From f0ebf613f42af2275f8e8bf21f8819311410fb9c Mon Sep 17 00:00:00 2001 From: Jitin George Date: Thu, 8 Feb 2018 14:06:14 +0530 Subject: [PATCH] OpenSSL API addition --- .../openssl/include/internal/ssl_types.h | 11 +- .../openssl/include/internal/ssl_x509.h | 67 +++++++++++ components/openssl/library/ssl_x509.c | 112 ++++++++++++++++++ 3 files changed, 189 insertions(+), 1 deletion(-) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index b08c4d0e2..21ba69f4c 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -29,7 +29,6 @@ typedef void X509_STORE; typedef void RSA; typedef void STACK; -typedef void BIO; #define ossl_inline inline @@ -84,6 +83,9 @@ typedef struct pkey_method_st PKEY_METHOD; struct ssl_alpn_st; typedef struct ssl_alpn_st SSL_ALPN; +struct bio_st; +typedef struct bio_st BIO; + struct stack_st { char **data; @@ -106,6 +108,8 @@ struct x509_st { void *x509_pm; const X509_METHOD *method; + + int ref_counter; }; struct cert_st { @@ -147,6 +151,11 @@ struct X509_VERIFY_PARAM_st { }; +struct bio_st { + const unsigned char * data; + int dlen; +}; + typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS; struct ssl_alpn_st { ALPN_STATUS alpn_status; diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 840fbf1ec..877c4fbb7 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -101,6 +101,73 @@ int SSL_add_client_CA(SSL *ssl, X509 *x); */ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); + +/** + * @brief set SSL context client CA certification + * + * @param store - pointer to X509_STORE + * @param x - pointer to X509 certification point + * + * @return result + * 0 : failed + * 1 : OK + */ +int X509_STORE_add_cert(X509_STORE *store, X509 *x); + +/** + * @brief load data in BIO + * + * Normally BIO_write should append data but that doesn't happen here, and + * 'data' cannot be freed after the function is called, it should remain valid + * until BIO object is in use. + * + * @param b - pointer to BIO + * @param data - pointer to data + * @param dlen - data bytes + * + * @return result + * 0 : failed + * 1 : OK + */ +int BIO_write(BIO *b, const void *data, int dlen); + +/** + * @brief load a character certification context into system context. + * + * If '*cert' is pointed to the certification, then load certification + * into it, or create a new X509 certification object. + * + * @param bp - pointer to BIO + * @param buffer - pointer to the certification context memory + * @param cb - pointer to a callback which queries pass phrase used + for encrypted PEM structure + * @param u - pointer to arbitary data passed by application to callback + * + * @return X509 certification object point + */ +X509 * PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u); + +/** + * @brief create a BIO object + * + * @param method - pointer to BIO_METHOD + * + * @return pointer to BIO object + */ +BIO *BIO_new(void * method); + +/** + * @brief get the memory BIO method function + */ +void *BIO_s_mem(); + +/** + * @brief free a BIO object + * + * @param x - pointer to BIO object + */ +void BIO_free(BIO *b); + #ifdef __cplusplus } #endif diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 50cf2203e..0b49bb8fe 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -16,6 +16,7 @@ #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" +#include "ssl.h" /** * @brief show X509 certification information @@ -39,6 +40,8 @@ X509* __X509_new(X509 *ix) goto no_mem; } + x->ref_counter = 1; + if (ix) x->method = ix->method; else @@ -73,6 +76,10 @@ void X509_free(X509 *x) { SSL_ASSERT3(x); + if (--x->ref_counter > 0) { + return; + } + X509_METHOD_CALL(free, x); ssl_mem_free(x); @@ -314,3 +321,108 @@ X509 *SSL_get_peer_certificate(const SSL *ssl) return ssl->session->peer; } +/** + * @brief set SSL context client CA certification + */ +int X509_STORE_add_cert(X509_STORE *store, X509 *x) { + + x->ref_counter++; + + SSL_CTX *ctx = (SSL_CTX *)store; + SSL_ASSERT1(ctx); + SSL_ASSERT1(x); + + if (ctx->client_CA == x) { + return 1; + } + + if (ctx->client_CA!=NULL) { + X509_free(ctx->client_CA); + } + + ctx->client_CA = x; + return 1; +} + +/** + * @brief create a BIO object + */ +BIO *BIO_new(void *method) { + BIO *b = (BIO *)malloc(sizeof(BIO)); + return b; +} + +/** + * @brief load data into BIO. + * + * Normally BIO_write should append data but doesn't happen here, and + * 'data' cannot be freed after the function is called, it should remain valid + * until BIO object is in use. + */ +int BIO_write(BIO *b, const void * data, int dlen) { + b->data = data; + b->dlen = dlen; + return 1; +} + +/** + * @brief load a character certification context into system context. + * + * If '*cert' is pointed to the certification, then load certification + * into it, or create a new X509 certification object. + */ +X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) { + int m = 0; + int ret; + X509 *x; + + SSL_ASSERT2(bp->data); + SSL_ASSERT2(bp->dlen); + + if (cert && *cert) { + x = *cert; + } else { + x = X509_new(); + if (!x) { + SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL"); + goto failed; + } + m = 1; + } + + ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen); + if (ret) { + SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret); + goto failed; + } + + return x; + +failed: + if (m) { + X509_free(x); + } + + return NULL; +} + +/** + * @brief get the memory BIO method function + */ +void *BIO_s_mem() { + return NULL; +} + +/** + * @brief get the SSL context object X509 certification storage + */ +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { + return (X509_STORE *)ctx; +} + +/** + * @brief free a BIO object + */ +void BIO_free(BIO *b) { + free(b); +}