ThingWorx C SDK
twOpenSSL.h
Go to the documentation of this file.
1 /***************************************
2  * Copyright 2017, PTC, Inc.
3  ***************************************/
4 
10 #ifndef TW_OPENSSL_H
11 #define TW_OPENSSL_H
12 
13 #include "twDefaultSettings.h"
14 #include "twOSPort.h"
15 #include "twLogger.h"
16 #include "stdio.h"
17 #include "string.h"
18 #include "stringUtils.h"
19 
20 #include <openssl/bio.h>
21 #include <openssl/ssl.h>
22 #include <openssl/err.h>
23 #include <openssl/pem.h>
24 #include <openssl/x509.h>
25 #include <openssl/x509_vfy.h>
26 #include <openssl/sha.h>
27 #include <openssl/md5.h>
28 /*OpenSSL version header*/
29 #include <openssl/opensslv.h>
30 
31 #define openssl_version TW_SSL_VERSION()
32 /*Set the default openssl cipher string */
33 #define TW_SSL_DEFAULT_CIPHER_STRING "ALL:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ADH:!IDEA:!3DES:!SRP"
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #ifndef USING_OPENSSL
40 #define USING_OPENSSL
41 #endif
42 
43 #define TW_SSL_CTX SSL_CTX
44 #define TW_SSL SSL
45 #define TW_SSL_SESSION_ID_SIZE sizeof(void *)
46 #define TW_SSL_SESSION_ID(a) SSL_get1_session(a)
47 #define TW_GET_CERT_SIZE ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
48 #define TW_GET_CA_CERT_SIZE ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
49 #define TW_HANDSHAKE_SUCCEEDED(a) (a && SSL_get_state(a) == SSL_ST_OK)
50 #define TW_SSL_FREE(a) SSL_free(a)
51 #define TW_SSL_CTX_FREE(a) SSL_CTX_free(a)
52 #define DATA_AVAILABLE(a,b,c) (twSocket_WaitFor(a, b) || (c && SSL_pending(c)))
53 #ifndef OPENSSL_FIPS
54 #define TW_FIPS_CAPABLE FALSE
55 #else
56 #define TW_FIPS_CAPABLE TRUE
57 #endif
58 
59 /*********
60 * Neither SHA1 nor MD5 are FIPS approved, but we don't use them
61 * for any crypto/communications functions, however the FIPS library
62 * will exit the program if we try to use them.
63 **********/
64 #if TLS != FIPS
65 #define TW_SHA1_CTX SHA_CTX
66 #define TW_SHA1_INIT(a) SHA1_Init(a)
67 #define TW_SHA1_UPDATE(a,b,c) SHA1_Update(a,b,c)
68 #define TW_SHA1_FINAL(a,b) SHA1_Final(a,b)
69 
70 #define TW_MD5_CTX MD5_CTX
71 #define TW_MD5_INIT(a) MD5_Init(a)
72 #define TW_MD5_UPDATE(a,b,c) MD5_Update(a,b,c)
73 #define TW_MD5_FINAL(a,b) MD5_Final(a,b)
74 #endif
75 
76 static INLINE const char* TW_SSL_VERSION()
77 {
78  static char tls_full_version[64] = {0}; /* The caller isn't expected to FREE what we return */
79  const char* raw_tls_full_version = SSLeay_version(SSLEAY_VERSION); /* eg "OpenSSL 1.0.2l-fips 25 May 2017" */
80 
81  if(strncmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT,64) != 0){
82  TW_LOG(TW_WARN, "TW_SSL_VERSION: Error tls runtime version: %s, does not match compiled version: %s",SSLeay_version(SSLEAY_VERSION),OPENSSL_VERSION_TEXT);
83  }
84 
85  memcpy (tls_full_version, raw_tls_full_version, strnlen(raw_tls_full_version, 63));
86 
87  strtok(tls_full_version, " ");
88  return strtok(NULL, " ");
