components/openssl: refactor openssl debugging and assert function

1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert

According these, our coders and customers may use and debug the OpenSSL code easily.
pull/307/head
Dong Heng 2017-01-10 20:49:24 +08:00
rodzic 48ae7ab500
commit 905180667c
12 zmienionych plików z 646 dodań i 406 usunięć

Wyświetl plik

@ -0,0 +1,70 @@
menu "OpenSSL"
config OPENSSL_DEBUG
bool "Enable OpenSSL debugging"
default n
help
Enable OpenSSL debugging function.
If the option is enabled, "SSL_DEBUG" works.
config OPENSSL_DEBUG_LEVEL
int "OpenSSL debugging level"
default 0
range 0 255
depends on OPENSSL_DEBUG
help
OpenSSL debugging level.
Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
For example:
If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not print.
config OPENSSL_LOWLEVEL_DEBUG
bool "Enable OpenSSL low-level module debugging"
default n
depends on OPENSSL_DEBUG
select MBEDTLS_DEBUG
help
If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal debugging function.
choice OPENSSL_ASSERT
prompt "Select OpenSSL assert function"
default CONFIG_OPENSSL_ASSERT_EXIT
help
OpenSSL function needs "assert" function to check if input parameters are valid.
If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
config OPENSSL_ASSERT_DO_NOTHING
bool "Do nothing"
help
Do nothing and "SSL_ASSERT" does not work.
config OPENSSL_ASSERT_EXIT
bool "Check and exit"
help
Enable assert exiting, it will check and return error code.
config OPENSSL_ASSERT_DEBUG
bool "Show debugging message"
depends on OPENSSL_DEBUG
help
Enable assert debugging, it will check and show debugging message.
config OPENSSL_ASSERT_DEBUG_EXIT
bool "Show debugging message and exit"
depends on OPENSSL_DEBUG
help
Enable assert debugging and exiting, it will check, show debugging message and return error code.
config OPENSSL_ASSERT_DEBUG_BLOCK
bool "Show debugging message and block"
depends on OPENSSL_DEBUG
help
Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
endchoice
endmenu

Wyświetl plik

@ -22,72 +22,170 @@
extern "C" {
#endif
#ifndef SSL_DEBUG_ENBALE
#define SSL_DEBUG_ENBALE 0
#endif
#ifndef SSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL 0
#endif
#ifndef SSL_ASSERT_ENABLE
#define SSL_ASSERT_ENABLE 0
#endif
#ifndef SSL_DEBUG_LOCATION_ENABLE
#define SSL_DEBUG_LOCATION_ENABLE 0
#endif
#if SSL_DEBUG_ENBALE
#if !defined(SSL_PRINT_LOG) || !defined(SSL_ERROR_LOG) || !defined(SSL_LOCAL_LOG)
#include "stdio.h"
extern int printf(const char *fmt, ...);
#ifndef SSL_PRINT_LOG
#define SSL_PRINT_LOG printf
#endif
#ifndef SSL_ERROR_LOG
#define SSL_ERROR_LOG printf
#endif
#ifndef SSL_LOCAL_LOG
#define SSL_LOCAL_LOG printf
#endif
#endif
#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
#else
#ifdef SSL_PRINT_LOG
#undef SSL_PRINT_LOG
#endif
#define SSL_PRINT_LOG(...)
#ifdef SSL_ERROR_LOG
#undef SSL_ERROR_LOG
#endif
#define SSL_ERROR_LOG(...)
#ifdef SSL_LOCAL_LOG
#undef SSL_LOCAL_LOG
#endif
#define SSL_LOCAL_LOG(...)
#define SSL_DEBUG_LEVEL 0
#endif
#if SSL_DEBUG_LOCATION_ENABLE
#define SSL_DEBUG_LOCATION() SSL_LOCAL_LOG("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__)
#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
#ifdef CONFIG_OPENSSL_DEBUG
#ifndef SSL_DEBUG_LOG
#error "SSL_DEBUG_LOG is not defined"
#endif
#ifndef SSL_DEBUG_FL
#define SSL_DEBUG_FL "\n"
#endif
#define SSL_SHOW_LOCATION() \
SSL_DEBUG_LOG("SSL assert : %s %d\n", \
__FILE__, __LINE__)
#define SSL_DEBUG(level, fmt, ...) \
{ \
if (level > SSL_DEBUG_LEVEL) { \
SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
} \
}
#else /* CONFIG_OPENSSL_DEBUG */
#define SSL_SHOW_LOCATION()
#define SSL_DEBUG(level, fmt, ...)
#endif /* CONFIG_OPENSSL_DEBUG */
/**
* OpenSSL assert function
*
* if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
* if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
* then return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
* then block here with "while (1)"
*
* SSL_ASSERT1 may will return "-1", so function's return argument is integer.
* SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
* SSL_ASSERT2 may will return nothing, so function's return argument is "void".
*/
#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#else
#define SSL_DEBUG_LOCATION()
#define SSL_ASSERT1(s)
#define SSL_ASSERT2(s)
#define SSL_ASSERT3(s)
#endif
#if SSL_ASSERT_ENABLE
#define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } }
#else
#define SSL_ASSERT(s)
#endif
#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); ret = err; goto go; }
#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); goto go; }
#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT_LOG(fmt, ##__VA_ARGS__);} }
#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
#ifdef __cplusplus
}
}
#endif
#endif

