ThingWorx C SDK
|
Portable ThingWorx OpenSSL wrapper layer. More...
#include "twDefaultSettings.h"
#include "twOSPort.h"
#include "twLogger.h"
#include "stdio.h"
#include "string.h"
#include "stringUtils.h"
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/opensslv.h>
Go to the source code of this file.
Macros | |
#define | openssl_version TW_SSL_VERSION() |
#define | TW_SSL_DEFAULT_CIPHER_STRING "ALL:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ADH:!IDEA:!3DES:!SRP" |
#define | USING_OPENSSL |
#define | TW_SSL_CTX SSL_CTX |
#define | TW_SSL SSL |
#define | TW_SSL_SESSION_ID_SIZE sizeof(void *) |
#define | TW_SSL_SESSION_ID(a) SSL_get1_session(a) |
#define | TW_GET_CERT_SIZE ssl_get_config(SSL_MAX_CERT_CFG_OFFSET) |
#define | TW_GET_CA_CERT_SIZE ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET) |
#define | TW_HANDSHAKE_SUCCEEDED(a) (a && SSL_get_state(a) == SSL_ST_OK) |
#define | TW_SSL_FREE(a) SSL_free(a) |
#define | TW_SSL_CTX_FREE(a) SSL_CTX_free(a) |
#define | DATA_AVAILABLE(a, b, c) (twSocket_WaitFor(a, b) || (c && SSL_pending(c))) |
#define | TW_FIPS_CAPABLE FALSE |
#define | TW_NEW_SSL_CTX TW_NEW_SSL_CTX_FUNC() |
Functions | |
static INLINE const char * | TW_SSL_VERSION () |
static INLINE int | TW_USE_CERT_FILE (TW_SSL_CTX *ctx, const char *cert, int type) |
static INLINE int | TW_IS_FIPS_COMPATIBLE () |
Queries the TLS backend to determine whether it is FIPS compatible. More... | |
static INLINE int | TW_IS_FIPS_MODE_ENABLED () |
Queries the TLS backend to determine if FIPS mode is enabled. More... | |
static INLINE int | TW_ENABLE_FIPS_MODE () |
Enables FIPS mode for the entire application. More... | |
static INLINE int | TW_DISABLE_FIPS_MODE () |
Disable FIPS mode for the entire application. More... | |
static INLINE TW_SSL * | TW_NEW_SSL_CLIENT (TW_SSL_CTX *ctx, twSocket *sock, void *session_id, int session_size) |
Creates a new TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()). More... | |
static INLINE int | TW_SSL_LIST_CIPHERS (TW_SSL_CTX *ctx) |
Logs a list of all available ciphers for the ctx to the logs. More... | |
static INLINE TW_SSL * | TW_NEW_SERVER (TW_SSL_CTX *ctx, twSocket *sock) |
Creates a new TW_SSL connection structure (see SSL_new()). More... | |
static INLINE int | TW_SSL_ACCEPT (TW_SSL *s) |
Waits for a TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept(). More... | |
static INLINE int | TW_USE_KEY_FILE (SSL_CTX *ctx, const char *file, int type, char *passwd) |
Loads the certificate authority cert chain used to validate the server's certificate in file into ctx . Wrapper function for SSL_CTX_use_PrivateKey_file(). More... | |
static INLINE int | TW_SET_CLIENT_CA_LIST (SSL_CTX *ctx, const char *CAfile, const char *CAPAth) |
sets the default location for trusted CA certs. Wrapper function for SSL_CTX_load_verify_locations(). More... | |
static INLINE int | TW_USE_CERT_CHAIN_FILE (SSL_CTX *ctx, const char *file, int type) |
loads a certificate chain from file into ctx. The certificates must be in PEM format. Wrapper function for SSL_CTX_use_certificate_chain_file(). More... | |
static INLINE SSL_CTX * | TW_NEW_SSL_CTX_FUNC () |
Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new(). More... | |
static INLINE int | TW_SSL_READ (TW_SSL *ssl, char *buf, int len, int32_t timeout) |
Reads len bytes of data from ssl into buf (see SSL_read()). More... | |
static INLINE int | TW_SSL_WRITE (TW_SSL *ssl, char *buf, int len) |
Writes len bytes of data in buf to ssl . More... | |
static INLINE int | TW_VALIDATE_CERT (TW_SSL *ssl, char selfSignedOk) |
Validates the certificate of ssl . More... | |
static INLINE char * | TW_GET_X509_FIELD (TW_SSL *ssl, char field) |
Gets an X509 field of ssl . More... | |
Variables | |
static const unsigned char | s_server_session_id_context [SSL_MAX_SSL_SESSION_ID_LENGTH] = {0} |
Portable ThingWorx OpenSSL wrapper layer.
|
static |
Disable FIPS mode for the entire application.
|
static |
Enables FIPS mode for the entire application.
Gets an X509 field of ssl
.
[in] | ssl | The TW_SSL connection to get a field of. |
[in] | field | The field to get. |
|
static |
Queries the TLS backend to determine whether it is FIPS compatible.
|
static |
Queries the TLS backend to determine if FIPS mode is enabled.
|
static |
Creates a new TW_SSL connection structure (see SSL_new()).
[in] | ctx | A pointer to the context to associate with the connection. |
[in] | sock | A pointer to the twSocket to use for the connection. |
|
static |
Creates a new TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()).
[in] | ctx | A pointer to the context to associate with the connection. |
[in] | sock | A pointer to the twSocket for the connection to use. |
[in] | session_id | An optional session ID to associate with the connection. |
Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new().
|
static |
sets the default location for trusted CA certs. Wrapper function for SSL_CTX_load_verify_locations().
[in] | ctx | The context to load the key into. |
[in] | CAfile | The path of the certificate |
[in] | CApath | The path of the certificate authority handling. |
|
static |
Logs a list of all available ciphers for the ctx to the logs.
[in] | ctx | A pointer to the context to associate with the connection. |
Reads len
bytes of data from ssl
into buf
(see SSL_read()).
[in] | ssl | A pointer to the TW_SSL connection to read from. |
[out] | buf | A buffer to store the read data. |
[in] | len | The length of data to read. |
[in] | timeout | The amount of time (in milliseconds) to wait for I/O before timing out. |
buf
and is responsible for freeing it. Writes len
bytes of data in buf
to ssl
.
[in] | ssl | A pointer to the TW_SSL connection to write to. |
[out] | buf | A buffer containing the data to be written. |
[in] | len | The length of data to write. |
buf
and is responsible for freeing it. loads a certificate chain from file into ctx. The certificates must be in PEM format. Wrapper function for SSL_CTX_use_certificate_chain_file().
[in] | ctx | The context to load the key into. |
[in] | file | The file to get the certificate from. |
|
static |
Loads the certificate authority cert chain used to validate the server's certificate in file
into ctx
. Wrapper function for SSL_CTX_use_PrivateKey_file().
[in] | ctx | The context to load the key into. |
[in] | file | The file to get the certificate from. |
[in] | type | The container format of file (should be #SSL_FILETYPE_PEM). |
[in] | passwd | The password callback to use for encrypted PEM file handling. |