89 }
90 
91 static INLINE int TW_USE_CERT_FILE(TW_SSL_CTX * ctx, const char * cert, int type)
92 {
93  int32_t ret = SSL_CTX_use_certificate_file(ctx, cert, type);
94  if (ret <= 0) {
95  TW_LOG(TW_ERROR, "TW_USE_CERT_FILE: Error setting the certificate file.");
96  return -1;
97  }
98  return TW_OK;
99 }
100 
107 static INLINE int TW_IS_FIPS_COMPATIBLE() {
108  if (TW_FIPS_CAPABLE == TRUE) {
109  return TW_OK;
110  }
111  return TW_FIPS_MODE_NOT_SUPPORTED;
112 }
113 
119 static INLINE int TW_IS_FIPS_MODE_ENABLED() {
120  if (TW_FIPS_CAPABLE == TRUE) {
121  int ret = 0;
122  ret = FIPS_mode();
123  if(!ret) {
124  return FALSE;
125  }
126  else {
127  return TRUE;
128  }
129  }
130  return FALSE;
131 }
132 
139 static INLINE int TW_ENABLE_FIPS_MODE() {
140  int ret = TW_IS_FIPS_COMPATIBLE();
141  if (TW_OK == ret) {
142  if (TW_IS_FIPS_MODE_ENABLED() != TRUE) {
143  ret = FIPS_mode_set(1); /* FIPS mode *on* */
144  if(ret != 1) {
145  TW_LOG(TW_ERROR, "TW_ENABLE_FIPS_MODE: FIPS_mode_set(on) failed: %s.", ERR_error_string(ERR_get_error(), NULL));
146  ret = TW_ENABLE_FIPS_MODE_FAILED;
147  }
148  }
149  }
150  return ret;
151 }
152 
161 static INLINE int TW_DISABLE_FIPS_MODE() {
162  int ret = 0;
163  if (TW_IS_FIPS_MODE_ENABLED() == TRUE) {
164  ret = FIPS_mode_set(0); /* FIPS mode *off*/
165  if(ret != 1) {
166  TW_LOG(TW_ERROR, "TW_DISABLE_FIPS_MODE: FIPS_mode_set(off) failed: %s.", ERR_error_string(ERR_get_error(), NULL));
167  return TW_DISABLE_FIPS_MODE_FAILED;
168  }
169  }
170  return TW_OK;
171 }
172 
189 static INLINE TW_SSL * TW_NEW_SSL_CLIENT(TW_SSL_CTX * ctx, twSocket * sock, void * session_id, int session_size) {
190  TW_SSL * ssl = NULL;
191  BIO * bio = NULL;
192  signed int res = 0;
193  ssl=SSL_new(ctx);
194  if (!ssl) {
195  TW_LOG(TW_ERROR, "TW_NEW_SSL_CLIENT: Error creating SSL session. Error: %s", ERR_error_string(ERR_get_error(), NULL));
196  return NULL;
197  }
198  if (session_id) SSL_set_session(ssl, (SSL_SESSION *)session_id);
199  bio=BIO_new_socket(sock->sock,BIO_NOCLOSE);
200  if (!bio) {
201  TW_LOG(TW_ERROR, "TW_NEW_SSL_CLIENT: Error creating SSL BIO. Error: %s.", ERR_error_string(ERR_get_error(), NULL));
202  TW_SSL_FREE(ssl);
203  return NULL;
204  }
205 
206  SSL_set_bio(ssl,bio,bio);
207  res = SSL_connect(ssl);
208  if ( res != 1 ) {
209  const char * tmp = NULL;
210  int index = 0;
211  TW_LOG(TW_ERROR,"TW_NEW_SSL_CLIENT: SSL handshake error. Error: %s.", ERR_error_string(ERR_get_error(), NULL));
212  do {
213  tmp = SSL_get_cipher_list(ssl,index);
214  if (tmp != NULL) {
215  TW_LOG(TW_TRACE,"TW_NEW_SSL_CLIENT: Ciphers Supported: %s", tmp);
216  index++;
217  }
218  }
219  while (tmp != NULL);
220  TW_SSL_FREE(ssl);
221  return NULL;
222  }
223  return ssl;
224 }
225 
226 static const unsigned char s_server_session_id_context[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
227 
237 static INLINE int TW_SSL_LIST_CIPHERS(TW_SSL_CTX * ctx) {
238  TW_SSL * ssl = NULL;
