ThingWorx C SDK
Macros | Functions | Variables
twOpenSSL.h File Reference

Portable ThingWorx OpenSSL wrapper layer. More...

#include "twDefaultSettings.h"
#include "twOSPort.h"
#include "twLogger.h"
#include "stdio.h"
#include "string.h"
#include "stringUtils.h"
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/opensslv.h>

Go to the source code of this file.

Macros

#define openssl_version   TW_SSL_VERSION()
 
#define TW_SSL_DEFAULT_CIPHER_STRING   "ALL:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ADH:!IDEA:!3DES:!SRP"
 
#define USING_OPENSSL
 
#define TW_SSL_CTX   SSL_CTX
 
#define TW_SSL   SSL
 
#define TW_SSL_SESSION_ID_SIZE   sizeof(void *)
 
#define TW_SSL_SESSION_ID(a)   SSL_get1_session(a)
 
#define TW_GET_CERT_SIZE   ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
 
#define TW_GET_CA_CERT_SIZE   ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
 
#define TW_HANDSHAKE_SUCCEEDED(a)   (a && SSL_get_state(a) == SSL_ST_OK)
 
#define TW_SSL_FREE(a)   SSL_free(a)
 
#define TW_SSL_CTX_FREE(a)   SSL_CTX_free(a)
 
#define DATA_AVAILABLE(a, b, c)   (twSocket_WaitFor(a, b) || (c && SSL_pending(c)))
 
#define TW_FIPS_CAPABLE   FALSE
 
#define TW_NEW_SSL_CTX   TW_NEW_SSL_CTX_FUNC()
 

Functions

static INLINE const char * TW_SSL_VERSION ()
 
static INLINE int TW_USE_CERT_FILE (TW_SSL_CTX *ctx, const char *cert, int type)
 
static INLINE int TW_IS_FIPS_COMPATIBLE ()
 Queries the TLS backend to determine whether it is FIPS compatible. More...
 
static INLINE int TW_IS_FIPS_MODE_ENABLED ()
 Queries the TLS backend to determine if FIPS mode is enabled. More...
 
static INLINE int TW_ENABLE_FIPS_MODE ()
 Enables FIPS mode for the entire application. More...
 
static INLINE int TW_DISABLE_FIPS_MODE ()
 Disable FIPS mode for the entire application. More...
 
static INLINE TW_SSLTW_NEW_SSL_CLIENT (TW_SSL_CTX *ctx, twSocket *sock, void *session_id, int session_size)
 Creates a new TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()). More...
 
static INLINE int TW_SSL_LIST_CIPHERS (TW_SSL_CTX *ctx)
 Logs a list of all available ciphers for the ctx to the logs. More...
 
static INLINE TW_SSLTW_NEW_SERVER (TW_SSL_CTX *ctx, twSocket *sock)
 Creates a new TW_SSL connection structure (see SSL_new()). More...
 
static INLINE int TW_SSL_ACCEPT (TW_SSL *s)
 Waits for a TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept(). More...
 
static INLINE int TW_USE_KEY_FILE (SSL_CTX *ctx, const char *file, int type, char *passwd)
 Loads the certificate authority cert chain used to validate the server's certificate in file into ctx. Wrapper function for SSL_CTX_use_PrivateKey_file(). More...
 
static INLINE int TW_SET_CLIENT_CA_LIST (SSL_CTX *ctx, const char *CAfile, const char *CAPAth)
 sets the default location for trusted CA certs. Wrapper function for SSL_CTX_load_verify_locations(). More...
 
static INLINE int TW_USE_CERT_CHAIN_FILE (SSL_CTX *ctx, const char *file, int type)
 loads a certificate chain from file into ctx. The certificates must be in PEM format. Wrapper function for SSL_CTX_use_certificate_chain_file(). More...
 
static INLINE SSL_CTXTW_NEW_SSL_CTX_FUNC ()
 Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new(). More...
 
static INLINE int TW_SSL_READ (TW_SSL *ssl, char *buf, int len, int32_t timeout)
 Reads len bytes of data from ssl into buf (see SSL_read()). More...
 
static INLINE int TW_SSL_WRITE (TW_SSL *ssl, char *buf, int len)
 Writes len bytes of data in buf to ssl. More...
 
static INLINE int TW_VALIDATE_CERT (TW_SSL *ssl, char selfSignedOk)
 Validates the certificate of ssl. More...
 
static INLINE char * TW_GET_X509_FIELD (TW_SSL *ssl, char field)
 Gets an X509 field of ssl. More...
 

Variables

static const unsigned char s_server_session_id_context [SSL_MAX_SSL_SESSION_ID_LENGTH] = {0}
 

Detailed Description

Portable ThingWorx OpenSSL wrapper layer.

Function Documentation

static INLINE int TW_DISABLE_FIPS_MODE ( )
static

Disable FIPS mode for the entire application.

Returns
#TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
static INLINE int TW_ENABLE_FIPS_MODE ( )
static

Enables FIPS mode for the entire application.

Returns
#TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
static INLINE char* TW_GET_X509_FIELD ( TW_SSL ssl,
char  field 
)
static

Gets an X509 field of ssl.

