espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-06-21 23:00:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

openssl: sync openssl wrap layer from esp-idf and add openssl_demo

Browse Source
This commit is contained in:
Espressif Systems
2017-02-04 10:51:11 +08:00
parent ae29bf8a59
commit bbdf36667a
43 changed files with 8880 additions and 914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
examples/openssl_demo/Makefile Normal file
View File

@ -0,0 +1,123 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of object file images to be generated ()
# GEN_BINS - list of binaries to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
TARGET = eagle
#FLAVOR = release
FLAVOR = debug
#EXTRA_CCFLAGS += -u
ifndef PDIR # {
GEN_IMAGES= eagle.app.v6.out
GEN_BINS= eagle.app.v6.bin
SPECIAL_MKTARGETS=$(APP_MKTARGETS)
SUBDIRS= \
user \
programs
endif # } PDIR
LDDIR = $(SDK_PATH)/ld
CCFLAGS += -Os
TARGET_LDFLAGS = \
-nostdlib \
-Wl,-EL \
--longcalls \
--text-section-literals
ifeq ($(FLAVOR),debug)
TARGET_LDFLAGS += -g -O2
endif
ifeq ($(FLAVOR),release)
TARGET_LDFLAGS += -g -O0
endif
COMPONENTS_eagle.app.v6 = \
user/libuser.a \
programs/openssl_demo.a
LINKFLAGS_eagle.app.v6 = \
-L$(SDK_PATH)/lib \
-Wl,--gc-sections \
-nostdlib \
-T$(LD_FILE) \
-Wl,--no-check-sections \
-u call_user_start \
-Wl,-static \
-Wl,--start-group \
-lcirom \
-lgcc \
-lhal \
-lcrypto \
-lfreertos \
-llwip \
-lmain \
-lnet80211 \
-lphy \
-lpp \
-lmbedtls \
-lopenssl \
-lwpa \
$(DEP_LIBS_eagle.app.v6)\
-Wl,--end-group
DEPENDS_eagle.app.v6 = \
$(LD_FILE) \
$(LDDIR)/eagle.rom.addr.v6.ld
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#UNIVERSAL_TARGET_DEFINES = \
# Other potential configuration flags include:
# -DTXRX_TXBUF_DEBUG
# -DTXRX_RXBUF_DEBUG
# -DWLAN_CONFIG_CCX
CONFIGURATION_DEFINES = -DICACHE_FLASH
DEFINES += \
$(UNIVERSAL_TARGET_DEFINES) \
$(CONFIGURATION_DEFINES)
DDEFINES += \
$(UNIVERSAL_TARGET_DEFINES) \
$(CONFIGURATION_DEFINES)
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include -I include -I $(SDK_PATH)/include/openssl
sinclude $(SDK_PATH)/Makefile
.PHONY: FORCE
FORCE:

165
examples/openssl_demo/gen_misc.sh Executable file
View File

@ -0,0 +1,165 @@
#!/bin/bash
echo "gen_misc.sh version 20150911"
echo ""
if [ $SDK_PATH ]; then
echo "SDK_PATH:"
echo "$SDK_PATH"
echo ""
else
echo "ERROR: Please export SDK_PATH in gen_misc.sh firstly, exit!!!"
exit
fi
if [ $BIN_PATH ]; then
echo "BIN_PATH:"
echo "$BIN_PATH"
echo ""
else
echo "ERROR: Please export BIN_PATH in gen_misc.sh firstly, exit!!!"
exit
fi
echo "Please check SDK_PATH & BIN_PATH, enter (Y/y) to continue:"
read input
if [[ $input != Y ]] && [[ $input != y ]]; then
exit
fi
echo ""
echo "Please follow below steps(1-5) to generate specific bin(s):"
echo "STEP 1: use boot_v1.2+ by default"
boot=new
echo "boot mode: $boot"
echo ""
echo "STEP 2: choose bin generate(0=eagle.flash.bin+eagle.irom0text.bin, 1=user1.bin, 2=user2.bin)"
echo "enter (0/1/2, default 0):"
read input
if [ -z "$input" ]; then
if [ $boot != none ]; then
boot=none
echo "ignore boot"
fi
app=0
echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
elif [ $input == 1 ]; then
if [ $boot == none ]; then
app=0
echo "choose no boot before"
echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
else
app=1
echo "generate bin: user1.bin"
fi
elif [ $input == 2 ]; then
if [ $boot == none ]; then
app=0
echo "choose no boot before"
echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
else
app=2
echo "generate bin: user2.bin"
fi
else
if [ $boot != none ]; then
boot=none
echo "ignore boot"
fi
app=0
echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
fi
echo ""
echo "STEP 3: choose spi speed(0=20MHz, 1=26.7MHz, 2=40MHz, 3=80MHz)"
echo "enter (0/1/2/3, default 2):"
read input
if [ -z "$input" ]; then
spi_speed=40
elif [ $input == 0 ]; then
spi_speed=20
elif [ $input == 1 ]; then
spi_speed=26.7
elif [ $input == 3 ]; then
spi_speed=80
else
spi_speed=40
fi
echo "spi speed: $spi_speed MHz"
echo ""
echo "STEP 4: choose spi mode(0=QIO, 1=QOUT, 2=DIO, 3=DOUT)"
echo "enter (0/1/2/3, default 0):"
read input
if [ -z "$input" ]; then
spi_mode=QIO
elif [ $input == 1 ]; then
spi_mode=QOUT
elif [ $input == 2 ]; then
spi_mode=DIO
elif [ $input == 3 ]; then
spi_mode=DOUT
else
spi_mode=QIO
fi
echo "spi mode: $spi_mode"
echo ""
echo "STEP 5: choose spi size and map"
echo " 0= 512KB( 256KB+ 256KB)"
echo " 2=1024KB( 512KB+ 512KB)"
echo " 3=2048KB( 512KB+ 512KB)"
echo " 4=4096KB( 512KB+ 512KB)"
echo " 5=2048KB(1024KB+1024KB)"
echo " 6=4096KB(1024KB+1024KB)"
echo "enter (0/2/3/4/5/6, default 0):"
read input
if [ -z "$input" ]; then
spi_size_map=0
echo "spi size: 512KB"
echo "spi ota map: 256KB + 256KB"
elif [ $input == 2 ]; then
spi_size_map=2
echo "spi size: 1024KB"
echo "spi ota map: 512KB + 512KB"
elif [ $input == 3 ]; then
spi_size_map=3
echo "spi size: 2048KB"
echo "spi ota map: 512KB + 512KB"
elif [ $input == 4 ]; then
spi_size_map=4
echo "spi size: 4096KB"
echo "spi ota map: 512KB + 512KB"
elif [ $input == 5 ]; then
spi_size_map=5
echo "spi size: 2048KB"
echo "spi ota map: 1024KB + 1024KB"
elif [ $input == 6 ]; then
spi_size_map=6
echo "spi size: 4096KB"
echo "spi ota map: 1024KB + 1024KB"
else
spi_size_map=0
echo "spi size: 512KB"
echo "spi ota map: 256KB + 256KB"
fi
echo ""
echo "start..."
echo ""
make clean
make BOOT=$boot APP=$app SPI_SPEED=$spi_speed SPI_MODE=$spi_mode SPI_SIZE_MAP=$spi_size_map

6
examples/openssl_demo/include/openssl_demo.h Normal file
View File

@ -0,0 +1,6 @@
#ifndef _OPENSSL_DEMO_H_
#define _OPENSSL_DEMO_H_
void user_conn_init(void);
#endif

34
examples/openssl_demo/include/user_config.h Normal file
View File

@ -0,0 +1,34 @@
/*
* ESPRSSIF MIT License
*
* Copyright (c) 2015 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
*
* Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
* it is free of charge, to any person obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the Software is furnished
* to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or
* substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
*/
#ifndef __USER_CONFIG_H__
#define __USER_CONFIG_H__
#include "openssl_demo.h"
#define SSID "UTT-750"
#define PASSWORD "espressif"
#endif

47
examples/openssl_demo/programs/Makefile Normal file
View File

@ -0,0 +1,47 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
UP_EXTRACT_DIR = ..
GEN_LIBS = openssl_demo.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

174
examples/openssl_demo/programs/openssl_demo.c Normal file
View File

@ -0,0 +1,174 @@
#include <stddef.h>
#include "openssl_demo.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "espressif/c_types.h"
#include "lwip/sockets.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6
#define OPENSSL_DEMO_FRAGMENT_SIZE 8192
#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
#define OPENSSL_DEMO_TARGET_NAME "www.baidu.com"
#define OPENSSL_DEMO_TARGET_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
LOCAL void openssl_demo_thread(void *p)
{
int ret;
SSL_CTX *ctx;
SSL *ssl;
int socket;
struct sockaddr_in sock_addr;
ip_addr_t target_ip;
int recv_bytes = 0;
os_printf("OpenSSL demo thread start...\n");
do {
ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip);
} while(ret);
os_printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((target_ip.addr & 0x000000ff) >> 0),
(unsigned char)((target_ip.addr & 0x0000ff00) >> 8),
(unsigned char)((target_ip.addr & 0x00ff0000) >> 16),
(unsigned char)((target_ip.addr & 0xff000000) >> 24));
os_printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_client_method());
if (!ctx) {
os_printf("failed\n");
goto failed1;
}
os_printf("OK\n");
os_printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
ret = 0;
if (ret) {
os_printf("failed, return %d\n", ret);
goto failed2;
}
os_printf("OK\n");
os_printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
os_printf("failed\n");
goto failed3;
}
os_printf("OK\n");
os_printf("bind socket ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
os_printf("failed\n");
goto failed4;
}
os_printf("OK\n");
os_printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = target_ip.addr;
sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
os_printf("failed\n", OPENSSL_DEMO_TARGET_NAME);
goto failed5;
}
os_printf("OK\n");
os_printf("create SSL ......");
ssl = SSL_new(ctx);
if (!ssl) {
os_printf("failed\n");
goto failed6;
}
os_printf("OK\n");
SSL_set_fd(ssl, socket);
os_printf("SSL connected to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_connect(ssl);
if (!ret) {
os_printf("failed, return [-0x%x]\n", -ret);
goto failed7;
}
os_printf("OK\n");
os_printf("send request to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
os_printf("failed, return [-0x%x]\n", -ret);
goto failed8;
}
os_printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
os_printf("%s", recv_buf);
} while (1);
os_printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
failed8:
SSL_shutdown(ssl);
failed7:
SSL_free(ssl);
failed6:
failed5:
failed4:
close(socket);
failed3:
failed2:
SSL_CTX_free(ctx);
failed1:
vTaskDelete(NULL);
os_printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_demo_thread,
OPENSSL_DEMO_THREAD_NAME,
OPENSSL_DEMO_THREAD_STACK_WORDS,
NULL,
OPENSSL_DEMO_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
os_printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME);
return ;
}
}