239  char *ciphers = NULL;
240  const char *p;
241  int i;
242 
243  ssl=SSL_new(ctx);
244 
245  for (i = 0;; i++) {
246  p = SSL_get_cipher_list(ssl, i);
247  if (p == NULL) {
248  break;
249  }
250  if (i == 0) {
251  ciphers = duplicateString(p);
252  }
253  else {
254  concatenateStrings(&ciphers,":");
255  concatenateStrings(&ciphers,p);
256  }
257  }
258  TW_LOG(TW_TRACE, "Listing all available ciphers: %s", ciphers);
259  TW_FREE(ciphers);
260  TW_SSL_FREE(ssl);
261  return TW_OK;
262 }
263 
277 static INLINE TW_SSL * TW_NEW_SERVER(TW_SSL_CTX * ctx, twSocket * sock) {
278  TW_SSL * ssl = NULL;
279  BIO * bio = NULL;
280  RSA * r = NULL;
281  X509 * x = NULL;
282  unsigned char * p = NULL;
283  int ret = 0;
284 
285  if (!ctx || !sock) return NULL;
286 
287  /* Enable ECDH based keys if ctx used for server */
288  SSL_CTX_set_ecdh_auto(ctx, 1);
289 
290  ret = SSL_CTX_check_private_key(ctx);
291  if ( ret != 1 ) {
292  TW_LOG(TW_ERROR, "TW_NEW_SERVER: Error validating server certificate/key pair. Error: %s", ERR_error_string(ERR_get_error(), NULL));
293  return NULL;
294  }
295  SSL_CTX_set_session_id_context(ctx, s_server_session_id_context, sizeof(s_server_session_id_context));
296  ssl=SSL_new(ctx);
297  if (!ssl) {
298  TW_LOG(TW_ERROR, "TW_NEW_SERVER: Error creating SSL session. Error: %s", ERR_error_string(ERR_get_error(), NULL));
299  return NULL;
300  }
301  bio=BIO_new_socket(sock->sock,BIO_NOCLOSE);
302  if (!bio) {
303  TW_LOG(TW_ERROR, "TW_NEW_SERVER: Error creating SSL BIO. Error: %s.", ERR_error_string(ERR_get_error(), NULL));
304  TW_SSL_FREE(ssl);
305  return NULL;
306  }
307  SSL_set_bio(ssl,bio,bio);
308  return ssl;
309 }
310 
319 static INLINE int TW_SSL_ACCEPT(TW_SSL * s) {
320  int res = SSL_accept(s);
321  if ( res != 1 ) {
322  const char * tmp = NULL;
323  int index = 0;
324  TW_LOG(TW_ERROR,"TW_SSL_ACCEPT: SSL handshake error. Error: %s.", ERR_error_string(ERR_get_error(), NULL));
325  do {
326  tmp = SSL_get_cipher_list(s,index);
327  if (tmp != NULL) {
328  TW_LOG(TW_TRACE," Ciphers Supported: %s", tmp);
329  index++;
330  }
331  }
332  while (tmp != NULL);
333  return -1;
334  }
335  return 0;
336 }
337 
350 static INLINE int TW_USE_KEY_FILE(SSL_CTX * ctx, const char * file, int type, char * passwd) {
351  uint32_t ret = 0;
352  SSL_CTX_set_default_passwd_cb_userdata(ctx, passwd);
353  ret = SSL_CTX_use_PrivateKey_file(ctx, file, type);
354 
355  if (ret <= 0) {
356  TW_LOG(TW_ERROR, "TW_USE_KEY_FILE: Error setting the key file - %s", ERR_error_string(ERR_get_error(), NULL));
357  return -1;
358  }
359  return TW_OK;
360 }
361 
362 
374 static INLINE int TW_SET_CLIENT_CA_LIST(SSL_CTX *ctx, const char *CAfile,const char *CAPAth) {
375  int ret = 0;
376  ret = SSL_CTX_load_verify_locations(ctx, CAfile, CAPAth);
377  if (ret == 1) {
378  return TW_OK;
379  } else {
380  TW_LOG (TW_ERROR, "TW_SET_CLIENT_CA_LIST: Loading a certificate authority chain from file into the ctx: %s.", ERR_error_string(ERR_get_error(), NULL));
