2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Enable a subset of openssl compatible functions. We don't aim to be 100%
33 * compatible - just to be able to do basic ports etc.
35 * Only really tested on mini_httpd, so I'm not too sure how extensive this
41 #ifdef CONFIG_OPENSSL_COMPATIBLE
48 #define OPENSSL_CTX_ATTR ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
50 static char *key_password
= NULL
;
52 void *SSLv23_server_method(void) { return NULL
; }
53 void *SSLv3_server_method(void) { return NULL
; }
54 void *TLSv1_server_method(void) { return NULL
; }
55 void *SSLv23_client_method(void) { return NULL
; }
56 void *SSLv3_client_method(void) { return NULL
; }
57 void *TLSv1_client_method(void) { return NULL
; }
59 typedef void * (*ssl_func_type_t
)(void);
60 typedef void * (*bio_func_type_t
)(void);
64 ssl_func_type_t ssl_func_type
;
67 SSL_CTX
* SSL_CTX_new(ssl_func_type_t meth
)
69 SSL_CTX
*ssl_ctx
= ssl_ctx_new(0, 5);
70 ssl_ctx
->bonus_attr
= malloc(sizeof(OPENSSL_CTX
));
71 OPENSSL_CTX_ATTR
->ssl_func_type
= meth
;
75 void SSL_CTX_free(SSL_CTX
* ssl_ctx
)
77 free(ssl_ctx
->bonus_attr
);
78 ssl_ctx_free(ssl_ctx
);
81 SSL
* SSL_new(SSL_CTX
*ssl_ctx
)
84 ssl_func_type_t ssl_func_type
;
86 ssl
= ssl_new(ssl_ctx
, -1); /* fd is set later */
87 ssl_func_type
= OPENSSL_CTX_ATTR
->ssl_func_type
;
89 #ifdef CONFIG_SSL_ENABLE_CLIENT
90 if (ssl_func_type
== SSLv23_client_method
||
91 ssl_func_type
== SSLv3_client_method
||
92 ssl_func_type
== TLSv1_client_method
)
94 SET_SSL_FLAG(SSL_IS_CLIENT
);
99 ssl
->next_state
= HS_CLIENT_HELLO
;
105 int SSL_set_fd(SSL
*s
, int fd
)
108 return 1; /* always succeeds */
111 int SSL_accept(SSL
*ssl
)
113 while (ssl_read(ssl
, NULL
) == SSL_OK
)
115 if (ssl
->next_state
== HS_CLIENT_HELLO
)
116 return 1; /* we're done */
122 #ifdef CONFIG_SSL_ENABLE_CLIENT
123 int SSL_connect(SSL
*ssl
)
125 return do_client_connect(ssl
) == SSL_OK
? 1 : -1;
129 void SSL_free(SSL
*ssl
)
134 int SSL_read(SSL
*ssl
, void *buf
, int num
)
139 while ((ret
= ssl_read(ssl
, &read_buf
)) == SSL_OK
);
143 memcpy(buf
, read_buf
, ret
> num
? num
: ret
);
149 int SSL_write(SSL
*ssl
, const void *buf
, int num
)
151 return ssl_write(ssl
, buf
, num
);
154 int SSL_CTX_use_certificate_file(SSL_CTX
*ssl_ctx
, const char *file
, int type
)
156 return (ssl_obj_load(ssl_ctx
, SSL_OBJ_X509_CERT
, file
, NULL
) == SSL_OK
);
159 int SSL_CTX_use_PrivateKey_file(SSL_CTX
*ssl_ctx
, const char *file
, int type
)
161 return (ssl_obj_load(ssl_ctx
, SSL_OBJ_RSA_KEY
, file
, key_password
) == SSL_OK
);
164 int SSL_CTX_use_certificate_ASN1(SSL_CTX
*ssl_ctx
, int len
, const uint8_t *d
)
166 return (ssl_obj_memory_load(ssl_ctx
,
167 SSL_OBJ_X509_CERT
, d
, len
, NULL
) == SSL_OK
);
170 int SSL_CTX_set_session_id_context(SSL_CTX
*ctx
, const unsigned char *sid_ctx
,
171 unsigned int sid_ctx_len
)
176 int SSL_CTX_set_default_verify_paths(SSL_CTX
