 1 : OK - 0 : failed - - Description : set write only socket to SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_wfd(ssl, socket); - } - - -3.23 int SSL_version(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL version - - Description : get SSL version - - Example : - - void example(void) - { - int version; - SSL *ssl; - - ... ... - - version = SSL_version(ssl); - } - - -3.24 const char *SSL_get_version(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL version string - - Description : get the SSL current version string - - Example : - - void example(void) - { - char *version; - SSL *ssl; - - ... ... - - version = SSL_get_version(ssl); - } - - -3.25 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL state - - Description : get the SSL state - - Example : - - void example(void) - { - OSSL_HANDSHAKE_STATE state; - SSL *ssl; - - ... ... - - state = SSL_get_state(ssl); - } - - -3.26 const char *SSL_alert_desc_string(int value); - - Arguments : value - SSL description - - Return : alert value string - - Description : get alert description string - - Example : - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_desc_string(val); - } - - -3.27 const char *SSL_alert_desc_string_long(int value); - - Arguments : value - SSL description - - Return : alert value long string - - Description : get alert description long string - - Example : - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_desc_string_long(val); - } - - -3.28 const char *SSL_alert_type_string(int value); - - Arguments : value - SSL type description - - Return : alert type string - - Description : get alert type string - - Example : - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_type_string(val); - } - - -3.29 const char *SSL_alert_type_string_long(int value); - - Arguments : value - SSL type description - - Return : alert type long string - - Description : get alert type long string - - Example : - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_type_string_long(val); - } - -3.30 const char *SSL_rstate_string(SSL *ssl); - - Arguments : ssl - SSL point - - Return : state string - - Description : get the state string where SSL is reading - - Example : - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_rstate_string(ssl); - } - - -3.31 const char *SSL_rstate_string_long(SSL *ssl); - - Arguments : ssl - SSL point - - Return : state long string - - Description : get the state long string where SSL is reading - - Example : - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_rstate_string_long(ssl); - } - - -3.32 char *SSL_state_string(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : state string - - Description : get the state string - - Example : - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_state_string(ssl); - } - - -3.33 char *SSL_state_string_long(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : state long string - - Description : get the state long string - - Example : - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_state_string(ssl); - } - - -3.34 int SSL_get_error(const SSL *ssl, int ret_code); - - Arguments : ssl - SSL point - ret_code - SSL return code - - Return : SSL error number - - Description : get SSL error code - - Example : - - void example(void) - { - SSL *ssl; - int ret; - int err; - - ... ... - - err = SSL_get_error(ssl, ret); - } - -3.35 void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); - - Arguments : ctx - SSL context point - len - read buffer length - - Return : none - - Description : set the SSL context read buffer length - - Example : - - void example(void) - { - SSL_CTX *ctx; - size_t len; - - ... ... - - SSL_CTX_set_default_read_buffer_len(ctx, len); - } - - -3.36 void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); - - Arguments : ssl - SSL point - len - read buffer length - - Return : none - - Description : set the SSL read buffer length - - Example : - - void example(void) - { - SSL *ssl; - size_t len; - - ... ... - - SSL_set_default_read_buffer_len(ctx, len); - } - - -3.37 int SSL_want(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : specifical statement - - Description : get the SSL specifical statement - - Example : - - void example(void) - { - SSL *ssl; - int state; - - ... ... - - state = SSL_want(ssl); - } - - -3.38 int SSL_want_nothing(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 0 : false - 1 : true - - Description : check if SSL want nothing - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want(ssl); - } - - -3.39 int SSL_want_read(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 0 : false - 1 : true - - Description : check if SSL want to read - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want_read(ssl); - } - - -3.40 int SSL_want_write(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : result - 0 : false - 1 : true - - Description : check if SSL want to write - - Example : - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want_write(ssl); - } - -====================== -Chapter 4. SSL X509 Certification and Private Key Function - -4.1 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); - - Arguments : cert - a point pointed to X509 certification - buffer - a point pointed to the certification context memory point - length - certification bytes - - Return : X509 certification object point - - Description : load a character certification context into system context. If '*cert' is pointed to the - certification, then load certification into it. Or create a new X509 certification object - - Example : - - void example(void) - { - X509 *new; - X509 *cert; - unsigned char *buffer; - long len; - ... ... - - new = d2i_X509(&cert, buffer, len); - } - - -4.2 int SSL_add_client_CA(SSL *ssl, X509 *x); - - Arguments : ssl - SSL point - x - CA certification point - - Return : result - 1 : OK - 0 : failed - - Description : add CA client certification into the SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - X509 *new; - - ... ... - - ret = SSL_add_client_CA(ssl, new); - } - - -4.3 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - - Arguments : ctx - SSL context point - x - CA certification point - - Return : result - 1 : OK - 0 : failed - - Description : add CA client certification into the SSL context - - Example : - - void example(void) - { - int ret; - SSL_CTX *ctx; - X509 *new; - - ... ... - - ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new); - } - - -4.4 X509 *SSL_get_certificate(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : SSL certification point - - Description : get the SSL certification point - - Example : - - void example(void) - { - SSL *ssl; - X509 *cert; - - ... ... - - cert = SSL_get_certificate(ssl); - } - - -4.5 long SSL_get_verify_result(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : the result of verifying - - Description : get the verifying result of the SSL certification - - Example : - - void example(void) - { - SSL *ssl; - long ret; - - ... ... - - ret = SSL_get_verify_result(ssl); - } - - -4.6 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); - - Arguments : ctx - the SSL context point - pkey - certification object point - - Return : result - 1 : OK - 0 : failed - - Description : load the certification into the SSL_CTX or SSL object - - Example : - - void example(void) - { - int ret; - SSL_CTX *ctx - X509 *new; - - ... ... - - ret = SSL_CTX_use_certificate(ctx, new); - } - - -4.7 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - - Arguments : ctx - SSL context point - len - certification length - d - data point - - Return : result - 1 : OK - 0 : failed - - Description : load the ASN1 certification into SSL context - - Example : - - void example(void) - { - int ret; - SSL_CTX *ctx; - const unsigned char *buf; - int len; - - ... ... - - ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf); - } - - -4.8 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - - Arguments : ctx - SSL context point - pkey - private key object point - - Return : result - 1 : OK - 0 : failed - - Description : load the private key into the context object - - Example : - - void example(void) - { - int ret; - SSL_CTX *ctx; - EVP_PKEY *pkey; - - ... ... - - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - } - - -4.9 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); - - Arguments : ctx - SSL context point - d - data point - len - private key length - - Return : result - 1 : OK - 0 : failed - - Description : load the ASN1 private key into SSL context - - Example : - - void example(void) - { - int ret; - int pk; - SSL_CTX *ctx; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len); - } - - -4.10 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); - - Arguments : ctx - SSL context point - d - data point - len - private key length - - Return : result - 1 : OK - 0 : failed - - Description : load the RSA ASN1 private key into SSL context - - Example : - - void example(void) - { - int ret; - SSL_CTX *ctx; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len); - } - - -4.11 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); - - Arguments : ssl - SSL point - len - data bytes - d - data point - - Return : result - 1 : OK - 0 : failed - - Description : load certification into the SSL - - Example : - - void example(void) - { - int ret; - SSL *ssl; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_use_certificate_ASN1(ssl, len, buf); - } - - -4.12 X509 *SSL_get_peer_certificate(const SSL *ssl); - - Arguments : ssl - SSL point - - Return : peer certification - - Description : get peer certification - - Example : - - void example(void) - { - SSL *ssl; - X509 *peer; - - ... ... - - peer = SSL_get_peer_certificate(ssl); - } - -====================== -END \ No newline at end of file +OpenSSL-APIs +============ + +All original source code in this repository is Copyright (C) 2015-2016 +Espressif Systems. This source code is licensed under the Apache +License 2.0 as described in the file LICENSE. + +Chapter Introduction +==================== + +Chapter 1. SSL Context Method Create +Chapter 2. SSL Context Fucntion +Chapter 3. SSL Fucntion +Chapter 4. SSL X509 Certification and Private Key Function + + +Chapter 1. SSL Context Method Create +==================================== + +1.1 const SSL_METHOD* SSLv23_client_method(void); + + Arguments : none + + Return : SSLV2 and 3 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv23_client_method(); + + ... + } + + +1.2 const SSL_METHOD* TLSv1_client_method(void); + + Arguments : none + + Return : TLSV1.0 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_client_method(); + + ... + } + + +1.3 const SSL_METHOD* SSLv3_client_method(void); + + Arguments : none + + Return : SSLV3.0 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv3_client_method(); + + ... + } + + +1.4 const SSL_METHOD* TLSv1_1_client_method(void); + + Arguments : none + + Return : TLSV1.1 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_1_client_method(); + + ... + } + + +1.5 const SSL_METHOD* TLSv1_2_client_method(void); + + Arguments : none + + Return : TLSV1.2 version SSL context client method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_2_client_method(); + + ... + } + + +1.6 const SSL_METHOD* SSLv23_server_method(void); + + Arguments : none + + Return : SSLV2 and 3 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv23_server_method(); + + ... + } + + +1.7 const SSL_METHOD* TLSv1_1_server_method(void); + + Arguments : none + + Return : TLSV1.1 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_1_server_method(); + + ... + } + + +1.8 const SSL_METHOD* TLSv1_2_server_method(void); + + Arguments : none + + Return : TLSV1.2 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_2_server_method(); + + ... + } + + +1.9 const SSL_METHOD* TLSv1_server_method(void); + + Arguments : none + + Return : TLSV1.0 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = TLSv1_server_method(); + + ... + } + + +1.10 const SSL_METHOD* SSLv3_server_method(void); + + Arguments : none + + Return : SSLV3.0 version SSL context server method point + + Description : create the target SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method = SSLv3_server_method(); + + ... + } + + + +Chapter 2. SSL Context Fucntion +=============================== + +2.1 SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); + + Arguments : method - the SSL context method point + + Return : context point + + Description : create a SSL context + + Example : + + void example(void) + { + SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method()); + + ... + } + + +2.2 void SSL_CTX_free(SSL_CTX *ctx); + + Arguments : ctx - the SSL context point + + Return : none + + Description : free a SSL context + + Example : + + void example(void) + { + SSL_CTX *ctx; + + ... ... + + SSL_CTX_free(ctx); + } + + +2.3 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + + Arguments : ctx - SSL context point + meth - SSL method point + + Return : result + 1 : OK + 0 : failed + + Description : set the SSL context version + + Example : + + void example(void) + { + SSL_CTX *ctx; + const SSL_METHOD *meth; + + ... ... + + SSL_CTX_set_ssl_version(ctx, meth); + } + + +2.4 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); + + Arguments : ctx - SSL context point + + Return : SSL context method + + Description : get the SSL context method + + Example : + + void example(void) + { + const SSL_METHOD *method; + SSL_CTX *ctx; + + ... ... + + method = SSL_CTX_get_ssl_method(ctx); + } + + + +Chapter 3. SSL Fucntion +======================= + +3.1 SSL* SSL_new(SSL_CTX *ctx); + + Arguments : ctx - SSL context point + + Return : SSL method + + Description : create a SSL + + Example : + + void example(void) + { + SSL *ssl; + SSL_CTX *ctx; + + ... ... + + ssl = SSL_new(ctx); + } + + +3.2 void SSL_free(SSL *ssl); + + Arguments : ssl - SSL point + + Return : none + + Description : free SSL + + Example : + + void example(void) + { + SSL *ssl; + + ... ... + + SSL_free(ssl); + } + + +3.3 int SSL_do_handshake(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : perform the SSL handshake + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_do_handshake(ssl); + } + + +3.4 int SSL_connect(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : connect to the remote SSL server + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_connect(ssl); + } + + +3.5 int SSL_accept(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : accept the remote connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_accept(ssl); + } + + +3.6 int SSL_shutdown(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed, connect is close by remote + -1 : a error catch + + Description : shutdown the connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_shutdown(ssl); + } + + +3.7 int SSL_clear(SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : OK + 0 : failed + + Description : shutdown the connection + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_clear(ssl); + } + + +3.8 int SSL_read(SSL *ssl, void *buffer, int len); + + Arguments : ssl - point + buffer - data buffer point + len - data length + + Return : result + > 0 : OK, and return received data bytes + = 0 : no data received or connection is closed + < 0 : an error catch + + Description : read data from remote + + Example : + + void example(void) + { + SSL *ssl; + char *buf; + int len; + int ret; + + ... ... + + ret = SSL_read(ssl, buf, len); + } + +3.9 int SSL_write(SSL *ssl, const void *buffer, int len); + + Arguments : ssl - SSL point + buffer - data buffer point + len - data length + + Return : result + > 0 : OK, and return received data bytes + = 0 : no data sent or connection is closed + < 0 : an error catch + + Description : send the data to remote + + Example : + + void example(void) + { + SSL *ssl; + char *buf; + int len; + int ret; + + ... ... + + ret = SSL_write(ssl, buf, len); + } + + +3.10 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL context + + Description : get SSL context of the SSL + + Example : + + void example(void) + { + SSL *ssl; + SSL_CTX *ctx; + + ... ... + + ctx = SSL_get_SSL_CTX(ssl); + } + + +3.11 int SSL_get_shutdown(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : shutdown mode + + Description : get SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + int mode; + + ... ... + + mode = SSL_get_SSL_CTX(ssl); + } + + +3.12 void SSL_set_shutdown(SSL *ssl, int mode); + + Arguments : ssl - SSL point + + Return : shutdown mode + + Description : set SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + int mode = 0; + + ... ... + + SSL_set_shutdown(ssl, mode); + } + + +3.13 const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL method + + Description : set SSL shutdown mode + + Example : + + void example(void) + { + SSL *ssl; + const SSL_METHOD *method; + + ... ... + + method = SSL_get_ssl_method(ssl); + } + + +3.14 int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); + + Arguments : ssl - SSL point + meth - SSL method point + + Return : result + 1 : OK + 0 : failed + + Description : set the SSL method + + Example : + + void example(void) + { + int ret; + SSL *ssl; + const SSL_METHOD *method; + + ... ... + + ret = SSL_set_ssl_method(ssl, method); + } + + +3.15 int SSL_pending(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : data bytes + + Description : get received data bytes + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_pending(ssl); + } + + +3.16 int SSL_has_pending(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 1 : Yes + 0 : No + + Description : check if data is received + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_has_pending(ssl); + } + + +3.17 int SSL_get_fd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_fd(ssl); + } + + +3.18 int SSL_get_rfd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the read only socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_rfd(ssl); + } + + +3.19 int SSL_get_wfd(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + >= 0 : socket id + < 0 : a error catch + + Description : get the write only socket of the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + + ... ... + + ret = SSL_get_wfd(ssl); + } + + +3.20 int SSL_set_fd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_fd(ssl, socket); + } + + +3.21 int SSL_set_rfd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set read only socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_rfd(ssl, socket); + } + + +3.22 int SSL_set_wfd(SSL *ssl, int fd); + + Arguments : ssl - SSL point + fd - socket id + + Return : result + 1 : OK + 0 : failed + + Description : set write only socket to SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + int socket; + + ... ... + + ret = SSL_set_wfd(ssl, socket); + } + + +3.23 int SSL_version(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL version + + Description : get SSL version + + Example : + + void example(void) + { + int version; + SSL *ssl; + + ... ... + + version = SSL_version(ssl); + } + + +3.24 const char *SSL_get_version(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL version string + + Description : get the SSL current version string + + Example : + + void example(void) + { + char *version; + SSL *ssl; + + ... ... + + version = SSL_get_version(ssl); + } + + +3.25 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL state + + Description : get the SSL state + + Example : + + void example(void) + { + OSSL_HANDSHAKE_STATE state; + SSL *ssl; + + ... ... + + state = SSL_get_state(ssl); + } + + +3.26 const char *SSL_alert_desc_string(int value); + + Arguments : value - SSL description + + Return : alert value string + + Description : get alert description string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_desc_string(val); + } + + +3.27 const char *SSL_alert_desc_string_long(int value); + + Arguments : value - SSL description + + Return : alert value long string + + Description : get alert description long string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_desc_string_long(val); + } + + +3.28 const char *SSL_alert_type_string(int value); + + Arguments : value - SSL type description + + Return : alert type string + + Description : get alert type string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_type_string(val); + } + + +3.29 const char *SSL_alert_type_string_long(int value); + + Arguments : value - SSL type description + + Return : alert type long string + + Description : get alert type long string + + Example : + + void example(void) + { + int val; + char *str; + + ... ... + + str = SSL_alert_type_string_long(val); + } + +3.30 const char *SSL_rstate_string(SSL *ssl); + + Arguments : ssl - SSL point + + Return : state string + + Description : get the state string where SSL is reading + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_rstate_string(ssl); + } + + +3.31 const char *SSL_rstate_string_long(SSL *ssl); + + Arguments : ssl - SSL point + + Return : state long string + + Description : get the state long string where SSL is reading + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_rstate_string_long(ssl); + } + + +3.32 char *SSL_state_string(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : state string + + Description : get the state string + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_state_string(ssl); + } + + +3.33 char *SSL_state_string_long(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : state long string + + Description : get the state long string + + Example : + + void example(void) + { + SSL *ssl; + char *str; + + ... ... + + str = SSL_state_string(ssl); + } + + +3.34 int SSL_get_error(const SSL *ssl, int ret_code); + + Arguments : ssl - SSL point + ret_code - SSL return code + + Return : SSL error number + + Description : get SSL error code + + Example : + + void example(void) + { + SSL *ssl; + int ret; + int err; + + ... ... + + err = SSL_get_error(ssl, ret); + } + +3.35 void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); + + Arguments : ctx - SSL context point + len - read buffer length + + Return : none + + Description : set the SSL context read buffer length + + Example : + + void example(void) + { + SSL_CTX *ctx; + size_t len; + + ... ... + + SSL_CTX_set_default_read_buffer_len(ctx, len); + } + + +3.36 void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); + + Arguments : ssl - SSL point + len - read buffer length + + Return : none + + Description : set the SSL read buffer length + + Example : + + void example(void) + { + SSL *ssl; + size_t len; + + ... ... + + SSL_set_default_read_buffer_len(ctx, len); + } + + +3.37 int SSL_want(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : specifical statement + + Description : get the SSL specifical statement + + Example : + + void example(void) + { + SSL *ssl; + int state; + + ... ... + + state = SSL_want(ssl); + } + + +3.38 int SSL_want_nothing(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want nothing + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want(ssl); + } + + +3.39 int SSL_want_read(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want to read + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want_read(ssl); + } + + +3.40 int SSL_want_write(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : result + 0 : false + 1 : true + + Description : check if SSL want to write + + Example : + + void example(void) + { + SSL *ssl; + int ret; + + ... ... + + ret = SSL_want_write(ssl); + } + + +Chapter 4. SSL X509 Certification and Private Key Function +========================================================== + +4.1 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); + + Arguments : cert - a point pointed to X509 certification + buffer - a point pointed to the certification context memory point + length - certification bytes + + Return : X509 certification object point + + Description : load a character certification context into system context. If '*cert' is pointed to the + certification, then load certification into it. Or create a new X509 certification object + + Example : + + void example(void) + { + X509 *new; + X509 *cert; + unsigned char *buffer; + long len; + ... ... + + new = d2i_X509(&cert, buffer, len); + } + + +4.2 int SSL_add_client_CA(SSL *ssl, X509 *x); + + Arguments : ssl - SSL point + x - CA certification point + + Return : result + 1 : OK + 0 : failed + + Description : add CA client certification into the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + X509 *new; + + ... ... + + ret = SSL_add_client_CA(ssl, new); + } + + +4.3 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + + Arguments : ctx - SSL context point + x - CA certification point + + Return : result + 1 : OK + 0 : failed + + Description : add CA client certification into the SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + X509 *new; + + ... ... + + ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new); + } + + +4.4 X509 *SSL_get_certificate(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : SSL certification point + + Description : get the SSL certification point + + Example : + + void example(void) + { + SSL *ssl; + X509 *cert; + + ... ... + + cert = SSL_get_certificate(ssl); + } + + +4.5 long SSL_get_verify_result(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : the result of verifying + + Description : get the verifying result of the SSL certification + + Example : + + void example(void) + { + SSL *ssl; + long ret; + + ... ... + + ret = SSL_get_verify_result(ssl); + } + + +4.6 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); + + Arguments : ctx - the SSL context point + pkey - certification object point + + Return : result + 1 : OK + 0 : failed + + Description : load the certification into the SSL_CTX or SSL object + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx + X509 *new; + + ... ... + + ret = SSL_CTX_use_certificate(ctx, new); + } + + +4.7 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + + Arguments : ctx - SSL context point + len - certification length + d - data point + + Return : result + 1 : OK + 0 : failed + + Description : load the ASN1 certification into SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + const unsigned char *buf; + int len; + + ... ... + + ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf); + } + + +4.8 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); + + Arguments : ctx - SSL context point + pkey - private key object point + + Return : result + 1 : OK + 0 : failed + + Description : load the private key into the context object + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + EVP_PKEY *pkey; + + ... ... + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + } + + +4.9 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); + + Arguments : ctx - SSL context point + d - data point + len - private key length + + Return : result + 1 : OK + 0 : failed + + Description : load the ASN1 private key into SSL context + + Example : + + void example(void) + { + int ret; + int pk; + SSL_CTX *ctx; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len); + } + + +4.10 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); + + Arguments : ctx - SSL context point + d - data point + len - private key length + + Return : result + 1 : OK + 0 : failed + + Description : load the RSA ASN1 private key into SSL context + + Example : + + void example(void) + { + int ret; + SSL_CTX *ctx; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len); + } + + +4.11 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); + + Arguments : ssl - SSL point + len - data bytes + d - data point + + Return : result + 1 : OK + 0 : failed + + Description : load certification into the SSL + + Example : + + void