Merge branch 'feature/openssl_option' into 'master'

components/openssl: refactor openssl debugging and assert function

1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert

According these, our coders and customers may use and debug the OpenSSL code easily.


See merge request !400
This commit is contained in:
Angus Gratton 2017-01-27 08:37:02 +08:00
commit 0a678ebe8c
12 changed files with 683 additions and 448 deletions

View File

@ -0,0 +1,70 @@
menu "OpenSSL"
config OPENSSL_DEBUG
bool "Enable OpenSSL debugging"
default n
help
Enable OpenSSL debugging function.
If the option is enabled, "SSL_DEBUG" works.
config OPENSSL_DEBUG_LEVEL
int "OpenSSL debugging level"
default 0
range 0 255
depends on OPENSSL_DEBUG
help
OpenSSL debugging level.
Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
For example:
If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not print.
config OPENSSL_LOWLEVEL_DEBUG
bool "Enable OpenSSL low-level module debugging"
default n
depends on OPENSSL_DEBUG
select MBEDTLS_DEBUG
help
If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal debugging function.
choice OPENSSL_ASSERT
prompt "Select OpenSSL assert function"
default CONFIG_OPENSSL_ASSERT_EXIT
help
OpenSSL function needs "assert" function to check if input parameters are valid.
If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
config OPENSSL_ASSERT_DO_NOTHING
bool "Do nothing"
help
Do nothing and "SSL_ASSERT" does not work.
config OPENSSL_ASSERT_EXIT
bool "Check and exit"
help
Enable assert exiting, it will check and return error code.
config OPENSSL_ASSERT_DEBUG
bool "Show debugging message"
depends on OPENSSL_DEBUG
help
Enable assert debugging, it will check and show debugging message.
config OPENSSL_ASSERT_DEBUG_EXIT
bool "Show debugging message and exit"
depends on OPENSSL_DEBUG
help
Enable assert debugging and exiting, it will check, show debugging message and return error code.
config OPENSSL_ASSERT_DEBUG_BLOCK
bool "Show debugging message and block"
depends on OPENSSL_DEBUG
help
Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
endchoice
endmenu

View File

@ -22,72 +22,170 @@
extern "C" {
#endif
#ifndef SSL_DEBUG_ENBALE
#define SSL_DEBUG_ENBALE 0
#endif
#ifndef SSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL 0
#endif
#ifndef SSL_ASSERT_ENABLE
#define SSL_ASSERT_ENABLE 0
#endif
#ifndef SSL_DEBUG_LOCATION_ENABLE
#define SSL_DEBUG_LOCATION_ENABLE 0
#endif
#if SSL_DEBUG_ENBALE
#if !defined(SSL_PRINT_LOG) || !defined(SSL_ERROR_LOG) || !defined(SSL_LOCAL_LOG)
#include "stdio.h"
extern int printf(const char *fmt, ...);
#ifndef SSL_PRINT_LOG
#define SSL_PRINT_LOG printf
#endif
#ifndef SSL_ERROR_LOG
#define SSL_ERROR_LOG printf
#endif
#ifndef SSL_LOCAL_LOG
#define SSL_LOCAL_LOG printf
#endif
#endif
#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
#else
#ifdef SSL_PRINT_LOG
#undef SSL_PRINT_LOG
#endif
#define SSL_PRINT_LOG(...)
#ifdef SSL_ERROR_LOG
#undef SSL_ERROR_LOG
#endif
#define SSL_ERROR_LOG(...)
#ifdef SSL_LOCAL_LOG
#undef SSL_LOCAL_LOG
#endif
#define SSL_LOCAL_LOG(...)
#define SSL_DEBUG_LEVEL 0
#endif
#if SSL_DEBUG_LOCATION_ENABLE
#define SSL_DEBUG_LOCATION() SSL_LOCAL_LOG("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__)
#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
#ifdef CONFIG_OPENSSL_DEBUG
#ifndef SSL_DEBUG_LOG
#error "SSL_DEBUG_LOG is not defined"
#endif
#ifndef SSL_DEBUG_FL
#define SSL_DEBUG_FL "\n"
#endif
#define SSL_SHOW_LOCATION() \
SSL_DEBUG_LOG("SSL assert : %s %d\n", \
__FILE__, __LINE__)
#define SSL_DEBUG(level, fmt, ...) \
{ \
if (level > SSL_DEBUG_LEVEL) { \
SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
} \
}
#else /* CONFIG_OPENSSL_DEBUG */
#define SSL_SHOW_LOCATION()
#define SSL_DEBUG(level, fmt, ...)
#endif /* CONFIG_OPENSSL_DEBUG */
/**
* OpenSSL assert function
*
* if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
* if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
* then return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
* then block here with "while (1)"
*
* SSL_ASSERT1 may will return "-1", so function's return argument is integer.
* SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
* SSL_ASSERT2 may will return nothing, so function's return argument is "void".
*/
#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#else
#define SSL_DEBUG_LOCATION()
#define SSL_ASSERT1(s)
#define SSL_ASSERT2(s)
#define SSL_ASSERT3(s)
#endif
#if SSL_ASSERT_ENABLE
#define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } }
#else
#define SSL_ASSERT(s)
#endif
#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); ret = err; goto go; }
#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); goto go; }
#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT_LOG(fmt, ##__VA_ARGS__);} }
#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
#ifdef __cplusplus
}
}
#endif
#endif

