Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
OVMS3-idf/components/openssl/library/ssl_lib.c
dongheng 6f07409d7c components/openssl: add function to set and get verify depth 
1. add function to set and get SSL verify depth
	2. add function to set and get SSL context verify depth
	3. add X509_VERIFY_PARAM structure
2016-09-22 15:30:25 +08:00

1806 lines
36 KiB
C
Raw Blame History

// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_lib.h"
#include "ssl_pkey.h"
#include "ssl_x509.h"
#include "ssl_cert.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#define SSL_SEND_DATA_MAX_LENGTH 1460
/*
* ossl_statem_in_error - Discover whether the current connection is in the error state
*
* @param ssl - SSL point
*
* @return
* 1 : Yes
* 0 : no
*/
int ossl_statem_in_error(const SSL *ssl)
{
if (ssl->statem.state == MSG_FLOW_ERROR)
return 1;
return 0;
}
/*
* SSL_want - get the SSL specifical statement
*
* @param ssl - SSL point
*
* @return specifical statement
*/
int SSL_want(const SSL *ssl)
{
return ssl->rwstate;
}
/*
* SSL_want_nothing - check if SSL want nothing
*
* @param ssl - SSL point
*
* @return
* 1 : yes
* 0 : no
*/
int SSL_want_nothing(const SSL *ssl)
{
return (SSL_want(ssl) == SSL_NOTHING);
}
/*
* SSL_want_read - check if SSL want to read
*
* @param ssl - SSL point
*
* @return
* 1 : yes
* 0 : no
*/
int SSL_want_read(const SSL *ssl)
{
return (SSL_want(ssl) == SSL_READING);
}
/*
* SSL_want_read - check if SSL want to write
*
* @param ssl - SSL point
*
* @return
* 1 : yes
* 0 : no
*/
int SSL_want_write(const SSL *ssl)
{
return (SSL_want(ssl) == SSL_WRITING);
}
/*
* SSL_want_read - check if SSL want to lookup X509 certification
*
* @param ssl - SSL point
*
* @return
* 1 : yes
* 0 : no
*/
int SSL_want_x509_lookup(const SSL *ssl)
{
return (SSL_want(ssl) == SSL_WRITING);
}
/*
* SSL_get_error - get SSL error code
*
* @param ssl - SSL point
* @param ret_code - SSL return code
*
* @return SSL error number
*/
int SSL_get_error(const SSL *ssl, int ret_code)
{
int ret = SSL_ERROR_SYSCALL;
SSL_ASSERT(ssl);
if (ret_code > 0)
ret = SSL_ERROR_NONE;
else if (ret_code < 0)
{
if (SSL_want_read(ssl))
ret = SSL_ERROR_WANT_READ;
else if (SSL_want_write(ssl))
ret = SSL_ERROR_WANT_WRITE;
else
ret = SSL_ERROR_SYSCALL; //unknown
}
else // ret_code == 0
{
if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN)
ret = SSL_ERROR_ZERO_RETURN;
else
ret = SSL_ERROR_SYSCALL;
}
return ret;
}
/*
* SSL_get_state - get the SSL state
*
* @param ssl - SSL point
*
* @return SSL state
*/
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
SSL_ASSERT(ssl);
state = SSL_METHOD_CALL(get_state, ssl);
return state;
}
/*
* SSL_CTX_new - create a SSL context
*
* @param method - the SSL context configuration file
*
* @return the context point, if create failed return NULL
*/
SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
{
SSL_CTX *ctx;
CERT *cert;
X509 *client_ca;
if (!method) SSL_RET(go_failed1, "method\n");
client_ca = X509_new();
if (!client_ca)
SSL_RET(go_failed1, "sk_X509_NAME_new_null\n");
cert = ssl_cert_new();
if (!cert)
SSL_RET(go_failed2, "ssl_cert_new\n");
ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX));
if (!ctx)
SSL_RET(go_failed3, "ssl_ctx_new:ctx\n");
ctx->method = method;
ctx->client_CA = client_ca;
ctx->cert = cert;
ctx->version = method->version;
return ctx;
go_failed3:
ssl_cert_free(cert);
go_failed2:
X509_free(client_ca);
go_failed1:
return NULL;
}
/*
* SSL_CTX_free - free a SSL context
*
* @param method - the SSL context point
*
* @return none
*/
void SSL_CTX_free(SSL_CTX* ctx)
{