Wyświetl plik

@ -15,34 +15,6 @@
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
#ifdef __cplusplus
extern "C" {
#endif
/**
* if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface
*/
#define ESP32_IDF_PLATFORM
/**
* openssl debug print function enable
*/
#define SSL_DEBUG_ENBALE 0
/**
* openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL"
* will not print message
*/
#define SSL_DEBUG_LEVEL 0
/**
* openssl assert function enable, it will check the input paramter and print the message
*/
#define SSL_ASSERT_ENABLE 0
/**
* openssl location function enable, it will print location of the positioning error
*/
#define SSL_DEBUG_LOCATION_ENABLE 0
#include "sdkconfig.h"
#endif

Wyświetl plik

@ -19,6 +19,7 @@
extern "C" {
#endif
#include <string.h>
#include "ssl_types.h"
#include "ssl_port.h"
@ -53,4 +54,8 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
long ssl_pm_get_verify_result(const SSL *ssl);
#ifdef __cplusplus
}
#endif
#endif

Wyświetl plik

@ -19,31 +19,27 @@
extern "C" {
#endif
#include "platform/ssl_opt.h"
#ifdef ESP32_IDF_PLATFORM
#include "esp_types.h"
#include "esp_log.h"
#include "string.h"
#include "malloc.h"
void *ssl_mem_zalloc(size_t size);
void *ssl_mem_malloc(size_t size);
void ssl_mem_free(void *p);
void* ssl_memcpy(void *to, const void *from, size_t size);
size_t ssl_strlen(const char *src);
#define ssl_mem_malloc malloc
#define ssl_mem_free free
void ssl_speed_up_enter(void);
void ssl_speed_up_exit(void);
#define ssl_memcpy memcpy
#define ssl_strlen strlen
#define SSL_PRINT_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
#define SSL_ERROR_LOG(fmt, ...) ESP_LOGE("openssl", fmt, ##__VA_ARGS__)
#define SSL_LOCAL_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
#define ssl_speed_up_enter()
#define ssl_speed_up_exit()
#elif defined(SSL_PLATFORM_USER_INCLUDE)
SSL_PLATFORM_USER_INCLUDE
#define SSL_DEBUG_FL
#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
#ifdef __cplusplus
}
#endif
#endif

Wyświetl plik

@ -29,8 +29,10 @@ CERT *__ssl_cert_new(CERT *ic)
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
if (!cert)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!cert) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
goto no_mem;
}
if (ic) {
ipk = ic->pkey;
@ -41,20 +43,24 @@ CERT *__ssl_cert_new(CERT *ic)
}
cert->pkey = __EVP_PKEY_new(ipk);
if (!cert->pkey)
SSL_RET(failed2, "__EVP_PKEY_new\n");
if (!cert->pkey) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
goto pkey_err;
}
cert->x509 = __X509_new(ix);
if (!cert->x509)
SSL_RET(failed3, "__X509_new\n");
if (!cert->x509) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
goto x509_err;
}
return cert;
failed3:
x509_err:
EVP_PKEY_free(cert->pkey);
failed2:
pkey_err:
ssl_mem_free(cert);
failed1:
no_mem:
return NULL;
}
@ -71,6 +77,8 @@ CERT *ssl_cert_new(void)
*/
void ssl_cert_free(CERT *cert)
{
SSL_ASSERT3(cert);
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);

