1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "ssl_x509.h"
16 #include "ssl_methods.h"
17 #include "ssl_dbg.h"
18 #include "ssl_port.h"
19
20 #include <assert.h>
21
22 /**
23 * @brief show X509 certification information
24 */
__X509_show_info(X509 * x)25 int __X509_show_info(X509 *x)
26 {
27 return X509_METHOD_CALL(show_info, x);
28 }
29
30 /**
31 * @brief create a X509 certification object according to input X509 certification
32 */
__X509_new(X509 * ix)33 X509* __X509_new(X509 *ix)
34 {
35 int ret;
36 X509 *x;
37
38 x = ssl_mem_zalloc(sizeof(X509));
39 if (!x) {
40 SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
41 goto no_mem;
42 }
43
44 if (ix)
45 x->method = ix->method;
46 else
47 x->method = X509_method();
48
49 ret = X509_METHOD_CALL(new, x, ix);
50 if (ret) {
51 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
52 goto failed;
53 }
54
55 return x;
56
57 failed:
58 ssl_mem_free(x);
59 no_mem:
60 return NULL;
61 }
62
63 /**
64 * @brief create a X509 certification object
65 */
X509_new(void)66 X509* X509_new(void)
67 {
68 return __X509_new(NULL);
69 }
70
71 /**
72 * @brief free a X509 certification object
73 */
X509_free(X509 * x)74 void X509_free(X509 *x)
75 {
76 SSL_ASSERT3(x);
77
78 X509_METHOD_CALL(free, x);
79
80 ssl_mem_free(x);
81 };
82
83 /**
84 * @brief load a character certification context into system context. If '*cert' is pointed to the
85 * certification, then load certification into it. Or create a new X509 certification object
86 */
d2i_X509(X509 ** cert,const unsigned char * buffer,long len)87 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
88 {
89 int m = 0;
90 int ret;
91 X509 *x;
92
93 SSL_ASSERT2(buffer);
94 SSL_ASSERT2(len);
95
96 if (cert && *cert) {
97 x = *cert;
98 } else {
99 x = X509_new();
100 if (!x) {
101 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
102 goto failed1;
103 }
104 m = 1;
105 }
106
107 ret = X509_METHOD_CALL(load, x, buffer, len);
108 if (ret) {
109 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
110 goto failed2;
111 }
112
113 return x;
114
115 failed2:
116 if (m)
117 X509_free(x);
118 failed1:
119 return NULL;
120 }
121
122 /**
123 * @brief return SSL X509 verify parameters
124 */
125
SSL_get0_param(SSL * ssl)126 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
127 {
128 return &ssl->param;
129 }
130
131 /**
132 * @brief set X509 host verification flags
133 */
134
X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM * param,unsigned long flags)135 int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
136 unsigned long flags)
137 {
138 /* flags not supported yet */
139 return 0;
140 }
141
142 /**
143 * @brief clear X509 host verification flags
144 */
145
X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM * param,unsigned long flags)146 int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
147 unsigned long flags)
148 {
149 /* flags not supported yet */
150 return 0;
151 }
152
153 /**
154 * @brief set SSL context client CA certification
155 */
SSL_CTX_add_client_CA(SSL_CTX * ctx,X509 * x)156 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
157 {
158 SSL_ASSERT1(ctx);
159 SSL_ASSERT1(x);
160 assert(ctx);
161 if (ctx->client_CA == x)
162 return 1;
163
164 X509_free(ctx->client_CA);
165
166 ctx->client_CA = x;
167
168 return 1;
169 }
170
171 /**
172 * @brief add CA client certification into the SSL
173 */
SSL_CTX_add_client_CA_ASN1(SSL_CTX * ctx,int len,const unsigned char * d)174 int SSL_CTX_add_client_CA_ASN1(SSL_CTX *ctx, int len,
175 const unsigned char *d)
176 {
177 X509 *x;
178
179 x = d2i_X509(NULL, d, len);
180 if (!x) {
181 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
