espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-07-15 08:32:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(mbedtls): bring mbedtls and openssl based on mbedtls from esp-idf

Browse Source 
Commit ID: 97959e77.

Using submodule instead of source code.

It is brought from esp-idf, and some origin dependent code or configuration of hardware have not been removed.
But it maybe not affect using at the ESP8266 platform.
This commit is contained in:
dongheng
2019-09-19 10:39:31 +08:00
parent 6cfeb14102
commit 35d8262b25
260 changed files with 6450 additions and 109602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
components/openssl/library/ssl_cert.c Normal file
View File

@ -0,0 +1,87 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_cert.h"
#include "ssl_pkey.h"
#include "ssl_x509.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief create a certification object according to input certification
*/
CERT *__ssl_cert_new(CERT *ic)
{
CERT *cert;
X509 *ix;
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
if (!cert) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
goto no_mem;
}
if (ic) {
ipk = ic->pkey;
ix = ic->x509;
} else {
ipk = NULL;
ix = NULL;
}
cert->pkey = __EVP_PKEY_new(ipk);
if (!cert->pkey) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
goto pkey_err;
}
cert->x509 = __X509_new(ix);
if (!cert->x509) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
goto x509_err;
}
return cert;
x509_err:
EVP_PKEY_free(cert->pkey);
pkey_err:
ssl_mem_free(cert);
no_mem:
return NULL;
}
/**
* @brief create a certification object include private key object
*/
CERT *ssl_cert_new(void)
{
return __ssl_cert_new(NULL);
}
/**
* @brief free a certification object
*/
void ssl_cert_free(CERT *cert)
{
SSL_ASSERT3(cert);
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);
ssl_mem_free(cert);
}

1609
components/openssl/library/ssl_lib.c Normal file
View File

File diff suppressed because it is too large Load Diff

81
components/openssl/library/ssl_methods.c Normal file
View File

@ -0,0 +1,81 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_methods.h"
#include "ssl_pm.h"
/**
* TLS method function collection
*/
IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
ssl_pm_new, ssl_pm_free,
ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
ssl_pm_read, ssl_pm_send, ssl_pm_pending,
ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
ssl_pm_set_bufflen,
ssl_pm_get_verify_result,
ssl_pm_get_state);
/**
* TLS or SSL client method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
/**
* TLS or SSL server method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
/**
* TLS or SSL method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
/**
* @brief get X509 object method
*/
IMPLEMENT_X509_METHOD(X509_method,
x509_pm_new, x509_pm_free,
x509_pm_load, x509_pm_show_info);
/**
* @brief get private key object method
*/
IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
pkey_pm_new, pkey_pm_free,
pkey_pm_load);

239
components/openssl/library/ssl_pkey.c Normal file
View File

@ -0,0 +1,239 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_pkey.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief create a private key object according to input private key
*/
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
{
int ret;
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
goto no_mem;
}
if (ipk) {
pkey->method = ipk->method;
} else {
pkey->method = EVP_PKEY_method();
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
goto failed;
}
return pkey;
failed:
ssl_mem_free(pkey);
no_mem:
return NULL;
}
/**
* @brief create a private key object
*/
EVP_PKEY* EVP_PKEY_new(void)
{
return __EVP_PKEY_new(NULL);
}
/**
* @brief free a private key object
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSL_ASSERT3(pkey);
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
}
/**
* @brief load a character key context into system context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*/
EVP_PKEY *d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length)
{
int m = 0;
int ret;
EVP_PKEY *pkey;
SSL_ASSERT2(pp);
SSL_ASSERT2(*pp);
SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed1;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed2;
}
if (a)
*a = pkey;
return pkey;
failed2:
if (m)
EVP_PKEY_free(pkey);
failed1:
return NULL;
}
/**
* @brief set the SSL context private key
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
if (ctx->cert->pkey)
EVP_PKEY_free(ctx->cert->pkey);
ctx->cert->pkey = pkey;
return 1;
}
/**
* @brief set the SSL private key
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
if (ssl->cert->pkey)
EVP_PKEY_free(ssl->cert->pkey);
ssl->cert->pkey = pkey;
return 1;
}
/**
* @brief load private key into the SSL context
*/
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_CTX_use_PrivateKey(ctx, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
/**
* @brief load private key into the SSL
*/
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_use_PrivateKey(ssl, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
/**
* @brief load the private key file into SSL context
*/
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the private key file into SSL
*/
int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the RSA ASN1 private key into SSL context
*/
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
}