example(void) + { + int ret; + SSL *ssl; + const unsigned char *buf; + long len; + + ... ... + + ret = SSL_use_certificate_ASN1(ssl, len, buf); + } + + +4.12 X509 *SSL_get_peer_certificate(const SSL *ssl); + + Arguments : ssl - SSL point + + Return : peer certification + + Description : get peer certification + + Example : + + void example(void) + { + SSL *ssl; + X509 *peer; + + ... ... + + peer = SSL_get_peer_certificate(ssl); + } + From b97c00f2c1b367fb5d6e2602ccc21392282378ff Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 28 Sep 2016 20:41:11 +0800 Subject: [PATCH 37/52] components/openssl: add more .rst encoding type --- components/openssl/OpenSSL-APIs.rst | 1123 ++++++++++++++++++--------- 1 file changed, 748 insertions(+), 375 deletions(-) diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index 5a44794cd2..cb90a23c93 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -8,24 +8,31 @@ License 2.0 as described in the file LICENSE. Chapter Introduction ==================== -Chapter 1. SSL Context Method Create -Chapter 2. SSL Context Fucntion -Chapter 3. SSL Fucntion -Chapter 4. SSL X509 Certification and Private Key Function +- Chapter 1. SSL Context Method Create +- Chapter 2. SSL Context Fucntion +- Chapter 3. SSL Fucntion +- Chapter 4. SSL X509 Certification and Private Key Function Chapter 1. SSL Context Method Create ==================================== -1.1 const SSL_METHOD* SSLv23_client_method(void); - Arguments : none +1.1 const SSL_METHOD* ``SSLv23_client_method``(void) + + Arguments:: - Return : SSLV2 and 3 version SSL context client method point + none - Description : create the target SSL context method + Return:: - Example : + SSLV2 and 3 version SSL context client method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -35,15 +42,21 @@ Chapter 1. SSL Context Method Create } -1.2 const SSL_METHOD* TLSv1_client_method(void); +1.2 const SSL_METHOD* ``TLSv1_client_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.0 version SSL context client method point + none - Description : create the target SSL context method + Return:: - Example : + TLSV1.0 version SSL context client method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -53,15 +66,21 @@ Chapter 1. SSL Context Method Create } -1.3 const SSL_METHOD* SSLv3_client_method(void); +1.3 const SSL_METHOD* ``SSLv3_client_method``(void) - Arguments : none + Arguments:: - Return : SSLV3.0 version SSL context client method point + none - Description : create the target SSL context method + Return:: - Example : + SSLV3.0 version SSL context client method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -71,15 +90,21 @@ Chapter 1. SSL Context Method Create } -1.4 const SSL_METHOD* TLSv1_1_client_method(void); +1.4 const SSL_METHOD* ``TLSv1_1_client_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.1 version SSL context client method point + none - Description : create the target SSL context method + Return:: - Example : + TLSV1.1 version SSL context client method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -89,15 +114,21 @@ Chapter 1. SSL Context Method Create } -1.5 const SSL_METHOD* TLSv1_2_client_method(void); +1.5 const SSL_METHOD* ``TLSv1_2_client_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.2 version SSL context client method point + none - Description : create the target SSL context method + Return:: - Example : + TLSV1.2 version SSL context client method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -107,15 +138,21 @@ Chapter 1. SSL Context Method Create } -1.6 const SSL_METHOD* SSLv23_server_method(void); +1.6 const SSL_METHOD* ``SSLv23_server_method``(void) - Arguments : none + Arguments:: - Return : SSLV2 and 3 version SSL context server method point + none - Description : create the target SSL context method + Return:: - Example : + SSLV2 and 3 version SSL context server method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -125,13 +162,19 @@ Chapter 1. SSL Context Method Create } -1.7 const SSL_METHOD* TLSv1_1_server_method(void); +1.7 const SSL_METHOD* ``TLSv1_1_server_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.1 version SSL context server method point + none - Description : create the target SSL context method + Return:: + + TLSV1.1 version SSL context server method point + + Description:: + + create the target SSL context method Example : @@ -143,15 +186,21 @@ Chapter 1. SSL Context Method Create } -1.8 const SSL_METHOD* TLSv1_2_server_method(void); +1.8 const SSL_METHOD* ``TLSv1_2_server_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.2 version SSL context server method point + none - Description : create the target SSL context method + Return:: - Example : + TLSV1.2 version SSL context server method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -161,15 +210,21 @@ Chapter 1. SSL Context Method Create } -1.9 const SSL_METHOD* TLSv1_server_method(void); +1.9 const SSL_METHOD* ``TLSv1_server_method``(void) - Arguments : none + Arguments:: - Return : TLSV1.0 version SSL context server method point + none - Description : create the target SSL context method + Return:: - Example : + TLSV1.0 version SSL context server method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -179,15 +234,21 @@ Chapter 1. SSL Context Method Create } -1.10 const SSL_METHOD* SSLv3_server_method(void); +1.10 const SSL_METHOD* ``SSLv3_server_method``(void) - Arguments : none + Arguments:: - Return : SSLV3.0 version SSL context server method point + none - Description : create the target SSL context method + Return:: - Example : + SSLV3.0 version SSL context server method point + + Description:: + + create the target SSL context method + + Example:: void example(void) { @@ -201,15 +262,22 @@ Chapter 1. SSL Context Method Create Chapter 2. SSL Context Fucntion =============================== -2.1 SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); - Arguments : method - the SSL context method point +2.1 SSL_CTX* ``SSL_CTX_new``(const SSL_METHOD *method) + + Arguments:: - Return : context point + method - the SSL context method point - Description : create a SSL context + Return:: - Example : + context point + + Description:: + + create a SSL context + + Example:: void example(void) { @@ -219,15 +287,21 @@ Chapter 2. SSL Context Fucntion } -2.2 void SSL_CTX_free(SSL_CTX *ctx); +2.2 ``void SSL_CTX_free``(SSL_CTX *ctx) - Arguments : ctx - the SSL context point + Arguments:: - Return : none + ctx - the SSL context point - Description : free a SSL context + Return:: - Example : + none + + Description:: + + free a SSL context + + Example:: void example(void) { @@ -239,18 +313,23 @@ Chapter 2. SSL Context Fucntion } -2.3 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); +2.3 ``int SSL_CTX_set_ssl_version``(SSL_CTX *ctx, const SSL_METHOD *meth) - Arguments : ctx - SSL context point - meth - SSL method point + Arguments:: + + ctx - SSL context point + meth - SSL method point + + Return:: - Return : result 1 : OK 0 : failed - Description : set the SSL context version + Description:: - Example : + set the SSL context version + + Example:: void example(void) { @@ -263,15 +342,21 @@ Chapter 2. SSL Context Fucntion } -2.4 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); +2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method``(SSL_CTX *ctx) - Arguments : ctx - SSL context point + Arguments:: - Return : SSL context method + ctx - SSL context point - Description : get the SSL context method + Return:: - Example : + SSL context method + + Description:: + + get the SSL context method + + Example:: void example(void) { @@ -288,15 +373,22 @@ Chapter 2. SSL Context Fucntion Chapter 3. SSL Fucntion ======================= -3.1 SSL* SSL_new(SSL_CTX *ctx); - Arguments : ctx - SSL context point +3.1 SSL* ``SSL_new``(SSL_CTX *ctx) + + Arguments:: - Return : SSL method + ctx - SSL context point - Description : create a SSL + Return:: - Example : + SSL method + + Description:: + + create a SSL + + Example:: void example(void) { @@ -309,15 +401,21 @@ Chapter 3. SSL Fucntion } -3.2 void SSL_free(SSL *ssl); +3.2 void ``SSL_free``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : none + ssl - SSL point - Description : free SSL + Return:: - Example : + none + + Description:: + + free SSL + + Example:: void example(void) { @@ -329,18 +427,23 @@ Chapter 3. SSL Fucntion } -3.3 int SSL_do_handshake(SSL *ssl); +3.3 int ``SSL_do_handshake``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : OK 0 : failed, connect is close by remote -1 : a error catch - Description : perform the SSL handshake + Description:: - Example : + perform the SSL handshake + + Example:: void example(void) { @@ -353,18 +456,23 @@ Chapter 3. SSL Fucntion } -3.4 int SSL_connect(SSL *ssl); +3.4 int ``SSL_connect``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : OK 0 : failed, connect is close by remote -1 : a error catch - Description : connect to the remote SSL server + Description:: - Example : + connect to the remote SSL server + + Example:: void example(void) { @@ -377,18 +485,23 @@ Chapter 3. SSL Fucntion } -3.5 int SSL_accept(SSL *ssl); +3.5 int ``SSL_accept``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : OK 0 : failed, connect is close by remote -1 : a error catch - Description : accept the remote connection + Description:: - Example : + accept the remote connection + + Example:: void example(void) { @@ -401,18 +514,23 @@ Chapter 3. SSL Fucntion } -3.6 int SSL_shutdown(SSL *ssl); +3.6 int ``SSL_shutdown``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : OK 0 : failed, connect is close by remote -1 : a error catch - Description : shutdown the connection + Description:: - Example : + shutdown the connection + + Example:: void example(void) { @@ -425,17 +543,22 @@ Chapter 3. SSL Fucntion } -3.7 int SSL_clear(SSL *ssl); +3.7 int ``SSL_clear``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : OK 0 : failed - Description : shutdown the connection + Description:: - Example : + shutdown the connection + + Example:: void example(void) { @@ -448,20 +571,25 @@ Chapter 3. SSL Fucntion } -3.8 int SSL_read(SSL *ssl, void *buffer, int len); +3.8 int ``SSL_read``(SSL *ssl, void *buffer, int len) - Arguments : ssl - point - buffer - data buffer point - len - data length + Arguments:: + + ssl - point + buffer - data buffer point + len - data length + + Return:: - Return : result > 0 : OK, and return received data bytes = 0 : no data received or connection is closed < 0 : an error catch - Description : read data from remote + Description:: - Example : + read data from remote + + Example:: void example(void) { @@ -475,20 +603,25 @@ Chapter 3. SSL Fucntion ret = SSL_read(ssl, buf, len); } -3.9 int SSL_write(SSL *ssl, const void *buffer, int len); +3.9 int ``SSL_write``(SSL *ssl, const void *buffer, int len) - Arguments : ssl - SSL point - buffer - data buffer point - len - data length + Arguments:: + + ssl - SSL point + buffer - data buffer point + len - data length + + Return:: - Return : result > 0 : OK, and return received data bytes = 0 : no data sent or connection is closed < 0 : an error catch - Description : send the data to remote + Description:: - Example : + send the data to remote + + Example:: void example(void) { @@ -503,15 +636,21 @@ Chapter 3. SSL Fucntion } -3.10 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +3.10 ``SSL_CTX *SSL_get_SSL_CTX``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL context + ssl - SSL point + + Return:: + + SSL context - Description : get SSL context of the SSL + Description:: - Example : + get SSL context of the SSL + + Example:: void example(void) { @@ -524,15 +663,21 @@ Chapter 3. SSL Fucntion } -3.11 int SSL_get_shutdown(const SSL *ssl); +3.11 int ``SSL_get_shutdown``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : shutdown mode + ssl - SSL point + + Return:: + + shutdown mode - Description : get SSL shutdown mode + Description:: - Example : + get SSL shutdown mode + + Example:: void example(void) { @@ -545,15 +690,21 @@ Chapter 3. SSL Fucntion } -3.12 void SSL_set_shutdown(SSL *ssl, int mode); +3.12 void ``SSL_set_shutdown``(SSL *ssl, int mode) - Arguments : ssl - SSL point + Arguments:: - Return : shutdown mode + ssl - SSL point + + Return:: + + shutdown mode - Description : set SSL shutdown mode + Description:: - Example : + set SSL shutdown mode + + Example:: void example(void) { @@ -566,15 +717,21 @@ Chapter 3. SSL Fucntion } -3.13 const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +3.13 const SSL_METHOD* ``SSL_get_ssl_method``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL method + ssl - SSL point + + Return:: + + SSL method - Description : set SSL shutdown mode + Description:: - Example : + set SSL shutdown mode + + Example:: void example(void) { @@ -587,18 +744,23 @@ Chapter 3. SSL Fucntion } -3.14 int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); +3.14 int ``SSL_set_ssl_method``(SSL *ssl, const SSL_METHOD *method) - Arguments : ssl - SSL point - meth - SSL method point + Arguments:: + + ssl - SSL point + meth - SSL method point + + Return:: - Return : result 1 : OK 0 : failed - Description : set the SSL method + Description:: - Example : + set the SSL method + + Example:: void example(void) { @@ -612,15 +774,21 @@ Chapter 3. SSL Fucntion } -3.15 int SSL_pending(const SSL *ssl); +3.15 int ``SSL_pending``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : data bytes + ssl - SSL point + + Return:: + + data bytes - Description : get received data bytes + Description:: - Example : + get received data bytes + + Example:: void example(void) { @@ -633,17 +801,22 @@ Chapter 3. SSL Fucntion } -3.16 int SSL_has_pending(const SSL *ssl); +3.16 int ``SSL_has_pending``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 1 : Yes 0 : No - Description : check if data is received + Description:: - Example : + check if data is received + + Example:: void example(void) { @@ -656,17 +829,22 @@ Chapter 3. SSL Fucntion } -3.17 int SSL_get_fd(const SSL *ssl); +3.17 int ``SSL_get_fd``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result >= 0 : socket id < 0 : a error catch - Description : get the socket of the SSL + Description:: - Example : + get the socket of the SSL + + Example:: void example(void) { @@ -679,17 +857,22 @@ Chapter 3. SSL Fucntion } -3.18 int SSL_get_rfd(const SSL *ssl); +3.18 int ``SSL_get_rfd``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result >= 0 : socket id < 0 : a error catch - Description : get the read only socket of the SSL + Description:: - Example : + get the read only socket of the SSL + + Example:: void example(void) { @@ -702,17 +885,22 @@ Chapter 3. SSL Fucntion } -3.19 int SSL_get_wfd(const SSL *ssl); +3.19 int ``SSL_get_wfd``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result >= 0 : socket id < 0 : a error catch - Description : get the write only socket of the SSL + Description:: - Example : + get the write only socket of the SSL + + Example:: void example(void) { @@ -725,18 +913,23 @@ Chapter 3. SSL Fucntion } -3.20 int SSL_set_fd(SSL *ssl, int fd); +3.20 int ``SSL_set_fd``(SSL *ssl, int fd) - Arguments : ssl - SSL point - fd - socket id + Arguments:: + + ssl - SSL point + fd - socket id + + Return:: - Return : result 1 : OK 0 : failed - Description : set socket to SSL + Description:: - Example : + set socket to SSL + + Example:: void example(void) { @@ -750,18 +943,23 @@ Chapter 3. SSL Fucntion } -3.21 int SSL_set_rfd(SSL *ssl, int fd); +3.21 int ``SSL_set_rfd``(SSL *ssl, int fd) - Arguments : ssl - SSL point - fd - socket id + Arguments:: + + ssl - SSL point + fd - socket id + + Return:: - Return : result 1 : OK 0 : failed - Description : set read only socket to SSL + Description:: - Example : + set read only socket to SSL + + Example:: void example(void) { @@ -775,18 +973,23 @@ Chapter 3. SSL Fucntion } -3.22 int SSL_set_wfd(SSL *ssl, int fd); +3.22 int ``SSL_set_wfd``(SSL *ssl, int fd) - Arguments : ssl - SSL point - fd - socket id + Arguments:: + + ssl - SSL point + fd - socket id + + Return:: - Return : result 1 : OK 0 : failed - Description : set write only socket to SSL + Description:: - Example : + set write only socket to SSL + + Example:: void example(void) { @@ -800,15 +1003,21 @@ Chapter 3. SSL Fucntion } -3.23 int SSL_version(const SSL *ssl); +3.23 int ``SSL_version``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL version + ssl - SSL point + + Return:: + + SSL version - Description : get SSL version + Description:: - Example : + get SSL version + + Example:: void example(void) { @@ -821,15 +1030,21 @@ Chapter 3. SSL Fucntion } -3.24 const char *SSL_get_version(const SSL *ssl); +3.24 const char* ``SSL_get_version``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL version string + ssl - SSL point + + Return:: + + SSL version string - Description : get the SSL current version string + Description:: - Example : + get the SSL current version string + + Example:: void example(void) { @@ -842,15 +1057,21 @@ Chapter 3. SSL Fucntion } -3.25 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL state + ssl - SSL point + + Return:: + + SSL state - Description : get the SSL state + Description:: - Example : + get the SSL state + + Example:: void example(void) { @@ -863,15 +1084,21 @@ Chapter 3. SSL Fucntion } -3.26 const char *SSL_alert_desc_string(int value); +3.26 const char* ``SSL_alert_desc_string``(int value) - Arguments : value - SSL description + Arguments:: - Return : alert value string + value - SSL description + + Return:: + + alert value string - Description : get alert description string + Description:: - Example : + get alert description string + + Example:: void example(void) { @@ -884,15 +1111,21 @@ Chapter 3. SSL Fucntion } -3.27 const char *SSL_alert_desc_string_long(int value); +3.27 const char* ``SSL_alert_desc_string_long``(int value) - Arguments : value - SSL description + Arguments:: - Return : alert value long string + value - SSL description + + Return:: + + alert value long string - Description : get alert description long string + Description:: - Example : + get alert description long string + + Example:: void example(void) { @@ -905,15 +1138,21 @@ Chapter 3. SSL Fucntion } -3.28 const char *SSL_alert_type_string(int value); +3.28 const char* ``SSL_alert_type_string``(int value) - Arguments : value - SSL type description + Arguments:: - Return : alert type string + value - SSL type description + + Return:: + + alert type string - Description : get alert type string + Description:: - Example : + get alert type string + + Example:: void example(void) { @@ -926,15 +1165,21 @@ Chapter 3. SSL Fucntion } -3.29 const char *SSL_alert_type_string_long(int value); +3.29 const char* ``SSL_alert_type_string_long``(int value) - Arguments : value - SSL type description + Arguments:: - Return : alert type long string + value - SSL type description + + Return:: + + alert type long string - Description : get alert type long string + Description:: - Example : + get alert type long string + + Example:: void example(void) { @@ -946,15 +1191,21 @@ Chapter 3. SSL Fucntion str = SSL_alert_type_string_long(val); } -3.30 const char *SSL_rstate_string(SSL *ssl); +3.30 const char* ``SSL_rstate_string``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : state string + ssl - SSL point + + Return:: + + state string - Description : get the state string where SSL is reading + Description:: - Example : + get the state string where SSL is reading + + Example:: void example(void) { @@ -967,15 +1218,21 @@ Chapter 3. SSL Fucntion } -3.31 const char *SSL_rstate_string_long(SSL *ssl); +3.31 const char* ``SSL_rstate_string_long``(SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : state long string + ssl - SSL point + + Return:: + + state long string - Description : get the state long string where SSL is reading + Description:: - Example : + get the state long string where SSL is reading + + Example:: void example(void) { @@ -988,15 +1245,48 @@ Chapter 3. SSL Fucntion } -3.32 char *SSL_state_string(const SSL *ssl); +3.32 const char* ``SSL_state_string``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : state string + ssl - SSL point + + Return:: + + state string - Description : get the state string + Description:: - Example : + get the state string + + Example:: + + void example(void) + { + SSL *ssl; + const char *str; + + ... ... + + str = SSL_state_string(ssl); + } + + +3.33 char* ``SSL_state_string_long``(const SSL *ssl) + + Arguments:: + + ssl - SSL point + + Return:: + + state long string + + Description:: + + get the state long string + + Example:: void example(void) { @@ -1009,37 +1299,22 @@ Chapter 3. SSL Fucntion } -3.33 char *SSL_state_string_long(const SSL *ssl); +3.34 int ``SSL_get_error``(const SSL *ssl, int ret_code) - Arguments : ssl - SSL point + Arguments:: - Return : state long string + ssl - SSL point + ret_code - SSL return code + + Return:: + + SSL error number - Description : get the state long string + Description:: - Example : + get SSL error code - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_state_string(ssl); - } - - -3.34 int SSL_get_error(const SSL *ssl, int ret_code); - - Arguments : ssl - SSL point - ret_code - SSL return code - - Return : SSL error number - - Description : get SSL error code - - Example : + Example:: void example(void) { @@ -1052,16 +1327,22 @@ Chapter 3. SSL Fucntion err = SSL_get_error(ssl, ret); } -3.35 void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +3.35 void ``SSL_CTX_set_default_read_buffer_len``(SSL_CTX *ctx, size_t len) - Arguments : ctx - SSL context point - len - read buffer length + Arguments:: - Return : none + ctx - SSL context point + len - read buffer length + + Return:: + + none - Description : set the SSL context read buffer length + Description:: - Example : + set the SSL context read buffer length + + Example:: void example(void) { @@ -1074,16 +1355,22 @@ Chapter 3. SSL Fucntion } -3.36 void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); +3.36 void ``SSL_set_default_read_buffer_len``(SSL *ssl, size_t len) - Arguments : ssl - SSL point - len - read buffer length + Arguments:: - Return : none + ssl - SSL point + len - read buffer length + + Return:: + + none - Description : set the SSL read buffer length + Description:: - Example : + set the SSL read buffer length + + Example:: void example(void) { @@ -1096,15 +1383,21 @@ Chapter 3. SSL Fucntion } -3.37 int SSL_want(const SSL *ssl); +3.37 int ``SSL_want``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : specifical statement + ssl - SSL point + + Return:: + + specifical statement - Description : get the SSL specifical statement + Description:: - Example : + get the SSL specifical statement + + Example:: void example(void) { @@ -1117,17 +1410,22 @@ Chapter 3. SSL Fucntion } -3.38 int SSL_want_nothing(const SSL *ssl); +3.38 int ``SSL_want_nothing``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 0 : false 1 : true - Description : check if SSL want nothing + Description:: - Example : + check if SSL want nothing + + Example:: void example(void) { @@ -1140,17 +1438,22 @@ Chapter 3. SSL Fucntion } -3.39 int SSL_want_read(const SSL *ssl); +3.39 int ``SSL_want_read``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 0 : false 1 : true - Description : check if SSL want to read + Description:: - Example : + check if SSL want to read + + Example:: void example(void) { @@ -1163,17 +1466,22 @@ Chapter 3. SSL Fucntion } -3.40 int SSL_want_write(const SSL *ssl); +3.40 int ``SSL_want_write``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: + + ssl - SSL point + + Return:: - Return : result 0 : false 1 : true - Description : check if SSL want to write + Description:: - Example : + check if SSL want to write + + Example:: void example(void) { @@ -1189,18 +1497,25 @@ Chapter 3. SSL Fucntion Chapter 4. SSL X509 Certification and Private Key Function ========================================================== -4.1 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); - Arguments : cert - a point pointed to X509 certification - buffer - a point pointed to the certification context memory point - length - certification bytes +4.1 X509* ``d2i_X509``(X509 **cert, const unsigned char *buffer, long len) + + Arguments:: - Return : X509 certification object point + cert - a point pointed to X509 certification + buffer - a point pointed to the certification context memory point + length - certification bytes + + Return:: + + X509 certification object point - Description : load a character certification context into system context. If '*cert' is pointed to the - certification, then load certification into it. Or create a new X509 certification object + Description:: - Example : + load a character certification context into system context. If '*cert' is pointed to the + certification, then load certification into it. Or create a new X509 certification object + + Example:: void example(void) { @@ -1214,18 +1529,23 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.2 int SSL_add_client_CA(SSL *ssl, X509 *x); +4.2 int ``SSL_add_client_CA``(SSL *ssl, X509 *x) - Arguments : ssl - SSL point - x - CA certification point + Arguments:: - Return : result + ssl - SSL point + x - CA certification point + + Return:: + 1 : OK 0 : failed - Description : add CA client certification into the SSL + Description:: - Example : + add CA client certification into the SSL + + Example:: void example(void) { @@ -1239,18 +1559,23 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.3 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); +4.3 int ``SSL_CTX_add_client_CA``(SSL_CTX *ctx, X509 *x) - Arguments : ctx - SSL context point - x - CA certification point + Arguments:: - Return : result + ctx - SSL context point + x - CA certification point + + Return:: + 1 : OK 0 : failed - Description : add CA client certification into the SSL context + Description:: - Example : + add CA client certification into the SSL context + + Example:: void example(void) { @@ -1264,15 +1589,21 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.4 X509 *SSL_get_certificate(const SSL *ssl); +4.4 X509* ``SSL_get_certificate``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : SSL certification point + ssl - SSL point + + Return:: + + SSL certification point - Description : get the SSL certification point + Description:: - Example : + get the SSL certification point + + Example:: void example(void) { @@ -1285,15 +1616,21 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.5 long SSL_get_verify_result(const SSL *ssl); +4.5 long ``SSL_get_verify_result``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : the result of verifying + ssl - SSL point + + Return:: + + the result of verifying - Description : get the verifying result of the SSL certification + Description:: - Example : + get the verifying result of the SSL certification + + Example:: void example(void) { @@ -1306,18 +1643,23 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.6 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +4.6 int ``SSL_CTX_use_certificate``(SSL_CTX *ctx, X509 *x) - Arguments : ctx - the SSL context point - pkey - certification object point + Arguments:: + + ctx - the SSL context point + pkey - certification object point + + Return:: - Return : result 1 : OK 0 : failed - Description : load the certification into the SSL_CTX or SSL object + Description:: - Example : + load the certification into the SSL_CTX or SSL object + + Example:: void example(void) { @@ -1331,19 +1673,24 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.7 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); +4.7 int ``SSL_CTX_use_certificate_ASN1``(SSL_CTX *ctx, int len, const unsigned char *d) - Arguments : ctx - SSL context point - len - certification length - d - data point + Arguments:: - Return : result + ctx - SSL context point + len - certification length + d - data point + + Return:: + 1 : OK 0 : failed - Description : load the ASN1 certification into SSL context + Description:: - Example : + load the ASN1 certification into SSL context + + Example:: void example(void) { @@ -1358,18 +1705,23 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.8 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +4.8 int ``SSL_CTX_use_PrivateKey``(SSL_CTX *ctx, EVP_PKEY *pkey) - Arguments : ctx - SSL context point - pkey - private key object point + Arguments:: - Return : result + ctx - SSL context point + pkey - private key object point + + Return:: + 1 : OK 0 : failed - Description : load the private key into the context object + Description:: - Example : + load the private key into the context object + + Example:: void example(void) { @@ -1383,19 +1735,24 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.9 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); +4.9 int ``SSL_CTX_use_PrivateKey_ASN1``(int pk, SSL_CTX *ctx, const unsigned char *d, long len) - Arguments : ctx - SSL context point - d - data point - len - private key length + Arguments:: + + ctx - SSL context point + d - data point + len - private key length + + Return:: - Return : result 1 : OK 0 : failed - Description : load the ASN1 private key into SSL context + Description:: - Example : + load the ASN1 private key into SSL context + + Example:: void example(void) { @@ -1411,19 +1768,24 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.10 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1``(SSL_CTX *ctx, const unsigned char *d, long len) - Arguments : ctx - SSL context point - d - data point - len - private key length + Arguments:: + + ctx - SSL context point + d - data point + len - private key length + + Return:: - Return : result 1 : OK 0 : failed - Description : load the RSA ASN1 private key into SSL context + Description:: - Example : + load the RSA ASN1 private key into SSL context + + Example:: void example(void) { @@ -1438,19 +1800,24 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.11 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); +4.11 int ``SSL_use_certificate_ASN1``(SSL *ssl, int len, const unsigned char *d) - Arguments : ssl - SSL point - len - data bytes - d - data point + Arguments:: + + ssl - SSL point + len - data bytes + d - data point + + Return:: - Return : result 1 : OK 0 : failed - Description : load certification into the SSL + Description:: - Example : + load certification into the SSL + + Example:: void example(void) { @@ -1465,15 +1832,21 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.12 X509 *SSL_get_peer_certificate(const SSL *ssl); +4.12 X509* ``SSL_get_peer_certificate``(const SSL *ssl) - Arguments : ssl - SSL point + Arguments:: - Return : peer certification + ssl - SSL point + + Return:: + + peer certification - Description : get peer certification + Description:: - Example : + get peer certification + + Example:: void example(void) { From de587a2e0d1418d45c9b7880ed07a68237975f3d Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 28 Sep 2016 20:46:45 +0800 Subject: [PATCH 38/52] components/openssl: fix .rst file encoding error --- components/openssl/OpenSSL-APIs.rst | 132 ++++++++++++++-------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index cb90a23c93..6a8a68c1ff 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -18,7 +18,7 @@ Chapter 1. SSL Context Method Create ==================================== -1.1 const SSL_METHOD* ``SSLv23_client_method``(void) +1.1 const SSL_METHOD* ``SSLv23_client_method`` (void) Arguments:: @@ -42,7 +42,7 @@ Chapter 1. SSL Context Method Create } -1.2 const SSL_METHOD* ``TLSv1_client_method``(void) +1.2 const SSL_METHOD* ``TLSv1_client_method`` (void) Arguments:: @@ -66,7 +66,7 @@ Chapter 1. SSL Context Method Create } -1.3 const SSL_METHOD* ``SSLv3_client_method``(void) +1.3 const SSL_METHOD* ``SSLv3_client_method`` (void) Arguments:: @@ -90,7 +90,7 @@ Chapter 1. SSL Context Method Create } -1.4 const SSL_METHOD* ``TLSv1_1_client_method``(void) +1.4 const SSL_METHOD* ``TLSv1_1_client_method`` (void) Arguments:: @@ -114,7 +114,7 @@ Chapter 1. SSL Context Method Create } -1.5 const SSL_METHOD* ``TLSv1_2_client_method``(void) +1.5 const SSL_METHOD* ``TLSv1_2_client_method`` (void) Arguments:: @@ -138,7 +138,7 @@ Chapter 1. SSL Context Method Create } -1.6 const SSL_METHOD* ``SSLv23_server_method``(void) +1.6 const SSL_METHOD* ``SSLv23_server_method`` (void) Arguments:: @@ -162,7 +162,7 @@ Chapter 1. SSL Context Method Create } -1.7 const SSL_METHOD* ``TLSv1_1_server_method``(void) +1.7 const SSL_METHOD* ``TLSv1_1_server_method`` (void) Arguments:: @@ -186,7 +186,7 @@ Chapter 1. SSL Context Method Create } -1.8 const SSL_METHOD* ``TLSv1_2_server_method``(void) +1.8 const SSL_METHOD* ``TLSv1_2_server_method`` (void) Arguments:: @@ -210,7 +210,7 @@ Chapter 1. SSL Context Method Create } -1.9 const SSL_METHOD* ``TLSv1_server_method``(void) +1.9 const SSL_METHOD* ``TLSv1_server_method`` (void) Arguments:: @@ -234,7 +234,7 @@ Chapter 1. SSL Context Method Create } -1.10 const SSL_METHOD* ``SSLv3_server_method``(void) +1.10 const SSL_METHOD* ``SSLv3_server_method`` (void) Arguments:: @@ -263,7 +263,7 @@ Chapter 2. SSL Context Fucntion =============================== -2.1 SSL_CTX* ``SSL_CTX_new``(const SSL_METHOD *method) +2.1 SSL_CTX* ``SSL_CTX_new`` (const SSL_METHOD *method) Arguments:: @@ -287,7 +287,7 @@ Chapter 2. SSL Context Fucntion } -2.2 ``void SSL_CTX_free``(SSL_CTX *ctx) +2.2 ``void SSL_CTX_free`` (SSL_CTX *ctx) Arguments:: @@ -313,7 +313,7 @@ Chapter 2. SSL Context Fucntion } -2.3 ``int SSL_CTX_set_ssl_version``(SSL_CTX *ctx, const SSL_METHOD *meth) +2.3 ``int SSL_CTX_set_ssl_version`` (SSL_CTX *ctx, const SSL_METHOD *meth) Arguments:: @@ -342,7 +342,7 @@ Chapter 2. SSL Context Fucntion } -2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method``(SSL_CTX *ctx) +2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method`` (SSL_CTX *ctx) Arguments:: @@ -374,7 +374,7 @@ Chapter 3. SSL Fucntion ======================= -3.1 SSL* ``SSL_new``(SSL_CTX *ctx) +3.1 SSL* ``SSL_new`` (SSL_CTX *ctx) Arguments:: @@ -401,7 +401,7 @@ Chapter 3. SSL Fucntion } -3.2 void ``SSL_free``(SSL *ssl) +3.2 void ``SSL_free`` (SSL *ssl) Arguments:: @@ -427,7 +427,7 @@ Chapter 3. SSL Fucntion } -3.3 int ``SSL_do_handshake``(SSL *ssl) +3.3 int ``SSL_do_handshake`` (SSL *ssl) Arguments:: @@ -456,7 +456,7 @@ Chapter 3. SSL Fucntion } -3.4 int ``SSL_connect``(SSL *ssl) +3.4 int ``SSL_connect`` (SSL *ssl) Arguments:: @@ -485,7 +485,7 @@ Chapter 3. SSL Fucntion } -3.5 int ``SSL_accept``(SSL *ssl) +3.5 int ``SSL_accept`` (SSL *ssl) Arguments:: @@ -514,7 +514,7 @@ Chapter 3. SSL Fucntion } -3.6 int ``SSL_shutdown``(SSL *ssl) +3.6 int ``SSL_shutdown`` (SSL *ssl) Arguments:: @@ -543,7 +543,7 @@ Chapter 3. SSL Fucntion } -3.7 int ``SSL_clear``(SSL *ssl) +3.7 int ``SSL_clear`` (SSL *ssl) Arguments:: @@ -571,7 +571,7 @@ Chapter 3. SSL Fucntion } -3.8 int ``SSL_read``(SSL *ssl, void *buffer, int len) +3.8 int ``SSL_read`` (SSL *ssl, void *buffer, int len) Arguments:: @@ -603,7 +603,7 @@ Chapter 3. SSL Fucntion ret = SSL_read(ssl, buf, len); } -3.9 int ``SSL_write``(SSL *ssl, const void *buffer, int len) +3.9 int ``SSL_write`` (SSL *ssl, const void *buffer, int len) Arguments:: @@ -636,7 +636,7 @@ Chapter 3. SSL Fucntion } -3.10 ``SSL_CTX *SSL_get_SSL_CTX``(const SSL *ssl) +3.10 ``SSL_CTX *SSL_get_SSL_CTX`` (const SSL *ssl) Arguments:: @@ -663,7 +663,7 @@ Chapter 3. SSL Fucntion } -3.11 int ``SSL_get_shutdown``(const SSL *ssl) +3.11 int ``SSL_get_shutdown`` (const SSL *ssl) Arguments:: @@ -690,7 +690,7 @@ Chapter 3. SSL Fucntion } -3.12 void ``SSL_set_shutdown``(SSL *ssl, int mode) +3.12 void ``SSL_set_shutdown`` (SSL *ssl, int mode) Arguments:: @@ -717,7 +717,7 @@ Chapter 3. SSL Fucntion } -3.13 const SSL_METHOD* ``SSL_get_ssl_method``(SSL *ssl) +3.13 const SSL_METHOD* ``SSL_get_ssl_method`` (SSL *ssl) Arguments:: @@ -744,7 +744,7 @@ Chapter 3. SSL Fucntion } -3.14 int ``SSL_set_ssl_method``(SSL *ssl, const SSL_METHOD *method) +3.14 int ``SSL_set_ssl_method`` (SSL *ssl, const SSL_METHOD *method) Arguments:: @@ -774,7 +774,7 @@ Chapter 3. SSL Fucntion } -3.15 int ``SSL_pending``(const SSL *ssl) +3.15 int ``SSL_pending`` (const SSL *ssl) Arguments:: @@ -801,7 +801,7 @@ Chapter 3. SSL Fucntion } -3.16 int ``SSL_has_pending``(const SSL *ssl) +3.16 int ``SSL_has_pending`` (const SSL *ssl) Arguments:: @@ -829,7 +829,7 @@ Chapter 3. SSL Fucntion } -3.17 int ``SSL_get_fd``(const SSL *ssl) +3.17 int ``SSL_get_fd`` (const SSL *ssl) Arguments:: @@ -857,7 +857,7 @@ Chapter 3. SSL Fucntion } -3.18 int ``SSL_get_rfd``(const SSL *ssl) +3.18 int ``SSL_get_rfd`` (const SSL *ssl) Arguments:: @@ -885,7 +885,7 @@ Chapter 3. SSL Fucntion } -3.19 int ``SSL_get_wfd``(const SSL *ssl) +3.19 int ``SSL_get_wfd`` (const SSL *ssl) Arguments:: @@ -913,7 +913,7 @@ Chapter 3. SSL Fucntion } -3.20 int ``SSL_set_fd``(SSL *ssl, int fd) +3.20 int ``SSL_set_fd`` (SSL *ssl, int fd) Arguments:: @@ -943,7 +943,7 @@ Chapter 3. SSL Fucntion } -3.21 int ``SSL_set_rfd``(SSL *ssl, int fd) +3.21 int ``SSL_set_rfd`` (SSL *ssl, int fd) Arguments:: @@ -973,7 +973,7 @@ Chapter 3. SSL Fucntion } -3.22 int ``SSL_set_wfd``(SSL *ssl, int fd) +3.22 int ``SSL_set_wfd`` (SSL *ssl, int fd) Arguments:: @@ -1003,7 +1003,7 @@ Chapter 3. SSL Fucntion } -3.23 int ``SSL_version``(const SSL *ssl) +3.23 int ``SSL_version`` (const SSL *ssl) Arguments:: @@ -1030,7 +1030,7 @@ Chapter 3. SSL Fucntion } -3.24 const char* ``SSL_get_version``(const SSL *ssl) +3.24 const char* ``SSL_get_version`` (const SSL *ssl) Arguments:: @@ -1057,7 +1057,7 @@ Chapter 3. SSL Fucntion } -3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state``(const SSL *ssl) +3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state`` (const SSL *ssl) Arguments:: @@ -1084,7 +1084,7 @@ Chapter 3. SSL Fucntion } -3.26 const char* ``SSL_alert_desc_string``(int value) +3.26 const char* ``SSL_alert_desc_string`` (int value) Arguments:: @@ -1111,7 +1111,7 @@ Chapter 3. SSL Fucntion } -3.27 const char* ``SSL_alert_desc_string_long``(int value) +3.27 const char* ``SSL_alert_desc_string_long`` (int value) Arguments:: @@ -1138,7 +1138,7 @@ Chapter 3. SSL Fucntion } -3.28 const char* ``SSL_alert_type_string``(int value) +3.28 const char* ``SSL_alert_type_string`` (int value) Arguments:: @@ -1165,7 +1165,7 @@ Chapter 3. SSL Fucntion } -3.29 const char* ``SSL_alert_type_string_long``(int value) +3.29 const char* ``SSL_alert_type_string_long`` (int value) Arguments:: @@ -1191,7 +1191,7 @@ Chapter 3. SSL Fucntion str = SSL_alert_type_string_long(val); } -3.30 const char* ``SSL_rstate_string``(SSL *ssl) +3.30 const char* ``SSL_rstate_string`` (SSL *ssl) Arguments:: @@ -1218,7 +1218,7 @@ Chapter 3. SSL Fucntion } -3.31 const char* ``SSL_rstate_string_long``(SSL *ssl) +3.31 const char* ``SSL_rstate_string_long`` (SSL *ssl) Arguments:: @@ -1245,7 +1245,7 @@ Chapter 3. SSL Fucntion } -3.32 const char* ``SSL_state_string``(const SSL *ssl) +3.32 const char* ``SSL_state_string`` (const SSL *ssl) Arguments:: @@ -1272,7 +1272,7 @@ Chapter 3. SSL Fucntion } -3.33 char* ``SSL_state_string_long``(const SSL *ssl) +3.33 char* ``SSL_state_string_long`` (const SSL *ssl) Arguments:: @@ -1299,7 +1299,7 @@ Chapter 3. SSL Fucntion } -3.34 int ``SSL_get_error``(const SSL *ssl, int ret_code) +3.34 int ``SSL_get_error`` (const SSL *ssl, int ret_code) Arguments:: @@ -1327,7 +1327,7 @@ Chapter 3. SSL Fucntion err = SSL_get_error(ssl, ret); } -3.35 void ``SSL_CTX_set_default_read_buffer_len``(SSL_CTX *ctx, size_t len) +3.35 void ``SSL_CTX_set_default_read_buffer_len`` (SSL_CTX *ctx, size_t len) Arguments:: @@ -1355,7 +1355,7 @@ Chapter 3. SSL Fucntion } -3.36 void ``SSL_set_default_read_buffer_len``(SSL *ssl, size_t len) +3.36 void ``SSL_set_default_read_buffer_len`` (SSL *ssl, size_t len) Arguments:: @@ -1383,7 +1383,7 @@ Chapter 3. SSL Fucntion } -3.37 int ``SSL_want``(const SSL *ssl) +3.37 int ``SSL_want`` (const SSL *ssl) Arguments:: @@ -1410,7 +1410,7 @@ Chapter 3. SSL Fucntion } -3.38 int ``SSL_want_nothing``(const SSL *ssl) +3.38 int ``SSL_want_nothing`` (const SSL *ssl) Arguments:: @@ -1438,7 +1438,7 @@ Chapter 3. SSL Fucntion } -3.39 int ``SSL_want_read``(const SSL *ssl) +3.39 int ``SSL_want_read`` (const SSL *ssl) Arguments:: @@ -1466,7 +1466,7 @@ Chapter 3. SSL Fucntion } -3.40 int ``SSL_want_write``(const SSL *ssl) +3.40 int ``SSL_want_write`` (const SSL *ssl) Arguments:: @@ -1498,7 +1498,7 @@ Chapter 4. SSL X509 Certification and Private Key Function ========================================================== -4.1 X509* ``d2i_X509``(X509 **cert, const unsigned char *buffer, long len) +4.1 X509* ``d2i_X509`` (X509 **cert, const unsigned char *buffer, long len) Arguments:: @@ -1529,7 +1529,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.2 int ``SSL_add_client_CA``(SSL *ssl, X509 *x) +4.2 int ``SSL_add_client_CA`` (SSL *ssl, X509 *x) Arguments:: @@ -1559,7 +1559,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.3 int ``SSL_CTX_add_client_CA``(SSL_CTX *ctx, X509 *x) +4.3 int ``SSL_CTX_add_client_CA`` (SSL_CTX *ctx, X509 *x) Arguments:: @@ -1589,7 +1589,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.4 X509* ``SSL_get_certificate``(const SSL *ssl) +4.4 X509* ``SSL_get_certificate`` (const SSL *ssl) Arguments:: @@ -1616,7 +1616,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.5 long ``SSL_get_verify_result``(const SSL *ssl) +4.5 long ``SSL_get_verify_result`` (const SSL *ssl) Arguments:: @@ -1643,7 +1643,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.6 int ``SSL_CTX_use_certificate``(SSL_CTX *ctx, X509 *x) +4.6 int ``SSL_CTX_use_certificate`` (SSL_CTX *ctx, X509 *x) Arguments:: @@ -1673,7 +1673,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.7 int ``SSL_CTX_use_certificate_ASN1``(SSL_CTX *ctx, int len, const unsigned char *d) +4.7 int ``SSL_CTX_use_certificate_ASN1`` (SSL_CTX *ctx, int len, const unsigned char *d) Arguments:: @@ -1705,7 +1705,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.8 int ``SSL_CTX_use_PrivateKey``(SSL_CTX *ctx, EVP_PKEY *pkey) +4.8 int ``SSL_CTX_use_PrivateKey`` (SSL_CTX *ctx, EVP_PKEY *pkey) Arguments:: @@ -1735,7 +1735,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.9 int ``SSL_CTX_use_PrivateKey_ASN1``(int pk, SSL_CTX *ctx, const unsigned char *d, long len) +4.9 int ``SSL_CTX_use_PrivateKey_ASN1`` (int pk, SSL_CTX *ctx, const unsigned char *d, long len) Arguments:: @@ -1768,7 +1768,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1``(SSL_CTX *ctx, const unsigned char *d, long len) +4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1`` (SSL_CTX *ctx, const unsigned char *d, long len) Arguments:: @@ -1800,7 +1800,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.11 int ``SSL_use_certificate_ASN1``(SSL *ssl, int len, const unsigned char *d) +4.11 int ``SSL_use_certificate_ASN1`` (SSL *ssl, int len, const unsigned char *d) Arguments:: @@ -1832,7 +1832,7 @@ Chapter 4. SSL X509 Certification and Private Key Function } -4.12 X509* ``SSL_get_peer_certificate``(const SSL *ssl) +4.12 X509* ``SSL_get_peer_certificate`` (const SSL *ssl) Arguments:: From 2033068a72fd122561be0d91b79c9a6b652f597e Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Sun, 9 Oct 2016 16:42:49 +0800 Subject: [PATCH 39/52] components/openssl: add internal openssl X509 debug function --- .../openssl/include/internal/ssl_methods.h | 6 ++- .../openssl/include/internal/ssl_types.h | 2 + components/openssl/include/openssl/ssl.h | 22 +++++++++++ components/openssl/include/platform/ssl_pm.h | 1 + components/openssl/library/ssl_methods.c | 2 +- components/openssl/library/ssl_x509.c | 9 +++++ components/openssl/platform/ssl_pm.c | 38 +++++++++++++++++++ 7 files changed, 77 insertions(+), 3 deletions(-) diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index 7a63b9e949..cd2f8c0533 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -71,12 +71,14 @@ #define IMPLEMENT_X509_METHOD(func_name, \ new, \ free, \ - load) \ + load, \ + show_info) \ const X509_METHOD* func_name(void) { \ static const X509_METHOD func_name##_data LOCAL_ATRR = { \ new, \ free, \ - load \ + load, \ + show_info \ }; \ return &func_name##_data; \ } diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index c571865c1e..19944c7819 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -275,6 +275,8 @@ struct x509_method_st { void (*x509_free)(X509 *x); int (*x509_load)(X509 *x, const unsigned char *buf, int len); + + int (*x509_show_info)(X509 *x); }; struct pkey_method_st { diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 1d115214fd..d8400e66b5 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -447,6 +447,28 @@ int SSL_pending(const SSL *ssl); */ int SSL_want_nothing(const SSL *ssl); +/** + * @brief check if SSL want to read + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_read(const SSL *ssl); + +/** + * @brief check if SSL want to write + * + * @param ssl - SSL point + * + * @return result + * 0 : false + * 1 : true + */ +int SSL_want_write(const SSL *ssl); + /** * @brief get the SSL context current method * diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index cf1d213799..a516d57422 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -42,6 +42,7 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); void ssl_pm_set_bufflen(SSL *ssl, int len); +int x509_pm_show_info(X509 *x); int x509_pm_new(X509 *x, X509 *m_x); void x509_pm_free(X509 *x); int x509_pm_load(X509 *x, const unsigned char *buffer, int len); diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 8159511c49..0002360846 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -71,7 +71,7 @@ IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); */ IMPLEMENT_X509_METHOD(X509_method, x509_pm_new, x509_pm_free, - x509_pm_load); + x509_pm_load, x509_pm_show_info); /** * @brief get private key object method diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index d060419e6a..06e6e7b544 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -17,6 +17,14 @@ #include "ssl_dbg.h" #include "ssl_port.h" +/** + * @brief show X509 certification information + */ +int __X509_show_info(X509 *x) +{ + return X509_METHOD_CALL(show_info, x); +} + /** * @brief create a X509 certification object according to input X509 certification */ @@ -256,3 +264,4 @@ X509 *SSL_get_peer_certificate(const SSL *ssl) return ssl->session->peer; } + diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 4bc631382f..bbe290f2a3 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -31,6 +31,8 @@ #define DEBUG_LOAD_BUF_STRING(str) #endif +#define X509_INFO_STRING_LENGTH 1024 + struct ssl_pm { /* local socket file description */ @@ -370,6 +372,42 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) return state; } +int x509_pm_show_info(X509 *x) +{ + int ret; + char *buf; + mbedtls_x509_crt *x509_crt; + struct x509_pm *x509_pm = x->x509_pm; + + if (x509_pm->x509_crt) + x509_crt = x509_pm->x509_crt; + else if (x509_pm->ex_crt) + x509_crt = x509_pm->ex_crt; + else + x509_crt = NULL; + + if (!x509_crt) + return -1; + + buf = ssl_malloc(X509_INFO_STRING_LENGTH); + if (!buf) + SSL_RET(failed1, ""); + + ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt); + if (ret <= 0) + SSL_RET(failed2, ""); + buf[ret] = 0; + + SSL_PRINT("%s", buf); + + return 0; + +failed2: + ssl_free(buf); +failed1: + return -1; +} + int x509_pm_new(X509 *x, X509 *m_x) { struct x509_pm *x509_pm; From 47e83ee65e4861a79b4396fca00ee4fa9427886d Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Sun, 9 Oct 2016 17:49:16 +0800 Subject: [PATCH 40/52] components/openssl: add SSL any version function setting --- components/openssl/platform/ssl_pm.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index bbe290f2a3..539e954c78 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -111,16 +111,19 @@ int ssl_pm_new(SSL *ssl) if (ret) SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); - if (TLS1_2_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_3; - else if (TLS1_1_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_2; - else if (TLS1_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_1; - else - version = MBEDTLS_SSL_MINOR_VERSION_0; + if (TLS_ANY_VERSION != ssl->version) { + if (TLS1_2_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_3; + else if (TLS1_1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_2; + else if (TLS1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_1; + else + version = MBEDTLS_SSL_MINOR_VERSION_0; - //mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + } mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); From 37a68ad6052b94ba4f3e969021eb5318bb4eb30f Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Sun, 9 Oct 2016 19:02:31 +0800 Subject: [PATCH 41/52] components/openssl: fix SSL X509 show message, leaking memory --- components/openssl/platform/ssl_pm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 539e954c78..eadd323e70 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -401,6 +401,8 @@ int x509_pm_show_info(X509 *x) SSL_RET(failed2, ""); buf[ret] = 0; + ssl_free(buf); + SSL_PRINT("%s", buf); return 0; From 034da95abb17974e5ed7ec0bfa9d1ba629636986 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Sun, 9 Oct 2016 19:18:18 +0800 Subject: [PATCH 42/52] components/openssl: change SSL read or write statement after success --- components/openssl/library/ssl_lib.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 267d23f25f..9740282d13 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -390,7 +390,8 @@ int SSL_read(SSL *ssl, void *buffer, int len) ret = SSL_METHOD_CALL(read, ssl, buffer, len); - ssl->rwstate = SSL_NOTHING; + if (ret == len) + ssl->rwstate = SSL_NOTHING; return ret; } @@ -428,12 +429,10 @@ int SSL_write(SSL *ssl, const void *buffer, int len) } } while (ret > 0 && send_bytes); - ssl->rwstate = SSL_NOTHING; - - send_bytes = len - send_bytes; - if (send_bytes >= 0) - ret = send_bytes; - else + if (ret >= 0) { + ret = len - send_bytes; + ssl->rwstate = SSL_NOTHING; + } else ret = -1; return ret; From ecefb1305a08ba5bad49894273a3c47f82fbe0ab Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 10 Oct 2016 10:40:00 +0800 Subject: [PATCH 43/52] components/openssl: change header file relationship of level --- components/openssl/include/internal/ssl_stack.h | 11 +++++++++++ components/openssl/include/internal/ssl_types.h | 11 ----------- components/openssl/include/openssl/ssl.h | 1 - 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/components/openssl/include/internal/ssl_stack.h b/components/openssl/include/internal/ssl_stack.h index b37c8dffa9..7a7051a026 100644 --- a/components/openssl/include/internal/ssl_stack.h +++ b/components/openssl/include/internal/ssl_stack.h @@ -7,6 +7,17 @@ #include "ssl_types.h" +#define STACK_OF(type) struct stack_st_##type + +#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + +#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) + /** * @brief create a openssl stack object * diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 19944c7819..5aaee94176 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -37,17 +37,6 @@ typedef void BIO; #define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) #define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) -#define STACK_OF(type) struct stack_st_##type - -#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ - STACK_OF(t1); \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ - } \ - -#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) - typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); struct stack_st; diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index d8400e66b5..7f8eb88302 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -19,7 +19,6 @@ extern "C" { #endif -#include "platform/ssl_port.h" #include "internal/ssl_x509.h" #include "internal/ssl_pkey.h" From 5d60a1153d04ac90dd037b39bc79392bca72c02c Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 10 Oct 2016 11:18:45 +0800 Subject: [PATCH 44/52] components/openssl: Modify the documentation of OpenSSL-APIs 1. add description of non-supported APIs 2. remove non-supported APIs now 3. add more supported APIs --- components/openssl/OpenSSL-APIs.rst | 197 ++++++++++------------------ 1 file changed, 68 insertions(+), 129 deletions(-) diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index 6a8a68c1ff..e7877b128c 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -1,10 +1,15 @@ OpenSSL-APIs -============ +------------ All original source code in this repository is Copyright (C) 2015-2016 Espressif Systems. This source code is licensed under the Apache License 2.0 as described in the file LICENSE. +OpenSSL APIs not mentioned in this article are not open to public for the time, +also do not have the corresponding function. +If user calls it directly, it will always return an error or may show cannot link +at compile time. + Chapter Introduction ==================== @@ -17,8 +22,7 @@ Chapter Introduction Chapter 1. SSL Context Method Create ==================================== - -1.1 const SSL_METHOD* ``SSLv23_client_method`` (void) +1.1 const SSL_METHOD* ``SSLv3_client_method`` (void) Arguments:: @@ -26,7 +30,7 @@ Chapter 1. SSL Context Method Create Return:: - SSLV2 and 3 version SSL context client method point + SSLV3.0 version SSL context client method point Description:: @@ -36,12 +40,11 @@ Chapter 1. SSL Context Method Create void example(void) { - const SSL_METHOD *method = SSLv23_client_method(); + const SSL_METHOD *method = SSLv3_client_method(); ... } - 1.2 const SSL_METHOD* ``TLSv1_client_method`` (void) Arguments:: @@ -65,32 +68,7 @@ Chapter 1. SSL Context Method Create ... } - -1.3 const SSL_METHOD* ``SSLv3_client_method`` (void) - - Arguments:: - - none - - Return:: - - SSLV3.0 version SSL context client method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = SSLv3_client_method(); - - ... - } - - -1.4 const SSL_METHOD* ``TLSv1_1_client_method`` (void) +1.3 const SSL_METHOD* ``TLSv1_1_client_method`` (void) Arguments:: @@ -113,8 +91,7 @@ Chapter 1. SSL Context Method Create ... } - -1.5 const SSL_METHOD* ``TLSv1_2_client_method`` (void) +1.4 const SSL_METHOD* ``TLSv1_2_client_method`` (void) Arguments:: @@ -136,9 +113,31 @@ Chapter 1. SSL Context Method Create ... } + +1.5 const SSL_METHOD* ``TLS_client_method`` (void) + Arguments:: + + none + + Return:: + + TLSV1.2 version SSL context client method point + + Description:: + + create the default SSL context method, it's always to be TLSV1.2 + + Example:: + + void example(void) + { + const SSL_METHOD *method = TLSv1_2_client_method(); + + ... + } -1.6 const SSL_METHOD* ``SSLv23_server_method`` (void) +1.6 const SSL_METHOD* ``SSLv3_server_method`` (void) Arguments:: @@ -146,7 +145,7 @@ Chapter 1. SSL Context Method Create Return:: - SSLV2 and 3 version SSL context server method point + SSLV3.0 version SSL context server method point Description:: @@ -156,13 +155,35 @@ Chapter 1. SSL Context Method Create void example(void) { - const SSL_METHOD *method = SSLv23_server_method(); + const SSL_METHOD *method = SSLv3_server_method(); ... } +1.7 const SSL_METHOD* ``TLSv1_server_method`` (void) -1.7 const SSL_METHOD* ``TLSv1_1_server_method`` (void) + Arguments:: + + none + + Return:: + + TLSV1.0 version SSL context server method point + + Description:: + + create the target SSL context method + + Example:: + + void example(void) + { + const SSL_METHOD *method = TLSv1_server_method(); + + ... + } + +1.8 const SSL_METHOD* ``TLSv1_1_server_method`` (void) Arguments:: @@ -186,7 +207,7 @@ Chapter 1. SSL Context Method Create } -1.8 const SSL_METHOD* ``TLSv1_2_server_method`` (void) +1.9 const SSL_METHOD* ``TLSv1_2_server_method`` (void) Arguments:: @@ -209,8 +230,7 @@ Chapter 1. SSL Context Method Create ... } - -1.9 const SSL_METHOD* ``TLSv1_server_method`` (void) +1.10 const SSL_METHOD* ``TLS_server_method`` (void) Arguments:: @@ -218,47 +238,22 @@ Chapter 1. SSL Context Method Create Return:: - TLSV1.0 version SSL context server method point + TLSV1.2 version SSL context server method point Description:: - create the target SSL context method + create the default SSL context method, it's always to be TLSV1.2 Example:: void example(void) { - const SSL_METHOD *method = TLSv1_server_method(); + const SSL_METHOD *method = TLSv1_2_server_method(); ... } -1.10 const SSL_METHOD* ``SSLv3_server_method`` (void) - - Arguments:: - - none - - Return:: - - SSLV3.0 version SSL context server method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = SSLv3_server_method(); - - ... - } - - - Chapter 2. SSL Context Fucntion =============================== @@ -1326,64 +1321,8 @@ Chapter 3. SSL Fucntion err = SSL_get_error(ssl, ret); } - -3.35 void ``SSL_CTX_set_default_read_buffer_len`` (SSL_CTX *ctx, size_t len) - Arguments:: - - ctx - SSL context point - len - read buffer length - - Return:: - - none - - Description:: - - set the SSL context read buffer length - - Example:: - - void example(void) - { - SSL_CTX *ctx; - size_t len; - - ... ... - - SSL_CTX_set_default_read_buffer_len(ctx, len); - } - - -3.36 void ``SSL_set_default_read_buffer_len`` (SSL *ssl, size_t len) - - Arguments:: - - ssl - SSL point - len - read buffer length - - Return:: - - none - - Description:: - - set the SSL read buffer length - - Example:: - - void example(void) - { - SSL *ssl; - size_t len; - - ... ... - - SSL_set_default_read_buffer_len(ctx, len); - } - - -3.37 int ``SSL_want`` (const SSL *ssl) +3.35 int ``SSL_want`` (const SSL *ssl) Arguments:: @@ -1410,7 +1349,7 @@ Chapter 3. SSL Fucntion } -3.38 int ``SSL_want_nothing`` (const SSL *ssl) +3.36 int ``SSL_want_nothing`` (const SSL *ssl) Arguments:: @@ -1438,7 +1377,7 @@ Chapter 3. SSL Fucntion } -3.39 int ``SSL_want_read`` (const SSL *ssl) +3.37 int ``SSL_want_read`` (const SSL *ssl) Arguments:: @@ -1466,7 +1405,7 @@ Chapter 3. SSL Fucntion } -3.40 int ``SSL_want_write`` (const SSL *ssl) +3.38 int ``SSL_want_write`` (const SSL *ssl) Arguments:: From 78392bf76b3d47ba290a0d97f443e695916416f5 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Fri, 28 Oct 2016 14:32:13 +0800 Subject: [PATCH 45/52] components/openssl: change the description 1. change the description of Makefile.projbuild 2. remove the license header in the API document 3. add private inlcuding header code in the components file --- components/openssl/Makefile.projbuild | 3 +-- components/openssl/OpenSSL-APIs.rst | 7 +------ components/openssl/component.mk | 3 ++- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/components/openssl/Makefile.projbuild b/components/openssl/Makefile.projbuild index b1d5641231..f8501f3187 100644 --- a/components/openssl/Makefile.projbuild +++ b/components/openssl/Makefile.projbuild @@ -1,3 +1,2 @@ -# Anyone compiling mbedTLS code needs the name of the -# alternative config file +# Anyone compiling openssl code needs the mbedtls library and header file diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index e7877b128c..2b606dbcf2 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -1,14 +1,9 @@ OpenSSL-APIs ------------ -All original source code in this repository is Copyright (C) 2015-2016 -Espressif Systems. This source code is licensed under the Apache -License 2.0 as described in the file LICENSE. - OpenSSL APIs not mentioned in this article are not open to public for the time, also do not have the corresponding function. -If user calls it directly, it will always return an error or may show cannot link -at compile time. +If user calls it directly, it will always return an error or may show cannot link at compile time. Chapter Introduction ==================== diff --git a/components/openssl/component.mk b/components/openssl/component.mk index 97de6975c9..2dfcc6b38d 100644 --- a/components/openssl/component.mk +++ b/components/openssl/component.mk @@ -2,7 +2,8 @@ # Component Makefile # -COMPONENT_ADD_INCLUDEDIRS := include include/internal include/platform include/oepnssl +COMPONENT_ADD_INCLUDEDIRS := include +COMPONENT_PRIV_INCLUDEDIRS := include/internal include/platform include/openssl COMPONENT_SRCDIRS := library platform From 41a91d7cb9540f718811c62629aaca140d87ac08 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 31 Oct 2016 14:06:29 +0800 Subject: [PATCH 46/52] feature/openssl: change the description for docbook --- components/openssl/Makefile.projbuild | 2 -- components/openssl/OpenSSL-APIs.rst | 5 ++++- 2 files changed, 4 insertions(+), 3 deletions(-) delete mode 100644 components/openssl/Makefile.projbuild diff --git a/components/openssl/Makefile.projbuild b/components/openssl/Makefile.projbuild deleted file mode 100644 index f8501f3187..0000000000 --- a/components/openssl/Makefile.projbuild +++ /dev/null @@ -1,2 +0,0 @@ -# Anyone compiling openssl code needs the mbedtls library and header file - diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index 2b606dbcf2..39fa0ebb9b 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -1,9 +1,12 @@ OpenSSL-APIs ------------ +This directory does not contain OpenSSL itself, but the code here can be used as a wrapper for applications using the OpenSSL API. +It uses mbedSSL to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file. + OpenSSL APIs not mentioned in this article are not open to public for the time, also do not have the corresponding function. -If user calls it directly, it will always return an error or may show cannot link at compile time. +If user calls it directly, it will always return an error or may show cannot link at compiling time. Chapter Introduction ==================== From 9555ce291e094b8e9e25c1b6e4a36ee8d340ca14 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 31 Oct 2016 14:13:00 +0800 Subject: [PATCH 47/52] feature/openssl: correct wrong description --- components/openssl/OpenSSL-APIs.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst index 39fa0ebb9b..93e438dcf9 100644 --- a/components/openssl/OpenSSL-APIs.rst +++ b/components/openssl/OpenSSL-APIs.rst @@ -2,7 +2,7 @@ OpenSSL-APIs ------------ This directory does not contain OpenSSL itself, but the code here can be used as a wrapper for applications using the OpenSSL API. -It uses mbedSSL to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file. +It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file. OpenSSL APIs not mentioned in this article are not open to public for the time, also do not have the corresponding function. From fc6b52574a337fd4f4b7a13155eea488582e1b0d Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 13:07:10 +0800 Subject: [PATCH 48/52] components/openssl: refactor the SSL port function and debug function --- components/openssl/include/internal/ssl_dbg.h | 28 ++++++--- components/openssl/include/platform/ssl_opt.h | 48 ++++++++++++++++ .../openssl/include/platform/ssl_port.h | 16 +++++- components/openssl/library/ssl_cert.c | 8 +-- components/openssl/library/ssl_lib.c | 24 ++++---- components/openssl/library/ssl_pkey.c | 8 +-- components/openssl/library/ssl_stack.c | 14 ++--- components/openssl/library/ssl_x509.c | 8 +-- components/openssl/platform/ssl_pm.c | 57 +++++++++++-------- components/openssl/platform/ssl_port.c | 6 +- 10 files changed, 148 insertions(+), 69 deletions(-) create mode 100644 components/openssl/include/platform/ssl_opt.h diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index d6ae47499e..1b0a73f167 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -15,21 +15,33 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ +#include "platform/ssl_opt.h" +#include "platform/ssl_port.h" + #ifdef __cplusplus extern "C" { #endif -#define SSL_DEBUG_ENBALE 1 +#ifndef SSL_DEBUG_ENBALE +#define SSL_DEBUG_ENBALE 0 +#endif + +#ifndef SSL_DEBUG_LEVEL #define SSL_DEBUG_LEVEL 0 -#define SSL_ASSERT_ENABLE 1 -#define SSL_DEBUG_LOCATION_ENABLE 1 +#endif -#if SSL_DEBUG_ENBALE - extern int ets_printf(const char *fmt, ...); +#ifndef SSL_ASSERT_ENABLE +#define SSL_ASSERT_ENABLE 0 +#endif - #define SSL_PRINT ets_printf -#else - #define SSL_PRINT(...) +#ifndef SSL_DEBUG_LOCATION_ENABLE +#define SSL_DEBUG_LOCATION_ENABLE 0 +#endif + +#ifndef SSL_PRINT + #include "stdio.h" + extern int printf(const char *fmt, ...); + #define SSL_PRINT printf #endif #if SSL_DEBUG_LOCATION_ENABLE diff --git a/components/openssl/include/platform/ssl_opt.h b/components/openssl/include/platform/ssl_opt.h new file mode 100644 index 0000000000..01d438eb8a --- /dev/null +++ b/components/openssl/include/platform/ssl_opt.h @@ -0,0 +1,48 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _SSL_OPT_H_ +#define _SSL_OPT_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +/** + * if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface + */ +#define ESP32_IDF_PLATFORM + +/** + * openssl debug print function enable + */ +#define SSL_DEBUG_ENBALE 0 + +/** + * openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL" + * will not print message + */ +#define SSL_DEBUG_LEVEL 0 + +/** + * openssl assert function enable, it will check the input paramter and print the message + */ +#define SSL_ASSERT_ENABLE 0 + +/** + * openssl location function enable, it will print location of the positioning error + */ +#define SSL_DEBUG_LOCATION_ENABLE 0 + +#endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 995d33e0e5..4a319c91ae 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -19,11 +19,15 @@ extern "C" { #endif +#include "platform/ssl_opt.h" + +#ifdef ESP32_IDF_PLATFORM + #include "esp_types.h" -void* ssl_zalloc(size_t size); -void *ssl_malloc(size_t size); -void ssl_free(void *p); +void *ssl_mem_zalloc(size_t size); +void *ssl_mem_malloc(size_t size); +void ssl_mem_free(void *p); void* ssl_memcpy(void *to, const void *from, size_t size); size_t ssl_strlen(const char *src); @@ -31,4 +35,10 @@ size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); +#elif defined(SSL_PLATFORM_USER_INCLUDE) + +SSL_PLATFORM_USER_INCLUDE + +#endif + #endif diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index e4fd4d7785..0193a441e0 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -28,9 +28,9 @@ CERT *__ssl_cert_new(CERT *ic) X509 *ix; EVP_PKEY *ipk; - cert = ssl_zalloc(sizeof(CERT)); + cert = ssl_mem_zalloc(sizeof(CERT)); if (!cert) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ic) { ipk = ic->pkey; @@ -53,7 +53,7 @@ CERT *__ssl_cert_new(CERT *ic) failed3: EVP_PKEY_free(cert->pkey); failed2: - ssl_free(cert); + ssl_mem_free(cert); failed1: return NULL; } @@ -75,5 +75,5 @@ void ssl_cert_free(CERT *cert) EVP_PKEY_free(cert->pkey); - ssl_free(cert); + ssl_mem_free(cert); } diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 9740282d13..23b8bf4cea 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -124,9 +124,9 @@ SSL_SESSION* SSL_SESSION_new(void) { SSL_SESSION *session; - session = ssl_zalloc(sizeof(SSL_SESSION)); + session = ssl_mem_zalloc(sizeof(SSL_SESSION)); if (!session) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); session->peer = X509_new(); if (!session->peer) @@ -135,7 +135,7 @@ SSL_SESSION* SSL_SESSION_new(void) return session; failed2: - ssl_free(session); + ssl_mem_free(session); failed1: return NULL; } @@ -146,7 +146,7 @@ failed1: void SSL_SESSION_free(SSL_SESSION *session) { X509_free(session->peer); - ssl_free(session); + ssl_mem_free(session); } /** @@ -168,9 +168,9 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) if (!cert) SSL_RET(go_failed2, "ssl_cert_new\n"); - ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); + ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_RET(go_failed3, "ssl_zalloc:ctx\n"); + SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n"); ctx->method = method; ctx->client_CA = client_ca; @@ -199,7 +199,7 @@ void SSL_CTX_free(SSL_CTX* ctx) X509_free(ctx->client_CA); - ssl_free(ctx); + ssl_mem_free(ctx); } /** @@ -238,9 +238,9 @@ SSL *SSL_new(SSL_CTX *ctx) if (!ctx) SSL_RET(failed1, "ctx:NULL\n"); - ssl = (SSL *)ssl_zalloc(sizeof(SSL)); + ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL)); if (!ssl) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); ssl->session = SSL_SESSION_new(); if (!ssl->session) @@ -277,7 +277,7 @@ failed4: failed3: SSL_SESSION_free(ssl->session); failed2: - ssl_free(ssl); + ssl_mem_free(ssl); failed1: return NULL; } @@ -297,7 +297,7 @@ void SSL_free(SSL *ssl) SSL_SESSION_free(ssl->session); - ssl_free(ssl); + ssl_mem_free(ssl); } /** @@ -343,7 +343,7 @@ int SSL_shutdown(SSL *ssl) SSL_ASSERT(ssl); - if (SSL_get_state(ssl) != TLS_ST_OK) return 0; + if (SSL_get_state(ssl) != TLS_ST_OK) return 1; ret = SSL_METHOD_CALL(shutdown, ssl); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 20debfbcfc..dbd82dc9c2 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -25,9 +25,9 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) int ret; EVP_PKEY *pkey; - pkey = ssl_zalloc(sizeof(EVP_PKEY)); + pkey = ssl_mem_zalloc(sizeof(EVP_PKEY)); if (!pkey) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ipk) { pkey->method = ipk->method; @@ -42,7 +42,7 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) return pkey; failed2: - ssl_free(pkey); + ssl_mem_free(pkey); failed1: return NULL; } @@ -62,7 +62,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey) { EVP_PKEY_METHOD_CALL(free, pkey); - ssl_free(pkey); + ssl_mem_free(pkey); } /** diff --git