44
examples/openssl_demo/user/Makefile Normal file
View File

@ -0,0 +1,44 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
GEN_LIBS = libuser.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

108
examples/openssl_demo/user/user_main.c Normal file
View File

@ -0,0 +1,108 @@
/*
* ESPRSSIF MIT License
*
* Copyright (c) 2015 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
*
* Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
* it is free of charge, to any person obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the Software is furnished
* to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or
* substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
*/
#include "esp_common.h"
#include "user_config.h"
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t *event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
os_printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
os_printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, SSID);
sprintf(config.password, PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

44
include/openssl/internal/ssl3.h Normal file
View File

@ -0,0 +1,44 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL3_H_
#define _SSL3_H_
#ifdef __cplusplus
extern "C" {
#endif
# define SSL3_AD_CLOSE_NOTIFY 0
# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
# define SSL3_AD_NO_CERTIFICATE 41
# define SSL3_AD_BAD_CERTIFICATE 42
# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
# define SSL3_AD_CERTIFICATE_REVOKED 44
# define SSL3_AD_CERTIFICATE_EXPIRED 45
# define SSL3_AD_CERTIFICATE_UNKNOWN 46
# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
# define SSL3_AL_WARNING 1
# define SSL3_AL_FATAL 2
#define SSL3_VERSION 0x0300
#ifdef __cplusplus
}
#endif
#endif

55
include/openssl/internal/ssl_cert.h Executable file
View File

@ -0,0 +1,55 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_CERT_H_
#define _SSL_CERT_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
/**
* @brief create a certification object include private key object according to input certification
*
* @param ic - input certification point
*
* @return certification object point
*/
CERT *__ssl_cert_new(CERT *ic);
/**
* @brief create a certification object include private key object
*
* @param none
*
* @return certification object point
*/
CERT* ssl_cert_new(void);
/**
* @brief free a certification object
*
* @param cert - certification object point
*
* @return none
*/
void ssl_cert_free(CERT *cert);
#ifdef __cplusplus
}
#endif
#endif

124
include/openssl/internal/ssl_code.h Normal file
View File

@ -0,0 +1,124 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_CODE_H_
#define _SSL_CODE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl3.h"
#include "tls1.h"
#include "x509_vfy.h"
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
# define SSL_RECEIVED_SHUTDOWN 2
# define SSL_VERIFY_NONE 0x00
# define SSL_VERIFY_PEER 0x01
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
# define SSL_VERIFY_CLIENT_ONCE 0x04
/*
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
* should not need these
*/
# define SSL_ST_READ_HEADER 0xF0
# define SSL_ST_READ_BODY 0xF1
# define SSL_ST_READ_DONE 0xF2
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
# define SSL_ASYNC_NO_JOBS 6
# define SSL_ERROR_NONE 0
# define SSL_ERROR_SSL 1
# define SSL_ERROR_WANT_READ 2
# define SSL_ERROR_WANT_WRITE 3
# define SSL_ERROR_WANT_X509_LOOKUP 4
# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */
# define SSL_ERROR_ZERO_RETURN 6
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
/* Message flow states */
typedef enum {
/* No handshake in progress */
MSG_FLOW_UNINITED,
/* A permanent error with this connection */
MSG_FLOW_ERROR,
/* We are about to renegotiate */
MSG_FLOW_RENEGOTIATE,
/* We are reading messages */
MSG_FLOW_READING,
/* We are writing messages */
MSG_FLOW_WRITING,
/* Handshake has finished */
MSG_FLOW_FINISHED
} MSG_FLOW_STATE;
/* SSL subsystem states */
typedef enum {
TLS_ST_BEFORE,
TLS_ST_OK,
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
TLS_ST_CR_SRVR_HELLO,
TLS_ST_CR_CERT,
TLS_ST_CR_CERT_STATUS,
TLS_ST_CR_KEY_EXCH,
TLS_ST_CR_CERT_REQ,
TLS_ST_CR_SRVR_DONE,
TLS_ST_CR_SESSION_TICKET,
TLS_ST_CR_CHANGE,
TLS_ST_CR_FINISHED,
TLS_ST_CW_CLNT_HELLO,
TLS_ST_CW_CERT,
TLS_ST_CW_KEY_EXCH,
TLS_ST_CW_CERT_VRFY,
TLS_ST_CW_CHANGE,
TLS_ST_CW_NEXT_PROTO,
TLS_ST_CW_FINISHED,
TLS_ST_SW_HELLO_REQ,
TLS_ST_SR_CLNT_HELLO,
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
TLS_ST_SW_SRVR_HELLO,
TLS_ST_SW_CERT,
TLS_ST_SW_KEY_EXCH,
TLS_ST_SW_CERT_REQ,
TLS_ST_SW_SRVR_DONE,
TLS_ST_SR_CERT,
TLS_ST_SR_KEY_EXCH,
TLS_ST_SR_CERT_VRFY,
TLS_ST_SR_NEXT_PROTO,
TLS_ST_SR_CHANGE,
TLS_ST_SR_FINISHED,
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
TLS_ST_SW_FINISHED
} OSSL_HANDSHAKE_STATE;
#ifdef __cplusplus
}
#endif
#endif

191
include/openssl/internal/ssl_dbg.h Normal file
View File

@ -0,0 +1,191 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_DEBUG_H_
#define _SSL_DEBUG_H_
#include "platform/ssl_opt.h"
#include "platform/ssl_port.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
#else
#define SSL_DEBUG_LEVEL 0
#endif
#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
#ifdef CONFIG_OPENSSL_DEBUG
#ifndef SSL_DEBUG_LOG
#error "SSL_DEBUG_LOG is not defined"
#endif
#ifndef SSL_DEBUG_FL
#define SSL_DEBUG_FL "\n"
#endif
#define SSL_SHOW_LOCATION() \
SSL_DEBUG_LOG("SSL assert : %s %d\n", \
__FILE__, __LINE__)
#define SSL_DEBUG(level, fmt, ...) \
{ \
if (level > SSL_DEBUG_LEVEL) { \
SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
} \
}
#else /* CONFIG_OPENSSL_DEBUG */
#define SSL_SHOW_LOCATION()
#define SSL_DEBUG(level, fmt, ...)
#endif /* CONFIG_OPENSSL_DEBUG */
/**
* OpenSSL assert function
*
* if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
* if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
* then return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
* then block here with "while (1)"
*
* SSL_ASSERT1 may will return "-1", so function's return argument is integer.
* SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
* SSL_ASSERT2 may will return nothing, so function's return argument is "void".
*/
#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#else
#define SSL_ASSERT1(s)
#define SSL_ASSERT2(s)
#define SSL_ASSERT3(s)
#endif
#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
#ifdef __cplusplus
}
#endif
#endif

28
include/openssl/internal/ssl_lib.h Executable file
View File

@ -0,0 +1,28 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_LIB_H_
#define _SSL_LIB_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#ifdef __cplusplus
}
#endif
#endif

121
include/openssl/internal/ssl_methods.h Executable file
View File

@ -0,0 +1,121 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_METHODS_H_
#define _SSL_METHODS_H_
#include "ssl_types.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* TLS method function implement
*/
#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
new, free, \
handshake, shutdown, clear, \
read, send, pending, \
set_fd, get_fd, \
set_bufflen, \
get_verify_result, \
get_state) \
static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
new, \
free, \
handshake, \
shutdown, \
clear, \
read, \
send, \
pending, \
set_fd, \
get_fd, \
set_bufflen, \
get_verify_result, \
get_state \
};
#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_X509_METHOD(func_name, \
new, \
free, \
load, \
show_info) \
const X509_METHOD* func_name(void) { \
static const X509_METHOD func_name##_data LOCAL_ATRR = { \
new, \
free, \
load, \
show_info \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_PKEY_METHOD(func_name, \
new, \
free, \
load) \
const PKEY_METHOD* func_name(void) { \
static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
new, \
free, \
load \
}; \
return &func_name##_data; \
}
/**
* @brief get X509 object method
*
* @param none
*
* @return X509 object method point
*/
const X509_METHOD* X509_method(void);
/**
* @brief get private key object method
*
* @param none
*
* @return private key object method point
*/
const PKEY_METHOD* EVP_PKEY_method(void);
#ifdef __cplusplus
}
#endif
#endif

86
include/openssl/internal/ssl_pkey.h Executable file
View File

@ -0,0 +1,86 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PKEY_H_
#define _SSL_PKEY_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
/**
* @brief create a private key object according to input private key
*
* @param ipk - input private key point
*
* @return new private key object point
*/
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
/**
* @brief create a private key object
*
* @param none
*
* @return private key object point
*/
EVP_PKEY* EVP_PKEY_new(void);
/**
* @brief load a character key context into system context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*
* @param type - private key type
* @param a - a point pointed to a private key point
* @param pp - a point pointed to the key context memory point
* @param length - key bytes
*
* @return private key object point
*/
EVP_PKEY* d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length);
/**
* @brief free a private key object
*
* @param pkey - private key object point
*
* @return none
*/
void EVP_PKEY_free(EVP_PKEY *x);
/**
* @brief load private key into the SSL
*
* @param type - private key type
* @param ssl - SSL point
* @param len - data bytes
* @param d - data point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len);
#ifdef __cplusplus
}
#endif
#endif

