openssl.c

00001 /*
00002  * Copyright (c) 2007, Cameron Rich
00003  * 
00004  * All rights reserved.
00005  * 
00006  * Redistribution and use in source and binary forms, with or without 
00007  * modification, are permitted provided that the following conditions are met:
00008  *
00009  * * Redistributions of source code must retain the above copyright notice, 
00010  *   this list of conditions and the following disclaimer.
00011  * * Redistributions in binary form must reproduce the above copyright notice, 
00012  *   this list of conditions and the following disclaimer in the documentation 
00013  *   and/or other materials provided with the distribution.
00014  * * Neither the name of the axTLS project nor the names of its contributors 
00015  *   may be used to endorse or promote products derived from this software 
00016  *   without specific prior written permission.
00017  *
00018  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00019  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00020  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00021  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
00022  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
00024  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
00025  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
00026  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
00027  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
00028  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00029  */
00030 
00031 /*
00032  * Enable a subset of openssl compatible functions. We don't aim to be 100%
00033  * compatible - just to be able to do basic ports etc.
00034  *
00035  * Only really tested on mini_httpd, so I'm not too sure how extensive this
00036  * port is.
00037  */
00038 
00039 #include "config.h"
00040 
00041 #ifdef CONFIG_OPENSSL_COMPATIBLE
00042 #include <stdlib.h>
00043 #include <string.h>
00044 #include <stdarg.h>
00045 #include "os_port.h"
00046 #include "ssl.h"
00047 
00048 #define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
00049 
00050 static char *key_password = NULL;
00051 
00052 void *SSLv23_server_method(void) { return NULL; }
00053 void *SSLv3_server_method(void) { return NULL; }
00054 void *TLSv1_server_method(void) { return NULL; }
00055 void *SSLv23_client_method(void) { return NULL; }
00056 void *SSLv3_client_method(void) { return NULL; }
00057 void *TLSv1_client_method(void) { return NULL; }
00058 
00059 typedef void * (*ssl_func_type_t)(void);
00060 typedef void * (*bio_func_type_t)(void);
00061 
00062 typedef struct
00063 {
00064     ssl_func_type_t ssl_func_type;
00065 } OPENSSL_CTX;
00066 
00067 SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
00068 {
00069     SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
00070     ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
00071     OPENSSL_CTX_ATTR->ssl_func_type = meth;
00072     return ssl_ctx;
00073 }
00074 
00075 void SSL_CTX_free(SSL_CTX * ssl_ctx)
00076 {
00077     free(ssl_ctx->bonus_attr);
00078     ssl_ctx_free(ssl_ctx);
00079 }
00080 
00081 SSL * SSL_new(SSL_CTX *ssl_ctx)
00082 {
00083     SSL *ssl;
00084     ssl_func_type_t ssl_func_type;
00085 
00086     ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
00087     ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
00088 
00089 #ifdef CONFIG_SSL_ENABLE_CLIENT
00090     if (ssl_func_type == SSLv23_client_method ||
00091         ssl_func_type == SSLv3_client_method ||
00092         ssl_func_type == TLSv1_client_method)
00093     {
00094         SET_SSL_FLAG(SSL_IS_CLIENT);
00095     }
00096     else
00097 #endif
00098     {
00099         ssl->next_state = HS_CLIENT_HELLO;
00100     }
00101 
00102     return ssl;
00103 }
00104 
00105 int SSL_set_fd(SSL *s, int fd)
00106 {
00107     s->client_fd = fd;
00108     return 1;   /* always succeeds */
00109 }
00110 
00111 int SSL_accept(SSL *ssl)
00112 {
00113     while (ssl_read(ssl, NULL) == SSL_OK)
00114     {
00115         if (ssl->next_state == HS_CLIENT_HELLO)
00116             return 1;   /* we're done */
00117     }
00118 
00119     return -1;
00120 }
00121 
00122 #ifdef CONFIG_SSL_ENABLE_CLIENT
00123 int SSL_connect(SSL *ssl)
00124 {
00125     return do_client_connect(ssl) == SSL_OK ? 1 : -1;
00126 }
00127 #endif
00128 
00129 void SSL_free(SSL *ssl)
00130 {
00131     ssl_free(ssl);
00132 }
00133 
00134 int SSL_read(SSL *ssl, void *buf, int num)
00135 {
00136     uint8_t *read_buf;
00137     int ret;
00138 
00139     while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
00140 
00141     if (ret > SSL_OK)
00142     {
00143         memcpy(buf, read_buf, ret > num ? num : ret);
00144     }
00145 
00146     return ret;
00147 }
00148 
00149 int SSL_write(SSL *ssl, const void *buf, int num)