Wyświetl plik

@ -21,11 +21,49 @@
#define SSL_SEND_DATA_MAX_LENGTH 1460
/**
* @brief create a new SSL session object
*/
static SSL_SESSION* SSL_SESSION_new(void)
{
SSL_SESSION *session;
session = ssl_mem_zalloc(sizeof(SSL_SESSION));
if (!session) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)");
goto failed1;
}
session->peer = X509_new();
if (!session->peer) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
goto failed2;
}
return session;
failed2:
ssl_mem_free(session);
failed1:
return NULL;
}
/**
* @brief free a new SSL session object
*/
static void SSL_SESSION_free(SSL_SESSION *session)
{
X509_free(session->peer);
ssl_mem_free(session);
}
/**
* @brief Discover whether the current connection is in the error state
*/
int ossl_statem_in_error(const SSL *ssl)
{
SSL_ASSERT1(ssl);
if (ssl->statem.state == MSG_FLOW_ERROR)
return 1;
@ -37,6 +75,8 @@ int ossl_statem_in_error(const SSL *ssl)
*/
int SSL_want(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return ssl->rwstate;
}
@ -45,6 +85,8 @@ int SSL_want(const SSL *ssl)
*/
int SSL_want_nothing(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_NOTHING);
}
@ -53,6 +95,8 @@ int SSL_want_nothing(const SSL *ssl)
*/
int SSL_want_read(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_READING);
}
@ -61,6 +105,8 @@ int SSL_want_read(const SSL *ssl)
*/
int SSL_want_write(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_WRITING);
}
@ -69,6 +115,8 @@ int SSL_want_write(const SSL *ssl)
*/
int SSL_want_x509_lookup(const SSL *ssl)
{
SSL_ASSERT1(ssl);
return (SSL_want(ssl) == SSL_WRITING);
}
@ -79,7 +127,7 @@ int SSL_get_error(const SSL *ssl, int ret_code)
{
int ret = SSL_ERROR_SYSCALL;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (ret_code > 0)
ret = SSL_ERROR_NONE;
@ -110,45 +158,13 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
state = SSL_METHOD_CALL(get_state, ssl);
return state;
}
/**
* @brief create a new SSL session object
*/
SSL_SESSION* SSL_SESSION_new(void)
{
SSL_SESSION *session;
session = ssl_mem_zalloc(sizeof(SSL_SESSION));
if (!session)
SSL_RET(failed1, "ssl_mem_zalloc\n");
session->peer = X509_new();
if (!session->peer)
SSL_RET(failed2, "X509_new\n");
return session;
failed2:
ssl_mem_free(session);
failed1:
return NULL;
}
/**
* @brief free a new SSL session object
*/
void SSL_SESSION_free(SSL_SESSION *session)
{
X509_free(session->peer);
ssl_mem_free(session);
}
/**
* @brief create a SSL context
*/
@ -158,19 +174,28 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
CERT *cert;
X509 *client_ca;
if (!method) SSL_RET(go_failed1, "method:NULL\n");
if (!method) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method");
return NULL;
}
client_ca = X509_new();
if (!client_ca)
SSL_RET(go_failed1, "X509_new\n");
if (!client_ca) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
cert = ssl_cert_new();
if (!cert)
SSL_RET(go_failed2, "ssl_cert_new\n");
if (!cert) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
goto failed2;
}
ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
if (!ctx)
SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n");
if (!ctx) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)");
goto failed3;
}
ctx->method = method;
ctx->client_CA = client_ca;
@ -180,11 +205,11 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
return ctx;
go_failed3:
failed3:
ssl_cert_free(cert);
go_failed2:
failed2:
X509_free(client_ca);
go_failed1:
failed1:
return NULL;
}
@ -193,7 +218,7 @@ go_failed1:
*/
void SSL_CTX_free(SSL_CTX* ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ssl_cert_free(ctx->cert);
@ -207,8 +232,8 @@ void SSL_CTX_free(SSL_CTX* ctx)
*/
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
SSL_ASSERT(ctx);
SSL_ASSERT(meth);
SSL_ASSERT1(ctx);
SSL_ASSERT1(meth);
ctx->method = meth;
@ -222,7 +247,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
*/
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT2(ctx);
return ctx->method;
}
@ -235,24 +260,34 @@ SSL *SSL_new(SSL_CTX *ctx)
int ret = 0;
SSL *ssl;
if (!ctx)
SSL_RET(failed1, "ctx:NULL\n");
if (!ctx) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx");
return NULL;
}
ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
if (!ssl)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!ssl) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)");
goto failed1;
}
ssl->session = SSL_SESSION_new();
if (!ssl->session)
SSL_RET(failed2, "SSL_SESSION_new\n");
if (!ssl->session) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL");
goto failed2;
}
ssl->cert = __ssl_cert_new(ctx->cert);
if (!ssl->cert)
SSL_RET(failed3, "__ssl_cert_new\n");
if (!ssl->cert) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
goto failed3;
}
ssl->client_CA = __X509_new(ctx->client_CA);
if (!ssl->client_CA)
SSL_RET(failed4, "__X509_new\n");
if (!ssl->client_CA) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL");
goto failed4;
}
ssl->ctx = ctx;
ssl->method = ctx->method;
