espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-07-15 08:32:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into 'feature/newlib'

Browse Source 
# Conflicts:
#   components/freertos/include/port/freertos/FreeRTOSConfig.h
This commit is contained in:
Wu Jian Gang
2018-05-18 15:00:11 +08:00
parent 91aa725c85 99dea43adc
commit b0afbf3cd0
106 changed files with 7976 additions and 1226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
README.md
View File

@ -37,51 +37,136 @@ Actions to be taken for *ESP8266_RTOS_SDK v3.0* include the following items:
---
## Requirements
# Developing With the ESP8266_RTOS_SDK
Both the xcc and gcc compilers can be used to compile the project. However, it is recommended that the gcc compiler be used.
## Get toolchain
For more information about the gcc compiler, please refer to [esp-open-sdk](https://github.com/pfalcon/esp-open-sdk).
You can get toolchain from arduio firstly.
## Compiling
* [Windows](https://github.com/esp8266/Arduino/releases/download/2.3.0/win32-xtensa-lx106-elf-gb404fb9-2.tar.gz)
* [Mac](https://github.com/esp8266/Arduino/releases/download/2.3.0/osx-xtensa-lx106-elf-gb404fb9-2.tar.gz)
* [Linux(64)](https://github.com/esp8266/Arduino/releases/download/2.3.0/linux64-xtensa-lx106-elf-gb404fb9.tgz)
* [Linux(32)](https://github.com/esp8266/Arduino/releases/download/2.3.0/linux32-xtensa-lx106-elf.tar.gz)
1. Clone *ESP8266_RTOS_SDK*, i.e., to `~/ESP8266_RTOS_SDK`.
## Get ESP8266_RTOS_SDK
Besides the toolchain (that contains programs to compile and build the application), you also need ESP8266 specific API / libraries. They are provided by Espressif in [ESP8266_RTOS_SDK](https://github.com/espressif/ESP8266_RTOS_SDK) repository. To get it, open terminal, navigate to the directory you want to put ESP8266_RTOS_SDK, and clone it using `git clone` command:
```
$git clone https://github.com/espressif/ESP8266_RTOS_SDK.git
cd ~/esp
git clone https://github.com/espressif/ESP8266_RTOS_SDK.git
```
2. Modify *gen_misc.sh* or *gen_misc.bat*:
ESP8266_RTOS_SDK will be downloaded into `~/esp/ESP8266_RTOS_SDK`.
* For Linux:
```
$export SDK_PATH=~/ESP8266_RTOS_SDK
$export BIN_PATH=~/ESP8266_BIN
```
* For Windows:
```
set SDK_PATH=/c/ESP8266_RTOS_SDK
set BIN_PATH=/c/ESP8266_BIN
```
## Setup Path to ESP8266_RTOS_SDK
You can use *ESP8266_RTOS_SDK/examples/project_template* to start your project, which can be copied anywhere, i.e., to `~/workspace/project_template`.
The toolchain programs access ESP8266_RTOS_SDK using `IDF_PATH` environment variable. This variable should be set up on your PC, otherwise projects will not build. Setting may be done manually, each time PC is restarted. Another option is to set up it permanently by defining `IDF_PATH` in user profile.
3. Generate bins:
* For Linux:
For manually, the command:
```
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
```
```
./gen_misc.sh
```
* For Windows:
## Start a Project
Now you are ready to prepare your application for ESP8266. To start off quickly, we can use `examples/get-started/project_template` project from `examples` directory in SDK.
```
gen_misc.bat
```
Once you've found the project you want to work with, change to its directory and you can configure and build it.
## Downloading
## Connect
1. *eagle.app.v6.flash.bin* should be downloaded to the address of *0x00000* in the flash.
You are almost there. To be able to proceed further, connect ESP8266 board to PC, check under what serial port the board is visible and verify if serial communication works. Note the port number, as it will be required in the next step.
2. *eagle.app.v6.irom0text.bin* should be downloaded to the address of *0x40000* in the flash.
## Configuring the Project
3. *blank.bin* should be downloaded to the address of *0x7E000* in the flash.
Being in terminal window, go to directory of `project_template` application by typing `cd ~/esp/ESP8266_RTOS_SDK/examples/get-started/project_template`. Then start project configuration utility `menuconfig`:
```
cd ~/esp/ESP8266_RTOS_SDK/examples/get-started/project_template
make menuconfig
```
In the menu, navigate to `Serial flasher config` > `Default serial port` to configure the serial port, where project will be loaded to. Confirm selection by pressing enter, save configuration by selecting `< Save >` and then exit application by selecting `< Exit >`.
> Note:
On Windows, serial ports have names like COM1. On MacOS, they start with `/dev/cu.`. On Linux, they start with `/dev/tty`.
Here are couple of tips on navigation and use of `menuconfig`:
* Use up & down arrow keys to navigate the menu.
* Use Enter key to go into a submenu, Escape key to go out or to exit.
* Type `?` to see a help screen. Enter key exits the help screen.
* Use Space key, or `Y` and `N` keys to enable (Yes) and disable (No) configuration items with checkboxes "`[*]`"
* Pressing `?` while highlighting a configuration item displays help about that item.
* Type `/` to search the configuration items.
Once done configuring, press Escape multiple times to exit and say "Yes" to save the new configuration when prompted.
## Compiling the Project
`make all`
... will compile app based on the config.
## Flashing the Project
When `make all` finishes, it will print a command line to use esptool.py to flash the chip. However you can also do this from make by running:
`make flash`
This will flash the entire project (app, bootloader and init data bin) to a new chip. The settings for serial port flashing can be configured with `make menuconfig`.
You don't need to run `make all` before running `make flash`, `make flash` will automatically rebuild anything which needs it.
## Viewing Serial Output
The `make monitor` target uses the [idf_monitor tool](https://esp-idf.readthedocs.io/en/latest/get-started/idf-monitor.html) to display serial output from the ESP32. idf_monitor also has a range of features to decode crash output and interact with the device. [Check the documentation page for details](https://esp-idf.readthedocs.io/en/latest/get-started/idf-monitor.html).
Exit the monitor by typing Ctrl-].
To flash and monitor output in one pass, you can run:
`make flash monitor`
## Compiling & Flashing Just the App
After the initial flash, you may just want to build and flash just your app, not the bootloader and init data bin:
* `make app` - build just the app.
* `make app-flash` - flash just the app.
`make app-flash` will automatically rebuild the app if it needs it.
(In normal development there's no downside to reflashing the bootloader and init data bin each time, if they haven't changed.)
> Note:
> Recommend to use these 2 commands if you have flashed bootloader and init data bin.
## Parallel Builds
ESP8266_RTOS_SDK supports compiling multiple files in parallel, so all of the above commands can be run as `make -jN` where `N` is the number of parallel make processes to run (generally N should be equal to or one more than the number of CPU cores in your system.)
Multiple make functions can be combined into one. For example: to build the app & bootloader using 5 jobs in parallel, then flash everything, and then display serial output from the ESP32 run:
```
make -j5 app-flash monitor
```
## Erasing Flash
The `make flash` target does not erase the entire flash contents. However it is sometimes useful to set the device back to a totally erased state. To erase the entire flash, run `make erase_flash`.
This can be combined with other targets, ie `make erase_flash flash` will erase everything and then re-flash the new app, bootloader and init data bin.
## Updating ESP8266_RTOS_SDK
After some time of using ESP8266_RTOS_SDK-IDF, you may want to update it to take advantage of new features or bug fixes. The simplest way to do so is by deleting existing `ESP8266_RTOS_SDK` folder and cloning it again.
Another solution is to update only what has changed. This method is useful if you have a slow connection to GitHub. To do the update run the following commands::
```
cd ~/esp/ESP8266_RTOS_SDK
git pull
```
The ``git pull`` command is fetching and merging changes from ESP8266_RTOS_SDK repository on GitHub.

54
components/freertos/freertos/tasks.c
View File

@ -304,6 +304,9 @@ typedef struct tskTaskControlBlock
#if( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 )
void *pvThreadLocalStoragePointers[ configNUM_THREAD_LOCAL_STORAGE_POINTERS ];
#if ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
TlsDeleteCallbackFunction_t pvThreadLocalStoragePointersDelCallback[ configNUM_THREAD_LOCAL_STORAGE_POINTERS ];
#endif
#endif
#if( configGENERATE_RUN_TIME_STATS == 1 )
@ -973,6 +976,9 @@ UBaseType_t x;
for( x = 0; x < ( UBaseType_t ) configNUM_THREAD_LOCAL_STORAGE_POINTERS; x++ )
{
pxNewTCB->pvThreadLocalStoragePointers[ x ] = NULL;
#if ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS == 1)
pxNewTCB->pvThreadLocalStoragePointersDelCallback[ x ] = NULL;
#endif
}
}
#endif
@ -1107,6 +1113,22 @@ static void prvAddNewTaskToReadyList( TCB_t *pxNewTCB )
}
/*-----------------------------------------------------------*/
#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) && ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
static void prvDeleteTLS( TCB_t *pxTCB )
{
configASSERT( pxTCB );
for( int x = 0; x < ( UBaseType_t ) configNUM_THREAD_LOCAL_STORAGE_POINTERS; x++ )
{
if (pxTCB->pvThreadLocalStoragePointersDelCallback[ x ] != NULL) //If del cb is set
{
pxTCB->pvThreadLocalStoragePointersDelCallback[ x ](x, pxTCB->pvThreadLocalStoragePointers[ x ]); //Call del cb
}
}
}
#endif /* ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) && ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS ) */
#if ( INCLUDE_vTaskDelete == 1 )
void vTaskDelete( TaskHandle_t xTaskToDelete )
@ -1169,6 +1191,9 @@ static void prvAddNewTaskToReadyList( TCB_t *pxNewTCB )
else
{
--uxCurrentNumberOfTasks;
#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) && ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
prvDeleteTLS( pxTCB );
#endif
prvDeleteTCB( pxTCB );
/* Reset the next expected unblock time in case it referred to
@ -3380,6 +3405,29 @@ static portTASK_FUNCTION( prvIdleTask, pvParameters )
#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 )
#if ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
void vTaskSetThreadLocalStoragePointerAndDelCallback( TaskHandle_t xTaskToSet, BaseType_t xIndex, void *pvValue , TlsDeleteCallbackFunction_t xDelCallback)
{
TCB_t *pxTCB;
if( xIndex < configNUM_THREAD_LOCAL_STORAGE_POINTERS )
{
taskENTER_CRITICAL();
pxTCB = prvGetTCBFromHandle( xTaskToSet );
pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
pxTCB->pvThreadLocalStoragePointersDelCallback[ xIndex ] = xDelCallback;
taskEXIT_CRITICAL();
}
}
void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, BaseType_t xIndex, void *pvValue )
{
vTaskSetThreadLocalStoragePointerAndDelCallback( xTaskToSet, xIndex, pvValue, (TlsDeleteCallbackFunction_t)NULL );
}
#else
void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, BaseType_t xIndex, void *pvValue )
{
TCB_t *pxTCB;
@ -3391,6 +3439,8 @@ static portTASK_FUNCTION( prvIdleTask, pvParameters )
}
}
#endif /* configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS */
#endif /* configNUM_THREAD_LOCAL_STORAGE_POINTERS */
/*-----------------------------------------------------------*/
@ -3486,7 +3536,9 @@ static void prvCheckTasksWaitingTermination( void )
--uxDeletedTasksWaitingCleanUp;
}
taskEXIT_CRITICAL();
#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) && ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
prvDeleteTLS( pxTCB );
#endif
prvDeleteTCB( pxTCB );
}
}

31
components/freertos/include/freertos/task.h
View File

@ -1459,6 +1459,37 @@ constant. */
void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, BaseType_t xIndex, void *pvValue ) PRIVILEGED_FUNCTION;
void *pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, BaseType_t xIndex ) PRIVILEGED_FUNCTION;
#if ( configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS )
/**
* Prototype of local storage pointer deletion callback.
*/
typedef void (*TlsDeleteCallbackFunction_t)( int, void * );
/**
* Set local storage pointer and deletion callback.
*
* Each task contains an array of pointers that is dimensioned by the
* configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h.
* The kernel does not use the pointers itself, so the application writer
* can use the pointers for any purpose they wish.
*
* Local storage pointers set for a task can reference dynamically
* allocated resources. This function is similar to
* vTaskSetThreadLocalStoragePointer, but provides a way to release
* these resources when the task gets deleted. For each pointer,
* a callback function can be set. This function will be called
* when task is deleted, with the local storage pointer index
* and value as arguments.
*
* @param xTaskToSet Task to set thread local storage pointer for
* @param xIndex The index of the pointer to set, from 0 to
* configNUM_THREAD_LOCAL_STORAGE_POINTERS - 1.
* @param pvValue Pointer value to set.
* @param pvDelCallback Function to call to dispose of the local
* storage pointer when the task is deleted.
*/
void vTaskSetThreadLocalStoragePointerAndDelCallback( TaskHandle_t xTaskToSet, BaseType_t xIndex, void *pvValue, TlsDeleteCallbackFunction_t pvDelCallback);
#endif
#endif
/**

3
components/freertos/include/port/freertos/FreeRTOSConfig.h
View File

@ -147,5 +147,8 @@ NVIC value of 255. */
#define configUSE_NEWLIB_REENTRANT 1
#endif
#define configNUM_THREAD_LOCAL_STORAGE_POINTERS 1
#define configTHREAD_LOCAL_STORAGE_DELETE_CALLBACKS 1
#endif /* FREERTOS_CONFIG_H */

729
components/lwip/Kconfig
View File

@ -1,5 +1,428 @@
menu "LWIP"
menu "ARP"
config LWIP_ARP_TABLE_SIZE
int "Number of active MAC-IP address pairs cached"
range 1 16
default 10
config LWIP_ARP_MAXAGE
int "The time an ARP entry stays valid after its last update"
range 100 65535
default 300
endmenu # LWIP ARP
menu "SOCKET"
config LWIP_MAX_SOCKETS
int "Max number of open sockets"
range 1 16
default 10
help
Sockets take up a certain amount of memory, and allowing fewer
sockets to be open at the same time conserves memory. Specify
the maximum amount of sockets here. The valid value is from 1
to 16.
config LWIP_SO_REUSE
bool "Enable SO_REUSEADDR option"
default y
help
Enabling this option allows binding to a port which remains in
TIME_WAIT.
config LWIP_SO_REUSE_RXTOALL
bool "SO_REUSEADDR copies broadcast/multicast to all matches"
depends on LWIP_SO_REUSE
default y
help
Enabling this option means that any incoming broadcast or multicast
packet will be copied to all of the local sockets that it matches
(may be more than one if SO_REUSEADDR is set on the socket.)
This increases memory overhead as the packets need to be copied,
however they are only copied per matching socket. You can safely
disable it if you don't plan to receive broadcast or multicast
traffic on more than one socket at a time.
config LWIP_SO_RCVBUF
bool "Enable SO_RCVBUF option"
default n
help
Enabling this option allows checking for available data on a netconn.
config LWIP_SO_LINGER
bool "Enable SO_LINGER processing"
default n
config LWIP_RECV_BUFSIZE_DEFAULT
int "The default value for recv_bufsize"
default 11680
range 2920 11680
config LWIP_TCP_CLOSE_TIMEOUT_MS_DEFAULT
int "TCP socket/netconn close waits time to send the FIN"
default 10000
range 10000 20000
endmenu # LWIP SOCKET
config LWIP_IP_FRAG
bool "Enable fragment outgoing IP packets"
default n
help
Enabling this option allows fragmenting outgoing IP packets if their size
exceeds MTU.
menuconfig LWIP_IP_REASSEMBLY
bool "Enable reassembly incoming fragmented IP packets"
default n
help
Enabling this option allows reassemblying incoming fragmented IP packets.
config LWIP_IP_REASS_MAX_PBUFS
int "Total maximum amount of pbufs waiting to be reassembled"
default 10
range 1 16
config LWIP_IP_SOF_BROADCAST
bool "Enable broadcast filter per pcb on udp and raw send operation"
default n
help
config LWIP_IP_SOF_BROADCAST_RECV
bool "Enable the broadcast filter on recv operations"
default n
help
menuconfig LWIP_ICMP
bool "ICMP"
default y
help
config LWIP_MULTICAST_PING
bool "Respond to multicast pings"
default n
depends on LWIP_ICMP
config LWIP_BROADCAST_PING
bool "Respond to broadcast pings"
default n
depends on LWIP_ICMP
config LWIP_RAW
bool "Enable application layer to hook into the IP layer itself"
default n
menu "DHCP"
config LWIP_DHCP_DOES_ARP_CHECK
bool "DHCP: Perform ARP check on any offered address"
default y
help
Enabling this option performs a check (via ARP request) if the offered IP address
is not already in use by another host on the network.
config LWIP_DHCP_MAX_NTP_SERVERS
int "Maximum number of NTP servers"
default 1
range 1 8
help
Set maximum number of NTP servers used by LwIP SNTP module.
First argument of sntp_setserver/sntp_setservername functions
is limited to this value.
config LWIP_DHCPS_LEASE_UNIT
int "Multiplier for lease time, in seconds"
range 1 3600
default 60
help
The DHCP server is calculating lease time multiplying the sent
and received times by this number of seconds per unit.
The default is 60, that equals one minute.
config LWIP_DHCPS_MAX_STATION_NUM
int "Maximum number of stations"
range 1 8
default 8
help
The maximum number of DHCP clients that are connected to the server.
After this number is exceeded, DHCP server removes of the oldest device
from it's address pool, without notification.
endmenu #DHCP
menuconfig LWIP_AUTOIP
bool "Enable IPV4 Link-Local Addressing (AUTOIP)"
default n
help
Enabling this option allows the device to self-assign an address
in the 169.256/16 range if none is assigned statically or via DHCP.
See RFC 3927.
config LWIP_DHCP_AUTOIP_COOP_TRIES
int "DHCP Probes before self-assigning IPv4 LL address"
range 1 100
default 2
depends on LWIP_AUTOIP
help
DHCP client will send this many probes before self-assigning a
link local address.
From LWIP help: "This can be set as low as 1 to get an AutoIP
address very quickly, but you should be prepared to handle a
changing IP address when DHCP overrides AutoIP."
config LWIP_IGMP
bool "Enable IGMP module"
default y
config DNS_MAX_SERVERS
int "The maximum of DNS servers"
range 1 5
default 2
menuconfig LWIP_NETIF_LOOPBACK
bool "Enable per-interface loopback"
default n
help
Enabling this option means that if a packet is sent with a destination
address equal to the interface's own IP address, it will "loop back" and
be received by this interface.
config LWIP_LOOPBACK_MAX_PBUFS
int "Max queued loopback packets per interface"
range 0 16
default 0
depends on LWIP_NETIF_LOOPBACK
help
Configure the maximum number of packets which can be queued for
loopback on a given interface. Reducing this number may cause packets
to be dropped, but will avoid filling memory with queued packet data.
menu "TCP"
config LWIP_MAX_ACTIVE_TCP
int "Maximum active TCP Connections"
range 1 32
default 5
help
The maximum number of simultaneously active TCP
connections. The practical maximum limit is
determined by available heap memory at runtime.
Changing this value by itself does not substantially
change the memory usage of LWIP, except for preventing
new TCP connections after the limit is reached.
config LWIP_MAX_LISTENING_TCP
int "Maximum listening TCP Connections"
range 1 16
default 8
help
The maximum number of simultaneously listening TCP
connections. The practical maximum limit is
determined by available heap memory at runtime.
Changing this value by itself does not substantially
change the memory usage of LWIP, except for preventing
new listening TCP connections after the limit is reached.
config TCP_MAXRTX
int "Maximum number of retransmissions of data segments"
default 12
range 3 12
help
Set maximum number of retransmissions of data segments.
config TCP_SYNMAXRTX
int "Maximum number of retransmissions of SYN segments"
default 6
range 3 12
help
Set maximum number of retransmissions of SYN segments.
config TCP_MSS
int "Maximum Segment Size (MSS)"
default 1460
range 536 1460
help
Set maximum segment size for TCP transmission.
Can be set lower to save RAM, the default value 1436 will give best throughput.
config TCP_SND_BUF_DEFAULT
int "Default send buffer size"
default 2920 # 2 * default MSS
range 2920 11680
help
Set default send buffer size for new TCP sockets.
Per-socket send buffer size can be changed at runtime
with lwip_setsockopt(s, TCP_SNDBUF, ...).
This value must be at least 2x the MSS size, and the default
is 4x the default MSS size.
Setting a smaller default SNDBUF size can save some RAM, but
will decrease performance.
config TCP_WND_DEFAULT
int "Default receive window size"
default 5840 # 4 * default MSS
range 2920 11680
help
Set default TCP receive window size for new TCP sockets.
Per-socket receive window size can be changed at runtime
with lwip_setsockopt(s, TCP_WINDOW, ...).
Setting a smaller default receive window size can save some RAM,
but will significantly decrease performance.
config TCP_RECVMBOX_SIZE
int "Default TCP receive mail box size"
default 6
range 6 32
help
Set TCP receive mail box size. Generally bigger value means higher throughput
but more memory. The recommended value is: TCP_WND_DEFAULT/TCP_MSS + 2, e.g. if
TCP_WND_DEFAULT=14360, TCP_MSS=1436, then the recommended receive mail box size is
(14360/1436 + 2) = 12.
TCP receive mail box is a per socket mail box, when the application receives packets
from TCP socket, LWIP core firstly posts the packets to TCP receive mail box and the
application then fetches the packets from mail box. It means LWIP can caches maximum
TCP_RECCVMBOX_SIZE packets for each TCP socket, so the maximum possible cached TCP packets
for all TCP sockets is TCP_RECCVMBOX_SIZE multiples the maximum TCP socket number. In other
words, the bigger TCP_RECVMBOX_SIZE means more memory.
On the other hand, if the receiv mail box is too small, the mail box may be full. If the
mail box is full, the LWIP drops the packets. So generally we need to make sure the TCP
receive mail box is big enough to avoid packet drop between LWIP core and application.
config TCP_QUEUE_OOSEQ
bool "Queue incoming out-of-order segments"
default n
help
Queue incoming out-of-order segments for later use.
Disable this option to save some RAM during TCP sessions, at the expense
of increased retransmissions if segments arrive out of order.
choice TCP_OVERSIZE
prompt "Pre-allocate transmit PBUF size"
default TCP_OVERSIZE_MSS
help
Allows enabling "oversize" allocation of TCP transmission pbufs ahead of time,
which can reduce the length of pbuf chains used for transmission.
This will not make a difference to sockets where Nagle's algorithm
is disabled.
Default value of MSS is fine for most applications, 25% MSS may save
some RAM when only transmitting small amounts of data. Disabled will
have worst performance and fragmentation characteristics, but uses
least RAM overall.
config TCP_OVERSIZE_MSS
bool "MSS"
config TCP_OVERSIZE_QUARTER_MSS
bool "25% MSS"
config TCP_OVERSIZE_DISABLE
bool "Disabled"
endchoice
config LWIP_TCP_TIMESTAMPS
bool "Support the TCP timestamp option"
default n
help
The timestamp option is currently only used to help remote hosts, it is not
really used locally. Therefore, it is only enabled when a TS option is
received in the initial SYN packet from a remote host.
endmenu # TCP
menu "UDP"
config LWIP_MAX_UDP_PCBS
int "Maximum active UDP control blocks"
range 1 32
default 4
help
The maximum number of active UDP "connections" (ie
UDP sockets sending/receiving data).
The practical maximum limit is determined by available
heap memory at runtime.
config UDP_RECVMBOX_SIZE
int "Default UDP receive mail box size"
default 6
range 6 64
help
Set UDP receive mail box size. The recommended value is 6.
UDP receive mail box is a per socket mail box, when the application receives packets
from UDP socket, LWIP core firstly posts the packets to UDP receive mail box and the
application then fetches the packets from mail box. It means LWIP can caches maximum
UDP_RECCVMBOX_SIZE packets for each UDP socket, so the maximum possible cached UDP packets
for all UDP sockets is UDP_RECCVMBOX_SIZE multiples the maximum UDP socket number. In other
words, the bigger UDP_RECVMBOX_SIZE means more memory.
On the other hand, if the receiv mail box is too small, the mail box may be full. If the
mail box is full, the LWIP drops the packets. So generally we need to make sure the UDP
receive mail box is big enough to avoid packet drop between LWIP core and application.
endmenu # UDP
config TCPIP_TASK_STACK_SIZE
int "TCP/IP Task Stack Size"
default 512
range 512 2048
help
Configure TCP/IP task stack size, used by LWIP to process multi-threaded TCP/IP operations.
Setting this stack too small will result in stack overflow crashes.
menu "LWIP RAW API"
config LWIP_MAX_RAW_PCBS
int "Maximum LWIP RAW PCBs"
range 1 32
default 4
help
The maximum number of simultaneously active LWIP
RAW protocol control blocks. The practical maximum
limit is determined by available heap memory at runtime.
endmenu # LWIP RAW API
menuconfig LWIP_IPV6
bool "Enable IPv6"
default y
config LWIP_IPV6_NUM_ADDRESSES
int "Number of IPv6 addresses per netif"
depends on LWIP_IPV6
range 3 5
default 3
config LWIP_IPV6_FORWARD
bool "Forward IPv6 packets across netifs"
depends on LWIP_IPV6
default n
config LWIP_IPV6_FRAG
bool "Fragment outgoing IPv6 packets that are too big"
depends on LWIP_IPV6
default n
config LWIP_STATS
bool "Enable statistics collection in lwip_stats"
default n
menuconfig LWIP_DEBUG
bool "Enable lwip Debug"
default n
@ -179,309 +602,9 @@ config LWIP_SNTP_DEBUG
depends on LWIP_DEBUG
default n
config LWIP_SO_REUSE
bool "Enable SO_REUSEADDR option"
config LWIP_THREAD_SAFE_DEBUG
bool "Enable debugging for LWIP thread safety."
depends on LWIP_DEBUG
default n
help
Enabling this option allows binding to a port which remains in
TIME_WAIT.
config LWIP_SO_REUSE_RXTOALL
bool "SO_REUSEADDR copies broadcast/multicast to all matches"
depends on LWIP_SO_REUSE
default n
help
Enabling this option means that any incoming broadcast or multicast
packet will be copied to all of the local sockets that it matches
(may be more than one if SO_REUSEADDR is set on the socket.)
This increases memory overhead as the packets need to be copied,
however they are only copied per matching socket. You can safely
disable it if you don't plan to receive broadcast or multicast
traffic on more than one socket at a time.
config LWIP_SO_RCVBUF
bool "Enable SO_RCVBUF option"
default n
help
Enabling this option allows checking for available data on a netconn.
config LWIP_DHCP_MAX_NTP_SERVERS
int "Maximum number of NTP servers"
default 1
range 1 16
help
Set maximum number of NTP servers used by LwIP SNTP module.
First argument of sntp_setserver/sntp_setservername functions
is limited to this value.
config LWIP_IP_FRAG
bool "Enable fragment outgoing IP packets"
default n
help
Enabling this option allows fragmenting outgoing IP packets if their size
exceeds MTU.
config LWIP_IP_REASSEMBLY
bool "Enable reassembly incoming fragmented IP packets"
default n
help
Enabling this option allows reassemblying incoming fragmented IP packets.
config LWIP_STATS
bool "Enable LWIP statistics"
default n
help
Enabling this option allows LWIP statistics
config LWIP_DHCP_DOES_ARP_CHECK
bool "DHCP: Perform ARP check on any offered address"
default y
help
Enabling this option performs a check (via ARP request) if the offered IP address
is not already in use by another host on the network.
menuconfig LWIP_AUTOIP
bool "Enable IPV4 Link-Local Addressing (AUTOIP)"
default n
help
Enabling this option allows the device to self-assign an address
in the 169.256/16 range if none is assigned statically or via DHCP.
See RFC 3927.
config LWIP_DHCP_AUTOIP_COOP_TRIES
int "DHCP Probes before self-assigning IPv4 LL address"
range 1 100
default 9
depends on LWIP_AUTOIP
help
DHCP client will send this many probes before self-assigning a
link local address.
From LWIP help: "This can be set as low as 1 to get an AutoIP
address very quickly, but you should be prepared to handle a
changing IP address when DHCP overrides AutoIP."
menuconfig LWIP_NETIF_LOOPBACK
bool "Support per-interface loopback"
default n
help
Enabling this option means that if a packet is sent with a destination
address equal to the interface's own IP address, it will "loop back" and
be received by this interface.
config LWIP_LOOPBACK_MAX_PBUFS
int "Max queued loopback packets per interface"
range 0 16
default 0
depends on LWIP_NETIF_LOOPBACK
help
Configure the maximum number of packets which can be queued for
loopback on a given interface. Reducing this number may cause packets
to be dropped, but will avoid filling memory with queued packet data.
menu "TCP"
config LWIP_MAX_ACTIVE_TCP
int "Maximum active TCP Connections"
range 1 1024
default 5
help
The maximum number of simultaneously active TCP
connections. The practical maximum limit is
determined by available heap memory at runtime.
Changing this value by itself does not substantially
change the memory usage of LWIP, except for preventing
new TCP connections after the limit is reached.
config LWIP_MAX_LISTENING_TCP
int "Maximum listening TCP Connections"
range 1 1024
default 8
help
The maximum number of simultaneously listening TCP
connections. The practical maximum limit is
determined by available heap memory at runtime.
Changing this value by itself does not substantially
change the memory usage of LWIP, except for preventing
new listening TCP connections after the limit is reached.
config TCP_MAXRTX
int "Maximum number of retransmissions of data segments"
default 12
range 3 12
help
Set maximum number of retransmissions of data segments.
config TCP_SYNMAXRTX
int "Maximum number of retransmissions of SYN segments"
default 6
range 3 12
help
Set maximum number of retransmissions of SYN segments.
config TCP_MSS
int "Maximum Segment Size (MSS)"
default 1460
range 536 1460
help
Set maximum segment size for TCP transmission.
Can be set lower to save RAM, the default value 1436 will give best throughput.
config TCP_SND_BUF_DEFAULT
int "Default send buffer size"
default 2920 # 2 * default MSS
range 2920 65535
help
Set default send buffer size for new TCP sockets.
Per-socket send buffer size can be changed at runtime
with lwip_setsockopt(s, TCP_SNDBUF, ...).
This value must be at least 2x the MSS size, and the default
is 4x the default MSS size.
Setting a smaller default SNDBUF size can save some RAM, but
will decrease performance.
config TCP_WND_DEFAULT
int "Default receive window size"
default 5840 # 4 * default MSS
range 2920 65535
help
Set default TCP receive window size for new TCP sockets.
Per-socket receive window size can be changed at runtime
with lwip_setsockopt(s, TCP_WINDOW, ...).
Setting a smaller default receive window size can save some RAM,
but will significantly decrease performance.
config TCP_RECVMBOX_SIZE
int "Default TCP receive mail box size"
default 6
range 6 64
help
Set TCP receive mail box size. Generally bigger value means higher throughput
but more memory. The recommended value is: TCP_WND_DEFAULT/TCP_MSS + 2, e.g. if
TCP_WND_DEFAULT=14360, TCP_MSS=1436, then the recommended receive mail box size is
(14360/1436 + 2) = 12.
TCP receive mail box is a per socket mail box, when the application receives packets
from TCP socket, LWIP core firstly posts the packets to TCP receive mail box and the
application then fetches the packets from mail box. It means LWIP can caches maximum
TCP_RECCVMBOX_SIZE packets for each TCP socket, so the maximum possible cached TCP packets
for all TCP sockets is TCP_RECCVMBOX_SIZE multiples the maximum TCP socket number. In other
words, the bigger TCP_RECVMBOX_SIZE means more memory.
On the other hand, if the receiv mail box is too small, the mail box may be full. If the
mail box is full, the LWIP drops the packets. So generally we need to make sure the TCP
receive mail box is big enough to avoid packet drop between LWIP core and application.
config TCP_QUEUE_OOSEQ
bool "Queue incoming out-of-order segments"
default n
help
Queue incoming out-of-order segments for later use.
Disable this option to save some RAM during TCP sessions, at the expense
of increased retransmissions if segments arrive out of order.
choice TCP_OVERSIZE
prompt "Pre-allocate transmit PBUF size"
default TCP_OVERSIZE_MSS
help
Allows enabling "oversize" allocation of TCP transmission pbufs ahead of time,
which can reduce the length of pbuf chains used for transmission.
This will not make a difference to sockets where Nagle's algorithm
is disabled.
Default value of MSS is fine for most applications, 25% MSS may save
some RAM when only transmitting small amounts of data. Disabled will
have worst performance and fragmentation characteristics, but uses
least RAM overall.
config TCP_OVERSIZE_MSS
bool "MSS"
config TCP_OVERSIZE_QUARTER_MSS
bool "25% MSS"
config TCP_OVERSIZE_DISABLE
bool "Disabled"
endchoice
endmenu # TCP
menu "UDP"
config LWIP_MAX_UDP_PCBS
int "Maximum active UDP control blocks"
range 1 1024
default 4
help
The maximum number of active UDP "connections" (ie
UDP sockets sending/receiving data).
The practical maximum limit is determined by available
heap memory at runtime.
config UDP_RECVMBOX_SIZE
int "Default UDP receive mail box size"
default 6
range 6 64
help
Set UDP receive mail box size. The recommended value is 6.
UDP receive mail box is a per socket mail box, when the application receives packets
from UDP socket, LWIP core firstly posts the packets to UDP receive mail box and the
application then fetches the packets from mail box. It means LWIP can caches maximum
UDP_RECCVMBOX_SIZE packets for each UDP socket, so the maximum possible cached UDP packets
for all UDP sockets is UDP_RECCVMBOX_SIZE multiples the maximum UDP socket number. In other
words, the bigger UDP_RECVMBOX_SIZE means more memory.
On the other hand, if the receiv mail box is too small, the mail box may be full. If the
mail box is full, the LWIP drops the packets. So generally we need to make sure the UDP
receive mail box is big enough to avoid packet drop between LWIP core and application.
endmenu # UDP
config TCPIP_TASK_STACK_SIZE
int "TCP/IP Task Stack Size"
default 512
# for high log levels, tcpip_adapter API calls can end up
# a few calls deep and logging there can trigger a stack overflow
range 2048 65536 if LOG_DEFAULT_LEVEL < 4
range 2560 65536 if LOG_DEFAULT_LEVEL >= 4
help
Configure TCP/IP task stack size, used by LWIP to process multi-threaded TCP/IP operations.
Setting this stack too small will result in stack overflow crashes.
menu "ICMP"
config LWIP_MULTICAST_PING
bool "Respond to multicast pings"
default n
config LWIP_BROADCAST_PING
bool "Respond to broadcast pings"
default n
endmenu # ICMP
menu "LWIP RAW API"
config LWIP_MAX_RAW_PCBS
int "Maximum LWIP RAW PCBs"
range 1 1024
default 4
help
The maximum number of simultaneously active LWIP
RAW protocol control blocks. The practical maximum
limit is determined by available heap memory at runtime.
endmenu # LWIP RAW API
endmenu