52
include/openssl/internal/ssl_stack.h Executable file
View File

@ -0,0 +1,52 @@
#ifndef _SSL_STACK_H_
#define _SSL_STACK_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#define STACK_OF(type) struct stack_st_##type
#define SKM_DEFINE_STACK_OF(t1, t2, t3) \
STACK_OF(t1); \
static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
{ \
return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
} \
#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
/**
* @brief create a openssl stack object
*
* @param c - stack function
*
* @return openssl stack object point
*/
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c);
/**
* @brief create a NULL function openssl stack object
*
* @param none
*
* @return openssl stack object point
*/
OPENSSL_STACK *OPENSSL_sk_new_null(void);
/**
* @brief free openssl stack object
*
* @param openssl stack object point
*
* @return none
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack);
#ifdef __cplusplus
}
#endif
#endif

288
include/openssl/internal/ssl_types.h Executable file
View File

@ -0,0 +1,288 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_TYPES_H_
#define _SSL_TYPES_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_code.h"
typedef void SSL_CIPHER;
typedef void X509_STORE_CTX;
typedef void X509_STORE;
typedef void RSA;
typedef void STACK;
typedef void BIO;
#define ossl_inline inline
#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__)
#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__)
#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__)
typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
struct stack_st;
typedef struct stack_st OPENSSL_STACK;
struct ssl_method_st;
typedef struct ssl_method_st SSL_METHOD;
struct ssl_method_func_st;
typedef struct ssl_method_func_st SSL_METHOD_FUNC;
struct record_layer_st;
typedef struct record_layer_st RECORD_LAYER;
struct ossl_statem_st;
typedef struct ossl_statem_st OSSL_STATEM;
struct ssl_session_st;
typedef struct ssl_session_st SSL_SESSION;
struct ssl_ctx_st;
typedef struct ssl_ctx_st SSL_CTX;
struct ssl_st;
typedef struct ssl_st SSL;
struct cert_st;
typedef struct cert_st CERT;
struct x509_st;
typedef struct x509_st X509;
struct X509_VERIFY_PARAM_st;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
struct evp_pkey_st;
typedef struct evp_pkey_st EVP_PKEY;
struct x509_method_st;
typedef struct x509_method_st X509_METHOD;
struct pkey_method_st;
typedef struct pkey_method_st PKEY_METHOD;
struct stack_st {
char **data;
int num_alloc;
OPENSSL_sk_compfunc c;
};
struct evp_pkey_st {
void *pkey_pm;
const PKEY_METHOD *method;
};
struct x509_st {
/* X509 certification platform private point */
void *x509_pm;
const X509_METHOD *method;
};
struct cert_st {
int sec_level;
X509 *x509;
EVP_PKEY *pkey;
};
struct ossl_statem_st {
MSG_FLOW_STATE state;
int hand_state;
};
struct record_layer_st {
int rstate;
int read_ahead;
};
struct ssl_session_st {
long timeout;
long time;
X509 *peer;
};
struct X509_VERIFY_PARAM_st {
int depth;
};
struct ssl_ctx_st
{
int version;
int references;
unsigned long options;
#if 0
struct alpn_protocols alpn_protocol;
#endif
const SSL_METHOD *method;
CERT *cert;
X509 *client_CA;
int verify_mode;
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
long session_timeout;
int read_ahead;
int read_buffer_len;
X509_VERIFY_PARAM param;
};
struct ssl_st
{
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
unsigned long options;
/* shut things down(0x01 : sent, 0x02 : received) */
int shutdown;
CERT *cert;
X509 *client_CA;
SSL_CTX *ctx;
const SSL_METHOD *method;
RECORD_LAYER rlayer;
/* where we are */
OSSL_STATEM statem;
SSL_SESSION *session;
int verify_mode;
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
int rwstate;
long verify_result;
X509_VERIFY_PARAM param;
int err;
void (*info_callback) (const SSL *ssl, int type, int val);
/* SSL low-level system arch point */
void *ssl_pm;
};
struct ssl_method_st {
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
/* SSL mode(client(0) , server(1), not known(-1)) */
int endpoint;
const SSL_METHOD_FUNC *func;
};
struct ssl_method_func_st {
int (*ssl_new)(SSL *ssl);
void (*ssl_free)(SSL *ssl);
int (*ssl_handshake)(SSL *ssl);
int (*ssl_shutdown)(SSL *ssl);
int (*ssl_clear)(SSL *ssl);
int (*ssl_read)(SSL *ssl, void *buffer, int len);
int (*ssl_send)(SSL *ssl, const void *buffer, int len);
int (*ssl_pending)(const SSL *ssl);
void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
int (*ssl_get_fd)(const SSL *ssl, int mode);
void (*ssl_set_bufflen)(SSL *ssl, int len);
long (*ssl_get_verify_result)(const SSL *ssl);
OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
};
struct x509_method_st {
int (*x509_new)(X509 *x, X509 *m_x);
void (*x509_free)(X509 *x);
int (*x509_load)(X509 *x, const unsigned char *buf, int len);
int (*x509_show_info)(X509 *x);
};
struct pkey_method_st {
int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey);
void (*pkey_free)(EVP_PKEY *pkey);
int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
};
typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg);
#ifdef __cplusplus
}
#endif
#endif

108
include/openssl/internal/ssl_x509.h Executable file
View File

@ -0,0 +1,108 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_X509_H_
#define _SSL_X509_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#include "ssl_stack.h"
DEFINE_STACK_OF(X509_NAME)
/**
* @brief create a X509 certification object according to input X509 certification
*
* @param ix - input X509 certification point
*
* @return new X509 certification object point
*/
X509* __X509_new(X509 *ix);
/**
* @brief create a X509 certification object
*
* @param none
*
* @return X509 certification object point
*/
X509* X509_new(void);
/**
* @brief load a character certification context into system context. If '*cert' is pointed to the
* certification, then load certification into it. Or create a new X509 certification object
*
* @param cert - a point pointed to X509 certification
* @param buffer - a point pointed to the certification context memory point
* @param length - certification bytes
*
* @return X509 certification object point
*/
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
/**
* @brief free a X509 certification object
*
* @param x - X509 certification object point
*
* @return none
*/
void X509_free(X509 *x);
/**
* @brief set SSL context client CA certification
*
* @param ctx - SSL context point
* @param x - X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
/**
* @brief add CA client certification into the SSL
*
* @param ssl - SSL point
* @param x - X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_add_client_CA(SSL *ssl, X509 *x);
/**
* @brief load certification into the SSL
*
* @param ssl - SSL point
* @param len - data bytes
* @param d - data point
*
* @return result
* 0 : failed
* 1 : OK
*
*/
int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
#ifdef __cplusplus
}
#endif
#endif

55
include/openssl/internal/tls1.h Normal file
View File

@ -0,0 +1,55 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _TLS1_H_
#define _TLS1_H_
#ifdef __cplusplus
extern "C" {
#endif
# define TLS1_AD_DECRYPTION_FAILED 21
# define TLS1_AD_RECORD_OVERFLOW 22
# define TLS1_AD_UNKNOWN_CA 48/* fatal */
# define TLS1_AD_ACCESS_DENIED 49/* fatal */
# define TLS1_AD_DECODE_ERROR 50/* fatal */
# define TLS1_AD_DECRYPT_ERROR 51
# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
# define TLS1_AD_UNRECOGNIZED_NAME 112
# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
/* Special value for method supporting multiple versions */
#define TLS_ANY_VERSION 0x10000
#define TLS1_VERSION 0x0301
#define TLS1_1_VERSION 0x0302
#define TLS1_2_VERSION 0x0303
#ifdef __cplusplus
}
#endif
#endif

111
include/openssl/internal/x509_vfy.h Normal file
View File

@ -0,0 +1,111 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _X509_VFY_H_
#define _X509_VFY_H_
#ifdef __cplusplus
extern "C" {
#endif
#define X509_V_OK 0
#define X509_V_ERR_UNSPECIFIED 1
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
#define X509_V_ERR_CERT_NOT_YET_VALID 9
#define X509_V_ERR_CERT_HAS_EXPIRED 10
#define X509_V_ERR_CRL_NOT_YET_VALID 11
#define X509_V_ERR_CRL_HAS_EXPIRED 12
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
#define X509_V_ERR_OUT_OF_MEM 17
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
#define X509_V_ERR_CERT_REVOKED 23
#define X509_V_ERR_INVALID_CA 24
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
#define X509_V_ERR_INVALID_PURPOSE 26
#define X509_V_ERR_CERT_UNTRUSTED 27
#define X509_V_ERR_CERT_REJECTED 28
/* These are 'informational' when looking for issuer cert */
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
#define X509_V_ERR_AKID_SKID_MISMATCH 30
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
#define X509_V_ERR_INVALID_NON_CA 37
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
#define X509_V_ERR_INVALID_EXTENSION 41
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
#define X509_V_ERR_UNNESTED_RESOURCE 46
#define X509_V_ERR_PERMITTED_VIOLATION 47
#define X509_V_ERR_EXCLUDED_VIOLATION 48
#define X509_V_ERR_SUBTREE_MINMAX 49
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
/* Another issuer check debug option */
#define X509_V_ERR_PATH_LOOP 55
/* Suite B mode algorithm violation */
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
/* Host, email and IP check errors */
#define X509_V_ERR_HOSTNAME_MISMATCH 62
#define X509_V_ERR_EMAIL_MISMATCH 63
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
/* DANE TLSA errors */
#define X509_V_ERR_DANE_NO_MATCH 65
/* security level errors */
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
#define X509_V_ERR_CA_MD_TOO_WEAK 68
/* Caller error */
#define X509_V_ERR_INVALID_CALL 69
/* Issuer lookup error */
#define X509_V_ERR_STORE_LOOKUP 70
/* Certificate transparency */
#define X509_V_ERR_NO_VALID_SCTS 71
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
#ifdef __cplusplus
}
#endif
#endif