@ -263,8 +298,10 @@ SSL *SSL_new(SSL_CTX *ctx)
ssl->verify_mode = ctx->verify_mode;
ret = SSL_METHOD_CALL(new, ssl);
if (ret)
SSL_RET(failed5, "ssl_new\n");
if (ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed5;
}
ssl->rwstate = SSL_NOTHING;
@ -287,7 +324,7 @@ failed1:
*/
void SSL_free(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
SSL_METHOD_CALL(free, ssl);
@ -307,7 +344,7 @@ int SSL_do_handshake(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(handshake, ssl);
@ -319,7 +356,7 @@ int SSL_do_handshake(SSL *ssl)
*/
int SSL_connect(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
@ -329,7 +366,7 @@ int SSL_connect(SSL *ssl)
*/
int SSL_accept(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
@ -341,7 +378,7 @@ int SSL_shutdown(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
@ -357,21 +394,25 @@ int SSL_clear(SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
if (1 != ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
goto failed1;
}
SSL_METHOD_CALL(free, ssl);
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
if (!ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed1;
}
return 1;
go_failed1:
failed1:
return ret;
}
@ -382,9 +423,9 @@ int SSL_read(SSL *ssl, void *buffer, int len)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT1(ssl);
SSL_ASSERT1(buffer);
SSL_ASSERT1(len);
ssl->rwstate = SSL_READING;
@ -405,9 +446,9 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
int send_bytes;
const unsigned char *pbuf;
SSL_ASSERT(ssl);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT1(ssl);
SSL_ASSERT1(buffer);
SSL_ASSERT1(len);
ssl->rwstate = SSL_WRITING;
@ -443,7 +484,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
*/
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->ctx;
}
@ -453,7 +494,7 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
*/
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->method;
}
@ -465,22 +506,26 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT(method);
SSL_ASSERT1(ssl);
SSL_ASSERT1(method);
if (ssl->version != method->version) {
ret = SSL_shutdown(ssl);
if (1 != ret)
SSL_ERR(0, go_failed1, "SSL_shutdown\n");
if (1 != ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
goto failed1;
}
SSL_METHOD_CALL(free, ssl);
ssl->method = method;
ret = SSL_METHOD_CALL(new, ssl);
if (!ret)
SSL_ERR(0, go_failed1, "ssl_new\n");
if (!ret) {
SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
goto failed1;
}
} else {
ssl->method = method;
}
@ -488,7 +533,7 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
return 1;
go_failed1:
failed1:
return ret;
}
@ -497,7 +542,7 @@ go_failed1:
*/
int SSL_get_shutdown(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->shutdown;
}
@ -507,7 +552,7 @@ int SSL_get_shutdown(const SSL *ssl)
*/
void SSL_set_shutdown(SSL *ssl, int mode)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->shutdown = mode;
}
@ -520,7 +565,7 @@ int SSL_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(pending, ssl);
@ -534,7 +579,7 @@ int SSL_has_pending(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
if (SSL_pending(ssl))
ret = 1;
@ -549,6 +594,8 @@ int SSL_has_pending(const SSL *ssl)
*/
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{
SSL_ASSERT1(ctx);
return ctx->options &= ~op;
}
@ -557,6 +604,8 @@ unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
*/
unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
{
SSL_ASSERT1(ctx);
return ctx->options;
}
@ -565,6 +614,8 @@ unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
*/
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
{
SSL_ASSERT1(ctx);
return ctx->options |= opt;
}
@ -573,7 +624,7 @@ unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
*/
unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options & ~op;
}
@ -583,7 +634,7 @@ unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
*/
unsigned long SSL_get_options(SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options;
}
@ -593,7 +644,7 @@ unsigned long SSL_get_options(SSL *ssl)
*/
unsigned long SSL_set_options(SSL *ssl, unsigned long op)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->options |= op;
}
@ -605,7 +656,7 @@ int SSL_get_fd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -619,7 +670,7 @@ int SSL_get_rfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -633,7 +684,7 @@ int SSL_get_wfd(const SSL *ssl)
{
int ret;
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
@ -645,8 +696,8 @@ int SSL_get_wfd(const SSL *ssl)
*/
int SSL_set_fd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -658,8 +709,8 @@ int SSL_set_fd(SSL *ssl, int fd)
*/
int SSL_set_rfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -671,8 +722,8 @@ int SSL_set_rfd(SSL *ssl, int fd)
*/
int SSL_set_wfd(SSL *ssl, int fd)
{
SSL_ASSERT(ssl);
SSL_ASSERT(fd >= 0);
SSL_ASSERT1(ssl);
SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
@ -684,7 +735,7 @@ int SSL_set_wfd(SSL *ssl, int fd)
*/
int SSL_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->version;