381  return TW_TLS_ERROR_LOADING_FILE;
382  }
383 }
384 
385 /*#define TW_USE_CERT_CHAIN_FILE(a,b) SSL_CTX_use_certificate_chain_file(a,b)*/
396 static INLINE int TW_USE_CERT_CHAIN_FILE(SSL_CTX *ctx, const char *file, int type) {
397  int ret = 0;
398  ret = SSL_CTX_use_certificate_chain_file(ctx, file);
399  if (ret == 1) {
400  return TW_OK;
401  } else {
402  TW_LOG (TW_ERROR, "TW_USE_CERT_CHAIN_FILE: Error setting the default location for certificate chain: %s.", ERR_error_string(ERR_get_error(), NULL));
403  return TW_TLS_ERROR_LOADING_FILE;
404  }
405 }
406 
407 
417 static INLINE SSL_CTX * TW_NEW_SSL_CTX_FUNC() {
418  const char *cipher_string = NULL;
419  int ret = 0;
420  SSL_CTX * ctx = NULL;
421  if (twcfg.initialize_encryption_library) {
422  if (SSL_library_init () != 1)
423  {
424  TW_LOG (TW_ERROR, "TW_NEW_SSL_CTX_FUNC: Error initializing OpenSSL library: %lx.", ERR_get_error ());
425  return NULL;
426  }
427  OpenSSL_add_all_algorithms (); /* load encryption & hash algorithms for SSL */
428  SSL_load_error_strings (); /* load the error strings for good error reporting */
429  ERR_load_crypto_strings ();
430  }
431  ctx = SSL_CTX_new(SSLv23_method());
432  /* Limit to TLS only */
433  if (ctx) SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
434  /* Check if running with FIPS mode enabled */
435  if(TW_IS_FIPS_MODE_ENABLED() == TRUE){
436  /* If FIPS enabled set to OpenSSL recommended cipher string https://wiki.openssl.org/index.php/FIPS_mode_and_TLS */
437  cipher_string = "TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL";
438  } /* If cipher string not set drop to default */
439  else if(twcfg.cipher_set == NULL){
440  cipher_string = TW_SSL_DEFAULT_CIPHER_STRING;
441  } else {
442  /* If running without FIPS check for cipher string set in twcfg */
443  cipher_string = twcfg.cipher_set;
444  }
445 
446  if (ctx) {
447  ret = SSL_CTX_set_cipher_list(ctx, cipher_string);
448  if (ret != 1) {
449  TW_LOG(TW_ERROR,"TW_NEW_SSL_CTX_FUNC: Setting SSL cipher string Error: %s", ERR_error_string(ERR_get_error(), NULL));
450  TW_SSL_CTX_FREE(ctx);
451  return NULL;
452  }
453  }
454  else {
455  TW_LOG(TW_INFO,"Setting OpenSSL cipher string to: %s", twcfg.cipher_set);
456  }
457  ret = TW_SSL_LIST_CIPHERS(ctx);
458  if (ret != TW_OK ) {
459  TW_LOG(TW_ERROR,"TW_NEW_SSL_CTX_FUNC: Error getting valid cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
460  }
461  return ctx;
462 }
463 #define TW_NEW_SSL_CTX TW_NEW_SSL_CTX_FUNC()
464 
479 static INLINE int TW_SSL_READ(TW_SSL * ssl, char * buf, int len, int32_t timeout) {
480  int32_t ret = SSL_ERROR_NONE;
481  int32_t retries = 0;
482  /* Loop until we are unblocked or timeout */
483  DATETIME start = twGetSystemTime(TRUE);
484  if (!ssl || !buf) return -1;
485  while (twTimeLessThan(twGetSystemTime(TRUE), twAddMilliseconds(start,twcfg.default_message_timeout)) && retries < 3) {