50
include/openssl/mbedtls_ssl.h
View File

@ -1,50 +0,0 @@
#ifndef _MBEDTLS_SSL_H_
#define _MBEDTLS_SSL_H_
#include "ssl_ctx.h"
/*
{
*/
#define SSL_MAX_FRAG_LEN_NONE 0
#define SSL_MAX_FRAG_LEN_512 512
#define SSL_MAX_FRAG_LEN_1024 1024
#define SSL_MAX_FRAG_LEN_2048 2048
#define SSL_MAX_FRAG_LEN_4096 4096
#define SSL_MAX_FRAG_LEN_8192 8192
#define SSL_DISPLAY_CERTS (1 << 0)
#define SSL_NO_DEFAULT_KEY (1 << 1)
#define SSL_SERVER_VERIFY_LATER (1 << 2)
#define SSL_CLIENT_AUTHENTICATION (1 << 3)
typedef void SSL;
enum {
SSL_OK = 0
};
/*
}
*/
void ssl_set_frag(SSL *ssl, unsigned int frag);
SSL* ssl_new(struct ssl_ctx *ssl_ctx);
int ssl_connect(SSL *ssl);
int ssl_get_verify_result(SSL *ssl);
int ssl_set_fd(SSL *ssl, int);
int ssl_free(SSL *ssl);
int ssl_accept(SSL *ssl);
int ssl_read(SSL *ssl, void *buffer, int max_len);
int ssl_write(SSL *ssl, const void *buffer, int max_len);
#endif

1755
include/openssl/openssl/ssl.h Executable file
View File

File diff suppressed because it is too large Load Diff

89
include/openssl/platform/ssl_opt.h Normal file
View File

@ -0,0 +1,89 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
/*
* Enable OpenSSL debugging function.
*
* If the option is enabled, "SSL_DEBUG" works.
*/
//#define CONFIG_OPENSSL_DEBUG
#ifdef CONFIG_OPENSSL_DEBUG
/*
* OpenSSL debugging level.
*
* Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
*
* For example:
* If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")".
* Because 1 < 2, it will not print.
*/
//#define CONFIG_OPENSSL_DEBUG_LEVEL
/*
* If the option is enabled, low-level module debugging function of OpenSSL is enabled,
* e.g. mbedtls internal debugging function.
*/
//#define CONFIG_OPENSSL_LOWLEVEL_DEBUG
#endif /* CONFIG_OPENSSL_DEBUG */
/*
* OpenSSL function needs "assert" function to check if input parameters are valid.
*
* If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
*
* You must only select one of following:
* 1. CONFIG_OPENSSL_ASSERT_DO_NOTHING
* 2. CONFIG_OPENSSL_ASSERT_EXIT
* 3. CONFIG_OPENSSL_ASSERT_DEBUG (depend on "CONFIG_OPENSSL_DEBUG")
* 4. CONFIG_OPENSSL_ASSERT_DEBUG_EXIT (depend on "CONFIG_OPENSSL_DEBUG")
* 5. CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK (depend on "CONFIG_OPENSSL_DEBUG")
*/
/*
* Do nothing and "SSL_ASSERT" does not work.
*/
//#define CONFIG_OPENSSL_ASSERT_DO_NOTHING
/*
* Enable assert exiting, it will check and return error code.
*/
#define CONFIG_OPENSSL_ASSERT_EXIT
#ifdef CONFIG_OPENSSL_DEBUG
/*
* Enable assert debugging, it will check and show debugging message.
*/
//#define CONFIG_OPENSSL_ASSERT_DEBUG
/*
* Enable assert debugging and exiting, it will check, show debugging message and return error code.
*/
//#define CONFIG_OPENSSL_ASSERT_DEBUG_EXIT
/*
* Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
*/
//#define CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK
#endif /* CONFIG_OPENSSL_DEBUG */
#endif

59
include/openssl/platform/ssl_pm.h Executable file
View File

@ -0,0 +1,59 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PM_H_
#define _SSL_PM_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <string.h>
#include "ssl_types.h"
#include "ssl_port.h"
int ssl_pm_new(SSL *ssl);
void ssl_pm_free(SSL *ssl);
int ssl_pm_handshake(SSL *ssl);
int ssl_pm_shutdown(SSL *ssl);
int ssl_pm_clear(SSL *ssl);
int ssl_pm_read(SSL *ssl, void *buffer, int len);
int ssl_pm_send(SSL *ssl, const void *buffer, int len);
int ssl_pm_pending(const SSL *ssl);
void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
int ssl_pm_get_fd(const SSL *ssl, int mode);
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
void ssl_pm_set_bufflen(SSL *ssl, int len);
int x509_pm_show_info(X509 *x);
int x509_pm_new(X509 *x, X509 *m_x);
void x509_pm_free(X509 *x);
int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk);
void pkey_pm_free(EVP_PKEY *pk);
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
long ssl_pm_get_verify_result(const SSL *ssl);
#ifdef __cplusplus
}
#endif
#endif

81
include/openssl/platform/ssl_port.h Executable file
View File

@ -0,0 +1,81 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PORT_H_
#define _SSL_PORT_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "c_types.h"
#include "esp_system.h"
#include "string.h"
#ifdef MEMLEAK_DEBUG
extern void *pvPortMalloc( size_t xWantedSize, const char * file, unsigned line);
extern void *pvPortZalloc( size_t xWantedSize, const char * file, unsigned line);
extern void vPortFree(void *pv, const char * file, unsigned line);
#define ssl_mem_malloc(s) \
({ \
static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; \
pvPortMalloc(s, mem_debug_file, __LINE__); \
})
#define ssl_mem_zalloc(s) \
({ \
static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; \
pvPortZalloc(s, mem_debug_file, __LINE__); \
})
#define ssl_mem_free(s) \
do{\
static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__; \
vPortFree(s, mem_debug_file, __LINE__);\
}while(0)
#else
extern void *pvPortMalloc( size_t xWantedSize );
extern void *pvPortZalloc( size_t xWantedSize );
extern void vPortFree(void *pv);
#define ssl_mem_zalloc(s) pvPortZalloc(s)
#define ssl_mem_malloc(s) pvPortMalloc(s)
#define ssl_mem_free(p) vPortFree(p)
#endif
#define ssl_memcpy memcpy
#define ssl_strlen strlen
#define ssl_speed_up_enter() system_update_cpu_freq(SYS_CPU_160MHZ)
#define ssl_speed_up_exit() system_update_cpu_freq(SYS_CPU_80MHZ)
#ifndef ets_printf
#define ets_printf(fmt, ...) do { \
static const char flash_str[] ICACHE_RODATA_ATTR STORE_ATTR = fmt; \
printf(flash_str, ##__VA_ARGS__); \
} while(0)
#endif
#define SSL_PRINT_LOG ets_printf
#define LOCAL_ATRR ICACHE_RODATA_ATTR STORE_ATTR
#endif

50
include/openssl/ssl_compat-1.0.h
View File

@ -1,50 +0,0 @@
#ifndef __MBEDTLS_SSL_CPT_H__
#define __MBEDTLS_SSL_CPT_H__
#include "mbedtls_ssl.h"
#include "ssl_ctx.h"
/*
{
*/
typedef struct ssl_ctx SSL_CTX;
/*
}
*/
/*
{
*/
#define SSL_CTX_new ssl_ctx_new
#define SSL_CTX_free ssl_ctx_free
#define SSL_new ssl_new
#define SSL_free ssl_free
#define SSL_connect ssl_connect
#define SSL_accept ssl_accept
#define SSL_shutdown ssl_shutdown
#define SSL_read ssl_read
#define SSL_write ssl_write
#define SSL_get_verify_result ssl_get_verify_result
#define SSL_set_fd ssl_set_fd
#define SSL_CTX_set_option ssl_ctx_set_option
#define SSLv23_client_method() ssl_method_create(SSL_METHOD_CLIENT, SSL_METHOD_SSL_V2_3)
#define TLSv1_1_client_method() ssl_method_create(SSL_METHOD_CLIENT, SSL_METHOD_TLS_V1_1)
#define TLSv1_client_method() ssl_method_create(SSL_METHOD_CLIENT, SSL_METHOD_TLS_V1)
#define SSLv3_client_method() ssl_method_create(SSL_METHOD_CLIENT, SSL_METHOD_SSL_V3)
#define SSLv23_server_method() ssl_method_create(SSL_METHOD_SERVER, SSL_METHOD_SSL_V2_3)
#define TLSv1_1_server_method() ssl_method_create(SSL_METHOD_SERVER, SSL_METHOD_TLS_V1_1)
#define TLSv1_server_method() ssl_method_create(SSL_METHOD_SERVER, SSL_METHOD_TLS_V1)
#define SSLv3_server_method() ssl_method_create(SSL_METHOD_SERVER, SSL_METHOD_SSL_V3)
/*
}
*/
#endif