View File

@ -15,34 +15,6 @@
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
#ifdef __cplusplus
extern "C" {
#endif
/**
* if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface
*/
#define ESP32_IDF_PLATFORM
/**
* openssl debug print function enable
*/
#define SSL_DEBUG_ENBALE 0
/**
* openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL"
* will not print message
*/
#define SSL_DEBUG_LEVEL 0
/**
* openssl assert function enable, it will check the input paramter and print the message
*/
#define SSL_ASSERT_ENABLE 0
/**
* openssl location function enable, it will print location of the positioning error
*/
#define SSL_DEBUG_LOCATION_ENABLE 0
#include "sdkconfig.h"
#endif

View File

@ -19,6 +19,7 @@
extern "C" {
#endif
#include <string.h>
#include "ssl_types.h"
#include "ssl_port.h"
@ -53,4 +54,8 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
long ssl_pm_get_verify_result(const SSL *ssl);
#ifdef __cplusplus
}
#endif
#endif

View File

@ -19,31 +19,27 @@
extern "C" {
#endif
#include "platform/ssl_opt.h"
#ifdef ESP32_IDF_PLATFORM
#include "esp_types.h"
#include "esp_log.h"
#include "string.h"
#include "malloc.h"
void *ssl_mem_zalloc(size_t size);
void *ssl_mem_malloc(size_t size);
void ssl_mem_free(void *p);
void* ssl_memcpy(void *to, const void *from, size_t size);
size_t ssl_strlen(const char *src);
#define ssl_mem_malloc malloc
#define ssl_mem_free free
void ssl_speed_up_enter(void);
void ssl_speed_up_exit(void);
#define ssl_memcpy memcpy
#define ssl_strlen strlen
#define SSL_PRINT_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
#define SSL_ERROR_LOG(fmt, ...) ESP_LOGE("openssl", fmt, ##__VA_ARGS__)
#define SSL_LOCAL_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
#define ssl_speed_up_enter()
#define ssl_speed_up_exit()
#elif defined(SSL_PLATFORM_USER_INCLUDE)
SSL_PLATFORM_USER_INCLUDE
#define SSL_DEBUG_FL
#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
#ifdef __cplusplus
}
#endif
#endif

View File

@ -29,8 +29,10 @@ CERT *__ssl_cert_new(CERT *ic)
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
if (!cert)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!cert) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
goto no_mem;
}
if (ic) {
ipk = ic->pkey;
@ -41,20 +43,24 @@ CERT *__ssl_cert_new(CERT *ic)
}
cert->pkey = __EVP_PKEY_new(ipk);
if (!cert->pkey)
SSL_RET(failed2, "__EVP_PKEY_new\n");
if (!cert->pkey) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
goto pkey_err;
}
cert->x509 = __X509_new(ix);
if (!cert->x509)
SSL_RET(failed3, "__X509_new\n");
if (!cert->x509) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
goto x509_err;
}
return cert;
failed3:
x509_err:
EVP_PKEY_free(cert->pkey);
failed2:
pkey_err:
ssl_mem_free(cert);
failed1:
no_mem:
return NULL;
}
@ -71,6 +77,8 @@ CERT *ssl_cert_new(void)
*/
void ssl_cert_free(CERT *cert)
{
SSL_ASSERT3(cert);
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);