SSL_ASSERT(ctx);
ssl_cert_free(ctx->cert);
X509_free(ctx->client_CA);
ssl_free(ctx);
}
/*
* SSL_CTX_set_ssl_version - set the SSL context version
*
* @param ctx - SSL context point
* @param meth - SSL method point
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
SSL_ASSERT(ctx);
SSL_ASSERT(meth);
ctx->method = meth;
ctx->version = meth->version;
return 1;
}
/*
* SSL_CTX_get_ssl_method - get the SSL context current method
*
* @param ctx - SSL context point
*
* @return the SSL context current method
*/
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->method;
}
/*
* SSL_new - create a SSL
*
* @param ctx - the SSL context point
*
* @return the SSL point or NULL if failed
*/
SSL *SSL_new(SSL_CTX *ctx)
{
int ret;
SSL *ssl;
if (!ctx)
SSL_RET(failed1, "ctx:NULL\n");
ssl = (SSL *)ssl_zalloc(sizeof(SSL));
if (!ssl)
SSL_RET(failed1, "ssl_zalloc\n");
ssl->ctx = ctx;
ssl->method = ctx->method;
ssl->version = ctx->version;
ssl->options = ctx->options;
ret = SSL_METHOD_CALL(new, ssl);
if (ret)
SSL_RET(failed2, "ssl_new\n");
ssl->rwstate = SSL_NOTHING;
return ssl;
failed2:
ssl_free(ssl);
failed1:
return NULL;
}
/*
* SSL_free - free the SSL
*
* @param ssl - the SSL point
*
* @return none
*/
void SSL_free(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_METHOD_CALL(free, ssl);
ssl_free(ssl);
}
/*
* SSL_do_handshake - perform the SSL handshake
*
* @param ssl - SSL point
*
* @return
* 1 : OK
* 0 : failed
* -1 : a error catch
*/
int SSL_do_handshake(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_METHOD_CALL(handshake, ssl);
return ret;
}
/*
* SSL_connect - connect to the remote SSL server
*
* @param ssl - the SSL point
*
* @return
* 1 : OK
* -1 : failed
*/
int SSL_connect(SSL *ssl)
{
SSL_ASSERT(ssl);
return SSL_do_handshake(ssl);
}
/*
* SSL_accept - accept the remote connection
*
* @param ssl - the SSL point
*
* @return
* 1 : OK
* -1 : failed
*/
int SSL_accept(SSL *ssl)
{
SSL_ASSERT(ssl);
return SSL_do_handshake(ssl);
}
/*
* SSL_shutdown - shutdown the connection
*
* @param ssl - the SSL point
*
* @return
* 1 : OK
* 0 : shutdown is not finished
* -1 : an error catch
*/
int SSL_shutdown(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
if (SSL_get_state(ssl) != TLS_ST_OK) return 0;
ret = SSL_METHOD_CALL(shutdown, ssl);
return ret;
}
/*
* SSL_clear - reset the SSL
*
* @param ssl - SSL point
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_clear(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
SSL_METHOD_CALL(free, ssl);
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
return 1;
go_failed1:
return ret;
}
/*
* SSL_read - read data from to remote
*
* @param ssl - the SSL point which has been connected
* @param buffer - the received data buffer point
* @param len - the received data length
*
* @return
* > 0 : OK, and return received data bytes
* = 0 : connection is closed
* < 0 : an error catch
*/
int SSL_read(SSL *ssl, void *buffer, int len)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
ssl->rwstate = SSL_READING;
ret = SSL_METHOD_CALL(read, ssl, buffer, len);
ssl->rwstate = SSL_NOTHING;
return ret;
}
/*
* SSL_write - send the data to remote
*
* @param ssl - the SSL point which has been connected
* @param buffer - the send data buffer point
* @param len - the send data length
*
* @return
* > 0 : OK, and return sent data bytes
* = 0 : connection is closed
* < 0 : an error catch
*/
int SSL_write(SSL *ssl, const void *buffer, int len)
{
int ret;
int send_bytes;
const unsigned char *pbuf;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
ssl->rwstate = SSL_WRITING;
