diff --git a/crypto/openssl_mbedtls_wrapper/Kconfig b/crypto/openssl_mbedtls_wrapper/Kconfig index 197adbc3e72..3a4ee11a2ee 100644 --- a/crypto/openssl_mbedtls_wrapper/Kconfig +++ b/crypto/openssl_mbedtls_wrapper/Kconfig @@ -7,3 +7,25 @@ config OPENSSL_MBEDTLS_WRAPPER depends on CRYPTO_MBEDTLS bool "openssl mbedtls wrapper" default n + +if OPENSSL_MBEDTLS_WRAPPER + +choice + prompt "Openssl Mbedtls Wrapper Assert Debug" + default OPENSSL_ASSERT_EXIT + +config OPENSSL_ASSERT_DEBUG + bool "SSL_ASSERT* will show error file name and line" + +config OPENSSL_ASSERT_EXIT + bool "SSL_ASSERT* will just return error code" + +config OPENSSL_ASSERT_DEBUG_EXIT + bool "SSL_ASSERT* will show error file name and line, then return error code" + +config OPENSSL_ASSERT_DEBUG_BLOCK + bool "SSL_ASSERT* will show error file name and line, then block here with 'while (1)'" + +endchoice + +endif # OPENSSL_MBEDTLS_WRAPPER diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/bio.h b/crypto/openssl_mbedtls_wrapper/include/openssl/bio.h index be8acf1987a..7bfab1eb9c3 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/bio.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/bio.h @@ -27,16 +27,86 @@ ****************************************************************************/ #include +#include /**************************************************************************** - * Public Function Prototypes + * Pre-processor Definitions + ****************************************************************************/ + +/* There are the classes of BIOs */ + +#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +#define BIO_TYPE_FILTER 0x0200 +#define BIO_TYPE_SOURCE_SINK 0x0400 + +#define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* This is used with memory BIOs: BIO_FLAGS_MEM_RDONLY + * means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ + +#define BIO_FLAGS_MEM_RDONLY 0x200 +#define BIO_FLAGS_NONCLEAR_RST 0x400 +#define BIO_FLAGS_IN_EOF 0x800 + +#define BIO_TYPE_NONE 0 +#define BIO_TYPE_MEM (1 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_FILE (2 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_BASE64 (11 | BIO_TYPE_FILTER) + +/**************************************************************************** + * Public Types ****************************************************************************/ +struct bio_method_st +{ + int type; + char *name; + int (*bwrite_old) (BIO *, const char *, int); + int (*bread_old) (BIO *, char *, int); + int (*create) (BIO *); + int (*destroy) (BIO *); +}; + +struct bio_st +{ + const BIO_METHOD *method; + int flags; /* extra storage */ + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ +}; + #ifdef __cplusplus extern "C" { #endif +/**************************************************************************** + * Public Function Prototypes + ****************************************************************************/ + +const BIO_METHOD *BIO_f_base64(void); + +const BIO_METHOD *BIO_s_mem(void); + +BIO *BIO_new(const BIO_METHOD *method); + +BIO *BIO_push(BIO *b, BIO *bio); + +void BIO_set_flags(BIO *b, int flags); + +int BIO_write(BIO *b, const void *data, int dlen); + +int BIO_read(BIO *b, void *data, int dlen); + +void BIO_free_all(BIO *bio); + +BIO *BIO_next(BIO *b); + +int BIO_flush(BIO *b); + #ifdef __cplusplus } #endif diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/crypto.h b/crypto/openssl_mbedtls_wrapper/include/openssl/crypto.h new file mode 100644 index 00000000000..b573b29499b --- /dev/null +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/crypto.h @@ -0,0 +1,48 @@ +/**************************************************************************** + * apps/crypto/openssl_mbedtls_wrapper/include/openssl/crypto.h + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + ****************************************************************************/ + +#ifndef OPENSSL_MBEDTLS_WRAPPER_CRYPTO_H +#define OPENSSL_MBEDTLS_WRAPPER_CRYPTO_H + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define CRYPTO_num_locks() 1 +#define CRYPTO_set_locking_callback(func) + +#define CRYPTO_set_id_callback(func) + +/* These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ + +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 + +#endif /* OPENSSL_MBEDTLS_WRAPPER_CRYPTO_H */ diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/err.h b/crypto/openssl_mbedtls_wrapper/include/openssl/err.h index f6637eca423..1453be16eee 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/err.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/err.h @@ -49,6 +49,12 @@ unsigned long ERR_peek_last_error(void); void ERR_error_string_n(unsigned long e, char *buf, size_t len); void ERR_free_strings(void); char *ERR_error_string(unsigned long e, char *buf); +void ERR_clear_error(void); +unsigned long ERR_get_error(void); +void ERR_remove_state(unsigned long pid); +int ERR_load_crypto_strings(void); +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); #ifdef __cplusplus } diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/evp.h b/crypto/openssl_mbedtls_wrapper/include/openssl/evp.h index f65a51d88d3..e1696bfa66e 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/evp.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/evp.h @@ -44,6 +44,10 @@ #define EVP_PKEY_X25519 NID_X25519 +/**************************************************************************** + * Public Types + ****************************************************************************/ + struct evp_pkey_st { void *pkey_pm; @@ -166,6 +170,10 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, const PKEY_METHOD *EVP_PKEY_method(void); +int OpenSSL_add_all_algorithms(void); + +void EVP_cleanup(void); + #ifdef __cplusplus } #endif diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h b/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h index 937c1ab95df..7bdc0312522 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h @@ -25,13 +25,19 @@ ****************************************************************************/ #include +#include #include +#include #include #include +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -#define SSL_SENT_SHUTDOWN 1 -#define SSL_RECEIVED_SHUTDOWN 2 +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 #define SSL_VERIFY_NONE 0x00 #define SSL_VERIFY_PEER 0x01 @@ -57,52 +63,134 @@ #define SSL_ERROR_WANT_READ 2 #define SSL_ERROR_WANT_WRITE 3 #define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */ +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 #define SSL_ERROR_WANT_ACCEPT 8 #define