Merge branch 'feature/openssl_cacert' into 'master'

OpenSSL API addition See merge request idf/esp-idf!1932
2018-02-21 02:58:00 +08:00 · 2018-02-21 02:58:00 +08:00 · 3ede9f011b
parent f2b2d045ba f0ebf613f4
commit 3ede9f011b
3 changed files with 189 additions and 1 deletions
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@ -29,7 +29,6 @@ typedef void X509_STORE;
 typedef void RSA;

 typedef void STACK;
-typedef void BIO;

 #define ossl_inline inline

@ -84,6 +83,9 @@ typedef struct pkey_method_st PKEY_METHOD;
 struct ssl_alpn_st;
 typedef struct ssl_alpn_st SSL_ALPN;

+struct bio_st;
+typedef struct bio_st BIO;
+
 struct stack_st {

    char **data;
@ -106,6 +108,8 @@ struct x509_st {
    void *x509_pm;

    const X509_METHOD *method;
+
+    int ref_counter;
 };

 struct cert_st {
@ -147,6 +151,11 @@ struct X509_VERIFY_PARAM_st {

 };

+struct bio_st {
+    const unsigned char * data;
+    int dlen;
+};
+
 typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
 struct ssl_alpn_st {
     ALPN_STATUS alpn_status;
--- a/components/openssl/include/internal/ssl_x509.h
+++ b/components/openssl/include/internal/ssl_x509.h
@ -101,6 +101,73 @@ int SSL_add_client_CA(SSL *ssl, X509 *x);
 */
 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);

+
+/**
+ * @brief set SSL context client CA certification
+ *
+ * @param store - pointer to X509_STORE
+ * @param x     -  pointer to X509 certification point
+ *
+ * @return result
+ *     0 : failed
+ *     1 : OK
+ */
+int X509_STORE_add_cert(X509_STORE *store, X509 *x);
+
+/**
+ * @brief load data in BIO
+ *
+ * Normally BIO_write should append data but that doesn't happen here, and
+ * 'data' cannot be freed after the function is called, it should remain valid 
+ * until BIO object is in use.
+ *
+ * @param b    - pointer to BIO 
+ * @param data - pointer to data
+ * @param dlen - data bytes
+ *
+ * @return result
+ *      0 : failed
+ *      1 : OK
+ */
+int BIO_write(BIO *b, const void *data, int dlen);
+
+/**
+ * @brief load a character certification context into system context.
+ *
+ * If '*cert' is pointed to the certification, then load certification 
+ * into it, or create a new X509 certification object.
+ *
+ * @param bp     - pointer to  BIO
+ * @param buffer - pointer to the certification context memory
+ * @param cb     - pointer to a callback which queries pass phrase used
+                   for encrypted PEM structure
+ * @param u      - pointer to arbitary data passed by application to callback
+ *
+ * @return X509 certification object point
+ */
+X509 * PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u);
+
+/**
+ * @brief create a BIO object
+ * 
+ * @param method - pointer to BIO_METHOD
+ *
+ * @return pointer to BIO object
+ */
+BIO *BIO_new(void * method);
+
+/**
+ * @brief get the memory BIO method function
+ */
+void *BIO_s_mem();
+
+/**
+ * @brief free a BIO  object
+ *
+ * @param x - pointer to BIO object 
+ */
+void BIO_free(BIO *b);
+
 #ifdef __cplusplus
 }
 #endif
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@ -16,6 +16,7 @@
 #include "ssl_methods.h"
 #include "ssl_dbg.h"
 #include "ssl_port.h"
+#include "ssl.h"

 /**
 * @brief show X509 certification information
@ -39,6 +40,8 @@ X509* __X509_new(X509 *ix)
        goto no_mem;
    }

+    x->ref_counter = 1;
+
    if (ix)
        x->method = ix->method;
    else
@ -73,6 +76,10 @@ void X509_free(X509 *x)
 {
    SSL_ASSERT3(x);

+    if (--x->ref_counter > 0) {
+        return;
+    }
+
    X509_METHOD_CALL(free, x);

    ssl_mem_free(x);
@ -314,3 +321,108 @@ X509 *SSL_get_peer_certificate(const SSL *ssl)
    return ssl->session->peer;
 }

+/**
+ * @brief set SSL context client CA certification
+ */
+int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
+
+    x->ref_counter++;
+
+    SSL_CTX *ctx = (SSL_CTX *)store;
+    SSL_ASSERT1(ctx);
+    SSL_ASSERT1(x);
+
+    if (ctx->client_CA == x) {
+        return 1;
+    }
+
+    if (ctx->client_CA!=NULL) {
+        X509_free(ctx->client_CA);
+    }
+
+    ctx->client_CA = x;
+    return 1;
+}
+
+/**
+ * @brief create a BIO object
+ */
+BIO *BIO_new(void  *method) {
+    BIO *b = (BIO *)malloc(sizeof(BIO));
+    return b;
+}
+
+/**
+ * @brief load data into BIO.
+ *
+ * Normally BIO_write should append data but doesn't happen here, and
+ * 'data' cannot be freed after the function is called, it should remain valid 
+ * until BIO object is in use.
+ */
+int BIO_write(BIO *b, const void * data, int dlen) {
+    b->data = data;
+    b->dlen = dlen;
+    return 1;
+}
+
+/**
+ * @brief load a character certification context into system context.
+ * 
+ * If '*cert' is pointed to the certification, then load certification
+ * into it, or create a new X509 certification object.
+ */
+X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) {
+    int m = 0;
+    int ret;
+    X509 *x;
+
+    SSL_ASSERT2(bp->data);
+    SSL_ASSERT2(bp->dlen);
+
+    if (cert && *cert) {
+        x = *cert;
+    } else {
+        x = X509_new();
+        if (!x) {
+            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
+            goto failed;
+        }
+        m = 1;
+    }
+
+    ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
+    if (ret) {
+        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
+        goto failed;
+    }
+
+    return x;
+
+failed:
+    if (m) {
+        X509_free(x);
+    }
+
+    return NULL;
+}
+
+/**
+ * @brief get the memory BIO method function
+ */
+void *BIO_s_mem() {
+    return NULL;
+}
+
+/**
+ * @brief get the SSL context object X509 certification storage
+ */
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
+    return (X509_STORE *)ctx;
+}
+
+/**
+ * @brief free a BIO object
+ */
+void BIO_free(BIO *b) {
+    free(b);
+}