arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

Added openssl compatibility functions

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@64 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-02-21 13:22:36 +00:00
parent 900b0eb96e
commit 6843c20d38
19 changed files with 278 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -8,6 +8,8 @@ Changes since 1.0.0
* SSLCTX changed to SSL_CTX (to be consistent with openssl).
* malloc()/open() etc call abort() on failure.
* Fixed a memory leak in directory listings.
* Added openssl() compatibility functions.
* Fixed cygwin 'make install' issue.
axhttpd Changes
* main.c now becomes axhttpd.c.
@ -18,4 +20,5 @@ axhttpd Changes
* Directory access protection implemented (via .htaccess).
* Can now have more than one CGI file extension in mconf.
* "If-Modified-Since" request now handled properly.
* Performance tweaks to remove ssl_find()

15
Makefile
View File

@ -73,18 +73,21 @@ win32_demo:
install: $(PREFIX) all
cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
chmod 755 $(PREFIX)/lib/libax*
-install -m 755 $(STAGE)/ax* $(PREFIX)/bin
ifdef CONFIG_AXHTTPD
-install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin
install -m 755 $(STAGE)/ax* $(PREFIX)/bin
ifdef CONFIG_HTTP_HAS_AUTHORIZATION
install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin
endif
ifdef CONFIG_PLATFORM_CYGWIN
install -m 755 $(STAGE)/cygaxtls.dll $(PREFIX)/bin
endif
ifdef CONFIG_PERL_BINDINGS
-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
endif
@mkdir -p -m 755 $(PREFIX)/include/axTLS
-install -m 644 ssl/*.h $(PREFIX)/include/axTLS
install -m 644 ssl/*.h $(PREFIX)/include/axTLS
-rm $(PREFIX)/include/axTLS/cert.h
-rm $(PREFIX)/include/axTLS/private_key.h
-install -m 644 config/config.h $(PREFIX)/include/axTLS
install -m 644 config/config.h $(PREFIX)/include/axTLS
installclean:
-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1

4
bindings/generate_interface.pl
View File

@ -56,8 +56,10 @@ sub transformSignature
$line =~ s/uint8_t \* ?/byte[] /g;
$line =~ s/uint8_t ?/byte /g;
$line =~ s/const char \* ?/string /g;
$line =~ s/const SSL_CTX \* ?/IntPtr /g;
$line =~ s/SSL_CTX \* ?/IntPtr /g;
$line =~ s/SSLObjLoader \* ?/IntPtr /g;
$line =~ s/const SSL \* ?/IntPtr /g;
$line =~ s/SSL \* ?/IntPtr /g;
$line =~ s/\(void\)/()/g;
}
@ -89,8 +91,10 @@ sub transformSignature
$line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
$line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/const SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
$line =~ s/\(void\)/()/g;

2
config/linuxconfig
View File

@ -39,7 +39,7 @@ CONFIG_SSL_USE_PKCS12=y
CONFIG_SSL_EXPIRY_TIME=24
CONFIG_X509_MAX_CA_CERTS=4
CONFIG_SSL_MAX_CERTS=2
# CONFIG_SSLCTX_MUTEXING is not set
# CONFIG_SSL_CTX_MUTEXING is not set
CONFIG_USE_DEV_URANDOM=y
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_PERFORMANCE_TESTING is not set

2
config/win32config
View File

@ -43,7 +43,7 @@ CONFIG_SSL_USE_PKCS12=y
CONFIG_SSL_EXPIRY_TIME=24
CONFIG_X509_MAX_CA_CERTS=4
CONFIG_SSL_MAX_CERTS=2
# CONFIG_SSLCTX_MUTEXING is not set
# CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set
CONFIG_WIN32_USE_CRYPTO_LIB=y
# CONFIG_PERFORMANCE_TESTING is not set

3
httpd/axhttp.h
View File

@ -30,7 +30,7 @@
#define BLOCKSIZE 4096
#define INITIAL_CONNECTION_SLOTS 10
#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
#define STATE_WANT_TO_READ_HEAD 1
#define STATE_WANT_TO_SEND_HEAD 2
@ -52,6 +52,7 @@ struct connstruct
int reqtype;
int networkdesc;
int filedesc;
SSL *ssl;
#if defined(CONFIG_HTTP_DIRECTORIES)
#ifdef WIN32