send_bytes = len;
pbuf = (const unsigned char *)buffer;
do {
int bytes;
if (send_bytes > SSL_SEND_DATA_MAX_LENGTH)
bytes = SSL_SEND_DATA_MAX_LENGTH;
else
bytes = send_bytes;
ret = SSL_METHOD_CALL(send, ssl, buffer, bytes);
if (ret > 0) {
pbuf += ret;
send_bytes -= ret;
}
} while (ret > 0 && send_bytes);
ssl->rwstate = SSL_NOTHING;
send_bytes = len - send_bytes;
if (send_bytes >= 0)
ret = send_bytes;
else
ret = -1;
return ret;
}
/*
* SSL_get_SSL_CTX - get SSL context of the SSL
*
* @param ssl - SSL point
*
* @return SSL context
*/
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->ctx;
}
/*
* SSL_CTX_get_ssl_method - get the SSL current method
*
* @param ssl - SSL point
*
* @return the SSL current method
*/
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->method;
}
/*
* SSL_set_ssl_method - set the SSL method
*
* @param ssl - SSL point
* @param meth - SSL method point
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(method);
if (ssl->version != method->version) {
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
SSL_METHOD_CALL(free, ssl);
ssl->method = method;
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
} else {
ssl->method = method;
}
return 1;
go_failed1:
return ret;
}
/*
* SSL_get_shutdown - get SSL shutdown mode
*
* @param ssl - SSL point
*
* @return shutdown mode
*/
int SSL_get_shutdown(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->shutdown;
}
/*
* SSL_set_quiet_shutdown - set SSL shutdown mode
*
* @param ssl - SSL point
* @param mode - shutdown mode
*
* @return none
*/
void SSL_set_shutdown(SSL *ssl, int mode)
{
SSL_ASSERT(ssl);
ssl->shutdown = mode;
}
/*
* SSL_pending - get the number of the bytes to be read
*
* @param ssl - SSL point
*
* @return number of the bytes
*/
int SSL_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_METHOD_CALL(pending, ssl);
return ret;
}
/*
* SSL_has_pending - check if some data can be read
*
* @param ssl - SSL point
*
* @return
* 1 : there are bytes to be read
* 0 : no data
*/
int SSL_has_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
if (SSL_pending(ssl))
ret = 1;
else
ret = 0;
return ret;
}
/*
* SSL_CTX_clear_options - clear the SSL context option bit of "op"
*
* @param ctx - SSL context point
* @param op - option
*
* @return SSL context option
*/
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{
return ctx->options &= ~op;
}
/*
* SSL_CTX_clear_options - get the SSL context option
*
* @param ctx - SSL context point
* @param op - option
*
* @return SSL context option
*/
unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
{
return ctx->options;
}
/*
* SSL_CTX_set_option - set the option of the SSL context
*
* @param ctx - the SSL context
*
* @return the SSL context option
*
*/
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
{
return ctx->options |= opt;
}
/*
* SSL_clear_options - clear SSL option
*
* @param ssl - SSL point
* @param op - clear option
*
* @return SSL option
*/
unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
return ssl->options & ~op;
}
/*
* SSL_clear_options - get SSL option
*
* @param ssl - SSL point
*
* @return SSL option
*/
unsigned long SSL_get_options(SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->options;
}
/*
* SSL_clear_options - clear SSL option
*
* @param ssl - SSL point
* @param op - setting option
*
* @return SSL option
*/
unsigned long SSL_set_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
return ssl->options |= op;
}
/*
* SSL_get_fd - get the socket handle of the SSL
*
* @param ssl - SSL point
*
* @return
* >= 0 : yes, and return socket handle