View File

@ -21,11 +21,49 @@
#define SSL_SEND_DATA_MAX_LENGTH 1460
/**
* @brief create a new SSL session object
*/
static SSL_SESSION* SSL_SESSION_new(void)
{
SSL_SESSION *session;
session = ssl_mem_zalloc(sizeof(SSL_SESSION));
if (!session) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)");
goto failed1;
}
session->peer = X509_new();
if (!session->peer) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
goto failed2;
}
return session;
failed2:
ssl_mem_free(session);
failed1:
return NULL;
}
/**
* @brief free a new SSL session object
*/
static void SSL_SESSION_free(SSL_SESSION *session)
{
X509_free(session->peer);
ssl_mem_free(session);
}
/**
* @brief Discover whether the current connection is in the error state
*/
int ossl_statem_in_error(const SSL *ssl)
{
SSL_ASSERT1(ssl);
if (ssl->statem.state == MSG_FLOW_ERROR)
return 1;
@ -37,6 +75,8 @@ int ossl_statem_in_error(const SSL *ssl)
*/
int SSL_want(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return ssl->rwstate;
}
@ -45,6 +85,8 @@ int SSL_want(const SSL *ssl)
*/
int SSL_want_nothing(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_NOTHING);
}
@ -53,6 +95,8 @@ int SSL_want_nothing(const SSL *ssl)
*/
int SSL_want_read(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_READING);
}
@ -61,6 +105,8 @@ int SSL_want_read(const SSL *ssl)
*/
int SSL_want_write(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_WRITING);
}
@ -69,6 +115,8 @@ int SSL_want_write(const SSL *ssl)
*/
int SSL_want_x509_lookup(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_WRITING);
}
@ -79,7 +127,7 @@ int SSL_get_error(const SSL *ssl, int ret_code)
{
int ret = SSL_ERROR_SYSCALL;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (ret_code > 0)
ret = SSL_ERROR_NONE;
@ -110,45 +158,13 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
state = SSL_METHOD_CALL(get_state, ssl);
return state;
}
/**
* @brief create a new SSL session object
*/
SSL_SESSION* SSL_SESSION_new(void)
{
SSL_SESSION *session;
session = ssl_mem_zalloc(sizeof(SSL_SESSION));
if (!session)
SSL_RET(failed1, "ssl_mem_zalloc\n");
session->peer = X509_new();
if (!session->peer)
SSL_RET(failed2, "X509_new\n");
return session;
failed2:
ssl_mem_free(session);
failed1:
return NULL;
}
/**
* @brief free a new SSL session object
*/
void SSL_SESSION_free(SSL_SESSION *session)
{
X509_free(session->peer);
ssl_mem_free(session);
}
/**
* @brief create a SSL context
*/
@ -158,19 +174,28 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
CERT *cert;
X509 *client_ca;
if (!method) SSL_RET(go_failed1, "method:NULL\n");
if (!method) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method");
return NULL;
}
client_ca = X509_new();
if (!client_ca)
SSL_RET(go_failed1, "X509_new\n");
if (!client_ca) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
cert = ssl_cert_new();
if (!cert)
SSL_RET(go_failed2, "ssl_cert_new\n");
if (!cert) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
goto failed2;
}
ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
if (!ctx)
SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n");
if (!ctx) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)");
goto failed3;
}
ctx->method = method;
ctx->client_CA = client_ca;
@ -180,11 +205,11 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
return ctx;
go_failed3:
failed3:
ssl_cert_free(cert);
go_failed2:
failed2:
X509_free(client_ca);
go_failed1:
failed1:
return NULL;
}
@ -193,7 +218,7 @@ go_failed1:
*/
void SSL_CTX_free(SSL_CTX* ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ssl_cert_free(ctx->cert);
@ -207,8 +232,8 @@ void SSL_CTX_free(SSL_CTX* ctx)
*/
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
SSL_ASSERT(ctx);
SSL_ASSERT(meth);
SSL_ASSERT1(ctx);
SSL_ASSERT1(meth);
ctx->method = meth;
@ -222,7 +247,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
*/
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT2(ctx);
return ctx->method;
}
@ -235,24 +260,34 @@ SSL *SSL_new(SSL_CTX *ctx)
int ret = 0;
SSL *ssl;
if (!ctx)
SSL_RET(failed1, "ctx:NULL\n");
if (!ctx) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx");
return NULL;
}
ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
if (!ssl)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!ssl) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)");
goto failed1;
}
ssl->session = SSL_SESSION_new();
if (!ssl->session)
SSL_RET(failed2, "SSL_SESSION_new\n");
if (!ssl->session) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL");
goto failed2;
}
ssl->cert = __ssl_cert_new(ctx->cert);
if (!ssl->cert)
SSL_RET(failed3, "__ssl_cert_new\n");
if (!ssl->cert) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
goto failed3;
}
ssl->client_CA = __X509_new(ctx->client_CA);
if (!ssl->client_CA)
SSL_RET(failed4, "__X509_new\n");
if (!ssl->client_CA) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL");
goto failed4;
