arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

Added openssl compatibility functions

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@64 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-02-21 13:22:36 +00:00
parent 900b0eb96e
commit 6843c20d38
19 changed files with 278 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -8,6 +8,8 @@ Changes since 1.0.0
* SSLCTX changed to SSL_CTX (to be consistent with openssl). * SSLCTX changed to SSL_CTX (to be consistent with openssl).
* malloc()/open() etc call abort() on failure. * malloc()/open() etc call abort() on failure.
* Fixed a memory leak in directory listings. * Fixed a memory leak in directory listings.
* Added openssl() compatibility functions.
* Fixed cygwin 'make install' issue.
axhttpd Changes axhttpd Changes
* main.c now becomes axhttpd.c. * main.c now becomes axhttpd.c.
@ -18,4 +20,5 @@ axhttpd Changes
* Directory access protection implemented (via .htaccess). * Directory access protection implemented (via .htaccess).
* Can now have more than one CGI file extension in mconf. * Can now have more than one CGI file extension in mconf.
* "If-Modified-Since" request now handled properly. * "If-Modified-Since" request now handled properly.
* Performance tweaks to remove ssl_find()

15
Makefile
View File

@ -73,18 +73,21 @@ win32_demo:
install: $(PREFIX) all install: $(PREFIX) all
cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
chmod 755 $(PREFIX)/lib/libax* chmod 755 $(PREFIX)/lib/libax*
-install -m 755 $(STAGE)/ax* $(PREFIX)/bin install -m 755 $(STAGE)/ax* $(PREFIX)/bin
ifdef CONFIG_AXHTTPD ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin
endif
ifdef CONFIG_PLATFORM_CYGWIN
install -m 755 $(STAGE)/cygaxtls.dll $(PREFIX)/bin
endif endif
ifdef CONFIG_PERL_BINDINGS ifdef CONFIG_PERL_BINDINGS
-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
endif endif
@mkdir -p -m 755 $(PREFIX)/include/axTLS @mkdir -p -m 755 $(PREFIX)/include/axTLS
-install -m 644 ssl/*.h $(PREFIX)/include/axTLS install -m 644 ssl/*.h $(PREFIX)/include/axTLS
-rm $(PREFIX)/include/axTLS/cert.h -rm $(PREFIX)/include/axTLS/cert.h
-rm $(PREFIX)/include/axTLS/private_key.h -rm $(PREFIX)/include/axTLS/private_key.h
-install -m 644 config/config.h $(PREFIX)/include/axTLS install -m 644 config/config.h $(PREFIX)/include/axTLS
installclean: installclean:
-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1 -@rm $(PREFIX)/lib/libax* > /dev/null 2>&1

4
bindings/generate_interface.pl
View File

@ -56,8 +56,10 @@ sub transformSignature
$line =~ s/uint8_t \* ?/byte[] /g; $line =~ s/uint8_t \* ?/byte[] /g;
$line =~ s/uint8_t ?/byte /g; $line =~ s/uint8_t ?/byte /g;
$line =~ s/const char \* ?/string /g; $line =~ s/const char \* ?/string /g;
$line =~ s/const SSL_CTX \* ?/IntPtr /g;
$line =~ s/SSL_CTX \* ?/IntPtr /g; $line =~ s/SSL_CTX \* ?/IntPtr /g;
$line =~ s/SSLObjLoader \* ?/IntPtr /g; $line =~ s/SSLObjLoader \* ?/IntPtr /g;
$line =~ s/const SSL \* ?/IntPtr /g;
$line =~ s/SSL \* ?/IntPtr /g; $line =~ s/SSL \* ?/IntPtr /g;
$line =~ s/\(void\)/()/g; $line =~ s/\(void\)/()/g;
} }
@ -89,8 +91,10 @@ sub transformSignature
$line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g; $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g; $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/const char \* ?(\w+)/ByVal $1 As String/g; $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
$line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/const SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g; $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
$line =~ s/\(void\)/()/g; $line =~ s/\(void\)/()/g;

