mirror of
https://github.com/espressif/esp-idf.git
synced 2024-09-19 14:26:01 -04:00
openssl: Remove deprecated component
This commit is contained in:
parent
9a544c0006
commit
0630834bc3
@ -121,7 +121,6 @@
|
||||
/components/mqtt/ @esp-idf-codeowners/network
|
||||
/components/newlib/ @esp-idf-codeowners/system @esp-idf-codeowners/tools
|
||||
/components/nvs_flash/ @esp-idf-codeowners/storage
|
||||
/components/openssl/ @esp-idf-codeowners/network
|
||||
/components/openthread/ @esp-idf-codeowners/ieee802154
|
||||
/components/partition_table/ @esp-idf-codeowners/system
|
||||
/components/perfmon/ @esp-idf-codeowners/tools
|
||||
|
@ -1,13 +0,0 @@
|
||||
idf_component_register(SRCS "library/ssl_cert.c"
|
||||
"library/ssl_lib.c"
|
||||
"library/ssl_methods.c"
|
||||
"library/ssl_pkey.c"
|
||||
"library/ssl_bio.c"
|
||||
"library/ssl_err.c"
|
||||
"library/ssl_stack.c"
|
||||
"library/ssl_x509.c"
|
||||
"platform/ssl_pm.c"
|
||||
"platform/ssl_port.c"
|
||||
REQUIRES mbedtls
|
||||
INCLUDE_DIRS include
|
||||
PRIV_INCLUDE_DIRS include/internal include/platform include/openssl)
|
@ -1,78 +0,0 @@
|
||||
menu "OpenSSL"
|
||||
|
||||
config OPENSSL_DEBUG
|
||||
bool "Enable OpenSSL debugging"
|
||||
default n
|
||||
help
|
||||
Enable OpenSSL debugging function.
|
||||
|
||||
If the option is enabled, "SSL_DEBUG" works.
|
||||
|
||||
config OPENSSL_ERROR_STACK
|
||||
bool "Enable OpenSSL error structure"
|
||||
default y
|
||||
help
|
||||
Enable OpenSSL Error reporting
|
||||
|
||||
config OPENSSL_DEBUG_LEVEL
|
||||
int "OpenSSL debugging level"
|
||||
default 0
|
||||
range 0 255
|
||||
depends on OPENSSL_DEBUG
|
||||
help
|
||||
OpenSSL debugging level.
|
||||
|
||||
Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
|
||||
|
||||
For example:
|
||||
If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not
|
||||
print.
|
||||
|
||||
config OPENSSL_LOWLEVEL_DEBUG
|
||||
bool "Enable OpenSSL low-level module debugging"
|
||||
default n
|
||||
depends on OPENSSL_DEBUG
|
||||
select MBEDTLS_DEBUG
|
||||
help
|
||||
If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal
|
||||
debugging function.
|
||||
|
||||
choice OPENSSL_ASSERT
|
||||
prompt "Select OpenSSL assert function"
|
||||
default OPENSSL_ASSERT_EXIT
|
||||
help
|
||||
OpenSSL function needs "assert" function to check if input parameters are valid.
|
||||
|
||||
If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
|
||||
|
||||
config OPENSSL_ASSERT_DO_NOTHING
|
||||
bool "Do nothing"
|
||||
help
|
||||
Do nothing and "SSL_ASSERT" does not work.
|
||||
|
||||
config OPENSSL_ASSERT_EXIT
|
||||
bool "Check and exit"
|
||||
help
|
||||
Enable assert exiting, it will check and return error code.
|
||||
|
||||
config OPENSSL_ASSERT_DEBUG
|
||||
bool "Show debugging message"
|
||||
depends on OPENSSL_DEBUG
|
||||
help
|
||||
Enable assert debugging, it will check and show debugging message.
|
||||
|
||||
config OPENSSL_ASSERT_DEBUG_EXIT
|
||||
bool "Show debugging message and exit"
|
||||
depends on OPENSSL_DEBUG
|
||||
help
|
||||
Enable assert debugging and exiting, it will check, show debugging message and return error code.
|
||||
|
||||
config OPENSSL_ASSERT_DEBUG_BLOCK
|
||||
bool "Show debugging message and block"
|
||||
depends on OPENSSL_DEBUG
|
||||
help
|
||||
Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
|
||||
|
||||
endchoice
|
||||
|
||||
endmenu
|
@ -1,44 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL3_H_
|
||||
#define _SSL3_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
# define SSL3_AD_CLOSE_NOTIFY 0
|
||||
# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
|
||||
# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
|
||||
# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
|
||||
# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
|
||||
# define SSL3_AD_NO_CERTIFICATE 41
|
||||
# define SSL3_AD_BAD_CERTIFICATE 42
|
||||
# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
|
||||
# define SSL3_AD_CERTIFICATE_REVOKED 44
|
||||
# define SSL3_AD_CERTIFICATE_EXPIRED 45
|
||||
# define SSL3_AD_CERTIFICATE_UNKNOWN 46
|
||||
# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
|
||||
|
||||
# define SSL3_AL_WARNING 1
|
||||
# define SSL3_AL_FATAL 2
|
||||
|
||||
#define SSL3_VERSION 0x0300
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,55 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_CERT_H_
|
||||
#define _SSL_CERT_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_types.h"
|
||||
|
||||
/**
|
||||
* @brief create a certification object include private key object according to input certification
|
||||
*
|
||||
* @param ic - input certification point
|
||||
*
|
||||
* @return certification object point
|
||||
*/
|
||||
CERT *__ssl_cert_new(CERT *ic);
|
||||
|
||||
/**
|
||||
* @brief create a certification object include private key object
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return certification object point
|
||||
*/
|
||||
CERT* ssl_cert_new(void);
|
||||
|
||||
/**
|
||||
* @brief free a certification object
|
||||
*
|
||||
* @param cert - certification object point
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void ssl_cert_free(CERT *cert);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,128 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_CODE_H_
|
||||
#define _SSL_CODE_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl3.h"
|
||||
#include "tls1.h"
|
||||
#include "x509_vfy.h"
|
||||
|
||||
/* Used in SSL_set_mode() -- supported mode when using BIO */
|
||||
#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
|
||||
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
# define SSL_SENT_SHUTDOWN 1
|
||||
# define SSL_RECEIVED_SHUTDOWN 2
|
||||
|
||||
# define SSL_VERIFY_NONE 0x00
|
||||
# define SSL_VERIFY_PEER 0x01
|
||||
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
|
||||
# define SSL_VERIFY_CLIENT_ONCE 0x04
|
||||
|
||||
/*
|
||||
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
|
||||
* should not need these
|
||||
*/
|
||||
# define SSL_ST_READ_HEADER 0xF0
|
||||
# define SSL_ST_READ_BODY 0xF1
|
||||
# define SSL_ST_READ_DONE 0xF2
|
||||
|
||||
# define SSL_NOTHING 1
|
||||
# define SSL_WRITING 2
|
||||
# define SSL_READING 3
|
||||
# define SSL_X509_LOOKUP 4
|
||||
# define SSL_ASYNC_PAUSED 5
|
||||
# define SSL_ASYNC_NO_JOBS 6
|
||||
|
||||
|
||||
# define SSL_ERROR_NONE 0
|
||||
# define SSL_ERROR_SSL 1
|
||||
# define SSL_ERROR_WANT_READ 2
|
||||
# define SSL_ERROR_WANT_WRITE 3
|
||||
# define SSL_ERROR_WANT_X509_LOOKUP 4
|
||||
# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */
|
||||
# define SSL_ERROR_ZERO_RETURN 6
|
||||
# define SSL_ERROR_WANT_CONNECT 7
|
||||
# define SSL_ERROR_WANT_ACCEPT 8
|
||||
# define SSL_ERROR_WANT_ASYNC 9
|
||||
# define SSL_ERROR_WANT_ASYNC_JOB 10
|
||||
|
||||
/* Message flow states */
|
||||
typedef enum {
|
||||
/* No handshake in progress */
|
||||
MSG_FLOW_UNINITED,
|
||||
/* A permanent error with this connection */
|
||||
MSG_FLOW_ERROR,
|
||||
/* We are about to renegotiate */
|
||||
MSG_FLOW_RENEGOTIATE,
|
||||
/* We are reading messages */
|
||||
MSG_FLOW_READING,
|
||||
/* We are writing messages */
|
||||
MSG_FLOW_WRITING,
|
||||
/* Handshake has finished */
|
||||
MSG_FLOW_FINISHED
|
||||
} MSG_FLOW_STATE;
|
||||
|
||||
/* SSL subsystem states */
|
||||
typedef enum {
|
||||
TLS_ST_BEFORE,
|
||||
TLS_ST_OK,
|
||||
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
|
||||
TLS_ST_CR_SRVR_HELLO,
|
||||
TLS_ST_CR_CERT,
|
||||
TLS_ST_CR_CERT_STATUS,
|
||||
TLS_ST_CR_KEY_EXCH,
|
||||
TLS_ST_CR_CERT_REQ,
|
||||
TLS_ST_CR_SRVR_DONE,
|
||||
TLS_ST_CR_SESSION_TICKET,
|
||||
TLS_ST_CR_CHANGE,
|
||||
TLS_ST_CR_FINISHED,
|
||||
TLS_ST_CW_CLNT_HELLO,
|
||||
TLS_ST_CW_CERT,
|
||||
TLS_ST_CW_KEY_EXCH,
|
||||
TLS_ST_CW_CERT_VRFY,
|
||||
TLS_ST_CW_CHANGE,
|
||||
TLS_ST_CW_NEXT_PROTO,
|
||||
TLS_ST_CW_FINISHED,
|
||||
TLS_ST_SW_HELLO_REQ,
|
||||
TLS_ST_SR_CLNT_HELLO,
|
||||
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
|
||||
TLS_ST_SW_SRVR_HELLO,
|
||||
TLS_ST_SW_CERT,
|
||||
TLS_ST_SW_KEY_EXCH,
|
||||
TLS_ST_SW_CERT_REQ,
|
||||
TLS_ST_SW_SRVR_DONE,
|
||||
TLS_ST_SR_CERT,
|
||||
TLS_ST_SR_KEY_EXCH,
|
||||
TLS_ST_SR_CERT_VRFY,
|
||||
TLS_ST_SR_NEXT_PROTO,
|
||||
TLS_ST_SR_CHANGE,
|
||||
TLS_ST_SR_FINISHED,
|
||||
TLS_ST_SW_SESSION_TICKET,
|
||||
TLS_ST_SW_CERT_STATUS,
|
||||
TLS_ST_SW_CHANGE,
|
||||
TLS_ST_SW_FINISHED
|
||||
} OSSL_HANDSHAKE_STATE;
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,191 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_DEBUG_H_
|
||||
#define _SSL_DEBUG_H_
|
||||
|
||||
#include "platform/ssl_opt.h"
|
||||
#include "platform/ssl_port.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
|
||||
#define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
|
||||
#else
|
||||
#define SSL_DEBUG_LEVEL 0
|
||||
#endif
|
||||
|
||||
#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
|
||||
#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
|
||||
|
||||
#ifdef CONFIG_OPENSSL_DEBUG
|
||||
#ifndef SSL_DEBUG_LOG
|
||||
#error "SSL_DEBUG_LOG is not defined"
|
||||
#endif
|
||||
|
||||
#ifndef SSL_DEBUG_FL
|
||||
#define SSL_DEBUG_FL "\n"
|
||||
#endif
|
||||
|
||||
#define SSL_SHOW_LOCATION() \
|
||||
SSL_DEBUG_LOG("SSL assert : %s %d\n", \
|
||||
__FILE__, __LINE__)
|
||||
|
||||
#define SSL_DEBUG(level, fmt, ...) \
|
||||
{ \
|
||||
if (level > SSL_DEBUG_LEVEL) { \
|
||||
SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
|
||||
} \
|
||||
}
|
||||
#else /* CONFIG_OPENSSL_DEBUG */
|
||||
#define SSL_SHOW_LOCATION()
|
||||
|
||||
#define SSL_DEBUG(level, fmt, ...)
|
||||
#endif /* CONFIG_OPENSSL_DEBUG */
|
||||
|
||||
/**
|
||||
* OpenSSL assert function
|
||||
*
|
||||
* if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
|
||||
* if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
|
||||
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
|
||||
* then return error code.
|
||||
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
|
||||
* then block here with "while (1)"
|
||||
*
|
||||
* SSL_ASSERT1 may will return "-1", so function's return argument is integer.
|
||||
* SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
|
||||
* SSL_ASSERT2 may will return nothing, so function's return argument is "void".