486  if(!ssl) break;
487  ret = SSL_read(ssl, buf, len);
488  switch (SSL_get_error(ssl,ret)) {
489  case SSL_ERROR_NONE:
490  break;
491  case SSL_ERROR_WANT_WRITE:
492  case SSL_ERROR_WANT_READ:
493  case SSL_ERROR_WANT_X509_LOOKUP:
494  ret = -1;
495  TW_LOG(TW_INFO, "TW_SSL_READ: Read BLOCK on try %d. Error: %s", retries, ERR_error_string(ret, NULL));
496  retries++;
497  twSleepMsec(5);
498  continue;
499  case SSL_ERROR_SYSCALL:
500  case SSL_ERROR_SSL:
501  TW_LOG(TW_ERROR, "TW_SSL_READ: Error reading from SSL stream");
502  break;
503  case SSL_ERROR_ZERO_RETURN:
504  TW_LOG(TW_TRACE, "TW_SSL_READ: Read 0 bytes");
505  break;
506  }
507  break;
508  }
509 
510  /* Check for a timeout or error */
511  if (ret <= 0 || twTimeGreaterThan(twGetSystemTime(TRUE), twAddMilliseconds(start,twcfg.default_message_timeout))) {
512  TW_LOG(TW_ERROR, "TW_SSL_READ: Timed out or error waiting reading from socket. Error: %s", ERR_error_string(ret, NULL));
513  return TW_TIMEOUT_READING_FROM_SOCKET;
514  }
515  return ret;
516 }
517 
531 static INLINE int TW_SSL_WRITE(TW_SSL * ssl, char * buf, int len) {
532  int retries = 0;
533  int result = 0;
534  int socketReady = 0;
535  BIO * bio;
536 
537  TW_SOCKET_TYPE sslSocket;
538  fd_set sslSocketFd;
539 
540  while (retries < 3) {
541  bio = SSL_get_wbio(ssl);
542  BIO_get_fd(bio, &sslSocket);
543 
544  FD_ZERO(&sslSocketFd);
545  FD_SET(sslSocket, &sslSocketFd);
546 
547  /* EDGE-2127: Check if the socket is ready before writing to it. Skipping this step may cause the call to SSL_write to hang.*/
548  socketReady = select(FD_SETSIZE, 0, &sslSocketFd, 0, 0);
549 
550  if(socketReady == 1)
551  {
552  result = SSL_write(ssl, buf, len);
553 
554  switch (SSL_get_error(ssl,result)) {
555  case SSL_ERROR_NONE:
556  break;
557  case SSL_ERROR_WANT_WRITE:
558  case SSL_ERROR_WANT_READ:
559  case SSL_ERROR_WANT_X509_LOOKUP:
560  result = 0;
561  retries++;
562  TW_LOG(TW_ERROR, "TW_SSL_WRITE: Write BLOCK. Retry %d in 5 msec", retries);
563  twSleepMsec(5);
564  continue;
565  case SSL_ERROR_SYSCALL:
566  case SSL_ERROR_SSL:
567  TW_LOG(TW_ERROR, "TW_SSL_WRITE: Write failed. Error: %s", ERR_error_string(result, NULL));
568  break;
569  case SSL_ERROR_ZERO_RETURN:
570  TW_LOG(TW_WARN,"TW_SSL_WRITE: Zero bytes written.");
571  break;
572  }
573  break;
574  }
575  else
576  {
577  result = SSL_ERROR_SSL;
578  if(socketReady == 0)
579  {
580  TW_LOG(TW_ERROR, "TW_SSL_WRITE Error: Socket not ready: %d", socketReady);
581  }
582  else
583  {
584  TW_LOG(TW_ERROR, "TW_SSL_WRITE Error occurred reading socket state: %d", socketReady);
585  }
586 
587  retries++;
588  }
589  }
590  return result;
591 }
592 
601 static INLINE int TW_VALIDATE_CERT(TW_SSL * ssl, char selfSignedOk) {
602  int32_t res = SSL_get_verify_result(ssl);
603  if( res != X509_V_OK && !(selfSignedOk && (res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN))) {