3
components/lwip/apps/dhcpserver/dhcpserver.c
View File

@ -13,6 +13,7 @@
// limitations under the License.
#include "esp_common.h"
#include "sdkconfig.h"
#include "lwip/inet.h"
#include "lwip/err.h"
#include "lwip/pbuf.h"
@ -41,7 +42,7 @@ static struct dhcps_lease dhcps_lease;
static list_node* plist = NULL;
static u8_t offer = 0xFF;
static bool renew = false;
#define DHCPS_LEASE_TIME_DEF (120)
#define DHCPS_LEASE_TIME_DEF CONFIG_LWIP_DHCPS_LEASE_UNIT
u32_t dhcps_lease_time = DHCPS_LEASE_TIME_DEF; //minute
/******************************************************************************
* FunctionName : node_insert_to_list

5
components/lwip/include/lwip/apps/dhcpserver/dhcpserver.h
View File

@ -3,6 +3,7 @@
#define USE_DNS
#include "sdkconfig.h"
#include "esp_wifi.h"
typedef struct dhcps_state {
@ -70,8 +71,8 @@ extern u32_t dhcps_lease_time;
#define DHCP_OPTION_END 255
//#define USE_CLASS_B_NET 1
#define DHCPS_DEBUG 0
#define MAX_STATION_NUM 8
#define DHCPS_DEBUG CONFIG_LWIP_DHCP_SERVER_DEBUG
#define MAX_STATION_NUM CONFIG_LWIP_DHCPS_MAX_STATION_NUM
#define DHCPS_STATE_OFFER 1
#define DHCPS_STATE_DECLINE 2

11
components/lwip/include/lwip/port/arch/sys_arch.h
View File

@ -50,5 +50,16 @@ typedef xTaskHandle sys_thread_t;
#define LWIP_COMPAT_MUTEX 0
#if LWIP_NETCONN_SEM_PER_THREAD
sys_sem_t* sys_thread_sem_init(void);
void sys_thread_sem_deinit(void);
sys_sem_t* sys_thread_sem_get(void);
#define LWIP_NETCONN_THREAD_SEM_ALLOC() sys_thread_sem_init()
#define LWIP_NETCONN_THREAD_SEM_FREE() sys_thread_sem_deinit()
#define LWIP_NETCONN_THREAD_SEM_GET() sys_thread_sem_get()
#endif
#endif /* __SYS_ARCH_H__ */

36
components/lwip/include/lwip/port/lwipopts.h
View File

@ -390,13 +390,13 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
/**
* ARP_TABLE_SIZE: Number of active MAC-IP address pairs cached.
*/
#define ARP_TABLE_SIZE 10
#define ARP_TABLE_SIZE CONFIG_LWIP_ARP_TABLE_SIZE
/** the time an ARP entry stays valid after its last update,
* for ARP_TMR_INTERVAL = 1000, this is
* (60 * 5) seconds = 5 minutes.
*/
#define ARP_MAXAGE 300
#define ARP_MAXAGE CONFIG_LWIP_ARP_MAXAGE
/**
* ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
@ -506,7 +506,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
* PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
* packets even if the maximum amount of fragments is enqueued for reassembly!
*/
#define IP_REASS_MAX_PBUFS 10
#define IP_REASS_MAX_PBUFS CONFIG_LWIP_IP_REASS_MAX_PBUFS
/**
* IP_DEFAULT_TTL: Default value for Time-To-Live used by transport layers.
@ -518,13 +518,13 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
* filter per pcb on udp and raw send operations. To enable broadcast filter
* on recv operations, you also have to set IP_SOF_BROADCAST_RECV=1.
*/
#define IP_SOF_BROADCAST 0
#define IP_SOF_BROADCAST CONFIG_LWIP_IP_SOF_BROADCAST
/**
* IP_SOF_BROADCAST_RECV (requires IP_SOF_BROADCAST=1) enable the broadcast
* filter on recv operations.
*/
#define IP_SOF_BROADCAST_RECV 0
#define IP_SOF_BROADCAST_RECV CONFIG_LWIP_IP_SOF_BROADCAST_RECV
/**
* IP_FORWARD_ALLOW_TX_ON_RX_NETIF==1: allow ip_forward() to send packets back
@ -559,7 +559,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
* LWIP_ICMP==1: Enable ICMP module inside the IP stack.
* Be careful, disable that make your product non-compliant to RFC1122
*/
#define LWIP_ICMP 1
#define LWIP_ICMP CONFIG_LWIP_ICMP
/**
* ICMP_TTL: Default value for Time-To-Live used by ICMP packets.
@ -592,7 +592,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
/**
* LWIP_RAW==1: Enable application layer to hook into the IP layer itself.
*/
#define LWIP_RAW 0
#define LWIP_RAW CONFIG_LWIP_RAW
/**
* LWIP_RAW==1: Enable application layer to hook into the IP layer itself.
@ -733,7 +733,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
/**
* LWIP_IGMP==1: Turn on IGMP module.
*/
#define LWIP_IGMP 1
#define LWIP_IGMP CONFIG_LWIP_IGMP
/**
* LWIP_MULTICAST_TX_OPTIONS==1: Enable multicast TX support like the socket options
@ -770,7 +770,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
* The first server can be initialized automatically by defining
* DNS_SERVER_ADDRESS(ipaddr), where 'ipaddr' is an 'ip_addr_t*'
*/
#define DNS_MAX_SERVERS 2
#define DNS_MAX_SERVERS CONFIG_DNS_MAX_SERVERS
/** DNS do a name checking between the query and the response. */
#define DNS_DOES_NAME_CHECK 1
@ -1313,7 +1313,7 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
* The latter 2 can be invoked up by calling netconn_thread_init()/netconn_thread_cleanup().
* Ports may call these for threads created with sys_thread_new().
*/
#define LWIP_NETCONN_SEM_PER_THREAD 0
#define LWIP_NETCONN_SEM_PER_THREAD 1
/** LWIP_NETCONN_FULLDUPLEX==1: Enable code that allows reading from one thread,
* writing from a 2nd thread and closing from a 3rd thread at the same time.
@ -1405,17 +1405,17 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
/**
* LWIP_SO_LINGER==1: Enable SO_LINGER processing.
*/
#define LWIP_SO_LINGER 0
#define LWIP_SO_LINGER CONFIG_LWIP_SO_LINGER
/**
* If LWIP_SO_RCVBUF is used, this is the default value for recv_bufsize.
*/
#define RECV_BUFSIZE_DEFAULT INT_MAX
#define RECV_BUFSIZE_DEFAULT CONFIG_LWIP_RECV_BUFSIZE_DEFAULT
/**
* By default, TCP socket/netconn close waits 20 seconds max to send the FIN
*/
#define LWIP_TCP_CLOSE_TIMEOUT_MS_DEFAULT 20000
#define LWIP_TCP_CLOSE_TIMEOUT_MS_DEFAULT CONFIG_LWIP_TCP_CLOSE_TIMEOUT_MS_DEFAULT
/**
* SO_REUSE==1: Enable SO_REUSEADDR option.
@ -1671,12 +1671,12 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
/**
* LWIP_IPV6==1: Enable IPv6
*/
#define LWIP_IPV6 1
#define LWIP_IPV6 CONFIG_LWIP_IPV6
/**
* LWIP_IPV6_NUM_ADDRESSES: Number of IPv6 addresses per netif.
*/
#define LWIP_IPV6_NUM_ADDRESSES 3
#define LWIP_IPV6_NUM_ADDRESSES CONFIG_LWIP_IPV6_NUM_ADDRESSES
/**
* LWIP_IPV6_FORWARD==1: Forward IPv6 packets across netifs
@ -2146,6 +2146,12 @@ extern void vPortFree(void *pv, const char * file, unsigned line);
#define SNTP_DEBUG LWIP_DBG_ON
#endif
#ifdef CONFIG_LWIP_THREAD_SAFE_DEBUG
#define ESP_THREAD_SAFE_DEBUG LWIP_DBG_ON
#else
#define ESP_THREAD_SAFE_DEBUG LWIP_DBG_OFF
#endif
/**
* @}
*/

67
components/lwip/port/freertos/sys_arch.c
View File

@ -38,6 +38,7 @@
#include "lwip/mem.h"
#include "arch/sys_arch.h"
#define LWIP_THREAD_TLS 0
/* Message queue constants. */
#define archMESG_QUEUE_LENGTH (100)//( 6 )
@ -424,3 +425,69 @@ sys_arch_msleep(int ms)
vTaskDelay(ms / portTICK_RATE_MS);
}
#if LWIP_NETCONN_SEM_PER_THREAD
static void sys_thread_sem_free(int index, void *data) // destructor for TLS semaphore
{
sys_sem_t *sem = (sys_sem_t *)(data);
if (sem && *sem){
LWIP_DEBUGF(ESP_THREAD_SAFE_DEBUG, ("sem del, sem=%p\n", *sem));
vSemaphoreDelete(*sem);
}
if (sem) {
LWIP_DEBUGF(ESP_THREAD_SAFE_DEBUG, ("sem pointer del, sem_p=%p\n", sem));
free(sem);
}
}
/*
* get per thread semphore
*/
sys_sem_t* sys_thread_sem_init(void)
{
sys_sem_t *sem = (sys_sem_t*)mem_malloc(sizeof(sys_sem_t*));
if (!sem){
LWIP_DEBUGF(ESP_THREAD_SAFE_DEBUG, "thread_sem_init: out of memory\n");
return 0;
}
*sem = xSemaphoreCreateBinary();
if (!(*sem)){
free(sem);
LWIP_DEBUGF(ESP_THREAD_SAFE_DEBUG, "thread_sem_init: out of memory\n");
return 0;
}
vTaskSetThreadLocalStoragePointerAndDelCallback(NULL, LWIP_THREAD_TLS, sem, sys_thread_sem_free);
return sem;
}
/*
* get per thread semphore
*/
sys_sem_t* sys_thread_sem_get(void)
{
sys_sem_t *sem = pvTaskGetThreadLocalStoragePointer(NULL, LWIP_THREAD_TLS);
if (!sem) {
sem = sys_thread_sem_init();
}
LWIP_DEBUGF(ESP_THREAD_SAFE_DEBUG, ("sem_get s=%p\n", sem));
return sem;
}
void sys_thread_sem_deinit(void)
{
sys_sem_t *sem = pvTaskGetThreadLocalStoragePointer(NULL, LWIP_THREAD_TLS);
if (sem != NULL) {
sys_thread_sem_free(LWIP_THREAD_TLS, sem);
vTaskSetThreadLocalStoragePointerAndDelCallback(NULL, LWIP_THREAD_TLS, NULL, NULL);
}
}
#endif

14
components/ssl/CMakeLists.txt
View File

@ -1,21 +1,21 @@
if(CONFIG_SSL_USING_WOLFSSL)
set(COMPONENT_ADD_INCLUDEDIRS include wolfssl/include)
set(COMPONENT_ADD_INCLUDEDIRS include wolfssl/include wolfssl/wolfssl wolfssl/wolfssl/wolfssl)
else()
if(CONFIG_SSL_USING_MBEDTLS)
set(COMPONENT_ADD_INCLUDEDIRS
openssl/include
mbedtls/port/openssl/include
mbedtls/mbedtls/include
mbedtls/port/esp8266/include)
set(COMPONENT_PRIV_INCLUDEDIRS
openssl/include/internal
openssl/include/openssl
openssl/include/platform)
mbedtls/port/openssl/include/internal
mbedtls/port/openssl/include/openssl
mbedtls/port/openssl/include/platform)
set(COMPONENT_SRCDIRS
openssl/source/library
openssl/source/platform
mbedtls/port/openssl/source/library
mbedtls/port/openssl/source/platform
mbedtls/mbedtls/library
mbedtls/port/esp8266)
else()

12
components/ssl/component.mk
View File

@ -3,7 +3,7 @@
#
ifdef CONFIG_SSL_USING_WOLFSSL
COMPONENT_ADD_INCLUDEDIRS := wolfssl/include
COMPONENT_ADD_INCLUDEDIRS := wolfssl/include wolfssl/wolfssl wolfssl/wolfssl/wolfssl
WOLFSSLLIB = wolfssl
COMPONENT_ADD_LDFLAGS := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl
@ -12,13 +12,9 @@ COMPONENT_ADD_LDFLAGS := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl
COMPONENT_ADD_LINKER_DEPS := $(patsubst %,$(COMPONENT_PATH)/wolfssl/lib/lib%.a,$(WOLFSSLLIB))
else
ifdef CONFIG_SSL_USING_MBEDTLS
COMPONENT_ADD_INCLUDEDIRS := openssl/include
COMPONENT_PRIV_INCLUDEDIRS := openssl/include/internal openssl/include/openssl openssl/include/platform
COMPONENT_SRCDIRS := openssl/source/library openssl/source/platform
COMPONENT_ADD_INCLUDEDIRS += mbedtls/mbedtls/include mbedtls/port/esp8266/include
COMPONENT_SRCDIRS += mbedtls/mbedtls/library mbedtls/port/esp8266
COMPONENT_PRIV_INCLUDEDIRS := mbedtls/port/openssl/include/internal mbedtls/port/openssl/include/openssl mbedtls/port/openssl/include/platform
COMPONENT_ADD_INCLUDEDIRS += mbedtls/mbedtls/include mbedtls/port/esp8266/include mbedtls/port/openssl/include
COMPONENT_SRCDIRS += mbedtls/mbedtls/library mbedtls/port/esp8266 mbedtls/port/openssl/source/library mbedtls/port/openssl/source/platform
else
COMPONENT_ADD_INCLUDEDIRS := axtls/include
COMPONENT_SRCDIRS := axtls/source/ssl axtls/source/crypto

0
components/ssl/openssl/OpenSSL-APIs.rst → components/ssl/mbedtls/port/openssl/OpenSSL-APIs.rst
View File

0
components/ssl/openssl/include/internal/ssl3.h → components/ssl/mbedtls/port/openssl/include/internal/ssl3.h
View File

0
components/ssl/openssl/include/internal/ssl_cert.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_cert.h
View File

0
components/ssl/openssl/include/internal/ssl_code.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_code.h
View File

0
components/ssl/openssl/include/internal/ssl_dbg.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_dbg.h
View File

0
components/ssl/openssl/include/internal/ssl_lib.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_lib.h
View File

0
components/ssl/openssl/include/internal/ssl_methods.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_methods.h
View File

0
components/ssl/openssl/include/internal/ssl_pkey.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_pkey.h
View File

0
components/ssl/openssl/include/internal/ssl_stack.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_stack.h
View File

0
components/ssl/openssl/include/internal/ssl_types.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_types.h
View File

0
components/ssl/openssl/include/internal/ssl_x509.h → components/ssl/mbedtls/port/openssl/include/internal/ssl_x509.h
View File

0
components/ssl/openssl/include/internal/tls1.h → components/ssl/mbedtls/port/openssl/include/internal/tls1.h
View File

0
components/ssl/openssl/include/internal/x509_vfy.h → components/ssl/mbedtls/port/openssl/include/internal/x509_vfy.h
View File

0
components/ssl/openssl/include/openssl/ssl.h → components/ssl/mbedtls/port/openssl/include/openssl/ssl.h
View File

0
components/ssl/openssl/include/platform/ssl_opt.h → components/ssl/mbedtls/port/openssl/include/platform/ssl_opt.h
View File

0
components/ssl/openssl/include/platform/ssl_pm.h → components/ssl/mbedtls/port/openssl/include/platform/ssl_pm.h
View File

0
components/ssl/openssl/include/platform/ssl_port.h → components/ssl/mbedtls/port/openssl/include/platform/ssl_port.h
View File

0
components/ssl/openssl/source/library/ssl_cert.c → components/ssl/mbedtls/port/openssl/source/library/ssl_cert.c
View File

0
components/ssl/openssl/source/library/ssl_lib.c → components/ssl/mbedtls/port/openssl/source/library/ssl_lib.c
View File

0
components/ssl/openssl/source/library/ssl_methods.c → components/ssl/mbedtls/port/openssl/source/library/ssl_methods.c
View File

0
components/ssl/openssl/source/library/ssl_pkey.c → components/ssl/mbedtls/port/openssl/source/library/ssl_pkey.c
View File

0
components/ssl/openssl/source/library/ssl_stack.c → components/ssl/mbedtls/port/openssl/source/library/ssl_stack.c
View File

0
components/ssl/openssl/source/library/ssl_x509.c → components/ssl/mbedtls/port/openssl/source/library/ssl_x509.c
View File

0
components/ssl/openssl/source/platform/ssl_pm.c → components/ssl/mbedtls/port/openssl/source/platform/ssl_pm.c
View File

0
components/ssl/openssl/source/platform/ssl_pm_extend.c → components/ssl/mbedtls/port/openssl/source/platform/ssl_pm_extend.c
View File

17
components/ssl/wolfssl/include/user_settings.h
View File

@ -22,24 +22,27 @@
#define HAVE_PK_CALLBACKS
#define WOLFSSL_KEY_GEN
#define WOLFSSL_RIPEMD
#define ESP_PLATFORM
#define DEBUG_ESP_PLATFORM
#define USE_WOLFSSL_IO
#define WOLFSSL_STATIC_RSA
#define NO_DH
#define NO_MD4
#define NO_MD5
#define NO_DES3
#define NO_DSA
#define NO_RC4
#define NO_RABBIT
#define NO_OLD_TLS
#define HAVE_ECC
#define WC_NO_HARDEN
#define FREERTOS
#define WOLFSSL_TYPES
#define NO_FILESYSTEM
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_ALLOW_TLSV10
#define WOLFSSL_SMALL_STACK
#define SMALL_SESSION_CACHE
#define SSL_CTX_use_certificate_ASN1(ctx,len,buf) wolfSSL_CTX_use_certificate_buffer(ctx,buf,len,WOLFSSL_FILETYPE_PEM)
#define SSL_CTX_use_PrivateKey_ASN1(type,ctx,buf,len) wolfSSL_CTX_use_PrivateKey_buffer(ctx,buf,len, WOLFSSL_FILETYPE_PEM)
#define SSL_CTX_load_verify_buffer(ctx,buf,len) wolfSSL_CTX_load_verify_buffer(ctx,buf,len, WOLFSSL_FILETYPE_PEM)
#ifdef WOLFSSL_TYPES
#ifndef byte
@ -51,12 +54,8 @@
#endif
#ifndef CUSTOM_RAND_GENERATE_BLOCK
/* To use define the following:*/
#define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
extern int myRngFunc(byte* output, word32 sz);
#define CUSTOM_RAND_GENERATE_BLOCK os_get_random
#endif
#endif

BIN
components/ssl/wolfssl/lib/libwolfssl.a
View File

Binary file not shown.

