2
0

openssl.c 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /*
  31. * Enable a subset of openssl compatible functions. We don't aim to be 100%
  32. * compatible - just to be able to do basic ports etc.
  33. *
  34. * Only really tested on mini_httpd, so I'm not too sure how extensive this
  35. * port is.
  36. */
  37. #include "config.h"
  38. #ifdef CONFIG_OPENSSL_COMPATIBLE
  39. #include <stdlib.h>
  40. #include <string.h>
  41. #include <stdarg.h>
  42. #include "ssl.h"
  43. #define OPENSSL_CTX_ATTR ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
  44. static char *key_password = NULL;
  45. void *SSLv23_server_method(void) { return NULL; }
  46. void *SSLv3_server_method(void) { return NULL; }
  47. void *TLSv1_server_method(void) { return NULL; }
  48. void *SSLv23_client_method(void) { return NULL; }
  49. void *SSLv3_client_method(void) { return NULL; }
  50. void *TLSv1_client_method(void) { return NULL; }
  51. typedef void * (*ssl_func_type_t)(void);
  52. typedef void * (*bio_func_type_t)(void);
  53. typedef struct
  54. {
  55. ssl_func_type_t ssl_func_type;
  56. } OPENSSL_CTX;
  57. SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
  58. {
  59. SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
  60. ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
  61. OPENSSL_CTX_ATTR->ssl_func_type = meth;
  62. return ssl_ctx;
  63. }
  64. void SSL_CTX_free(SSL_CTX * ssl_ctx)
  65. {
  66. free(ssl_ctx->bonus_attr);
  67. ssl_ctx_free(ssl_ctx);
  68. }
  69. SSL * SSL_new(SSL_CTX *ssl_ctx)
  70. {
  71. SSL *ssl;
  72. ssl_func_type_t ssl_func_type;
  73. ssl = ssl_new(ssl_ctx, -1); /* fd is set later */
  74. ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
  75. #ifdef CONFIG_SSL_ENABLE_CLIENT
  76. if (ssl_func_type == SSLv23_client_method ||
  77. ssl_func_type == SSLv3_client_method ||
  78. ssl_func_type == TLSv1_client_method)
  79. {
  80. SET_SSL_FLAG(SSL_IS_CLIENT);
  81. }
  82. else
  83. #endif
  84. {
  85. ssl->next_state = HS_CLIENT_HELLO;
  86. }
  87. return ssl;
  88. }
  89. int SSL_set_fd(SSL *s, int fd)
  90. {
  91. s->client_fd = fd;
  92. return 1; /* always succeeds */
  93. }
  94. int SSL_accept(SSL *ssl)
  95. {
  96. while (ssl_read(ssl, NULL) == SSL_OK)
  97. {
  98. if (ssl->next_state == HS_CLIENT_HELLO)
  99. return 1; /* we're done */
  100. }
  101. return -1;
  102. }
  103. #ifdef CONFIG_SSL_ENABLE_CLIENT
  104. int SSL_connect(SSL *ssl)
  105. {
  106. return do_client_connect(ssl) == SSL_OK ? 1 : -1;
  107. }
  108. #endif
  109. void SSL_free(SSL *ssl)
  110. {
  111. ssl_free(ssl);
  112. }
  113. int SSL_read(SSL *ssl, void *buf, int num)
  114. {
  115. uint8_t *read_buf;
  116. int ret;
  117. while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
  118. if (ret > SSL_OK)
  119. {
  120. memcpy(buf, read_buf, ret > num ? num : ret);
  121. }
  122. return ret;
  123. }
  124. int SSL_write(SSL *ssl, const void *buf, int num)
  125. {
  126. return ssl_write(ssl, buf, num);
  127. }
  128. int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
  129. {
  130. return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
  131. }
  132. int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
  133. {
  134. return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
  135. }
  136. int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
  137. {
  138. return (ssl_obj_memory_load(ssl_ctx,
  139. SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
  140. }
  141. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  142. unsigned int sid_ctx_len)
  143. {
  144. return 1;
  145. }
  146. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  147. {
  148. return 1;
  149. }
  150. int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
  151. {
  152. return (ssl_obj_load(ssl_ctx,
  153. SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
  154. }
  155. int SSL_shutdown(SSL *ssl)
  156. {
  157. return 1;
  158. }
  159. /*** get/set session ***/
  160. SSL_SESSION *SSL_get1_session(SSL *ssl)
  161. {
  162. return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
  163. }
  164. int SSL_set_session(SSL *ssl, SSL_SESSION *session)
  165. {
  166. memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
  167. return 1;
  168. }
  169. void SSL_SESSION_free(SSL_SESSION *session) { }
  170. /*** end get/set session ***/
  171. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  172. {
  173. return 0;
  174. }
  175. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  176. int (*verify_callback)(int, void *)) { }
  177. void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
  178. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  179. const char *CApath)
  180. {
  181. return 1;
  182. }
  183. void *SSL_load_client_CA_file(const char *file)
  184. {
  185. return (void *)file;
  186. }
  187. void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file)
  188. {
  189. ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
  190. }
  191. void SSLv23_method(void) { }
  192. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
  193. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  194. {
  195. key_password = (char *)u;
  196. }
  197. int SSL_peek(SSL *ssl, void *buf, int num)
  198. {
  199. memcpy(buf, ssl->bm_data, num);
  200. return num;
  201. }
  202. void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
  203. long SSL_get_verify_result(const SSL *ssl)
  204. {
  205. return ssl_handshake_status(ssl);
  206. }
  207. int SSL_state(SSL *ssl)
  208. {
  209. return 0x03; // ok state
  210. }
  211. /** end of could do better list */
  212. void *SSL_get_peer_certificate(const SSL *ssl)
  213. {
  214. return &ssl->ssl_ctx->certs[0];
  215. }
  216. int SSL_clear(SSL *ssl)
  217. {
  218. return 1;
  219. }
  220. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  221. {
  222. return 1;
  223. }
  224. int SSL_CTX_set_cipher_list(SSL *s, const char *str)
  225. {
  226. return 1;
  227. }
  228. int SSL_get_error(const SSL *ssl, int ret)
  229. {
  230. ssl_display_error(ret);
  231. return 0; /* TODO: return proper return code */
  232. }
  233. void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
  234. int SSL_library_init(void ) { return 1; }
  235. void SSL_load_error_strings(void ) {}
  236. void ERR_print_errors_fp(FILE *fp) {}
  237. #ifndef CONFIG_SSL_SKELETON_MODE
  238. long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) {
  239. return CONFIG_SSL_EXPIRY_TIME*3600; }
  240. long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) {
  241. return SSL_CTX_get_timeout(ssl_ctx); }
  242. #endif
  243. void BIO_printf(FILE *f, const char *format, ...)
  244. {
  245. va_list(ap);
  246. va_start(ap, format);
  247. vfprintf(f, format, ap);
  248. va_end(ap);
  249. }
  250. void* BIO_s_null(void) { return NULL; }
  251. FILE *BIO_new(bio_func_type_t func)
  252. {
  253. if (func == BIO_s_null)
  254. return fopen("/dev/null", "r");
  255. else
  256. return NULL;
  257. }
  258. FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
  259. int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
  260. #endif