}
ssl->ctx = ctx;
ssl->method = ctx->method;
@ -263,8 +298,10 @@ SSL *SSL_new(SSL_CTX *ctx)
ssl->verify_mode = ctx->verify_mode;
ret = SSL_METHOD_CALL(new, ssl);
if (ret)
SSL_RET(failed5, "ssl_new\n");
if (ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed5;
}
ssl->rwstate = SSL_NOTHING;
@ -287,7 +324,7 @@ failed1:
*/
void SSL_free(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
SSL_METHOD_CALL(free, ssl);
@ -307,7 +344,7 @@ int SSL_do_handshake(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(handshake, ssl);
@ -319,7 +356,7 @@ int SSL_do_handshake(SSL *ssl)
*/
int SSL_connect(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
@ -329,7 +366,7 @@ int SSL_connect(SSL *ssl)
*/
int SSL_accept(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
@ -341,7 +378,7 @@ int SSL_shutdown(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
@ -357,21 +394,25 @@ int SSL_clear(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
if (1 != ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
goto failed1;
}
SSL_METHOD_CALL(free, ssl);
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
if (!ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed1;
}
return 1;
go_failed1:
failed1:
return ret;
}
@ -382,9 +423,9 @@ int SSL_read(SSL *ssl, void *buffer, int len)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT1(ssl);
SSL_ASSERT1(buffer);
SSL_ASSERT1(len);
ssl->rwstate = SSL_READING;
@ -405,9 +446,9 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
int send_bytes;
const unsigned char *pbuf;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT1(ssl);
SSL_ASSERT1(buffer);
SSL_ASSERT1(len);
ssl->rwstate = SSL_WRITING;
@ -422,7 +463,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
else
bytes = send_bytes;
ret = SSL_METHOD_CALL(send, ssl, buffer, bytes);
ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes);
if (ret > 0) {
pbuf += ret;
send_bytes -= ret;
@ -443,7 +484,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
*/
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->ctx;
}
@ -453,7 +494,7 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
*/
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->method;
}
@ -465,22 +506,26 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(method);
SSL_ASSERT1(ssl);
SSL_ASSERT1(method);
if (ssl->version != method->version) {
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
if (1 != ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
goto failed1;
}
SSL_METHOD_CALL(free, ssl);
ssl->method = method;
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
if (!ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed1;
}
} else {
ssl->method = method;
}
@ -488,7 +533,7 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
return 1;
go_failed1:
failed1:
return ret;
}
@ -497,7 +542,7 @@ go_failed1:
*/
int SSL_get_shutdown(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->shutdown;
}
@ -507,7 +552,7 @@ int SSL_get_shutdown(const SSL *ssl)
*/
void SSL_set_shutdown(SSL *ssl, int mode)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->shutdown = mode;
}
@ -520,7 +565,7 @@ int SSL_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(pending, ssl);
@ -534,7 +579,7 @@ int SSL_has_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (SSL_pending(ssl))
ret = 1;
@ -549,6 +594,8 @@ int SSL_has_pending(const SSL *ssl)
*/
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{
SSL_ASSERT1(ctx);
return ctx->options &= ~op;
}
@ -557,6 +604,8 @@ unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
*/
unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
{
SSL_ASSERT1(ctx);
return ctx->options;
}
@ -565,6 +614,8 @@ unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
*/
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
{
SSL_ASSERT1(ctx);
return ctx->options |= opt;
}
@ -573,7 +624,7 @@ unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
*/
unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options & ~op;
}
@ -583,7 +634,7 @@ unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
*/
unsigned long SSL_get_options(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options;
}
@ -593,7 +644,7 @@ unsigned long SSL_get_options(SSL *ssl)
*/
unsigned long SSL_set_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options |= op;
}
@ -605,7 +656,7 @@ int SSL_get_fd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -619,7 +670,7 @@ int SSL_get_rfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -633,7 +684,7 @@ int SSL_get_wfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -645,8 +696,8 @@ int SSL_get_wfd(const SSL *ssl)
*/
int SSL_set_fd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -658,8 +709,8 @@ int SSL_set_fd(SSL *ssl, int fd)
*/
int SSL_set_rfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -671,8 +722,8 @@ int SSL_set_rfd(SSL *ssl, int fd)
*/