* < 0 : a error catch
*/
int SSL_get_fd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
return ret;
}
/*
* SSL_get_rfd - get the read only socket handle of the SSL
*
* @param ssl - SSL point
*
* @return
* >= 0 : yes, and return socket handle
* < 0 : a error catch
*/
int SSL_get_rfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
return ret;
}
/*
* SSL_get_wfd - get the write only socket handle of the SSL
*
* @param ssl - SSL point
*
* @return
* >= 0 : yes, and return socket handle
* < 0 : a error catch
*/
int SSL_get_wfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
return ret;
}
/*
* SSL_set_fd - bind the socket file description into the SSL
*
* @param ssl - the SSL point
* @param fd - socket handle
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_set_fd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
return 1;
}
/*
* SSL_set_fd - bind the read only socket file description into the SSL
*
* @param ssl - the SSL point
* @param fd - socket handle
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_set_rfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
return 1;
}
/*
* SSL_set_fd - bind the write only socket file description into the SSL
*
* @param ssl - the SSL point
* @param fd - socket handle
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_set_wfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
return 1;
}
/*
* SSL_version - get SSL version
*
* @param ssl - SSL point
*
* @return SSL version
*/
int SSL_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->version;
}
/*
* ssl_protocol_to_string - get the SSL version string
*
* @param version - the SSL version
*
* @return the SSL version string
*/
static const char* ssl_protocol_to_string(int version)
{
const char *str;
if (version == TLS1_2_VERSION)
str = "TLSv1.2";
else if (version == TLS1_1_VERSION)
str = "TLSv1.1";
else if (version == TLS1_VERSION)
str = "TLSv1";
else if (version == SSL3_VERSION)
str = "SSLv3";
else
str = "unknown";
return str;
}
/*
* SSL_get_version - get the SSL current version
*
* @param ssl - SSL point
*
* @return the version string
*/
const char *SSL_get_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl_protocol_to_string(SSL_version(ssl));
}
/*
* SSL_alert_desc_string - get alert description string
*
* @param value - alert value
*
* @return alert description string
*/
const char* SSL_alert_desc_string(int value)
{
const char *str;
switch (value & 0xff)
{
case SSL3_AD_CLOSE_NOTIFY:
str = "CN";
break;
case SSL3_AD_UNEXPECTED_MESSAGE:
str = "UM";
break;
case SSL3_AD_BAD_RECORD_MAC:
str = "BM";
break;
case SSL3_AD_DECOMPRESSION_FAILURE:
str = "DF";
break;
case SSL3_AD_HANDSHAKE_FAILURE:
str = "HF";
break;
case SSL3_AD_NO_CERTIFICATE:
str = "NC";
break;
case SSL3_AD_BAD_CERTIFICATE:
str = "BC";
break;
case SSL3_AD_UNSUPPORTED_CERTIFICATE:
str = "UC";
break;
case SSL3_AD_CERTIFICATE_REVOKED:
str = "CR";
break;
case SSL3_AD_CERTIFICATE_EXPIRED:
str = "CE";
break;
case SSL3_AD_CERTIFICATE_UNKNOWN:
str = "CU";
break;
case SSL3_AD_ILLEGAL_PARAMETER:
str = "IP";
break;
case TLS1_AD_DECRYPTION_FAILED:
str = "DC";
break;
case TLS1_AD_RECORD_OVERFLOW:
str = "RO";
break;
case TLS1_AD_UNKNOWN_CA:
str = "CA";
break;
case TLS1_AD_ACCESS_DENIED:
str = "AD";
break;
case TLS1_AD_DECODE_ERROR:
str = "DE";
break;
case TLS1_AD_DECRYPT_ERROR:
str = "CY";
break;
case TLS1_AD_EXPORT_RESTRICTION:
str = "ER";
break;
case TLS1_AD_PROTOCOL_VERSION:
str = "PV";
break;
case TLS1_AD_INSUFFICIENT_SECURITY:
str = "IS";
break;
case TLS1_AD_INTERNAL_ERROR:
str = "IE";
break;