Parameters
[in]sslThe TW_SSL connection to get a field of.
[in]fieldThe field to get.
Returns
A string containing the requested field. NULL if an error was encountered.
Note
The calling function will gain ownership of the returned string and is responsible for freeing it.
static INLINE int TW_IS_FIPS_COMPATIBLE ( )
static

Queries the TLS backend to determine whether it is FIPS compatible.

Returns
#TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
static INLINE int TW_IS_FIPS_MODE_ENABLED ( )
static

Queries the TLS backend to determine if FIPS mode is enabled.

Returns
#TRUE if FIPS is enabled, #FALSE otherwise
static INLINE TW_SSL* TW_NEW_SERVER ( TW_SSL_CTX ctx,
twSocket sock 
)
static

Creates a new TW_SSL connection structure (see SSL_new()).

Parameters
[in]ctxA pointer to the context to associate with the connection.
[in]sockA pointer to the twSocket to use for the connection.
Returns
A pointer to the newly allocated TW_SSL structure.
Note
The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_FREE().
static INLINE TW_SSL* TW_NEW_SSL_CLIENT ( TW_SSL_CTX ctx,
twSocket sock,
void *  session_id,
int  session_size 
)
static

Creates a new TW_SSL structure for connection with the specified settings (see SSL_new(), SSL_connect()).

Parameters
[in]ctxA pointer to the context to associate with the connection.
[in]sockA pointer to the twSocket for the connection to use.
[in]session_idAn optional session ID to associate with the connection.
Returns
A pointer to the newly allocated TW_SSL structure.
Note
The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_FREE().
static INLINE SSL_CTX* TW_NEW_SSL_CTX_FUNC ( )
static

Create a new #SSL_CTX stucture as framework for TLS/SSL enabled functions. Wrapper function for SSL_CTX_new().

Returns
A pointer to the newly allocated #SSL_CTX structure.
Note
The calling function will gain ownership of the returned structure and is responsible for freeing it via TW_SSL_CTX_FREE().
static INLINE int TW_SET_CLIENT_CA_LIST ( SSL_CTX ctx,
const char *  CAfile,
const char *  CAPAth 
)
static

sets the default location for trusted CA certs. Wrapper function for SSL_CTX_load_verify_locations().

Parameters
[in]ctxThe context to load the key into.
[in]CAfileThe path of the certificate
[in]CApathThe path of the certificate authority handling.
Returns
returns #TW_OK on success or errno on failure
static INLINE int TW_SSL_ACCEPT ( TW_SSL s)
static

Waits for a TW_SSL client to initiate a handshake with the server. Wrapper function for SSL_accept().

Parameters
[in]sA pointer to the TW_SSL client to utilize.
Returns
0 on success, -1 if an error was encountered.
static INLINE int TW_SSL_LIST_CIPHERS ( TW_SSL_CTX ctx)
static

Logs a list of all available ciphers for the ctx to the logs.

Parameters
[in]ctxA pointer to the context to associate with the connection.
Returns
TW_OK if it was able to get a list of ciphers suites
static INLINE int TW_SSL_READ ( TW_SSL ssl,
char *  buf,
int  len,
int32_t  timeout 
)
static

Reads len bytes of data from ssl into buf (see SSL_read()).

Parameters
[in]sslA pointer to the TW_SSL connection to read from.
[out]bufA buffer to store the read data.
[in]lenThe length of data to read.
[in]timeoutThe amount of time (in milliseconds) to wait for I/O before timing out.
Returns
0 on success, -1 if an error was encountered.
Note
The calling function will retain ownership of buf and is responsible for freeing it.
static INLINE int TW_SSL_WRITE ( TW_SSL ssl,
char *  buf,
int  len 
)
static

Writes len bytes of data in buf to ssl.

Parameters
[in]sslA pointer to the TW_SSL connection to write to.
[out]bufA buffer containing the data to be written.
[in]lenThe length of data to write.
Returns
#TW_OK if successful, positive integral on error code (see twErrors.h) if an error was encountered.
Note
The calling function will retain ownership of buf and is responsible for freeing it.
static INLINE int TW_USE_CERT_CHAIN_FILE ( SSL_CTX ctx,
const char *  file,
int  type 
)
static

loads a certificate chain from file into ctx. The certificates must be in PEM format. Wrapper function for SSL_CTX_use_certificate_chain_file().

Parameters
[in]ctxThe context to load the key into.
[in]fileThe file to get the certificate from.
Returns
returns #TW_OK on success or errno on failure
static INLINE int TW_USE_KEY_FILE ( SSL_CTX ctx,
const char *  file,
int  type,
char *  passwd 
)
static

Loads the certificate authority cert chain used to validate the server's certificate in file into ctx. Wrapper function for SSL_CTX_use_PrivateKey_file().

Parameters
[in]ctxThe context to load the key into.
[in]fileThe file to get the certificate from.
[in]typeThe container format of file (should be #SSL_FILETYPE_PEM).
[in]passwdThe password callback to use for encrypted PEM file handling.
static INLINE int TW_VALIDATE_CERT ( TW_SSL ssl,
char  selfSignedOk 
)
static

Validates the certificate of ssl.

Parameters
[in]sslA pointer to the TW_SSL to validate the certificate of.
Returns
0 on success, -1 on error.