SSL_ERROR_WANT_ASYNC 9 -#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_ASYNC_JOB 10 + +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 + +#define SSL_ST_MASK 0x0FFF + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT | SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT | SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT | SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT | SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT | SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT | SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 + +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ + +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U + +/* Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ + +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U + +#define SSLEAY_VERSION 0 +#define SSLEAY_CFLAGS 1 +#define SSLEAY_BUILT_ON 2 +#define SSLEAY_PLATFORM 3 +#define SSLEAY_DIR 4 + +#define SSL2_VERSION 0x0002 + +#define SSL2_MT_CLIENT_HELLO 1 + +#define SSLv23_client_method TLS_client_method +#define SSL_library_init() 1 +#define SSL_load_error_strings() + +/**************************************************************************** + * Public Types + ****************************************************************************/ + +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + +typedef void (*ossl_msg_cb)( + int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); typedef enum { - TLS_ST_BEFORE, - TLS_ST_OK, - DTLS_ST_CR_HELLO_VERIFY_REQUEST, - TLS_ST_CR_SRVR_HELLO, - TLS_ST_CR_CERT, - TLS_ST_CR_CERT_STATUS, - TLS_ST_CR_KEY_EXCH, - TLS_ST_CR_CERT_REQ, - TLS_ST_CR_SRVR_DONE, - TLS_ST_CR_SESSION_TICKET, - TLS_ST_CR_CHANGE, - TLS_ST_CR_FINISHED, - TLS_ST_CW_CLNT_HELLO, - TLS_ST_CW_CERT, - TLS_ST_CW_KEY_EXCH, - TLS_ST_CW_CERT_VRFY, - TLS_ST_CW_CHANGE, - TLS_ST_CW_NEXT_PROTO, - TLS_ST_CW_FINISHED, - TLS_ST_SW_HELLO_REQ, - TLS_ST_SR_CLNT_HELLO, - DTLS_ST_SW_HELLO_VERIFY_REQUEST, - TLS_ST_SW_SRVR_HELLO, - TLS_ST_SW_CERT, - TLS_ST_SW_KEY_EXCH, - TLS_ST_SW_CERT_REQ, - TLS_ST_SW_SRVR_DONE, - TLS_ST_SR_CERT, - TLS_ST_SR_KEY_EXCH, - TLS_ST_SR_CERT_VRFY, - TLS_ST_SR_NEXT_PROTO, - TLS_ST_SR_CHANGE, - TLS_ST_SR_FINISHED, - TLS_ST_SW_SESSION_TICKET, - TLS_ST_SW_CERT_STATUS, - TLS_ST_SW_CHANGE, - TLS_ST_SW_FINISHED + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA } OSSL_HANDSHAKE_STATE; @@ -141,6 +229,8 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); + int SSL_use_certificate_file(SSL *ssl, const char *file, int type); X509 *SSL_get_peer_certificate(const SSL *ssl); @@ -161,7 +251,7 @@ int SSL_get_error(const SSL *ssl, int ret_code); OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); -SSL_CTX *SSL_CTX_new(const SSL_METHOD *method, void *rngctx); +SSL_CTX *SSL_CTX_new(const SSL_METHOD *method, ...); void SSL_CTX_free(SSL_CTX *ctx); @@ -299,6 +389,74 @@ int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +const SSL_METHOD *TLS_method(void); +const SSL_METHOD *TLS_server_method(void); +const SSL_METHOD *TLS_client_method(void); + +const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_server_method(void); +const SSL_METHOD *TLSv1_client_method(void); + +const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_server_method(void); +const SSL_METHOD *TLSv1_1_client_method(void); + +const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_server_method(void); +const SSL_METHOD *TLSv1_2_client_method(void); + +SSL_SESSION *SSL_get1_session(SSL *ssl); + +void SSL_SESSION_free(SSL_SESSION *session); + +int SSL_set_session(SSL *s, SSL_SESSION *session); + +const char *SSLeay_version(int t); + +const char *SSL_state_string_long(const SSL *s); + +const char *SSL_get_cipher_name(const SSL *s); + +const char *SSL_alert_type_string_long(int value); + +const char *SSL_alert_desc_string_long(int value); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); + +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + SSL_psk_client_cb_func cb); + +long SSL_CTX_set_mode(SSL_CTX *ctx, long larg); + +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb)(const SSL *ssl, int type, int val)); + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); + +const char *SSL_get_cipher_list(const SSL *s, int n); + +long SSL_set_tlsext_host_name(SSL *s, void *parg); + +int SSL_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +const char *SSL_get_cipher_list(const SSL *s, int n); + +int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); + +int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); + +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); + #ifdef __cplusplus } #endif diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/ssl_local.h b/crypto/openssl_mbedtls_wrapper/include/openssl/ssl_local.h index b9295d1c96d..053da27de37 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/ssl_local.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/ssl_local.h @@ -30,11 +30,6 @@ #include #include -#ifdef __cplusplus -extern "C" -{ -#endif - /**************************************************************************** * Public Types ****************************************************************************/ @@ -61,6 +56,24 @@ struct ssl_ctx_st int read_ahead; int read_buffer_len; X509_VERIFY_PARAM param; + + /* Default password callback. */ + + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + + void *default_passwd_callback_userdata; + uint32_t mode; + + /* optional informational callback */ + + void (*info_callback)(const SSL *ssl, int type, int val); + + /* callback that allows applications to peek at protocol messages */ + + ossl_msg_cb msg_callback; + SSL_psk_client_cb_func psk_client_callback; }; struct ssl_method_func_st @@ -97,16 +110,22 @@ struct ssl_session_st long timeout; long time; X509 *peer; + const SSL_CIPHER *cipher; + int references; + struct + { + char hostname[TLSEXT_MAXLEN_host_name]; + } ext; }; struct ssl_st { -/* protocol version(one of SSL3.0, TLS1.0, etc.) */ + /* protocol version(one of SSL3.0, TLS1.0, etc.) */ int version; unsigned long options; -/* shut things down(0x01 : sent, 0x02 : received) */ + /* shut things down(0x01 : sent, 0x02 : received) */ int shutdown; CERT *cert; @@ -116,7 +135,7 @@ struct ssl_st const char **alpn_protos; RECORD_LAYER rlayer; -/* where we are */ + /* where we are */ OSSL_STATEM statem; SSL_SESSION *session; @@ -129,11 +148,22 @@ struct ssl_st int err; void (*info_callback) (const SSL *ssl, int type, int val); -/* SSL low-level system arch point */ + /* SSL low-level system arch point */ void *ssl_pm; + SSL_CIPHER *cipher_list; +}; + +struct ssl_cipher_st +{ + const char *name; /* text name */ }; +#ifdef __cplusplus +extern "C" +{ +#endif + /**************************************************************************** * Public Function Prototypes ****************************************************************************/ diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/tls1.h b/crypto/openssl_mbedtls_wrapper/include/openssl/tls1.h index 57fd4fa269d..6f0ff49cb5c 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/tls1.