|
||||
*/
|
||||
#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
|
||||
#define SSL_ASSERT1(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT2(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT3(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
} \
|
||||
}
|
||||
#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
|
||||
#define SSL_ASSERT1(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
return -1; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT2(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
return NULL; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT3(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
return ; \
|
||||
} \
|
||||
}
|
||||
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
|
||||
#define SSL_ASSERT1(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
return -1; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT2(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
return NULL; \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT3(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
return ; \
|
||||
} \
|
||||
}
|
||||
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
|
||||
#define SSL_ASSERT1(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
while (1); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT2(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
while (1); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define SSL_ASSERT3(s) \
|
||||
{ \
|
||||
if (!(s)) { \
|
||||
SSL_SHOW_LOCATION(); \
|
||||
while (1); \
|
||||
} \
|
||||
}
|
||||
#else
|
||||
#define SSL_ASSERT1(s)
|
||||
#define SSL_ASSERT2(s)
|
||||
#define SSL_ASSERT3(s)
|
||||
#endif
|
||||
|
||||
#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
|
||||
#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,28 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_LIB_H_
|
||||
#define _SSL_LIB_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_types.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,122 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_METHODS_H_
|
||||
#define _SSL_METHODS_H_
|
||||
|
||||
#include "ssl_types.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* TLS method function implement
|
||||
*/
|
||||
#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
|
||||
new, free, \
|
||||
handshake, shutdown, clear, \
|
||||
read, send, pending, \
|
||||
set_fd, set_hostname, get_fd, \
|
||||
set_bufflen, \
|
||||
get_verify_result, \
|
||||
get_state) \
|
||||
static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
|
||||
new, \
|
||||
free, \
|
||||
handshake, \
|
||||
shutdown, \
|
||||
clear, \
|
||||
read, \
|
||||
send, \
|
||||
pending, \
|
||||
set_fd, \
|
||||
set_hostname, \
|
||||
get_fd, \
|
||||
set_bufflen, \
|
||||
get_verify_result, \
|
||||
get_state \
|
||||
};
|
||||
|
||||
#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
|
||||
const SSL_METHOD* func_name(void) { \
|
||||
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
|
||||
ver, \
|
||||
mode, \
|
||||
&(fun), \
|
||||
}; \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
|
||||
const SSL_METHOD* func_name(void) { \
|
||||
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
|
||||
ver, \
|
||||
mode, \
|
||||
&(fun), \
|
||||
}; \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_X509_METHOD(func_name, \
|
||||
new, \
|
||||
free, \
|
||||
load, \
|
||||
show_info) \
|
||||
const X509_METHOD* func_name(void) { \
|
||||
static const X509_METHOD func_name##_data LOCAL_ATRR = { \
|
||||
new, \
|
||||
free, \
|
||||
load, \
|
||||
show_info \
|
||||
}; \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PKEY_METHOD(func_name, \
|
||||
new, \
|
||||
free, \
|
||||
load) \
|
||||
const PKEY_METHOD* func_name(void) { \
|
||||
static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
|
||||
new, \
|
||||
free, \
|
||||
load \
|
||||
}; \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get X509 object method
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return X509 object method point
|
||||
*/
|
||||
const X509_METHOD* X509_method(void);
|
||||
|
||||
/**
|
||||
* @brief get private key object method
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return private key object method point
|
||||
*/
|
||||
const PKEY_METHOD* EVP_PKEY_method(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,132 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_PKEY_H_
|
||||
#define _SSL_PKEY_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_types.h"
|
||||
|
||||
/**
|
||||
* @brief create a private key object according to input private key
|
||||
*
|
||||
* @param ipk - input private key point
|
||||
*
|
||||
* @return new private key object point
|
||||
*/
|
||||
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
|
||||
|
||||
/**
|
||||
* @brief create a private key object
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return private key object point
|
||||
*/
|
||||
EVP_PKEY* EVP_PKEY_new(void);
|
||||
|
||||
/**
|
||||
* @brief load a character key context into system context. If '*a' is pointed to the
|
||||
* private key, then load key into it. Or create a new private key object
|
||||
*
|
||||
* @param type - private key type
|
||||
* @param a - a point pointed to a private key point
|
||||
* @param pp - a point pointed to the key context memory point
|
||||
* @param length - key bytes
|
||||
*
|
||||
* @return private key object point
|
||||
*/
|
||||
EVP_PKEY* d2i_PrivateKey(int type,
|
||||
EVP_PKEY **a,
|
||||
const unsigned char **pp,
|
||||
long length);
|
||||
|
||||
/**
|
||||
* @brief decodes and load a buffer BIO into a EVP key context. If '*a' is pointed to the
|
||||
* private key, then load key into it. Or create a new private key object
|
||||
*
|
||||
* @param bp BIO object containing the key
|
||||
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
|
||||
*
|
||||
* @return Created or updated EVP_PKEY
|
||||
*/
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
|
||||
|
||||
/**
|
||||
* @brief Same as d2i_PrivateKey_bio
|
||||
*
|
||||
* @param bp BIO object containing the key
|
||||
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
|
||||
*
|
||||
* @return Created or updated EVP_PKEY
|
||||
*/
|
||||
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
|
||||
|
||||
/**
|
||||
* @brief loads a private key in PEM format from BIO object
|
||||
*
|
||||
* @param bp BIO object containing the key
|
||||
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
|
||||
* @param cb Password callback (not used)
|
||||
* @param u User context (not used)
|
||||
*
|
||||
* @return Created or updated EVP_PKEY
|
||||
*/
|
||||
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
|
||||
|
||||
/**
|
||||
* @brief RSA key in PEM format from BIO object
|
||||
*
|
||||
* @param bp BIO object containing the key
|
||||
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
|
||||
* @param cb Password callback (not used)
|
||||
* @param u User context (not used)
|
||||
*
|
||||
* @return Created or updated EVP_PKEY
|
||||
*/
|
||||
|
||||
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u);
|
||||
|
||||
/**
|
||||
* @brief free a private key object
|
||||
*
|
||||
* @param pkey - private key object point
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void EVP_PKEY_free(EVP_PKEY *x);
|
||||
|
||||
/**
|
||||
* @brief load private key into the SSL
|
||||
*
|
||||
* @param type - private key type
|
||||
* @param ssl - SSL point
|
||||
* @param len - data bytes
|
||||
* @param d - data point
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,95 +0,0 @@
|
||||
#ifndef _SSL_STACK_H_
|
||||
#define _SSL_STACK_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_types.h"
|
||||
|
||||
#define STACK_OF(type) struct stack_st_##type
|
||||
|
||||
#define SKM_DEFINE_STACK_OF(t1, t2, t3) \
|
||||
STACK_OF(t1); \
|
||||
static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
|
||||
{ \
|
||||
return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
|
||||
} \
|
||||
|
||||
#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
|
||||
typedef struct asn1_string_st ASN1_OCTET_STRING;
|
||||
|
||||
struct stack_st_GENERAL_NAME;
|
||||
typedef struct GENERAL_NAME_st {
|
||||
int type;
|
||||
union {
|
||||
char *ptr;
|
||||
struct asn1_string_st* dNSName;
|
||||
ASN1_OCTET_STRING* iPAddress;
|
||||
} d;
|
||||
} GENERAL_NAME;
|
||||
|
||||
typedef struct asn1_string_st ASN1_OCTET_STRING;
|
||||
typedef struct X509_name_st X509_NAME;
|
||||
typedef struct asn1_string_st ASN1_STRING;
|
||||
typedef struct X509_name_entry_st X509_NAME_ENTRY;
|
||||
|
||||
typedef struct asn1_string_st {
|
||||
int type;
|
||||
int length;
|
||||
void *data;
|
||||
} ASN1_IA5STRING;
|
||||
|
||||
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
|
||||
|
||||
/**
|
||||
* @brief get nr of stack items
|
||||
*
|
||||
* @param sk Stack structure pointer
|
||||
*
|
||||
* @return number of items in the stack
|
||||
*/
|
||||
size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk);
|
||||
|
||||
/**
|
||||
* @brief get GENERAL_NAME value from the stack
|
||||
*
|
||||
* @param sk Stack structure pointer
|
||||
* @param i Index to stack item
|
||||
*
|
||||
* @return GENERAL_NAME object pointer
|
||||
*/
|
||||
GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i);
|
||||
|
||||
/**
|
||||
* @brief create a openssl stack object
|
||||
*
|
||||
* @param c - stack function
|
||||
*
|
||||
* @return openssl stack object point
|
||||
*/
|
||||
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c);
|
||||
|
||||
/**
|
||||
* @brief create a NULL function openssl stack object
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return openssl stack object point
|
||||
*/
|
||||
OPENSSL_STACK *OPENSSL_sk_new_null(void);
|
||||
|
||||
/**
|
||||
* @brief free openssl stack object
|
||||
*
|
||||
* @param openssl stack object point
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void OPENSSL_sk_free(OPENSSL_STACK *stack);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,346 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_TYPES_H_
|
||||
#define _SSL_TYPES_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_code.h"
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
typedef void SSL_CIPHER;
|
||||
|
||||
typedef void X509_STORE_CTX;
|
||||
typedef void X509_STORE;
|
||||
|
||||
typedef void RSA;
|
||||
|
||||
typedef void STACK;
|
||||
|
||||
typedef void DH;
|
||||
|
||||
#define ossl_inline inline
|
||||
|
||||
#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__)
|
||||
#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__)
|
||||
#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__)
|
||||
|
||||
typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
|
||||
typedef int (*openssl_verify_callback)(int, X509_STORE_CTX *);
|
||||
struct stack_st;
|
||||
typedef struct stack_st OPENSSL_STACK;
|
||||
|
||||
struct ssl_method_st;
|
||||
typedef struct ssl_method_st SSL_METHOD;
|
||||
|
||||
struct ssl_method_func_st;
|
||||
typedef struct ssl_method_func_st SSL_METHOD_FUNC;
|
||||
|
||||
struct record_layer_st;
|
||||
typedef struct record_layer_st RECORD_LAYER;
|
||||
|
||||
struct ossl_statem_st;
|
||||
typedef struct ossl_statem_st OSSL_STATEM;
|
||||
|
||||
struct ssl_session_st;
|
||||
typedef struct ssl_session_st SSL_SESSION;
|
||||
|
||||
struct ssl_ctx_st;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
|
||||
struct ssl_st;
|
||||
typedef struct ssl_st SSL;
|
||||
|
||||
struct cert_st;
|
||||
typedef struct cert_st CERT;
|
||||
|
||||
struct x509_st;
|
||||
typedef struct x509_st X509;
|
||||
|
||||
struct X509_VERIFY_PARAM_st;
|
||||
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
|
||||
|
||||
struct evp_pkey_st;
|
||||
typedef struct evp_pkey_st EVP_PKEY;
|
||||
|
||||
struct x509_method_st;
|
||||
typedef struct x509_method_st X509_METHOD;
|
||||
|
||||
struct pkey_method_st;
|
||||
typedef struct pkey_method_st PKEY_METHOD;
|
||||
|
||||
struct ssl_alpn_st;
|
||||
typedef struct ssl_alpn_st SSL_ALPN;
|
||||
|
||||
struct bio_st;
|
||||
typedef struct bio_st BIO;
|
||||
|
||||
struct stack_st {
|
||||
|
||||
char **data;
|
||||
|
||||
int num_alloc;
|
||||
|
||||
OPENSSL_sk_compfunc c;
|
||||
};
|
||||
|
||||
struct evp_pkey_st {
|
||||
|
||||
void *pkey_pm;
|
||||
|
||||
const PKEY_METHOD *method;
|
||||
|
||||
int ref_counter;
|
||||
};
|
||||
|
||||
struct x509_st {
|
||||
|
||||
/* X509 certification platform private point */
|
||||
void *x509_pm;
|
||||
|
||||
const X509_METHOD *method;
|
||||
|
||||
int ref_counter;
|
||||
};
|
||||
|
||||
struct cert_st {
|
||||
|
||||
int sec_level;
|
||||
|
||||
X509 *x509;
|
||||
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
};
|
||||
|
||||
struct ossl_statem_st {
|
||||
|
||||
MSG_FLOW_STATE state;
|
||||
|
||||
int hand_state;
|
||||
};
|
||||
|
||||
struct record_layer_st {
|
||||
|
||||
int rstate;
|
||||
|
||||
int read_ahead;
|
||||
};
|
||||
|
||||
struct ssl_session_st {
|
||||
|
||||
long timeout;
|
||||
|
||||
long time;
|
||||
|
||||
X509 *peer;
|
||||
};
|
||||
|
||||
struct X509_VERIFY_PARAM_st {
|
||||
|
||||
int depth;
|
||||
|
||||
};
|
||||
|
||||
struct bio_st {
|
||||
|
||||
unsigned char * data;
|
||||
int dlen;
|
||||
BIO* peer;
|
||||
size_t offset;
|
||||
size_t roffset;
|
||||
size_t size;
|
||||
size_t flags;
|
||||
size_t type;
|
||||
|
||||
};
|
||||
|
||||
typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
|
||||
struct ssl_alpn_st {
|
||||
ALPN_STATUS alpn_status;
|
||||
/* This is dynamically allocated */
|
||||
char *alpn_string;
|
||||
/* This only points to the members in the string */
|
||||
#define ALPN_LIST_MAX 10
|
||||
const char *alpn_list[ALPN_LIST_MAX];
|
||||
};
|
||||
|
||||
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
|
||||
|
||||
|
||||
struct ssl_ctx_st
|
||||
{
|
||||
int version;
|
||||
|
||||
int references;
|
||||
|
||||
unsigned long options;
|
||||
|
||||
SSL_ALPN ssl_alpn;
|
||||
|
||||
const SSL_METHOD *method;
|
||||
|
||||
CERT *cert;
|
||||
|
||||
X509 *client_CA;
|
||||
|
||||
int verify_mode;
|
||||
|
||||
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
|
||||
|
||||
long session_timeout;
|
||||
|
||||
int read_ahead;
|
||||
|
||||
int read_buffer_len;
|
||||
|
||||
X509_VERIFY_PARAM param;
|
||||
|
||||
void *default_passwd_callback_userdata;
|
||||
|
||||
pem_password_cb *default_passwd_callback;
|
||||
|
||||
struct stack_st_X509 *extra_certs;
|
||||
|
||||
int max_version;
|
||||
int min_version;
|
||||
|
||||
};
|
||||
|
||||
struct ssl_st
|
||||
{
|
||||
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
|
||||
int version;
|
||||
|
||||
unsigned long options;
|
||||
|
||||
/* shut things down(0x01 : sent, 0x02 : received) */
|
||||
int shutdown;
|
||||
|
||||
CERT *cert;
|
||||
|
||||
X509 *client_CA;
|
||||
|
||||
SSL_CTX *ctx;
|
||||
|
||||
const SSL_METHOD *method;
|
||||
|
||||
RECORD_LAYER rlayer;
|
||||
|
||||
/* where we are */
|
||||
OSSL_STATEM statem;
|
||||
|
||||
SSL_SESSION *session;
|
||||
|
||||
int verify_mode;
|
||||
|
||||
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
|
||||
|
||||
int rwstate;
|
||||
|
||||
long verify_result;
|
||||
|
||||
X509_VERIFY_PARAM param;
|
||||
|
||||
uint32_t mode;
|
||||
|
||||
void (*info_callback) (const SSL *ssl, int type, int val);
|
||||
|
||||
/* SSL low-level system arch point */
|
||||
void *ssl_pm;
|
||||
void *bio;
|
||||
};
|
||||
|
||||
struct ssl_method_st {
|
||||
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
|
||||
int version;
|
||||
|
||||
/* SSL mode(client(0) , server(1), not known(-1)) */
|
||||
int endpoint;
|
||||
|
||||
const SSL_METHOD_FUNC *func;
|
||||
};
|
||||
|
||||
struct ssl_method_func_st {
|
||||
|
||||
int (*ssl_new)(SSL *ssl);
|
||||
|
||||
void (*ssl_free)(SSL *ssl);
|
||||
|
||||
int (*ssl_handshake)(SSL *ssl);
|
||||
|
||||
int (*ssl_shutdown)(SSL *ssl);
|
||||
|
||||
int (*ssl_clear)(SSL *ssl);
|
||||
|
||||
int (*ssl_read)(SSL *ssl, void *buffer, int len);
|
||||
|
||||
int (*ssl_send)(SSL *ssl, const void *buffer, int len);
|
||||
|
||||
int (*ssl_pending)(const SSL *ssl);
|
||||
|
||||
void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
|
||||
|
||||
void (*ssl_set_hostname)(SSL *ssl, const char *hostname);
|
||||
|
||||
int (*ssl_get_fd)(const SSL *ssl, int mode);
|
||||
|
||||
void (*ssl_set_bufflen)(SSL *ssl, int len);
|
||||
|
||||
long (*ssl_get_verify_result)(const SSL *ssl);
|
||||
|
||||
OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
|
||||
};
|
||||
|
||||
struct x509_method_st {
|
||||
|
||||
int (*x509_new)(X509 *x, X509 *m_x);
|
||||
|
||||
void (*x509_free)(X509 *x);
|
||||
|
||||
int (*x509_load)(X509 *x, const unsigned char *buf, int len);
|
||||
|
||||
int (*x509_show_info)(X509 *x);
|
||||
};
|
||||
|
||||
struct pkey_method_st {
|
||||
|
||||
int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey);
|
||||
|
||||
void (*pkey_free)(EVP_PKEY *pkey);
|
||||
|
||||
int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
|
||||
};
|
||||
|
||||
struct bio_method_st {
|
||||
|
||||
unsigned type;
|
||||
|
||||
unsigned size;
|
||||
};
|
||||
|
||||
|
||||
typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
|
||||
unsigned char *outlen, const unsigned char *in,
|
||||
unsigned int inlen, void *arg);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,152 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_X509_H_
|
||||
#define _SSL_X509_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl_types.h"
|
||||
#include "ssl_stack.h"
|
||||
|
||||
DEFINE_STACK_OF(X509_NAME)
|
||||
|
||||
/**
|
||||
* @brief create a X509 certification object according to input X509 certification
|
||||
*
|
||||
* @param ix - input X509 certification point
|
||||
*
|
||||
* @return new X509 certification object point
|
||||
*/
|
||||
X509* __X509_new(X509 *ix);
|
||||
|
||||
/**
|
||||
* @brief create a X509 certification object
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return X509 certification object point
|
||||
*/
|
||||
X509* X509_new(void);
|
||||
|
||||
/**
|
||||
* @brief load a character certification context into system context. If '*cert' is pointed to the
|
||||
* certification, then load certification into it. Or create a new X509 certification object
|
||||
*
|
||||
* @param cert - a point pointed to X509 certification
|
||||
* @param buffer - a point pointed to the certification context memory point
|
||||
* @param length - certification bytes
|
||||
*
|
||||
* @return X509 certification object point
|
||||
*/
|
||||
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
|
||||
|
||||
/**
|
||||
* @brief free a X509 certification object
|
||||
*
|
||||
* @param x - X509 certification object point
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void X509_free(X509 *x);
|
||||
|
||||
/**
|
||||
* @brief set SSL context client CA certification
|
||||
*
|
||||
* @param ctx - SSL context point
|
||||
* @param x - X509 certification point
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
|
||||
|
||||
/**
|
||||
* @brief add CA client certification into the SSL
|
||||
*
|
||||
* @param ssl - SSL point
|
||||
* @param x - X509 certification point
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int SSL_add_client_CA(SSL *ssl, X509 *x);
|
||||
|
||||
/**
|
||||
* @brief load certification into the SSL
|
||||
*
|
||||
* @param ssl - SSL point
|
||||
* @param len - data bytes
|
||||
* @param d - data point
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*
|
||||
*/
|
||||
int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
|
||||
|
||||
|
||||
/**
|
||||
* @brief set SSL context client CA certification
|
||||
*
|
||||
* @param store - pointer to X509_STORE
|
||||
* @param x - pointer to X509 certification point
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int X509_STORE_add_cert(X509_STORE *store, X509 *x);
|
||||
|
||||
/**
|
||||
* @brief load a character certification context into system context.
