20 #define STDCALL __stdcall
28 int16_t returnValue(int16_t v);
31 uint8_t * leftover_buf;
32 uint8_t * leftover_ptr;
33 uint16_t leftover_cnt;
34 uint16_t max_leftover;
37 #define TW_SSL_CTX SSL_CTX
38 #define TW_SSL ssl_struct
39 #define TW_SSL_SESSION_ID_SIZE SSL_SESSION_ID_SIZE
40 #define TW_SSL_SESSION_ID(a) a ? a->ssl->session_id : NULL
41 #define TW_GET_CERT_SIZE ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
42 #define TW_GET_CA_CERT_SIZE ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
43 #define TW_NEW_SSL_CTX ssl_ctx_new(options | SSL_SERVER_VERIFY_LATER, SSL_DEFAULT_CLNT_SESS)
48 #define TW_SSL_CTX_FREE(a) ssl_ctx_free(a)
49 #define TW_SSL_WRITE(a,b,c) ssl_write(a->ssl,(uint8_t *)b,c)
50 #define TW_USE_CERT_FILE(a,b,c) ssl_obj_load(a, SSL_OBJ_X509_CERT, b, NULL)
51 #define TW_USE_KEY_FILE(a,b,c,d) ssl_obj_load(a, SSL_OBJ_RSA_KEY, b, d)
52 #define TW_USE_CERT_CHAIN_FILE(a,b,c) ssl_obj_load(a, SSL_OBJ_X509_CACERT, b, NULL)
53 #define TW_SET_CLIENT_CA_LIST(a,b) ssl_obj_load(a, SSL_OBJ_X509_CACERT, (const char *)b, NULL)
54 #define TW_ENABLE_FIPS_MODE(a) returnValue(TW_FIPS_MODE_NOT_SUPPORTED)
55 #define TW_SHA1_CTX SHA1_CTX
56 #define TW_SHA1_INIT(a) SHA1_Init(a)
57 #define TW_SHA1_UPDATE(a,b,c) SHA1_Update(a,b,c)
58 #define TW_SHA1_FINAL(a,b) SHA1_Final(a,b)
59 #define TW_MD5_CTX MD5_CTX
60 #define TW_MD5_INIT(a) MD5_Init(a)
61 #define TW_MD5_UPDATE(a,b,c) MD5_Update(a,b,c)
62 #define TW_MD5_FINAL(a,b) MD5_Final(a,b)
63 #define DATA_AVAILABLE(a,b,c) 1
65 static INLINE TW_SSL *
TW_NEW_SSL_CLIENT(SSL_CTX *ssl_ctx,
twSocket * client_fd,
void * session_id, uint8_t sess_id_size) {
66 TW_SSL * s = (TW_SSL *)TW_CALLOC(
sizeof(TW_SSL), 1);
68 s->ssl = ssl_client_new(ssl_ctx, client_fd, (
const uint8_t *)session_id, sess_id_size);
76 static INLINE
char TW_HANDSHAKE_SUCCEEDED(TW_SSL * s) {
77 if (!s || !s->ssl)
return FALSE;
78 return (ssl_handshake_status(s->ssl) == SSL_OK);
82 TW_SSL * s = (TW_SSL *)TW_CALLOC(
sizeof(TW_SSL), 1);
84 s->ssl = ssl_server_new(ssl_ctx, client_fd);
92 static INLINE
void TW_SSL_FREE(TW_SSL * s){
94 if (s->ssl) ssl_free(s->ssl);
95 if (s->leftover_buf) TW_FREE(s->leftover_buf);
111 static INLINE
int TW_SSL_READ(TW_SSL * ssl,
char * buf,
int len, int32_t timeout) {
113 uint8_t *read_buf = NULL;
115 if(!ssl || !buf)
return -1;
117 if (ssl->leftover_cnt && ssl->leftover_ptr) {
118 uint16_t bytes = ssl->leftover_cnt > len ? len : ssl->leftover_cnt;
119 memcpy(buf, ssl->leftover_ptr, bytes);
120 if (ssl->leftover_cnt > len) {
121 ssl->leftover_cnt -= len;
122 ssl->leftover_ptr += bytes;
124 ssl->leftover_cnt = 0;
125 ssl->leftover_ptr = ssl->leftover_buf;
135 uint16_t bytes = ret > len ? len : ret;
136 memcpy(buf, read_buf, bytes);
137 ssl->leftover_cnt = ret > len ? ret - len : 0;
139 if (ssl->leftover_cnt) {