int SSL_set_wfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -684,7 +735,7 @@ int SSL_set_wfd(SSL *ssl, int fd)
*/
int SSL_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->version;
}
@ -715,7 +766,7 @@ static const char* ssl_protocol_to_string(int version)
*/
const char *SSL_get_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl_protocol_to_string(SSL_version(ssl));
}
@ -987,7 +1038,7 @@ const char *SSL_rstate_string(SSL *ssl)
{
const char *str;
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
@ -1015,7 +1066,7 @@ const char *SSL_rstate_string_long(SSL *ssl)
{
const char *str = "unknown";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
@ -1042,7 +1093,7 @@ char *SSL_state_string(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
@ -1150,7 +1201,7 @@ char *SSL_state_string_long(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
@ -1262,8 +1313,7 @@ char *SSL_state_string_long(const SSL *ssl)
*/
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
SSL_ASSERT(ctx);
SSL_ASSERT(len);
SSL_ASSERT3(ctx);
ctx->read_buffer_len = len;
}
@ -1273,8 +1323,8 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
*/
void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
{
SSL_ASSERT(ssl);
SSL_ASSERT(len);
SSL_ASSERT3(ssl);
SSL_ASSERT3(len);
SSL_METHOD_CALL(set_bufflen, ssl, len);
}
@ -1284,7 +1334,7 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
*/
void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->info_callback = cb;
}
@ -1294,7 +1344,7 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int v
*/
int SSL_CTX_up_ref(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
/**
* no support multi-thread SSL here
@ -1309,7 +1359,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx)
*/
void SSL_set_security_level(SSL *ssl, int level)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->cert->sec_level = level;
}
@ -1319,7 +1369,7 @@ void SSL_set_security_level(SSL *ssl, int level)
*/
int SSL_get_security_level(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->cert->sec_level;
}
@ -1329,7 +1379,7 @@ int SSL_get_security_level(const SSL *ssl)
*/
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->verify_mode;
}
@ -1341,7 +1391,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
{
long l;
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
l = ctx->session_timeout;
ctx->session_timeout = t;
@ -1354,7 +1404,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
*/
long SSL_CTX_get_timeout(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->session_timeout;
}
@ -1364,7 +1414,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx)
*/
void SSL_set_read_ahead(SSL *ssl, int yes)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->rlayer.read_ahead = yes;
}
@ -1374,7 +1424,7 @@ void SSL_set_read_ahead(SSL *ssl, int yes)
*/
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->read_ahead = yes;
}
@ -1384,7 +1434,7 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
*/
int SSL_get_read_ahead(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->rlayer.read_ahead;
}
@ -1394,7 +1444,7 @@ int SSL_get_read_ahead(const SSL *ssl)
*/
long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
@ -1404,7 +1454,7 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
*/
long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
@ -1414,7 +1464,7 @@ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
*/
long SSL_set_time(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ssl->session->time = t;
@ -1426,7 +1476,7 @@ long SSL_set_time(SSL *ssl, long t)
*/
long SSL_set_timeout(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ssl->session->timeout = t;
@ -1438,7 +1488,7 @@ long SSL_set_timeout(SSL *ssl, long t)
*/
long SSL_get_verify_result(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_METHOD_CALL(get_verify_result, ssl);
}
@ -1448,7 +1498,7 @@ long SSL_get_verify_result(const SSL *ssl)
*/
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->param.depth;
}
@ -1458,7 +1508,7 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
*/
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->param.depth = depth;
}
@ -1468,7 +1518,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
*/
int SSL_get_verify_depth(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->param.depth;
}
@ -1478,7 +1528,7 @@ int SSL_get_verify_depth(const SSL *ssl)
*/
void SSL_set_verify_depth(SSL *ssl, int depth)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->param.depth = depth;
}
@ -1488,7 +1538,7 @@ void SSL_set_verify_depth(SSL *ssl, int depth)
*/
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->verify_mode = mode;
ctx->default_verify_callback = verify_callback;
@ -1499,7 +1549,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509
*/
void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->verify_mode = mode;
ssl->verify_callback = verify_callback;