175
components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h Normal file
View File

@ -0,0 +1,175 @@
/* bn.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* bn.h for openssl */
#ifndef WOLFSSL_BN_H_
#define WOLFSSL_BN_H_
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/integer.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL_BIGNUM {
int neg; /* openssh deference */
void* internal; /* our big num */
} WOLFSSL_BIGNUM;
#define WOLFSSL_BN_ULONG mp_digit
typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*);
WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
WOLFSSL_BIGNUM* ret);
WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
int bottom);
WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
WOLFSSL_BIGNUM*);
WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
WOLFSSL_BN_ULONG);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
#endif
WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx);
typedef WOLFSSL_BIGNUM BIGNUM;
typedef WOLFSSL_BN_CTX BN_CTX;
typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_CTX_new wolfSSL_BN_CTX_new
#define BN_CTX_init wolfSSL_BN_CTX_init
#define BN_CTX_free wolfSSL_BN_CTX_free
#define BN_new wolfSSL_BN_new
#define BN_free wolfSSL_BN_free
#define BN_clear_free wolfSSL_BN_clear_free
#define BN_num_bytes wolfSSL_BN_num_bytes
#define BN_num_bits wolfSSL_BN_num_bits
#define BN_is_zero wolfSSL_BN_is_zero
#define BN_is_one wolfSSL_BN_is_one
#define BN_is_odd wolfSSL_BN_is_odd
#define BN_cmp wolfSSL_BN_cmp
#define BN_bn2bin wolfSSL_BN_bn2bin
#define BN_bin2bn wolfSSL_BN_bin2bn
#define BN_mod wolfSSL_BN_mod
#define BN_mod_exp wolfSSL_BN_mod_exp
#define BN_mod_mul wolfSSL_BN_mod_mul
#define BN_sub wolfSSL_BN_sub
#define BN_value_one wolfSSL_BN_value_one
#define BN_mask_bits wolfSSL_mask_bits
#define BN_pseudo_rand wolfSSL_BN_pseudo_rand
#define BN_rand wolfSSL_BN_rand
#define BN_is_bit_set wolfSSL_BN_is_bit_set
#define BN_hex2bn wolfSSL_BN_hex2bn
#define BN_dup wolfSSL_BN_dup
#define BN_copy wolfSSL_BN_copy
#define BN_get_word wolfSSL_BN_get_word
#define BN_set_word wolfSSL_BN_set_word
#define BN_dec2bn wolfSSL_BN_dec2bn
#define BN_bn2dec wolfSSL_BN_bn2dec
#define BN_bn2hex wolfSSL_BN_bn2hex
#define BN_lshift wolfSSL_BN_lshift
#define BN_add_word wolfSSL_BN_add_word
#define BN_add wolfSSL_BN_add
#define BN_set_word wolfSSL_BN_set_word
#define BN_set_bit wolfSSL_BN_set_bit
#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
#define BN_print_fp wolfSSL_BN_print_fp
#define BN_rshift wolfSSL_BN_rshift
#define BN_mod_word wolfSSL_BN_mod_word
#define BN_CTX_get wolfSSL_BN_CTX_get
#define BN_CTX_start wolfSSL_BN_CTX_start
#define BN_mod_inverse wolfSSL_BN_mod_inverse
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL__H_ */

78
components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h Normal file
View File

@ -0,0 +1,78 @@
/* dsa.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* dsa.h for openSSL */
#ifndef WOLFSSL_DSA_H_
#define WOLFSSL_DSA_H_
#include <wolfssl/openssl/bn.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_DSA WOLFSSL_DSA;
#define WOLFSSL_DSA_TYPE_DEFINED
#endif
typedef WOLFSSL_DSA DSA;
struct WOLFSSL_DSA {
WOLFSSL_BIGNUM* p;
WOLFSSL_BIGNUM* q;
WOLFSSL_BIGNUM* g;
WOLFSSL_BIGNUM* pub_key; /* our y */
WOLFSSL_BIGNUM* priv_key; /* our x */
void* internal; /* our Dsa Key */
char inSet; /* internal set from external ? */
char exSet; /* external set from internal ? */
};
WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits,
unsigned char* seed, int seedLen, int* counterRet,
unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg);
WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
unsigned char* seed, int seedLen, int* counterRet,
unsigned long* hRet, void* cb);
WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
unsigned char* sigRet, WOLFSSL_DSA* dsa);
WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck);
#define DSA_new wolfSSL_DSA_new
#define DSA_free wolfSSL_DSA_free
#define DSA_generate_key wolfSSL_DSA_generate_key
#define DSA_generate_parameters wolfSSL_DSA_generate_parameters
#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* header */

205
components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h Normal file
View File

@ -0,0 +1,205 @@
/* ec.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* ec.h for openssl */
#ifndef WOLFSSL_EC_H_
#define WOLFSSL_EC_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/wolfcrypt/ecc.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Map OpenSSL NID value */
enum {
POINT_CONVERSION_UNCOMPRESSED = 4,
#ifdef HAVE_ECC
/* Use ecc_curve_type enum values for NID */
NID_X9_62_prime192v1 = ECC_SECP192R1,
NID_X9_62_prime256v1 = ECC_SECP256R1,
NID_secp112r1 = ECC_SECP112R1,
NID_secp112r2 = ECC_SECP112R2,
NID_secp128r1 = ECC_SECP128R1,
NID_secp128r2 = ECC_SECP128R2,
NID_secp160r1 = ECC_SECP160R1,
NID_secp160r2 = ECC_SECP160R2,
NID_secp224r1 = ECC_SECP224R1,
NID_secp384r1 = ECC_SECP384R1,
NID_secp521r1 = ECC_SECP521R1,
NID_secp160k1 = ECC_SECP160K1,
NID_secp192k1 = ECC_SECP192K1,
NID_secp224k1 = ECC_SECP224K1,
NID_secp256k1 = ECC_SECP256K1,
NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1,
NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1,
NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1,
NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1,
NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1,
NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1,
NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1,
#endif
OPENSSL_EC_NAMED_CURVE = 0x001
};
#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
#define WOLFSSL_EC_TYPE_DEFINED
#endif
typedef WOLFSSL_EC_KEY EC_KEY;
typedef WOLFSSL_EC_GROUP EC_GROUP;
typedef WOLFSSL_EC_POINT EC_POINT;
struct WOLFSSL_EC_POINT {
WOLFSSL_BIGNUM *X;
WOLFSSL_BIGNUM *Y;
WOLFSSL_BIGNUM *Z;
void* internal; /* our ECC point */
char inSet; /* internal set from external ? */
char exSet; /* external set from internal ? */
};
struct WOLFSSL_EC_GROUP {
int curve_idx; /* index of curve, used by WolfSSL as reference */
int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */
int curve_oid; /* OID of curve, used by OpenSSL/OpenSSH as reference */
};
struct WOLFSSL_EC_KEY {
WOLFSSL_EC_GROUP *group;
WOLFSSL_EC_POINT *pub_key;
WOLFSSL_BIGNUM *priv_key;
void* internal; /* our ECC Key */
char inSet; /* internal set from external ? */
char exSet; /* external set from internal ? */
};
WOLFSSL_API
int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
const WOLFSSL_EC_POINT *p,
unsigned char *out, unsigned int *len);
WOLFSSL_API
int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
WOLFSSL_API
int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
const unsigned char* der, int derSz);
WOLFSSL_API
void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
WOLFSSL_API
WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
WOLFSSL_API
const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
WOLFSSL_API
int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
const WOLFSSL_BIGNUM *priv_key);
WOLFSSL_API
WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
WOLFSSL_API
int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
WOLFSSL_API
void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
WOLFSSL_API
int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
const WOLFSSL_EC_POINT *pub);
WOLFSSL_API
void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
WOLFSSL_API
WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
WOLFSSL_API
int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
WOLFSSL_API
WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *p,
WOLFSSL_BIGNUM *x,
WOLFSSL_BIGNUM *y,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_BIGNUM *n,
const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
WOLFSSL_API
int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
WOLFSSL_API
int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *a);
#define EC_KEY_free wolfSSL_EC_KEY_free
#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key
#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group
#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key
#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key
#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
#define EC_KEY_set_group wolfSSL_EC_KEY_set_group
#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key
#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
#define EC_KEY_new wolfSSL_EC_KEY_new
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
#define EC_GROUP_free wolfSSL_EC_GROUP_free
#define EC_POINT_new wolfSSL_EC_POINT_new
#define EC_POINT_get_affine_coordinates_GFp \
wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_mul wolfSSL_EC_POINT_mul
#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
#define EC_POINT_free wolfSSL_EC_POINT_free
#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity
#define EC_POINT_dump wolfSSL_EC_POINT_dump
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* header */

564
components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h Normal file
View File

@ -0,0 +1,564 @@
/* evp.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* evp.h defines mini evp openssl compatibility layer
*
*/
#ifndef WOLFSSL_EVP_H_
#define WOLFSSL_EVP_H_
#include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_PREFIX
#include "prefix_evp.h"
#endif
#ifndef NO_MD4
#include <wolfssl/openssl/md4.h>
#endif
#ifndef NO_MD5
#include <wolfssl/openssl/md5.h>
#endif
#include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/ripemd.h>
#include <wolfssl/openssl/rsa.h>
#include <wolfssl/openssl/dsa.h>
#include <wolfssl/openssl/ec.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/arc4.h>
#include <wolfssl/wolfcrypt/hmac.h>
#ifdef HAVE_IDEA
#include <wolfssl/wolfcrypt/idea.h>
#endif
#include <wolfssl/wolfcrypt/pwdbased.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef char WOLFSSL_EVP_CIPHER;
#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
typedef char WOLFSSL_EVP_MD;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
#define WOLFSSL_EVP_TYPE_DEFINED
#endif
#ifndef NO_MD4
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void);
#endif
#ifndef NO_MD5
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
#endif
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
typedef union {
#ifndef NO_MD4
WOLFSSL_MD4_CTX md4;
#endif
#ifndef NO_MD5
WOLFSSL_MD5_CTX md5;
#endif
WOLFSSL_SHA_CTX sha;
#ifdef WOLFSSL_SHA224
WOLFSSL_SHA224_CTX sha224;
#endif
WOLFSSL_SHA256_CTX sha256;
#ifdef WOLFSSL_SHA384
WOLFSSL_SHA384_CTX sha384;
#endif
#ifdef WOLFSSL_SHA512
WOLFSSL_SHA512_CTX sha512;
#endif
#ifdef WOLFSSL_RIPEMD
WOLFSSL_RIPEMD_CTX ripemd;
#endif
} WOLFSSL_Hasher;
typedef struct WOLFSSL_EVP_MD_CTX {
union {
WOLFSSL_Hasher digest;
Hmac hmac;
} hash;
unsigned char macType;
} WOLFSSL_EVP_MD_CTX;
typedef union {
#ifndef NO_AES
Aes aes;
#endif
#ifndef NO_DES3
Des des;
Des3 des3;
#endif
Arc4 arc4;
#ifdef HAVE_IDEA
Idea idea;
#endif
} WOLFSSL_Cipher;
enum {
AES_128_CBC_TYPE = 1,
AES_192_CBC_TYPE = 2,
AES_256_CBC_TYPE = 3,
AES_128_CTR_TYPE = 4,
AES_192_CTR_TYPE = 5,
AES_256_CTR_TYPE = 6,
AES_128_ECB_TYPE = 7,
AES_192_ECB_TYPE = 8,
AES_256_ECB_TYPE = 9,
DES_CBC_TYPE = 10,
DES_ECB_TYPE = 11,
DES_EDE3_CBC_TYPE = 12,
DES_EDE3_ECB_TYPE = 13,
ARC4_TYPE = 14,
NULL_CIPHER_TYPE = 15,
EVP_PKEY_RSA = 16,
EVP_PKEY_DSA = 17,
EVP_PKEY_EC = 18,
#ifdef HAVE_IDEA
IDEA_CBC_TYPE = 19,
#endif
NID_sha1 = 64,
NID_sha224 = 65,
NID_md2 = 77,
NID_md5 = 4,
NID_hmac = 855,
EVP_PKEY_HMAC = NID_hmac
};
enum {
NID_aes_128_cbc = 419,
NID_aes_192_cbc = 423,
NID_aes_256_cbc = 427,
NID_aes_128_ctr = 904,
NID_aes_192_ctr = 905,
NID_aes_256_ctr = 906,
NID_aes_128_ecb = 418,
NID_aes_192_ecb = 422,
NID_aes_256_ecb = 426,
NID_des_cbc = 31,
NID_des_ecb = 29,
NID_des_ede3_cbc= 44,
NID_des_ede3_ecb= 33,
NID_idea_cbc = 34,
};
#define WOLFSSL_EVP_BUF_SIZE 16
typedef struct WOLFSSL_EVP_CIPHER_CTX {
int keyLen; /* user may set for variable */
int block_size;
unsigned long flags;
unsigned char enc; /* if encrypt side, then true */
unsigned char cipherType;
#ifndef NO_AES
/* working iv pointer into cipher */
ALIGN16 unsigned char iv[AES_BLOCK_SIZE];
#elif !defined(NO_DES3)
/* working iv pointer into cipher */
ALIGN16 unsigned char iv[DES_BLOCK_SIZE];
#endif
WOLFSSL_Cipher cipher;
ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE];
int bufUsed;
ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
int lastUsed;
} WOLFSSL_EVP_CIPHER_CTX;
typedef struct WOLFSSL_EVP_PKEY_CTX {
WOLFSSL_EVP_PKEY *pkey;
int op; /* operation */
int padding;
} WOLFSSL_EVP_PKEY_CTX;
typedef int WOLFSSL_ENGINE ;
typedef WOLFSSL_ENGINE ENGINE;
typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX;
#define EVP_PKEY_OP_ENCRYPT (1 << 6)
#define EVP_PKEY_OP_DECRYPT (1 << 7)
WOLFSSL_API void wolfSSL_EVP_init(void);
WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md);
WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
WOLFSSL_API int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx);
WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx);
WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name);
WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name);
WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
const WOLFSSL_EVP_MD* type);
WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
const WOLFSSL_EVP_MD* type,
WOLFSSL_ENGINE *impl);
WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
size_t sz);
WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
unsigned int* s);
WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
unsigned char* md, unsigned int* s);
WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_EVP_PKEY_CTX **pctx,
const WOLFSSL_EVP_MD *type,
WOLFSSL_ENGINE *e,
WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
const void *d, unsigned int cnt);
WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
unsigned char *sig, size_t *siglen);
#ifndef NO_MD5
WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
const WOLFSSL_EVP_MD*, const unsigned char*,
const unsigned char*, int, int, unsigned char*,
unsigned char*);
#endif
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*);
WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c);
WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
const unsigned char* key,
const unsigned char* iv,
int enc);
WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
const unsigned char* key,
const unsigned char* iv,
int enc);
WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
const unsigned char* key,
const unsigned char* iv);
WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
const unsigned char* key,
const unsigned char* iv);
WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
const unsigned char* key,
const unsigned char* iv);
WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
WOLFSSL_ENGINE *impl,
const unsigned char* key,
const unsigned char* iv);
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl);
WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl);
WOLFSSL_API int wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl, int enc);
WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl);
WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl);
WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl);
WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl);
WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void);
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
int keylen);
WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
unsigned char* dst, unsigned char* src,
unsigned int len);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
const unsigned char* key, int keylen);
WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
size_t* len);
WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding);
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
WOLFSSL_API int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
/* these next ones don't need real OpenSSL type, for OpenSSH compat only */
WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
unsigned char* iv, int len);
WOLFSSL_API void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
unsigned char* iv, int len);
WOLFSSL_API int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest);
WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher);
WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen,
const unsigned char * salt,
int saltlen, int iter,
int keylen, unsigned char *out);
#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER
#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE
#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE
#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE
#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE
#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE
#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE
#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE
#define WOLFSSL_EVP_CIPH_MODE 0x0007
#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0
#define WOLFSSL_EVP_CIPH_ECB_MODE 0x1
#define WOLFSSL_EVP_CIPH_CBC_MODE 0x2
#define WOLFSSL_EVP_CIPH_CFB_MODE 0x3
#define WOLFSSL_EVP_CIPH_OFB_MODE 0x4
#define WOLFSSL_EVP_CIPH_CTR_MODE 0x5
#define WOLFSSL_EVP_CIPH_GCM_MODE 0x6
#define WOLFSSL_EVP_CIPH_CCM_MODE 0x7
#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100
#define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff
/* end OpenSSH compat */
typedef WOLFSSL_EVP_MD EVP_MD;
typedef WOLFSSL_EVP_CIPHER EVP_CIPHER;
typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX;
typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#ifndef NO_MD4
#define EVP_md4 wolfSSL_EVP_md4
#endif
#ifndef NO_MD5
#define EVP_md5 wolfSSL_EVP_md5
#endif
#define EVP_sha1 wolfSSL_EVP_sha1
#define EVP_dds1 wolfSSL_EVP_sha1
#define EVP_sha224 wolfSSL_EVP_sha224
#define EVP_sha256 wolfSSL_EVP_sha256
#define EVP_sha384 wolfSSL_EVP_sha384
#define EVP_sha512 wolfSSL_EVP_sha512
#define EVP_ripemd160 wolfSSL_EVP_ripemd160
#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc
#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc
#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc
#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb
#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb
#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb
#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr
#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr
#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr
#define EVP_des_cbc wolfSSL_EVP_des_cbc
#define EVP_des_ecb wolfSSL_EVP_des_ecb
#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc
#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb
#define EVP_rc4 wolfSSL_EVP_rc4
#define EVP_idea_cbc wolfSSL_EVP_idea_cbc
#define EVP_enc_null wolfSSL_EVP_enc_null
#define EVP_MD_size wolfSSL_EVP_MD_size
#define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new
#define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new
#define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free
#define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free
#define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init
#define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup
#define EVP_MD_CTX_md wolfSSL_EVP_MD_CTX_md
#define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type
#define EVP_MD_type wolfSSL_EVP_MD_type
#define EVP_DigestInit wolfSSL_EVP_DigestInit
#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex
#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate
#define EVP_DigestFinal wolfSSL_EVP_DigestFinal
#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex
#define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit
#define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate
#define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal
#define EVP_BytesToKey wolfSSL_EVP_BytesToKey
#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname
#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname
#define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init
#define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup
#define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length
#define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length
#define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
#define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode
#define EVP_CIPHER_iv_length wolfSSL_EVP_CIPHER_iv_length
#define EVP_CIPHER_key_length wolfSSL_EVP_Cipher_key_length
#define EVP_CipherInit wolfSSL_EVP_CipherInit
#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex
#define EVP_EncryptInit wolfSSL_EVP_EncryptInit
#define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex
#define EVP_DecryptInit wolfSSL_EVP_DecryptInit
#define EVP_DecryptInit_ex wolfSSL_EVP_DecryptInit_ex
#define EVP_Cipher wolfSSL_EVP_Cipher
#define EVP_CipherUpdate wolfSSL_EVP_CipherUpdate
#define EVP_EncryptUpdate wolfSSL_EVP_CipherUpdate
#define EVP_DecryptUpdate wolfSSL_EVP_CipherUpdate
#define EVP_CipherFinal wolfSSL_EVP_CipherFinal
#define EVP_CipherFinal_ex wolfSSL_EVP_CipherFinal
#define EVP_EncryptFinal wolfSSL_EVP_CipherFinal
#define EVP_EncryptFinal_ex wolfSSL_EVP_CipherFinal
#define EVP_DecryptFinal wolfSSL_EVP_CipherFinal
#define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal
#define EVP_CIPHER_CTX_free wolfSSL_EVP_CIPHER_CTX_free
#define EVP_CIPHER_CTX_new wolfSSL_EVP_CIPHER_CTX_new
#define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid
#define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid
#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname
#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname
#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA
#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA
#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA
#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY
#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac
#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key
#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy
#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex
#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits
#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free
#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new
#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding
#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt
#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init
#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt
#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init
#define EVP_PKEY_new wolfSSL_PKEY_new
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_size wolfSSL_EVP_PKEY_size
#define EVP_SignFinal wolfSSL_EVP_SignFinal
#define EVP_SignInit wolfSSL_EVP_SignInit
#define EVP_SignUpdate wolfSSL_EVP_SignUpdate
#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal
#define EVP_VerifyInit wolfSSL_EVP_VerifyInit
#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate
#define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size
#define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size
#define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags
#define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags
#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags
#define EVP_add_digest wolfSSL_EVP_add_digest
#define EVP_add_cipher wolfSSL_EVP_add_cipher
#define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
#ifndef EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE 64 /* sha512 */
#endif
#ifndef EVP_MAX_BLOCK_LENGTH
#define EVP_MAX_BLOCK_LENGTH 32 /* 2 * blocklen(AES)? */
/* They define this as 32. Using the same value here. */
#endif
WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_EVP_H_ */

67
components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h Normal file
View File

@ -0,0 +1,67 @@
/* md5.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* md5.h for openssl */
#ifndef WOLFSSL_MD5_H_
#define WOLFSSL_MD5_H_
#include <wolfssl/wolfcrypt/settings.h>
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/hash.h>
#ifdef WOLFSSL_PREFIX
#include "prefix_md5.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL_MD5_CTX {
void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; /* big enough to hold wolfcrypt md5, but check on init */
} WOLFSSL_MD5_CTX;
WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
typedef WOLFSSL_MD5_CTX MD5_CTX;
#define MD5_Init wolfSSL_MD5_Init
#define MD5_Update wolfSSL_MD5_Update
#define MD5_Final wolfSSL_MD5_Final
#ifdef OPENSSL_EXTRA_BSD
#define MD5Init wolfSSL_MD5_Init
#define MD5Update wolfSSL_MD5_Update
#define MD5Final wolfSSL_MD5_Final
#endif
#ifndef MD5
#define MD5(d, n, md) wc_Md5Hash((d), (n), (md))
#endif
#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_MD5 */
#endif /* WOLFSSL_MD5_H_ */

31
components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h Normal file
View File

@ -0,0 +1,31 @@
/* opensslv.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* opensslv.h compatibility */
#ifndef WOLFSSL_OPENSSLV_H_
#define WOLFSSL_OPENSSLV_H_
/* api version compatibility */
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_SIGNAL)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001000L
#else
#define OPENSSL_VERSION_NUMBER 0x0090810fL
#endif
#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING
#endif /* header */

49
components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h Normal file
View File

@ -0,0 +1,49 @@
/* ripemd.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* ripemd.h for openssl */
#ifndef WOLFSSL_RIPEMD_H_
#define WOLFSSL_RIPEMD_H_
#include <wolfssl/wolfcrypt/settings.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL_RIPEMD_CTX {
int holder[32]; /* big enough to hold wolfcrypt, but check on init */
} WOLFSSL_RIPEMD_CTX;
WOLFSSL_API void wolfSSL_RIPEMD_Init(WOLFSSL_RIPEMD_CTX*);
WOLFSSL_API void wolfSSL_RIPEMD_Update(WOLFSSL_RIPEMD_CTX*, const void*,
unsigned long);
WOLFSSL_API void wolfSSL_RIPEMD_Final(unsigned char*, WOLFSSL_RIPEMD_CTX*);
typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX;
#define RIPEMD_Init wolfSSL_RIPEMD_Init
#define RIPEMD_Update wolfSSL_RIPEMD_Update
#define RIPEMD_Final wolfSSL_RIPEMD_Final
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_MD5_H_ */

122
components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h Normal file
View File