|
||||
*
|
||||
* If '*cert' is pointed to the certification, then load certification
|
||||
* into it, or create a new X509 certification object.
|
||||
*
|
||||
* @param bp - pointer to BIO
|
||||
* @param buffer - pointer to the certification context memory
|
||||
* @param cb - pointer to a callback which queries pass phrase used
|
||||
for encrypted PEM structure
|
||||
* @param u - pointer to arbitary data passed by application to callback
|
||||
*
|
||||
* @return X509 certification object point
|
||||
*/
|
||||
X509 * PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb cb, void *u);
|
||||
|
||||
/**
|
||||
* @brief load a character certification context into system context.
|
||||
*
|
||||
* Current implementation directly calls PEM_read_bio_X509
|
||||
*
|
||||
* @param bp - pointer to BIO
|
||||
* @param buffer - pointer to the certification context memory
|
||||
* @param cb - pointer to the callback (not implemented)
|
||||
* @param u - pointer to arbitrary data (not implemented)
|
||||
*
|
||||
* @return X509 certification object point
|
||||
*/
|
||||
X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,55 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _TLS1_H_
|
||||
#define _TLS1_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
# define TLS1_AD_DECRYPTION_FAILED 21
|
||||
# define TLS1_AD_RECORD_OVERFLOW 22
|
||||
# define TLS1_AD_UNKNOWN_CA 48/* fatal */
|
||||
# define TLS1_AD_ACCESS_DENIED 49/* fatal */
|
||||
# define TLS1_AD_DECODE_ERROR 50/* fatal */
|
||||
# define TLS1_AD_DECRYPT_ERROR 51
|
||||
# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
|
||||
# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
|
||||
# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
|
||||
# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
|
||||
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
|
||||
# define TLS1_AD_USER_CANCELLED 90
|
||||
# define TLS1_AD_NO_RENEGOTIATION 100
|
||||
/* codes 110-114 are from RFC3546 */
|
||||
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
|
||||
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
|
||||
# define TLS1_AD_UNRECOGNIZED_NAME 112
|
||||
# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
|
||||
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
|
||||
# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
|
||||
# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
|
||||
|
||||
/* Special value for method supporting multiple versions */
|
||||
#define TLS_ANY_VERSION 0x10000
|
||||
|
||||
#define TLS1_VERSION 0x0301
|
||||
#define TLS1_1_VERSION 0x0302
|
||||
#define TLS1_2_VERSION 0x0303
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,111 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _X509_VFY_H_
|
||||
#define _X509_VFY_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define X509_V_OK 0
|
||||
#define X509_V_ERR_UNSPECIFIED 1
|
||||
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
||||
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
|
||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
|
||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
|
||||
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
|
||||
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
|
||||
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
|
||||
#define X509_V_ERR_CERT_NOT_YET_VALID 9
|
||||
#define X509_V_ERR_CERT_HAS_EXPIRED 10
|
||||
#define X509_V_ERR_CRL_NOT_YET_VALID 11
|
||||
#define X509_V_ERR_CRL_HAS_EXPIRED 12
|
||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
|
||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
|
||||
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
|
||||
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
|
||||
#define X509_V_ERR_OUT_OF_MEM 17
|
||||
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
|
||||
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
|
||||
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
|
||||
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
|
||||
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
|
||||
#define X509_V_ERR_CERT_REVOKED 23
|
||||
#define X509_V_ERR_INVALID_CA 24
|
||||
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
|
||||
#define X509_V_ERR_INVALID_PURPOSE 26
|
||||
#define X509_V_ERR_CERT_UNTRUSTED 27
|
||||
#define X509_V_ERR_CERT_REJECTED 28
|
||||
/* These are 'informational' when looking for issuer cert */
|
||||
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
|
||||
#define X509_V_ERR_AKID_SKID_MISMATCH 30
|
||||
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
|
||||
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
|
||||
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
|
||||
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
|
||||
#define X509_V_ERR_INVALID_NON_CA 37
|
||||
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
|
||||
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
|
||||
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
|
||||
#define X509_V_ERR_INVALID_EXTENSION 41
|
||||
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
|
||||
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
|
||||
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
|
||||
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
|
||||
#define X509_V_ERR_UNNESTED_RESOURCE 46
|
||||
#define X509_V_ERR_PERMITTED_VIOLATION 47
|
||||
#define X509_V_ERR_EXCLUDED_VIOLATION 48
|
||||
#define X509_V_ERR_SUBTREE_MINMAX 49
|
||||
/* The application is not happy */
|
||||
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
||||
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
||||
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
||||
/* Another issuer check debug option */
|
||||
#define X509_V_ERR_PATH_LOOP 55
|
||||
/* Suite B mode algorithm violation */
|
||||
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
||||
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
||||
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
||||
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
||||
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
||||
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
||||
/* Host, email and IP check errors */
|
||||
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
||||
#define X509_V_ERR_EMAIL_MISMATCH 63
|
||||
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
||||
/* DANE TLSA errors */
|
||||
#define X509_V_ERR_DANE_NO_MATCH 65
|
||||
/* security level errors */
|
||||
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
|
||||
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
|
||||
#define X509_V_ERR_CA_MD_TOO_WEAK 68
|
||||
/* Caller error */
|
||||
#define X509_V_ERR_INVALID_CALL 69
|
||||
/* Issuer lookup error */
|
||||
#define X509_V_ERR_STORE_LOOKUP 70
|
||||
/* Certificate transparency */
|
||||
#define X509_V_ERR_NO_VALID_SCTS 71
|
||||
|
||||
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,179 +0,0 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _OPENSSL_BIO_H
|
||||
#define _OPENSSL_BIO_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* These are the 'types' of BIOs */
|
||||
#define BIO_TYPE_NONE 0
|
||||
#define BIO_TYPE_MEM (1 | 0x0400)
|
||||
#define BIO_TYPE_BIO (19 | 0x0400) /* (half a) BIO pair */
|
||||
|
||||
/* Bio object flags */
|
||||
#define BIO_FLAGS_READ 0x01
|
||||
#define BIO_FLAGS_WRITE 0x02
|
||||
|
||||
#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
|
||||
#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
|
||||
|
||||
typedef struct bio_st BIO;
|
||||
typedef struct bio_method_st BIO_METHOD;
|
||||
|
||||
/**
|
||||
* @brief Create a BIO object as a file type
|
||||
* Current implementation return NULL as file types are discouraged on ESP platform
|
||||
*
|
||||
* @param filename Filename
|
||||
* @param mode Mode
|
||||
*
|
||||
* @return BIO object
|
||||
*/
|
||||
BIO *BIO_new_file(const char *filename, const char *mode);
|
||||
|
||||
/**
|
||||
* @brief Create a BIO object as a membuf type
|
||||
* Current implementation takes a shallow copy of the buffer
|
||||
*
|
||||
* @param buf Pointer to the buffer
|
||||
* @param len Length of the buffer
|
||||
*
|
||||
* @return BIO object
|
||||
*/
|
||||
BIO *BIO_new_mem_buf(void *buf, int len);
|
||||
|
||||
/**
|
||||
* @brief create a BIO object
|
||||
*
|
||||
* @param method - pointer to BIO_METHOD
|
||||
*
|
||||
* @return pointer to BIO object
|
||||
*/
|
||||
BIO *BIO_new(BIO_METHOD * method);
|
||||
|
||||
/**
|
||||
* @brief get the memory BIO method function
|
||||
*/
|
||||
void *BIO_s_mem(void);
|
||||
|
||||
/**
|
||||
* @brief free a BIO object
|
||||
*
|
||||
* @param x - pointer to BIO object
|
||||
*/
|
||||
void BIO_free(BIO *b);
|
||||
|
||||
/**
|
||||
* @brief Create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2
|
||||
*
|
||||
* @param out1 pointer to BIO1
|
||||
* @param writebuf1 write size of BIO1 (0 means default size will be used)
|
||||
* @param out2 pointer to BIO2
|
||||
* @param writebuf2 write size of BIO2 (0 means default size will be used)
|
||||
*
|
||||
* @return result
|
||||
* 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2);
|
||||
|
||||
/**
|
||||
* @brief Write data to BIO
|
||||
*
|
||||
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object, other BIO types mock
|
||||
* this functionality to avoid excessive allocation/copy, so the 'data' cannot
|
||||
* be freed after the function is called, it should remain valid until BIO object is in use.
|
||||
*
|
||||
* @param b - pointer to BIO
|
||||
* @param data - pointer to data
|
||||
* @param dlen - data bytes
|
||||
*
|
||||
* @return result
|
||||
* -1, 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int BIO_write(BIO *b, const void *data, int dlen);
|
||||
|
||||
/**
|
||||
* @brief Read data from BIO
|
||||
*
|
||||
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object.
|
||||
* Other types just hold pointer
|
||||
*
|
||||
* @param b - pointer to BIO
|
||||
* @param data - pointer to data
|
||||
* @param dlen - data bytes
|
||||
*
|
||||
* @return result
|
||||
* -1, 0 : failed
|
||||
* 1 : OK
|
||||
*/
|
||||
int BIO_read(BIO *bio, void *data, int len);
|
||||
|
||||
/**
|
||||
* @brief Get number of pending characters in the BIOs write buffers.
|
||||
*
|
||||
* @param b Pointer to BIO
|
||||
*
|
||||
* @return Amount of pending data
|
||||
*/
|
||||
size_t BIO_wpending(const BIO *bio);
|
||||
|
||||
/**
|
||||
* @brief Get number of pending characters in the BIOs read buffers.
|
||||
*
|
||||
* @param b Pointer to BIO
|
||||
*
|
||||
* @return Amount of pending data
|
||||
*/
|
||||
size_t BIO_ctrl_pending(const BIO *bio);
|
||||
|
||||
/**
|
||||
* @brief Get the maximum length of data that can be currently written to the BIO
|
||||
*
|
||||
* @param b Pointer to BIO
|
||||
*
|
||||
* @return Max length of writable data
|
||||
*/
|
||||
size_t BIO_ctrl_get_write_guarantee(BIO *bio);
|
||||
|
||||
/**
|
||||
* @brief Returns the type of a BIO.
|
||||
*
|
||||
* @param b Pointer to BIO
|
||||
*
|
||||
* @return Type of the BIO object
|
||||
*/
|
||||
int BIO_method_type(const BIO *b);
|
||||
|
||||
/**
|
||||
* @brief Test flags of a BIO.
|
||||
*
|
||||
* @param b Pointer to BIO
|
||||
* @param flags Flags
|
||||
*
|
||||
* @return BIO object flags masked with the supplied flags
|
||||
*/
|
||||
int BIO_test_flags(const BIO *b, int flags);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif //_OPENSSL_BIO_H
|
@ -1,228 +0,0 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _OPENSSL_ERR_H
|
||||
#define _OPENSSL_ERR_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @note This file contains a very simple implementation of error stack
|
||||
* for ESP APIs stubs to OpenSSL
|
||||
*/
|
||||
|
||||
#define OPENSSL_PUT_SYSTEM_ERROR() \
|
||||
ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
|
||||
|
||||
#define OPENSSL_PUT_LIB_ERROR(lib, code) \
|
||||
ERR_put_error(lib, 0, code, __FILE__, __LINE__);
|
||||
|
||||
#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff))
|
||||
#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xffff))
|
||||
#define ERR_R_PEM_LIB ERR_LIB_PEM
|
||||
/* inherent openssl errors */
|
||||
# define ERR_R_FATAL 64
|
||||
# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
|
||||
# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL)
|
||||
# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
|
||||
# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
|
||||
# define ERR_R_DISABLED (5|ERR_R_FATAL)
|
||||
# define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
|
||||
# define ERR_R_PASSED_INVALID_ARGUMENT (7)
|
||||
# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL)
|
||||
# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL)
|
||||
# define ERR_R_INTERRUPTED_OR_CANCELLED (10)
|
||||
|
||||
enum {
|
||||
ERR_LIB_NONE = 1,
|
||||
ERR_LIB_SYS,
|
||||
ERR_LIB_BN,
|
||||
ERR_LIB_RSA,
|
||||
ERR_LIB_DH,
|
||||
ERR_LIB_EVP,
|
||||
ERR_LIB_BUF,
|
||||
ERR_LIB_OBJ,
|
||||
ERR_LIB_PEM,
|
||||
ERR_LIB_DSA,
|
||||
ERR_LIB_X509,
|
||||
ERR_LIB_ASN1,
|
||||
ERR_LIB_CONF,
|
||||
ERR_LIB_CRYPTO,
|
||||
ERR_LIB_EC,
|
||||
ERR_LIB_SSL,
|
||||
ERR_LIB_BIO,
|
||||
ERR_LIB_PKCS7,
|
||||
ERR_LIB_PKCS8,
|
||||
ERR_LIB_X509V3,
|
||||
ERR_LIB_RAND,
|
||||
ERR_LIB_ENGINE,
|
||||
ERR_LIB_OCSP,
|
||||
ERR_LIB_UI,
|
||||
ERR_LIB_COMP,
|
||||
ERR_LIB_ECDSA,
|
||||
ERR_LIB_ECDH,
|
||||
ERR_LIB_HMAC,
|
||||
ERR_LIB_DIGEST,
|
||||
ERR_LIB_CIPHER,
|
||||
ERR_LIB_HKDF,
|
||||
ERR_LIB_USER,
|
||||
ERR_NUM_LIBS
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief clear the SSL error code
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void ERR_clear_error(void);
|
||||
|
||||
/**
|
||||
* @brief get the current SSL error code
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_get_error(void);
|
||||
|
||||
/**
|
||||
* @brief peek the current SSL error code, not clearing it
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_peek_error(void);
|
||||
|
||||
/**
|
||||
* @brief peek the last SSL error code, not clearing it
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_peek_last_error(void);
|
||||
|
||||
/**
|
||||
* @brief register the SSL error strings
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void ERR_load_SSL_strings(void);
|
||||
|
||||
/**
|
||||
* @brief clear the SSL error code
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return none
|
||||
*/
|
||||
void ERR_clear_error(void);
|
||||
|
||||
/**
|
||||
* @brief peek the current SSL error code, not clearing it
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_peek_error(void);
|
||||
|
||||
/**
|
||||
* @brief peek the last SSL error code, not clearing it
|
||||
*
|
||||
* @param none
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_peek_last_error(void);
|
||||
|
||||
/**
|
||||
* @brief capture the current error to the error structure
|
||||
*
|
||||
* @param library Related library
|
||||
* @param unused Not used (used for compliant function prototype)
|
||||
* @param reason The actual error code
|
||||
* @param file File name of the error report
|
||||
* @param line Line number of the error report
|
||||
*
|
||||
*/
|
||||
void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line);