71
include/openssl/ssl_ctx.h
View File

@ -1,71 +0,0 @@
#ifndef __SSL_CTX_H__
#define __SSL_CTX_H__
#include "ssl_opt.h"
#define SSL_METHOD_CLIENT 0
#define SSL_METHOD_SERVER 1
#define SSL_METHOD_SSL_V3 0
#define SSL_METHOD_TLS_V1 1
#define SSL_METHOD_TLS_V1_1 2
#define SSL_METHOD_SSL_V2_3 3
#define SSL_CTX_VERIFY(ctx) (ctx->verify->ca_crt || ctx->verify->own_crt || ctx->verify->pk)
enum {
SSL_OBJ_X509_CACERT = 1,
SSL_OBJ_X509_CERT,
SSL_OBJ_RSA_KEY,
};
struct x590_store_ctx {
int x;
};
struct ssl_method {
int x;
};
struct ssl_ctx_verify
{
int verify_mode;
int (*verify_cb)(int, struct x590_store_ctx *);
char *ca_crt;
unsigned int ca_crt_len;
char *own_crt;
unsigned int own_crt_len;
char *pk;
unsigned int pk_len;
};
struct ssl_ctx
{
unsigned char type;
unsigned char version;
unsigned char option;
/************************************/
unsigned int ca_sect;
unsigned int crt_sect;
unsigned int pk_sect;
/************************************/
struct ssl_ctx_verify *verify;
};
struct ssl_ctx* ssl_ctx_new(struct ssl_method *method);
struct ssl_method* ssl_method_create(int mode, int ver);
int ssl_obj_memory_load(struct ssl_ctx *ctx, int type, char *buf, unsigned int len , void *attr);
int ssl_ctx_set_option(struct ssl_ctx *ctx, int opt);
#endif

14
include/openssl/ssl_debug.h
View File

@ -1,14 +0,0 @@
#ifndef _SSL_DEBUG_H_
#define _SSL_DEBUG_H_
#include "ssl_opt.h"
#define MBED_SSL_DEBUG_ENBALE 1
#define MBED_SSL_DEBUG_LEVEL 0
#define HANDLE_ERR(err, go, ...) { if (MBED_SSL_DEBUG_ENBALE) ssl_print(__VA_ARGS__); ret = err; goto go; }
#define HANDLE_RET(go, ...) { if (MBED_SSL_DEBUG_ENBALE) ssl_print(__VA_ARGS__); goto go; }
#define MBED_SSL_DEBUG(level, ...) { if (level > MBED_SSL_DEBUG_LEVEL && MBED_SSL_DEBUG_ENBALE) ssl_print(__VA_ARGS__); }
#endif

32
include/openssl/ssl_opt.h
View File

@ -1,32 +0,0 @@
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/* mbedtls include */
#include "mbedtls/ssl.h"
#include "mbedtls/net.h"
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "mbedtls/platform.h"
#include "c_types.h"
#define ssl_print printf
#define ssl_mem_zalloc zalloc
#define ssl_mem_free free
#define ssl_memcpy memcpy
#define SSL_MUTEX_DEF(x) int x
#define SSL_MUTEX_INIT(x)
#define SSL_NULL NULL
#endif

BIN
lib/libopenssl.a
View File

Binary file not shown.

17
third_party/openssl/Makefile vendored
View File

@ -12,11 +12,12 @@
# a generated lib/image xxx.a ()
#
ifndef PDIR
UP_EXTRACT_DIR = ..
GEN_LIBS = libopenssl.a
COMPONENTS_libopenssl = library/liblibrary.a platform/libplatform.a
endif
CCFLAGS += -fno-aggressive-loop-optimizations
#############################################################
# Configuration i.e. compile options etc.
@ -25,7 +26,11 @@ endif
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
DEFINES += -D_POSIX_SOURCE \
-DLWIP_OPEN_SRC \
-DPBUF_RSV_FOR_WLAN \
-DEBUF_LWIP \
-DMEMLEAK_DEBUG
#############################################################
# Recursion Magic - Don't touch this!!
@ -39,8 +44,10 @@ endif
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I $(SDK_PATH)/include/openssl
INCLUDES := $(INCLUDES) -I $(SDK_PATH)/include/openssl/ \
-I $(SDK_PATH)/include/openssl/openssl \
-I $(SDK_PATH)/include/openssl/internal \
-I $(SDK_PATH)/include/openssl/platform
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

1797
third_party/openssl/OpenSSL-APIs.rst vendored Normal file
View File

File diff suppressed because it is too large Load Diff

46
third_party/openssl/library/Makefile vendored Normal file
View File

@ -0,0 +1,46 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
GEN_LIBS = liblibrary.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

87
third_party/openssl/library/ssl_cert.c vendored Executable file
View File

@ -0,0 +1,87 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_cert.h"
#include "ssl_pkey.h"
#include "ssl_x509.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief create a certification object according to input certification
*/
CERT *__ssl_cert_new(CERT *ic)
{
CERT *cert;
X509 *ix;
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
if (!cert) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
goto no_mem;
}
if (ic) {
ipk = ic->pkey;
ix = ic->x509;
} else {
ipk = NULL;
ix = NULL;
}
cert->pkey = __EVP_PKEY_new(ipk);
if (!cert->pkey) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
goto pkey_err;
}
cert->x509 = __X509_new(ix);
if (!cert->x509) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
goto x509_err;
}
return cert;
x509_err:
EVP_PKEY_free(cert->pkey);
pkey_err:
ssl_mem_free(cert);
no_mem:
return NULL;
}
/**
* @brief create a certification object include private key object
*/
CERT *ssl_cert_new(void)
{
return __ssl_cert_new(NULL);
}
/**
* @brief free a certification object
*/
void ssl_cert_free(CERT *cert)
{
SSL_ASSERT3(cert);
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);
ssl_mem_free(cert);
}

1556
third_party/openssl/library/ssl_lib.c vendored Executable file
View File

File diff suppressed because it is too large Load Diff

81
third_party/openssl/library/ssl_methods.c vendored Normal file
View File

@ -0,0 +1,81 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_methods.h"
#include "ssl_pm.h"
/**
* TLS method function collection
*/
IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
ssl_pm_new, ssl_pm_free,
ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
ssl_pm_read, ssl_pm_send, ssl_pm_pending,
ssl_pm_set_fd, ssl_pm_get_fd,
ssl_pm_set_bufflen,
ssl_pm_get_verify_result,
ssl_pm_get_state);
/**
* TLS or SSL client method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
/**
* TLS or SSL server method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
/**
* TLS or SSL method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
/**
* @brief get X509 object method
*/
IMPLEMENT_X509_METHOD(X509_method,
x509_pm_new, x509_pm_free,
x509_pm_load, x509_pm_show_info);
/**
* @brief get private key object method
*/
IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
pkey_pm_new, pkey_pm_free,
pkey_pm_load);

239
third_party/openssl/library/ssl_pkey.c vendored Executable file
View File

@ -0,0 +1,239 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_pkey.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief create a private key object according to input private key
*/
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
{
int ret;
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
goto no_mem;
}
if (ipk) {
pkey->method = ipk->method;
} else {
pkey->method = EVP_PKEY_method();
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
goto failed;
}
return pkey;
failed:
ssl_mem_free(pkey);
no_mem:
return NULL;
}
/**
* @brief create a private key object
*/
EVP_PKEY* EVP_PKEY_new(void)
{
return __EVP_PKEY_new(NULL);
}
/**
* @brief free a private key object
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSL_ASSERT3(pkey);
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
}
/**
* @brief load a character key context into system context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*/
EVP_PKEY *d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length)
{
int m = 0;
int ret;
EVP_PKEY *pkey;
SSL_ASSERT2(pp);
SSL_ASSERT2(*pp);
SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed1;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed2;
}
if (a)
*a = pkey;
return pkey;
failed2:
if (m)
EVP_PKEY_free(pkey);
failed1:
return NULL;
}
/**
* @brief set the SSL context private key
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
if (ctx->cert->pkey)
EVP_PKEY_free(ctx->cert->pkey);
ctx->cert->pkey = pkey;
return 1;
}
/**
* @brief set the SSL private key
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
if (ssl->cert->pkey)
EVP_PKEY_free(ssl->cert->pkey);
ssl->cert->pkey = pkey;
return 1;
}
/**
* @brief load private key into the SSL context
*/
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_CTX_use_PrivateKey(ctx, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
/**
* @brief load private key into the SSL
*/
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_use_PrivateKey(ssl, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
/**
* @brief load the private key file into SSL context
*/
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the private key file into SSL
*/
int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the RSA ASN1 private key into SSL context
*/
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
}

74
third_party/openssl/library/ssl_stack.c vendored Normal file
View File

@ -0,0 +1,74 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_stack.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#ifndef CONFIG_MIN_NODES
#define MIN_NODES 4
#else
#define MIN_NODES CONFIG_MIN_NODES
#endif
/**
* @brief create a openssl stack object
*/
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
{
OPENSSL_STACK *stack;
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
if (!stack) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
goto no_mem1;
}
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
if (!data) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
goto no_mem2;
}
stack->data = data;
stack->num_alloc = MIN_NODES;
stack->c = c;
return stack;
no_mem2:
ssl_mem_free(stack);
no_mem1:
return NULL;
}
/**
* @brief create a NULL function openssl stack object
*/
OPENSSL_STACK *OPENSSL_sk_new_null(void)
{
return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
}
/**
* @brief free openssl stack object
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);
}

285
third_party/openssl/library/ssl_x509.c vendored Executable file
View File

@ -0,0 +1,285 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_x509.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief show X509 certification information
*/
int __X509_show_info(X509 *x)
{
return X509_METHOD_CALL(show_info, x);
}
/**
* @brief create a X509 certification object according to input X509 certification
*/
X509* __X509_new(X509 *ix)
{
int ret;
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
if (!x) {
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
goto no_mem;
}
if (ix)
x->method = ix->method;
else
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
goto failed;
}
return x;
failed:
ssl_mem_free(x);
no_mem:
return NULL;
}
/**
* @brief create a X509 certification object
*/
X509* X509_new(void)
{
return __X509_new(NULL);
}
/**
* @brief free a X509 certification object
*/
void X509_free(X509 *x)
{
SSL_ASSERT3(x);
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
};
/**
* @brief load a character certification context into system context. If '*cert' is pointed to the
* certification, then load certification into it. Or create a new X509 certification object
*/
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
{
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(buffer);
SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed2;
}
return x;
failed2:
if (m)
X509_free(x);
failed1:
return NULL;
}
/**
* @brief set SSL context client CA certification
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
X509_free(ctx->client_CA);
ctx->client_CA = x;
return 1;
}
/**
* @brief add CA client certification into the SSL
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
X509_free(ssl->client_CA);
ssl->client_CA = x;
return 1;
}
/**
* @brief set the SSL context certification
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
X509_free(ctx->cert->x509);
ctx->cert->x509 = x;
return 1;
}
/**
* @brief set the SSL certification
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
X509_free(ssl->cert->x509);
ssl->cert->x509 = x;
return 1;
}
/**
* @brief get the SSL certification point
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
/**
* @brief load certification into the SSL context
*/
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_CTX_use_certificate(ctx, x);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
goto failed2;
}
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load certification into the SSL
*/
int SSL_use_certificate_ASN1(SSL *ssl, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_use_certificate(ssl, x);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
goto failed2;
}
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load the certification file into SSL context
*/
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the certification file into SSL
*/
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
return 0;
}
/**
* @brief get peer certification
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->session->peer;
}