@ -0,0 +1,122 @@
/* rsa.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* rsa.h for openSSL */
#ifndef WOLFSSL_RSA_H_
#define WOLFSSL_RSA_H_
#include <wolfssl/openssl/bn.h>
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
#if defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2))
/*
choice of padding added after fips, so not available when using fips RSA
*/
/* Padding types */
#define RSA_PKCS1_PADDING 0
#define RSA_PKCS1_OAEP_PADDING 1
#else
#define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD
#define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD
#endif /* HAVE_FIPS */
#endif
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_RSA WOLFSSL_RSA;
#define WOLFSSL_RSA_TYPE_DEFINED
#endif
typedef WOLFSSL_RSA RSA;
struct WOLFSSL_RSA {
#ifdef WC_RSA_BLINDING
WC_RNG* rng; /* for PrivateDecrypt blinding */
#endif
WOLFSSL_BIGNUM* n;
WOLFSSL_BIGNUM* e;
WOLFSSL_BIGNUM* d;
WOLFSSL_BIGNUM* p;
WOLFSSL_BIGNUM* q;
WOLFSSL_BIGNUM* dmp1; /* dP */
WOLFSSL_BIGNUM* dmq1; /* dQ */
WOLFSSL_BIGNUM* iqmp; /* u */
void* heap;
void* internal; /* our RSA */
char inSet; /* internal set from external ? */
char exSet; /* external set from internal ? */
char ownRng; /* flag for if the rng should be free'd */
};
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
void* cb);
WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
unsigned char* to, WOLFSSL_RSA*, int padding);
WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
unsigned char* to, WOLFSSL_RSA*, int padding);
WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
unsigned char* out, WOLFSSL_RSA* rsa, int padding);
WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*, int);
WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
unsigned int mLen, const unsigned char* sig,
unsigned int sigLen, WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, WOLFSSL_RSA*, int padding);
WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
#define WOLFSSL_RSA_LOAD_PRIVATE 1
#define WOLFSSL_RSA_LOAD_PUBLIC 2
#define RSA_new wolfSSL_RSA_new
#define RSA_free wolfSSL_RSA_free
#define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
#define RSA_blinding_on wolfSSL_RSA_blinding_on
#define RSA_public_encrypt wolfSSL_RSA_public_encrypt
#define RSA_private_decrypt wolfSSL_RSA_private_decrypt
#define RSA_private_encrypt wolfSSL_RSA_private_encrypt
#define RSA_size wolfSSL_RSA_size
#define RSA_sign wolfSSL_RSA_sign
#define RSA_verify wolfSSL_RSA_verify
#define RSA_public_decrypt wolfSSL_RSA_public_decrypt
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* header */

179
components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h Normal file
View File

@ -0,0 +1,179 @@
/* sha.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* sha.h for openssl */
#ifndef WOLFSSL_SHA_H_
#define WOLFSSL_SHA_H_
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#ifdef WOLFSSL_PREFIX
#include "prefix_sha.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL_SHA_CTX {
/* big enough to hold wolfcrypt Sha, but check on init */
void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
} WOLFSSL_SHA_CTX;
WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
/* SHA1 points to above, shouldn't use SHA0 ever */
WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
enum {
SHA_DIGEST_LENGTH = 20
};
typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA_Init wolfSSL_SHA_Init
#define SHA_Update wolfSSL_SHA_Update
#define SHA_Final wolfSSL_SHA_Final
#define SHA1_Init wolfSSL_SHA1_Init
#define SHA1_Update wolfSSL_SHA1_Update
#define SHA1_Final wolfSSL_SHA1_Final
#ifdef WOLFSSL_SHA224
/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
* struct are 16 byte aligned. Any derefrence to those elements after casting to
* Sha224, is expected to also be 16 byte aligned addresses. */
typedef struct WOLFSSL_SHA224_CTX {
/* big enough to hold wolfcrypt Sha224, but check on init */
ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
} WOLFSSL_SHA224_CTX;
WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*);
WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*,
unsigned long);
WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*);
enum {
SHA224_DIGEST_LENGTH = 28
};
typedef WOLFSSL_SHA224_CTX SHA224_CTX;
#define SHA224_Init wolfSSL_SHA224_Init
#define SHA224_Update wolfSSL_SHA224_Update
#define SHA224_Final wolfSSL_SHA224_Final
#endif /* WOLFSSL_SHA224 */
/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
* struct are 16 byte aligned. Any derefrence to those elements after casting to
* Sha256, is expected to also be 16 byte aligned addresses. */
typedef struct WOLFSSL_SHA256_CTX {
/* big enough to hold wolfcrypt Sha256, but check on init */
ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
} WOLFSSL_SHA256_CTX;
WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
unsigned long);
WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
enum {
SHA256_DIGEST_LENGTH = 32
};
typedef WOLFSSL_SHA256_CTX SHA256_CTX;
#define SHA256_Init wolfSSL_SHA256_Init
#define SHA256_Update wolfSSL_SHA256_Update
#define SHA256_Final wolfSSL_SHA256_Final
#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
#define SHA256 wolfSSL_SHA256
#endif
#ifdef WOLFSSL_SHA384
typedef struct WOLFSSL_SHA384_CTX {
/* big enough to hold wolfCrypt Sha384, but check on init */
void* holder[(256 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
} WOLFSSL_SHA384_CTX;
WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
unsigned long);
WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
enum {
SHA384_DIGEST_LENGTH = 48
};
typedef WOLFSSL_SHA384_CTX SHA384_CTX;
#define SHA384_Init wolfSSL_SHA384_Init
#define SHA384_Update wolfSSL_SHA384_Update
#define SHA384_Final wolfSSL_SHA384_Final
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
typedef struct WOLFSSL_SHA512_CTX {
/* big enough to hold wolfCrypt Sha384, but check on init */
void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
} WOLFSSL_SHA512_CTX;
WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
unsigned long);
WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
enum {
SHA512_DIGEST_LENGTH = 64
};
typedef WOLFSSL_SHA512_CTX SHA512_CTX;
#define SHA512_Init wolfSSL_SHA512_Init
#define SHA512_Update wolfSSL_SHA512_Update
#define SHA512_Final wolfSSL_SHA512_Final
#endif /* WOLFSSL_SHA512 */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_SHA_H_ */

903
components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h Normal file
View File

@ -0,0 +1,903 @@
/* ssl.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* ssl.h defines wolfssl_openssl compatibility layer
*
*/
#ifndef WOLFSSL_OPENSSL_H_
#define WOLFSSL_OPENSSL_H_
/* wolfssl_openssl compatibility layer */
#ifndef OPENSSL_EXTRA_SSL_GUARD
#define OPENSSL_EXTRA_SSL_GUARD
#include <wolfssl/ssl.h>
#endif /* OPENSSL_EXTRA_SSL_GUARD */
#include <wolfssl/openssl/evp.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#endif
#ifdef WOLFSSL_UTASKER
/* tcpip.h clashes */
#undef ASN1_INTEGER
#endif
typedef WOLFSSL SSL;
typedef WOLFSSL_SESSION SSL_SESSION;
typedef WOLFSSL_METHOD SSL_METHOD;
typedef WOLFSSL_CTX SSL_CTX;
typedef WOLFSSL_X509 X509;
typedef WOLFSSL_X509 X509_REQ;
typedef WOLFSSL_X509_NAME X509_NAME;
typedef WOLFSSL_X509_CHAIN X509_CHAIN;
/* redeclare guard */
#define WOLFSSL_TYPES_DEFINED
typedef WOLFSSL_EVP_PKEY EVP_PKEY;
typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO;
typedef WOLFSSL_BIO BIO;
typedef WOLFSSL_BIO_METHOD BIO_METHOD;
typedef WOLFSSL_CIPHER SSL_CIPHER;
typedef WOLFSSL_X509_LOOKUP X509_LOOKUP;
typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
typedef WOLFSSL_X509_CRL X509_CRL;
typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
typedef WOLFSSL_ASN1_TIME ASN1_TIME;
typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
/* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as
* compatibility layer expands. For now treating them as an ASN1_OBJECT */
typedef WOLFSSL_ASN1_OBJECT GENERAL_NAME;
typedef WOLFSSL_ASN1_OBJECT BASIC_CONSTRAINTS;
#define ASN1_UTCTIME WOLFSSL_ASN1_TIME
#define ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
typedef WOLFSSL_COMP_METHOD COMP_METHOD;
typedef WOLFSSL_X509_REVOKED X509_REVOKED;
typedef WOLFSSL_X509_OBJECT X509_OBJECT;
typedef WOLFSSL_X509_STORE X509_STORE;
typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define CRYPTO_free XFREE
#define CRYPTO_malloc XMALLOC
#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new
#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup
#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free
#define STACK_OF(x) WOLFSSL_STACK
/* this function was used to set the default malloc, free, and realloc */
#define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */
#define SSL_get_client_random(ssl,out,outSz) \
wolfSSL_get_client_random((ssl),(out),(outSz))
#define SSL_get_cipher_list(ctx,i) wolfSSL_get_cipher_list_ex((ctx),(i))
#define SSL_get_cipher_name(ctx) wolfSSL_get_cipher((ctx))
#define SSL_get_shared_ciphers(ctx,buf,len) \
wolfSSL_get_shared_ciphers((ctx),(buf),(len))
#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file))
/* at the moment only returns ok */
#define SSL_get_verify_result wolfSSL_get_verify_result
#define SSL_get_verify_mode wolfSSL_SSL_get_mode
#define SSL_get_verify_depth wolfSSL_get_verify_depth
#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth
#define SSL_get_certificate wolfSSL_get_certificate
#define SSL_use_certificate wolfSSL_use_certificate
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio
#define d2i_PrivateKey wolfSSL_d2i_PrivateKey
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
#define SSL_get_privatekey wolfSSL_get_privatekey
#define SSLv23_method wolfSSLv23_method
#define SSLv3_server_method wolfSSLv3_server_method
#define SSLv3_client_method wolfSSLv3_client_method
#define TLSv1_method wolfTLSv1_method
#define TLSv1_server_method wolfTLSv1_server_method
#define TLSv1_client_method wolfTLSv1_client_method
#define TLSv1_1_server_method wolfTLSv1_1_server_method
#define TLSv1_1_client_method wolfTLSv1_1_client_method
#define TLSv1_2_server_method wolfTLSv1_2_server_method
#define TLSv1_2_client_method wolfTLSv1_2_client_method
#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1
#ifdef WOLFSSL_DTLS
#define DTLSv1_client_method wolfDTLSv1_client_method
#define DTLSv1_server_method wolfDTLSv1_server_method
#define DTLSv1_2_client_method wolfDTLSv1_2_client_method
#define DTLSv1_2_server_method wolfDTLSv1_2_server_method
#endif
#ifndef NO_FILESYSTEM
#define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
#define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file
#define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations
#define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
#define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file
#define SSL_use_certificate_file wolfSSL_use_certificate_file
#define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file
#define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
#define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file
#endif
#define SSL_CTX_new wolfSSL_CTX_new
#define SSL_new wolfSSL_new
#define SSL_set_fd wolfSSL_set_fd
#define SSL_get_fd wolfSSL_get_fd
#define SSL_connect wolfSSL_connect
#define SSL_clear wolfSSL_clear
#define SSL_state wolfSSL_state
#define SSL_write wolfSSL_write
#define SSL_read wolfSSL_read
#define SSL_peek wolfSSL_peek
#define SSL_accept wolfSSL_accept
#define SSL_CTX_free wolfSSL_CTX_free
#define SSL_free wolfSSL_free
#define SSL_shutdown wolfSSL_shutdown
#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown
#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown
#define SSL_get_error wolfSSL_get_error
#define SSL_set_session wolfSSL_set_session
#define SSL_get_session wolfSSL_get_session
#define SSL_flush_sessions wolfSSL_flush_sessions
/* assume unlimited temporarily */
#define SSL_CTX_get_session_cache_mode(ctx) 0
#define SSL_CTX_set_verify wolfSSL_CTX_set_verify
#define SSL_set_verify wolfSSL_set_verify
#define SSL_pending wolfSSL_pending
#define SSL_load_error_strings wolfSSL_load_error_strings
#define SSL_library_init wolfSSL_library_init
#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
#define SSL_set_cipher_list wolfSSL_set_cipher_list
#define ERR_error_string wolfSSL_ERR_error_string
#define ERR_error_string_n wolfSSL_ERR_error_string_n
#define ERR_reason_error_string wolfSSL_ERR_reason_error_string
#define SSL_set_ex_data wolfSSL_set_ex_data
#define SSL_get_shutdown wolfSSL_get_shutdown
#define SSL_set_rfd wolfSSL_set_rfd
#define SSL_set_wfd wolfSSL_set_wfd
#define SSL_set_shutdown wolfSSL_set_shutdown
#define SSL_set_session_id_context wolfSSL_set_session_id_context
#define SSL_set_connect_state wolfSSL_set_connect_state
#define SSL_set_accept_state wolfSSL_set_accept_state
#define SSL_session_reused wolfSSL_session_reused
#define SSL_SESSION_free wolfSSL_SESSION_free
#define SSL_is_init_finished wolfSSL_is_init_finished
#define SSL_get_version wolfSSL_get_version
#define SSL_get_current_cipher wolfSSL_get_current_cipher
/* use wolfSSL_get_cipher_name for its return format */
#define SSL_get_cipher wolfSSL_get_cipher_name
#define SSL_CIPHER_description wolfSSL_CIPHER_description
#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name
#define SSL_get1_session wolfSSL_get1_session
#define SSL_get_keyblock_size wolfSSL_get_keyblock_size
#define SSL_get_keys wolfSSL_get_keys
#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key
#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
#define DSA_dup_DH wolfSSL_DSA_dup_DH
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509_digest wolfSSL_X509_digest
#define X509_free wolfSSL_X509_free
#define X509_new wolfSSL_X509_new
#define OPENSSL_free wolfSSL_OPENSSL_free
#define OPENSSL_malloc wolfSSL_OPENSSL_malloc
#define OCSP_parse_url wolfSSL_OCSP_parse_url
#define SSLv23_client_method wolfSSLv23_client_method
#define SSLv2_client_method wolfSSLv2_client_method
#define SSLv2_server_method wolfSSLv2_server_method
#define MD4_Init wolfSSL_MD4_Init
#define MD4_Update wolfSSL_MD4_Update
#define MD4_Final wolfSSL_MD4_Final
#define BIO_new wolfSSL_BIO_new
#define BIO_free wolfSSL_BIO_free
#define BIO_free_all wolfSSL_BIO_free_all
#define BIO_nread0 wolfSSL_BIO_nread0
#define BIO_nread wolfSSL_BIO_nread
#define BIO_read wolfSSL_BIO_read
#define BIO_nwrite0 wolfSSL_BIO_nwrite0
#define BIO_nwrite wolfSSL_BIO_nwrite
#define BIO_write wolfSSL_BIO_write
#define BIO_push wolfSSL_BIO_push
#define BIO_pop wolfSSL_BIO_pop
#define BIO_flush wolfSSL_BIO_flush
#define BIO_pending wolfSSL_BIO_pending
#define BIO_get_mem_data wolfSSL_BIO_get_mem_data
#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf
#define BIO_f_buffer wolfSSL_BIO_f_buffer
#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
#define BIO_f_ssl wolfSSL_BIO_f_ssl
#define BIO_new_socket wolfSSL_BIO_new_socket
#define SSL_set_bio wolfSSL_set_bio
#define BIO_eof wolfSSL_BIO_eof
#define BIO_set_ss wolfSSL_BIO_set_ss
#define BIO_s_mem wolfSSL_BIO_s_mem
#define BIO_f_base64 wolfSSL_BIO_f_base64
#define BIO_set_flags wolfSSL_BIO_set_flags
#define OpenSSL_add_all_digests() wolfCrypt_Init()
#define OpenSSL_add_all_ciphers() wolfCrypt_Init()
#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms
#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms
#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms
#define RAND_screen wolfSSL_RAND_screen
#define RAND_file_name wolfSSL_RAND_file_name
#define RAND_write_file wolfSSL_RAND_write_file
#define RAND_load_file wolfSSL_RAND_load_file
#define RAND_egd wolfSSL_RAND_egd
#define RAND_seed wolfSSL_RAND_seed
#define RAND_cleanup wolfSSL_RAND_Cleanup
#define RAND_add wolfSSL_RAND_add
#define COMP_zlib wolfSSL_COMP_zlib
#define COMP_rle wolfSSL_COMP_rle
#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
#define SSL_get_ex_new_index wolfSSL_get_ex_new_index
/* depreciated */
#define CRYPTO_thread_id wolfSSL_thread_id
#define CRYPTO_set_id_callback wolfSSL_set_id_callback
#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback
#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback
#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback
#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback
#define CRYPTO_num_locks wolfSSL_num_locks
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
#define CRYPTO_READ 4
#define CRYPTO_WRITE 8
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
#define X509_print wolfSSL_X509_print
#define X509_NAME_cmp wolfSSL_X509_NAME_cmp
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free
#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID
#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry
#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
#define X509_verify_cert wolfSSL_X509_verify_cert
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
#define X509_STORE_new wolfSSL_X509_STORE_new
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_CRL_verify wolfSSL_X509_CRL_verify
#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define EVP_PKEY_new wolfSSL_PKEY_new
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
#define d2i_PUBKEY wolfSSL_d2i_PUBKEY
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert))
#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert))
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list
#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store
#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store
#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
#define SSL_get_ex_data wolfSSL_get_ex_data
#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos
#define ERR_peek_error wolfSSL_ERR_peek_error
#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line
#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp
#define ERR_GET_REASON wolfSSL_ERR_GET_REASON
#define SSL_alert_type_string wolfSSL_alert_type_string
#define SSL_alert_desc_string wolfSSL_alert_desc_string
#define SSL_state_string wolfSSL_state_string
#define RSA_free wolfSSL_RSA_free
#define RSA_generate_key wolfSSL_RSA_generate_key
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
#define PEM_def_callback wolfSSL_PEM_def_callback
#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept
#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect
#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good
#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good
#define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate
#define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate
#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits
#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits
#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full
#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses
#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts
#define SSL_CTX_sess_number wolfSSL_CTX_sess_number
#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size
#define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST
#define RSA_F4 WOLFSSL_RSA_F4
#define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback
#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback
#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint
#define SSL_get_psk_identity wolfSSL_get_psk_identity
#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint
#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint
#define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback
/* system file ints for ERR_put_error */
#define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT
#define SYS_F_BIND WOLFSSL_SYS_BIND
#define SYS_F_CONNECT WOLFSSL_SYS_CONNECT
#define SYS_F_FOPEN WOLFSSL_SYS_FOPEN
#define SYS_F_FREAD WOLFSSL_SYS_FREAD
#define SYS_F_GETADDRINFO WOLFSSL_SYS_GETADDRINFO
#define SYS_F_GETSOCKOPT WOLFSSL_SYS_GETSOCKOPT
#define SYS_F_GETSOCKNAME WOLFSSL_SYS_GETSOCKNAME
#define SYS_F_OPENDIR WOLFSSL_SYS_OPENDIR
#define SYS_F_SETSOCKOPT WOLFSSL_SYS_SETSOCKOPT
#define SYS_F_SOCKET WOLFSSL_SYS_SOCKET
#define SYS_F_GETHOSTBYNAME WOLFSSL_SYS_GETHOSTBYNAME
#define SYS_F_GETNAMEINFO WOLFSSL_SYS_GETNAMEINFO
#define SYS_F_GETSERVBYNAME WOLFSSL_SYS_GETSERVBYNAME
#define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET
#define SYS_F_LISTEN WOLFSSL_SYS_LISTEN
#define ERR_put_error wolfSSL_ERR_put_error
#define ERR_get_error_line wolfSSL_ERR_get_error_line
#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data
#define ERR_get_error wolfSSL_ERR_get_error
#define ERR_clear_error wolfSSL_ERR_clear_error
#define RAND_status wolfSSL_RAND_status
#define RAND_bytes wolfSSL_RAND_bytes
#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes
#define SSLv23_server_method wolfSSLv23_server_method
#define SSL_CTX_set_options wolfSSL_CTX_set_options
#define SSL_CTX_get_options wolfSSL_CTX_get_options
#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key
#define SSL_check_private_key wolfSSL_check_private_key
#define ERR_free_strings wolfSSL_ERR_free_strings
#define ERR_remove_state wolfSSL_ERR_remove_state
#define EVP_cleanup wolfSSL_EVP_cleanup
#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
#define SSL_CTX_set_mode wolfSSL_CTX_set_mode
#define SSL_CTX_get_mode wolfSSL_CTX_get_mode
#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead
#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size
#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
#define SSL_get_peer_certificate wolfSSL_get_peer_certificate
#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
#define SSL_want_read wolfSSL_want_read
#define SSL_want_write wolfSSL_want_write
#define BIO_prf wolfSSL_BIO_prf
#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
#define sk_num wolfSSL_sk_num
#define sk_value wolfSSL_sk_value
#define sk_X509_pop wolfSSL_sk_X509_pop
#define sk_X509_free wolfSSL_sk_X509_free
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define i2d_X509 wolfSSL_i2d_X509
#define d2i_X509 wolfSSL_d2i_X509
#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data
#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb
#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb
#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
#define SSL_SESSION_get_time wolfSSL_SESSION_get_time
#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
/*#if OPENSSL_API_COMPAT < 0x10100000L*/
#define CONF_modules_free()
#define ENGINE_cleanup()
#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup
#define SSL_CTX_need_tmp_RSA(ctx) 0
#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
#define SSL_need_tmp_RSA(ssl) 0
#define SSL_set_tmp_rsa(ssl,rsa) 1
/*#endif*/
#define CONF_modules_unload(a)
#define SSL_get_hit wolfSSL_session_reused
/* yassl had set the default to be 500 */
#define SSL_get_default_timeout(ctx) 500
#define X509_NAME_free wolfSSL_X509_NAME_free
#define X509_NAME_new wolfSSL_X509_NAME_new
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
#define BIO_read_filename wolfSSL_BIO_read_filename
#define BIO_s_file wolfSSL_BIO_s_file
#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
#define SSL_set_verify_depth wolfSSL_set_verify_depth
#define SSL_get_app_data wolfSSL_get_app_data
#define SSL_set_app_data wolfSSL_set_app_data
#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data
#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
#define SHA1 wolfSSL_SHA1
#define X509_check_private_key wolfSSL_X509_check_private_key
#define SSL_dup_CA_list wolfSSL_dup_CA_list
/* NIDs */
enum {
NID_des = 66,
NID_des3 = 67,
NID_sha256 = 672,
NID_sha384 = 673,
NID_sha512 = 674,
NID_hw_name_oid = 73,
NID_id_pkix_OCSP_basic = 74,
NID_any_policy = 75,
NID_anyExtendedKeyUsage = 76,
};
enum {
GEN_DNS = 0x02, /* ASN_DNS_TYPE */
GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
GEN_URI = 0x06 /* ASN_URI_TYPE */
};
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
#ifdef WOLFSSL_HAPROXY
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x)
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* WOLFSSL_HAPROXY */
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
#define BIO_new_file wolfSSL_BIO_new_file
#define BIO_ctrl wolfSSL_BIO_ctrl
#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending
#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr
#define BIO_int_ctrl wolfSSL_BIO_int_ctrl
#define BIO_reset wolfSSL_BIO_reset
#define BIO_s_file wolfSSL_BIO_s_file
#define BIO_s_bio wolfSSL_BIO_s_bio
#define BIO_s_socket wolfSSL_BIO_s_socket
#define BIO_set_fd wolfSSL_BIO_set_fd
#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request
#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size
#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair
#define BIO_set_fp wolfSSL_BIO_set_fp
#define BIO_get_fp wolfSSL_BIO_get_fp
#define BIO_seek wolfSSL_BIO_seek
#define BIO_write_filename wolfSSL_BIO_write_filename
#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return
#define TLSEXT_STATUSTYPE_ocsp 1
#define SSL_set_options wolfSSL_set_options
#define SSL_get_options wolfSSL_get_options
#define SSL_clear_options wolfSSL_clear_options
#define SSL_set_tmp_dh wolfSSL_set_tmp_dh
#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations
#define SSL_total_renegotiations wolfSSL_total_renegotiations
#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts
#define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids
#define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids
#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp
#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp
#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert
#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead
#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead
#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg
#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \
wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg
#define SSL_get_server_random wolfSSL_get_server_random
#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts
#define BIO_C_SET_FILE_PTR 106
#define BIO_C_GET_FILE_PTR 107
#define BIO_C_SET_FILENAME 108
#define BIO_C_FILE_SEEK 128
#define BIO_C_SET_BUF_MEM_EOF_RETURN 130
#define BIO_C_SET_WRITE_BUF_SIZE 136
#define BIO_C_MAKE_BIO_PAIR 138
#define BIO_CTRL_RESET 1
#define BIO_CTRL_INFO 3
#define BIO_CTRL_FLUSH 11
#define BIO_CLOSE 0x01
#define BIO_FP_WRITE 0x04
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
#define SSL_CTRL_SET_TMP_DH 3
#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
#define SSL_CTRL_SET_TMP_DH 3
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
#define SSL_CTRL_GET_READ_AHEAD 40
#define SSL_CTRL_SET_READ_AHEAD 41
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_ctrl wolfSSL_ctrl
#define SSL_CTX_ctrl wolfSSL_CTX_ctrl
#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK
#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA)
#include <wolfssl/openssl/asn1.h>
#define SSL2_VERSION 0x0002
#define SSL3_VERSION 0x0300
#define TLS1_VERSION 0x0301
#define DTLS1_VERSION 0xFEFF
#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000)
#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000)
#define ASN1_STRFLGS_ESC_MSB 4
#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH
#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long
#define SSL_alert_type_string_long wolfSSL_alert_type_string_long
#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits
#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num
#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num
#define sk_X509_num wolfSSL_sk_X509_num
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define SSL_CTX_get_options wolfSSL_CTX_get_options
#define SSL_CTX_flush_sessions wolfSSL_flush_sessions
#define SSL_CTX_add_session wolfSSL_CTX_add_session
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_version wolfSSL_version
#define SSL_get_state wolfSSL_get_state
#define SSL_state_string_long wolfSSL_state_string_long
#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
#define sk_X509_value wolfSSL_sk_X509_value
#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value
#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data
#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define CRYPTO_dynlock_value WOLFSSL_dynlock_value
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free
#define GENERAL_NAME_free NULL
#define SSL3_AL_FATAL 2
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
#define SSL_TLSEXT_ERR_NOACK alert_warning
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
#define SSL_get_servername wolfSSL_get_servername
#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX
#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback
#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback
#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg
#define PSK_MAX_PSK_LEN 256
#define PSK_MAX_IDENTITY_LEN 128
#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state
#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb
#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
/* certificate extension NIDs */
#define NID_basic_constraints 133
#define NID_key_usage 129 /* 2.5.29.15 */
#define NID_ext_key_usage 151 /* 2.5.29.37 */
#define NID_subject_key_identifier 128
#define NID_authority_key_identifier 149
#define NID_private_key_usage_period 130 /* 2.5.29.16 */
#define NID_subject_alt_name 131
#define NID_issuer_alt_name 132
#define NID_info_access 69
#define NID_sinfo_access 79 /* id-pe 11 */
#define NID_name_constraints 144 /* 2.5.29.30 */
#define NID_certificate_policies 146
#define NID_policy_mappings 147
#define NID_policy_constraints 150
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
#define NID_tlsfeature 92 /* id-pe 24 */
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
#define NID_domainComponent 0x19
/* matchs ASN_DOMAIN_COMPONENT in asn.h */
/* matchs ASN_..._NAME in asn.h */
#define NID_surname 0x04, /* SN */
#define NID_serialNumber 0x05, /* serialNumber */
#define NID_countryName 0x06, /* C */
#define NID_localityName 0x07, /* L */
#define NID_stateOrProvinceName 0x08, /* ST */
#define NID_organizationName 0x0a, /* O */
#define NID_organizationalUnitName 0x0b, /* OU */
#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
#define SSL_set_msg_callback wolfSSL_set_msg_callback
#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg
#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg
/* Nginx uses this to determine if reached end of certs in file.
* PEM_read_bio_X509 is called and the return error is lost.
* The error that needs to be detected is: SSL_NO_PEM_HEADER.
*/
#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL)
#define PEM_R_NO_START_LINE 108
#define ERR_LIB_PEM 9
#define ERR_LIB_X509 10
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE)
#include <wolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
#define OPENSSL_NPN_UNSUPPORTED 0
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
/* Nginx checks these to see if the error was a handshake error. */
#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E
#define SSL_R_DIGEST_CHECK_FAILED VERIFY_MAC_ERROR
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST SUITES_ERROR
#define SSL_R_EXCESSIVE_MESSAGE_SIZE BUFFER_ERROR
#define SSL_R_LENGTH_MISMATCH LENGTH_ERROR
#define SSL_R_NO_CIPHERS_SPECIFIED SUITES_ERROR
#define SSL_R_NO_COMPRESSION_SPECIFIED COMPRESSION_ERROR
#define SSL_R_NO_SHARED_CIPHER MATCH_SUITE_ERROR
#define SSL_R_RECORD_LENGTH_MISMATCH HANDSHAKE_SIZE_ERROR
#define SSL_R_UNEXPECTED_MESSAGE OUT_OF_ORDER_E
#define SSL_R_UNEXPECTED_RECORD SANITY_MSG_E
#define SSL_R_UNKNOWN_ALERT_TYPE BUFFER_ERROR
#define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR
#define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR
#ifdef HAVE_SESSION_TICKET
#define SSL_OP_NO_TICKET SSL_OP_NO_TICKET
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
#endif
#define OPENSSL_config wolfSSL_OPENSSL_config
#define OPENSSL_memdup wolfSSL_OPENSSL_memdup
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
#define X509_get_ex_data wolfSSL_X509_get_ex_data
#define X509_set_ex_data wolfSSL_X509_set_ex_data
#define X509_NAME_digest wolfSSL_X509_NAME_digest
#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout
#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh
#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#define SSL_in_init wolfSSL_SSL_in_init
#define SSL_get0_session wolfSSL_SSL_get0_session
#define X509_check_host wolfSSL_X509_check_host
#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER
#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data
#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings
#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
#define X509_email_free wolfSSL_X509_email_free
#define X509_get1_ocsp wolfSSL_X509_get1_ocsp
#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs
#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
#define SSL_select_next_proto wolfSSL_select_next_proto
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb
#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated
#define SSL_is_server wolfSSL_is_server
#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* wolfSSL_openssl_h__ */