|
||||
|
||||
/**
|
||||
* @brief Peek the current SSL error, not clearing it
|
||||
*
|
||||
* @param file file name of the reported error
|
||||
* @param line line number of the reported error
|
||||
* @param data Associated data to the reported error
|
||||
* @param flags Flags associated to the error
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_peek_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
/**
|
||||
* @brief Get the current SSL error
|
||||
*
|
||||
* @param file file name of the reported error
|
||||
* @param line line number of the reported error
|
||||
* @param data Associated data to the reported error
|
||||
* @param flags Flags associated to the error
|
||||
*
|
||||
* @return current SSL error number
|
||||
*/
|
||||
uint32_t ERR_get_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
/**
|
||||
* @brief API provided as a declaration only
|
||||
*
|
||||
*/
|
||||
void SSL_load_error_strings(void);
|
||||
|
||||
/**
|
||||
* @brief API provided as a declaration only
|
||||
*
|
||||
*/
|
||||
void ERR_free_strings(void);
|
||||
|
||||
/**
|
||||
* @brief API provided as a declaration only
|
||||
*
|
||||
*/
|
||||
void ERR_remove_state(unsigned long pid);
|
||||
|
||||
/**
|
||||
* @brief Returns error string -- Not implemented
|
||||
*
|
||||
* @param packed_error Packed error code
|
||||
*
|
||||
* @return NULL
|
||||
*/
|
||||
const char *ERR_reason_error_string(uint32_t packed_error);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // _OPENSSL_ERR_H
|
File diff suppressed because it is too large
Load Diff
@ -1,20 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_OPT_H_
|
||||
#define _SSL_OPT_H_
|
||||
|
||||
#include "sdkconfig.h"
|
||||
|
||||
#endif
|
@ -1,63 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_PM_H_
|
||||
#define _SSL_PM_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include "ssl_types.h"
|
||||
#include "ssl_port.h"
|
||||
|
||||
#define LOCAL_ATRR
|
||||
|
||||
int ssl_pm_new(SSL *ssl);
|
||||
void ssl_pm_free(SSL *ssl);
|
||||
|
||||
int ssl_pm_handshake(SSL *ssl);
|
||||
int ssl_pm_shutdown(SSL *ssl);
|
||||
int ssl_pm_clear(SSL *ssl);
|
||||
|
||||
int ssl_pm_read(SSL *ssl, void *buffer, int len);
|
||||
int ssl_pm_send(SSL *ssl, const void *buffer, int len);
|
||||
int ssl_pm_pending(const SSL *ssl);
|
||||
|
||||
void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
|
||||
int ssl_pm_get_fd(const SSL *ssl, int mode);
|
||||
|
||||
void ssl_pm_set_hostname(SSL *ssl, const char *hostname);
|
||||
|
||||
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
|
||||
|
||||
void ssl_pm_set_bufflen(SSL *ssl, int len);
|
||||
|
||||
int x509_pm_show_info(X509 *x);
|
||||
int x509_pm_new(X509 *x, X509 *m_x);
|
||||
void x509_pm_free(X509 *x);
|
||||
int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
|
||||
|
||||
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk);
|
||||
void pkey_pm_free(EVP_PKEY *pk);
|
||||
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
|
||||
|
||||
long ssl_pm_get_verify_result(const SSL *ssl);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,45 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_PORT_H_
|
||||
#define _SSL_PORT_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "esp_types.h"
|
||||
#include "esp_log.h"
|
||||
#include "string.h"
|
||||
#include "malloc.h"
|
||||
|
||||
void *ssl_mem_zalloc(size_t size);
|
||||
|
||||
#define ssl_mem_malloc malloc
|
||||
#define ssl_mem_free free
|
||||
|
||||
#define ssl_memcpy memcpy
|
||||
#define ssl_strlen strlen
|
||||
|
||||
#define ssl_speed_up_enter()
|
||||
#define ssl_speed_up_exit()
|
||||
|
||||
#define SSL_DEBUG_FL
|
||||
#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,209 +0,0 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_lib.h"
|
||||
#include "openssl/bio.h"
|
||||
#include "ssl_dbg.h"
|
||||
#include "openssl/err.h"
|
||||
|
||||
#define DEFAULT_BIO_SIZE 1024
|
||||
|
||||
BIO *BIO_new_mem_buf(void *buf, int len)
|
||||
{
|
||||
BIO_METHOD m = { .type = BIO_TYPE_MEM, .size = 0 };
|
||||
BIO *b = BIO_new(&m);
|
||||
if (b) {
|
||||
b->dlen = len;
|
||||
b->data = buf;
|
||||
}
|
||||
return b;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a BIO object
|
||||
*/
|
||||
BIO *BIO_new(BIO_METHOD * method)
|
||||
{
|
||||
BIO *b = (BIO *)ssl_mem_zalloc(sizeof(BIO));
|
||||
if (!b) {
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (method) {
|
||||
b->size = method->size;
|
||||
b->type = method->type;
|
||||
} else {
|
||||
b->type = BIO_TYPE_NONE;
|
||||
}
|
||||
if ((b->type & BIO_TYPE_BIO) && b->size) {
|
||||
b->data = ssl_mem_zalloc(b->size);
|
||||
if (!b->data) {
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
return b;
|
||||
|
||||
err:
|
||||
if (b && (b->type&BIO_TYPE_BIO)) {
|
||||
ssl_mem_free(b->data);
|
||||
}
|
||||
ssl_mem_free(b);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free a BIO object
|
||||
*/
|
||||
void BIO_free(BIO *b)
|
||||
{
|
||||
if (b && (b->type&BIO_TYPE_BIO)) {
|
||||
ssl_mem_free(b->data);
|
||||
}
|
||||
ssl_mem_free(b);
|
||||
}
|
||||
|
||||
int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2)
|
||||
{
|
||||
BIO *bio1 = NULL;
|
||||
BIO *bio2 = NULL;
|
||||
if (!writebuf1) {
|
||||
writebuf1 = DEFAULT_BIO_SIZE;
|
||||
}
|
||||
if (!writebuf2) {
|
||||
writebuf2 = DEFAULT_BIO_SIZE;
|
||||
}
|
||||
BIO_METHOD m1 = {
|
||||
.size = writebuf1,
|
||||
.type = BIO_TYPE_BIO,
|
||||
};
|
||||
BIO_METHOD m2 = {
|
||||
.size = writebuf1,
|
||||
.type = BIO_TYPE_BIO,
|
||||
};
|
||||
bio1 = BIO_new(&m1);
|
||||
if (!bio1) {
|
||||
goto err;
|
||||
}
|
||||
bio2 = BIO_new(&m2);
|
||||
if (!bio2) {
|
||||
goto err;
|
||||
}
|
||||
*out1 = bio1;
|
||||
*out2 = bio2;
|
||||
bio1->peer = bio2;
|
||||
bio1->size = writebuf1;
|
||||
bio2->peer = bio1;
|
||||
bio2->size = writebuf2;
|
||||
return 1;
|
||||
|
||||
err:
|
||||
if (bio1)
|
||||
{
|
||||
BIO_free(bio1);
|
||||
*out1 = NULL;
|
||||
}
|
||||
if (bio2)
|
||||
{
|
||||
BIO_free(bio2);
|
||||
*out2 = NULL;
|
||||
}
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get the memory BIO method function
|
||||
*/
|
||||
void *BIO_s_mem(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int BIO_method_type(const BIO *b)
|
||||
{
|
||||
SSL_ASSERT1(b);
|
||||
return b->type;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load data into BIO.
|
||||
*
|
||||
*/
|
||||
int BIO_write(BIO *b, const void * data, int dlen)
|
||||
{
|
||||
SSL_ASSERT1(b);
|
||||
int remaining = b->size - b->offset;
|
||||
if (remaining <= 0) {
|
||||
b->flags |= BIO_FLAGS_WRITE;
|
||||
return -1;
|
||||
}
|
||||
int len_to_write = dlen > remaining?remaining:dlen;
|
||||
memcpy(b->data + b->offset, data, len_to_write);
|
||||
b->offset += len_to_write;
|
||||
b->dlen = b->offset;
|
||||
if (len_to_write == dlen) {
|
||||
b->flags &= ~BIO_FLAGS_WRITE;
|
||||
}
|
||||
return len_to_write;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Read from BIO.
|
||||
*
|
||||
*/
|
||||
int BIO_read(BIO *bio, void *data, int len)
|
||||
{
|
||||
SSL_ASSERT1(bio);
|
||||
BIO *peer = bio->peer;
|
||||
int remaining = peer->dlen - peer->roffset;
|
||||
if (remaining <= 0) {
|
||||
bio->flags |= BIO_FLAGS_READ;
|
||||
return -1;
|
||||
}
|
||||
int len_to_read = remaining > len ? len : remaining;
|
||||
memcpy(data, peer->data + peer->roffset, len_to_read);
|
||||
peer->roffset += len_to_read;
|
||||
if (len_to_read == len) {
|
||||
bio->flags &= ~BIO_FLAGS_READ;
|
||||
}
|
||||
if (peer->offset) {
|
||||
// shift data back to the beginning of the buffer
|
||||
memmove(peer->data, peer->data+peer->roffset, peer->offset - peer->roffset);
|
||||
peer->offset -= peer->roffset;
|
||||
peer->roffset = 0;
|
||||
peer->dlen = peer->offset;
|
||||
}
|
||||
return len_to_read;
|
||||
}
|
||||
|
||||
size_t BIO_wpending(const BIO *bio)
|
||||
{
|
||||
return bio->dlen - bio->roffset;
|
||||
}
|
||||
|
||||
size_t BIO_ctrl_pending(const BIO *bio)
|
||||
{
|
||||
return bio->peer->dlen - bio->peer->roffset;
|
||||
}
|
||||
|
||||
size_t BIO_ctrl_get_write_guarantee(BIO *b)
|
||||
{
|
||||
return (long)b->size - b->dlen;
|
||||
}
|
||||
|
||||
int BIO_test_flags(const BIO *b, int flags)
|
||||
{
|
||||
return (b->flags & flags);
|
||||
}
|
@ -1,87 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_cert.h"
|
||||
#include "ssl_pkey.h"
|
||||
#include "ssl_x509.h"
|
||||
#include "ssl_dbg.h"
|
||||
#include "ssl_port.h"
|
||||
|
||||
/**
|
||||
* @brief create a certification object according to input certification
|
||||
*/
|
||||
CERT *__ssl_cert_new(CERT *ic)
|
||||
{
|
||||
CERT *cert;
|
||||
|
||||
X509 *ix;
|
||||
EVP_PKEY *ipk;
|
||||
|
||||
cert = ssl_mem_zalloc(sizeof(CERT));
|
||||
if (!cert) {
|
||||
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
|
||||
goto no_mem;
|
||||
}
|
||||
|
||||
if (ic) {
|
||||
ipk = ic->pkey;
|
||||
ix = ic->x509;
|
||||
} else {
|
||||
ipk = NULL;
|
||||
ix = NULL;
|
||||
}
|
||||
|
||||
cert->pkey = __EVP_PKEY_new(ipk);
|
||||
if (!cert->pkey) {
|
||||
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
|
||||
goto pkey_err;
|
||||
}
|
||||
|
||||
cert->x509 = __X509_new(ix);
|
||||
if (!cert->x509) {
|
||||
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
|
||||
goto x509_err;
|
||||
}
|
||||
|
||||
return cert;
|
||||
|
||||
x509_err:
|
||||
EVP_PKEY_free(cert->pkey);
|
||||
pkey_err:
|
||||
ssl_mem_free(cert);
|
||||
no_mem:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a certification object include private key object
|
||||
*/
|
||||
CERT *ssl_cert_new(void)
|
||||
{
|
||||
return __ssl_cert_new(NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free a certification object
|
||||
*/
|
||||
void ssl_cert_free(CERT *cert)
|
||||
{
|
||||
SSL_ASSERT3(cert);
|
||||
|
||||
X509_free(cert->x509);
|
||||
|
||||
EVP_PKEY_free(cert->pkey);
|
||||
|
||||
ssl_mem_free(cert);
|
||||
}
|
@ -1,120 +0,0 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_dbg.h"
|
||||
|
||||
struct err_error_st {
|
||||
/* file contains the filename where the error occurred. */
|
||||
const char *file;
|
||||
/* packed contains the error library and reason, as packed by ERR_PACK. */
|
||||
uint32_t packed;
|
||||
/* line contains the line number where the error occurred. */
|
||||
uint32_t line;
|
||||
};
|
||||
|
||||
#define ERR_NUM_ERRORS 4
|
||||
|
||||
typedef struct err_state_st {
|
||||
/* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
|
||||
* buffer. */
|
||||
struct err_error_st errors[ERR_NUM_ERRORS];
|
||||
/* top contains the index one past the most recent error. If |top| equals
|
||||
* |bottom| then the queue is empty. */
|
||||
unsigned top;
|
||||
/* bottom contains the index of the last error in the queue. */
|
||||
unsigned bottom;
|
||||
} ERR_STATE;
|
||||
|
||||
#if CONFIG_OPENSSL_ERROR_STACK
|
||||
static ERR_STATE s_err_state = { 0 };
|
||||
#endif
|
||||
|
||||
void ERR_clear_error(void)
|
||||
{
|
||||
#if CONFIG_OPENSSL_ERROR_STACK
|
||||
memset(&s_err_state.errors[0], 0, sizeof(struct err_state_st));
|
||||
s_err_state.top = s_err_state.bottom = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static uint32_t ERR_get_peek_error_internal(const char **file, int *line, bool peak)
|
||||
{
|
||||
#if CONFIG_OPENSSL_ERROR_STACK
|
||||
if (s_err_state.top == s_err_state.bottom) {
|
||||
return 0;
|
||||
}
|
||||
unsigned new_bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
|
||||
int err = s_err_state.errors[new_bottom].packed;
|
||||
|
||||
if (file) {
|
||||
*file = s_err_state.errors[new_bottom].file;
|
||||
}
|
||||
if (line) {
|
||||
*line = s_err_state.errors[new_bottom].line;
|
||||
}
|
||||
|
||||
if (peak == false) {
|
||||
memset(&s_err_state.errors[new_bottom], 0, sizeof(struct err_error_st));
|
||||
s_err_state.bottom = new_bottom;
|
||||
}
|
||||
|
||||
return err;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
uint32_t ERR_get_error(void)
|
||||
{
|
||||
return ERR_get_peek_error_internal(NULL, NULL, false);
|
||||
}
|
||||
|
||||
uint32_t ERR_peek_error(void)
|
||||
{
|
||||
return ERR_get_peek_error_internal(NULL, NULL, true);
|
||||
}
|
||||
|
||||
uint32_t ERR_peek_last_error(void)
|
||||
{
|
||||
return ERR_get_peek_error_internal(NULL, NULL, true);
|
||||
}
|
||||
|
||||
uint32_t ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags)
|
||||
{
|
||||
return ERR_get_peek_error_internal(file, line, true);
|
||||
}
|
||||
|
||||
uint32_t ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags)
|
||||
{
|
||||
return ERR_get_peek_error_internal(file, line, false);
|
||||
}
|
||||
|
||||
const char *ERR_reason_error_string(uint32_t packed_error)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line)
|
||||
{
|
||||
#if CONFIG_OPENSSL_ERROR_STACK
|
||||
s_err_state.top = (s_err_state.top + 1) % ERR_NUM_ERRORS;
|
||||
if (s_err_state.top == s_err_state.bottom) {
|
||||
s_err_state.bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
|
||||
}
|
||||
|
||||
s_err_state.errors[s_err_state.top].packed = (uint32_t)library<<24 | abs(reason);
|
||||
s_err_state.errors[s_err_state.top].file = file;
|
||||
s_err_state.errors[s_err_state.top].line = line;
|
||||
#endif
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -1,111 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_methods.h"
|
||||
#include "ssl_pm.h"
|
||||
|
||||
/**
|
||||
* TLS method function collection
|
||||
*/
|
||||
IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
|
||||
ssl_pm_new, ssl_pm_free,
|
||||
ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
|
||||
ssl_pm_read, ssl_pm_send, ssl_pm_pending,
|
||||
ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
|
||||
ssl_pm_set_bufflen,
|
||||
ssl_pm_get_verify_result,
|
||||
ssl_pm_get_state);
|
||||
|
||||
/**
|
||||
* TLS or SSL client method collection
|
||||
*/
|
||||
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
|
||||
|
||||
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
|
||||
|
||||
/**
|
||||
* TLS or SSL server method collection
|
||||
*/
|
||||
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 1, TLS_method_func, TLSv1_server_method);
|
||||
|
||||
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
|
||||
|
||||
/**
|
||||
* TLS or SSL method collection
|
||||
*/
|
||||
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
|
||||
|
||||
IMPLEMENT_TLS_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
|
||||
|
||||
IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
|
||||
|
||||
/**
|
||||
* @brief get X509 object method
|
||||
*/
|
||||
IMPLEMENT_X509_METHOD(X509_method,
|
||||
x509_pm_new, x509_pm_free,
|
||||
x509_pm_load, x509_pm_show_info);
|
||||
|
||||
/**
|
||||
* @brief get private key object method
|
||||
*/
|
||||
IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
|
||||
pkey_pm_new, pkey_pm_free,
|
||||
pkey_pm_load);
|
||||
|
||||
/**
|
||||
* @brief Generic SSL/TLS methods
|
||||
*/
|
||||
const SSL_METHOD *SSLv23_method(void)
|
||||
{
|
||||
return TLS_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv23_server_method(void)
|
||||
{
|
||||
return TLS_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv23_client_method(void)
|
||||
{
|
||||
return TLS_client_method();
|
||||
}
|
||||
|
||||