74
components/openssl/library/ssl_stack.c Normal file
View File

@ -0,0 +1,74 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_stack.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#ifndef CONFIG_MIN_NODES
#define MIN_NODES 4
#else
#define MIN_NODES CONFIG_MIN_NODES
#endif
/**
* @brief create a openssl stack object
*/
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
{
OPENSSL_STACK *stack;
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
if (!stack) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
goto no_mem1;
}
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
if (!data) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
goto no_mem2;
}
stack->data = data;
stack->num_alloc = MIN_NODES;
stack->c = c;
return stack;
no_mem2:
ssl_mem_free(stack);
no_mem1:
return NULL;
}
/**
* @brief create a NULL function openssl stack object
*/
OPENSSL_STACK *OPENSSL_sk_new_null(void)
{
return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
}
/**
* @brief free openssl stack object
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);
}

428
components/openssl/library/ssl_x509.c Normal file
View File

@ -0,0 +1,428 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_x509.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#include "ssl.h"
/**
* @brief show X509 certification information
*/
int __X509_show_info(X509 *x)
{
return X509_METHOD_CALL(show_info, x);
}
/**
* @brief create a X509 certification object according to input X509 certification
*/
X509* __X509_new(X509 *ix)
{
int ret;
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
if (!x) {
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
goto no_mem;
}
x->ref_counter = 1;
if (ix)
x->method = ix->method;
else
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
goto failed;
}
return x;
failed:
ssl_mem_free(x);
no_mem:
return NULL;
}
/**
* @brief create a X509 certification object
*/
X509* X509_new(void)
{
return __X509_new(NULL);
}
/**
* @brief free a X509 certification object
*/
void X509_free(X509 *x)
{
SSL_ASSERT3(x);
if (--x->ref_counter > 0) {
return;
}
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
};
/**
* @brief load a character certification context into system context. If '*cert' is pointed to the
* certification, then load certification into it. Or create a new X509 certification object
*/
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
{
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(buffer);
SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed2;
}
return x;
failed2:
if (m)
X509_free(x);
failed1:
return NULL;
}
/**
* @brief return SSL X509 verify parameters
*/
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
{
return &ssl->param;
}
/**
* @brief set X509 host verification flags
*/
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief clear X509 host verification flags
*/
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief set SSL context client CA certification
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
X509_free(ctx->client_CA);
ctx->client_CA = x;
return 1;
}
/**
* @brief add CA client certification into the SSL
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
X509_free(ssl->client_CA);
ssl->client_CA = x;
return 1;
}
/**
* @brief set the SSL context certification
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
X509_free(ctx->cert->x509);
ctx->cert->x509 = x;
return 1;
}
/**
* @brief set the SSL certification
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
X509_free(ssl->cert->x509);
ssl->cert->x509 = x;
return 1;
}
/**
* @brief get the SSL certification point
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
/**
* @brief load certification into the SSL context
*/
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_CTX_use_certificate(ctx, x);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
goto failed2;
}
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load certification into the SSL
*/
int SSL_use_certificate_ASN1(SSL *ssl, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_use_certificate(ssl, x);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
goto failed2;
}
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load the certification file into SSL context
*/
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the certification file into SSL
*/
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
return 0;
}
/**
* @brief get peer certification
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->session->peer;
}
/**
* @brief set SSL context client CA certification
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
x->ref_counter++;
SSL_CTX *ctx = (SSL_CTX *)store;
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x) {
return 1;
}
if (ctx->client_CA!=NULL) {
X509_free(ctx->client_CA);
}
ctx->client_CA = x;
return 1;
}
/**
* @brief create a BIO object
*/
BIO *BIO_new(void *method) {
BIO *b = (BIO *)malloc(sizeof(BIO));
return b;
}
/**
* @brief load data into BIO.
*
* Normally BIO_write should append data but doesn't happen here, and
* 'data' cannot be freed after the function is called, it should remain valid
* until BIO object is in use.
*/
int BIO_write(BIO *b, const void * data, int dlen) {
b->data = data;
b->dlen = dlen;
return 1;
}
/**
* @brief load a character certification context into system context.
*
* If '*cert' is pointed to the certification, then load certification
* into it, or create a new X509 certification object.
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) {
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(bp->data);
SSL_ASSERT2(bp->dlen);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed;
}
return x;
failed:
if (m) {
X509_free(x);
}
return NULL;
}
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem(void) {
return NULL;
}
/**
* @brief get the SSL context object X509 certification storage
*/
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
return (X509_STORE *)ctx;
}
/**
* @brief free a BIO object
*/
void BIO_free(BIO *b) {
free(b);
}