}
@ -715,7 +766,7 @@ static const char* ssl_protocol_to_string(int version)
*/
const char *SSL_get_version(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl_protocol_to_string(SSL_version(ssl));
}
@ -987,7 +1038,7 @@ const char *SSL_rstate_string(SSL *ssl)
{
const char *str;
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
@ -1015,7 +1066,7 @@ const char *SSL_rstate_string_long(SSL *ssl)
{
const char *str = "unknown";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
@ -1042,7 +1093,7 @@ char *SSL_state_string(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
@ -1150,7 +1201,7 @@ char *SSL_state_string_long(const SSL *ssl)
{
char *str = "UNKWN ";
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
@ -1262,8 +1313,7 @@ char *SSL_state_string_long(const SSL *ssl)
*/
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
SSL_ASSERT(ctx);
SSL_ASSERT(len);
SSL_ASSERT3(ctx);
ctx->read_buffer_len = len;
}
@ -1273,8 +1323,8 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
*/
void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
{
SSL_ASSERT(ssl);
SSL_ASSERT(len);
SSL_ASSERT3(ssl);
SSL_ASSERT3(len);
SSL_METHOD_CALL(set_bufflen, ssl, len);
}
@ -1284,7 +1334,7 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
*/
void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->info_callback = cb;
}
@ -1294,7 +1344,7 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int v
*/
int SSL_CTX_up_ref(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
/**
* no support multi-thread SSL here
@ -1309,7 +1359,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx)
*/
void SSL_set_security_level(SSL *ssl, int level)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->cert->sec_level = level;
}
@ -1319,7 +1369,7 @@ void SSL_set_security_level(SSL *ssl, int level)
*/
int SSL_get_security_level(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->cert->sec_level;
}
@ -1329,7 +1379,7 @@ int SSL_get_security_level(const SSL *ssl)
*/
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->verify_mode;
}
@ -1341,7 +1391,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
{
long l;
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
l = ctx->session_timeout;
ctx->session_timeout = t;
@ -1354,7 +1404,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
*/
long SSL_CTX_get_timeout(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->session_timeout;
}
@ -1364,7 +1414,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx)
*/
void SSL_set_read_ahead(SSL *ssl, int yes)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->rlayer.read_ahead = yes;
}
@ -1374,7 +1424,7 @@ void SSL_set_read_ahead(SSL *ssl, int yes)
*/
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->read_ahead = yes;
}
@ -1384,7 +1434,7 @@ void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
*/
int SSL_get_read_ahead(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->rlayer.read_ahead;
}
@ -1394,7 +1444,7 @@ int SSL_get_read_ahead(const SSL *ssl)
*/
long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
@ -1404,7 +1454,7 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
*/
long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
@ -1414,7 +1464,7 @@ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
*/
long SSL_set_time(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ssl->session->time = t;
@ -1426,7 +1476,7 @@ long SSL_set_time(SSL *ssl, long t)
*/
long SSL_set_timeout(SSL *ssl, long t)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
ssl->session->timeout = t;
@ -1438,7 +1488,7 @@ long SSL_set_timeout(SSL *ssl, long t)
*/
long SSL_get_verify_result(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return SSL_METHOD_CALL(get_verify_result, ssl);
}
@ -1448,7 +1498,7 @@ long SSL_get_verify_result(const SSL *ssl)
*/
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
SSL_ASSERT(ctx);
SSL_ASSERT1(ctx);
return ctx->param.depth;
}
@ -1458,7 +1508,7 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
*/
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->param.depth = depth;
}
@ -1468,7 +1518,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
*/
int SSL_get_verify_depth(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT1(ssl);
return ssl->param.depth;
}
@ -1478,7 +1528,7 @@ int SSL_get_verify_depth(const SSL *ssl)
*/
void SSL_set_verify_depth(SSL *ssl, int depth)
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->param.depth = depth;
}
@ -1488,7 +1538,7 @@ void SSL_set_verify_depth(SSL *ssl, int depth)
*/
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
SSL_ASSERT(ctx);
SSL_ASSERT3(ctx);
ctx->verify_mode = mode;
ctx->default_verify_callback = verify_callback;
@ -1499,7 +1549,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509
*/
void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
SSL_ASSERT(ssl);
SSL_ASSERT3(ssl);
ssl->verify_mode = mode;
ssl->verify_callback = verify_callback;

