Merge branch 'feature/openssl_cacert' into 'master'

OpenSSL API addition

See merge request idf/esp-idf!1932
This commit is contained in:
Ivan Grokhotkov 2018-02-21 02:58:00 +08:00
commit 3ede9f011b
3 changed files with 189 additions and 1 deletions

View file

@ -29,7 +29,6 @@ typedef void X509_STORE;
typedef void RSA; typedef void RSA;
typedef void STACK; typedef void STACK;
typedef void BIO;
#define ossl_inline inline #define ossl_inline inline
@ -84,6 +83,9 @@ typedef struct pkey_method_st PKEY_METHOD;
struct ssl_alpn_st; struct ssl_alpn_st;
typedef struct ssl_alpn_st SSL_ALPN; typedef struct ssl_alpn_st SSL_ALPN;
struct bio_st;
typedef struct bio_st BIO;
struct stack_st { struct stack_st {
char **data; char **data;
@ -106,6 +108,8 @@ struct x509_st {
void *x509_pm; void *x509_pm;
const X509_METHOD *method; const X509_METHOD *method;
int ref_counter;
}; };
struct cert_st { struct cert_st {
@ -147,6 +151,11 @@ struct X509_VERIFY_PARAM_st {
}; };
struct bio_st {
const unsigned char * data;
int dlen;
};
typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS; typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
struct ssl_alpn_st { struct ssl_alpn_st {
ALPN_STATUS alpn_status; ALPN_STATUS alpn_status;

View file

@ -101,6 +101,73 @@ int SSL_add_client_CA(SSL *ssl, X509 *x);
*/ */
int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
/**
* @brief set SSL context client CA certification
*
* @param store - pointer to X509_STORE
* @param x - pointer to X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x);
/**
* @brief load data in BIO
*
* Normally BIO_write should append data but that doesn't happen here, and
* 'data' cannot be freed after the function is called, it should remain valid
* until BIO object is in use.
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* 0 : failed
* 1 : OK
*/
int BIO_write(BIO *b, const void *data, int dlen);
/**
* @brief load a character certification context into system context.
*
* If '*cert' is pointed to the certification, then load certification
* into it, or create a new X509 certification object.
*
* @param bp - pointer to BIO
* @param buffer - pointer to the certification context memory
* @param cb - pointer to a callback which queries pass phrase used
for encrypted PEM structure
* @param u - pointer to arbitary data passed by application to callback
*
* @return X509 certification object point
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u);
/**
* @brief create a BIO object
*
* @param method - pointer to BIO_METHOD
*
* @return pointer to BIO object
*/
BIO *BIO_new(void * method);
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem();
/**
* @brief free a BIO object
*
* @param x - pointer to BIO object
*/
void BIO_free(BIO *b);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View file

@ -16,6 +16,7 @@
#include "ssl_methods.h" #include "ssl_methods.h"
#include "ssl_dbg.h" #include "ssl_dbg.h"
#include "ssl_port.h" #include "ssl_port.h"
#include "ssl.h"
/** /**
* @brief show X509 certification information * @brief show X509 certification information
@ -39,6 +40,8 @@ X509* __X509_new(X509 *ix)
goto no_mem; goto no_mem;
} }
x->ref_counter = 1;
if (ix) if (ix)
x->method = ix->method; x->method = ix->method;
else else
@ -73,6 +76,10 @@ void X509_free(X509 *x)
{ {
SSL_ASSERT3(x); SSL_ASSERT3(x);
if (--x->ref_counter > 0) {
return;
}
X509_METHOD_CALL(free, x); X509_METHOD_CALL(free, x);
ssl_mem_free(x); ssl_mem_free(x);
@ -314,3 +321,108 @@ X509 *SSL_get_peer_certificate(const SSL *ssl)
return ssl->session->peer; return ssl->session->peer;
} }
/**
* @brief set SSL context client CA certification
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
x->ref_counter++;
SSL_CTX *ctx = (SSL_CTX *)store;
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x) {
return 1;
}
if (ctx->client_CA!=NULL) {
X509_free(ctx->client_CA);
}
ctx->client_CA = x;
return 1;
}
/**
* @brief create a BIO object
*/
BIO *BIO_new(void *method) {
BIO *b = (BIO *)malloc(sizeof(BIO));
return b;
}
/**
* @brief load data into BIO.
*
* Normally BIO_write should append data but doesn't happen here, and
* 'data' cannot be freed after the function is called, it should remain valid
* until BIO object is in use.
*/
int BIO_write(BIO *b, const void * data, int dlen) {
b->data = data;
b->dlen = dlen;
return 1;
}
/**
* @brief load a character certification context into system context.
*
* If '*cert' is pointed to the certification, then load certification
* into it, or create a new X509 certification object.
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) {
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(bp->data);
SSL_ASSERT2(bp->dlen);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed;
}
return x;
failed:
if (m) {
X509_free(x);
}
return NULL;
}
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem() {
return NULL;
}
/**
* @brief get the SSL context object X509 certification storage
*/
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
return (X509_STORE *)ctx;
}
/**
* @brief free a BIO object
*/
void BIO_free(BIO *b) {
free(b);
}