Portable ThingWorx OpenSSL wrapper layer.
More...
#include "twOSPort.h"
#include "twLogger.h"
#include "stdio.h"
#include "string.h"
#include "stringUtils.h"
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
Go to the source code of this file.
|
#define | TW_SSL_CTX SSL_CTX |
|
#define | TW_SSL SSL |
|
#define | TW_SSL_SESSION_ID_SIZE sizeof(void *) |
|
#define | TW_SSL_SESSION_ID(a) SSL_get1_session(a) |
|
#define | TW_GET_CERT_SIZE ssl_get_config(SSL_MAX_CERT_CFG_OFFSET) |
|
#define | TW_GET_CA_CERT_SIZE ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET) |
|
#define | TW_HANDSHAKE_SUCCEEDED(a) (a && SSL_get_state(a) == SSL_ST_OK) |
|
#define | TW_SSL_FREE(a) SSL_free(a) |
|
#define | TW_SSL_CTX_FREE(a) SSL_CTX_free(a) |
|
#define | TW_USE_CERT_FILE(a, b, c) SSL_CTX_use_PrivateKey_file(a, b, SSL_FILETYPE_PEM) |
|
#define | TW_USE_CERT_CHAIN_FILE(a, b, c) SSL_CTX_load_verify_locations(a, b, NULL) |
|
#define | TW_SET_CLIENT_CA_LIST(a, b) SSL_CTX_use_certificate_chain_file(a,b) |
|
#define | DATA_AVAILABLE(a, b, c) (twSocket_WaitFor(a, b) || SSL_pending(c)) |
|
#define | TW_NEW_SSL_CTX TW_NEW_SSL_CTX_FUNC() |
|
|
static INLINE int | TW_ENABLE_FIPS_MODE (TW_SSL_CTX *ctx) |
| Enables FIPS mode for a twTlsClient. More...
|
|
static INLINE TW_SSL * | TW_NEW_SSL_CLIENT (TW_SSL_CTX *ctx, twSocket *sock, void *session_id, int session_size) |
| Creates a new #TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()). More...
|
|
static INLINE TW_SSL * | TW_NEW_SERVER (TW_SSL_CTX *ctx, twSocket *sock) |
| Creates a new #TW_SSL connection structure (see SSL_new()). More...
|
|
static INLINE int | TW_SSL_ACCEPT (TW_SSL *s) |
| Waits for a #TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept(). More...
|
|
static INLINE int | TW_USE_KEY_FILE (SSL_CTX *ctx, const char *file, int type, char *passwd) |
| Loads the certificate authority cert chain used to validate the server's certificate in file into ctx . Wrapper function for SSL_CTX_use_PrivateKey_file(). More...
|
|
static INLINE SSL_CTX * | TW_NEW_SSL_CTX_FUNC () |
| Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new(). More...
|
|
static INLINE int | TW_SSL_READ (TW_SSL *ssl, char *buf, int len, int32_t timeout) |
| Reads len bytes of data from ssl into buf (see SSL_read()). More...
|
|
static INLINE int | TW_SSL_WRITE (TW_SSL *ssl, char *buf, int len) |
| Writes len bytes of data in buf to ssl . More...
|
|
static INLINE int | TW_VALIDATE_CERT (TW_SSL *ssl, char selfSignedOk) |
| Validates the certificate of ssl . More...
|
|
static INLINE char * | TW_GET_X509_FIELD (TW_SSL *ssl, char field) |
| Gets an X509 field of ssl . More...
|
|
|
static char | fips_enabled = FALSE |
|
unsigned char | default_private_key [] |
|
int | default_private_key_len |
|
unsigned char | default_certificate [] |
|
int | default_certificate_len |
|
static const unsigned char | s_server_session_id_context [SSL_MAX_SSL_SESSION_ID_LENGTH] = {""} |
|
Portable ThingWorx OpenSSL wrapper layer.
static INLINE int TW_ENABLE_FIPS_MODE |
( |
TW_SSL_CTX * |
ctx | ) |
|
|
static |
Enables FIPS mode for a twTlsClient.
- Parameters
-
[in] | ctx | A pointer to the context to associate with the new |
- Returns
- #TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
static INLINE char* TW_GET_X509_FIELD |
( |
TW_SSL * |
ssl, |
|
|
char |
field |
|
) |
| |
|
static |
Gets an X509 field of ssl
.