0
components/ssl/wolfssl/include/wolfssl/ssl.h → components/ssl/wolfssl/wolfssl/wolfssl/ssl.h
View File

0
components/ssl/wolfssl/include/wolfssl/version.h → components/ssl/wolfssl/wolfssl/wolfssl/version.h
View File

450
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h Normal file
View File

@ -0,0 +1,450 @@
/* aes.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_AES_H
#define WOLF_CRYPT_AES_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_AES
/* included for fips @wc_fips */
#ifdef HAVE_FIPS
#include <cyassl/ctaocrypt/aes.h>
#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
#define WOLFSSL_AES_COUNTER
#endif
#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT)
#define WOLFSSL_AES_DIRECT
#endif
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
#ifdef WOLFSSL_AESNI
#include <wmmintrin.h>
#include <emmintrin.h>
#include <smmintrin.h>
#endif /* WOLFSSL_AESNI */
#ifdef WOLFSSL_XILINX_CRYPT
#include "xsecure_aes.h"
#endif
#endif /* HAVE_FIPS */
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of structures */
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
AES_ENC_TYPE = 1, /* cipher unique type */
AES_ENCRYPTION = 0,
AES_DECRYPTION = 1,
KEYWRAP_BLOCK_SIZE = 8,
AES_BLOCK_SIZE = 16
};
typedef struct Aes {
/* AESNI needs key first, rounds 2nd, not sure why yet */
ALIGN16 word32 key[60];
word32 rounds;
int keylen;
ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */
#ifdef HAVE_AESGCM
ALIGN16 byte H[AES_BLOCK_SIZE];
#ifdef GCM_TABLE
/* key-based fast multiplication table. */
ALIGN16 byte M0[256][AES_BLOCK_SIZE];
#endif /* GCM_TABLE */
#endif /* HAVE_AESGCM */
#ifdef WOLFSSL_AESNI
byte use_aesni;
#endif /* WOLFSSL_AESNI */
#ifdef WOLFSSL_ASYNC_CRYPT
word32 asyncKey[AES_MAX_KEY_SIZE/8/sizeof(word32)]; /* raw key */
word32 asyncIv[AES_BLOCK_SIZE/sizeof(word32)]; /* raw IV */
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
word32 left; /* unused bytes left from last call */
#endif
#ifdef WOLFSSL_XILINX_CRYPT
XSecure_Aes xilAes;
XCsuDma dma;
word32 key_init[8];
word32 kup;
#endif
void* heap; /* memory hint to use */
} Aes;
#ifdef WOLFSSL_AES_XTS
typedef struct XtsAes {
Aes aes;
Aes tweak;
} XtsAes;
#endif
#ifdef HAVE_AESGCM
typedef struct Gmac {
Aes aes;
} Gmac;
#endif /* HAVE_AESGCM */
#endif /* HAVE_FIPS */
/* Authenticate cipher function prototypes */
typedef int (*wc_AesAuthEncryptFunc)(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
/* AES-CBC */
WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#ifdef WOLFSSL_AES_CFB
WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#ifdef HAVE_AES_DECRYPT
WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_CFB */
#ifdef HAVE_AES_ECB
WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#endif
/* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER
WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#endif
/* AES-DIRECT */
#if defined(WOLFSSL_AES_DIRECT)
WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#endif
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_XILINX_CRYPT
WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
word32 kup);
#endif
WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz);
WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
word32 cSz, byte* s, word32 sSz);
#endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM
WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out,
const byte* in, word32 inSz,
const byte* nonce, word32 nonceSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out,
const byte* in, word32 inSz,
const byte* nonce, word32 nonceSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#endif /* HAVE_AESCCM */
#ifdef HAVE_AES_KEYWRAP
WOLFSSL_API int wc_AesKeyWrap(const byte* key, word32 keySz,
const byte* in, word32 inSz,
byte* out, word32 outSz,
const byte* iv);
WOLFSSL_API int wc_AesKeyUnWrap(const byte* key, word32 keySz,
const byte* in, word32 inSz,
byte* out, word32 outSz,
const byte* iv);
#endif /* HAVE_AES_KEYWRAP */
#ifdef WOLFSSL_AES_XTS
/*!
\ingroup AES
\brief This is to help with setting keys to correct encrypt or decrypt type.
\note Is up to user to call wc_AesXtsFree on aes key when done.
\return 0 Success
\param aes AES keys for encrypt/decrypt process
\param key buffer holding aes key | tweak key
\param len length of key buffer in bytes. Should be twice that of key size.
i.e. 32 for a 16 byte key.
\param dir direction, either AES_ENCRYPTION or AES_DECRYPTION
\param heap heap hint to use for memory. Can be NULL
\param devId id to use with async crypto. Can be 0
_Example_
\code
XtsAes aes;
if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsEncrypt
\sa wc_AesXtsDecrypt
\sa wc_AesXtsFree
*/
WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
word32 len, int dir, void* heap, int devId);
/*!
\ingroup AES
\brief Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak
value instead of a byte array. This just converts the word64 to a
byte array and calls wc_AesXtsEncrypt.
\return 0 Success
\param aes AES keys to use for block encrypt/decrypt
\param out output buffer to hold cipher text
\param in input plain text buffer to encrypt
\param sz size of both out and in buffers
\param sector value to use for tweak
_Example_
\code
XtsAes aes;
unsigned char plain[SIZE];
unsigned char cipher[SIZE];
word64 s = VALUE;
//set up keys with AES_ENCRYPTION as dir
if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsEncrypt
\sa wc_AesXtsDecrypt
\sa wc_AesXtsSetKey
\sa wc_AesXtsFree
*/
WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
const byte* in, word32 sz, word64 sector);
/*!
\ingroup AES
\brief Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak
value instead of a byte array. This just converts the word64 to a
byte array.
\return 0 Success
\param aes AES keys to use for block encrypt/decrypt
\param out output buffer to hold plain text
\param in input cipher text buffer to decrypt
\param sz size of both out and in buffers
\param sector value to use for tweak
_Example_
\code
XtsAes aes;
unsigned char plain[SIZE];
unsigned char cipher[SIZE];
word64 s = VALUE;
//set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION
if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsEncrypt
\sa wc_AesXtsDecrypt
\sa wc_AesXtsSetKey
\sa wc_AesXtsFree
*/
WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
const byte* in, word32 sz, word64 sector);
/*!
\ingroup AES
\brief AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text
Stealing.
\return 0 Success
\param aes AES keys to use for block encrypt/decrypt
\param out output buffer to hold cipher text
\param in input plain text buffer to encrypt
\param sz size of both out and in buffers
\param i value to use for tweak
\param iSz size of i buffer, should always be AES_BLOCK_SIZE but having
this input adds a sanity check on how the user calls the
function.
_Example_
\code
XtsAes aes;
unsigned char plain[SIZE];
unsigned char cipher[SIZE];
unsigned char i[AES_BLOCK_SIZE];
//set up key with AES_ENCRYPTION as dir
if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsDecrypt
\sa wc_AesXtsSetKey
\sa wc_AesXtsFree
*/
WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
const byte* in, word32 sz, const byte* i, word32 iSz);
/*!
\ingroup AES
\brief Same process as encryption but Aes key is AES_DECRYPTION type.
\return 0 Success
\param aes AES keys to use for block encrypt/decrypt
\param out output buffer to hold plain text
\param in input cipher text buffer to decrypt
\param sz size of both out and in buffers
\param i value to use for tweak
\param iSz size of i buffer, should always be AES_BLOCK_SIZE but having
this input adds a sanity check on how the user calls the
function.
_Example_
\code
XtsAes aes;
unsigned char plain[SIZE];
unsigned char cipher[SIZE];
unsigned char i[AES_BLOCK_SIZE];
//set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION
if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsEncrypt
\sa wc_AesXtsSetKey
\sa wc_AesXtsFree
*/
WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
const byte* in, word32 sz, const byte* i, word32 iSz);
/*!
\ingroup AES
\brief This is to free up any resources used by the XtsAes structure
\return 0 Success
\param aes AES keys to free
_Example_
\code
XtsAes aes;
if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
{
// Handle error
}
wc_AesXtsFree(&aes);
\endcode
\sa wc_AesXtsEncrypt
\sa wc_AesXtsDecrypt
\sa wc_AesXtsSetKey
*/
WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
#endif
WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize);
WOLFSSL_API int wc_AesInit(Aes*, void*, int);
WOLFSSL_API void wc_AesFree(Aes*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_AES */
#endif /* WOLF_CRYPT_AES_H */

56
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h Normal file
View File

@ -0,0 +1,56 @@
/* arc4.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_ARC4_H
#define WOLF_CRYPT_ARC4_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
ARC4_ENC_TYPE = 4, /* cipher unique type */
ARC4_STATE_SIZE = 256
};
/* ARC4 encryption and decryption */
typedef struct Arc4 {
byte x;
byte y;
byte state[ARC4_STATE_SIZE];
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif
void* heap;
} Arc4;
WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32);
WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32);
WOLFSSL_API int wc_Arc4Init(Arc4*, void*, int);
WOLFSSL_API void wc_Arc4Free(Arc4*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_ARC4_H */

118
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h Normal file
View File

@ -0,0 +1,118 @@
/* des3.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_DES3_H
#define WOLF_CRYPT_DES3_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_DES3
#ifdef HAVE_FIPS
/* included for fips @wc_fips */
#include <cyassl/ctaocrypt/des3.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
DES_ENC_TYPE = 2, /* cipher unique type */
DES3_ENC_TYPE = 3, /* cipher unique type */
DES_BLOCK_SIZE = 8,
DES_KS_SIZE = 32,
DES_ENCRYPTION = 0,
DES_DECRYPTION = 1
};
#define DES_IVLEN 8
#define DES_KEYLEN 8
#define DES3_IVLEN 8
#define DES3_KEYLEN 24
#if defined(STM32_CRYPTO)
enum {
DES_CBC = 0,
DES_ECB = 1
};
#endif
/* DES encryption and decryption */
typedef struct Des {
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
word32 key[DES_KS_SIZE];
} Des;
/* DES3 encryption and decryption */
typedef struct Des3 {
word32 key[3][DES_KS_SIZE];
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
#ifdef WOLFSSL_ASYNC_CRYPT
const byte* key_raw;
const byte* iv_raw;
WC_ASYNC_DEV asyncDev;
#endif
void* heap;
} Des3;
#endif /* HAVE_FIPS */
WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key,
const byte* iv, int dir);
WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv);
WOLFSSL_API int wc_Des_CbcEncrypt(Des* des, byte* out,
const byte* in, word32 sz);
WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out,
const byte* in, word32 sz);
WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out,
const byte* in, word32 sz);
WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
const byte* in, word32 sz);
/* ECB decrypt same process as encrypt but with decrypt key */
#define wc_Des_EcbDecrypt wc_Des_EcbEncrypt
#define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key,
const byte* iv,int dir);
WOLFSSL_API int wc_Des3_SetIV(Des3* des, const byte* iv);
WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out,
const byte* in,word32 sz);
WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out,
const byte* in,word32 sz);
/* These are only required when using either:
static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */
WOLFSSL_API int wc_Des3Init(Des3*, void*, int);
WOLFSSL_API void wc_Des3Free(Des3*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_DES3 */
#endif /* WOLF_CRYPT_DES3_H */

603
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h Normal file
View File

@ -0,0 +1,603 @@
/* ecc.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_ECC_H
#define WOLF_CRYPT_ECC_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef HAVE_ECC
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef HAVE_X963_KDF
#include <wolfssl/wolfcrypt/hash.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#ifdef WOLFSSL_CERT_GEN
#include <wolfssl/wolfcrypt/asn.h>
#endif
#endif
#ifdef WOLFSSL_ATECC508A
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif /* WOLFSSL_ATECC508A */
#ifdef __cplusplus
extern "C" {
#endif
/* Enable curve B parameter if needed */
#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
#ifndef USE_ECC_B_PARAM /* Allow someone to force enable */
#define USE_ECC_B_PARAM
#endif
#endif
/* Use this as the key->idx if a custom ecc_set is used for key->dp */
#define ECC_CUSTOM_IDX (-1)
/* Determine max ECC bits based on enabled curves */
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#define MAX_ECC_BITS 521
#elif defined(HAVE_ECC512)
#define MAX_ECC_BITS 512
#elif defined(HAVE_ECC384)
#define MAX_ECC_BITS 384
#elif defined(HAVE_ECC320)
#define MAX_ECC_BITS 320
#elif defined(HAVE_ECC239)
#define MAX_ECC_BITS 239
#elif defined(HAVE_ECC224)
#define MAX_ECC_BITS 224
#elif !defined(NO_ECC256)
#define MAX_ECC_BITS 256
#elif defined(HAVE_ECC192)
#define MAX_ECC_BITS 192
#elif defined(HAVE_ECC160)
#define MAX_ECC_BITS 160
#elif defined(HAVE_ECC128)
#define MAX_ECC_BITS 128
#elif defined(HAVE_ECC112)
#define MAX_ECC_BITS 112
#endif
/* calculate max ECC bytes */
#if ((MAX_ECC_BITS * 2) % 8) == 0
#define MAX_ECC_BYTES (MAX_ECC_BITS / 8)
#else
/* add byte if not aligned */
#define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1)
#endif
enum {
ECC_PUBLICKEY = 1,
ECC_PRIVATEKEY = 2,
ECC_PRIVATEKEY_ONLY = 3,
ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
SIG_HEADER_SZ = 6, /* ECC signature header size */
ECC_BUFSIZE = 256, /* for exported keys temp buffer */
ECC_MINSIZE = 20, /* MIN Private Key size */
ECC_MAXSIZE = 66, /* MAX Private Key size */
ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */
ECC_MAX_OID_LEN = 16,
ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
/* max crypto hardware size */
#ifdef WOLFSSL_ATECC508A
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
#elif defined(PLUTON_CRYPTO_ECC)
ECC_MAX_CRYPTO_HW_SIZE = 32,
#endif
};
/* Curve Types */
typedef enum ecc_curve_id {
ECC_CURVE_INVALID = -1,
ECC_CURVE_DEF = 0, /* NIST or SECP */
/* NIST Prime Curves */
ECC_SECP192R1,
ECC_PRIME192V2,
ECC_PRIME192V3,
ECC_PRIME239V1,
ECC_PRIME239V2,
ECC_PRIME239V3,
ECC_SECP256R1,
/* SECP Curves */
ECC_SECP112R1,
ECC_SECP112R2,
ECC_SECP128R1,
ECC_SECP128R2,
ECC_SECP160R1,
ECC_SECP160R2,
ECC_SECP224R1,
ECC_SECP384R1,
ECC_SECP521R1,
/* Koblitz */
ECC_SECP160K1,
ECC_SECP192K1,
ECC_SECP224K1,
ECC_SECP256K1,
/* Brainpool Curves */
ECC_BRAINPOOLP160R1,
ECC_BRAINPOOLP192R1,
ECC_BRAINPOOLP224R1,
ECC_BRAINPOOLP256R1,
ECC_BRAINPOOLP320R1,
ECC_BRAINPOOLP384R1,
ECC_BRAINPOOLP512R1,
/* Twisted Edwards Curves */
#ifdef HAVE_CURVE25519
ECC_X25519,
#endif
#ifdef HAVE_X448
ECC_X448,
#endif
#ifdef WOLFSSL_CUSTOM_CURVES
ECC_CURVE_CUSTOM,
#endif
} ecc_curve_id;
#ifdef HAVE_OID_ENCODING
typedef word16 ecc_oid_t;
#else
typedef byte ecc_oid_t;
/* OID encoded with ASN scheme:
first element = (oid[0] * 40) + oid[1]
if any element > 127 then MSB 0x80 indicates additional byte */
#endif
/* ECC set type defined a GF(p) curve */
typedef struct ecc_set_type {
int size; /* The size of the curve in octets */
int id; /* id of this curve */
const char* name; /* name of this curve */
const char* prime; /* prime that defines the field, curve is in (hex) */
const char* Af; /* fields A param (hex) */
const char* Bf; /* fields B param (hex) */
const char* order; /* order of the curve (hex) */
const char* Gx; /* x coordinate of the base point on curve (hex) */
const char* Gy; /* y coordinate of the base point on curve (hex) */
const ecc_oid_t* oid;
word32 oidSz;
word32 oidSum; /* sum of encoded OID bytes */
int cofactor;
} ecc_set_type;
#ifdef ALT_ECC_SIZE
/* Note on ALT_ECC_SIZE:
* The fast math code uses an array of a fixed size to store the big integers.
* By default, the array is big enough for RSA keys. There is a size,
* FP_MAX_BITS which can be used to make the array smaller when one wants ECC
* but not RSA. Some people want fast math sized for both RSA and ECC, where
* ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
* ecc_point structure that uses an alternate fp_int that has a shorter array
* of fp_digits.
*
* Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
* mp_ints for the components of the point. With ALT_ECC_SIZE, the components
* of the point are pointers that are set to each of a three item array of
* alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
* structure, the alt_fp_int will only have 528 bits. A size value was added
* in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
* functions fp_zero() and fp_copy() use the size parameter. An int needs to
* be initialized before using it instead of just fp_zeroing it, the init will
* call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
* number of bits used in the alternate FP_INT.
*
* Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
*/
#ifndef USE_FAST_MATH
#error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
#endif
/* determine max bits required for ECC math */
#ifndef FP_MAX_BITS_ECC
/* check alignment */
#if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
/* max bits is double */
#define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2)
#else
/* max bits is doubled, plus one digit of fudge */
#define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT)
#endif
#else
/* verify alignment */
#if FP_MAX_BITS_ECC % CHAR_BIT
#error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
#endif
#endif
/* determine buffer size */
#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT)
/* This needs to match the size of the fp_int struct, except the
* fp_digit array will be shorter. */
typedef struct alt_fp_int {
int used, sign, size;
fp_digit dp[FP_SIZE_ECC];
} alt_fp_int;
#endif /* ALT_ECC_SIZE */
/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
(x/z^2, y/z^3, 1) when interpreted as affine */
typedef struct {
#ifndef ALT_ECC_SIZE
mp_int x[1]; /* The x coordinate */
mp_int y[1]; /* The y coordinate */
mp_int z[1]; /* The z coordinate */
#else
mp_int* x; /* The x coordinate */
mp_int* y; /* The y coordinate */
mp_int* z; /* The z coordinate */
alt_fp_int xyz[3];
#endif
} ecc_point;
/* ECC Flags */
enum {
WC_ECC_FLAG_NONE = 0x00,
#ifdef HAVE_ECC_CDH
WC_ECC_FLAG_COFACTOR = 0x01,
#endif
};
/* An ECC Key */
struct ecc_key {
int type; /* Public or Private */
int idx; /* Index into the ecc_sets[] for the parameters of
this curve if -1, this key is using user supplied
curve in dp */
int state;
word32 flags;
const ecc_set_type* dp; /* domain parameters, either points to NIST
curves (idx >= 0) or user supplied */
#ifdef WOLFSSL_CUSTOM_CURVES
int deallocSet;
#endif
void* heap; /* heap hint */
ecc_point pubkey; /* public key */
mp_int k; /* private key */
#ifdef WOLFSSL_ATECC508A
int slot; /* Key Slot Number (-1 unknown) */
byte pubkey_raw[PUB_KEY_SIZE];
#endif
#ifdef PLUTON_CRYPTO_ECC
int devId;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
mp_int* r; /* sign/verify temps */
mp_int* s;
WC_ASYNC_DEV asyncDev;
#ifdef WOLFSSL_CERT_GEN
CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
};
#ifndef WC_ECCKEY_TYPE_DEFINED
typedef struct ecc_key ecc_key;
#define WC_ECCKEY_TYPE_DEFINED
#endif
/* ECC predefined curve sets */
extern const ecc_set_type ecc_sets[];
WOLFSSL_API
const char* wc_ecc_get_name(int curve_id);
#ifndef WOLFSSL_ATECC508A
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
#define ECC_API WOLFSSL_API
#else
#define ECC_API WOLFSSL_LOCAL
#endif
ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
mp_int* a, mp_int* modulus, mp_digit mp);
ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
mp_int* modulus, mp_digit mp);
#endif
WOLFSSL_API
int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
WOLFSSL_API
int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
int curve_id);
WOLFSSL_API
int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
WOLFSSL_API
int wc_ecc_check_key(ecc_key* key);
WOLFSSL_API
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
#ifdef HAVE_ECC_DHE
WOLFSSL_API
int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
word32* outlen);
WOLFSSL_LOCAL
int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen);
WOLFSSL_API
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen);
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_ECC_SIGN
WOLFSSL_API
int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
WC_RNG* rng, ecc_key* key);
WOLFSSL_API
int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
ecc_key* key, mp_int *r, mp_int *s);
#endif /* HAVE_ECC_SIGN */
#ifdef HAVE_ECC_VERIFY
WOLFSSL_API
int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* stat, ecc_key* key);
WOLFSSL_API
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* stat, ecc_key* key);
#endif /* HAVE_ECC_VERIFY */
WOLFSSL_API
int wc_ecc_init(ecc_key* key);
WOLFSSL_API
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
#ifdef WOLFSSL_CUSTOM_CURVES
WOLFSSL_LOCAL
void wc_ecc_free_curve(const ecc_set_type* curve, void* heap);
#endif
WOLFSSL_API
int wc_ecc_free(ecc_key* key);
WOLFSSL_API
int wc_ecc_set_flags(ecc_key* key, word32 flags);
WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
WOLFSSL_API
int wc_ecc_is_valid_idx(int n);
WOLFSSL_API
int wc_ecc_get_curve_idx(int curve_id);
WOLFSSL_API
int wc_ecc_get_curve_id(int curve_idx);
#define wc_ecc_get_curve_name_from_id wc_ecc_get_name
WOLFSSL_API
int wc_ecc_get_curve_size_from_id(int curve_id);
WOLFSSL_API
int wc_ecc_get_curve_idx_from_name(const char* curveName);
WOLFSSL_API
int wc_ecc_get_curve_size_from_name(const char* curveName);
WOLFSSL_API
int wc_ecc_get_curve_id_from_name(const char* curveName);
WOLFSSL_API
int wc_ecc_get_curve_id_from_params(int fieldSize,
const byte* prime, word32 primeSz, const byte* Af, word32 AfSz,
const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
WOLFSSL_API
ecc_point* wc_ecc_new_point(void);
WOLFSSL_API
ecc_point* wc_ecc_new_point_h(void* h);
WOLFSSL_API
void wc_ecc_del_point(ecc_point* p);
WOLFSSL_API
void wc_ecc_del_point_h(ecc_point* p, void* h);
WOLFSSL_API
int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
WOLFSSL_API
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
WOLFSSL_API
int wc_ecc_point_is_at_infinity(ecc_point *p);
#ifndef WOLFSSL_ATECC508A
WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map);
WOLFSSL_LOCAL
int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map, void* heap);
#endif /* !WOLFSSL_ATECC508A */
#ifdef HAVE_ECC_KEY_EXPORT
/* ASN key helpers */
WOLFSSL_API
int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
WOLFSSL_API
int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
/* extended functionality with compressed option */
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_IMPORT
WOLFSSL_API
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
WOLFSSL_API
int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
int curve_id);
WOLFSSL_API
int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key);
WOLFSSL_API
int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
WOLFSSL_API
int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
WOLFSSL_API
int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
byte* s, word32* sLen);
WOLFSSL_API
int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
const char* d, const char* curveName);
WOLFSSL_API
int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
const char* d, int curve_id);
#endif /* HAVE_ECC_KEY_IMPORT */
#ifdef HAVE_ECC_KEY_EXPORT
WOLFSSL_API
int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
byte* qy, word32* qyLen);
WOLFSSL_API
int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
byte* qy, word32* qyLen, byte* d, word32* dLen);
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_EXPORT
WOLFSSL_API
int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
byte* out, word32* outLen);
#endif /* HAVE_ECC_KEY_EXPORT */
#ifdef HAVE_ECC_KEY_IMPORT
WOLFSSL_API
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
ecc_point* point);
#endif /* HAVE_ECC_KEY_IMPORT */
/* size helper */
WOLFSSL_API
int wc_ecc_size(ecc_key* key);
WOLFSSL_API
int wc_ecc_sig_size(ecc_key* key);
WOLFSSL_API
int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
#ifdef WOLFSSL_CUSTOM_CURVES
WOLFSSL_API
int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
#endif
#ifdef HAVE_ECC_ENCRYPT
/* ecc encrypt */
enum ecEncAlgo {
ecAES_128_CBC = 1, /* default */
ecAES_256_CBC = 2
};
enum ecKdfAlgo {
ecHKDF_SHA256 = 1, /* default */
ecHKDF_SHA1 = 2
};
enum ecMacAlgo {
ecHMAC_SHA256 = 1, /* default */
ecHMAC_SHA1 = 2
};
enum {
KEY_SIZE_128 = 16,
KEY_SIZE_256 = 32,
IV_SIZE_64 = 8,
IV_SIZE_128 = 16,
EXCHANGE_SALT_SZ = 16,
EXCHANGE_INFO_SZ = 23
};
enum ecFlags {
REQ_RESP_CLIENT = 1,
REQ_RESP_SERVER = 2
};
typedef struct ecEncCtx ecEncCtx;
WOLFSSL_API
ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
WOLFSSL_API
ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
WOLFSSL_API
void wc_ecc_ctx_free(ecEncCtx*);
WOLFSSL_API
int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
WOLFSSL_API
const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
WOLFSSL_API
int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
WOLFSSL_API
int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
WOLFSSL_API
int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
WOLFSSL_API
int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
#endif /* HAVE_ECC_ENCRYPT */
#ifdef HAVE_X963_KDF
WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret,
word32 secretSz, const byte* sinfo, word32 sinfoSz,
byte* out, word32 outSz);
#endif
#ifdef ECC_CACHE_CURVE
WOLFSSL_API int wc_ecc_curve_cache_init(void);
WOLFSSL_API void wc_ecc_curve_cache_free(void);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* HAVE_ECC */
#endif /* WOLF_CRYPT_ECC_H */