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/tls1.h @@ -20,42 +20,63 @@ #ifndef OPENSSL_MBEDTLS_WRAPPER_TLS1_H #define OPENSSL_MBEDTLS_WRAPPER_TLS1_H -#ifdef __cplusplus -extern "C" -{ -#endif +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 -#define TLS1_AD_UNKNOWN_CA 48/* fatal */ -#define TLS1_AD_ACCESS_DENIED 49/* fatal */ -#define TLS1_AD_DECODE_ERROR 50/* fatal */ +#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +#define TLS1_AD_DECODE_ERROR 50 /* fatal */ #define TLS1_AD_DECRYPT_ERROR 51 -#define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ -#define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ -#define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ -#define TLS1_AD_INTERNAL_ERROR 80/* fatal */ -#define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 + /* codes 110-114 are from RFC3546 */ + #define TLS1_AD_UNSUPPORTED_EXTENSION 110 #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 #define TLS1_AD_UNRECOGNIZED_NAME 112 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ -#define TLS1_AD_NO_APPLICATION_PROTOCOL 120/* fatal */ +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ +#define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ /* Special value for method supporting multiple versions */ + #define TLS_ANY_VERSION 0x10000 #define TLS1_VERSION 0x0301 #define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_NOACK 3 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_NOACK 3 + +#define TLSEXT_MAXLEN_host_name 255 + +#ifdef __cplusplus +extern "C" +{ +#endif + +/**************************************************************************** + * Public Function Prototypes + ****************************************************************************/ + +long SSL_set_tlsext_host_name(SSL *s, void *parg); #ifdef __cplusplus } diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/types.h b/crypto/openssl_mbedtls_wrapper/include/openssl/types.h index 679fb94c591..294ef20f68d 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/types.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/types.h @@ -20,19 +20,22 @@ #ifndef OPENSSL_MBEDTLS_WRAPPER_TYPES_H #define OPENSSL_MBEDTLS_WRAPPER_TYPES_H -#ifdef __cplusplus -extern "C" -{ -#endif +/**************************************************************************** + * Public Types + ****************************************************************************/ -typedef void SSL_CIPHER; +typedef void CRYPTO_EX_new; +typedef void CRYPTO_THREADID; typedef void X509_STORE; - typedef void RSA; -typedef void BIO; typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef int pem_password_cb(char *buf, int size, + int rwflag, void *userdata); +typedef struct bio_buf_mem_st BIO_BUF_MEM; +typedef struct bio_method_st BIO_METHOD; +typedef struct bio_st BIO; typedef struct stack_st OPENSSL_STACK; typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_method_func_st SSL_METHOD_FUNC; @@ -41,6 +44,7 @@ typedef struct ossl_statem_st OSSL_STATEM; typedef struct ssl_session_st SSL_SESSION; typedef struct ssl_ctx_st SSL_CTX; typedef struct ssl_st SSL; +typedef struct ssl_cipher_st SSL_CIPHER; typedef struct cert_st CERT; typedef struct x509_st X509; typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; @@ -66,8 +70,4 @@ struct pkey_method_st int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); }; -#ifdef __cplusplus -} -#endif - #endif /* OPENSSL_MBEDTLS_WRAPPER_TYPES_H */ diff --git a/crypto/openssl_mbedtls_wrapper/include/openssl/x509.h b/crypto/openssl_mbedtls_wrapper/include/openssl/x509.h index 847aaa4bc33..cda2212764e 100644 --- a/crypto/openssl_mbedtls_wrapper/include/openssl/x509.h +++ b/crypto/openssl_mbedtls_wrapper/include/openssl/x509.h @@ -34,10 +34,13 @@ #include #include -#ifdef __cplusplus -extern "C" -{ -#endif +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 /**************************************************************************** * Public Types @@ -45,7 +48,7 @@ extern "C" struct x509_st { -/* X509 certification platform private point */ + /* X509 certification platform private point */ void *x509_pm; const X509_METHOD *method; @@ -56,6 +59,8 @@ struct x509_method_st int (*x509_new)(X509 *x, X509 *m_x); void (*x509_free)(X509 *x); int (*x509_load)(X509 *x, const unsigned char *buf, int len); + int (*x509_load_file)(X509 *x, const char *file); + int (*x509_load_path)(X509 *x, const char *path); int (*x509_show_info)(X509 *x); }; @@ -66,6 +71,11 @@ struct cert_st EVP_PKEY *pkey; }; +#ifdef __cplusplus +extern "C" +{ +#endif + /**************************************************************************** * Public Function Prototypes ****************************************************************************/ diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/bio_b64.c b/crypto/openssl_mbedtls_wrapper/mbedtls/bio_b64.c new file mode 100644 index 00000000000..a13d4f26ce2 --- /dev/null +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/bio_b64.c @@ -0,0 +1,147 @@ +/**************************************************************************** + * apps/crypto/openssl_mbedtls_wrapper/mbedtls/bio_b64.c + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include +#include + +#include +#include +#include + +/**************************************************************************** + * Pre-processor definitions + ****************************************************************************/ + +#define BIO_B64_BUFSIZE ((BIO_B64_ENC_LEN / 3) * 4 + 1) +#define BIO_B64_ENC_LEN 192 + +/**************************************************************************** + * Private Function Prototypes + ****************************************************************************/ + +static int b64_write(BIO *h, const char *buf, int num); +static int b64_read(BIO *h, char *buf, int size); +static int b64_new(BIO *h); +static int b64_free(BIO *data); + +/**************************************************************************** + * Private Data + ****************************************************************************/ + +static const BIO_METHOD g_methods_b64 = +{ + BIO_TYPE_BASE64, + "base64 encoding", + b64_write, + b64_read, + b64_new, + b64_free, +}; + +/**************************************************************************** + * Private Functions + ****************************************************************************/ + +static int b64_write(BIO *b, const char *in, int inl) +{ + BIO *next; + int len; + int offset = 0; + int ret = 0; + size_t n; + unsigned char out[BIO_B64_BUFSIZE]; + + next = BIO_next(b); + if (next == NULL) + { + return 0; + } + + while (inl > 0) + { + len = MIN(inl, BIO_B64_ENC_LEN); + ret = mbedtls_base64_encode(out, BIO_B64_BUFSIZE, &n, + (const unsigned char *)in + offset, len); + if (ret < 0) + { + break; + } + + ret = BIO_write(next, out, n); + inl -= len; + offset += len; + } + + return ret; +} + +static int b64_read(BIO *b, char *out, int outl) +{ + BIO *next; + int ret; + size_t n; + + if (out == NULL) + { + return 0; + } + + next = BIO_next(b); + if (next == NULL) + { + return 0; + } + + ret = BIO_read(next, out, outl); + if (ret > 0) + { + ret = mbedtls_base64_decode((unsigned char *)out, outl, &n, + (const unsigned char *)out, ret); + if (ret == 0) + { + ret = n; + } + } + + return ret; +} + +static int b64_new(BIO *bi) +{ + return 1; +} + +static int b64_free(BIO *a) +{ + return 1; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +const BIO_METHOD *BIO_f_base64(void) +{ + return &g_methods_b64; +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/bio_lib.c b/crypto/openssl_mbedtls_wrapper/mbedtls/bio_lib.c new file mode 100644 index 00000000000..36d08403a13 --- /dev/null +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/bio_lib.c @@ -0,0 +1,151 @@ +/**************************************************************************** + * apps/crypto/openssl_mbedtls_wrapper/mbedtls/bio_lib.c + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include + +#include + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +BIO *BIO_new(const BIO_METHOD *method) +{ + BIO *bio = zalloc(sizeof(*bio)); + + if (bio == NULL) + { + return NULL; + } + + bio->method = method; + + if (method->create != NULL && !method->create(bio)) + { + free(bio); + return NULL; + } + + return bio; +} + +BIO *BIO_push(BIO *b, BIO *bio) +{ + BIO *lb; + + if (b == NULL) + { + return bio; + } + else if (bio == NULL) + { + return b; + } + + lb = b; + while (lb->next_bio != NULL) + { + lb = lb->next_bio; + } + + lb->next_bio = bio; + bio->prev_bio = lb; + return b; +} + +void BIO_set_flags(BIO *b, int flags) +{ + b->flags |= flags; +} + +int BIO_write(BIO *b, const void *data, int dlen) +{ + if (b == NULL || dlen <= 0) + { + return 0; + } + + if (b->method == NULL || b->method->bwrite_old == NULL) + { + return -2; + } + + return b->method->bwrite_old(b, data, dlen); +} + +int BIO_read(BIO *b, void *data, int dlen) +{ + if (b == NULL || dlen <= 0) + { + return 0; + } + + if (b->method == NULL || b->method->bread_old == NULL) + { + return -2; + } + + return b->method->bread_old(b, data, dlen); +} + +int BIO_free(BIO *a) +{ + if (a == NULL) + { + return 0; + } + + if (a->method != NULL && a->method->destroy != NULL) + { + a->method->destroy(a); + } + + free(a); + return 1; +} + +void BIO_free_all(BIO *bio) +{ + while (bio != NULL) + { + BIO *b = bio; + bio = bio->next_bio; + BIO_free(b); + } +} + +BIO *BIO_next(BIO *b) +{ + if (b == NULL) + { + return NULL; + } + + return b->next_bio; +} + +int BIO_flush(BIO *b) +{ + return 1; +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/bss_mem.c b/crypto/openssl_mbedtls_wrapper/mbedtls/bss_mem.c new file mode 100644 index 00000000000..40f8841350a --- /dev/null +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/bss_mem.c @@ -0,0 +1,236 @@ +/**************************************************************************** + * apps/crypto/openssl_mbedtls_wrapper/mbedtls/bss_mem.c + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include +#include +#include +#include + +#include + +/**************************************************************************** + * Pre-processor definitions + ****************************************************************************/ + +/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That + * function is applied in several functions in this file and this limit + * ensures that the result fits in an int. + */ + +#define LIMIT_BEFORE_EXPANSION 0x5ffffffc + +/**************************************************************************** + * Private Function Prototypes + ****************************************************************************/ + +static int mem_write(BIO *h, const char *buf, int num); +static int mem_read(BIO *h, char *buf, int size); +static int mem_new(BIO *h); +static int mem_free(BIO *data); + +/**************************************************************************** + * Private Types + ****************************************************************************/ + +struct bio_buf_mem_st +{ + unsigned long flags; + char *data; + size_t length; /* current number of bytes */ + size_t max; /* size of buffer */ + size_t offset; /* has been read */ +}; + +/**************************************************************************** + * Private Data + ****************************************************************************/ + +static const BIO_METHOD g_mem_method = +{ + BIO_TYPE_MEM, + "memory buffer", + mem_write, + mem_read, + mem_new, + mem_free, +}; + +/**************************************************************************** + * Private Functions + ****************************************************************************/ + +static int mem_buf_sync(BIO *b) +{ + if (b != NULL && b->ptr != NULL) + { + BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; + + if (bbm->offset) + { + bbm->length = bbm->length - bbm->offset; + memmove(bbm->data, bbm->data + bbm->offset, bbm->length); + bbm->offset = 0; + } + } + + return 0; +} + +static size_t BUF_MEM_grow_clean(BIO_BUF_MEM *bbm, size_t len) +{ + char *ret; + size_t n; + + if (bbm->length >= len) + { + if (bbm->data != NULL) + { + memset(&bbm->data[len], 0, bbm->length - len); + } + + bbm->length = len; + return len; + } + + if (bbm->max >= len) + { + memset(&bbm->data[bbm->length], 0, len - bbm->length); + bbm->length = len; + return len; + } + + /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ + + if (len > LIMIT_BEFORE_EXPANSION) + { + return 0; + } + + n = MAX((len + 3) / 3 * 4, bbm->max); + ret = realloc(bbm->data, n); + if (ret == NULL) + { + return 0; + } + + bbm->data = ret; + bbm->max = n; + bbm->length = len; + return len; +} + +static int mem_write(BIO *b, const char *in, int inl) +{ + BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; + int blen; + + if (b->flags & BIO_FLAGS_MEM_RDONLY) + { + return -1; + } + + if (inl <= 0) + { + return 0; + } + else if (in == NULL) + { + return -1; + } + + blen = bbm->length - bbm->offset; + mem_buf_sync(b); + if (BUF_MEM_grow_clean(bbm, blen + inl) == 0) + { + return -1; + } + + memcpy(bbm->data + blen, in, inl); + return inl; +} + +static int mem_read(BIO *b, char *out, int outl) +{ + BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; + + if (outl <= 0) + { + return 0; + } + + if (out == NULL) + { + return -1; + } + + if (outl > bbm->length - bbm->offset) + { + outl = bbm->length - bbm->offset; + } + + memcpy(out, bbm->data + bbm->offset, outl); + bbm->offset += outl; + return outl; +} + +static int mem_new(BIO *bi) +{ + BIO_BUF_MEM *bbm = zalloc(sizeof(*bbm)); + + if (bbm == NULL) + { + return 0; + } + + bi->ptr = bbm; + return 1; +} + +static int mem_free(BIO *a) +{ + BIO_BUF_MEM *bbm; + + if (a == NULL) + { + return 0; + } + + bbm = (BIO_BUF_MEM *)a->ptr; + if (bbm->data) + { + free(bbm->data); + } + + free(bbm); + return 1; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +const BIO_METHOD *BIO_s_mem(void) +{ + return &g_mem_method; +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/err.c b/crypto/openssl_mbedtls_wrapper/mbedtls/err.c index 34dad8dc598..4657259f714 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/err.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/err.c @@ -38,7 +38,34 @@ unsigned long ERR_peek_last_error(void) return errno; } +void ERR_free_strings(void) +{ +} + void ERR_error_string_n(unsigned long e, char *buf, size_t len) { mbedtls_strerror(e, buf, len); } + +void ERR_clear_error(void) +{ +} + +unsigned long ERR_get_error(void) +{ + return errno; +} + +void ERR_remove_state(unsigned long pid) +{ +} + +int ERR_load_crypto_strings(void) +{ + return 1; +} + +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u) +{ +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/evp.c b/crypto/openssl_mbedtls_wrapper/mbedtls/evp.c index 3045c495a67..b1feae34367 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/evp.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/evp.c @@ -344,3 +344,12 @@ int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, { return 0; } + +int OpenSSL_add_all_algorithms(void) +{ + return 0; +} + +void EVP_cleanup(void) +{ +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_lib.c b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_lib.c index a4f0eea4074..4e7bf096891 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_lib.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_lib.c @@ -21,13 +21,22 @@ * Included Files ****************************************************************************/ +#include #include #include #include #include "ssl_port.h" +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + #define SSL_SEND_DATA_MAX_LENGTH 1460 +/**************************************************************************** + * Private Types + ****************************************************************************/ + struct alpn_ctx { unsigned char data[23]; @@ -56,6 +65,7 @@ static SSL_SESSION *SSL_SESSION_new(void) goto failed2; } + session->references = 1; return session; failed2: @@ -64,12 +74,6 @@ static SSL_SESSION *SSL_SESSION_new(void) return NULL; } -static void SSL_SESSION_free(SSL_SESSION *session) -{ - X509_free(session->peer); - ssl_mem_free(session); -} - static void _openssl_alpn_to_mbedtls(struct alpn_ctx *ac, char ***palpn_protos) { @@ -256,7 +260,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) return ret; } -SSL_CTX *SSL_CTX_new(const SSL_METHOD *method, void *rngctx) +SSL_CTX *SSL_CTX_new(const SSL_METHOD *method, ...) { SSL_CTX *ctx; CERT *cert; @@ -1014,3 +1018,389 @@ void SSL_set_alpn_select_cb(SSL *ssl, void *arg) _ssl_set_alpn_list(ssl); } + +SSL_SESSION *SSL_get1_session(SSL *ssl) +{ + SSL_ASSERT2(ssl); + + atomic_fetch_add(&ssl->session->references, 1); + return ssl->session; +} + +void SSL_SESSION_free(SSL_SESSION *session) +{ + SSL_ASSERT3(session); + + if (atomic_fetch_sub(&session->references, 1) == 1) + { + X509_free(session->peer); + ssl_mem_free(session); + } +} + +int SSL_set_session(SSL *s, SSL_SESSION *session) +{ + SSL_ASSERT1(s); + SSL_ASSERT1(session); + + SSL_SESSION_free(s->session); + s->session = session; + return 1; +} + +const char *SSLeay_version(int t) +{ + return "not available"; +} + +const char *SSL_state_string_long(const SSL *s) +{ + SSL_ASSERT2(s); + + switch (SSL_get_state(s)) + { + case TLS_ST_CR_CERT_STATUS: + return "SSLv3/TLS read certificate status"; + case TLS_ST_CW_NEXT_PROTO: + return "SSLv3/TLS write next proto"; + case TLS_ST_SR_NEXT_PROTO: + return "SSLv3/TLS read next proto"; + case TLS_ST_SW_CERT_STATUS: + return "SSLv3/TLS write certificate status"; + case TLS_ST_BEFORE: + return "before SSL initialization"; + case TLS_ST_OK: + return "SSL negotiation finished successfully"; + case TLS_ST_CW_CLNT_HELLO: + return "SSLv3/TLS write client hello"; + case TLS_ST_CR_SRVR_HELLO: + return "SSLv3/TLS read server hello"; + case TLS_ST_CR_CERT: + return "SSLv3/TLS read server certificate"; + case TLS_ST_CR_COMP_CERT: + return "TLSv1.3 read server compressed certificate"; + case TLS_ST_CR_KEY_EXCH: + return "SSLv3/TLS read server key exchange"; + case TLS_ST_CR_CERT_REQ: + return "SSLv3/TLS read server certificate request"; + case TLS_ST_CR_SESSION_TICKET: + return "SSLv3/TLS read server session ticket"; + case TLS_ST_CR_SRVR_DONE: + return "SSLv3/TLS read server done"; + case TLS_ST_CW_CERT: + return "SSLv3/TLS write client certificate"; + case TLS_ST_CW_COMP_CERT: + return "TLSv1.3 write client compressed certificate"; + case TLS_ST_CW_KEY_EXCH: + return "SSLv3/TLS write client key exchange"; + case TLS_ST_CW_CERT_VRFY: + return "SSLv3/TLS write certificate verify"; + case TLS_ST_CW_CHANGE: + case TLS_ST_SW_CHANGE: + return "SSLv3/TLS write change cipher spec"; + case TLS_ST_CW_FINISHED: + case TLS_ST_SW_FINISHED: + return "SSLv3/TLS write finished"; + case TLS_ST_CR_CHANGE: + case TLS_ST_SR_CHANGE: + return "SSLv3/TLS read change cipher spec"; + case TLS_ST_CR_FINISHED: + case TLS_ST_SR_FINISHED: + return "SSLv3/TLS read finished"; + case TLS_ST_SR_CLNT_HELLO: + return "SSLv3/TLS read client hello"; + case TLS_ST_SW_HELLO_REQ: + return "SSLv3/TLS