470
third_party/openssl/mbedtls_ssl.c vendored
View File

@ -1,470 +0,0 @@
/******************************************************************************
* Copyright 2016-2017 Espressif Systems (Wuxi)
*
* FileName: ssc_mbedtls.c
*
* Description: SSC mbedtls command
*
* Modification history:
* 2016/6/27, create. dongheng
*******************************************************************************/
#include "mbedtls_ssl.h"
#include "ssl_debug.h"
#include "ssl_ctx.h"
/*******************************************************************************/
struct ssl_verify {
mbedtls_x509_crt own_crt;
mbedtls_x509_crt ca_crt;
mbedtls_pk_context pk;
};
struct ssl_fd
{
/* local socket file description */
mbedtls_net_context fd;
/* remote client socket file description */
mbedtls_net_context cl_fd;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_entropy_context entropy;
};
struct mbed_ssl
{
struct ssl_fd *ssl_fd;
struct ssl_ctx *ssl_ctx;
struct ssl_verify *ssl_verify;
SSL_MUTEX_DEF(mutex);
};
#define SSL_CHECK_ENDIAN_MODE(ssl_fd, mode) (ssl_fd->conf.endpoint & mode)
#define SSL_SEND_DATA_MAX_LENGTH 1460
/*******************************************************************************/
/*******************************************************************************/
unsigned int max_content_len;
/*******************************************************************************/
/*******************************************************************************/
LOCAL struct mbed_ssl* mbed_ssl_alloc(void)
{
struct mbed_ssl *mbed_ssl;
mbed_ssl = (struct mbed_ssl *)ssl_mem_zalloc(sizeof(struct mbed_ssl));
if (!mbed_ssl) HANDLE_RET(go_failed1, "ssl_self_alloc:[1]\n");
mbed_ssl->ssl_fd = (struct ssl_fd *)ssl_mem_zalloc(sizeof(struct ssl_fd));
if (!mbed_ssl->ssl_fd) HANDLE_RET(go_failed2, "ssl_self_alloc:[2]\n");
mbed_ssl->ssl_verify = (struct ssl_verify *)ssl_mem_zalloc(sizeof(struct ssl_verify));
if (!mbed_ssl->ssl_verify) HANDLE_RET(go_failed3, "ssl_self_alloc:[3]\n");
return mbed_ssl;
go_failed3:
ssl_mem_free(mbed_ssl->ssl_fd);
go_failed2:
ssl_mem_free(mbed_ssl);
go_failed1:
return NULL;
}
LOCAL void mbed_ssl_free(struct mbed_ssl *mbed_ssl)
{
ssl_mem_free(mbed_ssl->ssl_verify);
ssl_mem_free(mbed_ssl->ssl_fd);
ssl_mem_free(mbed_ssl);
}
LOCAL int mbed_ssl_init(struct mbed_ssl *mbed_ssl, struct ssl_ctx *ssl_ctx)
{
int ret;
int endpoint;
unsigned char *pers;
struct ssl_fd *ssl_fd = mbed_ssl->ssl_fd;
struct ssl_verify *ssl_verify = mbed_ssl->ssl_verify;
mbed_ssl->ssl_ctx = ssl_ctx;
SSL_MUTEX_INIT(&ssl_self->mutex);
max_content_len = 2048;
mbedtls_x509_crt_init(&ssl_verify->ca_crt);
mbedtls_x509_crt_init(&ssl_verify->own_crt);
mbedtls_pk_init(&ssl_verify->pk);
mbedtls_net_init(&ssl_fd->fd);
mbedtls_net_init(&ssl_fd->cl_fd);
mbedtls_ssl_config_init(&ssl_fd->conf);
mbedtls_ctr_drbg_init(&ssl_fd->ctr_drbg);
mbedtls_entropy_init(&ssl_fd->entropy);
mbedtls_ssl_init(&ssl_fd->ssl);
if (ssl_ctx->option & SSL_SERVER_VERIFY_LATER) {
pers = "server"; endpoint = MBEDTLS_SSL_IS_SERVER;
} else {
pers = "client"; endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ctr_drbg_seed(&ssl_fd->ctr_drbg, mbedtls_entropy_func, &ssl_fd->entropy, pers, strlen(pers));
if (ret) HANDLE_ERR(-4, failed4, "mbedtls_ctr_drbg_seed:[%d]\n", ret);
ret = mbedtls_ssl_config_defaults(&ssl_fd->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret) HANDLE_ERR(-5, failed5, "mbedtls_ssl_config_defaults:[%d]\n", ret);
mbedtls_ssl_conf_rng(&ssl_fd->conf, mbedtls_ctr_drbg_random, &ssl_fd->ctr_drbg);
mbedtls_ssl_conf_dbg(&ssl_fd->conf, NULL, NULL);
mbedtls_ssl_set_bio(&ssl_fd->ssl, &ssl_fd->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
if (SSL_CTX_VERIFY(ssl_ctx)) {
struct ssl_ctx_verify *ctx_verify = mbed_ssl->ssl_ctx->verify;
if (ctx_verify->ca_crt) {
ret = mbedtls_x509_crt_parse(&ssl_verify->ca_crt, ctx_verify->ca_crt, ctx_verify->ca_crt_len);
if (ret) HANDLE_ERR(-6, failed6, "mbedtls_x509_crt_parse:[CA]\n", ret);
mbedtls_ssl_conf_ca_chain(&ssl_fd->conf, &ssl_verify->ca_crt, NULL);
mbedtls_ssl_conf_authmode(&ssl_fd->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
}
if (ctx_verify->own_crt) {
ret = mbedtls_x509_crt_parse(&ssl_verify->own_crt, ctx_verify->own_crt, ctx_verify->own_crt_len);
if (ret) HANDLE_ERR(-7, failed7, "mbedtls_x509_crt_parse:[OWN]\n", ret);
}
if (ctx_verify->pk) {
ret = mbedtls_pk_parse_key(&ssl_verify->pk, ctx_verify->pk, ctx_verify->pk_len, NULL, 0);
if (ret) HANDLE_ERR(-8, failed8, "mbedtls_x509_crt_parse:[PK]\n", ret);
ret = mbedtls_ssl_conf_own_cert(&ssl_fd->conf, &ssl_verify->own_crt, &ssl_verify->pk);
if (ret) HANDLE_ERR(-9, failed9, "mbedtls_ssl_conf_own_cert:[%d]\n", ret);
}
} else {
mbedtls_ssl_conf_authmode(&ssl_fd->conf, MBEDTLS_SSL_VERIFY_NONE);
}
return 0;
failed9:
mbedtls_pk_free(&ssl_verify->pk);
failed8:
mbedtls_x509_crt_free(&ssl_verify->own_crt);
failed7:
mbedtls_x509_crt_free(&ssl_verify->ca_crt);
failed6:
mbedtls_ssl_config_free(&ssl_fd->conf);
failed5:
mbedtls_ctr_drbg_free(&ssl_fd->ctr_drbg);
failed4:
failed3:
failed2:
mbedtls_entropy_free(&ssl_fd->entropy);
failed1:
return ret;
}
LOCAL void mbed_ssl_deinit(struct mbed_ssl *mbed_ssl)
{
struct ssl_fd *ssl_fd = mbed_ssl->ssl_fd;
struct ssl_verify *ssl_verify = mbed_ssl->ssl_verify;
mbedtls_x509_crt_free(&ssl_verify->ca_crt);
mbedtls_x509_crt_free(&ssl_verify->own_crt);
mbedtls_pk_free(&ssl_verify->pk);
mbedtls_entropy_free(&ssl_fd->entropy);