17
httpd/axhttpd.c
View File

@ -48,6 +48,7 @@ static void reaper(int sigtype)
#endif
#endif
#ifdef CONFIG_HTTP_VERBOSE /* should really be in debug mode or something */
/* clean up memory for valgrind */
static void sigint_cleanup(int sig)
{
@ -96,6 +97,7 @@ static void die(int sigtype)
{
exit(0);
}
#endif
int main(int argc, char *argv[])
{
@ -112,15 +114,19 @@ int main(int argc, char *argv[])
WSADATA wsaData;
WSAStartup(wVersionRequested,&wsaData);
#else
signal(SIGQUIT, die);
signal(SIGPIPE, SIG_IGN);
#if defined(CONFIG_HTTP_HAS_CGI)
signal(SIGCHLD, reaper);
#endif
#ifdef CONFIG_HTTP_VERBOSE
signal(SIGQUIT, die);
#endif
#endif
signal(SIGINT, sigint_cleanup);
#ifdef CONFIG_HTTP_VERBOSE
signal(SIGTERM, die);
signal(SIGINT, sigint_cleanup);
#endif
mime_init();
tdate_init();
@ -576,7 +582,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
tp->networkdesc = sd;
if (is_ssl)
ssl_server_new(servers->ssl_ctx, sd);
tp->ssl = ssl_server_new(servers->ssl_ctx, sd);
tp->is_ssl = is_ssl;
tp->filedesc = -1;
@ -632,7 +638,10 @@ void removeconnection(struct connstruct *cn)
if (cn->networkdesc != -1)
{
if (cn->is_ssl)
ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
{
ssl_free(cn->ssl);
cn->ssl = NULL;
}
SOCKET_CLOSE(cn->networkdesc);
}

15
httpd/proc.c
View File

@ -375,6 +375,7 @@ void procsendhead(struct connstruct *cn)
{
char tbuf[MAXREQUESTLENGTH];
sprintf(tbuf, "%s%s", cn->actualfile, index_file);
if (stat(tbuf, &stbuf) != -1)
strcat(cn->actualfile, index_file);
else
@ -429,9 +430,9 @@ void procsendhead(struct connstruct *cn)
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
flags |= O_BINARY;
#endif
cn->filedesc = open(cn->actualfile, flags);
cn->filedesc = ax_open(cn->actualfile, flags);
if (cn->filedesc == -1)
if (cn->filedesc < 0)
{
send_error(cn, 404);
return;
@ -472,7 +473,7 @@ void procreadfile(struct connstruct *cn)
{
int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
if (rv == 0 || rv == -1)
if (rv <= 0)
{
close(cn->filedesc);
cn->filedesc = -1;
@ -516,7 +517,7 @@ static int special_write(struct connstruct *cn,
{
if (cn->is_ssl)
{
SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
SSL *ssl = cn->ssl;
return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
}
else
@ -530,10 +531,10 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
if (cn->is_ssl)
{
uint8_t *read_buf;
SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
{
memcpy(buf, read_buf, res > (int)count ? count : res);
}
}
else
res = SOCKET_READ(cn->networkdesc, buf, count);

10
ssl/Config.in
View File

@ -244,6 +244,16 @@ config CONFIG_WIN32_USE_CRYPTO_LIB
This will be the default on most Win32 systems. If using Visual Studio
6.0, then the SDK containing the crypto libraries must be used.
config CONFIG_OPENSSL_COMPATIBLE
bool "Enable openssl API compatibility"
default n
help
To ease the porting of openssl applications, a subset of the openssl
API is wrapped around the axTLS API.
Note: not all the API is implemented, so parts may still break. And
it's definitely not 100% compatible.
config CONFIG_PERFORMANCE_TESTING
bool "Build the bigint performance test tool"
default n

1
ssl/Makefile
View File

@ -57,6 +57,7 @@ OBJ=\
os_port.o \
loader.o \
md5.o \
openssl.o \
p12.o \
rsa.o \
rc4.o \

10
ssl/crypto_misc.c
View File

@ -52,7 +52,15 @@ int get_file(const char *filename, uint8_t **buf)
int total_bytes = 0;
int bytes_read = 0;
int filesize;
FILE *stream = ax_fopen(filename, "rb");
FILE *stream = fopen(filename, "rb");
if (stream == NULL)
{
#ifdef CONFIG_SSL_FULL_MODE
printf("file '%s' does not exist\n", filename); TTY_FLUSH();
#endif
return -1;
}
/* Win CE doesn't support stat() */
fseek(stream, 0, SEEK_END);