00150 {
00151     return ssl_write(ssl, buf, num);
00152 }
00153 
00154 int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
00155 {
00156     return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
00157 }
00158 
00159 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
00160 {
00161     return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
00162 }
00163 
00164 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
00165 {
00166     return (ssl_obj_memory_load(ssl_ctx, 
00167                         SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
00168 }
00169 
00170 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
00171                                             unsigned int sid_ctx_len)
00172 {
00173     return 1;
00174 }
00175 
00176 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
00177 {
00178     return 1;
00179 }
00180 
00181 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
00182 {
00183     return (ssl_obj_load(ssl_ctx, 
00184                         SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
00185 }
00186 
00187 int SSL_shutdown(SSL *ssl)
00188 {
00189     return 1;
00190 }
00191 
00192 /*** get/set session ***/
00193 SSL_SESSION *SSL_get1_session(SSL *ssl)
00194 {
00195     return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
00196 }
00197 
00198 int SSL_set_session(SSL *ssl, SSL_SESSION *session)
00199 {
00200     memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
00201     return 1;
00202 }
00203 
00204 void SSL_SESSION_free(SSL_SESSION *session) { }
00205 /*** end get/set session ***/
00206 
00207 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
00208 {
00209     return 0;
00210 }
00211 
00212 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
00213                                  int (*verify_callback)(int, void *)) { }
00214 
00215 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
00216 
00217 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
00218                                            const char *CApath)
00219 {
00220     return 1;
00221 }
00222 
00223 void *SSL_load_client_CA_file(const char *file)
00224 {
00225     return (void *)file;
00226 }
00227 
00228 void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
00229 { 
00230 
00231     ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
00232 }
00233 
00234 void SSLv23_method(void) { }
00235 
00236 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
00237 
00238 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
00239 { 
00240     key_password = (char *)u;
00241 }
00242 
00243 int SSL_peek(SSL *ssl, void *buf, int num)
00244 {
00245     memcpy(buf, ssl->bm_data, num);
00246     return num;
00247 }
00248 
00249 void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
00250 
00251 long SSL_get_verify_result(const SSL *ssl)
00252 {
00253     return ssl_handshake_status(ssl);
00254 }
00255 
00256 int SSL_state(SSL *ssl)
00257 {
00258     return 0x03; // ok state
00259 }
00260 
00261 /** end of could do better list */
00262 
00263 void *SSL_get_peer_certificate(const SSL *ssl)
00264 {
00265     return &ssl->ssl_ctx->certs[0];
00266 }
00267 
00268 int SSL_clear(SSL *ssl)
00269 {
00270     return 1;
00271 }
00272 
00273 
00274 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
00275 {
00276     return 1;
00277 }
00278 
00279 int SSL_CTX_set_cipher_list(SSL *s, const char *str)
00280 {
00281     return 1;
00282 }
00283 
00284 int SSL_get_error(const SSL *ssl, int ret)
00285 {
00286     ssl_display_error(ret);
00287     return 0;   /* TODO: return proper return code */
00288 }
00289 
00290 void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
00291 int SSL_library_init(void ) { return 1; }
00292 void SSL_load_error_strings(void ) {}
00293 void ERR_print_errors_fp(FILE *fp) {}
00294 
00295 #ifndef CONFIG_SSL_SKELETON_MODE
00296 long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
00297                             return CONFIG_SSL_EXPIRY_TIME*3600; }
00298 long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
00299                             return SSL_CTX_get_timeout(ssl_ctx); }
00300 #endif
00301 void BIO_printf(FILE *f, const char *format, ...)
00302 {
00303     va_list(ap);
00304     va_start(ap, format);
00305     vfprintf(f, format, ap);
00306     va_end(ap);
00307 }
00308 
00309 void* BIO_s_null(void) { return NULL; }
00310 FILE *BIO_new(bio_func_type_t func)
00311 {
00312     if (func == BIO_s_null)
00313         return fopen("/dev/null", "r");
00314     else
00315         return NULL;
00316 }
00317 
00318 FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
00319 int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
00320 
00321 
00322 
00323 #endif
00324 
00325