153
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h Normal file
View File

@ -0,0 +1,153 @@
/* hash.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_HASH_H
#define WOLF_CRYPT_HASH_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
#endif
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef HAVE_BLAKE2
#include <wolfssl/wolfcrypt/blake2.h>
#endif
#ifdef WOLFSSL_SHA3
#include <wolfssl/wolfcrypt/sha3.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(HAVE_FIPS) && !defined(NO_OLD_WC_NAMES)
#define MAX_DIGEST_SIZE WC_MAX_DIGEST_SIZE
#endif
/* Hash types */
enum wc_HashType {
WC_HASH_TYPE_NONE = 0,
WC_HASH_TYPE_MD2 = 1,
WC_HASH_TYPE_MD4 = 2,
WC_HASH_TYPE_MD5 = 3,
WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */
WC_HASH_TYPE_SHA224 = 9,
WC_HASH_TYPE_SHA256 = 5,
WC_HASH_TYPE_SHA384 = 6,
WC_HASH_TYPE_SHA512 = 7,
WC_HASH_TYPE_MD5_SHA = 8,
};
typedef union {
#ifndef NO_MD5
wc_Md5 md5;
#endif
#ifndef NO_SHA
wc_Sha sha;
#endif
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
#endif
#ifndef NO_SHA256
wc_Sha256 sha256;
#endif
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
#endif
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
#endif
} wc_HashAlg;
/* Find largest possible digest size
Note if this gets up to the size of 80 or over check smallstack build */
#if defined(WOLFSSL_SHA3)
#define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
#elif defined(WOLFSSL_SHA512)
#define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#elif defined(HAVE_BLAKE2)
#define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES
#elif defined(WOLFSSL_SHA384)
#define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
#elif !defined(NO_SHA256)
#define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif defined(WOLFSSL_SHA224)
#define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#elif !defined(NO_SHA)
#define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#elif !defined(NO_MD5)
#define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#else
#define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
#endif
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
#endif
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
const byte* data, word32 data_len,
byte* hash, word32 hash_len);
/* generic hash operation wrappers */
WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type);
WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
const byte* data, word32 dataSz);
WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
byte* out);
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
#endif
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
#if defined(WOLFSSL_SHA224)
WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*);
#endif /* defined(WOLFSSL_SHA224) */
#endif
#ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
#if defined(WOLFSSL_SHA384)
WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
#endif /* defined(WOLFSSL_SHA384) */
#endif /* WOLFSSL_SHA512 */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_HASH_H */

193
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h Normal file
View File

@ -0,0 +1,193 @@
/* hmac.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef NO_HMAC
#ifndef WOLF_CRYPT_HMAC_H
#define WOLF_CRYPT_HMAC_H
#include <wolfssl/wolfcrypt/hash.h>
#ifdef HAVE_FIPS
/* for fips */
#include <cyassl/ctaocrypt/hmac.h>
#define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifndef NO_OLD_WC_NAMES
#define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE
#endif
enum {
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
IPAD = 0x36,
OPAD = 0x5C,
/* If any hash is not enabled, add the ID here. */
#ifdef NO_MD5
WC_MD5 = 0,
#endif
#ifdef NO_SHA
WC_SHA = 1,
#endif
#ifdef NO_SHA256
WC_SHA256 = 2,
#endif
#ifndef WOLFSSL_SHA512
WC_SHA512 = 4,
#endif
#ifndef WOLFSSL_SHA384
WC_SHA384 = 5,
#endif
#ifndef HAVE_BLAKE2
BLAKE2B_ID = 7,
#endif
#ifndef WOLFSSL_SHA224
WC_SHA224 = 8,
#endif
#ifndef WOLFSSL_SHA3
WC_SHA3_224 = 10,
WC_SHA3_256 = 11,
WC_SHA3_384 = 12,
WC_SHA3_512 = 13,
#else
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144,
WC_SHA3_256_BLOCK_SIZE = 136,
WC_SHA3_384_BLOCK_SIZE = 104,
WC_SHA3_512_BLOCK_SIZE = 72,
#endif
/* Select the largest available hash for the buffer size. */
#if defined(WOLFSSL_SHA3)
WC_HMAC_BLOCK_SIZE = WC_SHA3_224_BLOCK_SIZE
/* SHA3-224 has the largest block size */
#elif defined(WOLFSSL_SHA512)
WC_HMAC_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE,
#elif defined(HAVE_BLAKE2)
WC_HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES,
#elif defined(WOLFSSL_SHA384)
WC_HMAC_BLOCK_SIZE = WC_SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256)
WC_HMAC_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE
#elif defined(WOLFSSL_SHA224)
WC_HMAC_BLOCK_SIZE = WC_SHA224_BLOCK_SIZE
#elif !defined(NO_SHA)
WC_HMAC_BLOCK_SIZE = WC_SHA_BLOCK_SIZE,
#elif !defined(NO_MD5)
WC_HMAC_BLOCK_SIZE = WC_MD5_BLOCK_SIZE,
#else
#error "You have to have some kind of hash if you want to use HMAC."
#endif
};
/* hash union */
typedef union {
#ifndef NO_MD5
wc_Md5 md5;
#endif
#ifndef NO_SHA
wc_Sha sha;
#endif
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
#endif
#ifndef NO_SHA256
wc_Sha256 sha256;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
#endif
wc_Sha512 sha512;
#endif
#ifdef HAVE_BLAKE2
Blake2b blake2b;
#endif
#ifdef WOLFSSL_SHA3
Sha3 sha3;
#endif
} Hash;
/* Hmac digest */
typedef struct Hmac {
Hash hash;
word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
void* heap; /* heap hint */
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
word16 keyLen; /* hmac key length (key in ipad) */
#ifdef HAVE_CAVIUM
byte* data; /* buffered input data for one call */
word16 dataLen;
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
} Hmac;
#endif /* HAVE_FIPS */
/* does init */
WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
WOLFSSL_API int wc_HmacSizeByType(int type);
WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
WOLFSSL_API void wc_HmacFree(Hmac*);
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap);
#ifdef HAVE_HKDF
WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out);
WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
#endif /* HAVE_HKDF */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_HMAC_H */
#endif /* NO_HMAC */

387
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h Normal file
View File

@ -0,0 +1,387 @@
/* integer.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/*
* Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
* http://math.libtomcrypt.com
*/
#ifndef WOLF_CRYPT_INTEGER_H
#define WOLF_CRYPT_INTEGER_H
/* may optionally use fast math instead, not yet supported on all platforms and
may not be faster on all
*/
#include <wolfssl/wolfcrypt/types.h> /* will set MP_xxBIT if not default */
#ifdef WOLFSSL_SP_MATH
#include <wolfssl/wolfcrypt/sp_int.h>
#elif defined(USE_FAST_MATH)
#include <wolfssl/wolfcrypt/tfm.h>
#else
#include <wolfssl/wolfcrypt/random.h>
#ifndef CHAR_BIT
#include <limits.h>
#endif
#include <wolfssl/wolfcrypt/mpi_class.h>
/* wolf big int and common functions */
#include <wolfssl/wolfcrypt/wolfmath.h>
#ifdef WOLFSSL_PUBLIC_MP
#define MP_API WOLFSSL_API
#else
#define MP_API
#endif
#ifndef MIN
#define MIN(x,y) ((x)<(y)?(x):(y))
#endif
#ifndef MAX
#define MAX(x,y) ((x)>(y)?(x):(y))
#endif
#ifdef __cplusplus
extern "C" {
/* C++ compilers don't like assigning void * to mp_digit * */
#define OPT_CAST(x) (x *)
#else
/* C on the other hand doesn't care */
#define OPT_CAST(x)
#endif /* __cplusplus */
/* detect 64-bit mode if possible */
#if defined(__x86_64__)
#if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
#define MP_64BIT
#endif
#endif
/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
#undef MP_64BIT
#endif
/* allow user to define on mp_digit, mp_word, DIGIT_BIT types */
#ifndef WOLFSSL_BIGINT_TYPES
/* some default configurations.
*
* A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
* A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
*
* At the very least a mp_digit must be able to hold 7 bits
* [any size beyond that is ok provided it doesn't overflow the data type]
*/
#ifdef MP_8BIT
typedef unsigned char mp_digit;
typedef unsigned short mp_word;
#elif defined(MP_16BIT) || defined(NO_64BIT)
typedef unsigned short mp_digit;
typedef unsigned int mp_word;
#define DIGIT_BIT 12
#elif defined(MP_64BIT)
/* for GCC only on supported platforms */
typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */
typedef unsigned long mp_word __attribute__ ((mode(TI)));
#define DIGIT_BIT 60
#else
/* this is the default case, 28-bit digits */
#if defined(_MSC_VER) || defined(__BORLANDC__)
typedef unsigned __int64 ulong64;
#else
typedef unsigned long long ulong64;
#endif
typedef unsigned int mp_digit; /* long could be 64 now, changed TAO */
typedef ulong64 mp_word;
#ifdef MP_31BIT
/* this is an extension that uses 31-bit digits */
#define DIGIT_BIT 31
#else
/* default case is 28-bit digits, defines MP_28BIT as a handy test macro */
#define DIGIT_BIT 28
#define MP_28BIT
#endif
#endif
#endif /* WOLFSSL_BIGINT_TYPES */
/* otherwise the bits per digit is calculated automatically from the size of
a mp_digit */
#ifndef DIGIT_BIT
#define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1)))
/* bits per digit */
#endif
#define MP_DIGIT_BIT DIGIT_BIT
#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
#define MP_DIGIT_MAX MP_MASK
/* equalities */
#define MP_LT -1 /* less than */
#define MP_EQ 0 /* equal to */
#define MP_GT 1 /* greater than */
#define MP_ZPOS 0 /* positive integer */
#define MP_NEG 1 /* negative */
#define MP_OKAY 0 /* ok result */
#define MP_MEM -2 /* out of mem */
#define MP_VAL -3 /* invalid input */
#define MP_NOT_INF -4 /* point not at infinity */
#define MP_RANGE MP_NOT_INF
#define MP_YES 1 /* yes response */
#define MP_NO 0 /* no response */
/* Primality generation flags */
#define LTM_PRIME_BBS 0x0001 /* BBS style prime */
#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */
#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */
typedef int mp_err;
/* define this to use lower memory usage routines (exptmods mostly) */
#define MP_LOW_MEM
/* default precision */
#ifndef MP_PREC
#ifndef MP_LOW_MEM
#define MP_PREC 32 /* default digits of precision */
#else
#define MP_PREC 1 /* default digits of precision */
#endif
#endif
/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD -
BITS_PER_DIGIT*2) */
#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
#ifdef HAVE_WOLF_BIGINT
struct WC_BIGINT;
#endif
/* the mp_int structure */
typedef struct mp_int {
int used, alloc, sign;
mp_digit *dp;
#ifdef HAVE_WOLF_BIGINT
struct WC_BIGINT raw; /* unsigned binary (big endian) */
#endif
} mp_int;
#define MP_INT_DEFINED
/* callback for mp_prime_random, should fill dst with random bytes and return
how many read [up to len] */
typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
#define USED(m) ((m)->used)
#define DIGIT(m,k) ((m)->dp[(k)])
#define SIGN(m) ((m)->sign)
/* ---> Basic Manipulations <--- */
#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
#define mp_isone(a) \
(((((a)->used == 1)) && ((a)->dp[0] == 1u)) ? MP_YES : MP_NO)
#define mp_iseven(a) \
(((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO)
#define mp_isodd(a) \
(((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO)
#define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO)
/* number of primes */
#ifdef MP_8BIT
#define PRIME_SIZE 31
#else
#define PRIME_SIZE 256
#endif
#ifndef MAX_INVMOD_SZ
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
#define MAX_INVMOD_SZ 8192
#else
#define MAX_INVMOD_SZ 4096
#endif
#endif
#define mp_prime_random(a, t, size, bbs, cb, dat) \
mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
#define mp_raw_size(mp) mp_signed_bin_size(mp)
#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
#define MP_RADIX_BIN 2
#define MP_RADIX_OCT 8
#define MP_RADIX_DEC 10
#define MP_RADIX_HEX 16
#define MP_RADIX_MAX 64
#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN)
#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT)
#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
extern const char *mp_s_rmap;
#endif
/* 6 functions needed by Rsa */
MP_API int mp_init (mp_int * a);
MP_API void mp_clear (mp_int * a);
MP_API void mp_free (mp_int * a);
MP_API void mp_forcezero(mp_int * a);
MP_API int mp_unsigned_bin_size(mp_int * a);
MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b);
MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
/* end functions needed by Rsa */
/* functions added to support above needed, removed TOOM and KARATSUBA */
MP_API int mp_count_bits (mp_int * a);
MP_API int mp_leading_bit (mp_int * a);
MP_API int mp_init_copy (mp_int * a, mp_int * b);
MP_API int mp_copy (mp_int * a, mp_int * b);
MP_API int mp_grow (mp_int * a, int size);
MP_API int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
MP_API void mp_zero (mp_int * a);
MP_API void mp_clamp (mp_int * a);
MP_API void mp_exch (mp_int * a, mp_int * b);
MP_API void mp_rshd (mp_int * a, int b);
MP_API void mp_rshb (mp_int * a, int b);
MP_API int mp_mod_2d (mp_int * a, int b, mp_int * c);
MP_API int mp_mul_2d (mp_int * a, int b, mp_int * c);
MP_API int mp_lshd (mp_int * a, int b);
MP_API int mp_abs (mp_int * a, mp_int * b);
MP_API int mp_invmod (mp_int * a, mp_int * b, mp_int * c);
int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_cmp_mag (mp_int * a, mp_int * b);
MP_API int mp_cmp (mp_int * a, mp_int * b);
MP_API int mp_cmp_d(mp_int * a, mp_digit b);
MP_API int mp_set (mp_int * a, mp_digit b);
MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_div_2(mp_int * a, mp_int * b);
MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_sub (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_reduce_is_2k_l(mp_int *a);
MP_API int mp_reduce_is_2k(mp_int *a);
MP_API int mp_dr_is_modulus(mp_int *a);
MP_API int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
int);
MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho);
int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
MP_API int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
MP_API int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
MP_API int mp_reduce (mp_int * x, mp_int * m, mp_int * mu);
MP_API int mp_reduce_setup (mp_int * a, mp_int * b);
int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode);
MP_API int mp_montgomery_calc_normalization (mp_int * a, mp_int * b);
int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
int s_mp_sqr (mp_int * a, mp_int * b);
int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
int fast_s_mp_sqr (mp_int * a, mp_int * b);
MP_API int mp_init_size (mp_int * a, int size);
MP_API int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d);
MP_API int mp_mul_2(mp_int * a, mp_int * b);
MP_API int mp_mul (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_sqr (mp_int * a, mp_int * b);
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
MP_API int mp_2expt (mp_int * a, int b);
MP_API int mp_set_bit (mp_int * a, int b);
MP_API int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
MP_API int mp_add_d (mp_int* a, mp_digit b, mp_int* c);
MP_API int mp_set_int (mp_int * a, unsigned long b);
MP_API int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
/* end support added functions */
/* added */
MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
mp_int* f);
MP_API int mp_toradix (mp_int *a, char *str, int radix);
MP_API int mp_radix_size (mp_int * a, int radix, int *size);
#ifdef WOLFSSL_DEBUG_MATH
MP_API void mp_dump(const char* desc, mp_int* a, byte verbose);
#else
#define mp_dump(desc, a, verbose)
#endif
#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
#endif
#if !defined(NO_DSA) || defined(HAVE_ECC)
MP_API int mp_read_radix(mp_int* a, const char* str, int radix);
#endif
#ifdef WOLFSSL_KEY_GEN
MP_API int mp_prime_is_prime (mp_int * a, int t, int *result);
MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
#endif
MP_API int mp_cnt_lsb(mp_int *a);
MP_API int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c);
/* wolf big int and common functions */
#include <wolfssl/wolfcrypt/wolfmath.h>
#ifdef __cplusplus
}
#endif
#endif /* USE_FAST_MATH */
#endif /* WOLF_CRYPT_INTEGER_H */

0
components/ssl/wolfssl/include/wolfssl/wolfcrypt/logging.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
View File

108
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h Normal file
View File

@ -0,0 +1,108 @@
/* md5.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_MD5_H
#define WOLF_CRYPT_MD5_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_MD5
#ifdef HAVE_FIPS
#define wc_InitMd5 InitMd5
#define wc_Md5Update Md5Update
#define wc_Md5Final Md5Final
#define wc_Md5Hash Md5Hash
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef NO_OLD_WC_NAMES
#define Md5 wc_Md5
#define MD5 WC_MD5
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
#endif
/* in bytes */
enum {
WC_MD5 = 0, /* hash type unique */
WC_MD5_BLOCK_SIZE = 64,
WC_MD5_DIGEST_SIZE = 16,
WC_MD5_PAD_SIZE = 56
};
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
#include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
#endif
#ifdef STM32_HASH
#include <wolfssl/wolfcrypt/port/st/stm32.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef WOLFSSL_TI_HASH
#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
#elif defined(WOLFSSL_IMX6_CAAM)
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#else
/* MD5 digest */
typedef struct wc_Md5 {
#ifdef STM32_HASH
STM32_HASH_Context stmCtx;
#else
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */
word32 buffer[WC_MD5_BLOCK_SIZE / sizeof(word32)];
#ifdef WOLFSSL_PIC32MZ_HASH
word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)];
#else
word32 digest[WC_MD5_DIGEST_SIZE / sizeof(word32)];
#endif
void* heap;
#ifdef WOLFSSL_PIC32MZ_HASH
hashUpdCache cache; /* cache for updates */
#endif
#endif /* STM32_HASH */
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
} wc_Md5;
#endif /* WOLFSSL_TI_HASH */
WOLFSSL_API int wc_InitMd5(wc_Md5*);
WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
WOLFSSL_API void wc_Md5Free(wc_Md5*);
WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*);
WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
#ifdef WOLFSSL_PIC32MZ_HASH
WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_MD5 */
#endif /* WOLF_CRYPT_MD5_H */

1010
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h Normal file
View File

File diff suppressed because it is too large Load Diff

87
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h Normal file
View File

@ -0,0 +1,87 @@
/* mpi_superclass.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* super class file for PK algos */
/* default ... include all MPI */
#define LTM_ALL
/* RSA only (does not support DH/DSA/ECC) */
/* #define SC_RSA_1 */
/* For reference.... On an Athlon64 optimizing for speed...
LTM's mpi.o with all functions [striped] is 142KiB in size.
*/
/* Works for RSA only, mpi.o is 68KiB */
#ifdef SC_RSA_1
#define BN_MP_SHRINK_C
#define BN_MP_LCM_C
#define BN_MP_PRIME_RANDOM_EX_C
#define BN_MP_INVMOD_C
#define BN_MP_GCD_C
#define BN_MP_MOD_C
#define BN_MP_MULMOD_C
#define BN_MP_ADDMOD_C
#define BN_MP_EXPTMOD_C
#define BN_MP_SET_INT_C
#define BN_MP_INIT_MULTI_C
#define BN_MP_CLEAR_MULTI_C
#define BN_MP_UNSIGNED_BIN_SIZE_C
#define BN_MP_TO_UNSIGNED_BIN_C
#define BN_MP_MOD_D_C
#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
#define BN_REVERSE_C
#define BN_PRIME_TAB_C
/* other modifiers */
#define BN_MP_DIV_SMALL /* Slower division, not critical */
/* here we are on the last pass so we turn things off. The functions classes are still there
* but we remove them specifically from the build. This also invokes tweaks in functions
* like removing support for even moduli, etc...
*/
#ifdef LTM_LAST
#undef BN_MP_TOOM_MUL_C
#undef BN_MP_TOOM_SQR_C
#undef BN_MP_KARATSUBA_MUL_C
#undef BN_MP_KARATSUBA_SQR_C
#undef BN_MP_REDUCE_C
#undef BN_MP_REDUCE_SETUP_C
#undef BN_MP_DR_IS_MODULUS_C
#undef BN_MP_DR_SETUP_C
#undef BN_MP_DR_REDUCE_C
#undef BN_MP_REDUCE_IS_2K_C
#undef BN_MP_REDUCE_2K_SETUP_C
#undef BN_MP_REDUCE_2K_C
#undef BN_S_MP_EXPTMOD_C
#undef BN_MP_DIV_3_C
#undef BN_S_MP_MUL_HIGH_DIGS_C
#undef BN_FAST_S_MP_MUL_HIGH_DIGS_C
#undef BN_FAST_MP_INVMOD_C
/* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
* which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
* which means roughly speaking you can handle up to 2536-bit RSA keys with these defined without
* trouble.
*/
#undef BN_S_MP_MUL_DIGS_C
#undef BN_S_MP_SQR_C
#undef BN_MP_MONTGOMERY_REDUCE_C
#endif
#endif

66
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h Normal file
View File

@ -0,0 +1,66 @@
/* pwdbased.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_PWDBASED_H
#define WOLF_CRYPT_PWDBASED_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_PWDBASED
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h> /* for hash type */
#endif
#include <wolfssl/wolfcrypt/sha.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* hashType renamed to typeH to avoid shadowing global declaration here:
* wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
*/
WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int typeH);
WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int typeH);
WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations,
int kLen, int typeH, int purpose);
WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
const byte* salt, int saltLen, int iterations, int kLen,
int hashType, int id, void* heap);
#ifdef HAVE_SCRYPT
WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int cost,
int blockSize, int parallel, int dkLen);
#endif
/* helper functions */
WOLFSSL_LOCAL int GetDigestSize(int typeH);
WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u);
WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_PWDBASED */
#endif /* WOLF_CRYPT_PWDBASED_H */