*ctx
)
181 int SSL_CTX_use_certificate_chain_file(SSL_CTX
*ssl_ctx
, const char *file
)
183 return (ssl_obj_load(ssl_ctx
,
184 SSL_OBJ_X509_CERT
, file
, NULL
) == SSL_OK
);
187 int SSL_shutdown(SSL
*ssl
)
192 /*** get/set session ***/
193 SSL_SESSION
*SSL_get1_session(SSL
*ssl
)
195 return (SSL_SESSION
*)ssl_get_session_id(ssl
); /* note: wrong cast */
198 int SSL_set_session(SSL
*ssl
, SSL_SESSION
*session
)
200 memcpy(ssl
->session_id
, (uint8_t *)session
, SSL_SESSION_ID_SIZE
);
204 void SSL_SESSION_free(SSL_SESSION
*session
) { }
205 /*** end get/set session ***/
207 long SSL_CTX_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
212 void SSL_CTX_set_verify(SSL_CTX
*ctx
, int mode
,
213 int (*verify_callback
)(int, void *)) { }
215 void SSL_CTX_set_verify_depth(SSL_CTX
*ctx
,int depth
) { }
217 int SSL_CTX_load_verify_locations(SSL_CTX
*ctx
, const char *CAfile
,
223 void *SSL_load_client_CA_file(const char *file
)
228 void SSL_CTX_set_client_CA_list(SSL_CTX
*ssl_ctx
, void *file
)
231 ssl_obj_load(ssl_ctx
, SSL_OBJ_X509_CERT
, (const char *)file
, NULL
);
234 void SSLv23_method(void) { }
236 void SSL_CTX_set_default_passwd_cb(SSL_CTX
*ctx
, void *cb
) { }
238 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX
*ctx
, void *u
)
240 key_password
= (char *)u
;
243 int SSL_peek(SSL
*ssl
, void *buf
, int num
)
245 memcpy(buf
, ssl
->bm_data
, num
);
249 void SSL_set_bio(SSL
*ssl
, void *rbio
, void *wbio
) { }
251 long SSL_get_verify_result(const SSL
*ssl
)
253 return ssl_handshake_status(ssl
);
256 int SSL_state(SSL
*ssl
)
258 return 0x03; // ok state
261 /** end of could do better list */
263 void *SSL_get_peer_certificate(const SSL
*ssl
)
265 return &ssl
->ssl_ctx
->certs
[0];
268 int SSL_clear(SSL
*ssl
)
274 int SSL_CTX_check_private_key(const SSL_CTX
*ctx
)
279 int SSL_CTX_set_cipher_list(SSL
*s
, const char *str
)
284 int SSL_get_error(const SSL
*ssl
, int ret
)
286 ssl_display_error(ret
);
287 return 0; /* TODO: return proper return code */
290 void SSL_CTX_set_options(SSL_CTX
*ssl_ctx
, int option
) {}
291 int SSL_library_init(void ) { return 1; }
292 void SSL_load_error_strings(void ) {}
293 void ERR_print_errors_fp(FILE *fp
) {}
295 #ifndef CONFIG_SSL_SKELETON_MODE
296 long SSL_CTX_get_timeout(const SSL_CTX
*ssl_ctx
) {
297 return CONFIG_SSL_EXPIRY_TIME
*3600; }
298 long SSL_CTX_set_timeout(SSL_CTX
*ssl_ctx
, long t
) {
299 return SSL_CTX_get_timeout(ssl_ctx
); }
301 void BIO_printf(FILE *f
, const char *format
, ...)
304 va_start(ap
, format
);
305 vfprintf(f
, format
, ap
);
309 void* BIO_s_null(void) { return NULL
; }
310 FILE *BIO_new(bio_func_type_t func
)
312 if (func
== BIO_s_null
)
313 return fopen("/dev/null", "r");
318 FILE *BIO_new_fp(FILE *stream
, int close_flag
) { return stream
; }
319 int BIO_free(FILE *a
) { if (a
!= stdout
&& a
!= stderr
) fclose(a
); return 1; }