604  TW_LOG(TW_ERROR, "TW_VALIDATE_CERT: Certificate rejected. Code: %d, Reason = %s",res, X509_verify_cert_error_string(res));
605  return TW_INVALID_SSL_CERT;
606  } else {
607  return 0;
608  }
609 }
610 
623 static INLINE char * TW_GET_X509_FIELD(TW_SSL * ssl, char field) {
624  /* Caller will own the returned pointer */
625  int nid = 0;
626  char tmp[256];
627  X509 * cert = NULL;
628  X509_NAME * name = NULL;
629  if (!ssl) return NULL;
630  cert = SSL_get_peer_certificate(ssl);
631  if (!cert) return NULL;
632  switch (field) {
633  case TW_SUBJECT_CN:
634  nid = OBJ_txt2nid("CN");
635  name = X509_get_subject_name(cert);
636  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
637  break;
638  case TW_SUBJECT_O:
639  nid = OBJ_txt2nid("O");
640  name = X509_get_subject_name(cert);
641  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
642  break;
643  case TW_SUBJECT_OU:
644  nid = OBJ_txt2nid("OU");
645  name = X509_get_subject_name(cert);
646  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
647  break;
648  case TW_ISSUER_CN:
649  nid = OBJ_txt2nid("CN");
650  name = X509_get_issuer_name(cert);
651  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
652  break;
653  case TW_ISSUER_O:
654  nid = OBJ_txt2nid("O");
655  name = X509_get_issuer_name(cert);
656  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
657  break;
658  case TW_ISSUER_OU:
659  nid = OBJ_txt2nid("OU");
660  name = X509_get_issuer_name(cert);
661  X509_NAME_get_text_by_NID(name, nid, tmp, 255);
662  break;
663  default:
664  tmp[0] = 0x00;
665  }
666  return duplicateString(tmp);
667 }
668 #ifdef __cplusplus
669 }
670 #endif
671 
672 #endif /* TW_OPENSSL_H */
static INLINE TW_SSL * TW_NEW_SSL_CLIENT(TW_SSL_CTX *ctx, twSocket *sock, void *session_id, int session_size)
Creates a new TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()).
Definition: twOpenSSL.h:189
char twTimeGreaterThan(DATETIME t1, DATETIME t2)
Compares two DATETIME variables to see if one is greater.
Definition: twIos.c:34
DATETIME twGetSystemTime(char utc)
Gets the current system time.
Definition: twIos.c:46
Definition: ssl.h:925
Definition: ssl.h:498
TW_SOCKET_TYPE sock
Definition: twOSPort.h:175
#define TW_USE_CERT_FILE(a, b, c)
Calls a function to load the first certificate stored in a file into the TW_SSL_CTX structure...
Definition: twTemplateSSL.h:57
Definition: twDefinitions.h:213
static INLINE int TW_SSL_READ(TW_SSL *ssl, char *buf, int len, int32_t timeout)
Reads len bytes of data from ssl into buf (see SSL_read()).
Definition: twOpenSSL.h:479
String utility function prototypes.
Definition: rsa.h:132
int concatenateStrings(char **dest, const char *src)
concatenates strings.
Definition: stringUtils.c:96
Definition: twDefinitions.h:210
static INLINE char * TW_GET_X509_FIELD(TW_SSL *ssl, char field)
Gets an X509 field of ssl.
Definition: twOpenSSL.h:623
char twTimeLessThan(DATETIME t1, DATETIME t2)
Compares two DATETIME variables to see if one is smaller.