182
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h Normal file
View File

@ -0,0 +1,182 @@
/* random.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_RANDOM_H
#define WOLF_CRYPT_RANDOM_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef HAVE_FIPS
/* for fips @wc_fips */
#include <cyassl/ctaocrypt/random.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Maximum generate block length */
#ifndef RNG_MAX_BLOCK_LEN
#ifdef HAVE_INTEL_QA
#define RNG_MAX_BLOCK_LEN (0xFFFF)
#else
#define RNG_MAX_BLOCK_LEN (0x10000)
#endif
#endif
/* Size of the BRBG seed */
#ifndef DRBG_SEED_LEN
#define DRBG_SEED_LEN (440/8)
#endif
#if !defined(CUSTOM_RAND_TYPE)
/* To maintain compatibility the default is byte */
#define CUSTOM_RAND_TYPE byte
#endif
/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
or CUSTOM_RAND_GENERATE_BLOCK is defined*/
#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#ifndef WC_RESEED_INTERVAL
#define WC_RESEED_INTERVAL (1000000)
#endif
#endif
#ifndef HAVE_FIPS /* avoid redefining structs and macros */
/* RNG supports the following sources (in order):
* 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
* bypasses the options below.
* 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
* 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
* seeded via wc_GenerateSeed. This is the default source.
*/
/* Seed source can be overriden by defining one of these:
CUSTOM_RAND_GENERATE_SEED
CUSTOM_RAND_GENERATE_SEED_OS
CUSTOM_RAND_GENERATE */
#if defined(CUSTOM_RAND_GENERATE_BLOCK)
/* To use define the following:
* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
* extern int myRngFunc(byte* output, word32 sz);
*/
#elif defined(HAVE_HASHDRBG)
#ifdef NO_SHA256
#error "Hash DRBG requires SHA-256."
#endif /* NO_SHA256 */
#include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#else
#error No RNG source defined!
#endif
#ifdef HAVE_WNR
#include <wnr.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(USE_WINDOWS_API)
#if defined(_WIN64)
typedef unsigned __int64 ProviderHandle;
/* type HCRYPTPROV, avoid #include <windows.h> */
#else
typedef unsigned long ProviderHandle;
#endif
#endif
/* OS specific seeder */
typedef struct OS_Seed {
#if defined(USE_WINDOWS_API)
ProviderHandle handle;
#else
int fd;
#endif
} OS_Seed;
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
typedef struct WC_RNG WC_RNG;
#define WC_RNG_TYPE_DEFINED
#endif
/* RNG context */
struct WC_RNG {
OS_Seed seed;
void* heap;
#ifdef HAVE_HASHDRBG
/* Hash-based Deterministic Random Bit Generator */
struct DRBG* drbg;
byte status;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
int devId;
#endif
};
#endif /* HAVE_FIPS */
/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
* can't be used with CTaoCrypt FIPS */
#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
#define RNG WC_RNG
#endif
WOLFSSL_LOCAL
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
#ifdef HAVE_WNR
/* Whitewood netRandom client library */
WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
WOLFSSL_API int wc_FreeNetRandom(void);
#endif /* HAVE_WNR */
WOLFSSL_API int wc_InitRng(WC_RNG*);
WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
WOLFSSL_API int wc_FreeRng(WC_RNG*);
#ifdef HAVE_HASHDRBG
WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
word32 entropySz);
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
byte* output, word32 outputSz);
#endif /* HAVE_HASHDRBG */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_RANDOM_H */

0
components/ssl/wolfssl/include/wolfssl/wolfcrypt/settings.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
View File

126
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h Normal file
View File

@ -0,0 +1,126 @@
/* sha.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#ifndef WOLF_CRYPT_SHA_H
#define WOLF_CRYPT_SHA_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_SHA
#ifdef HAVE_FIPS
#define wc_Sha Sha
#define WC_SHA SHA
#define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE
#define WC_SHA_DIGEST_SIZE SHA_DIGEST_SIZE
#define WC_SHA_PAD_SIZE SHA_PAD_SIZE
/* for fips @wc_fips */
#include <cyassl/ctaocrypt/sha.h>
#endif
#ifdef FREESCALE_LTC_SHA
#include "fsl_ltc.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS /* avoid redefining structs */
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
#include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
#endif
#ifdef STM32_HASH
#include <wolfssl/wolfcrypt/port/st/stm32.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifndef NO_OLD_WC_NAMES
#define Sha wc_Sha
#define SHA WC_SHA
#define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE
#define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#define SHA_PAD_SIZE WC_SHA_PAD_SIZE
#endif
/* in bytes */
enum {
WC_SHA = 1, /* hash type unique */
WC_SHA_BLOCK_SIZE = 64,
WC_SHA_DIGEST_SIZE = 20,
WC_SHA_PAD_SIZE = 56
};
#if defined(WOLFSSL_TI_HASH)
#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
#elif defined(WOLFSSL_IMX6_CAAM)
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#else
/* Sha digest */
typedef struct wc_Sha {
#ifdef FREESCALE_LTC_SHA
ltc_hash_ctx_t ctx;
#elif defined(STM32_HASH)
STM32_HASH_Context stmCtx;
#else
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */
word32 buffer[WC_SHA_BLOCK_SIZE / sizeof(word32)];
#ifdef WOLFSSL_PIC32MZ_HASH
word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)];
#else
word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
#endif
void* heap;
#ifdef WOLFSSL_PIC32MZ_HASH
hashUpdCache cache; /* cache for updates */
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif
} wc_Sha;
#endif /* WOLFSSL_TI_HASH */
#endif /* HAVE_FIPS */
WOLFSSL_API int wc_InitSha(wc_Sha*);
WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId);
WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32);
WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*);
WOLFSSL_API void wc_ShaFree(wc_Sha*);
WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
#ifdef WOLFSSL_PIC32MZ_HASH
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_SHA */
#endif /* WOLF_CRYPT_SHA_H */

176
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h Normal file
View File

@ -0,0 +1,176 @@
/* sha256.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
/* code submitted by raphael.huck@efixo.com */
#ifndef WOLF_CRYPT_SHA256_H
#define WOLF_CRYPT_SHA256_H
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_SHA256
#ifdef HAVE_FIPS
#define wc_Sha256 Sha256
#define WC_SHA256 SHA256
#define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE
#define WC_SHA256_DIGEST_SIZE SHA256_DIGEST_SIZE
#define WC_SHA256_PAD_SIZE SHA256_PAD_SIZE
#ifdef WOLFSSL_SHA224
#define wc_Sha224 Sha224
#define WC_SHA224 SHA224
#define WC_SHA224_BLOCK_SIZE SHA224_BLOCK_SIZE
#define WC_SHA224_DIGEST_SIZE SHA224_DIGEST_SIZE
#define WC_SHA224_PAD_SIZE SHA224_PAD_SIZE
#endif
/* for fips @wc_fips */
#include <cyassl/ctaocrypt/sha256.h>
#endif
#ifdef FREESCALE_LTC_SHA
#include "fsl_ltc.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS /* avoid redefinition of structs */
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
#include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
#endif
#ifdef STM32_HASH
#include <wolfssl/wolfcrypt/port/st/stm32.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(_MSC_VER)
#define SHA256_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define SHA256_NOINLINE __attribute__((noinline))
#else
#define SHA256_NOINLINE
#endif
#ifndef NO_OLD_SHA256_NAMES
#define SHA256 WC_SHA256
#endif
#ifndef NO_OLD_WC_NAMES
#define Sha256 wc_Sha256
#define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE
#define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#define SHA256_PAD_SIZE WC_SHA256_PAD_SIZE
#endif
/* in bytes */
enum {
WC_SHA256 = 2, /* hash type unique */
WC_SHA256_BLOCK_SIZE = 64,
WC_SHA256_DIGEST_SIZE = 32,
WC_SHA256_PAD_SIZE = 56
};
#ifdef WOLFSSL_TI_HASH
#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
#elif defined(WOLFSSL_IMX6_CAAM)
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#else
/* wc_Sha256 digest */
typedef struct wc_Sha256 {
#ifdef FREESCALE_LTC_SHA
ltc_hash_ctx_t ctx;
#elif defined(STM32_HASH)
STM32_HASH_Context stmCtx;
#else
/* alignment on digest and buffer speeds up ARMv8 crypto operations */
ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
ALIGN16 word32 buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32)];
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */
void* heap;
#ifdef USE_INTEL_SPEEDUP
const byte* data;
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
hashUpdCache cache; /* cache for updates */
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif
} wc_Sha256;
#endif
#endif /* HAVE_FIPS */
WOLFSSL_API int wc_InitSha256(wc_Sha256*);
WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int);
WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
#ifdef WOLFSSL_PIC32MZ_HASH
WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
#endif
#ifdef WOLFSSL_SHA224
#ifndef HAVE_FIPS /* avoid redefinition of structs */
#ifndef NO_OLD_WC_NAMES
#define Sha224 wc_Sha224
#define SHA224 WC_SHA224
#define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
#define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE
#endif
/* in bytes */
enum {
WC_SHA224 = 8, /* hash type unique */
WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE,
WC_SHA224_DIGEST_SIZE = 28,
WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE
};
typedef wc_Sha256 wc_Sha224;
#endif /* HAVE_FIPS */
WOLFSSL_API int wc_InitSha224(wc_Sha224*);
WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int);
WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32);
WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*);
WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
#endif /* WOLFSSL_SHA224 */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* NO_SHA256 */
#endif /* WOLF_CRYPT_SHA256_H */

0
components/ssl/wolfssl/include/wolfssl/wolfcrypt/types.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
View File

0
components/ssl/wolfssl/include/wolfssl/wolfcrypt/visibility.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h
View File

0
components/ssl/wolfssl/include/wolfssl/wolfcrypt/wc_port.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
View File

60
components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h Normal file
View File

@ -0,0 +1,60 @@
/* wolfmath.h
*
* Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved.
*
* This file is part of wolfSSL.
*
* Contact licensing@wolfssl.com with any questions or comments.
*
* http://www.wolfssl.com
*/
#if defined(HAVE_WOLF_BIGINT) && !defined(WOLF_BIGINT_DEFINED)
/* raw big integer */
typedef struct WC_BIGINT {
byte* buf;
word32 len;
void* heap;
} WC_BIGINT;
#define WOLF_BIGINT_DEFINED
#endif
/* only define functions if mp_int has been declared */
#ifdef MP_INT_DEFINED
#ifndef __WOLFMATH_H__
#define __WOLFMATH_H__
/* timing resistance array */
#if !defined(WC_NO_CACHE_RESISTANT) && \
((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
(defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
extern const wolfssl_word wc_off_on_addr[2];
#endif
/* common math functions */
int get_digit_count(mp_int* a);
mp_digit get_digit(mp_int* a, int n);
int get_rand_digit(WC_RNG* rng, mp_digit* d);
int mp_rand(mp_int* a, int digits, WC_RNG* rng);
#ifdef HAVE_WOLF_BIGINT
void wc_bigint_init(WC_BIGINT* a);
int wc_bigint_alloc(WC_BIGINT* a, word32 sz);
int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen);
int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen);
void wc_bigint_zero(WC_BIGINT* a);
void wc_bigint_free(WC_BIGINT* a);
int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst);
int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst);
#endif /* HAVE_WOLF_BIGINT */
#endif /* __WOLFMATH_H__ */
#endif /* MP_INT_DEFINED */

0
components/ssl/wolfssl/include/wolfssl/wolfio.h → components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h
View File

24
components/tcpip_adapter/tcpip_adapter_wifi.c
View File

@ -67,14 +67,15 @@ static void tcpip_adapter_dhcpc_done()
if (clientdhcp->state == DHCP_STATE_BOUND) {
/*send event here*/
system_station_got_ip_set();
printf("ip:" IPSTR ",mask:" IPSTR ",gw:" IPSTR "\n", IP2STR(&(esp_netif[0]->ip_addr.u_addr.ip4)),
IP2STR(&(esp_netif[0]->netmask.u_addr.ip4)), IP2STR(&(esp_netif[0]->gw.u_addr.ip4)));
printf("ip:" IPSTR ",mask:" IPSTR ",gw:" IPSTR "\n", IP2STR(ip_2_ip4(&(esp_netif[0]->ip_addr))),
IP2STR(ip_2_ip4(&(esp_netif[0]->netmask))), IP2STR(ip_2_ip4(&(esp_netif[0]->gw))));
} else if (dhcp_fail_time < 100) {
TCPIP_ATAPTER_LOG("dhcpc time(ms): %d\n", dhcp_fail_time * 200);
dhcp_fail_time ++;
os_timer_setfn(get_ip_timer, tcpip_adapter_dhcpc_done, NULL);
os_timer_arm(get_ip_timer, 200, 1);
} else {
extern void wifi_station_dhcpc_event();
wifi_station_dhcpc_event();
TCPIP_ATAPTER_LOG("ERROR dhcp get ip error\n");
free(get_ip_timer);
@ -255,8 +256,8 @@ void tcpip_adapter_start(uint8_t netif_index, bool authed)
if (dhcps_flag) {
dhcps_start(&esp_ip[TCPIP_ADAPTER_IF_AP]);
printf("dhcp server start:(");
printf("ip:" IPSTR ",mask:" IPSTR ",gw:" IPSTR, IP2STR(&(esp_netif[TCPIP_ADAPTER_IF_AP]->ip_addr.u_addr.ip4)),
IP2STR(&(esp_netif[TCPIP_ADAPTER_IF_AP]->netmask.u_addr.ip4)), IP2STR(&(esp_netif[TCPIP_ADAPTER_IF_AP]->gw.u_addr.ip4)));
printf("ip:" IPSTR ",mask:" IPSTR ",gw:" IPSTR, IP2STR((ip_2_ip4(&esp_netif[TCPIP_ADAPTER_IF_AP]->ip_addr))),
IP2STR((ip_2_ip4(&esp_netif[TCPIP_ADAPTER_IF_AP]->netmask))), IP2STR((ip_2_ip4(&esp_netif[TCPIP_ADAPTER_IF_AP]->gw))));
printf(")\n");
}
@ -318,10 +319,15 @@ bool wifi_get_ip_info(WIFI_INTERFACE netif_index, struct ip_info* if_ip)
return false;
}
if(if_ip == NULL){
TCPIP_ATAPTER_LOG("ERROR ip info is NULL\n");
return false;
}
TCPIP_ATAPTER_LOG("Get netif[%d] ip info\n", netif_index);
if_ip->ip = esp_netif[netif_index]->ip_addr.u_addr.ip4;
if_ip->netmask = esp_netif[netif_index]->netmask.u_addr.ip4;
if_ip->gw = esp_netif[netif_index]->gw.u_addr.ip4;
if_ip->ip.addr = ip_addr_get_ip4_u32(&esp_netif[netif_index]->ip_addr);
if_ip->netmask.addr = ip_addr_get_ip4_u32(&esp_netif[netif_index]->netmask);
if_ip->gw.addr = ip_addr_get_ip4_u32(&esp_netif[netif_index]->gw);
return true;
}
@ -336,6 +342,7 @@ bool wifi_create_linklocal_ip(uint8_t netif_index, bool ipv6)
return true;
}
#if LWIP_IPV6
bool wifi_get_linklocal_ip(uint8_t netif_index, ip6_addr_t* linklocal)
{
if (TCPIP_ADAPTER_IF_VALID(netif_index)) {
@ -350,7 +357,6 @@ bool wifi_get_linklocal_ip(uint8_t netif_index, ip6_addr_t* linklocal)
bool wifi_get_ipinfo_v6(uint8_t netif_index, uint8_t ip_index, ip6_addr_t* ipv6)
{
#if LWIP_IPV6
if (TCPIP_ADAPTER_IF_VALID(netif_index)) {
memcpy(ipv6, &esp_netif[netif_index]->ip6_addr[ip_index], sizeof(ip6_addr_t));
@ -359,9 +365,9 @@ bool wifi_get_ipinfo_v6(uint8_t netif_index, uint8_t ip_index, ip6_addr_t* ipv6)
return false;
}
#endif
return true;
}
#endif
bool wifi_softap_dhcps_start(void)
{

17
examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
View File

@ -63,17 +63,6 @@ static void https_get_task()
mbedtls_ssl_config conf;
mbedtls_net_context server_fd;
uint32_t current_timestamp = 0;
/*enable sntp for sync the time*/
sntp_setoperatingmode(0);
sntp_setservername(0, HTTPS_MBEDTLS_SNTP_SERVERS);
sntp_init();
do {
current_timestamp = sntp_get_current_timestamp();
vTaskDelay(500 / portTICK_RATE_MS);
} while (current_timestamp == 0);
mbedtls_ssl_init(&ssl);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
@ -283,7 +272,7 @@ void wifi_event_handler_cb(System_Event_t* event)
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal/* Websocket example
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
@ -336,8 +325,8 @@ void user_init()
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, CONFIG_WIFI_SSID);
sprintf(config.password, CONFIG_WIFI_PASSWORD);
sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);

52
examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c
View File

@ -18,6 +18,7 @@
#include <sys/socket.h>
#include <netdb.h>
#include "lwip/apps/sntp.h"
#include <wolfssl/ssl.h>
@ -46,6 +47,38 @@ const char send_data[] = REQUEST;
const int32_t send_bytes = sizeof(send_data);
char recv_data[1024] = {0};
static void get_time()
{
struct timeval now;
int sntp_retry_cnt = 0;
int sntp_retry_time = 0;
sntp_setoperatingmode(0);
sntp_setservername(0, WOLFSSL_DEMO_SNTP_SERVERS);
sntp_init();
while (1) {
for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
vTaskDelay(100 / portTICK_RATE_MS);
gettimeofday(&now, NULL);
}
if (now.tv_sec < 1525952900) {
sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
sntp_retry_cnt ++;
}
printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
} else {
printf("SNTP get time success\n");
break;
}
}
}
static void wolfssl_client(void* pv)
{
int32_t ret = 0;
@ -58,16 +91,8 @@ static void wolfssl_client(void* pv)
struct sockaddr_in sock_addr;
struct hostent* entry = NULL;
uint32_t current_timestamp = 0;
/*enable sntp for sync the time*/
sntp_setoperatingmode(0);
sntp_setservername(0, WOLFSSL_DEMO_SNTP_SERVERS);
sntp_init();
do {
current_timestamp = sntp_get_current_timestamp();
vTaskDelay(xDelay);
} while (current_timestamp == 0);
/* CA date verification need system time */
get_time();
while (1) {
@ -216,7 +241,7 @@ void user_conn_init(void)
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal/* Websocket example
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
@ -292,9 +317,10 @@ void user_init(void)
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, CONFIG_WIFI_SSID);
sprintf(config.password, CONFIG_WIFI_PASSWORD);
sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
wifi_set_sleep_type(0);
}

48
examples/protocols/openssl_client/README.md
View File

@ -1,43 +1,29 @@
1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_client directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key.
The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
The server.pem and client.pem was generated by the same ca.pem in gencrt.sh.
Server side needs ca.crt(to verify client.crt), server.crt, server.key
Server side needs ca.pem(to verify client.pem), server.pem, server.key
Client side needs ca.crt(to verify server.crt), client.crt, client.key
Client side needs ca.pem(to verify server.pem), client.pem, client.key
If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key:
Client side needs ca2.crt, client1.crt, client1.key.
Client side needs ca2.pem, client1.pem, client1.key.
Server side needs ca1.crt, server2.crt, server2.key.
Server side needs ca1.pem, server2.pem, server2.key.
Rename ca2.crt client1.crt client1.key to ca.crt client.crt client.key and run ./genheader.sh.
Rename ca2.pem client1.pem client1.key to ca.pem client.pem client.key.
Use ca1.crt in openssl s_server -CAfile option.
Use ca1.pem in openssl s_server -CAfile option.
2. Run ./genheader.sh.
2. Run `openssl s_server -CAfile ca.pem -cert server.pem -key server.key -verify 1 -tls1_2 -accept 443` in ./main directory to start server on your PC and wait for ESP8266 client to connect it.
3. Modify this two lines in file openssl_demo.c to your computer server ip and port.
```#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196"```
```#define OPENSSL_DEMO_TARGET_TCP_PORT 443```
4. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
```#define SSID "HUAWEI001"```
```#define PASSWORD ""```
5. Make sure that the computer and ESP8266 are in the same local area network.
6. Run ./gen_misc.sh.
7. Run openssl s_server -CAfile ca.crt -cert server.crt -key server.key -verify 1 -tls1_1 -accept 443.
8. Download bin file to ESP8266.
3. Compile and download
- run `make menuconfig`
- Modify SSID and PASSWORD under menu "Example Configuration".
Make sure that the computer and ESP8266 are in the same local area network.
- Modify TARGET_NAME and TARGET_PORT under menu "Example Configuration".
- run `make flash monitor`
**ATTENTION**
@ -45,4 +31,4 @@
**2. Make sure the private key length larger than 2048.**
**3. Make sure the fragment size range is between 2048 and 8192.**
**3. Make sure the fragment size range is between 2048 and 16384.**

13
examples/protocols/openssl_client/gencrt.sh
View File

@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT
openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT
# generate the actual certs.
openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in ca.csr -out ca.pem -sha256 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
rm *.csr
rm *.srl
mv ca.* ./main
mv server.* ./main
mv client.* ./main

12
examples/protocols/openssl_client/genheader.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# set ca crt for use in the client
xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_client_crt.h
# set client crt for use in the client
xxd -i client.crt | sed -e "s/client_crt/client_crt/" >> ssl_client_crt.h
# set private key for use in the client
xxd -i client.key | sed -e "s/client_key/client_key/" >> ssl_client_crt.h
mv ssl_client_crt.h ./include

30
examples/protocols/openssl_client/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,30 @@
menu "Example Configuration"
config TARGET_DOMAIN
string "Target Domain"
default "192.168.4.1"
help
Target domain for the example to connect to.
config TARGET_PORT_NUMBER
int "Target port number"
range 0 65535
default 443
help
Target port number for the example to connect to.
config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.
config WIFI_PASSWORD
string "WiFi Password"
default "mypassword"
help
WiFi password (WPA or WPA2) for the example to use.
Can be left blank if the network has no security set.
endmenu

21
examples/protocols/openssl_client/main/ca.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXjCCAkYCCQCVKSVPdESWTzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjBxMQswCQYDVQQG
EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx
DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B
CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKJT+2qiM
+sKBwFyb0fFwm8OmFMXhYM9bx44/zw/MNy8PU9/0FbjB4V74KpUwgwtcdV7kb6S8
gXLJ/St483QeV2P9SZNfqmBIZR1jEdzv2S8aiqH2jNQD25QP0URtzF+z2H9j5d8g
wLbDa7m/JhpD6JYNpoA/ZvMCxNoOh7tkAS7sTkPwTpswlyIEL52zs7njjptSPeAs
dlmFTdzUf7pplZrl0bEqUKxZftgiUeQ73/yBp52yX1IML/wgu9Vcvg7y8NCunX3O
gzn6fAsM4HBITCUi4noPsCGoyRZ9mNofrI6ddbYp8PmzkkS2Ox5s5R/MAKBPrjco
UmAcCXYRZd7RAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC53zBJxhyfB5ZAEDaVm
tWB3Y5M8gA3I+6UcHiVQEOWm5kapJrMYQYCcLSQLt95FdaJkhEqZRfg2hxCRBGwk
9ochIvHH3KkK+eXPj0iBwz1hNhBE2ajvdZieOaf4zLwm6NwVS2emlvE2djhv1U1D
gmEvW+D47qPGU4QlEspOVXRmWZl0slx93xkDrL4l9FHJEOAbyaaAtVI7OCvlkrcr
egvbVyhV+/m7bkzcZq3GrElT8cQYNGEvoDJ4bELQci2lEh+e8+ShJE7msoRkLAan
Qhawblxq9MFnlcgqhtq8vJtNX6J+jHqjncVoaZMHsunslIsTBhLjolhSghr3GIo3
nHg=
-----END CERTIFICATE-----

27
examples/protocols/openssl_client/main/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAo+moW4Z6AqNIjwArqrZ1a6poUg0j7Y51jqC3rFmFV3i2+VIC
KalEIzJFCsD0mzU13NOcbsxD6cNnpSCqFX0Y1rfGy9eH9wkcm25gkUROd3NKgtKC
jCPolEdPqBKcIutV/J/qyfLkpAkqN53BF+zhC1Hx8agZMPlnvYYqEV9gOpnZES/p
YnKmUhMZNjRKDtjcQwQSin6VX8onx1ZKxsTMrDrTCE0c5lerS0zdw/Y+P7gb3hYk
8UvXaTp885DDtzd0Lk6KS06Z1+Eso3JlKdZL9i1gMeOjS0s+5G/OMp5e0evL8OSt
SuZTorJPjseVSy39GiNXfb8Jx/NHH1OO0SeB5QIDAQABAoIBAFQC0G2IsURk2C2j
Er5+ohQ61Rko7v81Av/FVB6cC4HXt0B2TfF4dhnsDAME/toGHcM/GnCXdT99DcRO
x54X7gEvVE7p+yAcpXLs0cXi0qzahJgkuRCG3xAQtL0aPLiREhNXC4nSWmnQ4Lh8
vJk8qeOZbn5DgBXf3tH+z9Tzo2ik29cw5/IPkqXO2j8nd8Rt4wUdDdD5RiGTv7zh
1frLEi9Qchg03iq4E0QTZufcdgdzZYqmLw+S/rTH8Y2WnZ8hqdOneT6TCRewfbo5
3dYJ23fOQXbycI0OvilcQV7bFIAKB2qiAJAp8z7HfsrEwo4nSC8lXJafgivedXgb
RQoZ1YECgYEA0ddfBMxQDPbwwxvLKaiQn+7bTBOgiqlYr2ITtVFTDlj99OcnV7qN
6d/whfnrRFgsqsmgK1uNPAJMGmyG+l8TKFEZosZYTQEpVVLSGOjsZ8Gb3oK6YynB
lHKlIn/ISy7F7HBQWfRF3Y0nk1s7A3P2QaH/GQ0BtjBgqz5dAJqanNUCgYEAx/fy
Zx3zXzmuK/zbfCk1JA4K6GjSEWXPhcYVpFiU/gGEZ+cUvcgRp7gaLrNhxMEL0qXN
Kj3Df279Vdlkk+AFIhLxOGGU8rA0AxIyCD3eESDBTDwA99LkIwNPVkU5GQZP/hq7
iSTDpVDE54DweZz6EsK2RTVOy9DCHCgMkogTmNECgYB2B92TdlTEphXQuQ5ylTUc
MJ87UILp281dgR4yy9aa6GWYXnjbuLxgQ60nvuadn7coLZchLDLqASTLbCYUKGw/
LjbsPwKl9bRJIPe6OTHYPqes5f1vD6qqFD5chGGmIF4F2zrnDiZKMz6CfTtZet2W
F0fE0HMZBmcpiz+Gum+jLQKBgGmWfdN/GBvnDBXD/W0RITM5iv7vIkT3el2Lm6/c
6kc5K93lQal4NAJYjtKr+2r1+DUxQSUV2d23EGO9V4NRncRBNkfsFscSzVP1zp9V
c6WdoxOK94PkQnxOah0GjkCteZ2WJgIjfH8VJ/OJvPCqN82iLLZckI/EWkqdxw20
doyRAoGAQ7DnBPe8Jdtj2PU7tUqPbg1EUTuQHr1EH6scCLtGqKFskIYZt5zHtGpF
wwpmSun2D9X3OTHP4oIlraDnjsQlasHZ1yaghLXKNd7hpe2e5uSB6mEqbfuZoWuy
jh6hsr5xVfwADf76wGU9JaDXyU6ItgqpniuQd7pkrK1ubST3DLs=
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_client/main/client.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQCSgOJ0ov23EjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB9MQswCQYDVQQG
EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF
U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw
EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCj6ahbhnoCo0iPACuqtnVrqmhSDSPtjnWOoLesWYVXeLb5UgIpqUQjMkUK
wPSbNTXc05xuzEPpw2elIKoVfRjWt8bL14f3CRybbmCRRE53c0qC0oKMI+iUR0+o
Epwi61X8n+rJ8uSkCSo3ncEX7OELUfHxqBkw+We9hioRX2A6mdkRL+licqZSExk2
NEoO2NxDBBKKfpVfyifHVkrGxMysOtMITRzmV6tLTN3D9j4/uBveFiTxS9dpOnzz
kMO3N3QuTopLTpnX4SyjcmUp1kv2LWAx46NLSz7kb84ynl7R68vw5K1K5lOisk+O
x5VLLf0aI1d9vwnH80cfU47RJ4HlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEB8
SMViLcLx2H4jKnUxbeEcfudNi22In6EcV+s9s+1zLv0CedCgmo7Fj0in4YkmZu8f
SWTfllcwpH3ZThr3W+1nORjUMJMjAWgfjovJTooiJrWrJpC9wQE0DtSGfpvzUN0X
PP3VInyBc92QH9eCmoM0kT1ODK1/fBsIKCm9y9mmFpBt+D32EQJrLM+LvjQD3FZX
d/hr+7sTIlpONW/mMTLybBtRV0x/JPoVWRb/bfvZhRXpiMeGRUd1igotf6WVf4sf
Qh9MmfBDuhjSMlqFqYjlrVjFmG7U84v78AR0J6gDh85xZz5Hd/IE+dxssfSULgGr
cgNhnGg2dL4o2kysUF8=
-----END CERTIFICATE-----