182 return 0;
183 }
184 SSL_ASSERT1(ctx);
185
186 X509_free(ctx->client_CA);
187
188 ctx->client_CA = x;
189
190 return 1;
191 }
192
193 /**
194 * @brief add CA client certification into the SSL
195 */
SSL_add_client_CA(SSL * ssl,X509 * x)196 int SSL_add_client_CA(SSL *ssl, X509 *x)
197 {
198 SSL_ASSERT1(ssl);
199 SSL_ASSERT1(x);
200
201 if (ssl->client_CA == x)
202 return 1;
203
204 X509_free(ssl->client_CA);
205
206 ssl->client_CA = x;
207
208 return 1;
209 }
210
211 /**
212 * @brief set the SSL context certification
213 */
SSL_CTX_use_certificate(SSL_CTX * ctx,X509 * x)214 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
215 {
216 SSL_ASSERT1(ctx);
217 SSL_ASSERT1(x);
218
219 if (ctx->cert->x509 == x)
220 return 1;
221
222 X509_free(ctx->cert->x509);
223
224 ctx->cert->x509 = x;
225
226 return 1;
227 }
228
229 /**
230 * @brief set the SSL certification
231 */
SSL_use_certificate(SSL * ssl,X509 * x)232 int SSL_use_certificate(SSL *ssl, X509 *x)
233 {
234 SSL_ASSERT1(ssl);
235 SSL_ASSERT1(x);
236
237 if (ssl->cert->x509 == x)
238 return 1;
239
240 X509_free(ssl->cert->x509);
241
242 ssl->cert->x509 = x;
243
244 return 1;
245 }
246
247 /**
248 * @brief get the SSL certification point
249 */
SSL_get_certificate(const SSL * ssl)250 X509 *SSL_get_certificate(const SSL *ssl)
251 {
252 SSL_ASSERT2(ssl);
253
254 return ssl->cert->x509;
255 }
256
257 /**
258 * @brief load certification into the SSL context
259 */
SSL_CTX_use_certificate_ASN1(SSL_CTX * ctx,int len,const unsigned char * d)260 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
261 const unsigned char *d)
262 {
263 int ret;
264 X509 *x;
265
266 x = d2i_X509(NULL, d, len);
267 if (!x) {
268 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
269 goto failed1;
270 }
271
272 ret = SSL_CTX_use_certificate(ctx, x);
273 if (!ret) {
274 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
275 goto failed2;
276 }
277
278 return 1;
279
280 failed2:
281 X509_free(x);
282 failed1:
283 return 0;
284 }
285
286 /**
287 * @brief load certification into the SSL
288 */
SSL_use_certificate_ASN1(SSL * ssl,const unsigned char * d,int len)289 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
290 {
291 int ret;
292 X509 *x;
293
294 x = d2i_X509(NULL, d, len);
295 if (!x) {
296 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
297 goto failed1;
298 }
299
300 ret = SSL_use_certificate(ssl, x);
301 if (!ret) {
302 SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
303 goto failed2;
304 }
305
306 return 1;
307
308 failed2:
309 X509_free(x);
310 failed1:
311 return 0;
312 }
313
314 /**
315 * @brief load the certification file into SSL context
316 */
SSL_CTX_use_certificate_file(SSL_CTX * ctx,const char * file,int type)317 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
318 {
319 return 0;
320 }
321
322 /**
323 * @brief load the certification file into SSL
324 */
SSL_use_certificate_file(SSL * ssl,const char * file,int type)325 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
326 {
327 return 0;
328 }
329
330 /**
331 * @brief get peer certification
332 */
SSL_get_peer_certificate(const SSL * ssl)333 X509 *SSL_get_peer_certificate(const SSL *ssl)
334 {
335 SSL_ASSERT2(ssl);
336
337 return ssl->session->peer;
338 }
339
X509_STORE_CTX_get_error(X509_STORE_CTX * ctx)340 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
341 {
342 return X509_V_ERR_UNSPECIFIED;
343 }
344
X509_STORE_CTX_get_error_depth(X509_STORE_CTX * ctx)345 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
346 {
347 return 0;
348 }
349
X509_verify_cert_error_string(long n)350 const char *X509_verify_cert_error_string(long n)
351 {
352 return "unknown";
353 }
354