2
config/linuxconfig
View File

@ -39,7 +39,7 @@ CONFIG_SSL_USE_PKCS12=y
CONFIG_SSL_EXPIRY_TIME=24 CONFIG_SSL_EXPIRY_TIME=24
CONFIG_X509_MAX_CA_CERTS=4 CONFIG_X509_MAX_CA_CERTS=4
CONFIG_SSL_MAX_CERTS=2 CONFIG_SSL_MAX_CERTS=2
# CONFIG_SSLCTX_MUTEXING is not set # CONFIG_SSL_CTX_MUTEXING is not set
CONFIG_USE_DEV_URANDOM=y CONFIG_USE_DEV_URANDOM=y
# CONFIG_WIN32_USE_CRYPTO_LIB is not set # CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_PERFORMANCE_TESTING is not set # CONFIG_PERFORMANCE_TESTING is not set

2
config/win32config
View File

@ -43,7 +43,7 @@ CONFIG_SSL_USE_PKCS12=y
CONFIG_SSL_EXPIRY_TIME=24 CONFIG_SSL_EXPIRY_TIME=24
CONFIG_X509_MAX_CA_CERTS=4 CONFIG_X509_MAX_CA_CERTS=4
CONFIG_SSL_MAX_CERTS=2 CONFIG_SSL_MAX_CERTS=2
# CONFIG_SSLCTX_MUTEXING is not set # CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set # CONFIG_USE_DEV_URANDOM is not set
CONFIG_WIN32_USE_CRYPTO_LIB=y CONFIG_WIN32_USE_CRYPTO_LIB=y
# CONFIG_PERFORMANCE_TESTING is not set # CONFIG_PERFORMANCE_TESTING is not set

1
httpd/axhttp.h
View File

@ -52,6 +52,7 @@ struct connstruct
int reqtype; int reqtype;
int networkdesc; int networkdesc;
int filedesc; int filedesc;
SSL *ssl;
#if defined(CONFIG_HTTP_DIRECTORIES) #if defined(CONFIG_HTTP_DIRECTORIES)
#ifdef WIN32 #ifdef WIN32

17
httpd/axhttpd.c
View File

@ -48,6 +48,7 @@ static void reaper(int sigtype)
#endif #endif
#endif #endif
#ifdef CONFIG_HTTP_VERBOSE /* should really be in debug mode or something */
/* clean up memory for valgrind */ /* clean up memory for valgrind */
static void sigint_cleanup(int sig) static void sigint_cleanup(int sig)
{ {
@ -96,6 +97,7 @@ static void die(int sigtype)
{ {
exit(0); exit(0);
} }
#endif
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
@ -112,15 +114,19 @@ int main(int argc, char *argv[])
WSADATA wsaData; WSADATA wsaData;
WSAStartup(wVersionRequested,&wsaData); WSAStartup(wVersionRequested,&wsaData);
#else #else
signal(SIGQUIT, die);
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
#if defined(CONFIG_HTTP_HAS_CGI) #if defined(CONFIG_HTTP_HAS_CGI)
signal(SIGCHLD, reaper); signal(SIGCHLD, reaper);
#endif #endif
#ifdef CONFIG_HTTP_VERBOSE
signal(SIGQUIT, die);
#endif
#endif #endif
signal(SIGINT, sigint_cleanup); #ifdef CONFIG_HTTP_VERBOSE
signal(SIGTERM, die); signal(SIGTERM, die);
signal(SIGINT, sigint_cleanup);
#endif
mime_init(); mime_init();
tdate_init(); tdate_init();
@ -576,7 +582,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
tp->networkdesc = sd; tp->networkdesc = sd;
if (is_ssl) if (is_ssl)
ssl_server_new(servers->ssl_ctx, sd); tp->ssl = ssl_server_new(servers->ssl_ctx, sd);
tp->is_ssl = is_ssl; tp->is_ssl = is_ssl;
tp->filedesc = -1; tp->filedesc = -1;
@ -632,7 +638,10 @@ void removeconnection(struct connstruct *cn)
if (cn->networkdesc != -1) if (cn->networkdesc != -1)
{ {
if (cn->is_ssl) if (cn->is_ssl)
ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc)); {
ssl_free(cn->ssl);
cn->ssl = NULL;
}
SOCKET_CLOSE(cn->networkdesc); SOCKET_CLOSE(cn->networkdesc);
} }