write hello request"; + case TLS_ST_SW_SRVR_HELLO: + return "SSLv3/TLS write server hello"; + case TLS_ST_SW_CERT: + return "SSLv3/TLS write certificate"; + case TLS_ST_SW_COMP_CERT: + return "TLSv1.3 write server compressed certificate"; + case TLS_ST_SW_KEY_EXCH: + return "SSLv3/TLS write key exchange"; + case TLS_ST_SW_CERT_REQ: + return "SSLv3/TLS write certificate request"; + case TLS_ST_SW_SESSION_TICKET: + return "SSLv3/TLS write session ticket"; + case TLS_ST_SW_SRVR_DONE: + return "SSLv3/TLS write server done"; + case TLS_ST_SR_CERT: + return "SSLv3/TLS read client certificate"; + case TLS_ST_SR_COMP_CERT: + return "TLSv1.3 read client compressed certificate"; + case TLS_ST_SR_KEY_EXCH: + return "SSLv3/TLS read client key exchange"; + case TLS_ST_SR_CERT_VRFY: + return "SSLv3/TLS read certificate verify"; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: + return "DTLS1 read hello verify request"; + case DTLS_ST_SW_HELLO_VERIFY_REQUEST: + return "DTLS1 write hello verify request"; + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + return "TLSv1.3 write encrypted extensions"; + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return "TLSv1.3 read encrypted extensions"; + case TLS_ST_CR_CERT_VRFY: + return "TLSv1.3 read server certificate verify"; + case TLS_ST_SW_CERT_VRFY: + return "TLSv1.3 write server certificate verify"; + case TLS_ST_CR_HELLO_REQ: + return "SSLv3/TLS read hello request"; + case TLS_ST_SW_KEY_UPDATE: + return "TLSv1.3 write server key update"; + case TLS_ST_CW_KEY_UPDATE: + return "TLSv1.3 write client key update"; + case TLS_ST_SR_KEY_UPDATE: + return "TLSv1.3 read client key update"; + case TLS_ST_CR_KEY_UPDATE: + return "TLSv1.3 read server key update"; + case TLS_ST_EARLY_DATA: + return "TLSv1.3 early data"; + case TLS_ST_PENDING_EARLY_DATA_END: + return "TLSv1.3 pending early data end"; + case TLS_ST_CW_END_OF_EARLY_DATA: + return "TLSv1.3 write end of early data"; + case TLS_ST_SR_END_OF_EARLY_DATA: + return "TLSv1.3 read end of early data"; + default: + return "unknown state"; + } +} + +const char *SSL_get_cipher_name(const SSL *s) +{ + SSL_ASSERT2(s); + SSL_ASSERT2(s->session); + + return s->session->cipher->name ? s->session->cipher->name : "(NONE)"; +} + +const char *SSL_alert_type_string_long(int value) +{ + switch (value >> 8) + { + case SSL3_AL_WARNING: + return "warning"; + case SSL3_AL_FATAL: + return "fatal"; + } + + return "unknown"; +} + +const char *SSL_alert_desc_string_long(int value) +{ + switch (value & 0xff) + { + case SSL3_AD_CLOSE_NOTIFY: + return "close notify"; + case SSL3_AD_UNEXPECTED_MESSAGE: + return "unexpected message"; + case SSL3_AD_BAD_RECORD_MAC: + return "bad record mac"; + case SSL3_AD_DECOMPRESSION_FAILURE: + return "decompression failure"; + case SSL3_AD_HANDSHAKE_FAILURE: + return "handshake failure"; + case SSL3_AD_NO_CERTIFICATE: + return "no certificate"; + case SSL3_AD_BAD_CERTIFICATE: + return "bad certificate"; + case SSL3_AD_UNSUPPORTED_CERTIFICATE: + return "unsupported certificate"; + case SSL3_AD_CERTIFICATE_REVOKED: + return "certificate revoked"; + case SSL3_AD_CERTIFICATE_EXPIRED: + return "certificate expired"; + case SSL3_AD_CERTIFICATE_UNKNOWN: + return "certificate unknown"; + case SSL3_AD_ILLEGAL_PARAMETER: + return "illegal parameter"; + case TLS1_AD_DECRYPTION_FAILED: + return "decryption failed"; + case TLS1_AD_RECORD_OVERFLOW: + return "record overflow"; + case TLS1_AD_UNKNOWN_CA: + return "unknown CA"; + case TLS1_AD_ACCESS_DENIED: + return "access denied"; + case TLS1_AD_DECODE_ERROR: + return "decode error"; + case TLS1_AD_DECRYPT_ERROR: + return "decrypt error"; + case TLS1_AD_EXPORT_RESTRICTION: + return "export restriction"; + case TLS1_AD_PROTOCOL_VERSION: + return "protocol version"; + case TLS1_AD_INSUFFICIENT_SECURITY: + return "insufficient security"; + case TLS1_AD_INTERNAL_ERROR: + return "internal error"; + case TLS1_AD_USER_CANCELLED: + return "user canceled"; + case TLS1_AD_NO_RENEGOTIATION: + return "no renegotiation"; + case TLS1_AD_UNSUPPORTED_EXTENSION: + return "unsupported extension"; + case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + return "certificate unobtainable"; + case TLS1_AD_UNRECOGNIZED_NAME: + return "unrecognized name"; + case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + return "bad certificate status response"; + case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + return "bad certificate hash value"; + case TLS1_AD_UNKNOWN_PSK_IDENTITY: + return "unknown PSK identity"; + case TLS1_AD_NO_APPLICATION_PROTOCOL: + return "no application protocol"; + default: + return "unknown"; + } +} + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) +{ + ctx->default_passwd_callback = cb; +} + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) +{ + ctx->default_passwd_callback_userdata = u; +} + +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) +{ + ctx->psk_client_callback = cb; +} + +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) +{ + return 0; +} + +long SSL_CTX_set_mode(SSL_CTX *ctx, long larg) +{ + return ctx->mode |= larg; +} + +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb)(const SSL *ssl, int type, int val)) +{ + ctx->info_callback = cb; +} + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)) +{ + ctx->msg_callback = cb; +} + +long SSL_set_tlsext_host_name(SSL *s, void *parg) +{ + size_t len; + + SSL_ASSERT1(s); + SSL_ASSERT1(s->session); + + if (parg == NULL) + { + return 1; + } + + len = strlen(parg); + if (len == 0 || len > TLSEXT_MAXLEN_host_name) + { + return 0; + } + + memset(s->session->ext.hostname, 0, TLSEXT_MAXLEN_host_name); + memcpy(s->session->ext.hostname, parg, len); + return 1; +} + +int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) +{ + X509 *x; + int ret; + + SSL_ASSERT1(ctx); + SSL_ASSERT1(CAfile); + + x = X509_new(); + ret = X509_METHOD_CALL(load_file, x, CAfile); + if (ret) + { + X509_free(x); + return 0; + } + + SSL_CTX_add_client_CA(ctx, x); + return 1; +} + +int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) +{ + X509 *x; + int ret; + + SSL_ASSERT1(ctx); + SSL_ASSERT1(CApath); + + x = X509_new(); + ret = X509_METHOD_CALL(load_path, x, CApath); + if (ret) + { + X509_free(x); + return 0; + } + + SSL_CTX_add_client_CA(ctx, x); + return 1; +} + +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath) +{ + if (CAfile == NULL && CApath == NULL) + { + return 0; + } + + if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile)) + { + return 0; + } + + if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath)) + { + return 