OpenSSL API addition

2025-08-10 04:43:33 +00:00 · 2018-02-08 14:06:14 +05:30
parent 16de6bff24
commit f0ebf613f4
3 changed files with 189 additions and 1 deletions
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -16,6 +16,7 @@
 #include "ssl_methods.h"
 #include "ssl_dbg.h"
 #include "ssl_port.h"
+#include "ssl.h"

 /**
 * @brief show X509 certification information
@@ -39,6 +40,8 @@ X509* __X509_new(X509 *ix)
        goto no_mem;
    }

+    x->ref_counter = 1;
+
    if (ix)
        x->method = ix->method;
    else
@@ -73,6 +76,10 @@ void X509_free(X509 *x)
 {
    SSL_ASSERT3(x);

+    if (--x->ref_counter > 0) {
+        return;
+    }
+
    X509_METHOD_CALL(free, x);

    ssl_mem_free(x);
@@ -314,3 +321,108 @@ X509 *SSL_get_peer_certificate(const SSL *ssl)
    return ssl->session->peer;
 }

+/**
+ * @brief set SSL context client CA certification
+ */
+int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
+
+    x->ref_counter++;
+
+    SSL_CTX *ctx = (SSL_CTX *)store;
+    SSL_ASSERT1(ctx);
+    SSL_ASSERT1(x);
+
+    if (ctx->client_CA == x) {
+        return 1;
+    }
+
+    if (ctx->client_CA!=NULL) {
+        X509_free(ctx->client_CA);
+    }
+
+    ctx->client_CA = x;
+    return 1;
+}
+
+/**
+ * @brief create a BIO object
+ */
+BIO *BIO_new(void  *method) {
+    BIO *b = (BIO *)malloc(sizeof(BIO));
+    return b;
+}
+
+/**
+ * @brief load data into BIO.
+ *
+ * Normally BIO_write should append data but doesn't happen here, and
+ * 'data' cannot be freed after the function is called, it should remain valid 
+ * until BIO object is in use.
+ */
+int BIO_write(BIO *b, const void * data, int dlen) {
+    b->data = data;
+    b->dlen = dlen;
+    return 1;
+}
+
+/**
+ * @brief load a character certification context into system context.
+ * 
+ * If '*cert' is pointed to the certification, then load certification
+ * into it, or create a new X509 certification object.
+ */
+X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) {
+    int m = 0;
+    int ret;
+    X509 *x;
+
+    SSL_ASSERT2(bp->data);
+    SSL_ASSERT2(bp->dlen);
+
+    if (cert && *cert) {
+        x = *cert;
+    } else {
+        x = X509_new();
+        if (!x) {
+            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
+            goto failed;
+        }
+        m = 1;
+    }
+
+    ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
+    if (ret) {
+        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
+        goto failed;
+    }
+
+    return x;
+
+failed:
+    if (m) {
+        X509_free(x);
+    }
+
+    return NULL;
+}
+
+/**
+ * @brief get the memory BIO method function
+ */
+void *BIO_s_mem() {
+    return NULL;
+}
+
+/**
+ * @brief get the SSL context object X509 certification storage
+ */
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
+    return (X509_STORE *)ctx;
+}
+
+/**
+ * @brief free a BIO object
+ */
+void BIO_free(BIO *b) {
+    free(b);
+}