15
httpd/proc.c
View File

@ -375,6 +375,7 @@ void procsendhead(struct connstruct *cn)
{ {
char tbuf[MAXREQUESTLENGTH]; char tbuf[MAXREQUESTLENGTH];
sprintf(tbuf, "%s%s", cn->actualfile, index_file); sprintf(tbuf, "%s%s", cn->actualfile, index_file);
if (stat(tbuf, &stbuf) != -1) if (stat(tbuf, &stbuf) != -1)
strcat(cn->actualfile, index_file); strcat(cn->actualfile, index_file);
else else
@ -429,9 +430,9 @@ void procsendhead(struct connstruct *cn)
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN) #if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
flags |= O_BINARY; flags |= O_BINARY;
#endif #endif
cn->filedesc = open(cn->actualfile, flags);
cn->filedesc = ax_open(cn->actualfile, flags); if (cn->filedesc < 0)
if (cn->filedesc == -1)
{ {
send_error(cn, 404); send_error(cn, 404);
return; return;
@ -472,7 +473,7 @@ void procreadfile(struct connstruct *cn)
{ {
int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE); int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
if (rv == 0 || rv == -1) if (rv <= 0)
{ {
close(cn->filedesc); close(cn->filedesc);
cn->filedesc = -1; cn->filedesc = -1;
@ -516,7 +517,7 @@ static int special_write(struct connstruct *cn,
{ {
if (cn->is_ssl) if (cn->is_ssl)
{ {
SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc); SSL *ssl = cn->ssl;
return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1; return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
} }
else else
@ -530,11 +531,11 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
if (cn->is_ssl) if (cn->is_ssl)
{ {
uint8_t *read_buf; uint8_t *read_buf;
SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc); if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
{
if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
memcpy(buf, read_buf, res > (int)count ? count : res); memcpy(buf, read_buf, res > (int)count ? count : res);
} }
}
else else
res = SOCKET_READ(cn->networkdesc, buf, count); res = SOCKET_READ(cn->networkdesc, buf, count);

10
ssl/Config.in
View File

@ -244,6 +244,16 @@ config CONFIG_WIN32_USE_CRYPTO_LIB
This will be the default on most Win32 systems. If using Visual Studio This will be the default on most Win32 systems. If using Visual Studio
6.0, then the SDK containing the crypto libraries must be used. 6.0, then the SDK containing the crypto libraries must be used.
config CONFIG_OPENSSL_COMPATIBLE
bool "Enable openssl API compatibility"
default n
help
To ease the porting of openssl applications, a subset of the openssl
API is wrapped around the axTLS API.
Note: not all the API is implemented, so parts may still break. And
it's definitely not 100% compatible.
config CONFIG_PERFORMANCE_TESTING config CONFIG_PERFORMANCE_TESTING
bool "Build the bigint performance test tool" bool "Build the bigint performance test tool"
default n default n

1
ssl/Makefile
View File

@ -57,6 +57,7 @@ OBJ=\
os_port.o \ os_port.o \
loader.o \ loader.o \
md5.o \ md5.o \
openssl.o \
p12.o \ p12.o \
rsa.o \ rsa.o \
rc4.o \ rc4.o \

10
ssl/crypto_misc.c
View File

@ -52,7 +52,15 @@ int get_file(const char *filename, uint8_t **buf)
int total_bytes = 0; int total_bytes = 0;
int bytes_read = 0; int bytes_read = 0;
int filesize; int filesize;
FILE *stream = ax_fopen(filename, "rb"); FILE *stream = fopen(filename, "rb");
if (stream == NULL)
{
#ifdef CONFIG_SSL_FULL_MODE
printf("file '%s' does not exist\n", filename); TTY_FLUSH();
#endif
return -1;
}
/* Win CE doesn't support stat() */ /* Win CE doesn't support stat() */
fseek(stream, 0, SEEK_END); fseek(stream, 0, SEEK_END);