case TLS1_AD_USER_CANCELLED:
str = "US";
break;
case TLS1_AD_NO_RENEGOTIATION:
str = "NR";
break;
case TLS1_AD_UNSUPPORTED_EXTENSION:
str = "UE";
break;
case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
str = "CO";
break;
case TLS1_AD_UNRECOGNIZED_NAME:
str = "UN";
break;
case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
str = "BR";
break;
case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
str = "BH";
break;
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
str = "UP";
break;
default:
str = "UK";
break;
}
return str;
}
/*
* SSL_alert_desc_string - get alert description long string
*
* @param value - alert value
*
* @return alert description long string
*/
const char* SSL_alert_desc_string_long(int value)
{
const char *str;
switch (value & 0xff)
{
case SSL3_AD_CLOSE_NOTIFY:
str = "close notify";
break;
case SSL3_AD_UNEXPECTED_MESSAGE:
str = "unexpected_message";
break;
case SSL3_AD_BAD_RECORD_MAC:
str = "bad record mac";
break;
case SSL3_AD_DECOMPRESSION_FAILURE:
str = "decompression failure";
break;
case SSL3_AD_HANDSHAKE_FAILURE:
str = "handshake failure";
break;
case SSL3_AD_NO_CERTIFICATE:
str = "no certificate";
break;
case SSL3_AD_BAD_CERTIFICATE:
str = "bad certificate";
break;
case SSL3_AD_UNSUPPORTED_CERTIFICATE:
str = "unsupported certificate";
break;
case SSL3_AD_CERTIFICATE_REVOKED:
str = "certificate revoked";
break;
case SSL3_AD_CERTIFICATE_EXPIRED:
str = "certificate expired";
break;
case SSL3_AD_CERTIFICATE_UNKNOWN:
str = "certificate unknown";
break;
case SSL3_AD_ILLEGAL_PARAMETER:
str = "illegal parameter";
break;
case TLS1_AD_DECRYPTION_FAILED:
str = "decryption failed";
break;
case TLS1_AD_RECORD_OVERFLOW:
str = "record overflow";
break;
case TLS1_AD_UNKNOWN_CA:
str = "unknown CA";
break;
case TLS1_AD_ACCESS_DENIED:
str = "access denied";
break;
case TLS1_AD_DECODE_ERROR:
str = "decode error";
break;
case TLS1_AD_DECRYPT_ERROR:
str = "decrypt error";
break;
case TLS1_AD_EXPORT_RESTRICTION:
str = "export restriction";
break;
case TLS1_AD_PROTOCOL_VERSION:
str = "protocol version";
break;
case TLS1_AD_INSUFFICIENT_SECURITY:
str = "insufficient security";
break;
case TLS1_AD_INTERNAL_ERROR:
str = "internal error";
break;
case TLS1_AD_USER_CANCELLED:
str = "user canceled";
break;
case TLS1_AD_NO_RENEGOTIATION:
str = "no renegotiation";
break;
case TLS1_AD_UNSUPPORTED_EXTENSION:
str = "unsupported extension";
break;
case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
str = "certificate unobtainable";
break;
case TLS1_AD_UNRECOGNIZED_NAME:
str = "unrecognized name";
break;
case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
str = "bad certificate status response";
break;
case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
str = "bad certificate hash value";
break;
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
str = "unknown PSK identity";
break;
default:
str = "unknown";
break;
}
return str;
}
/*
* SSL_alert_type_string - get alert type string
*
* @param value - alert value
*
* @return alert type string
*/
const char *SSL_alert_type_string(int value)
{
const char *str;
switch (value >> 8)
{
case SSL3_AL_WARNING:
str = "W";
break;
case SSL3_AL_FATAL:
str = "F";
break;
default:
str = "U";
break;
}
return str;
}
/*
* SSL_alert_type_string_long - get alert type long string
*
* @param value - alert value
*
* @return alert type long string
*/
const char *SSL_alert_type_string_long(int value)
{
const char *str;
switch (value >> 8)
{
case SSL3_AL_WARNING:
str = "warning";
break;
case SSL3_AL_FATAL:
str = "fatal";
break;
default:
str = "unknown";