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
|
||||
{
|
||||
ctx->min_version = version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
|
||||
{
|
||||
ctx->max_version = version;
|
||||
return 1;
|
||||
}
|
@ -1,311 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_pkey.h"
|
||||
#include "ssl_methods.h"
|
||||
#include "ssl_dbg.h"
|
||||
#include "ssl_port.h"
|
||||
#include "openssl/bio.h"
|
||||
|
||||
/**
|
||||
* @brief create a private key object according to input private key
|
||||
*/
|
||||
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
|
||||
{
|
||||
int ret;
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
|
||||
if (!pkey) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
|
||||
goto no_mem;
|
||||
}
|
||||
|
||||
pkey->ref_counter = 1;
|
||||
|
||||
if (ipk) {
|
||||
pkey->method = ipk->method;
|
||||
} else {
|
||||
pkey->method = EVP_PKEY_method();
|
||||
}
|
||||
|
||||
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return pkey;
|
||||
|
||||
failed:
|
||||
ssl_mem_free(pkey);
|
||||
no_mem:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a private key object
|
||||
*/
|
||||
EVP_PKEY* EVP_PKEY_new(void)
|
||||
{
|
||||
return __EVP_PKEY_new(NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free a private key object
|
||||
*/
|
||||
void EVP_PKEY_free(EVP_PKEY *pkey)
|
||||
{
|
||||
SSL_ASSERT3(pkey);
|
||||
|
||||
if (--pkey->ref_counter > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
EVP_PKEY_METHOD_CALL(free, pkey);
|
||||
|
||||
ssl_mem_free(pkey);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load a character key context into system context. If '*a' is pointed to the
|
||||
* private key, then load key into it. Or create a new private key object
|
||||
*/
|
||||
EVP_PKEY *d2i_PrivateKey(int type,
|
||||
EVP_PKEY **a,
|
||||
const unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
int m = 0;
|
||||
int ret;
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
SSL_ASSERT2(pp);
|
||||
SSL_ASSERT2(*pp);
|
||||
SSL_ASSERT2(length);
|
||||
|
||||
if (a && *a) {
|
||||
pkey = *a;
|
||||
} else {
|
||||
pkey = EVP_PKEY_new();;
|
||||
if (!pkey) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
m = 1;
|
||||
}
|
||||
|
||||
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
if (a)
|
||||
*a = pkey;
|
||||
|
||||
return pkey;
|
||||
|
||||
failed2:
|
||||
if (m)
|
||||
EVP_PKEY_free(pkey);
|
||||
failed1:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
|
||||
{
|
||||
return d2i_PrivateKey(0, a, (const unsigned char **)&bp->data, bp->dlen);
|
||||
}
|
||||
|
||||
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **a)
|
||||
{
|
||||
return d2i_PrivateKey_bio(bp, (EVP_PKEY**)a);
|
||||
}
|
||||
|
||||
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
|
||||
{
|
||||
return PEM_read_bio_PrivateKey(bp, (EVP_PKEY**)x, cb, u);
|
||||
}
|
||||
|
||||
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **pk, pem_password_cb *cb, void *u)
|
||||
{
|
||||
|
||||
int m = 0;
|
||||
int ret;
|
||||
EVP_PKEY *x;
|
||||
|
||||
SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
|
||||
if (bp->data == NULL || bp->dlen == 0) {
|
||||
return NULL;
|
||||
}
|
||||
if (pk && *pk) {
|
||||
x = *pk;
|
||||
} else {
|
||||
x = EVP_PKEY_new();
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
|
||||
goto failed;
|
||||
}
|
||||
m = 1;
|
||||
}
|
||||
|
||||
ret = EVP_PKEY_METHOD_CALL(load, x, bp->data, bp->dlen);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
// If buffer successfully created a EVP_PKEY from the bio, mark the buffer as consumed
|
||||
bp->data = NULL;
|
||||
bp->dlen = 0;
|
||||
return x;
|
||||
|
||||
failed:
|
||||
if (m) {
|
||||
EVP_PKEY_free(x);
|
||||
}
|
||||
|
||||
return NULL;}
|
||||
/**
|
||||
* @brief set the SSL context private key
|
||||
*/
|
||||
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
|
||||
{
|
||||
SSL_ASSERT1(ctx);
|
||||
SSL_ASSERT1(pkey);
|
||||
|
||||
if (ctx->cert->pkey == pkey)
|
||||
return 1;
|
||||
|
||||
if (ctx->cert->pkey)
|
||||
EVP_PKEY_free(ctx->cert->pkey);
|
||||
|
||||
pkey->ref_counter++;
|
||||
ctx->cert->pkey = pkey;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set the SSL private key
|
||||
*/
|
||||
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
|
||||
{
|
||||
SSL_ASSERT1(ssl);
|
||||
SSL_ASSERT1(pkey);
|
||||
|
||||
if (ssl->cert->pkey == pkey)
|
||||
return 1;
|
||||
|
||||
if (ssl->cert->pkey)
|
||||
EVP_PKEY_free(ssl->cert->pkey);
|
||||
|
||||
ssl->cert->pkey = pkey;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load private key into the SSL context
|
||||
*/
|
||||
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
|
||||
const unsigned char *d, long len)
|
||||
{
|
||||
int ret;
|
||||
EVP_PKEY *pk;
|
||||
|
||||
pk = d2i_PrivateKey(0, NULL, &d, len);
|
||||
if (!pk) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
ret = SSL_CTX_use_PrivateKey(ctx, pk);
|
||||
if (!ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
failed2:
|
||||
EVP_PKEY_free(pk);
|
||||
failed1:
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load private key into the SSL
|
||||
*/
|
||||
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
|
||||
const unsigned char *d, long len)
|
||||
{
|
||||
int ret;
|
||||
EVP_PKEY *pk;
|
||||
|
||||
pk = d2i_PrivateKey(0, NULL, &d, len);
|
||||
if (!pk) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
ret = SSL_use_PrivateKey(ssl, pk);
|
||||
if (!ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
failed2:
|
||||
EVP_PKEY_free(pk);
|
||||
failed1:
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define ESP_OPENSSL_FILES_IS_SUPPORTED 0
|
||||
/**
|
||||
* @brief load the private key file into SSL context
|
||||
*/
|
||||
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
|
||||
{
|
||||
// Using file name as private key is discouraged
|
||||
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load the private key file into SSL
|
||||
*/
|
||||
int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
|
||||
{
|
||||
// Using file name as private key is discouraged
|
||||
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load the RSA ASN1 private key into SSL context
|
||||
*/
|
||||
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
|
||||
{
|
||||
return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
|
||||
}
|
||||
|
||||
void RSA_free (RSA *r)
|
||||
{
|
||||
EVP_PKEY_free(r);
|
||||
}
|
@ -1,97 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_stack.h"
|
||||
#include "ssl_dbg.h"
|
||||
#include "ssl_port.h"
|
||||
|
||||
#ifndef CONFIG_MIN_NODES
|
||||
#define MIN_NODES 4
|
||||
#else
|
||||
#define MIN_NODES CONFIG_MIN_NODES
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief create a openssl stack object
|
||||
*/
|
||||
typedef struct stack_st_tag {
|
||||
size_t num;
|
||||
void **data;
|
||||
} _STACK;
|
||||
|
||||
|
||||
GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i)
|
||||
{
|
||||
if (!sk || i >= ((_STACK*)sk)->num) {
|
||||
return NULL;
|
||||
}
|
||||
return ((_STACK*)sk)->data[i];
|
||||
}
|
||||
|
||||
|
||||
size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk)
|
||||
{
|
||||
if (sk == NULL) {
|
||||
return 0;
|
||||
}
|
||||
return ((_STACK*)sk)->num;
|
||||
}
|
||||
|
||||
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
|
||||
{
|
||||
OPENSSL_STACK *stack;
|
||||
char **data;
|
||||
|
||||
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
|
||||
if (!stack) {
|
||||
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
|
||||
goto no_mem1;
|
||||
}
|
||||
|
||||
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
|
||||
if (!data) {
|
||||
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
|
||||
goto no_mem2;
|
||||
}
|
||||
|
||||
stack->data = data;
|
||||
stack->num_alloc = MIN_NODES;
|
||||
stack->c = c;
|
||||
|
||||
return stack;
|
||||
|
||||
no_mem2:
|
||||
ssl_mem_free(stack);
|
||||
no_mem1:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a NULL function openssl stack object
|
||||
*/
|
||||
OPENSSL_STACK *OPENSSL_sk_new_null(void)
|
||||
{
|
||||
return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free openssl stack object
|
||||
*/
|
||||
void OPENSSL_sk_free(OPENSSL_STACK *stack)
|
||||
{
|
||||
SSL_ASSERT3(stack);
|
||||
|
||||
ssl_mem_free(stack->data);
|
||||
ssl_mem_free(stack);
|
||||
}
|
@ -1,401 +0,0 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
#include "ssl_x509.h"
|
||||
#include "ssl_methods.h"
|
||||
#include "ssl_dbg.h"
|
||||
#include "ssl_port.h"
|
||||
#include "bio.h"
|
||||
|
||||
/**
|
||||
* @brief show X509 certification information
|
||||
*/
|
||||
int __X509_show_info(X509 *x)
|
||||
{
|
||||
return X509_METHOD_CALL(show_info, x);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a X509 certification object according to input X509 certification
|
||||
*/
|
||||
X509* __X509_new(X509 *ix)
|
||||
{
|
||||
int ret;
|
||||
X509 *x;
|
||||
|
||||
x = ssl_mem_zalloc(sizeof(X509));
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
|
||||
goto no_mem;
|
||||
}
|
||||
|
||||
x->ref_counter = 1;
|
||||
|
||||
if (ix && ix->method)
|
||||
x->method = ix->method;
|
||||
else
|
||||
x->method = X509_method();
|
||||
|
||||
ret = X509_METHOD_CALL(new, x, ix);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return x;
|
||||
|
||||
failed:
|
||||
ssl_mem_free(x);
|
||||
no_mem:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief create a X509 certification object
|
||||
*/
|
||||
X509* X509_new(void)
|
||||
{
|
||||
return __X509_new(NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free a X509 certification object
|
||||
*/
|
||||
void X509_free(X509 *x)
|
||||
{
|
||||
SSL_ASSERT3(x);
|
||||
|
||||
if (--x->ref_counter > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
X509_METHOD_CALL(free, x);
|
||||
|
||||
ssl_mem_free(x);
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief load a character certification context into system context. If '*cert' is pointed to the
|
||||
* certification, then load certification into it. Or create a new X509 certification object
|
||||
*/
|
||||
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
|
||||
{
|
||||
int m = 0;
|
||||
int ret;
|
||||
X509 *x;
|
||||
|
||||
SSL_ASSERT2(buffer);
|
||||
SSL_ASSERT2(len);
|
||||
|
||||
if (cert && *cert) {
|
||||
x = *cert;
|
||||
} else {
|
||||
x = X509_new();
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
m = 1;
|
||||
}
|
||||
|
||||
ret = X509_METHOD_CALL(load, x, buffer, len);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
return x;
|
||||
|
||||
failed2:
|
||||
if (m)
|
||||
X509_free(x);
|
||||
failed1:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief return SSL X509 verify parameters
|
||||
*/
|
||||
|
||||
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
|
||||
{
|
||||
return &ssl->param;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set X509 host verification flags
|
||||
*/
|
||||
|
||||
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
||||
unsigned long flags)
|
||||
{
|
||||
/* flags not supported yet */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief clear X509 host verification flags
|
||||
*/
|
||||
|
||||
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
|
||||
unsigned long flags)
|
||||
{
|
||||
/* flags not supported yet */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set SSL context client CA certification
|
||||
*/
|
||||
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
|
||||
{
|
||||
SSL_ASSERT1(ctx);
|
||||
SSL_ASSERT1(x);
|
||||
|
||||
if (ctx->client_CA == x)
|
||||
return 1;
|
||||
|
||||
X509_free(ctx->client_CA);
|
||||
|
||||
ctx->client_CA = x;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief add CA client certification into the SSL
|
||||
*/
|
||||
int SSL_add_client_CA(SSL *ssl, X509 *x)
|
||||
{
|
||||
SSL_ASSERT1(ssl);
|
||||
SSL_ASSERT1(x);
|
||||
|
||||
if (ssl->client_CA == x)
|
||||
return 1;
|
||||
|
||||
X509_free(ssl->client_CA);
|
||||
|
||||
ssl->client_CA = x;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set the SSL context certification
|
||||
*/
|
||||
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
|
||||
{
|
||||
SSL_ASSERT1(ctx);
|
||||
SSL_ASSERT1(x);
|
||||
|
||||
if (ctx->cert->x509 == x)
|
||||
return 1;
|
||||
|
||||
X509_free(ctx->cert->x509);
|
||||
|
||||
ctx->cert->x509 = x;
|
||||
x->ref_counter++;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set the SSL certification
|
||||
*/
|
||||
int SSL_use_certificate(SSL *ssl, X509 *x)
|
||||
{
|
||||
SSL_ASSERT1(ssl);
|
||||
SSL_ASSERT1(x);
|
||||
|
||||
if (ssl->cert->x509 == x)
|
||||
return 1;
|
||||
|
||||
X509_free(ssl->cert->x509);
|
||||
|
||||
ssl->cert->x509 = x;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x)
|
||||
{
|
||||
return SSL_CTX_use_certificate(ctx, x);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get the SSL certification point
|
||||
*/
|
||||
X509 *SSL_get_certificate(const SSL *ssl)
|
||||
{
|
||||
SSL_ASSERT2(ssl);
|
||||
|
||||
return ssl->cert->x509;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load certification into the SSL context
|
||||
*/
|
||||
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
|
||||
const unsigned char *d)
|
||||
{
|
||||
int ret;
|
||||
X509 *x;
|
||||
|
||||
x = d2i_X509(NULL, d, len);
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
ret = SSL_CTX_use_certificate(ctx, x); // This uses the "x" so increments ref_count
|
||||
if (!ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
X509_free(x); // decrements ref_count, so in case of happy flow doesn't free the "x"
|
||||
return 1;
|
||||
|
||||
failed2:
|
||||
X509_free(x);
|
||||
failed1:
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load certification into the SSL
|
||||
*/
|
||||
int SSL_use_certificate_ASN1(SSL *ssl, int len,
|
||||
const unsigned char *d)
|
||||
{
|
||||
int ret;
|
||||
X509 *x;
|
||||
|
||||
x = d2i_X509(NULL, d, len);
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
ret = SSL_use_certificate(ssl, x);
|
||||
if (!ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
|
||||
goto failed2;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
failed2:
|
||||
X509_free(x);
|
||||
failed1:
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load the certification file into SSL context
|
||||
*/
|
||||
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load the certification file into SSL
|
||||
*/
|
||||
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get peer certification
|
||||
*/
|
||||
X509 *SSL_get_peer_certificate(const SSL *ssl)
|
||||
{
|
||||
SSL_ASSERT2(ssl);
|
||||
|
||||
return ssl->session->peer;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set SSL context client CA certification
|
||||
*/
|
||||
int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
|
||||
|
||||
x->ref_counter++;
|
||||
|
||||
SSL_CTX *ctx = (SSL_CTX *)store;
|
||||
SSL_ASSERT1(ctx);
|
||||
SSL_ASSERT1(x);
|
||||
|
||||
if (ctx->client_CA == x) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ctx->client_CA!=NULL) {
|
||||
X509_free(ctx->client_CA);
|
||||
}
|
||||
|
||||
ctx->client_CA = x;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief load a character certification context into system context.