4
examples/protocols/openssl_client/main/component.mk
View File

@ -2,4 +2,6 @@
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
COMPONENT_EMBED_TXTFILES := ca.pem
COMPONENT_EMBED_TXTFILES += client.pem
COMPONENT_EMBED_TXTFILES += client.key

341
examples/protocols/openssl_client/main/openssl_client_example_main.c Normal file
View File

@ -0,0 +1,341 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "sdkconfig.h"
#include "esp_misc.h"
#include "esp_sta.h"
#include "esp_system.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include <sys/socket.h>
#include <netdb.h>
#include "openssl/ssl.h"
#define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
#define OPENSSL_CLIENT_THREAD_STACK_WORDS 2048
#define OPENSSL_CLIENT_THREAD_PRORIOTY 6
extern const uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
extern const uint8_t ca_pem_end[] asm("_binary_ca_pem_end");
extern const uint8_t client_pem_start[] asm("_binary_client_pem_start");
extern const uint8_t client_pem_end[] asm("_binary_client_pem_end");
extern const uint8_t client_key_start[] asm("_binary_client_key_start");
extern const uint8_t client_key_end[] asm("_binary_client_key_end");
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_CLIENT_FRAGMENT_SIZE 2048
/* Local tcp port */
#define OPENSSL_CLIENT_LOCAL_TCP_PORT 1000
#define OPENSSL_CLIENT_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_CLIENT_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_CLIENT_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];
LOCAL void openssl_client_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
int socket;
struct sockaddr_in sock_addr;
struct hostent* entry = NULL;
int recv_bytes = 0;
printf("OpenSSL client thread start...\n");
/*get addr info for hostname*/
do {
entry = gethostbyname(CONFIG_TARGET_DOMAIN);
vTaskDelay(100 / portTICK_RATE_MS);
} while (entry == NULL);
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_2_client_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
if (cacrt) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load client crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, client_pem_end - client_pem_start, client_pem_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load client private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key_start, client_key_end - client_key_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
ret = 0;
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("bind socket ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_CLIENT_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed4;
}
printf("OK\n");
printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
sock_addr.sin_port = htons(CONFIG_TARGET_PORT_NUMBER);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
printf("create SSL ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed6;
}
printf("OK\n");
SSL_set_fd(ssl, socket);
printf("SSL connected to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER);
ret = SSL_connect(ssl);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed7;
}
printf("OK\n");
printf("send request to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER);
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed8;
}
printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_CLIENT_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
printf("read %d bytes data from %s ......\n", recv_bytes, CONFIG_TARGET_DOMAIN);
failed8:
SSL_shutdown(ssl);
failed7:
SSL_free(ssl);
failed6:
failed5:
failed4:
close(socket);
failed3:
failed2:
SSL_CTX_free(ctx);
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_client_thread,
OPENSSL_CLIENT_THREAD_NAME,
OPENSSL_CLIENT_THREAD_STACK_WORDS,
NULL,
OPENSSL_CLIENT_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_CLIENT_THREAD_NAME);
return ;
}
}
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

228
examples/protocols/openssl_client/main/openssl_demo.c
View File

@ -1,228 +0,0 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stddef.h>
#include "openssl_demo.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "c_types.h"
#include "esp_misc.h"
#include "lwip/sockets.h"
#include "lwip/api.h"
#include "ssl_client_crt.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_DEMO_FRAGMENT_SIZE 2048
/* Local tcp port */
#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
/* Server ip address */
#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196"
/* Server tcp port */
#define OPENSSL_DEMO_TARGET_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
LOCAL void openssl_demo_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
int socket;
struct sockaddr_in sock_addr;
ip_addr_t target_ip;
int recv_bytes = 0;
printf("OpenSSL demo thread start...\n");
do {
ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip);
} while (ret);
printf("get target IP is "IPSTR"\n", IP2STR(&(target_ip.u_addr.ip4)));
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_client_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509 *cacrt = d2i_X509(NULL, ca_crt, ca_crt_len);
if(cacrt){
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("load client crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, client_crt_len, client_crt);
if(ret){
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("load client private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key, client_key_len);
if(ret){
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
ret = 0;
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("bind socket ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed4;
}
printf("OK\n");
printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr;
sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
printf("create SSL ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed6;
}
printf("OK\n");
SSL_set_fd(ssl, socket);
printf("SSL connected to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_connect(ssl);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed7;
}
printf("OK\n");
printf("send request to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed8;
}
printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
failed8:
SSL_shutdown(ssl);
failed7:
SSL_free(ssl);
failed6:
failed5:
failed4:
close(socket);
failed3:
failed2:
SSL_CTX_free(ctx);
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_demo_thread,
OPENSSL_DEMO_THREAD_NAME,
OPENSSL_DEMO_THREAD_STACK_WORDS,
NULL,
OPENSSL_DEMO_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME);
return ;
}
}

14
examples/protocols/openssl_client/main/openssl_demo.h
View File

@ -1,14 +0,0 @@
/*
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef _OPENSSL_DEMO_H_
#define _OPENSSL_DEMO_H_
void user_conn_init(void);
#endif

27
examples/protocols/openssl_client/main/server.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4wXG8hMRb6vOxWQOHMKNvSNbzYRxBNRYqLGHZjH9/jGySN9I
T+RymtSv9lH+XjNCGaanzcVxrgQzupk1GH2pgkrWczauqasZoRfnBECKOdihpyjx
iknh+lVbjK3intRqrF0dKYhNNXUvK26YMVCFktniucauK6iv9FhV+B/dO7KFgJzi
7qbtrT0UMSgitoGl+Q27wyKSkTbzUtiHWEfzFvQEaPdejH5AuWDKQW5K3eV2nckd
PL+0WOa1jAsEZyy4qZsH49YidW0Gp6CUZ79QJjsjHzvlbr+dsdaWdbqkNPv7oHjj
iJNAlcwucjUiNgHXwByGObDL2PZ2KdCNTs8t/wIDAQABAoIBAEUv7Iq3/vdej/ye
WqKvNE0xKng+5cbIBGEdAZvGnpbKhIAq9DnM8JR5P0s9f90rl/iDTt6qTtPu2ekD
aigVnARmVGb2glKZH4114GTuWnH4sINmOf6gN6t4OhdsowUuzXfMROf0bztchEyj
PuTAmoS/vJZLk6cgmMdJ6KFe7KiVU4PPu4eT6XP41nYV7ZYETevJzW6f4jUZJ2ta
FKI70JE+u5iFc1amGqHfJJezPPdLM4FbPW2qYhWEfe75kVsyUJrlBCgxTXiv3jgh
1ewd7m+loBe+S/I+51Hi6rLWRU5cjhiRmDRzgVP9OYeHypXykfS0JN0F7VlySEPG
gXEc7LECgYEA+x6eENjsQlJcrUe5vQKrnzguZrWStbWbJeuIvAvtr7s9GhdLNZl5
eVk3xlyOyo6wonrbtrS5REs5HIRRRMdLo30PCgYWJRYT51UF2aLv9oMTGhNSlvdA
5L/X/aOJpZJXpV7YMbi7ILn3Hpm3zgXprX0px6wSVFNczZTdnr4JPakCgYEA529F
XNqVoIAOS5LR2dc9JHMtbNyvf3vo9LUu57XOv9OKJYGOrpTLAfN1pNfJ69BqWzX6
JMeghIlosvDXG9XRk4mAtjb9rwiBrXDg0FqOb6z5QWmMsVHW9lsOD1iHqdc7rYPV
QuCmxJFK5cUEFqfEfrYSa+RrpDlNtPZtb9iBx2cCgYEA0kAdSa/Fh/XbgH1YJsdQ
mBt6xiXqMtddkg81SXSXShXzn5+3KaZZDV/EkgE20KNNgoxo3v1LTMHKjHTAclyG
mNiBOfxEmEJ24a3PGxwP24589M0OzjUwERYKqmM9QPJZDa1uR5sKmej53ZYITaen
scjkrTgFlLLDNaEZOOqVZBkCgYAgUMIvr/nammbkmJCiyVIpR8fc/oem1md12+K7
ygAfeus8R3Xj3LToBdW0eckhG03uhH/0KMe6GfG7orN2mImV/0owp0cO7LImxK8v
iKWA5Hc9cf6KN/I7HgW9kNAIoBweI11g5DuFEQCTSspCW5StWMEDvbZmDPZTwWEQ
j/u3GwKBgAH3fWE+fMF+BmaYAubgUUQzBQEsC9bZC/anELABex2ru3p5zR1HVuAT
KgEmFCizRf5ST4bihq/rzxJ9TbwHXlN1ZSI6Hvgm1etY0CZRg4o7vMBYglfibX0L
AyhS+oeWdUWSJMxMxrL3uPvXfksX4ol1WiXdkHF3jAzmhjJdRx+W
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_client/main/server.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAkwCCQCSgOJ0ov23ETANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB3MQswCQYDVQQG
EwJDMjENMAsGA1UECAwESlMyMjENMAsGA1UEBwwEV1gyMjEOMAwGA1UECgwFRVNQ
MjIxDjAMBgNVBAsMBUVTUDIyMRQwEgYDVQQDDAtTZXJ2ZXIyMiBDQTEUMBIGCSqG
SIb3DQEJARYFRVNQMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj
BcbyExFvq87FZA4cwo29I1vNhHEE1FiosYdmMf3+MbJI30hP5HKa1K/2Uf5eM0IZ
pqfNxXGuBDO6mTUYfamCStZzNq6pqxmhF+cEQIo52KGnKPGKSeH6VVuMreKe1Gqs
XR0piE01dS8rbpgxUIWS2eK5xq4rqK/0WFX4H907soWAnOLupu2tPRQxKCK2gaX5
DbvDIpKRNvNS2IdYR/MW9ARo916MfkC5YMpBbkrd5XadyR08v7RY5rWMCwRnLLip
mwfj1iJ1bQanoJRnv1AmOyMfO+Vuv52x1pZ1uqQ0+/ugeOOIk0CVzC5yNSI2AdfA
HIY5sMvY9nYp0I1Ozy3/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHHC3TO3TWoD
FKrjs8nMQxm+PrTEaV4+4nzJU86pSrdrXdPfsWd6RixXYidb0p1Pg4urCwLf+1Cu
/JmXA1F/9yFCfV53VPYnT6HQ+W1DwU8A+cyTweh4hZvEQEmFtbt2dHZMLTMlUwBQ
mmGM4Urfl1AyCdqQIK4EmPqBwtuBGVjIAixdRH3YcWPSkxV51ppHh2P6yk/4/D2B
GYfTBA3h7myfbdqiMDRJuBIfUAsaDmohPOmYQIuh0YdwdWQxZVi6r6JSg3nV9udI
M2p5MfFrpXz9MkC9XUZ/pQXszsPQJHyL76mozujEWpANWwofskfLHJmWPOcsJmIk
VLMMmm1AhdI=
-----END CERTIFICATE-----

18
examples/protocols/openssl_client/main/user_config.h
View File

@ -1,18 +0,0 @@
/*
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef __USER_CONFIG_H__
#define __USER_CONFIG_H__
#include "openssl_demo.h"
#define SSID "HUAWEI001"
#define PASSWORD ""
#endif

100
examples/protocols/openssl_client/main/user_main.c
View File

@ -1,100 +0,0 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "esp_common.h"
#include "user_config.h"
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, SSID);
sprintf(config.password, PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

2
examples/protocols/openssl_server/Makefile
View File

@ -3,7 +3,7 @@
# project subdirectory.
#
PROJECT_NAME := hello-world
PROJECT_NAME := openssl-server
include $(IDF_PATH)/make/project.mk

43
examples/protocols/openssl_server/README.md
View File

@ -1,39 +1,30 @@
1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_server directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key.
The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
The server.pem and client.pem was generated by the same ca.pem in gencrt.sh.
Server side needs ca.crt(to verify client.crt), server.crt, server.key
Server side needs ca.pem(to verify client.pem), server.pem, server.key
Client side needs ca.crt(to verify server.crt), client.crt, client.key
Client side needs ca.pem(to verify server.pem), client.pem, client.key
If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key:
Client side needs ca2.crt, client1.crt, client1.key.
Client side needs ca2.pem, client1.pem, client1.key.
Server side needs ca1.crt, server2.crt, server2.key.
Server side needs ca1.pem, server2.pem, server2.key.
Rename ca1.crt server2.crt server2.key to ca.crt server.crt server.key and run ./genheader.sh.
Rename ca1.pem server2.pem server2.key to ca.pem server.pem server.key.
Use ca2.crt in openssl s_client -CAfile option.
Use ca2.pem in openssl s_client -CAfile option.
2. Run ./genheader.sh.
2. Compile and download
- run `make menuconfig`
- Modify SSID and PASSWORD under menu "Example Configuration".
Make sure that the computer and ESP8266 are in the same local area network.
- run `make flash monitor`
3. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
```#define SSID "HUAWEI001"```
```#define PASSWORD ""```
4. Make sure that the computer and ESP8266 are in the same local area network.
5. Run ./gen_misc.sh.
6. Download bin file to ESP8266.
Find server ip address in ESP8266 UART log: ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1.
7. Run openssl s_client -CAfile ca.crt -cert client.crt -key client.key -verify 1 -tls1_1 -host 192.168.3.6 -port 443.
3. Find server ip address in ESP8266 UART log, such as:`ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1`.
4. Run `openssl s_client -CAfile ca.pem -cert client.pem -key client.key -verify 1 -tls1_2 -host 192.168.3.6 -port 443` in ./main directory to start client on your PC and connect to ESP8266 server.
**ATTENTION**
@ -41,4 +32,4 @@
**2. Make sure the private key length larger than 2048.**
**3. Make sure the fragment size range is between 2048 and 8192.**
**3. Make sure the fragment size range is between 2048 and 16384.**

13
examples/protocols/openssl_server/gencrt.sh
View File

@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT
openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT
# generate the actual certs.
openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in ca.csr -out ca.pem -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
rm *.csr
rm *.srl
mv ca.* ./main
mv server.* ./main
mv client.* ./main

12
examples/protocols/openssl_server/genheader.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# set ca crt for use in the server
xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_server_crt.h
# set server crt for use in the server
xxd -i server.crt | sed -e "s/server_crt/server_crt/" >> ssl_server_crt.h
# set private key for use in the server
xxd -i server.key | sed -e "s/server_key/server_key/" >> ssl_server_crt.h
mv ssl_server_crt.h ./include

17
examples/protocols/openssl_server/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,17 @@
menu "Example Configuration"
config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.
config WIFI_PASSWORD
string "WiFi Password"
default "mypassword"
help
WiFi password (WPA or WPA2) for the example to use.
Can be left blank if the network has no security set.
endmenu

21
examples/protocols/openssl_server/main/ca.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXjCCAkYCCQCKO2+tDiY2HTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjBxMQswCQYDVQQG
EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx
DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B
CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4/Tn8wT+3
M7XpH4X0kF2WSVwCNWcU9nhpOki/9U8bMIfk/S6i2IYhUVSnDgogxiW9tMfGzjar
gk4ZrWFeRxicgknxKMhWSrUny8mXvEE2aUU7F+Udqimi56ZYAkF+v2wNMrh6UWDH
IF2FfPXsngg2vbM1+nSLaSvTzVL5bupqWFU5gFUocyoAMKInGinz2prG4xDWVkoL
d0Ees9XrozWYmWG1M48xNK1PdtN4aK/UEAY4W9QMX3Lgo26wTauSB4m3pb+5D2pL
MzGmCkZadcpug8rkf0yA+D0V1uP5DJH1mtKCWwHRaYjOazv5USk7lifOYbi83MwY
/tM6UPhFpZCzAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEDnb5fBpYaDjFSRst9s
Yu2yqCj6GyOeRLlDL4N9ySm/kPfgEGlrMhMgdYNKXkHf0F9fioKqXDI0apT8NHAq
lpDRifPU+pYu1YWalti0f+Ktwy+A56cPU/e5TzKLw7gcQ8UGeG6EsSUeq8OU7+Sg
cBmRouUT7q4LExq8AEo0S2ELlNIcV9k0KASCQLDR0aTBiaWnLXoq5hVvGbEsuDeG
6YUhO+L4IQs8o+JZYmXM7Fl1lpddu7XSEdpe+4n/u350GoR9xLXDiCuE/AS/g85f
+U5XybySN5Mvr+GqnGo/JbAsArgXW4mu+5q50aZ7MgJSeWAEEmhDV5pEATeqLfbO
9tk=
-----END CERTIFICATE-----

27
examples/protocols/openssl_server/main/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtaPgzM+DKRyHYrGU0iOgsOj+/U0sRXmQ6fqcuuLq/1JMCJ17
PRmr7wMpmtFS93NnbYeFyvNNshecsv9qmhvNXiatez6gd79cqP00O0QSRC3DhZCa
nVpjB7EsFcHMH9T1EXQmJ6GGo3jyQGvoneqWWAuiT0hth8sp9ms3Q/WhgjLaC9qe
eebD3IxyCIJhXe9XX1ToBQIaGofbf1cQpPxPK4ITve9cALgaknJ+E70jhSG2B24p
c+LqzIj7QeGkmq6CJf1qhYsJmxXi26osmYjQyC6fsQ0Fa3X5YXQsshR0eZ/cexwi
nILSK1aBCBAuORwvghIAN7zXuCay4U2qOWRSSwIDAQABAoIBAE1WeWC6+h2HCB39
fl/6y3CHxAoV0cPC/vCgxBrOg0Ayyizg4JgjVhFuR0ij16+Ec4UvLsg6z9oEM7QD
DGCRdd+gmDzhbXGPCOTq6lJRqXVeBuHXr/1PftrHlP2uhjsHcVD9I0G8hJcV6A+F
4oVaXKkgSvt22yv2VOeWvvEwpJPKW1zZvbL75LBfgNbeJB1WeXRj7XGnwl4XlTWT
QnKKcgcPgMrw4fWDhVYpdA/6SOi46w+MsRWPCmFUB5b8Qwiqimm4zcWZHB3iNqCf
hxeqkuAV7RUBtJVQVhE1CTaGAaaScRt+Iz4vnH3tziBFIr8vBOHQQT7nkQOR8V5O
dddicAECgYEA3RjPDwNKlyfGMrNfFA3xSZvlTUueL0AF1r3NbTa4uw6tu7ZdUYS3
zESaiTm35Hg0uaOKKLojbgMJaDRuw7/te6hBGIYPJFpOtpA7Y3JZU3Xdh0C8K9uU
5i6ctkfj1m23nVrwc3eOz/qyVrR6ru7I4Z2wJQzeTVPV4k6ea4P4q5kCgYEA0lCA
v35NR08ocCekhbiOSPdsW7NS/+/+nLVsWpH2U11nD5EYrMY55PewhfB+jytw6hxV
UXBaNB+IAaFgcBNKPqwXaFMXLrrr+cXx8b9j8XsLGmS7CX9kyX8R7450NkxPXmkh
ts+kf2xvzECeRuI8Xi2VNEatqR2JSH9PWouCe4MCgYBxBClzZx9NvMsXR5EmUyov
kjzYEfs98+AIMOU9Gme7VnmAJmv1K344MCk+U/6oDroE2o/Y2a0aovrABW1JKmZe
e1crDfvXfUIXGAsDfoQioXEnnfOSB6BJOTJqCr1v8o2VJdMbctXRgjh/EapUmUKd
8VkE11sa8+u0zrM0CjWmoQKBgQC86o1L9fMKzAMiA6oYZ/h/eKlAEevLdNP8BkeH
b7eZmLv70rUcdY8JqqhJGAdHKZlq4fqNheOxEGXGOSR8aAd4FnOMRZ78XfGcUn+L
TQVEo+cMVVFhLarmCJue2RJwt8lPoBYltY0o3Mnr6luChrP9UOrGo3pY/+wSUDGC
vvB9awKBgQCEzfvWcPN9PHOSnYjxwEIRhFLeDWG77lFj0qSTSrjJ06uLMMIp9hcg
PYgk6AJwQNCDfoYHyF7ZUn8UydL93fq6CzmDFHIulw3eUIriOFgPbWjaLdcW3XEC
/gVhSlWIQhFpiHJJbAZ3DEw8OxXpA7rpuI7l29I43sf42t9lzYN6Nw==
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_server/main/client.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQDcpwWJyoCFiDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjB9MQswCQYDVQQG
EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF
U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw
EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC1o+DMz4MpHIdisZTSI6Cw6P79TSxFeZDp+py64ur/UkwInXs9GavvAyma
0VL3c2dth4XK802yF5yy/2qaG81eJq17PqB3v1yo/TQ7RBJELcOFkJqdWmMHsSwV
wcwf1PURdCYnoYajePJAa+id6pZYC6JPSG2Hyyn2azdD9aGCMtoL2p555sPcjHII
gmFd71dfVOgFAhoah9t/VxCk/E8rghO971wAuBqScn4TvSOFIbYHbilz4urMiPtB
4aSaroIl/WqFiwmbFeLbqiyZiNDILp+xDQVrdflhdCyyFHR5n9x7HCKcgtIrVoEI
EC45HC+CEgA3vNe4JrLhTao5ZFJLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJDf
Ofo/NL/N1xL2g6bUfk2OQUfWWVTPPOtkbvbP2PrLwxjmZFl2p5uvA6lTGWo0IcQx
YN4baF+KbD8WdzDkfrXvPE2h1SwQut2XXi3JB+TgU/ZJq6qf7LkkYvojxaI6/80X
3l1CbpwLCr+Empw9mtgMGkl4SCGR2qirYWoDbF+fNMM/fwMpPUtssbIrcueVmrJc
TE2T7zhdY1a7h+M1vojqnZ6eHqf7VhH83+DwO1tIeC0dpFbCdTtymtVRxlHPvdU1
rZt7+CIBM9LQhwzX7LaGG+Mk53mMzO7nqdD+APSRgKq4bLWXOeXs58YRHRiYdHAE
g/rV6gxK6lhBb/gQ+uw=
-----END CERTIFICATE-----

4
examples/protocols/openssl_server/main/component.mk
View File

@ -2,4 +2,6 @@
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
COMPONENT_EMBED_TXTFILES := ca.pem
COMPONENT_EMBED_TXTFILES += server.pem
COMPONENT_EMBED_TXTFILES += server.key

226
examples/protocols/openssl_server/main/openssl_demo.c
View File

@ -1,226 +0,0 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stddef.h>
#include "openssl_demo.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "c_types.h"
#include "esp_misc.h"
#include "lwip/sockets.h"
#include "ssl_server_crt.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_DEMO_FRAGMENT_SIZE 2048
/* Local server tcp port */
#define OPENSSL_DEMO_LOCAL_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
LOCAL void openssl_demo_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
struct sockaddr_in sock_addr;
int sockfd, new_sockfd;
int recv_bytes = 0;
socklen_t addr_len;
printf("OpenSSL demo thread start...\n");
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_server_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_crt, ca_crt_len);
if (cacrt) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, server_crt_len, server_crt);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, server_key, server_key_len);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......OK\n");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
printf("create socket ......");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
printf("failed\n");
goto failed2;
}
printf("OK\n");
printf("socket bind ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("bind failed\n");
goto failed3;
}
printf("bind OK\n");
printf("server socket listen ......");
ret = listen(sockfd, 32);
if (ret) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
reconnect:
printf("SSL server create ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("SSL server socket accept client ......");
new_sockfd = accept(sockfd, (struct sockaddr*)&sock_addr, &addr_len);
if (new_sockfd < 0) {
printf("failed");
goto failed4;
}
printf("OK\n");
SSL_set_fd(ssl, new_sockfd);
printf("SSL server accept client ......");
ret = SSL_accept(ssl);
if (!ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
SSL_shutdown(ssl);
failed5:
close(new_sockfd);
new_sockfd = -1;
failed4:
SSL_free(ssl);
ssl = NULL;
goto reconnect;
failed3:
close(sockfd);
sockfd = -1;
failed2:
SSL_CTX_free(ctx);
ctx = NULL;
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_demo_thread,
OPENSSL_DEMO_THREAD_NAME,
OPENSSL_DEMO_THREAD_STACK_WORDS,
NULL,
OPENSSL_DEMO_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME);
return ;
}
}

Some files were not shown because too many files have changed in this diff Show More