bool loadObject(int type, const uint8_t* data, size_t size)
{
int rc = ssl_obj_memory_load(_ssl_ctx, type, data, static_cast<int>(size), nullptr);
if (rc != SSL_OK) {
DEBUGV("loadObject: ssl_obj_memory_load returned %d\n", rc);
return false;
}
return true;
}
static SQRESULT sq_ssl_ctx_obj_memory_load(HSQUIRRELVM v){
SQ_FUNC_VARS_NO_TOP(v);
GET_ssl_ctx_INSTANCE();
SQ_GET_INTEGER(v, 2, obj_type);
SQ_GET_STRING(v, 3, data);
SQ_GET_STRING(v, 4, password);
int result = ssl_obj_memory_load(self, obj_type, (const uint8_t *)data, data_size, password);
sq_pushinteger(v, result);
return 1;
}
/*----------------------------------------------------------------------
| NPT_TlsContextImpl::LoadKey
+---------------------------------------------------------------------*/
NPT_Result
NPT_TlsContextImpl::LoadKey(NPT_TlsKeyFormat key_format,
const unsigned char* key_data,
NPT_Size key_data_size,
const char* password)
{
int object_type;
switch (key_format) {
case NPT_TLS_KEY_FORMAT_RSA_PRIVATE: object_type = SSL_OBJ_RSA_KEY; break;
case NPT_TLS_KEY_FORMAT_PKCS8: object_type = SSL_OBJ_PKCS8; break;
case NPT_TLS_KEY_FORMAT_PKCS12: object_type = SSL_OBJ_PKCS12; break;
default: return NPT_ERROR_INVALID_PARAMETERS;
}
int result = ssl_obj_memory_load(m_SSL_CTX, object_type, key_data, key_data_size, password);
return NPT_Tls_MapResult(result);
}
/**
* Load the key/certificates in memory depending on compile-time and user
* options.
*/
int load_key_certs(SSL_CTX *ssl_ctx)
{
int ret = SSL_OK;
uint32_t options = ssl_ctx->options;
#ifdef CONFIG_SSL_GENERATE_X509_CERT
uint8_t *cert_data = NULL;
int cert_size;
static const char *dn[] = {
CONFIG_SSL_X509_COMMON_NAME,
CONFIG_SSL_X509_ORGANIZATION_NAME,
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
};
#endif
/* do the private key first */
if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0) {
if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY,
CONFIG_SSL_PRIVATE_KEY_LOCATION,
CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
goto error;
} else if (!(options & SSL_NO_DEFAULT_KEY)) {
#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
static const /* saves a few more bytes */
#include "private_key.h"
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
default_private_key_len, NULL);
#endif
}
/* now load the certificate */
#ifdef CONFIG_SSL_GENERATE_X509_CERT
if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0) {
ret = cert_size;
goto error;
}
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
free(cert_data);
#else
if (strlen(CONFIG_SSL_X509_CERT_LOCATION)) {
if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT,
CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
goto error;
} else if (!(options & SSL_NO_DEFAULT_KEY)) {
#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
static const /* saves a few bytes and RAM */
#include "cert.h"
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
default_certificate, default_certificate_len, NULL);
#endif
}
#endif
error:
#ifdef CONFIG_SSL_FULL_MODE
if (ret) {
printf("Error: Certificate or key not loaded\n"); TTY_FLUSH();
}
#endif
return ret;
}
/******************************************************************************
* FunctionName : upgrade_task
* Description : task to connect with target server and get firmware data
* Parameters : pvParameters--save the server address\port\request frame for
* : the upgrade server\call back functions to tell the userapp
* : the result of this upgrade task
* Returns : none
*******************************************************************************/
void upgrade_ssl_task(void *pvParameters)
{
int recbytes;
int sta_socket;
int retry_count = 0;
struct ip_info ipconfig;
struct upgrade_server_info *server = pvParameters;
flash_erased=FALSE;
precv_buf = (char*)malloc(UPGRADE_DATA_SEG_LEN);//the max data length
while (retry_count++ < UPGRADE_RETRY_TIMES) {
if (giveup) break;
wifi_get_ip_info(STATION_IF, &ipconfig);
/* check the ip address or net connection state*/
while (ipconfig.ip.addr == 0) {
vTaskDelay(1000 / portTICK_RATE_MS);
wifi_get_ip_info(STATION_IF, &ipconfig);
}
sta_socket = socket(PF_INET,SOCK_STREAM,0);
if (-1 == sta_socket) {
close(sta_socket);
vTaskDelay(1000 / portTICK_RATE_MS);
os_printf("socket fail !\r\n");
continue;
}
/*for upgrade connection debug*/
//server->sockaddrin.sin_addr.s_addr= inet_addr("192.168.1.170");