|
||||
*
|
||||
* If '*cert' is pointed to the certification, then load certification
|
||||
* into it, or create a new X509 certification object.
|
||||
*/
|
||||
X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, pem_password_cb cb, void *u) {
|
||||
int m = 0;
|
||||
int ret;
|
||||
X509 *x;
|
||||
|
||||
SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
|
||||
if (bp->data == NULL || bp->dlen == 0) {
|
||||
return NULL;
|
||||
}
|
||||
if (cert && *cert) {
|
||||
x = *cert;
|
||||
} else {
|
||||
x = X509_new();
|
||||
if (!x) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
|
||||
goto failed;
|
||||
}
|
||||
m = 1;
|
||||
}
|
||||
|
||||
ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
// If buffer successfully created a X509 from the bio, mark the buffer as consumed
|
||||
bp->data = NULL;
|
||||
bp->dlen = 0;
|
||||
return x;
|
||||
|
||||
failed:
|
||||
if (m) {
|
||||
X509_free(x);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u)
|
||||
{
|
||||
return PEM_read_bio_X509(bp, cert, cb, u);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get the SSL context object X509 certification storage
|
||||
*/
|
||||
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
|
||||
return (X509_STORE *)ctx;
|
||||
}
|
@ -1,788 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_pm.h"
|
||||
#include "ssl_port.h"
|
||||
#include "ssl_dbg.h"
|
||||
|
||||
/* mbedtls include */
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/certs.h"
|
||||
#include "openssl/bio.h"
|
||||
#include "openssl/err.h"
|
||||
|
||||
#define X509_INFO_STRING_LENGTH 8192
|
||||
|
||||
struct ssl_pm
|
||||
{
|
||||
/* local socket file description */
|
||||
mbedtls_net_context fd;
|
||||
/* remote client socket file description */
|
||||
mbedtls_net_context cl_fd;
|
||||
|
||||
mbedtls_ssl_config conf;
|
||||
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
|
||||
mbedtls_ssl_context ssl;
|
||||
|
||||
mbedtls_entropy_context entropy;
|
||||
};
|
||||
|
||||
struct x509_pm
|
||||
{
|
||||
mbedtls_x509_crt *x509_crt;
|
||||
|
||||
mbedtls_x509_crt *ex_crt;
|
||||
};
|
||||
|
||||
struct pkey_pm
|
||||
{
|
||||
mbedtls_pk_context *pkey;
|
||||
|
||||
mbedtls_pk_context *ex_pkey;
|
||||
};
|
||||
|
||||
unsigned int max_content_len;
|
||||
|
||||
/*********************************************************************************************/
|
||||
/************************************ SSL arch interface *************************************/
|
||||
|
||||
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
|
||||
|
||||
/* mbedtls debug level */
|
||||
#define MBEDTLS_DEBUG_LEVEL 4
|
||||
|
||||
/**
|
||||
* @brief mbedtls debug function
|
||||
*/
|
||||
static void ssl_platform_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
/* Shorten 'file' from the whole file path to just the filename
|
||||
|
||||
This is a bit wasteful because the macros are compiled in with
|
||||
the full _FILE_ path in each case.
|
||||
*/
|
||||
char *file_sep = rindex(file, '/');
|
||||
if(file_sep)
|
||||
file = file_sep + 1;
|
||||
|
||||
SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
|
||||
}
|
||||
#endif
|
||||
|
||||
static int mbedtls_bio_send(void *ctx, const unsigned char *buf, size_t len )
|
||||
{
|
||||
BIO *bio = ctx;
|
||||
int written = BIO_write(bio, buf, len);
|
||||
if (written <= 0 && BIO_should_write(bio)) {
|
||||
return MBEDTLS_ERR_SSL_WANT_WRITE;
|
||||
}
|
||||
return written;
|
||||
}
|
||||
|
||||
static int mbedtls_bio_recv(void *ctx, unsigned char *buf, size_t len )
|
||||
{
|
||||
BIO *bio = ctx;
|
||||
int read = BIO_read(bio, buf, len);
|
||||
if (read <= 0 && BIO_should_read(bio)) {
|
||||
return MBEDTLS_ERR_SSL_WANT_READ;
|
||||
}
|
||||
return read;
|
||||
}
|
||||
|
||||
static int ssl_pm_reload_crt(SSL *ssl);
|
||||
|
||||
static int get_mbedtls_minor_ssl_version(int openssl_version_nr)
|
||||
{
|
||||
if (TLS1_2_VERSION == openssl_version_nr)
|
||||
return MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
if (TLS1_1_VERSION ==openssl_version_nr)
|
||||
return MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
if (TLS1_VERSION == openssl_version_nr)
|
||||
return MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
// SSLv3.0 otherwise
|
||||
return MBEDTLS_SSL_MINOR_VERSION_0;
|
||||
}
|
||||
/**
|
||||
* @brief create SSL low-level object
|
||||
*/
|
||||
int ssl_pm_new(SSL *ssl)
|
||||
{
|
||||
struct ssl_pm *ssl_pm;
|
||||
int ret;
|
||||
|
||||
const unsigned char pers[] = "OpenSSL PM";
|
||||
size_t pers_len = sizeof(pers);
|
||||
|
||||
int endpoint;
|
||||
|
||||
const SSL_METHOD *method = ssl->method;
|
||||
|
||||
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
|
||||
if (!ssl_pm) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto no_mem;
|
||||
}
|
||||
|
||||
max_content_len = ssl->ctx->read_buffer_len;
|
||||
|
||||
mbedtls_net_init(&ssl_pm->fd);
|
||||
mbedtls_net_init(&ssl_pm->cl_fd);
|
||||
|
||||
mbedtls_ssl_config_init(&ssl_pm->conf);
|
||||
mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg);
|
||||
mbedtls_entropy_init(&ssl_pm->entropy);
|
||||
mbedtls_ssl_init(&ssl_pm->ssl);
|
||||
|
||||
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_RAND, ret);
|
||||
goto mbedtls_err1;
|
||||
}
|
||||
|
||||
if (method->endpoint) {
|
||||
endpoint = MBEDTLS_SSL_IS_SERVER;
|
||||
} else {
|
||||
endpoint = MBEDTLS_SSL_IS_CLIENT;
|
||||
}
|
||||
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
|
||||
goto mbedtls_err2;
|
||||
}
|
||||
|
||||
if (TLS_ANY_VERSION != ssl->version) {
|
||||
int min_version = ssl->ctx->min_version ? ssl->ctx->min_version : ssl->version;
|
||||
int max_version = ssl->ctx->max_version ? ssl->ctx->max_version : ssl->version;
|
||||
|
||||
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(max_version));
|
||||
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(min_version));
|
||||
} else {
|
||||
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
|
||||
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
|
||||
}
|
||||
|
||||
if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) {
|
||||
#ifdef MBEDTLS_SSL_ALPN
|
||||
mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list );
|
||||
#else
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "CONFIG_MBEDTLS_SSL_ALPN must be enabled to use ALPN", -1);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_FATAL);
|
||||
#endif // MBEDTLS_SSL_ALPN
|
||||
}
|
||||
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
|
||||
|
||||
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
|
||||
mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
|
||||
mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
|
||||
#else
|
||||
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
|
||||
#endif
|
||||
|
||||
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
|
||||
goto mbedtls_err2;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
ssl->ssl_pm = ssl_pm;
|
||||
ret = ssl_pm_reload_crt(ssl);
|
||||
if (ret)
|
||||
return 0;
|
||||
|
||||
return 0;
|
||||
|
||||
mbedtls_err2:
|
||||
mbedtls_ssl_config_free(&ssl_pm->conf);
|
||||
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
|
||||
mbedtls_err1:
|
||||
mbedtls_entropy_free(&ssl_pm->entropy);
|
||||
ssl_mem_free(ssl_pm);
|
||||
no_mem:
|
||||
return -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief free SSL low-level object
|
||||
*/
|
||||
void ssl_pm_free(SSL *ssl)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
|
||||
mbedtls_entropy_free(&ssl_pm->entropy);
|
||||
mbedtls_ssl_config_free(&ssl_pm->conf);
|
||||
mbedtls_ssl_free(&ssl_pm->ssl);
|
||||
|
||||
ssl_mem_free(ssl_pm);
|
||||
ssl->ssl_pm = NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief reload SSL low-level certification object
|
||||
*/
|
||||
static int ssl_pm_reload_crt(SSL *ssl)
|
||||
{
|
||||
int ret;
|
||||
int mode = MBEDTLS_SSL_VERIFY_UNSET;
|
||||
struct ssl_pm *ssl_pm = ssl->ssl_pm;
|
||||
struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
|
||||
|
||||
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
|
||||
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
|
||||
|
||||
/* OpenSSL verification modes outline (see `man SSL_set_verify` for more details)
|
||||
*
|
||||
* | openssl mode | Server | Client |
|
||||
* | SSL_VERIFY_NONE | will not send a client certificate request | server certificate which will be checked |
|
||||
* handshake will be continued regardless |
|
||||
* | SSL_VERIFY_PEER | depends on SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if verify fails |
|
||||
* (unless anonymous ciphers--not supported |
|
||||
* | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if | ignored |
|
||||
* client cert verify fails | |
|
||||
*/
|
||||
if (ssl->method->endpoint == MBEDTLS_SSL_IS_SERVER) {
|
||||
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
|
||||
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
|
||||
else if (ssl->verify_mode & SSL_VERIFY_PEER)
|
||||
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
|
||||
else if (ssl->verify_mode == SSL_VERIFY_NONE)
|
||||
mode = MBEDTLS_SSL_VERIFY_NONE;
|
||||
} else if (ssl->method->endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||
if (ssl->verify_mode & SSL_VERIFY_PEER)
|
||||
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
|
||||
else if (ssl->verify_mode == SSL_VERIFY_NONE)
|
||||
mode = MBEDTLS_SSL_VERIFY_NONE;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
|
||||
|
||||
if (ca_pm->x509_crt) {
|
||||
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
|
||||
} else if (ca_pm->ex_crt) {
|
||||
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL);
|
||||
}
|
||||
|
||||
if (crt_pm->x509_crt && pkey_pm->pkey) {
|
||||
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
|
||||
} else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
|
||||
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake.
|
||||
* We can add debug here.
|
||||
*/
|
||||
static int mbedtls_handshake( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||
ret = mbedtls_ssl_handshake_step(ssl);
|
||||
|
||||
SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
|
||||
|
||||
if (ret != 0)
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ssl_pm_handshake(SSL *ssl)
|
||||
{
|
||||
int ret;
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
if (ssl->bio) {
|
||||
// if using BIO, make sure the mode is supported
|
||||
SSL_ASSERT1(ssl->mode & (SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
|
||||
mbedtls_ssl_set_bio(&ssl_pm->ssl, ssl->bio, mbedtls_bio_send, mbedtls_bio_recv, NULL);
|
||||
} else {
|
||||
// defaults to SSL_read/write using a file descriptor -- expects default mode
|
||||
SSL_ASSERT1(ssl->mode == 0);
|
||||
}
|
||||
|
||||
ret = ssl_pm_reload_crt(ssl);
|
||||
if (ret)
|
||||
return 0;
|
||||
|
||||
ssl_speed_up_enter();
|
||||
|
||||
while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
// exit handshake in case of any other error
|
||||
break;
|
||||
} else if (ssl->bio) {
|
||||
// exit even if wanted read/write if BIO used
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
|
||||
ssl->rwstate = SSL_READING;
|
||||
} else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
ssl->rwstate = SSL_WRITING;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
ssl_speed_up_exit();
|
||||
ssl->rwstate = SSL_NOTHING;
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
|
||||
ret = 0;
|
||||
} else {
|
||||
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
|
||||
|
||||
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ssl_pm_shutdown(SSL *ssl)
|
||||
{
|
||||
int ret;
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
|
||||
ret = -1;
|
||||
} else {
|
||||
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
|
||||
|
||||
x509_pm->ex_crt = NULL;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ssl_pm_clear(SSL *ssl)
|
||||
{
|
||||
return ssl_pm_shutdown(ssl);
|
||||
}
|
||||
|
||||
|
||||
int ssl_pm_read(SSL *ssl, void *buffer, int len)
|
||||
{
|
||||
int ret;
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
|
||||
if (ret < 0) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ssl_pm_send(SSL *ssl, const void *buffer, int len)
|
||||
{
|
||||
int ret;
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
|
||||
if (ret < 0) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ssl_pm_pending(const SSL *ssl)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl);
|
||||
}
|
||||
|
||||
void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ssl_pm->fd.fd = fd;
|
||||
}
|
||||
|
||||
void ssl_pm_set_hostname(SSL *ssl, const char *hostname)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname);
|
||||
}
|
||||
|
||||
int ssl_pm_get_fd(const SSL *ssl, int mode)
|
||||
{
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
return ssl_pm->fd.fd;
|
||||
}
|
||||
|
||||
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
|
||||
{
|
||||
OSSL_HANDSHAKE_STATE state;
|
||||
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
switch (ssl_pm->ssl.state)
|
||||
{
|
||||
case MBEDTLS_SSL_CLIENT_HELLO:
|
||||
state = TLS_ST_CW_CLNT_HELLO;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_HELLO:
|
||||
state = TLS_ST_SW_SRVR_HELLO;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_CERTIFICATE:
|
||||
state = TLS_ST_SW_CERT;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_HELLO_DONE:
|
||||
state = TLS_ST_SW_SRVR_DONE;
|
||||
break;
|
||||
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
|
||||
state = TLS_ST_CW_KEY_EXCH;
|
||||
break;
|
||||
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
|
||||
state = TLS_ST_CW_CHANGE;
|
||||
break;
|
||||
case MBEDTLS_SSL_CLIENT_FINISHED:
|
||||
state = TLS_ST_CW_FINISHED;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
|
||||
state = TLS_ST_SW_CHANGE;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_FINISHED:
|
||||
state = TLS_ST_SW_FINISHED;
|
||||
break;
|
||||
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
|
||||
state = TLS_ST_CW_CERT;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
|
||||
state = TLS_ST_SR_KEY_EXCH;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
|
||||
state = TLS_ST_SW_SESSION_TICKET;
|
||||
break;
|
||||
case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
|
||||
state = TLS_ST_SW_CERT_REQ;
|
||||
break;
|
||||
case MBEDTLS_SSL_HANDSHAKE_OVER:
|
||||
state = TLS_ST_OK;
|
||||
break;
|
||||
default :
|
||||
state = TLS_ST_BEFORE;
|
||||
break;
|
||||
}
|
||||
|
||||
return state;
|
||||
}
|
||||
|
||||
int x509_pm_show_info(X509 *x)
|
||||
{
|
||||
int ret;
|
||||
char *buf;
|
||||
mbedtls_x509_crt *x509_crt;
|
||||
struct x509_pm *x509_pm = x->x509_pm;
|
||||
|
||||
if (x509_pm->x509_crt)
|
||||
x509_crt = x509_pm->x509_crt;
|
||||
else if (x509_pm->ex_crt)
|
||||
x509_crt = x509_pm->ex_crt;
|
||||
else
|
||||
x509_crt = NULL;
|
||||
|
||||
if (!x509_crt)
|
||||
return -1;
|
||||
|
||||
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
|
||||
if (!buf) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto no_mem;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
|
||||
if (ret <= 0) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
|
||||
goto mbedtls_err1;
|
||||
}
|
||||
|
||||
buf[ret] = 0;
|
||||
|
||||
ssl_mem_free(buf);
|
||||
|
||||
SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
|
||||
|
||||
return 0;
|
||||
|
||||
mbedtls_err1:
|
||||
ssl_mem_free(buf);
|
||||
no_mem:
|
||||
return -1;
|
||||
}
|
||||
|
||||
int x509_pm_new(X509 *x, X509 *m_x)
|
||||
{
|
||||
struct x509_pm *x509_pm;
|
||||
|
||||
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