Wyświetl plik

@ -26,8 +26,10 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
if (!pkey)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
goto no_mem;
}
if (ipk) {
pkey->method = ipk->method;
@ -36,14 +38,16 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
if (ret)
SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
goto failed;
}
return pkey;
failed2:
failed:
ssl_mem_free(pkey);
failed1:
no_mem:
return NULL;
}
@ -60,6 +64,8 @@ EVP_PKEY* EVP_PKEY_new(void)
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSL_ASSERT3(pkey);
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
@ -78,22 +84,27 @@ EVP_PKEY *d2i_PrivateKey(int type,
int ret;
EVP_PKEY *pkey;
SSL_ASSERT(pp);
SSL_ASSERT(*pp);
SSL_ASSERT(length);
SSL_ASSERT2(pp);
SSL_ASSERT2(*pp);
SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
if (!pkey)
SSL_RET(failed1, "EVP_PKEY_new\n");
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed1;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
if (ret)
SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed2;
}
if (a)
*a = pkey;
@ -112,8 +123,8 @@ failed1:
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT(ctx);
SSL_ASSERT(pkey);
SSL_ASSERT1(ctx);
SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
@ -131,8 +142,8 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
SSL_ASSERT(ssl);
SSL_ASSERT(pkey);
SSL_ASSERT1(ssl);
SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
@ -155,12 +166,16 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk)
SSL_RET(failed1, "d2i_PrivateKey\n");
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_CTX_use_PrivateKey(ctx, pk);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
@ -180,12 +195,16 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk)
SSL_RET(failed1, "d2i_PrivateKey\n");
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_use_PrivateKey(ssl, pk);
if (!ret)
SSL_RET(failed2, "SSL_use_PrivateKey\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;

Wyświetl plik

@ -31,12 +31,16 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
if (!stack)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!stack) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
goto no_mem1;
}
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
if (!data)
SSL_RET(failed2, "ssl_mem_zalloc\n");
if (!data) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
goto no_mem2;
}
stack->data = data;
stack->num_alloc = MIN_NODES;
@ -44,9 +48,9 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
return stack;
failed2:
no_mem2:
ssl_mem_free(stack);
failed1:
no_mem1:
return NULL;
}
@ -63,7 +67,7 @@ OPENSSL_STACK *OPENSSL_sk_new_null(void)
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
SSL_ASSERT(stack);
SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);