mbedtls_ctr_drbg_free(&ssl_fd->ctr_drbg);
mbedtls_ssl_config_free(&ssl_fd->conf);
mbedtls_ssl_free(&ssl_fd->ssl);
}
LOCAL void mbed_ssl_disconnect(struct mbed_ssl *mbed_ssl)
{
struct ssl_fd *ssl_fd = mbed_ssl->ssl_fd;
mbedtls_ssl_close_notify(&ssl_fd->ssl);
}
LOCAL int mbed_ssl_setup(struct mbed_ssl *mbed_ssl)
{
int ret;
struct ssl_fd *ssl_fd = mbed_ssl->ssl_fd;
ret = mbedtls_ssl_setup(&ssl_fd->ssl, &ssl_fd->conf);
if (ret) HANDLE_ERR(-1, failed1, "mbedtls_ssl_setup:[%d]\n", ret);
return 0;
failed1:
return ret;
}
/*******************************************************************************/
/*******************************************************************************/
int ssl_libary_init(void)
{
return 0;
}
/*******************************************************************************/
/*******************************************************************************/
SSL* ssl_new(struct ssl_ctx *ssl_ctx)
{
int ret;
struct mbed_ssl *mbed_ssl;
if (!ssl_ctx) HANDLE_ERR(-1, go_failed1, "ssl_new[1]\n");
mbed_ssl = mbed_ssl_alloc();
if (!mbed_ssl) HANDLE_ERR(-2, go_failed1, "ssc_soc_ssl_create\n");
ret = mbed_ssl_init(mbed_ssl, ssl_ctx);
if (ret) HANDLE_ERR(-3, go_failed2, "ssc_soc_ssl_init\n");
ret = mbed_ssl_setup(mbed_ssl);
if (ret) HANDLE_ERR(-4, go_failed3, "ssc_soc_ssl_setup\n");
return (SSL *)mbed_ssl;
go_failed3:
mbed_ssl_deinit(mbed_ssl);
go_failed2:
mbed_ssl_free(mbed_ssl);
go_failed1:
return NULL;
}
int ssl_set_fd(SSL *ssl, int fd)
{
int ret;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl) HANDLE_ERR(-1, go_failed1, "ssl_set_fd[1]\n");
if (fd < 0) HANDLE_ERR(-1, go_failed2, "ssl_set_fd[2]\n");
mbed_ssl->ssl_fd->fd.fd = fd;
return 0;
go_failed2:
go_failed1:
return ret;
}
int ssl_set_rfd(SSL *ssl, int fd)
{
return ssl_set_fd(ssl, fd);
}
int ssl_set_wfd(SSL *ssl, int fd)
{
return ssl_set_fd(ssl, fd);
}
int ssl_shutdown(SSL *ssl)
{
int ret;
struct ssl_fd *ssl_fd;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl || !mbed_ssl->ssl_fd) HANDLE_ERR(-1, go_failed1, "ssl_shutdown\n");
ssl_fd = mbed_ssl->ssl_fd;
if (ssl_fd->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) return 0;
mbed_ssl_disconnect(mbed_ssl);
return 0;
go_failed1:
return ret;
}
int ICACHE_FLASH_ATTR
ssl_free(SSL *ssl)
{
int ret;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl) HANDLE_ERR(-1, go_failed1, "ssl_free\n");
mbed_ssl_deinit(mbed_ssl);
mbed_ssl_free(mbed_ssl);
return 0;
go_failed1:
return ret;
}
int ssl_connect(SSL *ssl)
{
int ret;
struct ssl_fd *ssl_fd;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl) HANDLE_ERR(-1, go_failed1, "ssl_connect\n");
ssl_fd = mbed_ssl->ssl_fd;
while((ret = mbedtls_ssl_handshake(&ssl_fd->ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
HANDLE_ERR(-2, go_failed2, "mbedtls_ssl_handshake:[-0x%x]\n", -ret);
}
}
if (SSL_CHECK_ENDIAN_MODE(ssl_fd, MBEDTLS_SSL_IS_SERVER)) {
MBED_SSL_DEBUG(1, "server");
} else {
MBED_SSL_DEBUG(1, "client");
}
if (ssl_fd->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
MBED_SSL_DEBUG(1, " handshake OK\n");
} else {
MBED_SSL_DEBUG(1, " handshake failed\n");
}
return 0;
go_failed2:
go_failed1:
return ret;
}
int ssl_accept(SSL *ssl)
{
int ret;
struct ssl_fd *ssl_fd;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl) HANDLE_ERR(-1, go_failed1, "ssl_connect\n");
while((ret = mbedtls_ssl_handshake(&ssl_fd->ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
HANDLE_ERR(-2, go_failed2, "mbedtls_ssl_handshake\n");
}
}
if (SSL_CHECK_ENDIAN_MODE(ssl_fd, MBEDTLS_SSL_IS_SERVER)) {
MBED_SSL_DEBUG(1, "server");
} else {
MBED_SSL_DEBUG(1, "client");
}
if (ssl_fd->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
MBED_SSL_DEBUG(1, " handshake OK\n");
} else {
MBED_SSL_DEBUG(1, " handshake failed\n");
}
go_failed2:
go_failed1:
return ret;
}
int ssl_read(SSL *ssl, void *buffer, int max_len)
{
int ret;
struct ssl_fd *ssl_fd;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl || !mbed_ssl->ssl_fd) HANDLE_ERR(-1, go_failed1, "ssl_read\n");
ssl_fd = mbed_ssl->ssl_fd;
while((ret = mbedtls_ssl_read(&ssl_fd->ssl, buffer, max_len)) < 0) { //return = 0 >> EOF
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
HANDLE_ERR(-2, go_failed2, "ssl_read\n");
}
}
return ret;
go_failed2:
go_failed1:
return ret;
}
static int ssl_write_data(struct mbed_ssl *mbed_ssl, const char *buffer, int max_len)
{
int ret;
struct ssl_fd *ssl_fd = mbed_ssl->ssl_fd;
if (!ssl_fd) HANDLE_ERR(-1, go_failed1, "ssl_write_data\n");
while((ret = mbedtls_ssl_write(&ssl_fd->ssl, buffer, max_len)) < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
HANDLE_ERR(-2, go_failed2, "ssl_write\n");
}
}
return ret;
go_failed2:
go_failed1:
return ret;
}
int ssl_write(SSL *ssl, const void *buffer, int max_len)
{
int ret;
int send_len = max_len;
const char *pbuf = (const char *)buffer;
struct mbed_ssl *mbed_ssl = (struct mbed_ssl *)ssl;
if (!mbed_ssl) return -1;
do {
int send_bytes;
if (send_len > SSL_SEND_DATA_MAX_LENGTH)
send_bytes = SSL_SEND_DATA_MAX_LENGTH;
else
send_bytes = send_len;
ret = ssl_write_data(mbed_ssl, pbuf, send_bytes);
if (ret > 0) {
pbuf += send_bytes;
send_len -= send_bytes;
}
} while (ret > 0 && send_len);
return ret;
}
int ssl_fragment_length_negotiation(SSL *ssl, unsigned int frag)
{
if (frag < 2048 || frag > 8192) return -1;
max_content_len = frag;
return 0;
go_failed1:
return -1;
}
int ssl_get_verify_result(SSL *ssl)
{
return 0;
}