0; + } + + return 1; +} + +int SSL_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func) +{ + return 0; +} + +const char *SSL_get_cipher_list(const SSL *s, int n) +{ + return NULL; +} + +int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) +{ + return 0; +} + +int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) +{ + return 0; +} diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.c b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.c index 7abddee9fd4..a5b8e5bb01c 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.c @@ -95,7 +95,8 @@ IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); IMPLEMENT_X509_METHOD(X509_method, x509_pm_new, x509_pm_free, - x509_pm_load, x509_pm_show_info); + x509_pm_load, x509_pm_load_file, + x509_pm_load_path, x509_pm_show_info); /** * @brief get private key object method diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.h b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.h index 3c26478149b..c93546fc74b 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.h +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_methods.h @@ -27,10 +27,9 @@ #include #include "ssl_pm.h" -#ifdef __cplusplus -extern "C" -{ -#endif +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ /* TLS method function implement */ @@ -42,7 +41,7 @@ extern "C" set_bufflen, \ get_verify_result, \ get_state) \ - static const SSL_METHOD_FUNC func_name LOCAL_ATRR = \ + static const SSL_METHOD_FUNC func_name = \ { \ new, \ free, \ @@ -62,7 +61,7 @@ extern "C" #define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) \ { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = \ + static const SSL_METHOD func_name##_data = \ { \ ver, \ mode, \ @@ -74,7 +73,7 @@ extern "C" #define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) \ { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = \ + static const SSL_METHOD func_name##_data = \ { \ ver, \ mode, \ @@ -87,14 +86,18 @@ extern "C" new, \ free, \ load, \ + load_file, \ + load_path, \ show_info) \ const X509_METHOD* func_name(void) \ { \ - static const X509_METHOD func_name##_data LOCAL_ATRR = \ + static const X509_METHOD func_name##_data = \ { \ new, \ free, \ load, \ + load_file, \ + load_path, \ show_info \ }; \ return &func_name##_data; \ @@ -106,7 +109,7 @@ extern "C" load) \ const PKEY_METHOD* func_name(void) \ { \ - static const PKEY_METHOD func_name##_data LOCAL_ATRR = \ + static const PKEY_METHOD func_name##_data = \ { \ new, \ free, \ @@ -115,6 +118,15 @@ extern "C" return &func_name##_data; \ } +#ifdef __cplusplus +extern "C" +{ +#endif + +/**************************************************************************** + * Public Function Prototypes + ****************************************************************************/ + /** * @brief get X509 object method * diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c index 95bec900ec5..84ba2345e99 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c @@ -38,7 +38,16 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + #define X509_INFO_STRING_LENGTH 8192 +#define READ_TIMEOUT_MS 50000 /* 50 seconds */ + +/**************************************************************************** + * Private Types + ****************************************************************************/ struct ssl_pm { @@ -58,7 +67,7 @@ struct ssl_pm struct x509_pm { - mbedtls_x509_crt *x509_crt; + mbedtls_x509_crt x509_crt; mbedtls_x509_crt *ex_crt; }; @@ -68,10 +77,15 @@ struct pkey_pm mbedtls_pk_context *ex_pkey; }; +/**************************************************************************** + * Public Data + ****************************************************************************/ + unsigned int max_content_len; -/* mbedtls debug level */ -#define MBEDTLS_DEBUG_LEVEL 4 +/**************************************************************************** + * Private Functions + ****************************************************************************/ /** * @brief mbedtls debug function @@ -134,6 +148,7 @@ int ssl_pm_new(SSL *ssl) mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg); mbedtls_entropy_init(&ssl_pm->entropy); mbedtls_ssl_init(&ssl_pm->ssl); + mbedtls_ssl_conf_read_timeout(&ssl_pm->conf, READ_TIMEOUT_MS); ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); @@ -210,7 +225,8 @@ int ssl_pm_new(SSL *ssl) } mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, - mbedtls_net_send, mbedtls_net_recv, NULL); + mbedtls_net_send, mbedtls_net_recv, + mbedtls_net_recv_timeout); ssl->ssl_pm = ssl_pm; @@ -249,7 +265,7 @@ void ssl_pm_free(SSL *ssl) static int ssl_pm_reload_crt(SSL *ssl) { - int ret; + int ret = 0; int mode; struct ssl_pm *ssl_pm = ssl->ssl_pm; struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm; @@ -275,29 +291,16 @@ static int ssl_pm_reload_crt(SSL *ssl) } mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - - if (ca_pm->x509_crt) - { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); - } - else if (ca_pm->ex_crt) + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &ca_pm->x509_crt, NULL); + if (ca_pm->ex_crt) { mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL); } - if (crt_pm->x509_crt && pkey_pm->pkey) - { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, - crt_pm->x509_crt, pkey_pm->pkey); - } - else if (crt_pm->ex_crt && pkey_pm->ex_pkey) + if (pkey_pm->pkey) { ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, - crt_pm->ex_crt, pkey_pm->ex_pkey); - } - else - { - ret = 0; + &crt_pm->x509_crt, pkey_pm->pkey); } if (ret) @@ -342,7 +345,8 @@ int ssl_pm_handshake(SSL *ssl) ret = ssl_pm_reload_crt(ssl); if (ret) { - printf("%s: cert reload failed\n", __func__); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "%s: cert reload failed\n", __func__); return 0; } @@ -396,7 +400,8 @@ int ssl_pm_handshake(SSL *ssl) return 0; } - printf("%s: mbedtls_ssl_handshake() returned -0x%x\n", __func__, -ret); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "%s: mbedtls_ssl_handshake() returned -0x%x\n", __func__, -ret); /* it's had it */ @@ -415,7 +420,7 @@ ssl_ctx_get_mbedtls_x509_crt(SSL_CTX *ssl_ctx) return NULL; } - return x509_pm->x509_crt; + return &x509_pm->x509_crt; } mbedtls_x509_crt * @@ -451,7 +456,7 @@ int ssl_pm_shutdown(SSL *ssl) else { struct x509_pm *x509_pm = - (struct x509_pm *)ssl->session->peer->x509_pm; + (struct x509_pm *)ssl->session->peer->x509_pm; x509_pm->ex_crt = NULL; ret = 1; /* OpenSSL: "The shutdown was successfully completed" @@ -481,6 +486,22 @@ int ssl_pm_read(SSL *ssl, void *buffer, int len) { ssl->err = SSL_ERROR_SYSCALL; } + else if (ret == MBEDTLS_ERR_SSL_WANT_READ) + { + ssl->err = SSL_ERROR_WANT_READ; + } + else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) + { + ssl->err = SSL_ERROR_WANT_WRITE; + } + else if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) + { + ssl->err = SSL_ERROR_WANT_ASYNC; + } + else + { + ssl->err = SSL_ERROR_SSL; + } ret = -1; } @@ -613,7 +634,7 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) case MBEDTLS_SSL_HANDSHAKE_OVER: state = TLS_ST_OK; break; - default : + default: state = TLS_ST_BEFORE; break; } @@ -628,20 +649,8 @@ int x509_pm_show_info(X509 *x) mbedtls_x509_crt *x509_crt; struct x509_pm *x509_pm = x->x509_pm; - if (x509_pm->x509_crt) - { - x509_crt = x509_pm->x509_crt; - } - else if (x509_pm->ex_crt) - { - x509_crt = x509_pm->ex_crt; - } - else - { - x509_crt = NULL; - } - - if (!x509_crt) + x509_crt = &x509_pm->x509_crt; + if (x509_crt->version == 0) { return -1; } @@ -693,7 +702,7 @@ int x509_pm_new(X509 *x, X509 *m_x) { struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm; - x509_pm->ex_crt = m_x509_pm->x509_crt; + x509_pm->ex_crt = &m_x509_pm->x509_crt; } return 0; @@ -706,14 +715,7 @@ void x509_pm_free(X509 *x) { struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - if (x509_pm->x509_crt) - { - mbedtls_x509_crt_free(x509_pm->x509_crt); - - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; - } - + mbedtls_x509_crt_free(&x509_pm->x509_crt); ssl_mem_free(x->x509_pm); x->x509_pm = NULL; } @@ -724,23 +726,8 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) unsigned char *load_buf; struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - if (x509_pm->x509_crt) - { - mbedtls_x509_crt_free(x509_pm->x509_crt); - } - - if (!x509_pm->x509_crt) - { - x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt)); - if (!x509_pm->x509_crt) - { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, - "no enough memory > (x509_pm->x509_crt)"); - goto no_mem; - } - } - - mbedtls_x509_crt_init(x509_pm->x509_crt); + mbedtls_x509_crt_free(&x509_pm->x509_crt); + mbedtls_x509_crt_init(&x509_pm->x509_crt); if (buffer[0] != 0x30) { load_buf = ssl_mem_malloc(len + 1); @@ -754,32 +741,67 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; - ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); + ret = mbedtls_x509_crt_parse(&x509_pm->x509_crt, load_buf, len + 1); ssl_mem_free(load_buf); } else { - printf("parsing as der\n"); - - ret = mbedtls_x509_crt_parse_der(x509_pm->x509_crt, buffer, len); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "parsing as der\n"); + ret = mbedtls_x509_crt_parse_der(&x509_pm->x509_crt, buffer, len); } if (ret) { - printf("mbedtls_x509_crt_parse return -0x%x", -ret); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "mbedtls_x509_crt_parse return -0x%x", -ret); goto failed; } return 0; failed: - mbedtls_x509_crt_free(x509_pm->x509_crt); - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; -no_mem: + mbedtls_x509_crt_free(&x509_pm->x509_crt); return -1; } +int x509_pm_load_file(X509 *x, const char *path) +{ + int ret; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; + + mbedtls_x509_crt_free(&x509_pm->x509_crt); + mbedtls_x509_crt_init(&x509_pm->x509_crt); + ret = mbedtls_x509_crt_parse_file(&x509_pm->x509_crt, path); + if (ret) + { + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "mbedtls_x509_crt_parse_file return -0x%x", -ret); + mbedtls_x509_crt_free(&x509_pm->x509_crt); + return -1; + } + + return 0; +} + +int x509_pm_load_path(X509 *x, const char *path) +{ + int ret; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; + + mbedtls_x509_crt_free(&x509_pm->x509_crt); + mbedtls_x509_crt_init(&x509_pm->x509_crt); + ret = mbedtls_x509_crt_parse_path(&x509_pm->x509_crt, path); + if (ret) + { + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "mbedtls_x509_crt_parse_file return -0x%x", -ret); + mbedtls_x509_crt_free(&x509_pm->x509_crt); + return -1; + } + + return 0; +} + int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) { struct pkey_pm *pkey_pm; @@ -977,7 +999,8 @@ void _ssl_set_alpn_list(const SSL *ssl) &((struct ssl_pm *)(ssl->ssl_pm))->conf, ssl->alpn_protos)) { - fprintf(stderr, "mbedtls_ssl_conf_alpn_protocols failed\n"); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "mbedtls_ssl_conf_alpn_protocols failed\n"); } return; @@ -992,7 +1015,8 @@ void _ssl_set_alpn_list(const SSL *ssl) &((struct ssl_pm *)(ssl->ssl_pm))->conf, ssl->ctx->alpn_protos)) { - fprintf(stderr, "mbedtls_ssl_conf_alpn_protocols failed\n"); + SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, + "mbedtls_ssl_conf_alpn_protocols failed\n"); } } @@ -1070,8 +1094,8 @@ void SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) ssl->verify_mode = ctx->verify_mode; - mbedtls_ssl_set_hs_ca_chain(&ssl_pm->ssl, x509_pm_ca->x509_crt, NULL); - mbedtls_ssl_set_hs_own_cert(&ssl_pm->ssl, x509_pm->x509_crt, + mbedtls_ssl_set_hs_ca_chain(&ssl_pm->ssl, &x509_pm_ca->x509_crt, NULL); + mbedtls_ssl_set_hs_own_cert(&ssl_pm->ssl, &x509_pm->x509_crt, pkey_pm->pkey); mbedtls_ssl_set_hs_authmode(&ssl_pm->ssl, mode); } diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.h b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.h index 22e6eda4a44..0d206502458 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.h +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.h @@ -33,7 +33,9 @@ extern "C" { #endif -#define LOCAL_ATRR +/**************************************************************************** + * Public Function Prototypes + ****************************************************************************/ int ssl_pm_new(SSL *ssl); void ssl_pm_free(SSL *ssl); @@ -57,6 +59,8 @@ int x509_pm_show_info(X509 *x); int x509_pm_new(X509 *x, X509 *m_x); void x509_pm_free(X509 *x); int x509_pm_load(X509 *x, const unsigned char *buffer, int len); +int x509_pm_load_file(X509 *x, const char *path); +int x509_pm_load_path(X509 *x, const char *path); int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk); void pkey_pm_free(EVP_PKEY *pk); diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_rsa.c b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_rsa.c index 0a754317df7..7f21912eacc 100644 --- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_rsa.c +++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_rsa.c @@ -124,6 +124,11 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) return 0; } +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ + return 0; +} + int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { return 0;