23
ssl/loader.c
View File

@ -35,8 +35,8 @@
static int do_obj(SSL_CTX *ssl_ctx, int obj_type, static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password); SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_HAS_PEM #ifdef CONFIG_SSL_HAS_PEM
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj,
SSLObjLoader *ssl_obj, const char *password); const char *password);
#endif #endif
/* /*
@ -70,7 +70,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0) if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0)
{ {
#ifdef CONFIG_SSL_HAS_PEM #ifdef CONFIG_SSL_HAS_PEM
ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password); ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
#else #else
printf(unsupported_str); printf(unsupported_str);
ret = SSL_ERROR_NOT_SUPPORTED; ret = SSL_ERROR_NOT_SUPPORTED;
@ -279,7 +279,7 @@ error:
/** /**
* Take a base64 blob of data and turn it into its proper ASN.1 form. * Take a base64 blob of data and turn it into its proper ASN.1 form.
*/ */
static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where, static int new_pem_obj(SSL_CTX *ssl_ctx, uint8_t *where,
int remain, const char *password) int remain, const char *password)
{ {
int ret = SSL_OK; int ret = SSL_OK;
@ -324,9 +324,11 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
break; break;
case IS_CERTIFICATE: case IS_CERTIFICATE:
obj_type = is_cacert ? obj_type = SSL_OBJ_X509_CERT;
SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
break; break;
default:
goto error;
} }
/* In a format we can now understand - so process it */ /* In a format we can now understand - so process it */
@ -350,7 +352,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
/* more PEM stuff to process? */ /* more PEM stuff to process? */
if (remain) if (remain)
ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password); ret = new_pem_obj(ssl_ctx, end, remain, password);
error: error:
ssl_obj_free(ssl_obj); ssl_obj_free(ssl_obj);
@ -360,8 +362,8 @@ error:
/* /*
* Load a file into memory that is in ASCII PEM format. * Load a file into memory that is in ASCII PEM format.
*/ */
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj,
SSLObjLoader *ssl_obj, const char *password) const char *password)
{ {
uint8_t *start; uint8_t *start;
@ -370,7 +372,6 @@ static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len); ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
ssl_obj->buf[ssl_obj->len-1] = 0; ssl_obj->buf[ssl_obj->len-1] = 0;
start = ssl_obj->buf; start = ssl_obj->buf;
return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT, return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
start, ssl_obj->len, password);
} }
#endif /* CONFIG_SSL_HAS_PEM */ #endif /* CONFIG_SSL_HAS_PEM */

180
ssl/openssl.c Normal file
View File

@ -0,0 +1,180 @@
/*
* Copyright(C) 2007 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Lesser License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Enable some openssl compatible functions. We don't aim to be 100%
* compatible - just to be able to do basic ports etc.
*/
#include "config.h"
#ifdef CONFIG_OPENSSL_COMPATIBLE
#include <stdlib.h>
#include <strings.h>
#include "ssl.h"
#define OPENSSL_CTX_ATTR ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
void *SSLv23_server_method(void) { return NULL; }
void *SSLv3_server_method(void) { return NULL; }
void *TLSv1_server_method(void) { return NULL; }
void *SSLv23_client_method(void) { return NULL; }
void *SSLv3_client_method(void) { return NULL; }
void *TLSv1_client_method(void) { return NULL; }
typedef void * (*ssl_func_type_t)(void);
typedef struct
{
ssl_func_type_t ssl_func_type;
} OPENSSL_CTX;
SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
{
SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
OPENSSL_CTX_ATTR->ssl_func_type = meth;
return ssl_ctx;
}
void SSL_CTX_free(SSL_CTX * ssl_ctx)
{
free(ssl_ctx->bonus_attr);
ssl_ctx_free(ssl_ctx);
}
SSL * SSL_new(SSL_CTX *ssl_ctx)
{
SSL *ssl;
ssl_func_type_t ssl_func_type;
ssl = ssl_new(ssl_ctx, -1); /* fd is set later */
ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
#ifdef CONFIG_SSL_ENABLE_CLIENT
if (ssl_func_type == SSLv23_client_method ||
ssl_func_type == SSLv3_client_method ||
ssl_func_type == TLSv1_client_method)
{
SET_SSL_FLAG(SSL_IS_CLIENT);
}
else
#endif
{
ssl->next_state = HS_CLIENT_HELLO;
}
return ssl;
}
int SSL_set_fd(SSL *s, int fd)
{
s->client_fd = fd;
return 1; /* always succeeds */
}
int SSL_accept(SSL *ssl)
{
while (ssl_read(ssl, NULL) == SSL_OK)
{
if (ssl->next_state == HS_CLIENT_HELLO)
return 1; /* we're done */
}
return -1;
}
#ifdef CONFIG_SSL_ENABLE_CLIENT
int SSL_connect(SSL *ssl)
{
return do_client_connect(ssl) == SSL_OK ? 1 : -1;
}
#endif
void SSL_free(SSL *ssl)
{
ssl_free(ssl);
}
int SSL_read(SSL *ssl, void *buf, int num)
{
uint8_t *read_buf;
int ret;
while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
if (ret > SSL_OK)
{
memcpy(buf, read_buf, ret > num ? num : ret);
}
return ret;
}
int SSL_write(SSL *ssl, const void *buf, int num)
{
return ssl_write(ssl, buf, num);
}
int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
{
return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
}
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
{
return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
}
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
{
return (ssl_obj_memory_load(ssl_ctx,
SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
}
#if 0
const uint8_t *SSL_get_session(const SSL *ssl)
{
/* TODO: return SSL_SESSION type */
return ssl_get_session_id(ssl);
}
#endif
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
return 1;
}
int SSL_CTX_set_cipher_list(SSL *s, const char *str)
{
return 1;
}
int SSL_get_error(const SSL *ssl, int ret)
{
ssl_display_error(ret);
return 0; /* TODO: return proper return code */
}
int SSL_library_init(void ) { return 1; }
void SSL_load_error_strings(void ) {}
void ERR_print_errors_fp(FILE *fp) {}
long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) {
return CONFIG_SSL_EXPIRY_TIME*3600; }
long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) {
return SSL_CTX_get_timeout(ssl_ctx); }
#endif

