2016-09-21 22:28:08 -04:00
|
|
|
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2016-09-20 04:58:46 -04:00
|
|
|
#include "ssl_x509.h"
|
2016-09-21 22:28:08 -04:00
|
|
|
#include "ssl_methods.h"
|
2016-09-20 04:58:46 -04:00
|
|
|
#include "ssl_dbg.h"
|
2016-09-21 22:28:08 -04:00
|
|
|
#include "ssl_port.h"
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
/*
|
|
|
|
* sk_X509_NAME_new_null - create a X509 certification object
|
|
|
|
*
|
|
|
|
* @param none
|
|
|
|
*
|
|
|
|
* @return X509 certification object point or NULL if failed
|
|
|
|
*/
|
2016-09-22 02:42:49 -04:00
|
|
|
X509* X509_new(void)
|
2016-09-20 04:58:46 -04:00
|
|
|
{
|
2016-09-21 22:28:08 -04:00
|
|
|
int ret;
|
|
|
|
X509 *x;
|
|
|
|
|
|
|
|
x = ssl_malloc(sizeof(X509));
|
|
|
|
if (!x)
|
|
|
|
SSL_RET(failed1, "ssl_malloc\n");
|
|
|
|
|
|
|
|
x->method = X509_method();
|
|
|
|
|
|
|
|
ret = x->method->x509_new(x);
|
|
|
|
if (ret)
|
|
|
|
SSL_RET(failed2, "x509_new\n");
|
|
|
|
|
|
|
|
return x;
|
|
|
|
|
|
|
|
failed2:
|
|
|
|
ssl_free(x);
|
|
|
|
failed1:
|
|
|
|
return NULL;
|
2016-09-20 04:58:46 -04:00
|
|
|
}
|
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
/*
|
|
|
|
* X509_free - free a X509 certification object
|
|
|
|
*
|
|
|
|
* @param x - X509 certification object point
|
|
|
|
*
|
|
|
|
* @return none
|
|
|
|
*/
|
|
|
|
void X509_free(X509 *x)
|
|
|
|
{
|
|
|
|
X509_METHOD_CALL(free, x);
|
|
|
|
|
|
|
|
ssl_free(x);
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* d2i_X509 - load a character certification context into system context. If '*cert' is pointed to the
|
|
|
|
* certification, then load certification into it. Or create a new X509 certification object
|
|
|
|
*
|
|
|
|
* @param cert - a point pointed to X509 certification
|
|
|
|
* @param buffer - a point pointed to the certification context memory point
|
|
|
|
* @param length - certification bytes
|
|
|
|
*
|
|
|
|
* @return X509 certification object point or NULL if failed
|
|
|
|
*/
|
2016-09-20 04:58:46 -04:00
|
|
|
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
|
|
|
|
{
|
2016-09-22 02:42:49 -04:00
|
|
|
int m = 0;
|
2016-09-20 04:58:46 -04:00
|
|
|
int ret;
|
2016-09-21 22:28:08 -04:00
|
|
|
X509 *x;
|
2016-09-20 04:58:46 -04:00
|
|
|
|
|
|
|
SSL_ASSERT(buffer);
|
|
|
|
SSL_ASSERT(len);
|
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
if (cert && *cert) {
|
|
|
|
x = *cert;
|
|
|
|
} else {
|
2016-09-22 02:42:49 -04:00
|
|
|
x = X509_new();
|
2016-09-21 22:28:08 -04:00
|
|
|
if (!x)
|
2016-09-22 04:41:51 -04:00
|
|
|
SSL_RET(failed1, "X509_new\n");
|
2016-09-22 02:42:49 -04:00
|
|
|
m = 1;
|
2016-09-21 22:28:08 -04:00
|
|
|
}
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
ret = X509_METHOD_CALL(load, x, buffer, len);
|
2016-09-20 04:58:46 -04:00
|
|
|
if (ret)
|
2016-09-21 22:28:08 -04:00
|
|
|
SSL_RET(failed2, "x509_load\n");
|
2016-09-20 04:58:46 -04:00
|
|
|
|
2016-09-21 22:28:08 -04:00
|
|
|
return x;
|
2016-09-20 04:58:46 -04:00
|
|
|
|
|
|
|
failed2:
|
2016-09-22 02:42:49 -04:00
|
|
|
if (m)
|
|
|
|
X509_free(x);
|
2016-09-20 04:58:46 -04:00
|
|
|
failed1:
|
|
|
|
return NULL;
|
|
|
|
}
|
2016-09-21 23:43:59 -04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* SSL_CTX_add_client_CA - set SSL context client CA certification
|
|
|
|
*
|
|
|
|
* @param ctx - SSL context point
|
|
|
|
* @param x - client CA certification point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
|
|
|
|
{
|
|
|
|
SSL_ASSERT(ctx);
|
|
|
|
SSL_ASSERT(x);
|
|
|
|
|
2016-09-22 02:42:49 -04:00
|
|
|
if (ctx->client_CA)
|
|
|
|
X509_free(ctx->client_CA);
|
|
|
|
|
2016-09-21 23:43:59 -04:00
|
|
|
ctx->client_CA = x;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-22 00:57:39 -04:00
|
|
|
/*
|
|
|
|
* SSL_add_client_CA - add CA client certification into the SSL
|
|
|
|
*
|
|
|
|
* @param ssl - SSL point
|
|
|
|
* @param x - CA certification point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_add_client_CA(SSL *ssl, X509 *x)
|
|
|
|
{
|
2016-09-22 02:42:49 -04:00
|
|
|
SSL_ASSERT(ssl);
|
|
|
|
SSL_ASSERT(x);
|
|
|
|
|
|
|
|
if (ssl->client_CA)
|
|
|
|
X509_free(ssl->client_CA);
|
|
|
|
|
|
|
|
ssl->client_CA = x;
|
|
|
|
|
|
|
|
return 1;
|
2016-09-22 00:57:39 -04:00
|
|
|
}
|
|
|
|
|
2016-09-21 23:43:59 -04:00
|
|
|
/*
|
|
|
|