break;
}
return str;
}
/*
* SSL_rstate_string - get the state string where SSL is reading
*
* @param ssl - SSL point
*
* @return state string
*/
const char *SSL_rstate_string(SSL *ssl)
{
const char *str;
SSL_ASSERT(ssl);
switch (ssl->rlayer.rstate)
{
case SSL_ST_READ_HEADER:
str = "RH";
break;
case SSL_ST_READ_BODY:
str = "RB";
break;
case SSL_ST_READ_DONE:
str = "RD";
break;
default:
str = "unknown";
break;
}
return str;
}
/*
* SSL_rstate_string_long - get the statement long string where SSL is reading
*
* @param ssl - SSL point
*
* @return statement long string
*/
const char *SSL_rstate_string_long(SSL *ssl)
{
const char *str = "unknown";
SSL_ASSERT(ssl);
switch (ssl->rlayer.rstate)
{
case SSL_ST_READ_HEADER:
str = "read header";
break;
case SSL_ST_READ_BODY:
str = "read body";
break;
case SSL_ST_READ_DONE:
str = "read done";
break;
default:
break;
}
return str;
}
/*
* SSL_state_string - get SSL statement string
*
* @param ssl - SSL point
*
* @return SSL statement string
*/
char *SSL_state_string(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
else
{
switch (SSL_get_state(ssl))
{
case TLS_ST_BEFORE:
str = "PINIT ";
break;
case TLS_ST_OK:
str = "SSLOK ";
break;
case TLS_ST_CW_CLNT_HELLO:
str = "TWCH";
break;
case TLS_ST_CR_SRVR_HELLO:
str = "TRSH";
break;
case TLS_ST_CR_CERT:
str = "TRSC";
break;
case TLS_ST_CR_KEY_EXCH:
str = "TRSKE";
break;
case TLS_ST_CR_CERT_REQ:
str = "TRCR";
break;
case TLS_ST_CR_SRVR_DONE:
str = "TRSD";
break;
case TLS_ST_CW_CERT:
str = "TWCC";
break;
case TLS_ST_CW_KEY_EXCH:
str = "TWCKE";
break;
case TLS_ST_CW_CERT_VRFY:
str = "TWCV";
break;
case TLS_ST_SW_CHANGE:
case TLS_ST_CW_CHANGE:
str = "TWCCS";
break;
case TLS_ST_SW_FINISHED:
case TLS_ST_CW_FINISHED:
str = "TWFIN";
break;
case TLS_ST_SR_CHANGE:
case TLS_ST_CR_CHANGE:
str = "TRCCS";
break;
case TLS_ST_SR_FINISHED:
case TLS_ST_CR_FINISHED:
str = "TRFIN";
break;
case TLS_ST_SW_HELLO_REQ:
str = "TWHR";
break;
case TLS_ST_SR_CLNT_HELLO:
str = "TRCH";
break;
case TLS_ST_SW_SRVR_HELLO:
str = "TWSH";
break;
case TLS_ST_SW_CERT:
str = "TWSC";
break;
case TLS_ST_SW_KEY_EXCH:
str = "TWSKE";
break;
case TLS_ST_SW_CERT_REQ:
str = "TWCR";
break;
case TLS_ST_SW_SRVR_DONE:
str = "TWSD";
break;
case TLS_ST_SR_CERT:
str = "TRCC";
break;
case TLS_ST_SR_KEY_EXCH:
str = "TRCKE";
break;
case TLS_ST_SR_CERT_VRFY:
str = "TRCV";
break;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
str = "DRCHV";
break;
case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
str = "DWCHV";
break;
default:
break;
}
}
return str;
}
/*
* SSL_state_string_long - get SSL statement long string
*
* @param ssl - SSL point
*
* @return SSL statement long string
*/
char *SSL_state_string_long(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
else
{
switch (SSL_get_state(ssl))
{
case TLS_ST_BEFORE:
str = "before SSL initialization";
break;
case TLS_ST_OK:
str = "SSL negotiation finished successfully";
break;
case TLS_ST_CW_CLNT_HELLO:
str = "SSLv3/TLS write client hello";
break;
case TLS_ST_CR_SRVR_HELLO:
str = "SSLv3/TLS read server hello";
break;
case TLS_ST_CR_CERT:
str = "SSLv3/TLS read server certificate";
break;
case TLS_ST_CR_KEY_EXCH:
str = "SSLv3/TLS read server key exchange";
break;
case TLS_ST_CR_CERT_REQ:
str = "SSLv3/TLS read server certificate request";
break;
case TLS_ST_CR_SESSION_TICKET:
str = "SSLv3/TLS read server session ticket";
break;
case TLS_ST_CR_SRVR_DONE:
str = "SSLv3/TLS read server done";
break;
case TLS_ST_CW_CERT:
str = "SSLv3/TLS write client certificate";
break;
case TLS_ST_CW_KEY_EXCH:
str = "SSLv3/TLS write client key exchange";
break;
case TLS_ST_CW_CERT_VRFY:
str = "SSLv3/TLS write certificate verify";
break;
case TLS_ST_CW_CHANGE:
case TLS_ST_SW_CHANGE:
str = "SSLv3/TLS write change cipher spec";
break;
case TLS_ST_CW_FINISHED:
case TLS_ST_SW_FINISHED:
str = "SSLv3/TLS write finished";
break;
case TLS_ST_CR_CHANGE:
case TLS_ST_SR_CHANGE:
str = "SSLv3/TLS read change cipher spec";
break;
case TLS_ST_CR_FINISHED:
case TLS_ST_SR_FINISHED:
str = "SSLv3/TLS read finished";
break;
case TLS_ST_SR_CLNT_HELLO:
str = "SSLv3/TLS read client hello";
break;
case TLS_ST_SW_HELLO_REQ:
str = "SSLv3/TLS write hello request";
break;
case TLS_ST_SW_SRVR_HELLO:
str = "SSLv3/TLS write server hello";
break;
case TLS_ST_SW_CERT:
str = "SSLv3/TLS write certificate";
break;
case TLS_ST_SW_KEY_EXCH:
str = "SSLv3/TLS write key exchange";
break;
case TLS_ST_SW_CERT_REQ:
str = "SSLv3/TLS write certificate request";
break;
case TLS_ST_SW_SESSION_TICKET:
str = "SSLv3/TLS write session ticket";
break;
case TLS_ST_SW_SRVR_DONE:
str = "SSLv3/TLS write server done";
break;
case TLS_ST_SR_CERT:
str = "SSLv3/TLS read client certificate";
break;
case TLS_ST_SR_KEY_EXCH:
str = "SSLv3/TLS read client key exchange";
break;
case TLS_ST_SR_CERT_VRFY:
str = "SSLv3/TLS read certificate verify";
break;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
str = "DTLS1 read hello verify request";
break;
case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
str = "DTLS1 write hello verify request";
break;
default:
break;
}
}
return str;
}
/*
* SSL_CTX_set_default_read_buffer_len - set the SSL context read buffer length
*
* @param ctx - SSL context point
* @param len - read buffer length
*
* @return none
*/
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
SSL_ASSERT(ctx);
SSL_ASSERT(len);
ctx->read_buffer_len = len;
}
/*
* SSL_set_default_read_buffer_len - set the SSL read buffer length
*
* @param ssl - SSL point
* @param len - read buffer length
*
* @return none
*/
void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
{
SSL_ASSERT(ssl);
SSL_ASSERT(len);
SSL_METHOD_CALL(set_bufflen, ssl, len);
}
/*
* SSL_set_info_callback - set the SSL information callback function
*
* @param ssl - SSL point
* @param cb - information callback function
*
* @return none
*/
void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
{
SSL_ASSERT(ssl);
ssl->info_callback = cb;
}
/*
* SSL_CTX_up_ref - add SSL context reference count by '1'
*
* @param ctx - SSL context point
*
* @return
* 1 : OK
* 0 : failed
*/
int SSL_CTX_up_ref(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
/* no support multi-thread SSL here */
ctx->references++;
return 1;
}
/*
* SSL_set_security_level - set the SSL security level
*
* @param ssl - SSL point
* @param level - security level
*
* @return none
*/
void SSL_set_security_level(SSL *ssl, int level)
{
SSL_ASSERT(ssl);
ssl->cert->sec_level = level;
}
/*
* SSL_get_security_level - get the SSL security level
*
* @param ssl - SSL point
*
* @return security level
*/
int SSL_get_security_level(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->cert->sec_level;
}
/*
* SSL_CTX_get_verify_mode - get the SSL verifying mode of the SSL context
*
* @param ctx - SSL context point
*
* @return verifying mode
*/
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->verify_mode;
}
/*
* SSL_CTX_set_timeout - set the session timeout time
*
* @param ctx - SSL context point
* @param t - new session timeout time
*
* @return old session timeout time
*/
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
{
long l;