8
ssl/os_port.c
View File

@ -111,10 +111,7 @@ EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
FILE *f; FILE *f;
if ((f = fopen(pathname, type)) == NULL) if ((f = fopen(pathname, type)) == NULL)
{
perror("open: ");
exit_now(file_open_str, pathname); exit_now(file_open_str, pathname);
}
return f; return f;
} }
@ -124,10 +121,7 @@ EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
int x; int x;
if ((x = open(pathname, flags)) < 0) if ((x = open(pathname, flags)) < 0)
{
perror("open: ");
exit_now(file_open_str, pathname); exit_now(file_open_str, pathname);
}
return x; return x;
} }
@ -141,7 +135,7 @@ void exit_now(const char *format, ...)
va_list argp; va_list argp;
va_start(argp, format); va_start(argp, format);
vsprintf(stderr, format, argp); vfprintf(stderr, format, argp);
va_end(argp); va_end(argp);
abort(); abort();
} }

2
ssl/os_port.h
View File

@ -31,7 +31,7 @@ extern "C" {
#include <stdio.h> #include <stdio.h>
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN) #if defined(WIN32)
#define STDCALL __stdcall #define STDCALL __stdcall
#define EXP_FUNC __declspec(dllexport) #define EXP_FUNC __declspec(dllexport)
#else #else

13
ssl/ssl.h
View File

@ -283,7 +283,7 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
* @return The session id as a 32 byte sequence. * @return The session id as a 32 byte sequence.
* @note A SSLv23 handshake may have only 16 valid bytes. * @note A SSLv23 handshake may have only 16 valid bytes.
*/ */
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl); EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
/** /**
* @brief Return the cipher id (in the SSL form). * @brief Return the cipher id (in the SSL form).
@ -294,7 +294,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
* - SSL_RC4_128_SHA (0x05) * - SSL_RC4_128_SHA (0x05)
* - SSL_RC4_128_MD5 (0x04) * - SSL_RC4_128_MD5 (0x04)
*/ */
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl); EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
/** /**
* @brief Return the status of the handshake. * @brief Return the status of the handshake.
@ -302,7 +302,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
* @return SSL_OK if the handshake is complete and ok. * @return SSL_OK if the handshake is complete and ok.
* @see ssl.h for the error code list. * @see ssl.h for the error code list.
*/ */
EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl); EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
/** /**
* @brief Retrieve various parameters about the axTLS engine. * @brief Retrieve various parameters about the axTLS engine.
@ -337,7 +337,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
* @param ssl [in] An SSL object reference. * @param ssl [in] An SSL object reference.
* @return SSL_OK if the certificate is verified. * @return SSL_OK if the certificate is verified.
*/ */
EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl); EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
/** /**
* @brief Retrieve an X.509 distinguished name component. * @brief Retrieve an X.509 distinguished name component.
@ -361,7 +361,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
* @return The appropriate string (or null if not defined) * @return The appropriate string (or null if not defined)
* @note Verification build mode must be enabled. * @note Verification build mode must be enabled.
*/ */
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component); EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
/** /**
* @brief Force the client to perform its handshake again. * @brief Force the client to perform its handshake again.
@ -389,7 +389,8 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
* - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported) * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
* - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported) * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
* *
* PEM files are automatically detected (if supported). * PEM files are automatically detected (if supported). The object type is
* also detected, and so is not relevant for these types of files.
* @param filename [in] The location of a file in DER/PEM format. * @param filename [in] The location of a file in DER/PEM format.
* @param password [in] The password used. Can be null if not required. * @param password [in] The password used. Can be null if not required.
* @return SSL_OK if all ok * @return SSL_OK if all ok

