From 2cc32db52dd4d4de8a0521153f5dbd598106ec19 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 14:42:49 +0800 Subject: [PATCH] component/openssl: add openssl stack function and clear unused variate 1. add openssl 'new' and 'free' function 2. add clear unused variate to void warning to appear when compile 3. add internal function 'X509_new' to take the place of 'sk_X509_NAME_new_null' function whitch is openssl stack function --- components/openssl/include/internal/ssl_dbg.h | 6 ++--- .../openssl/include/internal/ssl_types.h | 21 ++++++++++++---- .../openssl/include/internal/ssl_x509.h | 10 +++++++- components/openssl/include/openssl/ssl.h | 4 ++-- components/openssl/library/ssl_cert.c | 2 +- components/openssl/library/ssl_lib.c | 20 +++++----------- components/openssl/library/ssl_pkey.c | 5 +++- components/openssl/library/ssl_x509.c | 24 ++++++++++++++++--- 8 files changed, 62 insertions(+), 30 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 27a192b28f..745de536ff 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -15,10 +15,10 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ -#define SSL_DEBUG_ENBALE 1 +#define SSL_DEBUG_ENBALE 0 #define SSL_DEBUG_LEVEL 0 -#define SSL_ASSERT_ENABLE 1 -#define SSL_DEBUG_LOCATION_ENABLE 1 +#define SSL_ASSERT_ENABLE 0 +#define SSL_DEBUG_LOCATION_ENABLE 0 #if SSL_DEBUG_ENBALE extern int ets_printf(const char *fmt, ...); diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 7f8503e2ab..133feb9dc1 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -27,6 +27,12 @@ typedef void RSA; typedef void STACK; typedef void BIO; +#define ossl_inline inline + +#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) +#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) +#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) + #define STACK_OF(type) struct stack_st_##type #define SKM_DEFINE_STACK_OF(t1, t2, t3) \ @@ -38,6 +44,8 @@ typedef void BIO; #define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); + struct stack_st; typedef struct stack_st OPENSSL_STACK; @@ -78,7 +86,12 @@ struct pkey_method_st; typedef struct pkey_method_st PKEY_METHOD; struct stack_st { - char *data; + + char **data; + + int num_alloc; + + OPENSSL_sk_compfunc c; }; struct evp_pkey_st { @@ -178,6 +191,8 @@ struct ssl_st int rwstate; + X509 *client_CA; + int err; void (*info_callback) (const SSL *ssl, int type, int val); @@ -249,8 +264,4 @@ typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg); -#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) -#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) -#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) - #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 0583cd94e4..ee3448544b 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -16,10 +16,18 @@ #define _SSL_X509_H_ #include "ssl_types.h" +#include "ssl_stack.h" DEFINE_STACK_OF(X509_NAME) -X509* sk_X509_NAME_new_null(void); +/* + * sk_X509_NAME_new_null - create a X509 certification object + * + * @param none + * + * @return X509 certification object point or NULL if failed + */ +X509* X509_new(void); X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 0d4c9c2080..b7506c8fb0 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -15,8 +15,8 @@ #ifndef _SSL_H_ #define _SSL_H_ -#include "ssl_port.h" -#include "internal/ssl_types.h" +#include "platform/ssl_port.h" +#include "internal/ssl_x509.h" /* { diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 0bdba459d3..caa901b660 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -37,7 +37,7 @@ CERT *ssl_cert_new(void) if (!cert->pkey) SSL_RET(failed2, "EVP_PKEY_new\n"); - cert->x509 = sk_X509_NAME_new_null(); + cert->x509 = X509_new(); if (!cert->x509) SSL_RET(failed3, "sk_X509_NAME_new_null\n"); diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 331ed17bd5..36e8cdf794 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -169,28 +169,27 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) */ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) { - int ret; SSL_CTX *ctx; CERT *cert; X509 *client_ca; if (!method) SSL_RET(go_failed1, "method\n"); - client_ca = sk_X509_NAME_new_null(); + client_ca = X509_new(); if (!client_ca) - SSL_ERR(-2, go_failed1, "sk_X509_NAME_new_null\n"); + SSL_RET(go_failed1, "sk_X509_NAME_new_null\n"); cert = ssl_cert_new(); if (!cert) - SSL_ERR(-2, go_failed2, "ssl_cert_new\n"); + SSL_RET(go_failed2, "ssl_cert_new\n"); ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx\n"); + SSL_RET(go_failed3, "ssl_ctx_new:ctx\n"); ctx->method = method; - ctx->cert = cert; ctx->client_CA = client_ca; + ctx->cert = cert; ctx->version = method->version; @@ -268,7 +267,6 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) SSL *SSL_new(SSL_CTX *ctx) { int ret; - void *ssl_pm; SSL *ssl; if (!ctx) @@ -485,7 +483,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len) else bytes = send_bytes; - ret = SSL_METHOD_CALL(send, ssl, buffer, len); + ret = SSL_METHOD_CALL(send, ssl, buffer, bytes); if (ret > 0) { pbuf += ret; send_bytes -= ret; @@ -798,8 +796,6 @@ int SSL_get_wfd(const SSL *ssl) */ int SSL_set_fd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); @@ -820,8 +816,6 @@ int SSL_set_fd(SSL *ssl, int fd) */ int SSL_set_rfd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); @@ -842,8 +836,6 @@ int SSL_set_rfd(SSL *ssl, int fd) */ int SSL_set_wfd(SSL *ssl, int fd) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 0c8d9de8fa..c9866e27b5 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -78,6 +78,7 @@ EVP_PKEY *d2i_PrivateKey(int type, const unsigned char **pp, long length) { + int m = 0; int ret; EVP_PKEY *pkey; @@ -91,6 +92,7 @@ EVP_PKEY *d2i_PrivateKey(int type, pkey = EVP_PKEY_new();; if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); + m = 1; } ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); @@ -103,7 +105,8 @@ EVP_PKEY *d2i_PrivateKey(int type, return pkey; failed2: - EVP_PKEY_free(pkey); + if (m) + EVP_PKEY_free(pkey); failed1: return NULL; } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index e322b6ad3d..9c38849dd6 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -24,7 +24,7 @@ * * @return X509 certification object point or NULL if failed */ -X509* sk_X509_NAME_new_null(void) +X509* X509_new(void) { int ret; X509 *x; @@ -73,6 +73,7 @@ void X509_free(X509 *x) */ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) { + int m = 0; int ret; X509 *x; @@ -82,9 +83,10 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) if (cert && *cert) { x = *cert; } else { - x = sk_X509_NAME_new_null(); + x = X509_new(); if (!x) SSL_RET(failed1, "sk_X509_NAME_new_null\n"); + m = 1; } ret = X509_METHOD_CALL(load, x, buffer, len); @@ -94,7 +96,8 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) return x; failed2: - X509_free(x); + if (m) + X509_free(x); failed1: return NULL; } @@ -111,9 +114,14 @@ failed1: */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { + int ret; + SSL_ASSERT(ctx); SSL_ASSERT(x); + if (ctx->client_CA) + X509_free(ctx->client_CA); + ctx->client_CA = x; return 1; @@ -131,7 +139,17 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { + int ret; + SSL_ASSERT(ssl); + SSL_ASSERT(x); + + if (ssl->client_CA) + X509_free(ssl->client_CA); + + ssl->client_CA = x; + + return 1; } /*