SSL_ASSERT(ctx);
l = ctx->session_timeout;
ctx->session_timeout = t;
return l;
}
/*
* SSL_CTX_get_timeout - get the session timeout time
*
* @param ctx - SSL context point
*
* @return current session timeout time
*/
long SSL_CTX_get_timeout(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->session_timeout;
}
/*
* SSL_set_read_ahead - set the SSL if we can read as many as data
*
* @param ssl - SSL point
* @param yes - enable the function
*
* @return none
*/
void SSL_set_read_ahead(SSL *ssl, int yes)
{
SSL_ASSERT(ssl);
ssl->rlayer.read_ahead = yes;
}
/*
* SSL_set_read_ahead - set the SSL context if we can read as many as data
*
* @param ctx - SSL context point
* @param yes - enable the function
*
* @return none
*/
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
{
SSL_ASSERT(ctx);
ctx->read_ahead = yes;
}
/*
* SSL_set_read_ahead - get the SSL ahead signal if we can read as many as data
*
* @param ssl - SSL point
*
* @return SSL context ahead signal
*/
int SSL_get_read_ahead(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->rlayer.read_ahead;
}
/*
* SSL_set_read_ahead - get the SSL context ahead signal if we can read as many as data
*
* @param ctx - SSL context point
*
* @return SSL context ahead signal
*/
long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->read_ahead;
}
/*
* SSL_CTX_get_ciphers - check if the SSL context can read as many as data
*
* @param ctx - SSL context point
*
* @return
* 1 : Yes
* 0 : No
*/
long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->read_ahead;
}
/*
* SSL_set_time - set SSL session time
*
* @param ssl - SSL point
* @param t - session time
*
* @return session time
*/
long SSL_set_time(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
ssl->session.time = t;
return t;
}
/*
* SSL_set_time - set SSL session timeout time
*
* @param ssl - SSL point
* @param t - session timeout time
*
* @return session timeout time
*/
long SSL_set_timeout(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
ssl->session.timeout = t;
return t;
}
/*
* SSL_set_verify - set the SSL verifying of the SSL context
*
* @param ctx - SSL point
* @param mode - verifying mode
* @param verify_callback - verifying callback function
*
* @return none
*/
void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
SSL_ASSERT(ssl);
SSL_ASSERT(verify_callback);
}
/*
* SSL_get_verify_result - get the verifying result of the SSL certification
*
* @param ssl - the SSL point
*
* @return the result of verifying
*/
long SSL_get_verify_result(const SSL *ssl)
{
SSL_ASSERT(ssl);
return SSL_METHOD_CALL(get_verify_result, ssl);
}
/*
* SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context
*
* @param ctx - SSL context point
*
* @return verifying depth
*/
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
return ctx->param.depth;
}
/*
* SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context
*
* @param ctx - SSL context point
* @param depth - verifying depth
*
* @return one
*/
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
SSL_ASSERT(ctx);
ctx->param.depth = depth;
}
/*
* SSL_get_verify_depth - get the SSL verifying depth of the SSL
*
* @param ctx - SSL point
*
* @return verifying depth
*/
int SSL_get_verify_depth(const SSL *ssl)
{
SSL_ASSERT(ssl);
return ssl->param.depth;
}
/*
* SSL_set_verify_depth - set the SSL verify depth of the SSL
*
* @param ctx - SSL point
* @param depth - verifying depth
*
* @return one
*/
void SSL_set_verify_depth(SSL *ssl, int depth)
{
SSL_ASSERT(ssl);
ssl->param.depth = depth;
}
Reference in a new issue View git blame Copy permalink