17
ssl/tls1.c
View File

@ -429,7 +429,7 @@ error:
/* /*
* Retrieve an X.509 distinguished name component * Retrieve an X.509 distinguished name component
*/ */
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component) EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{ {
if (ssl->x509_ctx == NULL) if (ssl->x509_ctx == NULL)
return NULL; return NULL;
@ -545,6 +545,7 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
ssl->certs = ssl_ctx->certs; ssl->certs = ssl_ctx->certs;
ssl->chain_length = ssl_ctx->chain_length; ssl->chain_length = ssl_ctx->chain_length;
ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */ ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_ENABLE_VERIFICATION #ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx; ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif #endif
@ -566,7 +567,6 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
} }
SSL_CTX_UNLOCK(ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl_ctx->mutex);
return ssl; return ssl;
} }
@ -1241,8 +1241,11 @@ int basic_read(SSL *ssl, uint8_t **in_data)
break; break;
case PT_APP_PROTOCOL_DATA: case PT_APP_PROTOCOL_DATA:
if (in_data)
{
*in_data = ssl->bm_data; /* point to the work buffer */ *in_data = ssl->bm_data; /* point to the work buffer */
(*in_data)[read_len] = 0; /* null terminate just in case */ (*in_data)[read_len] = 0; /* null terminate just in case */
}
ret = read_len; ret = read_len;
break; break;
@ -1616,7 +1619,7 @@ void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
/* /*
* Get the session id for a handshake. This will be a 32 byte sequence. * Get the session id for a handshake. This will be a 32 byte sequence.
*/ */
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl) EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
{ {
return ssl->session_id; return ssl->session_id;
} }
@ -1624,7 +1627,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
/* /*
* Return the cipher id (in the SSL form). * Return the cipher id (in the SSL form).
*/ */
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl) EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
{ {
return ssl->cipher; return ssl->cipher;
} }
@ -1632,7 +1635,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
/* /*
* Return the status of the handshake. * Return the status of the handshake.
*/ */
EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl) EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
{ {
return ssl->hs_status; return ssl->hs_status;
} }
@ -1678,7 +1681,7 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
/** /**
* Authenticate a received certificate. * Authenticate a received certificate.
*/ */
EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl) EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{ {
int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx); int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
@ -2029,7 +2032,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
return -1; return -1;
} }
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component) EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{ {
printf(unsupported_str); printf(unsupported_str);
return NULL; return NULL;

3
ssl/tls1.h
View File

@ -212,6 +212,9 @@ struct _SSL_CTX
#ifdef CONFIG_SSL_CTX_MUTEXING #ifdef CONFIG_SSL_CTX_MUTEXING
SSL_CTX_MUTEX_TYPE mutex; SSL_CTX_MUTEX_TYPE mutex;
#endif #endif
#ifdef CONFIG_OPENSSL_COMPATIBLE
void *bonus_attr;
#endif
}; };
typedef struct _SSL_CTX SSL_CTX; typedef struct _SSL_CTX SSL_CTX;

1
ssl/tls1_svr.c
View File

@ -41,7 +41,6 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
{ {
SSL *ssl = ssl_new(ssl_ctx, client_fd); SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->next_state = HS_CLIENT_HELLO; ssl->next_state = HS_CLIENT_HELLO;
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_FULL_MODE
if (ssl_ctx->chain_length == 0) if (ssl_ctx->chain_length == 0)