if(0 != connect(sta_socket,(struct sockaddr *)(&server->sockaddrin),sizeof(struct sockaddr))) {
close(sta_socket);
vTaskDelay(1000 / portTICK_RATE_MS);
os_printf("connect fail!\r\n");
continue;
}
uint32_t options = SSL_DISPLAY_CERTS | SSL_NO_DEFAULT_KEY;
int i=0;
int quiet = 0;
int cert_index = 0, ca_cert_index = 0;
int cert_size, ca_cert_size;
char **ca_cert, **cert;
SSL *ssl;
SSL_CTX *ssl_ctx;
uint8_t *read_buf = NULL;
cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
cert = (char **)calloc(1, sizeof(char *)*cert_size);
if ((ssl_ctx= ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL) {
printf("Error: Client context is invalid\n");
close(sta_socket);
continue;
}
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CACERT, default_certificate, default_certificate_len, NULL);
for (i = 0; i < cert_index; i++) {
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL)){
printf("Certificate '%s' is undefined.\n", cert[i]);
}
}
for (i = 0; i < ca_cert_index; i++) {
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL)){
printf("Certificate '%s' is undefined.\n", ca_cert[i]);
}
}
free(cert);
free(ca_cert);
ssl= ssl_client_new(ssl_ctx, sta_socket, NULL, 0);
if (ssl == NULL){
ssl_ctx_free(ssl_ctx);
close(sta_socket);
continue;
}
if(ssl_handshake_status(ssl) != SSL_OK){
printf("client handshake fail.\n");
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
continue;
}
//handshake sucesses,show cert and free x509_ctx here
if (!quiet) {
const char *common_name = ssl_get_cert_dn(ssl,SSL_X509_CERT_COMMON_NAME);
if (common_name) {
printf("Common Name:\t\t\t%s\n", common_name);
}
display_session_id(ssl);
display_cipher(ssl);
quiet = true;
x509_free(ssl->x509_ctx);
ssl->x509_ctx=NULL;
}
system_upgrade_init();
system_upgrade_flag_set(UPGRADE_FLAG_START);
if(ssl_write(ssl, server->url, strlen(server->url)+1) < 0) {
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
vTaskDelay(1000 / portTICK_RATE_MS);
os_printf("send fail\n");
continue;
}
os_printf("Request send success\n");
while((recbytes = ssl_read(ssl, &read_buf)) >= 0) {
if(recbytes == 0){
vTaskDelay(500 / portTICK_RATE_MS);
continue;
}
if(recbytes > UPGRADE_DATA_SEG_LEN) {
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
vTaskDelay(2000 / portTICK_RATE_MS);
printf("bigger than UPGRADE_DATA_SEG_LEN\n");
}
if((recbytes)<=1460)
memcpy(precv_buf,read_buf,recbytes);
else
os_printf("ERR2:arr_overflow,%u,%d\n",__LINE__,recbytes);
if(FALSE==flash_erased){
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
os_printf("pre erase flash!\n");
upgrade_data_load(precv_buf,recbytes);
break;
}
if(false == upgrade_data_load(read_buf,recbytes)) {
os_printf("upgrade data error!\n");
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
flash_erased=FALSE;
vTaskDelay(1000 / portTICK_RATE_MS);
break;
}
/*this two length data should be equal, if totallength is bigger,
*maybe data wrong or server send extra info, drop it anyway*/
if(totallength >= sumlength) {
os_printf("upgrade data load finish.\n");
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
goto finish;
}
os_printf("upgrade_task %d word left\n",uxTaskGetStackHighWaterMark(NULL));
}
if(recbytes < 0) {
os_printf("ERROR:read data fail! recbytes %d\r\n",recbytes);
ssl_free(ssl);
ssl_ctx_free(ssl_ctx);
close(sta_socket);
flash_erased=FALSE;
vTaskDelay(1000 / portTICK_RATE_MS);
}
os_printf("upgrade_task %d word left\n",uxTaskGetStackHighWaterMark(NULL));
totallength =0;
sumlength = 0;
}
finish:
if(upgrade_crc_check(system_get_fw_start_sec(),sumlength) != 0)
{
printf("upgrade crc check failed !\n");
server->upgrade_flag = false;
system_upgrade_flag_set(UPGRADE_FLAG_IDLE);
}
os_timer_disarm(&upgrade_timer);
totallength = 0;
sumlength = 0;
flash_erased=FALSE;
free(precv_buf);
if(retry_count == UPGRADE_RETRY_TIMES){
/*retry too many times, fail*/
server->upgrade_flag = false;
system_upgrade_flag_set(UPGRADE_FLAG_IDLE);
}else{
if (server->upgrade_flag == true)
system_upgrade_flag_set(UPGRADE_FLAG_FINISH);
}
upgrade_deinit();
os_printf("\n Exit upgrade task.\n");
if (server->check_cb != NULL) {
server->check_cb(server);
}
vTaskDelay(100 / portTICK_RATE_MS);
vTaskDelete(NULL);
}
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
{
return (ssl_obj_memory_load(ssl_ctx,
SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
}