Wyświetl plik

@ -34,8 +34,10 @@ X509* __X509_new(X509 *ix)
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
if (!x)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!x) {
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
goto no_mem;
}
if (ix)
x->method = ix->method;
@ -43,14 +45,16 @@ X509* __X509_new(X509 *ix)
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
if (ret)
SSL_RET(failed2, "x509_new\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
goto failed;
}
return x;
failed2:
failed:
ssl_mem_free(x);
failed1:
no_mem:
return NULL;
}
@ -67,6 +71,8 @@ X509* X509_new(void)
*/
void X509_free(X509 *x)
{
SSL_ASSERT3(x);
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
@ -82,21 +88,25 @@ X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
int ret;
X509 *x;
SSL_ASSERT(buffer);
SSL_ASSERT(len);
SSL_ASSERT2(buffer);
SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x)
SSL_RET(failed1, "X509_new\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
if (ret)
SSL_RET(failed2, "x509_load\n");
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed2;
}
return x;
@ -112,8 +122,8 @@ failed1:
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
@ -130,8 +140,8 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
SSL_ASSERT(ssl);
SSL_ASSERT(x);
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
@ -148,8 +158,8 @@ int SSL_add_client_CA(SSL *ssl, X509 *x)
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
@ -166,8 +176,8 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
SSL_ASSERT(ssl);
SSL_ASSERT(x);
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
@ -184,7 +194,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
@ -199,12 +209,16 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x)
SSL_RET(failed1, "d2i_X509\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_CTX_use_certificate(ctx, x);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_certificate\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
goto failed2;
}
return 1;
@ -224,12 +238,16 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x)
SSL_RET(failed1, "d2i_X509\n");
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_use_certificate(ssl, x);
if (!ret)
SSL_RET(failed2, "SSL_use_certificate\n");
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
goto failed2;
}
return 1;
@ -260,7 +278,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
SSL_ASSERT(ssl);
SSL_ASSERT2(ssl);
return ssl->session->peer;
}