25
ssl/loader.c
View File

@ -35,8 +35,8 @@
static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_HAS_PEM
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password);
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj,
const char *password);
#endif
/*
@ -70,7 +70,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0)
{
#ifdef CONFIG_SSL_HAS_PEM
ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
#else
printf(unsupported_str);
ret = SSL_ERROR_NOT_SUPPORTED;
@ -279,8 +279,8 @@ error:
/**
* Take a base64 blob of data and turn it into its proper ASN.1 form.
*/
static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
int remain, const char *password)
static int new_pem_obj(SSL_CTX *ssl_ctx, uint8_t *where,
int remain, const char *password)
{
int ret = SSL_OK;
SSLObjLoader *ssl_obj = NULL;
@ -324,9 +324,11 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
break;
case IS_CERTIFICATE:
obj_type = is_cacert ?
SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
obj_type = SSL_OBJ_X509_CERT;
break;
default:
goto error;
}
/* In a format we can now understand - so process it */
@ -350,7 +352,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
/* more PEM stuff to process? */
if (remain)
ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
ret = new_pem_obj(ssl_ctx, end, remain, password);
error:
ssl_obj_free(ssl_obj);
@ -360,8 +362,8 @@ error:
/*
* Load a file into memory that is in ASCII PEM format.
*/
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password)
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj,
const char *password)
{
uint8_t *start;
@ -370,7 +372,6 @@ static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
ssl_obj->buf[ssl_obj->len-1] = 0;
start = ssl_obj->buf;
return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
start, ssl_obj->len, password);
return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
}
#endif /* CONFIG_SSL_HAS_PEM */

180
ssl/openssl.c Normal file
View File

@ -0,0 +1,180 @@
/*
* Copyright(C) 2007 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Lesser License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Enable some openssl compatible functions. We don't aim to be 100%
* compatible - just to be able to do basic ports etc.
*/
#include "config.h"
#ifdef CONFIG_OPENSSL_COMPATIBLE
#include <stdlib.h>
#include <strings.h>
#include "ssl.h"
#define OPENSSL_CTX_ATTR ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
void *SSLv23_server_method(void) { return NULL; }
void *SSLv3_server_method(void) { return NULL; }
void *TLSv1_server_method(void) { return NULL; }
void *SSLv23_client_method(void) { return NULL; }
void *SSLv3_client_method(void) { return NULL; }
void *TLSv1_client_method(void) { return NULL; }
typedef void * (*ssl_func_type_t)(void);
typedef struct
{
ssl_func_type_t ssl_func_type;
} OPENSSL_CTX;
SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
{
SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
OPENSSL_CTX_ATTR->ssl_func_type = meth;
return ssl_ctx;
}
void SSL_CTX_free(SSL_CTX * ssl_ctx)
{
free(ssl_ctx->bonus_attr);
ssl_ctx_free(ssl_ctx);
}
SSL * SSL_new(SSL_CTX *ssl_ctx)
{
SSL *ssl;
ssl_func_type_t ssl_func_type;
ssl = ssl_new(ssl_ctx, -1); /* fd is set later */
ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
#ifdef CONFIG_SSL_ENABLE_CLIENT
if (ssl_func_type == SSLv23_client_method ||
ssl_func_type == SSLv3_client_method ||
ssl_func_type == TLSv1_client_method)
{
SET_SSL_FLAG(SSL_IS_CLIENT);
}
else
#endif
{
ssl->next_state = HS_CLIENT_HELLO;
}
return ssl;
}
int SSL_set_fd(SSL *s, int fd)
{
s->client_fd = fd;
return 1; /* always succeeds */
}
int SSL_accept(SSL *ssl)
{
while (ssl_read(ssl, NULL) == SSL_OK)
{
if (ssl->next_state == HS_CLIENT_HELLO)
return 1; /* we're done */
}
return -1;
}
#ifdef CONFIG_SSL_ENABLE_CLIENT
int SSL_connect(SSL *ssl)
{
return do_client_connect(ssl) == SSL_OK ? 1 : -1;
}
#endif
void SSL_free(SSL *ssl)
{
ssl_free(ssl);
}
int SSL_read(SSL *ssl, void *buf, int num)
{
uint8_t *read_buf;
int ret;
while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
if (ret > SSL_OK)
{
memcpy(buf, read_buf, ret > num ? num : ret);
}
return ret;
}
int SSL_write(SSL *ssl, const void *buf, int num)
{
return ssl_write(ssl, buf, num);
}
int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
{
return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
}
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
{
return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
}
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
{
return (ssl_obj_memory_load(ssl_ctx,
SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
}
#if 0
const uint8_t *SSL_get_session(const SSL *ssl)
{
/* TODO: return SSL_SESSION type */
return ssl_get_session_id(ssl);
}
#endif
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
return 1;
}
int SSL_CTX_set_cipher_list(SSL *s, const char *str)
{
return 1;
}
int SSL_get_error(const SSL *ssl, int ret)
{
ssl_display_error(ret);
return 0; /* TODO: return proper return code */
}
int SSL_library_init(void ) { return 1; }
void SSL_load_error_strings(void ) {}
void ERR_print_errors_fp(FILE *fp) {}
long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) {
return CONFIG_SSL_EXPIRY_TIME*3600; }
long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) {
return SSL_CTX_get_timeout(ssl_ctx); }
#endif