|
||||
if (!x509_pm) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto failed1;
|
||||
}
|
||||
|
||||
x->x509_pm = x509_pm;
|
||||
|
||||
if (m_x) {
|
||||
struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm;
|
||||
|
||||
x509_pm->ex_crt = m_x509_pm->x509_crt;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
failed1:
|
||||
return -1;
|
||||
}
|
||||
|
||||
void x509_pm_free(X509 *x)
|
||||
{
|
||||
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
|
||||
|
||||
if (x509_pm->x509_crt) {
|
||||
mbedtls_x509_crt_free(x509_pm->x509_crt);
|
||||
|
||||
ssl_mem_free(x509_pm->x509_crt);
|
||||
x509_pm->x509_crt = NULL;
|
||||
}
|
||||
|
||||
ssl_mem_free(x->x509_pm);
|
||||
x->x509_pm = NULL;
|
||||
}
|
||||
|
||||
int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
|
||||
{
|
||||
int ret;
|
||||
unsigned char *load_buf;
|
||||
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
|
||||
|
||||
if (x509_pm->x509_crt)
|
||||
mbedtls_x509_crt_free(x509_pm->x509_crt);
|
||||
|
||||
if (!x509_pm->x509_crt) {
|
||||
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
|
||||
if (!x509_pm->x509_crt) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto no_mem;
|
||||
}
|
||||
}
|
||||
|
||||
load_buf = ssl_mem_malloc(len + 1);
|
||||
if (!load_buf) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ssl_memcpy(load_buf, buffer, len);
|
||||
load_buf[len] = '\0';
|
||||
|
||||
mbedtls_x509_crt_init(x509_pm->x509_crt);
|
||||
|
||||
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
|
||||
ssl_mem_free(load_buf);
|
||||
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
mbedtls_x509_crt_free(x509_pm->x509_crt);
|
||||
ssl_mem_free(x509_pm->x509_crt);
|
||||
x509_pm->x509_crt = NULL;
|
||||
no_mem:
|
||||
return -1;
|
||||
}
|
||||
|
||||
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
|
||||
{
|
||||
struct pkey_pm *pkey_pm;
|
||||
|
||||
pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm));
|
||||
if (!pkey_pm)
|
||||
return -1;
|
||||
|
||||
pk->pkey_pm = pkey_pm;
|
||||
|
||||
if (m_pkey) {
|
||||
struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm;
|
||||
|
||||
pkey_pm->ex_pkey = m_pkey_pm->pkey;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void pkey_pm_free(EVP_PKEY *pk)
|
||||
{
|
||||
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
|
||||
|
||||
if (pkey_pm->pkey) {
|
||||
mbedtls_pk_free(pkey_pm->pkey);
|
||||
|
||||
ssl_mem_free(pkey_pm->pkey);
|
||||
pkey_pm->pkey = NULL;
|
||||
}
|
||||
|
||||
ssl_mem_free(pk->pkey_pm);
|
||||
pk->pkey_pm = NULL;
|
||||
}
|
||||
|
||||
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
|
||||
{
|
||||
int ret;
|
||||
unsigned char *load_buf;
|
||||
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
|
||||
|
||||
if (pkey_pm->pkey)
|
||||
mbedtls_pk_free(pkey_pm->pkey);
|
||||
|
||||
if (!pkey_pm->pkey) {
|
||||
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
|
||||
if (!pkey_pm->pkey) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto no_mem;
|
||||
}
|
||||
}
|
||||
|
||||
load_buf = ssl_mem_malloc(len + 1);
|
||||
if (!load_buf) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ssl_memcpy(load_buf, buffer, len);
|
||||
load_buf[len] = '\0';
|
||||
|
||||
mbedtls_pk_init(pkey_pm->pkey);
|
||||
|
||||
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
|
||||
ssl_mem_free(load_buf);
|
||||
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_PKCS8, ret);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
mbedtls_pk_free(pkey_pm->pkey);
|
||||
ssl_mem_free(pkey_pm->pkey);
|
||||
pkey_pm->pkey = NULL;
|
||||
no_mem:
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void ssl_pm_set_bufflen(SSL *ssl, int len)
|
||||
{
|
||||
max_content_len = len;
|
||||
}
|
||||
|
||||
long ssl_pm_get_verify_result(const SSL *ssl)
|
||||
{
|
||||
uint32_t ret;
|
||||
long verify_result;
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
|
||||
ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
|
||||
if (ret) {
|
||||
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return 0x%x", ret);
|
||||
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
|
||||
verify_result = X509_V_ERR_UNSPECIFIED;
|
||||
} else
|
||||
verify_result = X509_V_OK;
|
||||
|
||||
return verify_result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set expected hostname on peer cert CN
|
||||
*/
|
||||
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name, size_t namelen)
|
||||
{
|
||||
SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
char *name_cstr = NULL;
|
||||
|
||||
if (namelen) {
|
||||
name_cstr = malloc(namelen + 1);
|
||||
if (!name_cstr) {
|
||||
return 0;
|
||||
}
|
||||
memcpy(name_cstr, name, namelen);
|
||||
name_cstr[namelen] = '\0';
|
||||
name = name_cstr;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
|
||||
|
||||
if (namelen) {
|
||||
free(name_cstr);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "ssl_port.h"
|
||||
|
||||
/*********************************************************************************************/
|
||||
/********************************* SSL general interface *************************************/
|
||||
|
||||
void *ssl_mem_zalloc(size_t size)
|
||||
{
|
||||
void *p = malloc(size);
|
||||
|
||||
if (p)
|
||||
memset(p, 0, size);
|
||||
|
||||
return p;
|
||||
}
|
@ -1,2 +0,0 @@
|
||||
idf_component_register(SRC_DIRS "."
|
||||
PRIV_REQUIRES cmock test_utils openssl)
|
@ -1,152 +0,0 @@
|
||||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
|
||||
#include "openssl/ssl.h"
|
||||
#include "unity.h"
|
||||
|
||||
/**
|
||||
* @brief This simple test suite is taken from OpenSSL err_test.cc and bio_test.cc, the relevant test
|
||||
* cases were adopted to the supported fraction of OpenSSL port in esp-idf
|
||||
*/
|
||||
|
||||
//
|
||||
// Basic error stack support and test
|
||||
//
|
||||
#define ERR_NUM_ERRORS 4
|
||||
|
||||
TEST_CASE("ErrTest, Overflow", "[openssl]")
|
||||
{
|
||||
|
||||
for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) {
|
||||
ERR_put_error(1, 0 /* unused */, i+1, "test", 1);
|
||||
}
|
||||
|
||||
for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) {
|
||||
uint32_t err = ERR_get_error();
|
||||
/* Errors are returned in order they were pushed, with the least recent ones
|
||||
* removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are
|
||||
* |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */
|
||||
TEST_ASSERT_NOT_EQUAL(0u, err);
|
||||
TEST_ASSERT_EQUAL(i + ERR_NUM_ERRORS + 2, ERR_GET_REASON(err));
|
||||
}
|
||||
|
||||
TEST_ASSERT_EQUAL(0u, ERR_get_error());
|
||||
}
|
||||
|
||||
TEST_CASE("ErrTest, PutError", "[openssl]")
|
||||
{
|
||||
TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
|
||||
|
||||
ERR_put_error(1, 0 /* unused */, 2, "test", 4);
|
||||
|
||||
int peeked_line, line, peeked_flags, flags;
|
||||
const char *peeked_file, *file, *peeked_data, *data;
|
||||
uint32_t peeked_packed_error =
|
||||
ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data,
|
||||
&peeked_flags);
|
||||
uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
|
||||
|
||||
TEST_ASSERT_EQUAL(peeked_packed_error, packed_error);
|
||||
TEST_ASSERT_EQUAL(peeked_file, file);
|
||||
|
||||
TEST_ASSERT_EQUAL_STRING("test", file);
|
||||
TEST_ASSERT_EQUAL(4, line);
|
||||
TEST_ASSERT_EQUAL(1, ERR_GET_LIB(packed_error));
|
||||
TEST_ASSERT_EQUAL(2, ERR_GET_REASON(packed_error));
|
||||
}
|
||||
|
||||
TEST_CASE("ErrTest, ClearError", "[openssl]")
|
||||
{
|
||||
TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
|
||||
|
||||
ERR_put_error(1, 0 /* unused */, 2, "test", 4);
|
||||
ERR_clear_error();
|
||||
|
||||
// The error queue should be cleared.
|
||||
TEST_ASSERT_EQUAL(0u, ERR_get_error());
|
||||
}
|
||||
|
||||
//
|
||||
// Simplified BIO support and check
|
||||
//
|
||||
TEST_CASE("BioTest, TestPair", "[openssl]")
|
||||
{
|
||||
BIO *bio1, *bio2;
|
||||
TEST_ASSERT_NOT_EQUAL(0, BIO_new_bio_pair(&bio1, 10, &bio2, 10));
|
||||
TEST_ASSERT_EQUAL(BIO_ctrl_get_write_guarantee(bio1), 10);
|
||||
|
||||
// Data written in one end may be read out the other.
|
||||
char buf[20];
|
||||
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
|
||||
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
|
||||
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
|
||||
|
||||
// Attempting to write more than 10 bytes will write partially.
|
||||
TEST_ASSERT_EQUAL(10, BIO_write(bio1, "1234567890___", 13));
|
||||
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(-1, BIO_write(bio1, "z", 1));
|
||||
TEST_ASSERT_TRUE(BIO_should_write(bio1));
|
||||
TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("1234567890", buf, 10);
|
||||
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
|
||||
|
||||
// Unsuccessful reads update the read request.
|
||||
TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 5));
|
||||
TEST_ASSERT_TRUE(BIO_should_read(bio2));
|
||||
|
||||
// The read request is clamped to the size of the buffer.
|
||||
TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 20));
|
||||
TEST_ASSERT_TRUE(BIO_should_read(bio2));
|
||||
|
||||
// Data may be written and read in chunks.
|
||||
TEST_ASSERT_EQUAL(BIO_write(bio1, "12345", 5), 5);
|
||||
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "67890___", 8));
|
||||
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("123", buf, 3);
|
||||
TEST_ASSERT_EQUAL(3, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(7, BIO_read(bio2, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("4567890", buf, 7);
|
||||
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
|
||||
|
||||
// Test writes and reads starting in the middle of the ring buffer and
|
||||
// wrapping to front.
|
||||
TEST_ASSERT_EQUAL(8, BIO_write(bio1, "abcdefgh", 8));
|
||||
TEST_ASSERT_EQUAL(2, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("abc", buf, 3);
|
||||
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "ijklm___", 8));
|
||||
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
|
||||
TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("defghijklm", buf, 10);
|
||||
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
|
||||
|
||||
// Data may flow from both ends in parallel.
|
||||
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
|
||||
TEST_ASSERT_EQUAL(5, BIO_write(bio2, "67890", 5));
|
||||
TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
|
||||
TEST_ASSERT_EQUAL(5, BIO_read(bio1, buf, sizeof(buf)));
|
||||
TEST_ASSERT_EQUAL_UINT8_ARRAY("67890", buf, 5);
|
||||
|
||||
// Other tests below not imported since BIO_shutdown_wr() not supported
|
||||
// - Closing the write end causes an EOF on the read half, after draining.
|
||||
// - A closed write end may not be written to.
|
||||
// - The other end is still functional.
|
||||
}
|
@ -18,7 +18,6 @@ Application Protocols
|
||||
esp_https_server
|
||||
icmp_echo
|
||||
mdns
|
||||
openssl_apis
|
||||
|
||||
Code examples for this API section are provided in the :example:`protocols` directory of ESP-IDF examples.
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -21,3 +21,5 @@ For example, to install libsodium component with exact version X.Y, run: ``idf.p
|
||||
To install libsodium component with the latest version compatible to X.Y according to `semver <https://semver.org/>`_ rules, run: ``idf.py add-dependency libsodium~X.Y``.
|
||||
|
||||
To find out which versions of each component are available, open https://components.espressif.com, search for the component by its name and check the versions listed on the component page.
|
||||
|
||||
.. note:: OpenSSL-API component is no longer supported. It is not available in the IDF Component Registry, either. Please use :doc:`ESP-TLS </api-reference/protocols/esp_tls>` or :component:`mbedtls` API directly.
|
||||
|
@ -18,7 +18,6 @@
|
||||
esp_https_server
|
||||
icmp_echo
|
||||
mdns
|
||||
openssl_apis
|
||||
|
||||
此 API 部分的示例代码存放在 ESP-IDF 示例项目的 :example:`protocols` 目录下。
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
.. include:: ../../../en/api-reference/protocols/openssl_apis.rst
|
@ -1307,33 +1307,6 @@ components/nvs_flash/test_nvs_host/test_nvs_initialization.cpp
|
||||
components/nvs_flash/test_nvs_host/test_nvs_partition.cpp
|
||||
components/nvs_flash/test_nvs_host/test_nvs_storage.cpp
|
||||
components/nvs_flash/test_nvs_host/test_spi_flash_emulation.cpp
|
||||
components/openssl/include/internal/ssl3.h
|
||||
components/openssl/include/internal/ssl_cert.h
|
||||
components/openssl/include/internal/ssl_code.h
|
||||
components/openssl/include/internal/ssl_dbg.h
|
||||
components/openssl/include/internal/ssl_lib.h
|
||||
components/openssl/include/internal/ssl_methods.h
|
||||
components/openssl/include/internal/ssl_pkey.h
|
||||
components/openssl/include/internal/ssl_stack.h
|
||||
components/openssl/include/internal/ssl_types.h
|
||||
components/openssl/include/internal/ssl_x509.h
|
||||
components/openssl/include/internal/tls1.h
|
||||
components/openssl/include/internal/x509_vfy.h
|
||||
components/openssl/include/openssl/bio.h
|
||||
components/openssl/include/openssl/err.h
|
||||
components/openssl/include/platform/ssl_opt.h
|
||||
components/openssl/include/platform/ssl_pm.h
|
||||
components/openssl/include/platform/ssl_port.h
|
||||
components/openssl/library/ssl_bio.c
|
||||
components/openssl/library/ssl_cert.c
|
||||
components/openssl/library/ssl_err.c
|
||||
components/openssl/library/ssl_lib.c
|
||||
components/openssl/library/ssl_methods.c
|
||||
components/openssl/library/ssl_pkey.c
|
||||
components/openssl/library/ssl_stack.c
|
||||
components/openssl/platform/ssl_pm.c
|
||||
components/openssl/platform/ssl_port.c
|
||||
components/openssl/test/test_openssl.c
|
||||
components/openthread/include/esp_openthread.h
|
||||
components/openthread/include/esp_openthread_lock.h
|
||||
components/openthread/include/esp_openthread_netif_glue.h
|
||||
@ -2491,12 +2464,6 @@ examples/protocols/mqtt/ws/main/app_main.c
|
||||
examples/protocols/mqtt/ws/mqtt_ws_example_test.py
|
||||
examples/protocols/mqtt/wss/main/app_main.c
|
||||
examples/protocols/mqtt/wss/mqtt_wss_example_test.py
|
||||
examples/protocols/openssl_client/example_test.py
|
||||
examples/protocols/openssl_client/main/openssl_client_example.h
|
||||
examples/protocols/openssl_client/main/openssl_client_example_main.c
|
||||
examples/protocols/openssl_server/example_test.py
|
||||
examples/protocols/openssl_server/main/openssl_server_example.h
|
||||
examples/protocols/openssl_server/main/openssl_server_example_main.c
|
||||
examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h
|
||||
examples/protocols/slip/slip_udp/main/slip_client_main.c
|
||||
examples/protocols/smtp_client/main/smtp_client_example_main.c
|
||||
|
@ -1,14 +0,0 @@
|
||||
# The following four lines of boilerplate have to be in your project's CMakeLists
|
||||
# in this exact order for cmake to work correctly
|
||||
cmake_minimum_required(VERSION 3.5)
|
||||
|
||||
# (Not part of the boilerplate)
|
||||
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
|
||||
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
|
||||
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
|
||||
project(openssl_connect_test)
|
||||
|
||||
target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT)
|
||||
target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT)
|
@ -1,14 +0,0 @@
|
||||
| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 |
|
||||
| ----------------- | ----- | -------- | -------- |
|
||||
|
||||
# ESP-OPENSSL connect test project
|
||||
|
||||
Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers.