View File

@ -26,8 +26,10 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
if (!pkey)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
goto no_mem;
}
if (ipk) {
pkey->method = ipk->method;
@ -36,14 +38,16 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
if (ret)
SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
goto failed;
}
return pkey;
failed2:
failed:
ssl_mem_free(pkey);
failed1:
no_mem:
return NULL;
}
@ -60,6 +64,8 @@ EVP_PKEY* EVP_PKEY_new(void)
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSL_ASSERT3(pkey);
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
@ -78,22 +84,27 @@ EVP_PKEY *d2i_PrivateKey(int type,
int ret;
EVP_PKEY *pkey;
SSL_ASSERT(pp);
SSL_ASSERT(*pp);
SSL_ASSERT(length);
SSL_ASSERT2(pp);
SSL_ASSERT2(*pp);
SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
if (!pkey)
SSL_RET(failed1, "EVP_PKEY_new\n");
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed1;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
if (ret)
SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed2;
}
if (a)
*a = pkey;
@ -112,8 +123,8 @@ failed1:
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT(ctx);
SSL_ASSERT(pkey);
SSL_ASSERT1(ctx);
SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
@ -131,8 +142,8 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
SSL_ASSERT(ssl);
SSL_ASSERT(pkey);
SSL_ASSERT1(ssl);
SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
@ -155,12 +166,16 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk)
SSL_RET(failed1, "d2i_PrivateKey\n");
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_CTX_use_PrivateKey(ctx, pk);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
@ -180,12 +195,16 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk)
SSL_RET(failed1, "d2i_PrivateKey\n");
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_use_PrivateKey(ssl, pk);
if (!ret)
SSL_RET(failed2, "SSL_use_PrivateKey\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;

View File

@ -31,12 +31,16 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
if (!stack)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!stack) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
goto no_mem1;
}
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
if (!data)
SSL_RET(failed2, "ssl_mem_zalloc\n");
if (!data) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
goto no_mem2;
}
stack->data = data;
stack->num_alloc = MIN_NODES;
@ -44,9 +48,9 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
return stack;
failed2:
no_mem2:
ssl_mem_free(stack);
failed1:
no_mem1:
return NULL;
}
@ -63,7 +67,7 @@ OPENSSL_STACK *OPENSSL_sk_new_null(void)
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
SSL_ASSERT(stack);
SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);

View File

@ -34,8 +34,10 @@ X509* __X509_new(X509 *ix)
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
if (!x)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!x) {
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
goto no_mem;
}
if (ix)
x->method = ix->method;
@ -43,14 +45,16 @@ X509* __X509_new(X509 *ix)
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
if (ret)
SSL_RET(failed2, "x509_new\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
goto failed;
}
return x;
failed2:
failed:
ssl_mem_free(x);
failed1:
no_mem:
return NULL;
}
@ -67,6 +71,8 @@ X509* X509_new(void)
*/
void X509_free(X509 *x)
{
SSL_ASSERT3(x);
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
@ -82,21 +88,25 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
int ret;
X509 *x;
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT2(buffer);
SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x)
SSL_RET(failed1, "X509_new\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
if (ret)
SSL_RET(failed2, "x509_load\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed2;
}
return x;
@ -112,8 +122,8 @@ failed1:
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
@ -130,8 +140,8 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
SSL_ASSERT(ssl);
SSL_ASSERT(x);
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
@ -148,8 +158,8 @@ int SSL_add_client_CA(SSL *ssl, X509 *x)
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
@ -166,8 +176,8 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
SSL_ASSERT(ssl);
SSL_ASSERT(x);
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
@ -184,7 +194,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
@ -199,12 +209,16 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x)
SSL_RET(failed1, "d2i_X509\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_CTX_use_certificate(ctx, x);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_certificate\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
goto failed2;
}
return 1;
@ -224,12 +238,16 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x)
SSL_RET(failed1, "d2i_X509\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_use_certificate(ssl, x);
if (!ret)
SSL_RET(failed2, "SSL_use_certificate\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
goto failed2;
}
return 1;
@ -260,7 +278,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->session->peer;
}