* SSL_CTX_use_certificate - set the SSL context certification
|
|
|
|
*
|
|
|
|
* @param ctx - SSL context point
|
|
|
|
* @param x - X509 certification point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
|
|
|
|
{
|
|
|
|
SSL_ASSERT(ctx);
|
|
|
|
SSL_ASSERT(x);
|
|
|
|
|
|
|
|
ctx->cert->x509 = x;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-22 03:56:56 -04:00
|
|
|
/*
|
|
|
|
* SSL_CTX_use_certificate - set the SSL certification
|
|
|
|
*
|
|
|
|
* @param ctx - SSL point
|
|
|
|
* @param x - X509 certification point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_use_certificate(SSL *ssl, X509 *x)
|
|
|
|
{
|
|
|
|
SSL_ASSERT(ctx);
|
|
|
|
SSL_ASSERT(x);
|
|
|
|
|
|
|
|
ssl->cert->x509 = x;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-22 00:57:39 -04:00
|
|
|
/*
|
|
|
|
* SSL_get_certificate - get the SSL certification point
|
|
|
|
*
|
|
|
|
* @param ssl - SSL point
|
|
|
|
*
|
|
|
|
* @return SSL certification point
|
|
|
|
*/
|
|
|
|
X509 *SSL_get_certificate(const SSL *ssl)
|
|
|
|
{
|
2016-09-22 03:56:56 -04:00
|
|
|
SSL_ASSERT(ssl);
|
|
|
|
|
2016-09-22 00:57:39 -04:00
|
|
|
return ssl->cert->x509;
|
|
|
|
}
|
|
|
|
|
2016-09-21 23:43:59 -04:00
|
|
|
/*
|
|
|
|
* SSL_CTX_use_certificate_ASN1 - load certification into the SSL context
|
|
|
|
*
|
|
|
|
* @param ctx - SSL context point
|
|
|
|
* @param len - certification context bytes
|
|
|
|
* @param d - certification context point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
|
|
|
|
const unsigned char *d)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
X509 *cert;
|
|
|
|
|
|
|
|
cert = d2i_X509(&ctx->cert->x509, d, len);
|
|
|
|
if (!cert)
|
|
|
|
SSL_RET(failed1, "d2i_X509\n");
|
|
|
|
|
|
|
|
ret = SSL_CTX_use_certificate(ctx, cert);
|
|
|
|
if (!ret)
|
|
|
|
SSL_RET(failed2, "SSL_CTX_use_certificate\n");
|
|
|
|
|
2016-09-22 05:20:07 -04:00
|
|
|
ctx->cert->x509->ref = 1;
|
2016-09-22 04:41:51 -04:00
|
|
|
|
2016-09-21 23:43:59 -04:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
failed2:
|
|
|
|
X509_free(cert);
|
|
|
|
failed1:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-09-22 03:56:56 -04:00
|
|
|
/*
|
|
|
|
* SSL_use_certificate_ASN1 - load certification into the SSL
|
|
|
|
*
|
|
|
|
* @param ctx - SSL point
|
|
|
|
* @param len - certification context bytes
|
|
|
|
* @param d - certification context point
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_use_certificate_ASN1(SSL *ssl, int len,
|
|
|
|
const unsigned char *d)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
X509 *cert;
|
|
|
|
|
2016-09-22 04:41:51 -04:00
|
|
|
if (ssl->cert->x509->ref)
|
|
|
|
SSL_RET(failed1);
|
|
|
|
|
|
|
|
cert = d2i_X509(NULL, d, len);
|
2016-09-22 03:56:56 -04:00
|
|
|
if (!cert)
|
|
|
|
SSL_RET(failed1, "d2i_X509\n");
|
|
|
|
|
|
|
|
ret = SSL_use_certificate(ssl, cert);
|
|
|
|
if (!ret)
|
|
|
|
SSL_RET(failed2, "SSL_use_certificate\n");
|
|
|
|
|
2016-09-22 05:20:07 -04:00
|
|
|
ssl->cert->x509->ref = 1;
|
2016-09-22 04:41:51 -04:00
|
|
|
|
2016-09-22 03:56:56 -04:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
failed2:
|
|
|
|
X509_free(cert);
|
|
|
|
failed1:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-09-22 03:39:28 -04:00
|
|
|
/*
|
|
|
|
* SSL_CTX_use_certificate_file - load the certification file into SSL context
|
|
|
|
*
|
|
|
|
* @param ctx - SSL context point
|
|
|
|
* @param file - certification file name
|
|
|
|
* @param type - certification encoding type
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2016-09-22 03:56:56 -04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* SSL_use_certificate_file - load the certification file into SSL
|
|
|
|
*
|
|
|
|
* @param ctx - SSL point
|
|
|
|
* @param file - certification file name
|
|
|
|
* @param type - certification encoding type
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* 1 : OK
|
|
|
|
* 0 : failed
|
|
|
|
*/
|
|
|
|
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2016-09-22 05:20:07 -04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* SSL_get_peer_certificate - get peer certification
|
|
|
|
*
|
|
|
|
* @param ssl - SSL point
|
|
|
|
*
|
|
|
|
* @return certification
|
|
|
|
*/
|
|
|
|
X509 *SSL_get_peer_certificate(const SSL *ssl)
|
|
|
|
{
|
|
|
|
SSL_ASSERT(ssl);
|
|
|
|
|
|
|
|
return ssl->session.peer;
|
|
|
|
}
|