|
||||
It is possible to run this example manually without any test to exercise ESP-OPENSSL library.
|
||||
|
||||
## Runtime settings
|
||||
This app waits for user input to provide these parameters:
|
||||
test-type: "conn" connection test (host, port, test-case)
|
||||
|
||||
## Hardware Required
|
||||
This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server.
|
@ -1,126 +0,0 @@
|
||||
from __future__ import print_function, unicode_literals
|
||||
|
||||
import os
|
||||
import re
|
||||
import socket
|
||||
import ssl
|
||||
from threading import Event, Thread
|
||||
|
||||
import ttfw_idf
|
||||
|
||||
SERVER_CERTS_DIR = 'server_certs/'
|
||||
|
||||
|
||||
def _path(f):
|
||||
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
|
||||
|
||||
|
||||
def get_my_ip():
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
try:
|
||||
# doesn't even have to be reachable
|
||||
s.connect(('10.255.255.255', 1))
|
||||
IP = s.getsockname()[0]
|
||||
except socket.error:
|
||||
IP = '127.0.0.1'
|
||||
finally:
|
||||
s.close()
|
||||
return IP
|
||||
|
||||
|
||||
# Simple TLS server
|
||||
class TlsServer:
|
||||
|
||||
def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
|
||||
self.port = port
|
||||
self.socket = socket.socket()
|
||||
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
self.socket.settimeout(20.0)
|
||||
self.shutdown = Event()
|
||||
self.negotiated_protocol = negotiated_protocol
|
||||
self.conn = None
|
||||
self.ssl_error = None
|
||||
self.server_thread = None
|
||||
|
||||
def __enter__(self):
|
||||
try:
|
||||
self.socket.bind(('', self.port))
|
||||
except socket.error as e:
|
||||
print('Bind failed:{}'.format(e))
|
||||
raise
|
||||
|
||||
self.socket.listen(1)
|
||||
self.server_thread = Thread(target=self.run_server)
|
||||
self.server_thread.start()
|
||||
|
||||
return self
|
||||
|
||||
def __exit__(self, exc_type, exc_value, traceback):
|
||||
self.shutdown.set()
|
||||
self.server_thread.join()
|
||||
self.socket.close()
|
||||
if (self.conn is not None):
|
||||
self.conn.close()
|
||||
|
||||
def run_server(self):
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
|
||||
context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + 'ca.crt'))
|
||||
context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'server.crt'), keyfile=_path(SERVER_CERTS_DIR + 'server.key'))
|
||||
context.verify_flags = self.negotiated_protocol
|
||||
self.socket = context.wrap_socket(self.socket, server_side=True)
|
||||
try:
|
||||
print('Listening socket')
|
||||
self.conn, address = self.socket.accept() # accept new connection
|
||||
self.socket.settimeout(20.0)
|
||||
print(' - connection from: {}'.format(address))
|
||||
except ssl.SSLError as e:
|
||||
self.conn = None
|
||||
self.ssl_error = str(e)
|
||||
print(' - SSLError: {}'.format(str(e)))
|
||||
|
||||
|
||||
@ttfw_idf.idf_custom_test(env_tag='Example_WIFI', group='test-apps')
|
||||
def test_app_esp_openssl(env, extra_data):
|
||||
dut1 = env.get_dut('openssl_connect_test', 'tools/test_apps/protocols/openssl', dut_class=ttfw_idf.ESP32DUT)
|
||||
# check and log bin size
|
||||
binary_file = os.path.join(dut1.app.binary_path, 'openssl_connect_test.bin')
|
||||
bin_size = os.path.getsize(binary_file)
|
||||
ttfw_idf.log_performance('openssl_connect_test_bin_size', '{}KB'.format(bin_size // 1024))
|
||||
dut1.start_app()
|
||||
esp_ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
|
||||
print('Got IP={}'.format(esp_ip[0]))
|
||||
ip = get_my_ip()
|
||||
server_port = 2222
|
||||
|
||||
def start_case(case, desc, negotiated_protocol, result):
|
||||
with TlsServer(server_port, negotiated_protocol=negotiated_protocol):
|
||||
print('Starting {}: {}'.format(case, desc))
|
||||
dut1.write('conn {} {} {}'.format(ip, server_port, case))
|
||||
dut1.expect(re.compile(result), timeout=10)
|
||||
return case
|
||||
|
||||
# start test cases
|
||||
start_case(
|
||||
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE',
|
||||
desc='Connect with verify_none mode using wrong certs',
|
||||
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
|
||||
result='SSL Connection Succeed')
|
||||
start_case(
|
||||
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
|
||||
desc='Connect with verify_peer mode using wrong certs',
|
||||
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
|
||||
result='SSL Connection Failed')
|
||||
start_case(
|
||||
case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE',
|
||||
desc='Connect with verify_none mode using wrong certs',
|
||||
negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
|
||||
result='SSL Connection Succeed')
|
||||
start_case(
|
||||
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
|
||||
desc='Connect with verify_peer mode using wrong certs',
|
||||
negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
|
||||
result='SSL Connection Failed')
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
test_app_esp_openssl()
|
@ -1,20 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL
|
||||
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
|
||||
CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ
|
||||
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
|
||||
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd
|
||||
9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb
|
||||
zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh
|
||||
oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR
|
||||
jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL
|
||||
DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE
|
||||
pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV
|
||||
HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW
|
||||
ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ
|
||||
+MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd
|
||||
Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1
|
||||
z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA
|
||||
JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9
|
||||
-----END CERTIFICATE-----
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa
|
||||
S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ
|
||||
afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL
|
||||
ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG
|
||||
F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U
|
||||
s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi
|
||||
Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg
|
||||
MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ
|
||||
FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY
|
||||
Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD
|
||||
wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH
|
||||
LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn
|
||||
kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC
|
||||
zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq
|
||||
vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ
|
||||
ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men
|
||||
DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH
|
||||
G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+
|
||||
a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3
|
||||
ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235
|
||||
aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB
|
||||
B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2
|
||||
S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA
|
||||
UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs
|
||||
y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1,2 +0,0 @@
|
||||
idf_component_register(SRCS "main.c" "connect_test.c"
|
||||
INCLUDE_DIRS ".")
|
@ -1,131 +0,0 @@
|
||||
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <unistd.h>
|
||||
#include <netdb.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include "esp_log.h"
|
||||
|
||||
static const char *TAG = "OPENSSL_TEST";
|
||||
|
||||
static int open_connection(const char *host, const int port)
|
||||
{
|
||||
struct sockaddr_in addr;
|
||||
struct hostent *h;
|
||||
int sd;
|
||||
if ((h = gethostbyname(host)) == NULL) {
|
||||
ESP_LOGI(TAG, "Failed to get host name %s", host);
|
||||
return -1;
|
||||
}
|
||||
sd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
bzero(&addr, sizeof(addr));
|
||||
addr.sin_family = AF_INET;
|
||||
addr.sin_port = htons(port);
|
||||
addr.sin_addr.s_addr = *(long*)(h->h_addr);
|
||||
if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
|
||||
return -1;
|
||||
}
|
||||
return sd;
|
||||
}
|
||||
|
||||
static SSL_CTX* init_ctx(const char *test_case)
|
||||
{
|
||||
extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
|
||||
extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end");
|
||||
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
|
||||
const SSL_METHOD *method = NULL;
|
||||
SSL_CTX *ctx = NULL;
|
||||
if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
|
||||
method = TLSv1_1_client_method();
|
||||
ctx = SSL_CTX_new(method); /* Create new context */
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
|
||||
} else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
|
||||
method = TLSv1_1_client_method();
|
||||
ctx = SSL_CTX_new(method); /* Create new context */
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
} else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
|
||||
method = TLSv1_2_client_method();
|
||||
ctx = SSL_CTX_new(method); /* Create new context */
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
|
||||
} else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
|
||||
method = TLSv1_2_client_method();
|
||||
ctx = SSL_CTX_new(method); /* Create new context */
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
}
|
||||
X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
|
||||
if(!x) {
|
||||
ESP_LOGI(TAG, "Loading certs failed");
|
||||
goto failed;
|
||||
}
|
||||
SSL_CTX_add_client_CA(ctx, x);
|
||||
return ctx;
|
||||
failed:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void start_test(const char *host, const int port, const char *test_case)
|
||||
{
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
int sockfd;
|
||||
int ret;
|
||||
|
||||
ESP_LOGI(TAG, "Test %s started", test_case);
|
||||
ctx = init_ctx(test_case);
|
||||
if (!ctx) {
|
||||
ESP_LOGI(TAG, "Failed");
|
||||
goto failed1;
|
||||
}
|
||||
ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case);
|
||||
sockfd = open_connection(host, port);
|
||||
if(sockfd < 0) {
|
||||
ESP_LOGI(TAG,"Failed");
|
||||
goto failed1;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
ESP_LOGI(TAG, "Create SSL obj");
|
||||
ssl = SSL_new(ctx);
|
||||
if (!ssl) {
|
||||
ESP_LOGI(TAG,"Failed");
|
||||
goto failed2;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
SSL_set_fd(ssl, sockfd);
|
||||
ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx),
|
||||
host, port);
|
||||
ret = SSL_connect(ssl);
|
||||
ESP_LOGI(TAG, "OK");
|
||||
if (ret <= 0) {
|
||||
ESP_LOGI(TAG,"SSL Connection Failed");
|
||||
goto failed3;
|
||||
}
|
||||
ESP_LOGI(TAG,"SSL Connection Succeed");
|
||||
failed3:
|
||||
SSL_free(ssl);
|
||||
ssl = NULL;
|
||||
failed2:
|
||||
close(sockfd);
|
||||
sockfd = -1;
|
||||
failed1:
|
||||
SSL_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
}
|
||||
|
||||
static void scan(char *s, char **test_type, char **host, int *p, char **test_case)
|
||||
{
|
||||
const char *delim = " ";
|
||||
*test_type = strtok(s, delim);
|
||||
*host = strtok(NULL, delim);
|
||||
*p = atoi(strtok(NULL, delim));
|
||||
*test_case = strtok(NULL, delim);
|
||||
}
|
||||
|
||||
void connection_test(char *line)
|
||||
{
|
||||
char *test_case;
|
||||
char *test_type;
|
||||
char *host;
|
||||
int port;
|
||||
scan(line, &test_type, &host, &port, &test_case);
|
||||
start_test(host, port, test_case);
|
||||
}
|
@ -1,70 +0,0 @@
|
||||
/* OpenSSL client test
|
||||
|
||||
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
||||
|
||||
Unless required by applicable law or agreed to in writing, this
|
||||
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
CONDITIONS OF ANY KIND, either express or implied.
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include "esp_system.h"
|
||||
#include "nvs_flash.h"
|
||||
#include "esp_event.h"
|
||||
#include "esp_netif.h"
|
||||
#include "esp_log.h"
|
||||
#include "protocol_examples_common.h"
|
||||
|
||||
static const char *TAG = "OPENSSL_TEST";
|
||||
void connection_test(char *line);
|
||||
|
||||
static void get_string(char *line, size_t size)
|
||||
{
|
||||
int count = 0;
|
||||
while (count < size) {
|
||||
int c = fgetc(stdin);
|
||||
if (c == '\n') {
|
||||
line[count] = '\0';
|
||||
break;
|
||||
} else if (c > 0 && c < 127) {
|
||||
line[count] = c;
|
||||
++count;
|
||||
}
|
||||
vTaskDelay(10 / portTICK_PERIOD_MS);
|
||||
}
|
||||
}
|
||||
|
||||
void app_main(void)
|
||||
{
|
||||
char line[256];
|
||||
|
||||
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
|
||||
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
|
||||
|
||||
esp_log_level_set("*", ESP_LOG_INFO);
|
||||
esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE);
|
||||
esp_log_level_set("TRANSPORT_BASE", ESP_LOG_VERBOSE);
|
||||
esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE);
|
||||
esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE);
|
||||
|
||||
ESP_ERROR_CHECK(nvs_flash_init());
|
||||
ESP_ERROR_CHECK(esp_netif_init());
|
||||
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
||||
|
||||
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
|
||||
* Read "Establishing Wi-Fi or Ethernet Connection" section in
|
||||
* examples/protocols/README.md for more information about this function.
|
||||
*/
|
||||
ESP_ERROR_CHECK(example_connect());
|
||||
|
||||
while (1) {
|
||||
get_string(line, sizeof(line));
|
||||
if (memcmp(line, "conn", 4) == 0) {
|
||||
// line starting with "conn" indicate connection tests
|
||||
connection_test(line);
|
||||
get_string(line, sizeof(line));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
@ -1,20 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
|
||||
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
|
||||
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
|
||||
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
|
||||
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
|
||||
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
|
||||
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
|
||||
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
|
||||
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
|
||||
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
|
||||
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
|
||||
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
|
||||
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
|
||||
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
|
||||
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
|
||||
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
|
||||
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
|
||||
-----END CERTIFICATE-----
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
|
||||
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
|
||||
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
|
||||
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
|
||||
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
|
||||
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
|
||||
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
|
||||
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
|
||||
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
|
||||
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
|
||||
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
|
||||
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
|
||||
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
|
||||
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
|
||||
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
|
||||
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
|
||||
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
|
||||
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
|
||||
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
|
||||
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
|
||||
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
|
||||
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
|
||||
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
|
||||
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
|
||||
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1 +0,0 @@
|
||||
2F41CC40E62F73ACADA631D44C6D40D87504A661
|
@ -1,19 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx
|
||||
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By
|
||||
ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG
|
||||
EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw
|
||||
EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||
ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6
|
||||
WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB
|
||||
SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG
|
||||
nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382
|
||||
ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz
|
||||
f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ
|
||||
lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq
|
||||
x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp
|
||||
A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9
|
||||
fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q
|
||||
+Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn
|
||||
NiUtKzHKywP+pO5h0Q==
|
||||
-----END CERTIFICATE-----
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
|
||||
EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL
|
||||
t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+
|
||||
dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7
|
||||
r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s
|
||||
40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC
|
||||
frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg
|
||||
ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z
|
||||
5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv
|
||||
SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT
|
||||
C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc
|
||||
M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY
|
||||
2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ==
|
||||
-----END CERTIFICATE REQUEST-----
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S
|
||||
CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao
|
||||
maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS
|
||||
Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c
|
||||
JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5
|
||||
Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q
|
||||
bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw
|
||||
jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK
|
||||
2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY
|
||||
gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz
|
||||
HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH
|
||||
e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5
|
||||
VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv
|
||||
O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf
|
||||
GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk
|
||||
CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX
|
||||
+9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc
|
||||
Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV
|
||||
vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl
|
||||
bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE
|
||||
UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624
|
||||
KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK
|
||||
1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss
|
||||
nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO
|
||||
C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4
|
||||
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in New Issue
Block a user