46
third_party/openssl/platform/Makefile vendored Normal file
View File

@ -0,0 +1,46 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
GEN_LIBS = libplatform.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

667
third_party/openssl/platform/ssl_pm.c vendored Normal file
View File

@ -0,0 +1,667 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_pm.h"
#include "ssl_port.h"
#include "ssl_dbg.h"
/* mbedtls include */
#include "mbedtls/platform.h"
#include "mbedtls/net.h"
#include "mbedtls/debug.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#define X509_INFO_STRING_LENGTH 3072
#define OPENSSL_READ_BUFFER_LENGTH_MIN 2048
#define OPENSSL_READ_BUFFER_LENGTH_MAX 8192
struct ssl_pm
{
/* local socket file description */
mbedtls_net_context fd;
/* remote client socket file description */
mbedtls_net_context cl_fd;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_entropy_context entropy;
};
struct x509_pm
{
mbedtls_x509_crt *x509_crt;
mbedtls_x509_crt *ex_crt;
};
struct pkey_pm
{
mbedtls_pk_context *pkey;
mbedtls_pk_context *ex_pkey;
};
unsigned int max_content_len;
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
/* mbedtls debug level */
#define MBEDTLS_DEBUG_LEVEL 4
/**
* @brief mbedtls debug function
*/
static void ssl_platform_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
/* Shorten 'file' from the whole file path to just the filename
This is a bit wasteful because the macros are compiled in with
the full _FILE_ path in each case.
*/
char *file_sep = rindex(file, '/');
if(file_sep)
file = file_sep + 1;
SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
}
#endif
/**
* @brief create SSL low-level object
*/
int ssl_pm_new(SSL *ssl)
{
struct ssl_pm *ssl_pm;
int ret;
const unsigned char pers[] = "OpenSSL PM";
size_t pers_len = sizeof(pers);
int endpoint;
int version;
const SSL_METHOD *method = ssl->method;
if (ssl->ctx->read_buffer_len < OPENSSL_READ_BUFFER_LENGTH_MIN ||
ssl->ctx->read_buffer_len > OPENSSL_READ_BUFFER_LENGTH_MAX)
return -1;
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
if (!ssl_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
goto no_mem;
}
max_content_len = ssl->ctx->read_buffer_len;
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
mbedtls_ssl_config_init(&ssl_pm->conf);
mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg);
mbedtls_entropy_init(&ssl_pm->entropy);
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
goto mbedtls_err1;
}
if (method->endpoint) {
endpoint = MBEDTLS_SSL_IS_SERVER;
} else {
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
goto mbedtls_err2;
}
if (TLS_ANY_VERSION != ssl->version) {
if (TLS1_2_VERSION == ssl->version)
version = MBEDTLS_SSL_MINOR_VERSION_3;
else if (TLS1_1_VERSION == ssl->version)
version = MBEDTLS_SSL_MINOR_VERSION_2;
else if (TLS1_VERSION == ssl->version)
version = MBEDTLS_SSL_MINOR_VERSION_1;
else
version = MBEDTLS_SSL_MINOR_VERSION_0;
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
} else {
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
}
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
#else
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
#endif
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
goto mbedtls_err2;
}
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
ssl->ssl_pm = ssl_pm;
return 0;
mbedtls_err2:
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
mbedtls_err1:
mbedtls_entropy_free(&ssl_pm->entropy);
ssl_mem_free(ssl_pm);
no_mem:
return -1;
}
/**
* @brief free SSL low-level object
*/
void ssl_pm_free(SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
mbedtls_entropy_free(&ssl_pm->entropy);
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ssl_free(&ssl_pm->ssl);
ssl_mem_free(ssl_pm);
ssl->ssl_pm = NULL;
}
/**
* @brief reload SSL low-level certification object
*/
static int ssl_pm_reload_crt(SSL *ssl)
{
int ret;
int mode;
struct ssl_pm *ssl_pm = ssl->ssl_pm;
struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
if (ssl->verify_mode == SSL_VERIFY_PEER)
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
mode = MBEDTLS_SSL_VERIFY_UNSET;
else
mode = MBEDTLS_SSL_VERIFY_NONE;
mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
if (ca_pm->x509_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
} else if (ca_pm->ex_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL);
}
if (crt_pm->x509_crt && pkey_pm->pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
} else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
} else {
ret = 0;
}
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret);
ret = -1;
}
return ret;
}
/*
* Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake.
* We can add debug here.
*/
static int mbedtls_handshake( mbedtls_ssl_context *ssl )
{
int ret = 0;
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(ssl);
SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
if (ret != 0)
break;
}
return ret;
}
int ssl_pm_handshake(SSL *ssl)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = ssl_pm_reload_crt(ssl);
if (ret)
return 0;
ssl_speed_up_enter();
while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
}
}
ssl_speed_up_exit();
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret);
ret = 0;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
ret = 1;
}
return ret;
}
int ssl_pm_shutdown(SSL *ssl)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret);
ret = -1;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
x509_pm->ex_crt = NULL;
}
return ret;
}
int ssl_pm_clear(SSL *ssl)
{
return ssl_pm_shutdown(ssl);
}
int ssl_pm_read(SSL *ssl, void *buffer, int len)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
ret = -1;
}
return ret;
}
int ssl_pm_send(SSL *ssl, const void *buffer, int len)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret);
ret = -1;
}
return ret;
}
int ssl_pm_pending(const SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl);
}
void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ssl_pm->fd.fd = fd;
}
int ssl_pm_get_fd(const SSL *ssl, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return ssl_pm->fd.fd;
}
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
switch (ssl_pm->ssl.state)
{
case MBEDTLS_SSL_CLIENT_HELLO:
state = TLS_ST_CW_CLNT_HELLO;
break;
case MBEDTLS_SSL_SERVER_HELLO:
state = TLS_ST_SW_SRVR_HELLO;
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
state = TLS_ST_SW_CERT;
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
state = TLS_ST_SW_SRVR_DONE;
break;
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
state = TLS_ST_CW_KEY_EXCH;
break;
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
state = TLS_ST_CW_CHANGE;
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
state = TLS_ST_CW_FINISHED;
break;
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
state = TLS_ST_SW_CHANGE;
break;
case MBEDTLS_SSL_SERVER_FINISHED:
state = TLS_ST_SW_FINISHED;
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
state = TLS_ST_CW_CERT;
break;
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
state = TLS_ST_SR_KEY_EXCH;
break;
case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
state = TLS_ST_SW_SESSION_TICKET;
break;
case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
state = TLS_ST_SW_CERT_REQ;
break;
case MBEDTLS_SSL_HANDSHAKE_OVER:
state = TLS_ST_OK;
break;
default :
state = TLS_ST_BEFORE;
break;
}
return state;
}
int x509_pm_show_info(X509 *x)
{
int ret;
char *buf;
mbedtls_x509_crt *x509_crt;
struct x509_pm *x509_pm = x->x509_pm;
if (x509_pm->x509_crt)
x509_crt = x509_pm->x509_crt;
else if (x509_pm->ex_crt)
x509_crt = x509_pm->ex_crt;
else
x509_crt = NULL;
if (!x509_crt)
return -1;
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
if (!buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
goto no_mem;
}
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
if (ret <= 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
goto mbedtls_err1;
}
buf[ret] = 0;
ssl_mem_free(buf);
SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
return 0;
mbedtls_err1:
ssl_mem_free(buf);
no_mem:
return -1;
}
int x509_pm_new(X509 *x, X509 *m_x)
{
struct x509_pm *x509_pm;
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
if (!x509_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
goto failed1;
}
x->x509_pm = x509_pm;
if (m_x) {
struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm;
x509_pm->ex_crt = m_x509_pm->x509_crt;
}
return 0;
failed1:
return -1;
}
void x509_pm_free(X509 *x)
{
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
if (x509_pm->x509_crt) {
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
}
ssl_mem_free(x->x509_pm);
x->x509_pm = NULL;
}
int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
if (x509_pm->x509_crt)
mbedtls_x509_crt_free(x509_pm->x509_crt);
if (!x509_pm->x509_crt) {
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
if (!x509_pm->x509_crt) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_x509_crt_init(x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
ssl_mem_free(load_buf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
goto failed;
}
return 0;
failed:
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
no_mem:
return -1;
}
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
{
struct pkey_pm *pkey_pm;
pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm));
if (!pkey_pm)
return -1;
pk->pkey_pm = pkey_pm;
if (m_pkey) {
struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm;
pkey_pm->ex_pkey = m_pkey_pm->pkey;
}
return 0;
}
void pkey_pm_free(EVP_PKEY *pk)
{
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
if (pkey_pm->pkey) {
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
}
ssl_mem_free(pk->pkey_pm);
pk->pkey_pm = NULL;
}
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
if (pkey_pm->pkey)
mbedtls_pk_free(pkey_pm->pkey);
if (!pkey_pm->pkey) {
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
if (!pkey_pm->pkey) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_pk_init(pkey_pm->pkey);
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
ssl_mem_free(load_buf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
goto failed;
}
return 0;
failed:
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
no_mem:
return -1;
}
void ssl_pm_set_bufflen(SSL *ssl, int len)
{
max_content_len = len;
}
long ssl_pm_get_verify_result(const SSL *ssl)
{
long ret;
long verify_result;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return -0x%x", -ret);
verify_result = X509_V_ERR_UNSPECIFIED;
} else
verify_result = X509_V_OK;
return verify_result;
}

180
third_party/openssl/ssl_ctx.c vendored
View File

@ -1,180 +0,0 @@
#include "ssl_ctx.h"
#include "ssl_debug.h"
#ifndef MBED_SSL_CRT_MAX_LENGTH
#define MBED_SSL_CRT_MAX_LENGTH (8 * 1024)
#endif
struct ssl_ctx* ssl_ctx_new(struct ssl_method *method)
{
int ret;
struct ssl_ctx *ctx;
struct ssl_ctx_verify *verify;
//if (!method) HANDLE_ERR(-1, go_failed1, "ssl_ctx_new:method\n");
ctx = (struct ssl_ctx *)ssl_mem_zalloc(sizeof(struct ssl_ctx));
if (!ctx) HANDLE_ERR(-2, go_failed2, "ssl_ctx_new:ctx\n");
verify = (struct ssl_ctx_verify *)ssl_mem_zalloc(sizeof(struct ssl_ctx_verify));
if (!verify) HANDLE_ERR(-3, go_failed3, "ssl_ctx_new:verify\n");
ctx->verify = verify;
return ctx;
go_failed3:
ssl_mem_free(ctx);
go_failed2:
go_failed1:
return SSL_NULL;
}
int ssl_ctx_set_verify(struct ssl_ctx *ctx, int mode,
int (*cb)(int, struct x590_store_ctx *))
{
struct ssl_ctx_verify *verify = ctx->verify;
verify->verify_mode = mode;
verify->verify_cb = cb;
return 0;
}
int ssl_ctx_load_verify(struct ssl_ctx *ctx, const char *CAfile, const char *CApath)
{
return 0;
}
int ssl_ctx_use_certificate(struct ssl_ctx *ctx, const char *file, unsigned int size)
{
return 0;
}
int ssl_ctx_use_privatekey(struct ssl_ctx *ctx, const char *file, unsigned int size)
{
return 0;
}
int ssl_ctx_check_private_key(struct ssl_ctx *ctx)
{
return 0;
}
LOCAL void ssl_ctx_verify_free(struct ssl_ctx_verify *ctx_verify)
{
if (ctx_verify->ca_crt) ssl_mem_free(ctx_verify->ca_crt);
if (ctx_verify->own_crt) ssl_mem_free(ctx_verify->own_crt);
if (ctx_verify->pk) ssl_mem_free(ctx_verify->pk);
ssl_mem_free(ctx_verify);
}
void ssl_ctx_free(struct ssl_ctx *ctx)
{
if (!ctx) return ;
ssl_ctx_verify_free(ctx->verify);
ssl_mem_free(ctx);
}
struct ssl_method* ssl_method_create(int mode, int ver)
{
return SSL_NULL;
}
LOCAL char* ssl_ctx_malloc_crt(const char *buf, unsigned int len, unsigned int *act_len)
{
int ret;
char *crt;
crt = (char *)ssl_mem_zalloc(len + 1);
if (!crt) HANDLE_ERR(-1, go_failed1, "ssl_ctx_malloc_crt\n");
ssl_memcpy(crt, buf, len);
crt[len] = '\0';
*act_len = len + 1;
return crt;
go_failed1:
return NULL;
}
int ssl_obj_memory_load(struct ssl_ctx *ctx, int type, char *buf, unsigned int len , void *attr)
{
int ret;
struct ssl_ctx_verify *verify;
if (!ctx || !ctx->verify || MBED_SSL_CRT_MAX_LENGTH < len) return -1;
verify = ctx->verify;
switch (type) {
case SSL_OBJ_X509_CACERT :
{
char *crt;
unsigned int crt_len;
crt = ssl_ctx_malloc_crt(buf, len, &crt_len);
if (!crt) HANDLE_ERR(-2, go_failed1, "ssl_obj_memory_load:CA\n");
verify->ca_crt = crt;
verify->ca_crt_len = crt_len;
ret = 0;
break;
}
case SSL_OBJ_X509_CERT :
{
char *crt;
unsigned int crt_len;
crt = ssl_ctx_malloc_crt(buf, len, &crt_len);
if (!crt) HANDLE_ERR(-3, go_failed1, "ssl_obj_memory_load:CA\n");
verify->own_crt = crt;
verify->own_crt_len = crt_len;
ret = 0;
break;
}
case SSL_OBJ_RSA_KEY :
{
char *crt;
unsigned int crt_len;
crt = ssl_ctx_malloc_crt(buf, len, &crt_len);
if (!crt) HANDLE_ERR(-4, go_failed1, "ssl_obj_memory_load:CA\n");
verify->pk = crt;
verify->pk_len = crt_len;
ret = 0;
break;
}
default :
{
ret = -2;
break;
}
}
return 0;
go_failed1:
return ret;
}
int ssl_ctx_set_option(struct ssl_ctx *ctx, int opt)
{
ctx->option = opt;
return 0;
}