140 if (ssl->leftover_cnt > ssl->max_leftover) {
141 if (ssl->leftover_buf) TW_FREE(ssl->leftover_buf);
143 ssl->leftover_buf = (uint8_t *)TW_CALLOC(ssl->leftover_cnt,1);
144 if (!ssl->leftover_buf) {
145 printf(
"\nAXTLS - PANIC! Unable to allocate memory\n\n");
148 ssl->leftover_ptr = ssl->leftover_buf;
149 ssl->max_leftover = ssl->leftover_cnt;
151 memcpy(ssl->leftover_buf, read_buf + bytes, ssl->leftover_cnt);
155 }
else if (ret == SSL_OK) {
158 return TW_READ_TIMEOUT;
170 if (!s || !s->ssl)
return -1;
171 while (ssl_read(s->ssl, NULL) == SSL_OK) {
172 if (s->ssl->next_state == HS_CLIENT_HELLO)
189 if (!ssl || !ssl->ssl)
return 1;
190 res = ssl_verify_cert ( ssl->ssl );
191 if (res) res = res - SSL_X509_OFFSET;
192 if (res == SSL_OK)
return 0;
193 if( res != SSL_OK && (selfSignedOk && res == X509_VFY_ERROR_SELF_SIGNED))
return 0;
217 const char * tmp = NULL;
218 if (!ssl || !ssl->ssl)
return NULL;
221 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CERT_COMMON_NAME);
224 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CERT_ORGANIZATION);
227 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CERT_ORGANIZATIONAL_NAME);
230 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CA_CERT_COMMON_NAME);
233 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CA_CERT_ORGANIZATION);
236 tmp = ssl_get_cert_dn(ssl->ssl, SSL_X509_CA_CERT_ORGANIZATIONAL_NAME);
static INLINE TW_SSL * TW_NEW_SSL_CLIENT(TW_SSL_CTX *ctx, twSocket *sock, void *session_id, int session_size)
Creates a new #TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()).
Definition: twOpenSSL.h:102
char twTimeGreaterThan(DATETIME t1, DATETIME t2)
Compares two DATETIME variables to see if one is greater.
Definition: twIos.c:31
static INLINE int TW_SSL_READ(TW_SSL *ssl, char *buf, int len, int32_t timeout)
Reads len bytes of data from ssl into buf (see SSL_read()).
Definition: twOpenSSL.h:274
String utility function prototypes.
static INLINE char * TW_GET_X509_FIELD(TW_SSL *ssl, char field)
Gets an X509 field of ssl.
Definition: twOpenSSL.h:385
twSocket base type definition.
Definition: twOSPort.h:175
Wrappers for OS-specific functionality.
static INLINE TW_SSL * TW_NEW_SERVER(TW_SSL_CTX *ctx, twSocket *sock)
Creates a new #TW_SSL connection structure (see SSL_new()).
Definition: twOpenSSL.h:157
static INLINE int TW_SSL_ACCEPT(TW_SSL *s)
Waits for a #TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept()...
Definition: twOpenSSL.h:195
static INLINE int TW_VALIDATE_CERT(TW_SSL *ssl, char selfSignedOk)
Validates the certificate of ssl.
Definition: twOpenSSL.h:363
uint64_t twGetSystemMillisecondCount()
Gets the current system time in milliseconds.
Definition: twIos.c:49
char * duplicateString(const char *input)
Copies a string.
Definition: stringUtils.c:38