View File

@ -25,13 +25,7 @@
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#if 0
#define DEBUG_LOAD_BUF_STRING(str) SSL_DEBUG(1, "%s\n", str)
#else
#define DEBUG_LOAD_BUF_STRING(str)
#endif
#define X509_INFO_STRING_LENGTH 1024
#define X509_INFO_STRING_LENGTH 8192
struct ssl_pm
{
@ -63,13 +57,36 @@ struct pkey_pm
mbedtls_pk_context *ex_pkey;
};
unsigned int max_content_len;
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
/* mbedtls debug level */
#define MBEDTLS_DEBUG_LEVEL 4
/**
* @brief mbedtls debug function
*/
static void ssl_platform_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
/* Shorten 'file' from the whole file path to just the filename
This is a bit wasteful because the macros are compiled in with
the full _FILE_ path in each case.
*/
char *file_sep = rindex(file, '/');
if(file_sep)
file = file_sep + 1;
SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
}
#endif
/**
* @brief create SSL low-level object
*/
@ -87,11 +104,13 @@ int ssl_pm_new(SSL *ssl)
const SSL_METHOD *method = ssl->method;
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
if (!ssl_pm)
SSL_ERR(ret, failed1, "ssl_mem_zalloc\n");
if (!ssl_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
goto no_mem;
}
max_content_len = ssl->ctx->read_buffer_len;
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
@ -101,8 +120,10 @@ int ssl_pm_new(SSL *ssl)
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
if (ret)
SSL_ERR(ret, failed2, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
goto mbedtls_err1;
}
if (method->endpoint) {
endpoint = MBEDTLS_SSL_IS_SERVER;
@ -110,8 +131,10 @@ int ssl_pm_new(SSL *ssl)
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret)
SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
goto mbedtls_err2;
}
if (TLS_ANY_VERSION != ssl->version) {
if (TLS1_2_VERSION == ssl->version)
@ -132,11 +155,18 @@ int ssl_pm_new(SSL *ssl)
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
#else
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
#endif
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
if (ret)
SSL_ERR(ret, failed3, "mbedtls_ssl_setup:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
goto mbedtls_err2;
}
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
@ -144,13 +174,13 @@ int ssl_pm_new(SSL *ssl)
return 0;
failed3:
mbedtls_err2:
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
failed2:
mbedtls_err1:
mbedtls_entropy_free(&ssl_pm->entropy);
ssl_mem_free(ssl_pm);
failed1:
no_mem:
return -1;
}
@ -208,10 +238,12 @@ static int ssl_pm_reload_crt(SSL *ssl)
ret = 0;
}
if (ret)
return -1;
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret);
ret = -1;
}
return 0;
return ret;
}
/*
@ -222,16 +254,11 @@ static int mbedtls_handshake( mbedtls_ssl_context *ssl )
{
int ret = 0;
if (ssl == NULL || ssl->conf == NULL)
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER)
{
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(ssl);
SSL_DEBUG(1, "ssl ret %d state %d heap %d\n",
ret, ssl->state, system_get_free_heap_size());
SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
if (ret != 0)
break;
}
@ -241,36 +268,31 @@ static int mbedtls_handshake( mbedtls_ssl_context *ssl )
int ssl_pm_handshake(SSL *ssl)
{
int ret, mbed_ret;
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = ssl_pm_reload_crt(ssl);
if (mbed_ret)
ret = ssl_pm_reload_crt(ssl);
if (ret)
return 0;
SSL_DEBUG(1, "ssl_speed_up_enter ");
ssl_speed_up_enter();
SSL_DEBUG(1, "OK\n");
while((mbed_ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
}
}
SSL_DEBUG(1, "ssl_speed_up_exit ");
ssl_speed_up_exit();
SSL_DEBUG(1, "OK\n");
if (!mbed_ret) {
ssl_speed_up_exit();
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret);
ret = 0;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
ret = 1;
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
} else {
ret = 0;
SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret);
ret = 1;
}
return ret;
@ -278,19 +300,18 @@ int ssl_pm_handshake(SSL *ssl)
int ssl_pm_shutdown(SSL *ssl)
{
int ret, mbed_ret;
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
if (!mbed_ret) {
ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret);