8
ssl/os_port.c
View File

@ -111,10 +111,7 @@ EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
FILE *f;
if ((f = fopen(pathname, type)) == NULL)
{
perror("open: ");
exit_now(file_open_str, pathname);
}
return f;
}
@ -124,10 +121,7 @@ EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
int x;
if ((x = open(pathname, flags)) < 0)
{
perror("open: ");
exit_now(file_open_str, pathname);
}
return x;
}
@ -141,7 +135,7 @@ void exit_now(const char *format, ...)
va_list argp;
va_start(argp, format);
vsprintf(stderr, format, argp);
vfprintf(stderr, format, argp);
va_end(argp);
abort();
}

2
ssl/os_port.h
View File

@ -31,7 +31,7 @@ extern "C" {
#include <stdio.h>
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
#if defined(WIN32)
#define STDCALL __stdcall
#define EXP_FUNC __declspec(dllexport)
#else

13
ssl/ssl.h
View File

@ -283,7 +283,7 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
* @return The session id as a 32 byte sequence.
* @note A SSLv23 handshake may have only 16 valid bytes.
*/
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
/**
* @brief Return the cipher id (in the SSL form).
@ -294,7 +294,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
* - SSL_RC4_128_SHA (0x05)
* - SSL_RC4_128_MD5 (0x04)
*/
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
/**
* @brief Return the status of the handshake.
@ -302,7 +302,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
* @return SSL_OK if the handshake is complete and ok.
* @see ssl.h for the error code list.
*/
EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl);
EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
/**
* @brief Retrieve various parameters about the axTLS engine.
@ -337,7 +337,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
* @param ssl [in] An SSL object reference.
* @return SSL_OK if the certificate is verified.
*/
EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
/**
* @brief Retrieve an X.509 distinguished name component.
@ -361,7 +361,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
* @return The appropriate string (or null if not defined)
* @note Verification build mode must be enabled.
*/
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component);
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
/**
* @brief Force the client to perform its handshake again.
@ -389,7 +389,8 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
* - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
* - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
*
* PEM files are automatically detected (if supported).
* PEM files are automatically detected (if supported). The object type is
* also detected, and so is not relevant for these types of files.
* @param filename [in] The location of a file in DER/PEM format.
* @param password [in] The password used. Can be null if not required.
* @return SSL_OK if all ok

21
ssl/tls1.c
View File

@ -429,7 +429,7 @@ error:
/*
* Retrieve an X.509 distinguished name component
*/
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{
if (ssl->x509_ctx == NULL)
return NULL;
@ -545,6 +545,7 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
ssl->certs = ssl_ctx->certs;
ssl->chain_length = ssl_ctx->chain_length;
ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif
@ -566,7 +567,6 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
}
SSL_CTX_UNLOCK(ssl_ctx->mutex);
return ssl;
}
@ -1241,8 +1241,11 @@ int basic_read(SSL *ssl, uint8_t **in_data)
break;
case PT_APP_PROTOCOL_DATA:
*in_data = ssl->bm_data; /* point to the work buffer */
(*in_data)[read_len] = 0; /* null terminate just in case */
if (in_data)
{
*in_data = ssl->bm_data; /* point to the work buffer */
(*in_data)[read_len] = 0; /* null terminate just in case */
}
ret = read_len;
break;
@ -1616,7 +1619,7 @@ void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
/*
* Get the session id for a handshake. This will be a 32 byte sequence.
*/
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
{
return ssl->session_id;
}
@ -1624,7 +1627,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
/*
* Return the cipher id (in the SSL form).
*/
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
{
return ssl->cipher;
}
@ -1632,7 +1635,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
/*
* Return the status of the handshake.
*/
EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl)
EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
{
return ssl->hs_status;
}
@ -1678,7 +1681,7 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
/**
* Authenticate a received certificate.
*/
EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{
int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
@ -2029,7 +2032,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
return -1;
}
EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{
printf(unsupported_str);
return NULL;

3
ssl/tls1.h
View File

@ -212,6 +212,9 @@ struct _SSL_CTX
#ifdef CONFIG_SSL_CTX_MUTEXING
SSL_CTX_MUTEX_TYPE mutex;
#endif
#ifdef CONFIG_OPENSSL_COMPATIBLE
void *bonus_attr;
#endif
};
typedef struct _SSL_CTX SSL_CTX;

1
ssl/tls1_svr.c
View File

@ -41,7 +41,6 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
{
SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->next_state = HS_CLIENT_HELLO;
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_SSL_FULL_MODE
if (ssl_ctx->chain_length == 0)