- Parameters
-
[in] | ssl | The #TW_SSL connection to get a field of. |
[in] | field | The field to get. |
- Returns
- A string containing the requested field. NULL if an error was encountered.
- Note
- The calling function will gain ownership of the returned string and is responsible for freeing it.
static INLINE TW_SSL* TW_NEW_SERVER |
( |
TW_SSL_CTX * |
ctx, |
|
|
twSocket * |
sock |
|
) |
| |
|
static |
Creates a new #TW_SSL connection structure (see SSL_new()).
- Parameters
-
[in] | ctx | A pointer to the context to associate with the connection. |
[in] | sock | A pointer to the twSocket to use for the connection. |
- Returns
- A pointer to the newly allocated #TW_SSL structure.
- Note
- The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_FREE().
static INLINE TW_SSL* TW_NEW_SSL_CLIENT |
( |
TW_SSL_CTX * |
ctx, |
|
|
twSocket * |
sock, |
|
|
void * |
session_id, |
|
|
int |
session_size |
|
) |
| |
|
static |
Creates a new #TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()).
- Parameters
-
[in] | ctx | A pointer to the context to associate with the connection. |
[in] | sock | A pointer to the twSocket for the connection to use. |
[in] | session_id | An optional session ID to associate with the connection. |
- Returns
- A pointer to the newly allocated #TW_SSL structure.
- Note
- The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_FREE().
static INLINE SSL_CTX* TW_NEW_SSL_CTX_FUNC |
( |
| ) |
|
|
static |
Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new().
- Returns
- A pointer to the newly allocated #SSL_CTX structure.
- Note
- The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_CTX_FREE().
static INLINE int TW_SSL_ACCEPT |
( |
TW_SSL * |
s | ) |
|
|
static |
Waits for a #TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept().
- Parameters
-
[in] | s | A pointer to the #TW_SSL client to utilize. |
- Returns
- 0 on success, -1 if an error was encountered.
static INLINE int TW_SSL_READ |
( |
TW_SSL * |
ssl, |
|
|
char * |
buf, |
|
|
int |
len, |
|
|
int32_t |
timeout |
|
) |
| |
|
static |
Reads len
bytes of data from ssl
into buf
(see SSL_read()).
- Parameters
-
[in] | ssl | A pointer to the #TW_SSL connection to read from. |
[out] | buf | A buffer to store the read data. |
[in] | len | The length of data to read. |
[in] | timeout | The amount of time (in milliseconds) to wait for I/O before timing out. |
- Returns
- 0 on success, -1 if an error was encountered.
- Note
- The calling function will retain ownership of
buf
and is responsible for freeing it.
static INLINE int TW_SSL_WRITE |
( |
TW_SSL * |
ssl, |
|
|
char * |
buf, |
|
|
int |
len |
|
) |
| |
|
static |
Writes len
bytes of data in buf
to ssl
.
- Parameters
-
[in] | ssl | A pointer to the #TW_SSL connection to write to. |
[out] | buf | A buffer containing the data to be written. |
[in] | len | The length of data to write. |
- Returns
- #TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
- Note
- The calling function will retain ownership of
buf
and is responsible for freeing it.
static INLINE int TW_USE_KEY_FILE |
( |
SSL_CTX * |
ctx, |
|
|
const char * |
file, |
|
|
int |
type, |
|
|
char * |
passwd |
|
) |
| |
|
static |
Loads the certificate authority cert chain used to validate the server's certificate in file
into ctx
. Wrapper function for SSL_CTX_use_PrivateKey_file().
- Parameters
-
[in] | ctx | The context to load the key into. |
[in] | file | The file to get the certificate from. |
[in] | type | The container format of file (should be #SSL_FILETYPE_PEM). |
[in] | passwd | The password callback to use for encrypted PEM file handling. |
static INLINE int TW_VALIDATE_CERT |
( |
TW_SSL * |
ssl, |
|
|
char |
selfSignedOk |
|
) |
| |
|
static |
Validates the certificate of ssl
.
- Parameters
-
[in] | ssl | A pointer to the #TW_SSL to validate the certificate of. |
- Returns
- 0 on success, -1 on error.