ret = -1;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
ret = 0;
x509_pm->ex_crt = NULL;
}
else
ret = -1;
return ret;
}
@ -303,32 +324,28 @@ int ssl_pm_clear(SSL *ssl)
int ssl_pm_read(SSL *ssl, void *buffer, int len)
{
int ret, mbed_ret;
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
if (mbed_ret < 0)
ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
ret = -1;
else if (mbed_ret == 0)
ret = 0;
else
ret = mbed_ret;
}
return ret;
}
int ssl_pm_send(SSL *ssl, const void *buffer, int len)
{
int ret, mbed_ret;
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
if (mbed_ret < 0)
ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret);
ret = -1;
else if (mbed_ret == 0)
ret = 0;
else
ret = mbed_ret;
}
return ret;
}
@ -430,23 +447,28 @@ int x509_pm_show_info(X509 *x)
return -1;
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
if (!buf)
SSL_RET(failed1, "");
if (!buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
goto no_mem;
}
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
if (ret <= 0)
SSL_RET(failed2, "");
if (ret <= 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
goto mbedtls_err1;
}
buf[ret] = 0;
ssl_mem_free(buf);
SSL_DEBUG(1, "%s", buf);
SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
return 0;
failed2:
mbedtls_err1:
ssl_mem_free(buf);
failed1:
no_mem:
return -1;
}
@ -455,8 +477,10 @@ int x509_pm_new(X509 *x, X509 *m_x)
struct x509_pm *x509_pm;
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
if (!x509_pm)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!x509_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
goto failed1;
}
x->x509_pm = x509_pm;
@ -498,34 +522,38 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
if (!x509_pm->x509_crt) {
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
if (!x509_pm->x509_crt)
SSL_RET(failed1, "ssl_mem_malloc\n");
if (!x509_pm->x509_crt) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf)
SSL_RET(failed2, "ssl_mem_malloc\n");
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
DEBUG_LOAD_BUF_STRING(load_buf);
mbedtls_x509_crt_init(x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
ssl_mem_free(load_buf);
if (ret)
SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
goto failed;
}
return 0;
failed2:
failed:
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
failed1:
no_mem:
return -1;
}
@ -574,34 +602,38 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
if (!pkey_pm->pkey) {
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
if (!pkey_pm->pkey)
SSL_RET(failed1, "ssl_mem_malloc\n");
if (!pkey_pm->pkey) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf)
SSL_RET(failed2, "ssl_mem_malloc\n");
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
DEBUG_LOAD_BUF_STRING(load_buf);
mbedtls_pk_init(pkey_pm->pkey);
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
ssl_mem_free(load_buf);
if (ret)
SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
goto failed;
}
return 0;
failed2:
failed:
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
failed1:
no_mem:
return -1;
}
@ -619,11 +651,11 @@ long ssl_pm_get_verify_result(const SSL *ssl)
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
if (!ret)
verify_result = X509_V_OK;
else
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return -0x%x", -ret);
verify_result = X509_V_ERR_UNSPECIFIED;
} else
verify_result = X509_V_OK;
return verify_result;
}

View File

@ -14,15 +14,10 @@
#include "ssl_port.h"
#ifdef ESP32_IDF_PLATFORM
#include "string.h"
#include "malloc.h"
/*********************************************************************************************/
/********************************* SSL general interface *************************************/
void* ssl_mem_zalloc(size_t size)
void *ssl_mem_zalloc(size_t size)
{
void *p = malloc(size);
@ -32,35 +27,3 @@ void* ssl_mem_zalloc(size_t size)
return p;
}
void *ssl_mem_malloc(size_t size)
{
return malloc(size);
}
void ssl_mem_free(void *p)
{
free(p);
}
void* ssl_memcpy(void *to, const void *from, size_t size)
{
return memcpy(to, from, size);
}
size_t ssl_strlen(const char *src)
{
return strlen(src);
}
void ssl_speed_up_enter(void)
{
}
void ssl_speed_up_exit(void)
{
}
#endif