a/components/openssl/library/ssl_stack.c b/components/openssl/library/ssl_stack.c index 4ea40e7259..5dbb69af9d 100644 --- a/components/openssl/library/ssl_stack.c +++ b/components/openssl/library/ssl_stack.c @@ -30,13 +30,13 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) OPENSSL_STACK *stack; char **data; - stack = ssl_zalloc(sizeof(OPENSSL_STACK)); + stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK)); if (!stack) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); - data = ssl_zalloc(sizeof(*data) * MIN_NODES); + data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES); if (!data) - SSL_RET(failed2, "ssl_zalloc\n"); + SSL_RET(failed2, "ssl_mem_zalloc\n"); stack->data = data; stack->num_alloc = MIN_NODES; @@ -45,7 +45,7 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) return stack; failed2: - ssl_free(stack); + ssl_mem_free(stack); failed1: return NULL; } @@ -65,6 +65,6 @@ void OPENSSL_sk_free(OPENSSL_STACK *stack) { SSL_ASSERT(stack); - ssl_free(stack->data); - ssl_free(stack); + ssl_mem_free(stack->data); + ssl_mem_free(stack); } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 06e6e7b544..d0426db18c 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -33,9 +33,9 @@ X509* __X509_new(X509 *ix) int ret; X509 *x; - x = ssl_zalloc(sizeof(X509)); + x = ssl_mem_zalloc(sizeof(X509)); if (!x) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ix) x->method = ix->method; @@ -49,7 +49,7 @@ X509* __X509_new(X509 *ix) return x; failed2: - ssl_free(x); + ssl_mem_free(x); failed1: return NULL; } @@ -69,7 +69,7 @@ void X509_free(X509 *x) { X509_METHOD_CALL(free, x); - ssl_free(x); + ssl_mem_free(x); }; /** diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index eadd323e70..21c0ac58c9 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -86,10 +86,16 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; - ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); + ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) - SSL_ERR(ret, failed1, "ssl_zalloc\n"); + SSL_ERR(ret, failed1, "ssl_mem_zalloc\n"); + if (ssl->ctx->read_buffer_len < 2048 || + ssl->ctx->read_buffer_len > 8192) + return -1; + + max_content_len = ssl->ctx->read_buffer_len; + mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -144,6 +150,7 @@ failed3: mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); failed2: mbedtls_entropy_free(&ssl_pm->entropy); + ssl_mem_free(ssl_pm); failed1: return -1; } @@ -160,7 +167,7 @@ void ssl_pm_free(SSL *ssl) mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); - ssl_free(ssl_pm); + ssl_mem_free(ssl_pm); ssl->ssl_pm = NULL; } @@ -392,7 +399,7 @@ int x509_pm_show_info(X509 *x) if (!x509_crt) return -1; - buf = ssl_malloc(X509_INFO_STRING_LENGTH); + buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH); if (!buf) SSL_RET(failed1, ""); @@ -401,14 +408,14 @@ int x509_pm_show_info(X509 *x) SSL_RET(failed2, ""); buf[ret] = 0; - ssl_free(buf); + ssl_mem_free(buf); SSL_PRINT("%s", buf); return 0; failed2: - ssl_free(buf); + ssl_mem_free(buf); failed1: return -1; } @@ -417,9 +424,9 @@ int x509_pm_new(X509 *x, X509 *m_x) { struct x509_pm *x509_pm; - x509_pm = ssl_zalloc(sizeof(struct x509_pm)); + x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm)); if (!x509_pm) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); x->x509_pm = x509_pm; @@ -442,11 +449,11 @@ void x509_pm_free(X509 *x) if (x509_pm->x509_crt) { mbedtls_x509_crt_free(x509_pm->x509_crt); - ssl_free(x509_pm->x509_crt); + ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; } - ssl_free(x->x509_pm); + ssl_mem_free(x->x509_pm); x->x509_pm = NULL; } @@ -460,14 +467,14 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) mbedtls_x509_crt_free(x509_pm->x509_crt); if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt)); + x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt)); if (!x509_pm->x509_crt) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_malloc\n"); } - load_buf = ssl_malloc(len + 1); + load_buf = ssl_mem_malloc(len + 1); if (!load_buf) - SSL_RET(failed2, "ssl_malloc\n"); + SSL_RET(failed2, "ssl_mem_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; @@ -477,7 +484,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) mbedtls_x509_crt_init(x509_pm->x509_crt); ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); - ssl_free(load_buf); + ssl_mem_free(load_buf); if (ret) SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret); @@ -485,7 +492,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) return 0; failed2: - ssl_free(x509_pm->x509_crt); + ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; failed1: return -1; @@ -495,7 +502,7 @@ int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) { struct pkey_pm *pkey_pm; - pkey_pm = ssl_zalloc(sizeof(struct pkey_pm)); + pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm)); if (!pkey_pm) return -1; @@ -517,11 +524,11 @@ void pkey_pm_free(EVP_PKEY *pk) if (pkey_pm->pkey) { mbedtls_pk_free(pkey_pm->pkey); - ssl_free(pkey_pm->pkey); + ssl_mem_free(pkey_pm->pkey); pkey_pm->pkey = NULL; } - ssl_free(pk->pkey_pm); + ssl_mem_free(pk->pkey_pm); pk->pkey_pm = NULL; } @@ -535,14 +542,14 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) mbedtls_pk_free(pkey_pm->pkey); if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); + pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context)); if (!pkey_pm->pkey) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_malloc\n"); } - load_buf = ssl_malloc(len + 1); + load_buf = ssl_mem_malloc(len + 1); if (!load_buf) - SSL_RET(failed2, "ssl_malloc\n"); + SSL_RET(failed2, "ssl_mem_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; @@ -552,7 +559,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) mbedtls_pk_init(pkey_pm->pkey); ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0); - ssl_free(load_buf); + ssl_mem_free(load_buf); if (ret) SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret); @@ -560,7 +567,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) return 0; failed2: - ssl_free(pkey_pm->pkey); + ssl_mem_free(pkey_pm->pkey); pkey_pm->pkey = NULL; failed1: return -1; diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index b57e703a17..9fbc44deb6 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -15,6 +15,7 @@ #include "ssl_port.h" #include "string.h" #include "malloc.h" +#include "esp_system.h" /*********************************************************************************************/ /********************************* SSL general interface *************************************/ @@ -51,10 +52,11 @@ size_t ssl_strlen(const char *src) void ssl_speed_up_enter(void) { - + system_update_cpu_freq(SYS_CPU_160MHZ); } void ssl_speed_up_exit(void) { - + system_update_cpu_freq(SYS_CPU_80MHZ); } + From 16a4d56fe5af03005afc9a3b57e95219918841c6 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 13:09:54 +0800 Subject: [PATCH 49/52] components/openssl: remove some platform interface --- components/openssl/platform/ssl_port.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 9fbc44deb6..b333fdbfba 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -15,7 +15,6 @@ #include "ssl_port.h" #include "string.h" #include "malloc.h" -#include "esp_system.h" /*********************************************************************************************/ /********************************* SSL general interface *************************************/ @@ -52,11 +51,11 @@ size_t ssl_strlen(const char *src) void ssl_speed_up_enter(void) { - system_update_cpu_freq(SYS_CPU_160MHZ); + } void ssl_speed_up_exit(void) { - system_update_cpu_freq(SYS_CPU_80MHZ); + } From 8d1f360ca6835c2d13563da10bed97bb7c38cc6c Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 13:10:56 +0800 Subject: [PATCH 50/52] components/openssl: ssl port use esp32_idf default --- components/openssl/platform/ssl_port.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index b333fdbfba..1f19510116 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -13,6 +13,9 @@ // limitations under the License. #include "ssl_port.h" + +#ifdef ESP32_IDF_PLATFORM + #include "string.h" #include "malloc.h" @@ -59,3 +62,5 @@ void ssl_speed_up_exit(void) } +#endif + From bc710e5b885df673e13470de8ce99997acb7e4dd Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 14:59:50 +0800 Subject: [PATCH 51/52] components/openssl: refacetor the SSL debug function Add the "ssl_opt.h" file to make user able t add its platform interface --- components/openssl/include/internal/ssl_dbg.h | 21 ++++++++++++------- .../openssl/include/platform/ssl_port.h | 3 +++ components/openssl/platform/ssl_port.c | 6 +++--- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 1b0a73f167..5b909955e4 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -38,10 +38,17 @@ #define SSL_DEBUG_LOCATION_ENABLE 0 #endif -#ifndef SSL_PRINT - #include "stdio.h" - extern int printf(const char *fmt, ...); - #define SSL_PRINT printf +#if SSL_DEBUG_ENBALE + #ifndef SSL_PRINT + #include "stdio.h" + extern int printf(const char *fmt, ...); + #define SSL_PRINT printf + #endif +#else + #ifdef SSL_PRINT + #undef SSL_PRINT + #define SSL_PRINT(...) + #endif #endif #if SSL_DEBUG_LOCATION_ENABLE @@ -56,11 +63,11 @@ #define SSL_ASSERT(s) #endif -#define SSL_ERR(err, go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); ret = err; goto go; } +#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(fmt, ##__VA_ARGS__); ret = err; goto go; } -#define SSL_RET(go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); goto go; } +#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(fmt, ##__VA_ARGS__); goto go; } -#define SSL_DEBUG(level, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(__VA_ARGS__);} } +#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(fmt, ##__VA_ARGS__);} } #ifdef __cplusplus } diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 4a319c91ae..1e4c2f31f9 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -24,6 +24,7 @@ #ifdef ESP32_IDF_PLATFORM #include "esp_types.h" +#include "esp_log.h" void *ssl_mem_zalloc(size_t size); void *ssl_mem_malloc(size_t size); @@ -35,6 +36,8 @@ size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); +#define SSL_PRINT(fmt, ...) ESP_LOGD("OpenSSL", fmt, ##__VA_ARGS__) + #elif defined(SSL_PLATFORM_USER_INCLUDE) SSL_PLATFORM_USER_INCLUDE diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 1f19510116..ae3b849ca3 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -22,7 +22,7 @@ /*********************************************************************************************/ /********************************* SSL general interface *************************************/ -void* ssl_zalloc(size_t size) +void* ssl_mem_zalloc(size_t size) { void *p = malloc(size); @@ -32,12 +32,12 @@ void* ssl_zalloc(size_t size) return p; } -void *ssl_malloc(size_t size) +void *ssl_mem_malloc(size_t size) { return malloc(size); } -void ssl_free(void *p) +void ssl_mem_free(void *p) { free(p); } From 12e78e9590655a494e72e7e6d6cea391ecda32b3 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 15:16:14 +0800 Subject: [PATCH 52/52] components/openssl: add more debug stream output function --- components/openssl/include/internal/ssl_dbg.h | 34 ++++++++++++++----- .../openssl/include/platform/ssl_port.h | 4 ++- components/openssl/platform/ssl_pm.c | 2 +- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 5b909955e4..887fe2e82b 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -39,20 +39,36 @@ #endif #if SSL_DEBUG_ENBALE - #ifndef SSL_PRINT + #if !defined(SSL_PRINT_LOG) || !defined(SSL_ERROR_LOG) || !defined(SSL_LOCAL_LOG) #include "stdio.h" extern int printf(const char *fmt, ...); - #define SSL_PRINT printf + #ifndef SSL_PRINT_LOG + #define SSL_PRINT_LOG printf + #endif + #ifndef SSL_ERROR_LOG + #define SSL_ERROR_LOG printf + #endif + #ifndef SSL_LOCAL_LOG + #define SSL_LOCAL_LOG printf + #endif #endif #else - #ifdef SSL_PRINT - #undef SSL_PRINT - #define SSL_PRINT(...) + #ifdef SSL_PRINT_LOG + #undef SSL_PRINT_LOG + #define SSL_PRINT_LOG(...) + #endif + #ifdef SSL_ERROR_LOG + #undef SSL_ERROR_LOG + #define SSL_ERROR_LOG(...) + #endif + #ifdef SSL_LOCAL_LOG + #undef SSL_LOCAL_LOG + #define SSL_LOCAL_LOG(...) #endif #endif #if SSL_DEBUG_LOCATION_ENABLE - #define SSL_DEBUG_LOCATION() SSL_PRINT("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__) + #define SSL_DEBUG_LOCATION() SSL_LOCAL_LOG("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__) #else #define SSL_DEBUG_LOCATION() #endif @@ -63,11 +79,11 @@ #define SSL_ASSERT(s) #endif -#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(fmt, ##__VA_ARGS__); ret = err; goto go; } +#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); ret = err; goto go; } -#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(fmt, ##__VA_ARGS__); goto go; } +#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); goto go; } -#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(fmt, ##__VA_ARGS__);} } +#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT_LOG(fmt, ##__VA_ARGS__);} } #ifdef __cplusplus } diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 1e4c2f31f9..35c8dc18f9 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -36,7 +36,9 @@ size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); -#define SSL_PRINT(fmt, ...) ESP_LOGD("OpenSSL", fmt, ##__VA_ARGS__) +#define SSL_PRINT_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__) +#define SSL_ERROR_LOG(fmt, ...) ESP_LOGE("openssl", fmt, ##__VA_ARGS__) +#define SSL_LOCAL_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__) #elif defined(SSL_PLATFORM_USER_INCLUDE) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 21c0ac58c9..92e72bfdb8 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -410,7 +410,7 @@ int x509_pm_show_info(X509 *x) ssl_mem_free(buf); - SSL_PRINT("%s", buf); + SSL_DEBUG(1, "%s", buf); return 0;