Definition: twIos.c:38
twSocket base type definition.
Definition: twOSPort.h:174
static INLINE int TW_IS_FIPS_MODE_ENABLED()
Queries the TLS backend to determine if FIPS mode is enabled.
Definition: twOpenSSL.h:119
Wrappers for OS-specific functionality.
#define TW_SSL
The base SSL structure for your SSL library.
Definition: twTemplateSSL.h:21
#define TW_SSL_FREE(a)
Calls a function to free the TW_SSL structure.
Definition: twTemplateSSL.h:27
#define TW_SSL_CTX
The SSL context structure for your SSL library.
Definition: twTemplateSSL.h:38
static INLINE TW_SSL * TW_NEW_SERVER(TW_SSL_CTX *ctx, twSocket *sock)
Creates a new TW_SSL connection structure (see SSL_new()).
Definition: twOpenSSL.h:277
static INLINE int TW_ENABLE_FIPS_MODE()
Enables FIPS mode for the entire application.
Definition: twOpenSSL.h:139
static INLINE int TW_SSL_ACCEPT(TW_SSL *s)
Waits for a TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept()...
Definition: twOpenSSL.h:319
static INLINE int TW_SSL_LIST_CIPHERS(TW_SSL_CTX *ctx)
Logs a list of all available ciphers for the ctx to the logs.
Definition: twOpenSSL.h:237
#define TW_SSL_VERSION()
Output ssl library version.
Definition: twTemplateSSL.h:133
char initialize_encryption_library
Definition: twDefaultSettings.h:224
#define TW_SSL_CTX_FREE(a)
Calls a function to free a TW_SSL_CTX structure.
Definition: twTemplateSSL.h:48
Definition: bio.h:325
Default settings for ThingWorx C SDK.
static INLINE int TW_VALIDATE_CERT(TW_SSL *ssl, char selfSignedOk)
Validates the certificate of ssl.
Definition: twOpenSSL.h:601
static INLINE SSL_CTX * TW_NEW_SSL_CTX_FUNC()
Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_C...
Definition: twOpenSSL.h:417
uint32_t default_message_timeout
Definition: twDefaultSettings.h:200
Definition: x509.h:179
static INLINE int TW_DISABLE_FIPS_MODE()
Disable FIPS mode for the entire application.
Definition: twOpenSSL.h:161
const char * cipher_set
Definition: twDefaultSettings.h:225
Definition: x509.h:270
Definition: twDefinitions.h:212
static INLINE int TW_USE_CERT_CHAIN_FILE(SSL_CTX *ctx, const char *file, int type)
loads a certificate chain from file into ctx. The certificates must be in PEM format. Wrapper function for SSL_CTX_use_certificate_chain_file().
Definition: twOpenSSL.h:396
static INLINE int TW_SET_CLIENT_CA_LIST(SSL_CTX *ctx, const char *CAfile, const char *CAPAth)
sets the default location for trusted CA certs. Wrapper function for SSL_CTX_load_verify_locations()...
Definition: twOpenSSL.h:374
DATETIME twAddMilliseconds(DATETIME t1, int32_t msec)
Adds milliseconds to a DATETIME.
Definition: twIos.c:42
static INLINE int TW_USE_KEY_FILE(SSL_CTX *ctx, const char *file, int type, char *passwd)
Loads the certificate authority cert chain used to validate the server's certificate in file into ctx...
Definition: twOpenSSL.h:350
static INLINE int TW_SSL_WRITE(TW_SSL *ssl, char *buf, int len)
Writes len bytes of data in buf to ssl.
Definition: twOpenSSL.h:531
Structure definitions and function prototypes for the ThingWorx logging facility. ...
char * duplicateString(const char *input)
Copies a string.
Definition: stringUtils.c:50
static INLINE int TW_IS_FIPS_COMPATIBLE()
Queries the TLS backend to determine whether it is FIPS compatible.
Definition: twOpenSSL.h:107
Definition: twDefinitions.h:214
Definition: gzappend.c:170