Wyświetl plik

@ -25,13 +25,7 @@
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#if 0
#define DEBUG_LOAD_BUF_STRING(str) SSL_DEBUG(1, "%s\n", str)
#else
#define DEBUG_LOAD_BUF_STRING(str)
#endif
#define X509_INFO_STRING_LENGTH 1024
#define X509_INFO_STRING_LENGTH 8192
struct ssl_pm
{
@ -63,13 +57,36 @@ struct pkey_pm
mbedtls_pk_context *ex_pkey;
};
unsigned int max_content_len;
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
/* mbedtls debug level */
#define MBEDTLS_DEBUG_LEVEL 4
/**
* @brief mbedtls debug function
*/
static void ssl_platform_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
/* Shorten 'file' from the whole file path to just the filename
This is a bit wasteful because the macros are compiled in with
the full _FILE_ path in each case.
*/
char *file_sep = rindex(file, '/');
if(file_sep)
file = file_sep + 1;
SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
}
#endif
/**
* @brief create SSL low-level object
*/
@ -87,11 +104,13 @@ int ssl_pm_new(SSL *ssl)
const SSL_METHOD *method = ssl->method;
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
if (!ssl_pm)
SSL_ERR(ret, failed1, "ssl_mem_zalloc\n");
if (!ssl_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
goto no_mem;
}
max_content_len = ssl->ctx->read_buffer_len;
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
@ -101,8 +120,10 @@ int ssl_pm_new(SSL *ssl)
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
if (ret)
SSL_ERR(ret, failed2, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
goto mbedtls_err1;
}
if (method->endpoint) {
endpoint = MBEDTLS_SSL_IS_SERVER;
@ -110,8 +131,10 @@ int ssl_pm_new(SSL *ssl)
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret)
SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
goto mbedtls_err2;
}
if (TLS_ANY_VERSION != ssl->version) {
if (TLS1_2_VERSION == ssl->version)
@ -132,11 +155,18 @@ int ssl_pm_new(SSL *ssl)
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
#else
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
#endif
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
if (ret)
SSL_ERR(ret, failed3, "mbedtls_ssl_setup:[-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
goto mbedtls_err2;
}
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
@ -144,13 +174,13 @@ int ssl_pm_new(SSL *ssl)
return 0;
failed3:
mbedtls_err2:
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
failed2:
mbedtls_err1:
mbedtls_entropy_free(&ssl_pm->entropy);
ssl_mem_free(ssl_pm);
failed1:
no_mem:
return -1;
}
@ -222,16 +252,12 @@ static int mbedtls_handshake( mbedtls_ssl_context *ssl )
{
int ret = 0;
if (ssl == NULL || ssl->conf == NULL)
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER)
{
ret = mbedtls_ssl_handshake_step(ssl);
SSL_DEBUG(1, "ssl ret %d state %d heap %d\n",
ret, ssl->state, system_get_free_heap_size());
SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
if (ret != 0)
break;
}
@ -248,19 +274,15 @@ int ssl_pm_handshake(SSL *ssl)
if (mbed_ret)
return 0;
SSL_DEBUG(1, "ssl_speed_up_enter ");
ssl_speed_up_enter();
SSL_DEBUG(1, "OK\n");
while((mbed_ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
}
}
SSL_DEBUG(1, "ssl_speed_up_exit ");
ssl_speed_up_exit();
SSL_DEBUG(1, "OK\n");
if (!mbed_ret) {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
@ -270,7 +292,7 @@ int ssl_pm_handshake(SSL *ssl)
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
} else {
ret = 0;
SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret);
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -mbed_ret);
}
return ret;
@ -430,23 +452,28 @@ int x509_pm_show_info(X509 *x)
return -1;
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
if (!buf)
SSL_RET(failed1, "");
if (!buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
goto no_mem;
}
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
if (ret <= 0)
SSL_RET(failed2, "");
if (ret <= 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
goto mbedtls_err1;
}
buf[ret] = 0;
ssl_mem_free(buf);
SSL_DEBUG(1, "%s", buf);
SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
return 0;
failed2:
mbedtls_err1:
ssl_mem_free(buf);
failed1:
no_mem:
return -1;
}
@ -455,8 +482,10 @@ int x509_pm_new(X509 *x, X509 *m_x)
struct x509_pm *x509_pm;
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
if (!x509_pm)
SSL_RET(failed1, "ssl_mem_zalloc\n");
if (!x509_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
goto failed1;
}
x->x509_pm = x509_pm;
@ -498,34 +527,38 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
if (!x509_pm->x509_crt) {
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
if (!x509_pm->x509_crt)
SSL_RET(failed1, "ssl_mem_malloc\n");
if (!x509_pm->x509_crt) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf)
SSL_RET(failed2, "ssl_mem_malloc\n");
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
DEBUG_LOAD_BUF_STRING(load_buf);
mbedtls_x509_crt_init(x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
ssl_mem_free(load_buf);
if (ret)
SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
goto failed;
}
return 0;
failed2:
failed:
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
failed1:
no_mem:
return -1;
}
@ -574,34 +607,38 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
if (!pkey_pm->pkey) {
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
if (!pkey_pm->pkey)
SSL_RET(failed1, "ssl_mem_malloc\n");
if (!pkey_pm->pkey) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf)
SSL_RET(failed2, "ssl_mem_malloc\n");
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
DEBUG_LOAD_BUF_STRING(load_buf);
mbedtls_pk_init(pkey_pm->pkey);
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
ssl_mem_free(load_buf);
if (ret)
SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
goto failed;
}
return 0;
failed2:
failed:
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
failed1:
no_mem:
return -1;
}

Wyświetl plik

@ -14,15 +14,10 @@
#include "ssl_port.h"
#ifdef ESP32_IDF_PLATFORM
#include "string.h"
#include "malloc.h"
/*********************************************************************************************/
/********************************* SSL general interface *************************************/
void* ssl_mem_zalloc(size_t size)
void *ssl_mem_zalloc(size_t size)
{
void *p = malloc(size);
@ -32,35 +27,3 @@ void* ssl_mem_zalloc(size_t size)
return p;
}
void *ssl_mem_malloc(size_t size)
{
return malloc(size);
}
void ssl_mem_free(void *p)
{
free(p);
}
void* ssl_memcpy(void *to, const void *from, size_t size)
{
return memcpy(to, from, size);
}
size_t ssl_strlen(const char *src)
{
return strlen(src);
}
void ssl_speed_up_enter(void)
{
}
void ssl_speed_up_exit(void)
{
}
#endif